Join us on Tl   Wh

Hovatek Forum MOBILE Android [Please help] Bricked Xiaomi Redmi 9c NFC (No Fastboot/No Recovery/Stopped being detected by PC)

[Please help] Bricked Xiaomi Redmi 9c NFC (No Fastboot/No Recovery/Stopped being detected by PC)

[Please help] Bricked Xiaomi Redmi 9c NFC (No Fastboot/No Recovery/Stopped being detected by PC)

Pages (2): 1 2 Next
guevara.janosik
guevara.janosik
guevara.janosik
Enthusiastic Member
11
28-11-2024, 03:43 PM
#1



I am absolutely new to this, this is my first phone I was able to unlock and experiment with its firmware, so please bear with me, I am still learning and making many mistakes along the way.

I tried to make notes and stay organized, but unfortunately I've lost track with the exact versions/sources of files I've used when succeeding (recovery.img, boot.img, vbmeta_disabled.img) since I had to experiment with several different sources until finding which worked on a specific vendor (R, Q, OSS) and I did not fully expect/apprehend that the unforeseen need will arise to switch back to the initial stage and go through the process again.


Manufacturer : Xiaomi
Product Model : M2006C3MNG
Product : Redmi 9C NFC
Platform :  Mediatek( MTK ) MT6765
Hardware Rev :  ca00
Storage : 51.8 GB RAM : 4.5 GB Download Size : 128 MB


Step 1: [BROM] ERASE MICLOUD

BROM : Please Turn Off Devices VOL + And VOL- Then Insert Cable
Searching BROM VCOM... OK
Initializing usb... OK
Reading Hardware Information... OK
Hardware : MT6765(Helio P35/G35)
WDT: 0x10007000 Uart: 0x11002000
Var1: 0x25
Security Config:  SBC: True SLA: True DAA: True SWJTAG: True
Mem read auth: True Mem write auth: True
MEID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Loading payload:  mt6765_payload.bin, 0x264 bytes
Sending payload... OK
Tips : Please Don't Remove battery and usb cable!
Process may take 1 to 2 Minutes ( Please Wait )
Analyzing... preloader_-8DAXFlash - Uploading xflash stage 1 from MTK_AllInOne_DA_5.2136.bin... OK
preloader to Jumping... OK
DRAM config needed for : 9b01005932503036
Sending EMI data... OK
Reading Storage Information... OK
Storage : Y2P064 - CID : 9b0100593250303634005d513fb51969
Boot1 : 4 MB - Boot2 : 4 MB - RPMB : 16 MB - Userarea : 58.24 GB
Devices : Redmi 9C NFC
Models : M2006C3MNG
Disabling MiCloud... OK
Resetting MiCloud... OK
Please do not relock bootloader after this operation!
_____________________________________________________________________________________
TFTUnlock-2024-4.7.3.3
Elapsed Time : 00 minutes : 50 seconds


Step 2: [BROM] UNLOCK BOOTLOADER

BROM : Please Turn Off Devices VOL + And VOL- Then Insert Cable
Searching BROM VCOM... OK
Initializing usb... OK
Reading Hardware Information... OK
Hardware : MT6765(Helio P35/G35)
WDT: 0x10007000 Uart: 0x11002000
Var1: 0x25
Security Config:  SBC: True SLA: True DAA: True SWJTAG: True
Mem read auth: True Mem write auth: True
MEID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Loading payload:  mt6765_payload.bin, 0x264 bytes
Sending payload... OK
Tips : Please Don't Remove battery and usb cable!
Process may take 1 to 2 Minutes ( Please Wait )
Analyzing... preloader_-8DAXFlash - Uploading xflash stage 1 from MTK_AllInOne_DA_5.2136.bin... OK
preloader to Jumping... OK
DRAM config needed for : 9b01005932503036
Sending EMI data... OK
Reading Storage Information... OK
Storage : Y2P064 - CID : 9b0100593250303634005d513fb51969
Boot1 : 4 MB - Boot2 : 4 MB - RPMB : 16 MB - Userarea : 58.24 GB
Devices : Redmi 9C NFC
Models : M2006C3MNG
Patching : seccfg... OK
Patching : seccfg... OK
Patching : seccfg... OK
Unlocked Bootloader... Successfully
_____________________________________________________________________________________
TFTUnlock-2024-4.7.3.3
Elapsed Time : 00 minutes : 37 seconds


Step 3: Installing PBRP

fastboot flash recovery PBRP
fastboot flash vbmeta --disable-verity --disable-verification vbmeta-disabled.img


Step 4: Essential PBRP Backup

boot.emmc.win                     
boot.emmc.win.sha2                 
bootloader.emmc.win               
bootloader.emmc.win.sha2           
bootloader2.emmc.win               
bootloader2.emmc.win.sha2         
data.f2fs.win000                   
data.f2fs.win000.sha2             
data.f2fs.win001                   
data.f2fs.win001.sha2             
data.f2fs.win002                   
data.f2fs.win002.sha2             
data.f2fs.win003                   
data.f2fs.win003.sha2             
data.f2fs.win004                   
data.f2fs.win004.sha2             
data.f2fs.win005                   
data.f2fs.win005.sha2             
data.f2fs.win006                   
data.f2fs.win006.sha2             
data.f2fs.win007                   
data.f2fs.win007.sha2             
data.info                         
recovery.emmc.win                 
recovery.emmc.win.sha2             
system_image.emmc.win             
system_image.emmc.win.sha2         


Step 5: Full PBRP Backup

boot.emmc.win                     
boot.emmc.win.sha2               
boot_para.emmc.win               
boot_para.emmc.win.sha2           
bootloader.emmc.win               
bootloader.emmc.win.sha2         
bootloader2.emmc.win             
bootloader2.emmc.win.sha2         
cust.ext4.win                     
cust.ext4.win.sha2               
cust.info                         
data.f2fs.win000                 
data.f2fs.win000.sha2             
data.f2fs.win001                 
data.f2fs.win001.sha2             
data.f2fs.win002                 
data.f2fs.win002.sha2             
data.f2fs.win003                 
data.f2fs.win003.sha2             
data.f2fs.win004                 
data.f2fs.win004.sha2             
data.f2fs.win005                 
data.f2fs.win005.sha2             
data.f2fs.win006                 
data.f2fs.win006.sha2             
data.f2fs.win007                 
data.f2fs.win007.sha2             
data.info                         
dtbo.emmc.win                     
dtbo.emmc.win.sha2               
efuse.emmc.win                   
efuse.emmc.win.sha2               
expdb.emmc.win                   
expdb.emmc.win.sha2               
ffu.emmc.win                     
ffu.emmc.win.sha2                 
flashinfo.emmc.win               
flashinfo.emmc.win.sha2           
gsort.emmc.win                   
gsort.emmc.win.sha2               
gz1.emmc.win                     
gz1.emmc.win.sha2                 
gz2.emmc.win                     
gz2.emmc.win.sha2                 
logo.emmc.win                     
logo.emmc.win.sha2               
md1img.emmc.win                   
md1img.emmc.win.sha2             
metadata.ext4.win                 
metadata.ext4.win.sha2           
metadata.info                     
misc.emmc.win                     
misc.emmc.win.sha2               
nvcfg.ext4.win                   
nvcfg.ext4.win.sha2               
nvcfg.info                       
nvdata.ext4.win                   
nvdata.ext4.win.sha2             
nvdata.info                       
nvram.emmc.win                   
nvram.emmc.win.sha2               
otp.emmc.win                     
otp.emmc.win.sha2                 
persist.ext4.win                 
persist.ext4.win.sha2             
persist.info                     
persistent.emmc.win               
persistent.emmc.win.sha2         
product_image.emmc.win           
product_image.emmc.win.sha2       
proinfo.emmc.win                 
proinfo.emmc.win.sha2             
protect_f.ext4.win               
protect_f.ext4.win.sha2           
protect_f.info                   
protect_s.ext4.win               
protect_s.ext4.win.sha2           
protect_s.info                   
recovery.emmc.win                 
recovery.emmc.win.sha2           
recovery.log                     
scp1.emmc.win                     
scp1.emmc.win.sha2               
scp2.emmc.win                     
scp2.emmc.win.sha2               
sec1.emmc.win                     
sec1.emmc.win.sha2               
seccfg.emmc.win                   
seccfg.emmc.win.sha2             
spmfw.emmc.win                   
spmfw.emmc.win.sha2               
sspm_1.emmc.win                   
sspm_1.emmc.win.sha2             
sspm_2.emmc.win                   
sspm_2.emmc.win.sha2             
super.emmc.win                   
super.emmc.win.sha2               
system_image.emmc.win             
system_image.emmc.win.sha2       
tee1.emmc.win                     
tee1.emmc.win.sha2               
tee2.emmc.win                     
tee2.emmc.win.sha2               
vbmeta.emmc.win                   
vbmeta.emmc.win.sha2             
vbmeta_system.emmc.win           
vbmeta_system.emmc.win.sha2       
vbmeta_vendor.emmc.win           
vbmeta_vendor.emmc.win.sha2       
vendor_image.emmc.win             
vendor_image.emmc.win.sha2       


Step 6: Rooted and made backups with Neo Backup: https://f-droid.org/en/packages/com.machiav3lli.backup/

Step 7: Experimentation with several different ROMs and NikGapps packages found on 4pda forums until arriving at a good choice:

1. Unlock Bootloader
2. Fatboot flash all from angelican_global_images_V12.5.3.0.RCSMIXM_20220708.0000.00_11.0_global_69d55e4437.tgz
3. Fastboot flash recovery from OrangeFox-R12.1_5.1-Stable-blossom.zip
4. Format Data
6. Sideload ProjectSakura-9.4-20240831-2230-VANILLA-blossom-UNOFFICIAL.zip
7. Sideload OrangeFox-R12.1_5.1-Stable-blossom.zip
8. Sideload NikGapps-omni-custom-arm64-14-20241104-unsigned.zip
9. Format Data
10. Reboot System

Found in this post and thread:  https://4pda.to/forum/index.php?act=sear...y&noform=1

Step 8: Was completely satisfied with the ROM but realized I am unable to root it and therefore there is no easy way to restore sms messages and call logs from Neo Backup without root, therefore decided to restore system from PBRP Backup to make sms messages and call logs backups with some authorized Google Play backup software

Step 9: Tried to flash super.emmc.win through fastboot since Orange Fox did not offer any obvious way to flash it, when that failed decided to try to first flash the corresponding MIUI ROM on which the backup was made through SP Flash Tool and then would try to flash over it but I've made a stupid mistake mistake and downloaded/flashed angelican_eea_global_images_V12.0.14.0.QCSEUXM_20220819.0000.00_10.0_eea_045e97ab3c.tgz (Thus essentially downgraded) and then fastboot flashed a recovery from OrangeFox-R12.1_5.1-Stable-blossom.zip to recovery

SP Flash Tool and files used (from: [ Login to download] ):

REDMI+9C+NO+AUTH\REDMI 9C\Scatter DA & Auth file\DA_mt_6765_6768_6785_6873.bin
angelican_eea_global_images_V12.0.14.0.QCSEUXM_20220819.0000.00_10.0_eea/images/MT6765_Android_scatter.txt
REDMI+9C+NO+AUTH\REDMI 9C\Scatter DA & Auth file\auth_sv5.auth

Problem:
If battery is connected Redmi is shown in the middle of the screen and a android logo in the lower part and its stuck/frozen and when I connect the USB cable nothing gets detected in device manager on PC and no sound plays no matter which drivers I try to install. And no software I've tried is able to detect/communicate with the device. I am unable to get it into BROM or FASTBOOT, not even able to shut it down or reboot it anymore, not even by holding volume up + volume down + power at the same time.


Tried this
https://www.youtube.com/watch?v=MlQD2PSw-fE
https://4pda.to/forum/index.php?showtopi...y116979625
https://4pda.to/forum/index.php?showtopi...y114583558

Nothing works. I am using tweezers from https://www.ifixit.com/en-eu/products/iopener they are made out of steel, is that conductive enough? I have difficulties being able to connect the test points and hold them connected by the tweezers while at the same time being able to connect the USB cable into my desktop PC but I believe I was able to do it right, yet no connection detected in the PC.

Can someone please give any suggestions what else I might try to revitalize this brick>? I know I messed up pretty much, but is there perhaps still some way how to try to solve this?
guevara.janosik
guevara.janosik
guevara.janosik
Enthusiastic Member
11
29-11-2024, 03:15 PM
#2
I've realized now with complete certainty what I have suspected the whole time already, that I have by mistake triggered Anti Rollback Protection and by it hard bricked my phone. I have already found diverse guides with often conflicting instructions/variations about how to fix the issue, unfortunately due to some reason that still completely evades my comprehension I am completely unable to detect any connection of my device to my computer by a 100% functional USB cable on a 100% functional USB port. Especially I seem to have troubles making mtkclient and bypass_utility work on my 64 bit Windows 11 machine, even though I was perfectly able to compile them from sources and make them run as well as test many other available precompiled versions of them.

Also I am still quite confused, whether to leave the battery connected while stuck with the Redmi logo on display or disconnected, which buttons to keep pressed and how long and whether it is necessary to keep holding them while connecting the cable (which is quite tricky to do, especially with a disassembled device), whether it matters whether the disconnect/reconnect of the USB cable is done on the phone side or the PC side...

Also I am not completely sure whether shorting the Test Point is necessary or could be beneficial in this situation and whether based on a single video source available I got the correct information about its identification.

I assume UsbDk should be preferrable to libusb-devel and work better on 64 bit Windows 11, but I am uncertain about how to correctly being able on a single machine having both installed at the same time without possibly leading to some conflicts/trouble/failure and especially which drivers and which versions of them should be used since again there is very much conflicting information publicly available in this regard and until I am able to pinpoint the specific problem causing the failure I am left only with the possibility to keep trying all imaginable combinations of these factors hoping for success which on such an advanced OS like Windows definitely is implies a agonizingly frequent necessity to reboot the monolithic beast. :-)
guevara.janosik
guevara.janosik
guevara.janosik
Enthusiastic Member
11
30-11-2024, 04:06 PM
#3
The problem seems to be that on my Windows 11 64-bit Pro OS with Secure Boot, the unsigned Mediatek drivers are silently not being installed. I've tried disabling driver signature enforcement with little success.

Attempting to self-sign the drivers breaks upon a problem in the inf file, which I am currently unable to find a solution for:

C:\Tools\driver-signing>"F:\Program Files\Windows Kits\10\bin\10.0.26100.0\x86\Inf2cat.exe" /driver:C:\Tools\driver-signing /os:10_x64
.....................................................................
Signability test failed.

Errors:
22.9.10: usbser.sys in [drivercopyfiles.nt] is missing from [SourceDisksFiles] section in driver-signing\cdc-acm.inf; driver may not sign correctly until this is resolved.

Warnings:
None

Anyone knows how to solve this?
This post was last modified: 30-11-2024, 04:11 PM by guevara.janosik.
justshez
justshez
justshez
Intern
2,363
02-12-2024, 05:27 PM
#4
(30-11-2024, 04:06 PM)guevara.janosik The problem seems to be that on my Windows 11 64-bit Pro OS with Secure Boot, the unsigned Mediatek drivers are silently not being installed. I've tried disabling driver signature enforcement with little success.

Attempting to self-sign the drivers breaks upon a problem in the inf file, which I am currently unable to find a solution for:

C:\Tools\driver-signing>"F:\Program Files\Windows Kits\10\bin\10.0.26100.0\x86\Inf2cat.exe" /driver:C:\Tools\driver-signing /os:10_x64
.....................................................................
Signability test failed.

Errors:
22.9.10: usbser.sys in [drivercopyfiles.nt] is missing from [SourceDisksFiles] section in driver-signing\cdc-acm.inf; driver may not sign correctly until this is resolved.

Warnings:
None

Anyone knows how to solve this?

Download and install signed drivers @ https://www.hovatek.com/forum/thread-16640.html

Then share a screenshot of what your device is detected as in device manager

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
guevara.janosik
guevara.janosik
guevara.janosik
Enthusiastic Member
11
03-12-2024, 11:01 AM
#5



I was not able to make mtkclient work under Windows 11 64-bit Pro and the drivers you're referring to were actually the first choice I've tried, but since no tool I've tried was able to connect with the phone in Brom before or after I've bricked it, I somehow wrongly assumed that Brom drivers are not included with the Signed Driver package, only the unsigned one, mea culpa.

Nevertheless I've made some progress, I was capable to figure out the correct timings and most of the nuances of using the Test Point method correctly: I am capable to short Data 0 with GND for cca. 6 seconds with conductive tweezers while USB is disconnected on one side, then connecting USB and releasing Test Point shorting connection after the tool makes enough progress. I am just not sure when exactly I should release, since no matter what timing I use, the device gets after a few seconds of successful data transfer disconnected which ruins all my endeavor.

Therefore I was not able to provide any screenshots of the Device Manager since the phone disconnects so rapidly that I am unable to find the new device in Device Manager fast enough, not even to screenshot it. After the connection, the Device Manager was still refreshing/redrawing itself (not showing anything yet) when already I've got a sound clue that the device disconnected already. Not sure what I could possibly do to get the desired result, whether there is some trick to it in such situations how to set up the device manager to react.

I was capable, after many attempts due to not having a laptop available and the USB port being 1,5m away fixed on my Tower PC, to install the libusb-win32-devel-filter correctly on the Mediatek VCOM 0e8d:0003 driver. Installed UsbDk_1.0.22_x64 just not sure how to configure it, because the installation alone by itself did not make any tools work for me, especially not mtkclient. But the libusb-win32-devel-filter made mtkclient work finally to some degree at least.

After running bypass_utility now and shorting the Test Points with a disconnected battery and plugging USB at the right moment, the tool reports successful bypassing and exits, but when I run SP Flash Tool from the above link with the corresponding DA and auth file and open the scatter file of a angelican_eea_global_images_V12.5.4.0.RCSEUXM_20220724.0000.00_11.0_eea_ca1f08045a.tgz (the version of firmware I was running on before trigerring Anti Rollback Protection by restoring a full backup made previously on 12.0 eea) the flashing bar turns to red and no progress is shown, I assume that the phone disconnects.

On Windows mtkclient gives me the following output:

python.exe mtk.py w recovery,vbmeta,boot recovery.img,vbmeta_disabled.img,boot.img --preloader preloader_new.img --auth auth_sv5.auth

Port - Device detected Smile
Preloader -    CPU:                    MT6765/MT8768t(Helio P35/G35)
Preloader -    HW version:            0x0
Preloader -    WDT:                    0x10007000
Preloader -    Uart:                  0x11002000
Preloader -    Brom payload addr:      0x100a00
Preloader -    DA payload addr:        0x201000
Preloader -    CQ_DMA addr:            0x10212000
Preloader -    Var1:                  0x25
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x766
Preloader - Target config:              0xe7
Preloader -    SBC enabled:            True
Preloader -    SLA enabled:            True
Preloader -    DAA enabled:            True
Preloader -    SWJTAG enabled:        True
Preloader -    EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -    Root cert required:    False
Preloader -    Mem read auth:          True
Preloader -    Mem write auth:        True
Preloader -    Cmd 0xC8 blocked:      True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -    HW subcode:            0x8a00
Preloader -    HW Ver:                0xca00
Preloader -    SW Ver:                0x0
Preloader - ME_ID:                      C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID:                    2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.                                                                                                                                                                  09:18DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: C:\Tools\mtkclient\mtkclient\payloads\mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DeviceClass - USBError(5, 'Input/Output Error')
DAXFlash
DAXFlash - [LIB]: ←[31mStage was't executed. Maybe dram issue ?.←[0m
DAXFlash
DAXFlash - [LIB]: ←[31mError on booting to da (xflash)←[0m

Would setting Transmit, and perhaps also Receive, Buffers to 12 in Advanced Port Settings possibly solve the issue? Should I leave Bits per second, Data bits, Parity, Stop bits and Flow control at their default values? (9600, 8, None, 1, None)


I've also managed to install the latest stable Ubuntu version and compiled mtkclient and had success with the mtk CLI tool. (GUI gets stuck after bypassing due to phone disconnecting I assume).

Now I am stuck with the phone disconnecting during a flash:

mtk w recovery,vbmeta,boot recovery.img,vbmeta_disabled.img,boot.img --preloader preloader_12.5.img --auth auth_sv5.auth

Preloader -    Uart:                  0x11002000
Preloader -    Brom payload addr:      0x100a00
Preloader -    DA payload addr:        0x201000
Preloader -    CQ_DMA addr:            0x10212000
Preloader -    Var1:                  0x25
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x766
Preloader - Target config:              0xe7
Preloader -    SBC enabled:            True
Preloader -    SLA enabled:            True
Preloader -    DAA enabled:            True
Preloader -    SWJTAG enabled:        True
Preloader -    EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -    Root cert required:    False
Preloader -    Mem read auth:          True
Preloader -    Mem write auth:        True
Preloader -    Cmd 0xC8 blocked:      True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -    HW subcode:            0x8a00
Preloader -    HW Ver:                0xca00
Preloader -    SW Ver:                0x0
Preloader - ME_ID:                      C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID:                    2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri RunPort - Device detected Smile
Preloader -    CPU:                    MT6765/MT8768t(Helio P35/G35)
Preloader -    HW version:            0x0
Preloader -    WDT:                    0x10007000
Preloader -    Uart:                  0x11002000
Preloader -    Brom payload addr:      0x100a00
Preloader -    DA payload addr:        0x201000
Preloader -    CQ_DMA addr:            0x10212000
Preloader -    Var1:                  0x25
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x766
Preloader - Target config:              0xe7
Preloader -    SBC enabled:            True
Preloader -    SLA enabled:            True
Preloader -    DAA enabled:            True
Preloader -    SWJTAG enabled:        True
Preloader -    EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -    Root cert required:    False
Preloader -    Mem read auth:          True
Preloader -    Mem write auth:        True
Preloader -    Cmd 0xC8 blocked:      True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -    HW subcode:            0x8a00
Preloader -    HW Ver:                0xca00
Preloader -    SW Ver:                0x0
Preloader - ME_ID:                      C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID:                    2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Runs
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DAXFlash - Boot to succeeded.
DAXFlash - Successfully uploaded stage 2
DAXFlash - DA SLA is disabled
DAXFlash - EMMC FWVer:      0x0
DAXFlash - EMMC ID:        Y2P064
DAXFlash - EMMC CID:        9b0100593250303634005d513fb51969
DAXFlash - EMMC Boot1 Size: 0x400000
DAXFlash - EMMC Boot2 Size: 0x400000
DAXFlash - EMMC GP1 Size:  0x0
DAXFlash - EMMC GP2 Size:  0x0
DAXFlash - EMMC GP3 Size:  0x0
DAXFlash - EMMC GP4 Size:  0x0
DAXFlash - EMMC RPMB Size:  0x1000000
DAXFlash - EMMC USER Size:  0xe8f800000
DAXFlash - HW-CODE        : 0x766
DAXFlash - HWSUB-CODE      : 0x8A00
DAXFlash - HW-VERSION      : 0xCA00
DAXFlash - SW-VERSION      : 0x0
DAXFlash - CHIP-EVOLUTION  : 0x0
DAXFlash - DA-VERSION      : 1.0
DAXFlash - Extensions were accepted. Jumping to extensions...
DAXFlash - Boot to succeeded.
DAXFlash - DA Extensions successfully added
Progress: |█---------| 6.2% Write (0x2000/0x20000, 05s left) 11.19 MB/s
DAXFlash - [LIB]: unpack requires a buffer of 12 bytes
Failed to write recovery.img to sector 2112 with sector count 131072.
DAXFlash
DAXFlash - [LIB]: Error on sending dev ctrl 262151:OK (0x0)
DaHandler
DaHandler - [LIB]: Error: Couldn't detect partition: vbmeta
Available partitions:
DAXFlash
DAXFlash - [LIB]: Error on sending dev ctrl 262151:OK (0x0)
DaHandler
DaHandler - [LIB]: Error: Couldn't detect partition: boot
Available partitions:


And when releasing the tweezers a bit sooner it does not even get as far as before:

mtk w recovery,vbmeta,boot recovery.img,vbmeta_disabled.img,boot.img --preloader preloader_12.5.img --auth auth_sv5.auth

Port - Device detected Smile
Preloader -    CPU:                    MT6765/MT8768t(Helio P35/G35)
Preloader -    HW version:            0x0
Preloader -    WDT:                    0x10007000
Preloader -    Uart:                  0x11002000
Preloader -    Brom payload addr:      0x100a00
Preloader -    DA payload addr:        0x201000
Preloader -    CQ_DMA addr:            0x10212000
Preloader -    Var1:                  0x25
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x766
Preloader - Target config:              0xe7
Preloader -    SBC enabled:            True
Preloader -    SLA enabled:            True
Preloader -    DAA enabled:            True
Preloader -    SWJTAG enabled:        True
Preloader -    EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -    Root cert required:    False
Preloader -    Mem read auth:          True
Preloader -    Mem write auth:        True
Preloader -    Cmd 0xC8 blocked:      True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -    HW subcode:            0x8a00
Preloader -    HW Ver:                0xca00
Preloader -    SW Ver:                0x0
Preloader - ME_ID:                      C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID:                    2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DeviceClass
DeviceClass - [LIB]: Device disconnected........

Before I've tried those commands above, I have first tried optimistically to restore the full system, but it flashed up to 90% of the preloader and then got stuck/disconnected:

mtk w preloader,recovery,cust,vbmeta_system,vbmeta_vendor,md1img,spmfw,scp1,scp2,sspm_1,sspm_2,lk,lk2,boot,logo,dtbo,tee1,tee2,super,vbmeta,cache preloader_12.5.img,recovery.img,cust.img,vbmeta_system.img,vbmeta_vendor.img,md1img.img,spmfw.img,scp1.img,scp2.img,sspm_1.img,sspm_2.img,lk.img,lk2.img,boot.img,logo.bin,dtbo.img,tee1.img,tee2.img,super.img,vbmeta.img,cache.img --preloader preloader_12.5.img --auth auth_sv5.auth


Hope I did not mess up here, I've assumed, perhaps wrongly, that flashing the preloader while possibly using it at the same time to flash its newer version does not affect the operation of it, i.e. that it is being used from some kind of hierarchically higher level faster operational memory system, or there is some kind of other atomicity providing protection mechanism available making it possible to use a preloader to flash "the preloader" without breaking one self in the middle of the process.

I suppose that power should not possibly be the issue? I am using a 2m data cable connected to a USB 2.0 port due to 3.0 being only at the back of the tower and much more trickier to reach for connecting fast enough. Since the battery has to be disconnected to access BROM and since most likely according to what I've read a bricked phone does not charge up anymore, all the power for the flashing has to be supplied by the USB cable I suppose, but USB 2.0 should provide enough for emmc operations I suppose...

I suppose tweaking the transmit buffer to 12 might be possibly a solution to the problem even in Windows, even though there is nothing in Windows in the logs/error messages hinting at it being so. Just hypothesizing, was not able to test it yet, due to enlighting coming upupon me only just now while assembling this post together....

Or is there possibly anything else I could try to do now that Test Point shorting became already a new second nature/habit?
justshez
justshez
justshez
Intern
2,363
04-12-2024, 05:40 PM
#6
(03-12-2024, 11:01 AM)guevara.janosik I was not able to make mtkclient work under Windows 11 64-bit Pro and the drivers you're referring to were actually the first choice I've tried, but since no tool I've tried was able to connect with the phone in Brom before or after I've bricked it, I somehow wrongly assumed that Brom drivers are not included with the Signed Driver package, only the unsigned one, mea culpa.

Nevertheless I've made some progress, I was capable to figure out the correct timings and most of the nuances of using the Test Point method correctly: I am capable to short Data 0 with GND for cca. 6 seconds with conductive tweezers while USB is disconnected on one side, then connecting USB and releasing Test Point shorting connection after the tool makes enough progress. I am just not sure when exactly I should release, since no matter what timing I use, the device gets after a few seconds of successful data transfer disconnected which ruins all my endeavor.

Therefore I was not able to provide any screenshots of the Device Manager since the phone disconnects so rapidly that I am unable to find the new device in Device Manager fast enough, not even to screenshot it. After the connection, the Device Manager was still refreshing/redrawing itself (not showing anything yet) when already I've got a sound clue that the device disconnected already. Not sure what I could possibly do to get the desired result, whether there is some trick to it in such situations how to set up the device manager to react.

I was capable, after many attempts due to not having a laptop available and the USB port being 1,5m away fixed on my Tower PC, to install the libusb-win32-devel-filter correctly on the Mediatek VCOM 0e8d:0003 driver. Installed UsbDk_1.0.22_x64 just not sure how to configure it, because the installation alone by itself did not make any tools work for me, especially not mtkclient. But the libusb-win32-devel-filter made mtkclient work finally to some degree at least.

After running bypass_utility now and shorting the Test Points with a disconnected battery and plugging USB at the right moment, the tool reports successful bypassing and exits, but when I run SP Flash Tool from the above link with the corresponding DA and auth file and open the scatter file of a angelican_eea_global_images_V12.5.4.0.RCSEUXM_20220724.0000.00_11.0_eea_ca1f08045a.tgz (the version of firmware I was running on before trigerring Anti Rollback Protection by restoring a full backup made previously on 12.0 eea) the flashing bar turns to red and no progress is shown, I assume that the phone disconnects.

On Windows mtkclient gives me the following output:

python.exe mtk.py w recovery,vbmeta,boot recovery.img,vbmeta_disabled.img,boot.img --preloader preloader_new.img --auth auth_sv5.auth

Port - Device detected Smile
Preloader -    CPU:                    MT6765/MT8768t(Helio P35/G35)
Preloader -    HW version:            0x0
Preloader -    WDT:                    0x10007000
Preloader -    Uart:                  0x11002000
Preloader -    Brom payload addr:      0x100a00
Preloader -    DA payload addr:        0x201000
Preloader -    CQ_DMA addr:            0x10212000
Preloader -    Var1:                  0x25
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x766
Preloader - Target config:              0xe7
Preloader -    SBC enabled:            True
Preloader -    SLA enabled:            True
Preloader -    DAA enabled:            True
Preloader -    SWJTAG enabled:        True
Preloader -    EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -    Root cert required:    False
Preloader -    Mem read auth:          True
Preloader -    Mem write auth:        True
Preloader -    Cmd 0xC8 blocked:      True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -    HW subcode:            0x8a00
Preloader -    HW Ver:                0xca00
Preloader -    SW Ver:                0x0
Preloader - ME_ID:                      C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID:                    2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.                                                                                                                                                                  09:18DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: C:\Tools\mtkclient\mtkclient\payloads\mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DeviceClass - USBError(5, 'Input/Output Error')
DAXFlash
DAXFlash - [LIB]: ←[31mStage was't executed. Maybe dram issue ?.←[0m
DAXFlash
DAXFlash - [LIB]: ←[31mError on booting to da (xflash)←[0m

Would setting Transmit, and perhaps also Receive, Buffers to 12 in Advanced Port Settings possibly solve the issue? Should I leave Bits per second, Data bits, Parity, Stop bits and Flow control at their default values? (9600, 8, None, 1, None)


I've also managed to install the latest stable Ubuntu version and compiled mtkclient and had success with the mtk CLI tool. (GUI gets stuck after bypassing due to phone disconnecting I assume).

Now I am stuck with the phone disconnecting during a flash:

mtk w recovery,vbmeta,boot recovery.img,vbmeta_disabled.img,boot.img --preloader preloader_12.5.img --auth auth_sv5.auth

Preloader -    Uart:                  0x11002000
Preloader -    Brom payload addr:      0x100a00
Preloader -    DA payload addr:        0x201000
Preloader -    CQ_DMA addr:            0x10212000
Preloader -    Var1:                  0x25
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x766
Preloader - Target config:              0xe7
Preloader -    SBC enabled:            True
Preloader -    SLA enabled:            True
Preloader -    DAA enabled:            True
Preloader -    SWJTAG enabled:        True
Preloader -    EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -    Root cert required:    False
Preloader -    Mem read auth:          True
Preloader -    Mem write auth:        True
Preloader -    Cmd 0xC8 blocked:      True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -    HW subcode:            0x8a00
Preloader -    HW Ver:                0xca00
Preloader -    SW Ver:                0x0
Preloader - ME_ID:                      C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID:                    2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri RunPort - Device detected Smile
Preloader -    CPU:                    MT6765/MT8768t(Helio P35/G35)
Preloader -    HW version:            0x0
Preloader -    WDT:                    0x10007000
Preloader -    Uart:                  0x11002000
Preloader -    Brom payload addr:      0x100a00
Preloader -    DA payload addr:        0x201000
Preloader -    CQ_DMA addr:            0x10212000
Preloader -    Var1:                  0x25
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x766
Preloader - Target config:              0xe7
Preloader -    SBC enabled:            True
Preloader -    SLA enabled:            True
Preloader -    DAA enabled:            True
Preloader -    SWJTAG enabled:        True
Preloader -    EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -    Root cert required:    False
Preloader -    Mem read auth:          True
Preloader -    Mem write auth:        True
Preloader -    Cmd 0xC8 blocked:      True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -    HW subcode:            0x8a00
Preloader -    HW Ver:                0xca00
Preloader -    SW Ver:                0x0
Preloader - ME_ID:                      C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID:                    2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Runs
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DAXFlash - Boot to succeeded.
DAXFlash - Successfully uploaded stage 2
DAXFlash - DA SLA is disabled
DAXFlash - EMMC FWVer:      0x0
DAXFlash - EMMC ID:        Y2P064
DAXFlash - EMMC CID:        9b0100593250303634005d513fb51969
DAXFlash - EMMC Boot1 Size: 0x400000
DAXFlash - EMMC Boot2 Size: 0x400000
DAXFlash - EMMC GP1 Size:  0x0
DAXFlash - EMMC GP2 Size:  0x0
DAXFlash - EMMC GP3 Size:  0x0
DAXFlash - EMMC GP4 Size:  0x0
DAXFlash - EMMC RPMB Size:  0x1000000
DAXFlash - EMMC USER Size:  0xe8f800000
DAXFlash - HW-CODE        : 0x766
DAXFlash - HWSUB-CODE      : 0x8A00
DAXFlash - HW-VERSION      : 0xCA00
DAXFlash - SW-VERSION      : 0x0
DAXFlash - CHIP-EVOLUTION  : 0x0
DAXFlash - DA-VERSION      : 1.0
DAXFlash - Extensions were accepted. Jumping to extensions...
DAXFlash - Boot to succeeded.
DAXFlash - DA Extensions successfully added
Progress: |█---------| 6.2% Write (0x2000/0x20000, 05s left) 11.19 MB/s
DAXFlash - [LIB]: unpack requires a buffer of 12 bytes
Failed to write recovery.img to sector 2112 with sector count 131072.
DAXFlash
DAXFlash - [LIB]: Error on sending dev ctrl 262151:OK (0x0)
DaHandler
DaHandler - [LIB]: Error: Couldn't detect partition: vbmeta
Available partitions:
DAXFlash
DAXFlash - [LIB]: Error on sending dev ctrl 262151:OK (0x0)
DaHandler
DaHandler - [LIB]: Error: Couldn't detect partition: boot
Available partitions:


And when releasing the tweezers a bit sooner it does not even get as far as before:

mtk w recovery,vbmeta,boot recovery.img,vbmeta_disabled.img,boot.img --preloader preloader_12.5.img --auth auth_sv5.auth

Port - Device detected Smile
Preloader -    CPU:                    MT6765/MT8768t(Helio P35/G35)
Preloader -    HW version:            0x0
Preloader -    WDT:                    0x10007000
Preloader -    Uart:                  0x11002000
Preloader -    Brom payload addr:      0x100a00
Preloader -    DA payload addr:        0x201000
Preloader -    CQ_DMA addr:            0x10212000
Preloader -    Var1:                  0x25
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x766
Preloader - Target config:              0xe7
Preloader -    SBC enabled:            True
Preloader -    SLA enabled:            True
Preloader -    DAA enabled:            True
Preloader -    SWJTAG enabled:        True
Preloader -    EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -    Root cert required:    False
Preloader -    Mem read auth:          True
Preloader -    Mem write auth:        True
Preloader -    Cmd 0xC8 blocked:      True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -    HW subcode:            0x8a00
Preloader -    HW Ver:                0xca00
Preloader -    SW Ver:                0x0
Preloader - ME_ID:                      C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID:                    2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DeviceClass
DeviceClass - [LIB]: Device disconnected........

Before I've tried those commands above, I have first tried optimistically to restore the full system, but it flashed up to 90% of the preloader and then got stuck/disconnected:

mtk w preloader,recovery,cust,vbmeta_system,vbmeta_vendor,md1img,spmfw,scp1,scp2,sspm_1,sspm_2,lk,lk2,boot,logo,dtbo,tee1,tee2,super,vbmeta,cache preloader_12.5.img,recovery.img,cust.img,vbmeta_system.img,vbmeta_vendor.img,md1img.img,spmfw.img,scp1.img,scp2.img,sspm_1.img,sspm_2.img,lk.img,lk2.img,boot.img,logo.bin,dtbo.img,tee1.img,tee2.img,super.img,vbmeta.img,cache.img --preloader preloader_12.5.img --auth auth_sv5.auth


Hope I did not mess up here, I've assumed, perhaps wrongly, that flashing the preloader while possibly using it at the same time to flash its newer version does not affect the operation of it, i.e. that it is being used from some kind of hierarchically higher level faster operational memory system, or there is some kind of other atomicity providing protection mechanism available making it possible to use a preloader to flash "the preloader" without breaking one self in the middle of the process.

I suppose that power should not possibly be the issue? I am using a 2m data cable connected to a USB 2.0 port due to 3.0 being only at the back of the tower and much more trickier to reach for connecting fast enough. Since the battery has to be disconnected to access BROM and since most likely according to what I've read a bricked phone does not charge up anymore, all the power for the flashing has to be supplied by the USB cable I suppose, but USB 2.0 should provide enough for emmc operations I suppose...

I suppose tweaking the transmit buffer to 12 might be possibly a solution to the problem even in Windows, even though there is nothing in Windows in the logs/error messages hinting at it being so. Just hypothesizing, was not able to test it yet, due to enlighting coming upupon me only just now while assembling this post together....

Or is there possibly anything else I could try to do now that Test Point shorting became already a new second nature/habit?

Run bypass again, go back in SP Flash Tool, untick all and select only preloader then flash. Let's see if it works

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
guevara.janosik
guevara.janosik
guevara.janosik
Enthusiastic Member
11
05-12-2024, 03:20 PM
#7
Unfortunately it does not and other things neither in both Windows and Linux.

Windows - SP Flash Tool - Console:

Connecting to BROM...
Scanning USB port...
Search usb, timeout set as 3600000 ms
add@/devices/pci0000:00/0000:00:02.1/0000:02:00.0/0000:03:0c.0/0000:67:00.0/usb5/5-5/5-5.3

add@/devices/pci0000:00/0000:00:02.1/0000:02:00.0/0000:03:0c.0/0000:67:00.0/usb5/5-5/5-5.3/5-5.3:1.0

add@/devices/pci0000:00/0000:00:02.1/0000:02:00.0/0000:03:0c.0/0000:67:00.0/usb5/5-5/5-5.3/5-5.3:1.0/tty/ttyACM0

vid is 0e8d

device vid = 0e8d

pid is 0003

device pid = 0003

com portName is: /dev/ttyACM0

Total wait time = -1733374525.000000
USB port is obtained. path name(/dev/ttyACM0), port name(/dev/ttyACM0)
USB port detected: /dev/ttyACM0
Connect BROM failed: STATUS_ERR(-1073676287)
Disconnect!
BROM Exception! ( ERROR : STATUS_ERR (-1073676287) , MSP ERROE CODE : 0x00. Connecting to BROM...
Scanning USB port...
Search usb, timeout set as 3600000 ms
SearchUSBPortPool failed!
Failed to find USB port
Connect BROM failed: S_TIMEOUT(1042)
Disconnect!
User stopped.
Connecting to BROM...
Scanning USB port...
Search usb, timeout set as 3600000 ms
SearchUSBPortPool failed!
Failed to find USB port
Connect BROM failed: S_TIMEOUT(1042)
Disconnect!
User stopped.
Connecting to BROM...
Scanning USB port...
Search usb, timeout set as 3600000 ms
SearchUSBPortPool failed!
Failed to find USB port
Connect BROM failed: S_TIMEOUT(1042)
Disconnect!
User stopped.
Connecting to BROM...
Scanning USB port...
Search usb, timeout set as 3600000 ms
SearchUSBPortPool failed!
Failed to find USB port
Connect BROM failed: S_TIMEOUT(1042)
Disconnect!
User stopped.
Connecting to BROM...
Scanning USB port...
Search usb, timeout set as 3600000 ms
add@/devices/pci0000:00/0000:00:02.1/0000:02:00.0/0000:03:0c.0/0000:67:00.0/usb5/5-5/5-5.3

add@/devices/pci0000:00/0000:00:02.1/0000:02:00.0/0000:03:0c.0/0000:67:00.0/usb5/5-5/5-5.3/5-5.3:1.0

add@/devices/pci0000:00/0000:00:02.1/0000:02:00.0/0000:03:0c.0/0000:67:00.0/usb5/5-5/5-5.3/5-5.3:1.0/tty/ttyACM0

vid is 0e8d

device vid = 0e8d

pid is 0003

device pid = 0003

com portName is: /dev/ttyACM0

Total wait time = -1733374525.000000
USB port is obtained. path name(/dev/ttyACM0), port name(/dev/ttyACM0)
USB port detected: /dev/ttyACM0
Connect BROM failed: STATUS_ERR(-1073676287)
Disconnect!
BROM Exception! ( ERROR : STATUS_ERR (-1073676287) , MSP ERROE CODE : 0x00.


Windows - SP Flash Tool - ADPT_20241205-130101_0.log - in following post

Windows - SP Flash Tool - BROM_DLL_V5.log - too long to list, any way to attach a file?

Windows - SP Flash Tool - QT_FLASH_TOOL.log - in following post

Windows - SP Flash Tool - GLB_20241205-130228_0.log - in following post

Windows - mtkclient:

c:\\Python311\\python.exe c:\\Tools\\mtkclient\\mtk.py w preloader preloader_12.5.img --preloader preloader_12.5.img --auth auth_sv5.auth

Port - Device detected Smile
Preloader -    CPU:                    MT6765/MT8768t(Helio P35/G35)
Preloader -    HW version:            0x0
Preloader -    WDT:                    0x10007000
Preloader -    Uart:                  0x11002000
Preloader -    Brom payload addr:      0x100a00
Preloader -    DA payload addr:        0x201000
Preloader -    CQ_DMA addr:            0x10212000
Preloader -    Var1:                  0x25
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x766
Preloader - Target config:              0xe7
Preloader -    SBC enabled:            True
Preloader -    SLA enabled:            True
Preloader -    DAA enabled:            True
Preloader -    SWJTAG enabled:        True
Preloader -    EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -    Root cert required:    False
Preloader -    Mem read auth:          True
Preloader -    Mem write auth:        True
Preloader -    Cmd 0xC8 blocked:      True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -    HW subcode:            0x8a00
Preloader -    HW Ver:                0xca00
Preloader -    SW Ver:                0x0
Preloader - ME_ID:                      C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID:                    2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...                                                                                                                                                            12:52PLTools - Successfully sent payload: C:\Tools\mtkclient\mtkclient\payloads\mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DeviceClass - USBError(5, 'Input/Output Error')
DAXFlash
DAXFlash - [LIB]: Stage was't executed. Maybe dram issue ?.
DAXFlash
DAXFlash - [LIB]: Error on booting to da (xflash)


c:\\Python311\\python.exe c:\\Tools\\mtkclient\\mtk.py payload --auth auth_sv5.auth

Port - Device detected Smile
Preloader -    CPU:                    MT6765/MT8768t(Helio P35/G35)
Preloader -    HW version:            0x0
Preloader -    WDT:                    0x10007000
Preloader -    Uart:                  0x11002000
Preloader -    Brom payload addr:      0x100a00
Preloader -    DA payload addr:        0x201000
Preloader -    CQ_DMA addr:            0x10212000
Preloader -    Var1:                  0x25
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x766
Preloader - Target config:              0xe7
Preloader -    SBC enabled:            True
Preloader -    SLA enabled:            True
Preloader -    DAA enabled:            True
Preloader -    SWJTAG enabled:        True
Preloader -    EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -    Root cert required:    False
Preloader -    Mem read auth:          True
Preloader -    Mem write auth:        True
Preloader -    Cmd 0xC8 blocked:      True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -    HW subcode:            0x8a00
Preloader -    HW Ver:                0xca00
Preloader -    SW Ver:                0x0
Preloader - ME_ID:                      C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID:                    2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: C:\Tools\mtkclient\mtkclient\payloads\mt6765_payload.bin


Ubuntu Linux - lsusb:

Bus 005 Device 022: ID 0e8d:0003 MediaTek Inc. MT6227 phone
Device Descriptor:
  bLength                18
  bDescriptorType        1
  bcdUSB              1.10
  bDeviceClass            2 Communications
  bDeviceSubClass        0 [unknown]
  bDeviceProtocol        0
  bMaxPacketSize0        64
  idVendor          0x0e8d MediaTek Inc.
  idProduct          0x0003 MT6227 phone
  bcdDevice            1.00
  iManufacturer          0
  iProduct                0
  iSerial                0
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                9
    bDescriptorType        2
    wTotalLength      0x0043
    bNumInterfaces          2
    bConfigurationValue    1
    iConfiguration          0
    bmAttributes        0x80
      (Bus Powered)
    MaxPower                0mA
    Interface Descriptor:
      bLength                9
      bDescriptorType        4
      bInterfaceNumber        0
      bAlternateSetting      0
      bNumEndpoints          1
      bInterfaceClass        2 Communications
      bInterfaceSubClass      2 Abstract (modem)
      bInterfaceProtocol      1 AT-commands (v.25ter)
      iInterface              1 comm_if̦data_if̄Љ召
      CDC Header:
        bcdCDC              1.10
      CDC ACM:
        bmCapabilities      0x0f
          connection notifications
          sends break
          line coding and serial state
          get/set/clear comm features
      CDC Union:
        bMasterInterface        0
        bSlaveInterface        1
      CDC Call Management:
        bmCapabilities      0x03
          call management
          use DataInterface
        bDataInterface          1
      Endpoint Descriptor:
        bLength                7
        bDescriptorType        5
        bEndpointAddress    0x84  EP 4 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type              None
          Usage Type              Data
        wMaxPacketSize    0x0040  1x 64 bytes
        bInterval              1
    Interface Descriptor:
      bLength                9
      bDescriptorType        4
      bInterfaceNumber        1
      bAlternateSetting      0
      bNumEndpoints          2
      bInterfaceClass        10 CDC Data
      bInterfaceSubClass      0 [unknown]
      bInterfaceProtocol      0
      iInterface              2 data_if̄Љ召呪풅ཊꤛ漢䕄礤
      Endpoint Descriptor:
        bLength                7
        bDescriptorType        5
        bEndpointAddress    0x81  EP 1 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type              None
          Usage Type              Data
        wMaxPacketSize    0x0200  1x 512 bytes
        bInterval              0
      Endpoint Descriptor:
        bLength                7
        bDescriptorType        5
        bEndpointAddress    0x01  EP 1 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type              None
          Usage Type              Data
        wMaxPacketSize    0x0200  1x 512 bytes
        bInterval              0
Device Status:    0x0000
  (Bus Powered)


Ubuntu Linux - libusb:

Bus 005 Device 022: ID 0e8d:0003 MediaTek Inc. MT6227 phone
Device Descriptor:
  bLength                18
  bDescriptorType        1
  bcdUSB              1.10
  bDeviceClass            2 Communications
  bDeviceSubClass        0 [unknown]
  bDeviceProtocol        0
  bMaxPacketSize0        64
  idVendor          0x0e8d MediaTek Inc.
  idProduct          0x0003 MT6227 phone
  bcdDevice            1.00
  iManufacturer          0
  iProduct                0
  iSerial                0
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                9
    bDescriptorType        2
    wTotalLength      0x0043
    bNumInterfaces          2
    bConfigurationValue    1
    iConfiguration          0
    bmAttributes        0x80
      (Bus Powered)
    MaxPower                0mA
    Interface Descriptor:
      bLength                9
      bDescriptorType        4
      bInterfaceNumber        0
      bAlternateSetting      0
      bNumEndpoints          1
      bInterfaceClass        2 Communications
      bInterfaceSubClass      2 Abstract (modem)
      bInterfaceProtocol      1 AT-commands (v.25ter)
      iInterface              1 comm_if?data_if¯??
      CDC Header:
        bcdCDC              1.10
      CDC ACM:
        bmCapabilities      0x0f
          connection notifications
          sends break
          line coding and serial state
          get/set/clear comm features
      CDC Union:
        bMasterInterface        0
        bSlaveInterface        1
      CDC Call Management:
        bmCapabilities      0x03
          call management
          use DataInterface
        bDataInterface          1
      Endpoint Descriptor:
        bLength                7
        bDescriptorType        5
        bEndpointAddress    0x84  EP 4 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type              None
          Usage Type              Data
        wMaxPacketSize    0x0040  1x 64 bytes
        bInterval              1
    Interface Descriptor:
      bLength                9
      bDescriptorType        4
      bInterfaceNumber        1
      bAlternateSetting      0
      bNumEndpoints          2
      bInterfaceClass        10 CDC Data
      bInterfaceSubClass      0 [unknown]
      bInterfaceProtocol      0
      iInterface              2 data_if¯?????????
      Endpoint Descriptor:
        bLength                7
        bDescriptorType        5
        bEndpointAddress    0x81  EP 1 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type              None
          Usage Type              Data
        wMaxPacketSize    0x0200  1x 512 bytes
        bInterval              0
      Endpoint Descriptor:
        bLength                7
        bDescriptorType        5
        bEndpointAddress    0x01  EP 1 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type              None
          Usage Type              Data
        wMaxPacketSize    0x0200  1x 512 bytes
        bInterval              0
Device Status:    0x0000
  (Bus Powered)

Bus 005 Device 022: ID 0e8d:0003 MediaTek Inc. MT6227 phone
Device Descriptor:
  bLength                18
  bDescriptorType        1
  bcdUSB              1.10
  bDeviceClass            2 Communications
  bDeviceSubClass        0 [unknown]
  bDeviceProtocol        0
  bMaxPacketSize0        64
  idVendor          0x0e8d MediaTek Inc.
  idProduct          0x0003 MT6227 phone
  bcdDevice            1.00
  iManufacturer          0
  iProduct                0
  iSerial                0
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                9
    bDescriptorType        2
    wTotalLength      0x0043
    bNumInterfaces          2
    bConfigurationValue    1
    iConfiguration          0
    bmAttributes        0x80
      (Bus Powered)
    MaxPower                0mA
    Interface Descriptor:
      bLength                9
      bDescriptorType        4
      bInterfaceNumber        0
      bAlternateSetting      0
      bNumEndpoints          1
      bInterfaceClass        2 Communications
      bInterfaceSubClass      2 Abstract (modem)
      bInterfaceProtocol      1 AT-commands (v.25ter)
      iInterface              1 comm_if?data_if¯??
      CDC Header:
        bcdCDC              1.10
      CDC ACM:
        bmCapabilities      0x0f
          connection notifications
          sends break
          line coding and serial state
          get/set/clear comm features
      CDC Union:
        bMasterInterface        0
        bSlaveInterface        1
      CDC Call Management:
        bmCapabilities      0x03
          call management
          use DataInterface
        bDataInterface          1
      Endpoint Descriptor:
        bLength                7
        bDescriptorType        5
        bEndpointAddress    0x84  EP 4 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type              None
          Usage Type              Data
        wMaxPacketSize    0x0040  1x 64 bytes
        bInterval              1
    Interface Descriptor:
      bLength                9
      bDescriptorType        4
      bInterfaceNumber        1
      bAlternateSetting      0
      bNumEndpoints          2
      bInterfaceClass        10 CDC Data
      bInterfaceSubClass      0 [unknown]
      bInterfaceProtocol      0
      iInterface              2 data_if¯?????????
      Endpoint Descriptor:
        bLength                7
        bDescriptorType        5
        bEndpointAddress    0x81  EP 1 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type              None
          Usage Type              Data
        wMaxPacketSize    0x0200  1x 512 bytes
        bInterval              0
      Endpoint Descriptor:
        bLength                7
        bDescriptorType        5
        bEndpointAddress    0x01  EP 1 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type              None
          Usage Type              Data
        wMaxPacketSize    0x0200  1x 512 bytes
        bInterval              0
Device Status:    0x0000
  (Bus Powered)


Ubuntu Linux - mtkclient:

mtk dumpbrom
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
Preloader
Preloader - [LIB]: Auth file is required. Use --auth option.
PLTools - Kamakiri / DA Run
PLTools - Loading payload from generic_dump_payload.bin, 0xf4 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/generic_dump_payload.bin

Progress: |--------------------------------------------------| 100.0% Complete
PLTools - Dumped as:brom_MT6765_MT8768t_766.bin

mtk multi printgpt
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
Preloader
Preloader - [LIB]: Auth file is required. Use --auth option.
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DaHandler
DaHandler - [LIB]: Device is in BROM mode. No preloader given, trying to dump preloader from ram.
DaHandler
DaHandler - [LIB]: Failed to dump preloader from ram, provide a valid one via --preloader option
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - DRAM config needed for : 9b01005932503036
DAXFlash - No preloader given. Searching for preloader
DAXFlash
DAXFlash - [LIB]: No preloader given. Operation may fail due to missing dram setup.
DAXFlash - Uploading stage 2...
DAXFlash
DAXFlash - [LIB]: Error on sending data: DA hash mismatch (0xc0070004)
DAXFlash
DAXFlash - [LIB]: Error on boot to send_data, addr: 0x40000000
DAXFlash
DAXFlash - [LIB]: Error on booting to da (xflash)

mtk printgpt --auth auth_sv5.auth --preloader preloader_12.5.img
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

ArgHandler - O:Var1: 0x0

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DeviceClass
DeviceClass - [LIB]: Device disconnected


mtk printgpt --auth auth_sv5.auth --preloader preloader_12.5.img
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

ArgHandler - O:Var1: 0x0

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DeviceClass
DeviceClass - [LIB]: Device disconnected


mtk printgpt --auth auth_sv5.auth --preloader preloader_12.5.img
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

ArgHandler - O:Var1: 0x0

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DeviceClass
DeviceClass - [LIB]: Device disconnected

mtk r boot boot.bin --auth auth_sv5.auth --preloader preloader_12.5.img
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

ArgHandler - O:Var1: 0x0

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DeviceClass
DeviceClass - [LIB]: Device disconnected

mtk fs /mnt/mtk
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
Preloader
Preloader - [LIB]: Auth file is required. Use --auth option.
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DaHandler
DaHandler - [LIB]: Device is in BROM mode. No preloader given, trying to dump preloader from ram.
DaHandler
DaHandler - [LIB]: Failed to dump preloader from ram, provide a valid one via --preloader option
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DeviceClass
DeviceClass - [LIB]: Device disconnected

mtk crash --auth=auth_sv5.auth
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE

mtk w preloader preloader_k65v1_64_bsp.bin --auth=auth_sv5.auth --preloader=preloader_12.5.img
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

ArgHandler - O:Var1: 0x0

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DeviceClass
DeviceClass - [LIB]: Device disconnected


mtk w preloader preloader_k65v1_64_bsp.bin --auth=auth_sv5.auth --preloader=preloader_12.5.img
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

ArgHandler - O:Var1: 0x0

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DeviceClass
DeviceClass - [LIB]: Device disconnected


mtk w preloader preloader_k65v1_64_bsp.bin --auth=auth_sv5.auth --preloader=preloader_12.5.img
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

ArgHandler - O:Var1: 0x0

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DeviceClass
DeviceClass - [LIB]: Device disconnected


mtk w preloader preloader_k65v1_64_bsp.bin --auth=auth_sv5.auth --preloader=preloader_12.5.img
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

ArgHandler - O:Var1: 0x0

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DeviceClass
DeviceClass - [LIB]: Device disconnected

mtk w preloader preloader_k65v1_64_bsp.bin --auth=auth_sv5.auth --preloader=preloader_12.5.img
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

ArgHandler - O:Var1: 0x0

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DeviceClass
DeviceClass - [LIB]: Device disconnected


mtk w preloader preloader_k65v1_64_bsp.bin --auth=auth_sv5.auth --preloader=preloader_12.5.img
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

ArgHandler - O:Var1: 0x0

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DeviceClass
DeviceClass - [LIB]: Device disconnected


mtk da seccfg unlock --auth=auth_sv5.auth --preloader=preloader_12.5.img
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/mt6765_payload.bin
Port - Device detected Smile
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DeviceClass
DeviceClass - [LIB]: Device disconnected


mtk stage --auth=auth_sv5.auth
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
Main - Uploading stage 1
PLTools - Loading payload from generic_stage1_payload.bin, 0x3e8 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/generic_stage1_payload.bin
Main - Successfully uploaded stage 1, sending stage 2
Main - Done sending stage2, size 0x4000.
Main - Done jumping stage2 at 00201000
Main - Successfully loaded stage2


mtk stage --auth=auth_sv5.auth
MTK Flash/Exploit Client Public V2.0.1 © B.Kerler 2018-2024

Port - Device detected Smile
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: C423B5BCBBF9DB3E3DAECAEE616F2D17
Preloader - SOC_ID: 2F7D0D3101884B36A444DD3BCBF4185588E5E647951C14BC0015864D501E9CBE
Main - Uploading stage 1
PLTools - Loading payload from generic_stage1_payload.bin, 0x3e8 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/savant/.local/share/pipx/venvs/mtkclient/lib/python3.12/site-packages/mtkclient/payloads/generic_stage1_payload.bin
Main - Successfully uploaded stage 1, sending stage 2
Main - Done sending stage2, size 0x4000.
Main - Done jumping stage2 at 00201000
Main - Successfully loaded stage2
guevara.janosik
guevara.janosik
guevara.janosik
Enthusiastic Member
11
05-12-2024, 03:21 PM
#8
Windows - SP Flash Tool - ADPT_20241205-130101_0.log:

[0000001] [13:01:01:274354] [Tid0x00009960] [debug] -->[C1] DL_LoadScatter #(api.cpp, line:2498)
[0000002] [13:01:01:289363] [Tid0x00009960] [debug] used lib version: 2 #(api.cpp, line:2520)
[0000003] [13:01:01:289363] [Tid0x00009960] [debug] <--[C1] DL_LoadScatter
[0000004] [13:01:01:289363] [Tid0x00009960] [debug] -->[C2] DL_AutoLoadRomImages #(api.cpp, line:2720)
[0000005] [13:01:01:300107] [Tid0x00009960] [debug] <--[C2] DL_AutoLoadRomImages
[0000006] [13:01:01:329699] [Tid0x00009c94] [debug] -->[C3] DL_GetScatterInfo #(api.cpp, line:2741)
[0000007] [13:01:01:329699] [Tid0x00009c94] [debug] <--[C3] DL_GetScatterInfo
[0000008] [13:01:01:330202] [Tid0x00009c94] [debug] -->[C4] DL_GetScatterInfo #(api.cpp, line:2741)
[0000009] [13:01:01:330202] [Tid0x00009c94] [debug] <--[C4] DL_GetScatterInfo
[0000010] [13:01:01:333205] [Tid0x00009c94] [debug] -->[C5] DL_GetScatterInfo #(api.cpp, line:2741)
[0000011] [13:01:01:333205] [Tid0x00009c94] [debug] <--[C5] DL_GetScatterInfo
[0000012] [13:01:01:333205] [Tid0x00009c94] [debug] -->[C6] DL_GetScatterInfo #(api.cpp, line:2741)
[0000013] [13:01:01:333205] [Tid0x00009c94] [debug] <--[C6] DL_GetScatterInfo
[0000014] [13:01:01:335207] [Tid0x00009c94] [debug] -->[C7] DL_GetCount #(api.cpp, line:2640)
[0000015] [13:01:01:335207] [Tid0x00009c94] [debug] <--[C7] DL_GetCount
[0000016] [13:01:01:335207] [Tid0x00009c94] [debug] -->[C8] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000017] [13:01:01:335207] [Tid0x00009c94] [debug] <--[C8] DL_Rom_GetInfoAll
[0000018] [13:01:01:337208] [Tid0x00009c94] [debug] -->[C9] DL_GetScatterInfo #(api.cpp, line:2741)
[0000019] [13:01:01:337208] [Tid0x00009c94] [debug] <--[C9] DL_GetScatterInfo
[0000020] [13:01:01:338210] [Tid0x00009c94] [debug] -->[C10] DL_GetCount #(api.cpp, line:2640)
[0000021] [13:01:01:338210] [Tid0x00009c94] [debug] <--[C10] DL_GetCount
[0000022] [13:01:01:338210] [Tid0x00009c94] [debug] -->[C11] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000023] [13:01:01:338210] [Tid0x00009c94] [debug] <--[C11] DL_Rom_GetInfoAll
[0000024] [13:01:01:340232] [Tid0x00009c94] [debug] -->[C12] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000025] [13:01:01:340232] [Tid0x00009c94] [debug] <--[C12] DL_Rom_SetEnableAttr
[0000026] [13:01:01:340232] [Tid0x00009c94] [debug] -->[C13] DL_GetCount #(api.cpp, line:2640)
[0000027] [13:01:01:341240] [Tid0x00009c94] [debug] <--[C13] DL_GetCount
[0000028] [13:01:01:341240] [Tid0x00009c94] [debug] -->[C14] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000029] [13:01:01:341240] [Tid0x00009c94] [debug] <--[C14] DL_Rom_GetInfoAll
[0000030] [13:01:01:342237] [Tid0x00009c94] [debug] -->[C15] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000031] [13:01:01:343240] [Tid0x00009c94] [debug] <--[C15] DL_Rom_SetEnableAttr
[0000032] [13:01:01:343240] [Tid0x00009c94] [debug] -->[C16] DL_GetCount #(api.cpp, line:2640)
[0000033] [13:01:01:343240] [Tid0x00009c94] [debug] <--[C16] DL_GetCount
[0000034] [13:01:01:343240] [Tid0x00009c94] [debug] -->[C17] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000035] [13:01:01:343240] [Tid0x00009c94] [debug] <--[C17] DL_Rom_GetInfoAll
[0000036] [13:01:01:345239] [Tid0x00009c94] [debug] -->[C18] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000037] [13:01:01:345239] [Tid0x00009c94] [debug] <--[C18] DL_Rom_SetEnableAttr
[0000038] [13:01:01:345239] [Tid0x00009c94] [debug] -->[C19] DL_GetCount #(api.cpp, line:2640)
[0000039] [13:01:01:345239] [Tid0x00009c94] [debug] <--[C19] DL_GetCount
[0000040] [13:01:01:345239] [Tid0x00009c94] [debug] -->[C20] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000041] [13:01:01:345239] [Tid0x00009c94] [debug] <--[C20] DL_Rom_GetInfoAll
[0000042] [13:01:01:347238] [Tid0x00009c94] [debug] -->[C21] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000043] [13:01:01:347238] [Tid0x00009c94] [debug] <--[C21] DL_Rom_SetEnableAttr
[0000044] [13:01:01:347238] [Tid0x00009c94] [debug] -->[C22] DL_GetCount #(api.cpp, line:2640)
[0000045] [13:01:01:347238] [Tid0x00009c94] [debug] <--[C22] DL_GetCount
[0000046] [13:01:01:347238] [Tid0x00009c94] [debug] -->[C23] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000047] [13:01:01:347238] [Tid0x00009c94] [debug] <--[C23] DL_Rom_GetInfoAll
[0000048] [13:01:01:349238] [Tid0x00009c94] [debug] -->[C24] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000049] [13:01:01:349238] [Tid0x00009c94] [debug] <--[C24] DL_Rom_SetEnableAttr
[0000050] [13:01:01:349238] [Tid0x00009c94] [debug] -->[C25] DL_GetCount #(api.cpp, line:2640)
[0000051] [13:01:01:349238] [Tid0x00009c94] [debug] <--[C25] DL_GetCount
[0000052] [13:01:01:349238] [Tid0x00009c94] [debug] -->[C26] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000053] [13:01:01:349745] [Tid0x00009c94] [debug] <--[C26] DL_Rom_GetInfoAll
[0000054] [13:01:01:351256] [Tid0x00009c94] [debug] -->[C27] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000055] [13:01:01:351256] [Tid0x00009c94] [debug] <--[C27] DL_Rom_SetEnableAttr
[0000056] [13:01:01:351256] [Tid0x00009c94] [debug] -->[C28] DL_GetCount #(api.cpp, line:2640)
[0000057] [13:01:01:351256] [Tid0x00009c94] [debug] <--[C28] DL_GetCount
[0000058] [13:01:01:351256] [Tid0x00009c94] [debug] -->[C29] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000059] [13:01:01:352258] [Tid0x00009c94] [debug] <--[C29] DL_Rom_GetInfoAll
[0000060] [13:01:01:353258] [Tid0x00009c94] [debug] -->[C30] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000061] [13:01:01:353258] [Tid0x00009c94] [debug] <--[C30] DL_Rom_SetEnableAttr
[0000062] [13:01:01:353258] [Tid0x00009c94] [debug] -->[C31] DL_GetCount #(api.cpp, line:2640)
[0000063] [13:01:01:353258] [Tid0x00009c94] [debug] <--[C31] DL_GetCount
[0000064] [13:01:01:353258] [Tid0x00009c94] [debug] -->[C32] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000065] [13:01:01:354258] [Tid0x00009c94] [debug] <--[C32] DL_Rom_GetInfoAll
[0000066] [13:01:01:355254] [Tid0x00009c94] [debug] -->[C33] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000067] [13:01:01:355254] [Tid0x00009c94] [debug] <--[C33] DL_Rom_SetEnableAttr
[0000068] [13:01:01:355254] [Tid0x00009c94] [debug] -->[C34] DL_GetCount #(api.cpp, line:2640)
[0000069] [13:01:01:356255] [Tid0x00009c94] [debug] <--[C34] DL_GetCount
[0000070] [13:01:01:356255] [Tid0x00009c94] [debug] -->[C35] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000071] [13:01:01:356255] [Tid0x00009c94] [debug] <--[C35] DL_Rom_GetInfoAll
[0000072] [13:01:01:357258] [Tid0x00009c94] [debug] -->[C36] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000073] [13:01:01:357258] [Tid0x00009c94] [debug] <--[C36] DL_Rom_SetEnableAttr
[0000074] [13:01:01:358258] [Tid0x00009c94] [debug] -->[C37] DL_GetCount #(api.cpp, line:2640)
[0000075] [13:01:01:358258] [Tid0x00009c94] [debug] <--[C37] DL_GetCount
[0000076] [13:01:01:358258] [Tid0x00009c94] [debug] -->[C38] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000077] [13:01:01:358258] [Tid0x00009c94] [debug] <--[C38] DL_Rom_GetInfoAll
[0000078] [13:01:01:359764] [Tid0x00009c94] [debug] -->[C39] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000079] [13:01:01:359764] [Tid0x00009c94] [debug] <--[C39] DL_Rom_SetEnableAttr
[0000080] [13:01:01:360271] [Tid0x00009c94] [debug] -->[C40] DL_GetCount #(api.cpp, line:2640)
[0000081] [13:01:01:360271] [Tid0x00009c94] [debug] <--[C40] DL_GetCount
[0000082] [13:01:01:360271] [Tid0x00009c94] [debug] -->[C41] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000083] [13:01:01:360271] [Tid0x00009c94] [debug] <--[C41] DL_Rom_GetInfoAll
[0000084] [13:01:01:362068] [Tid0x00009c94] [debug] -->[C42] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000085] [13:01:01:362068] [Tid0x00009c94] [debug] <--[C42] DL_Rom_SetEnableAttr
[0000086] [13:01:01:362068] [Tid0x00009c94] [debug] -->[C43] DL_GetCount #(api.cpp, line:2640)
[0000087] [13:01:01:362068] [Tid0x00009c94] [debug] <--[C43] DL_GetCount
[0000088] [13:01:01:362068] [Tid0x00009c94] [debug] -->[C44] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000089] [13:01:01:362576] [Tid0x00009c94] [debug] <--[C44] DL_Rom_GetInfoAll
[0000090] [13:01:01:363584] [Tid0x00009c94] [debug] -->[C45] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000091] [13:01:01:363584] [Tid0x00009c94] [debug] <--[C45] DL_Rom_SetEnableAttr
[0000092] [13:01:01:363584] [Tid0x00009c94] [debug] -->[C46] DL_GetCount #(api.cpp, line:2640)
[0000093] [13:01:01:363584] [Tid0x00009c94] [debug] <--[C46] DL_GetCount
[0000094] [13:01:01:363584] [Tid0x00009c94] [debug] -->[C47] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000095] [13:01:01:364584] [Tid0x00009c94] [debug] <--[C47] DL_Rom_GetInfoAll
[0000096] [13:01:01:365584] [Tid0x00009c94] [debug] -->[C48] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000097] [13:01:01:365584] [Tid0x00009c94] [debug] <--[C48] DL_Rom_SetEnableAttr
[0000098] [13:01:01:365584] [Tid0x00009c94] [debug] -->[C49] DL_GetCount #(api.cpp, line:2640)
[0000099] [13:01:01:366585] [Tid0x00009c94] [debug] <--[C49] DL_GetCount
[0000100] [13:01:01:366585] [Tid0x00009c94] [debug] -->[C50] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000101] [13:01:01:366585] [Tid0x00009c94] [debug] <--[C50] DL_Rom_GetInfoAll
[0000102] [13:01:01:367583] [Tid0x00009c94] [debug] -->[C51] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000103] [13:01:01:367583] [Tid0x00009c94] [debug] <--[C51] DL_Rom_SetEnableAttr
[0000104] [13:01:01:368584] [Tid0x00009c94] [debug] -->[C52] DL_GetCount #(api.cpp, line:2640)
[0000105] [13:01:01:368584] [Tid0x00009c94] [debug] <--[C52] DL_GetCount
[0000106] [13:01:01:368584] [Tid0x00009c94] [debug] -->[C53] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000107] [13:01:01:368584] [Tid0x00009c94] [debug] <--[C53] DL_Rom_GetInfoAll
[0000108] [13:01:01:370090] [Tid0x00009c94] [debug] -->[C54] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000109] [13:01:01:370090] [Tid0x00009c94] [debug] <--[C54] DL_Rom_SetEnableAttr
[0000110] [13:01:01:370597] [Tid0x00009c94] [debug] -->[C55] DL_GetCount #(api.cpp, line:2640)
[0000111] [13:01:01:370597] [Tid0x00009c94] [debug] <--[C55] DL_GetCount
[0000112] [13:01:01:370597] [Tid0x00009c94] [debug] -->[C56] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000113] [13:01:01:370597] [Tid0x00009c94] [debug] <--[C56] DL_Rom_GetInfoAll
[0000114] [13:01:01:371605] [Tid0x00009c94] [debug] -->[C57] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000115] [13:01:01:371605] [Tid0x00009c94] [debug] <--[C57] DL_Rom_SetEnableAttr
[0000116] [13:01:01:371605] [Tid0x00009c94] [debug] -->[C58] DL_GetCount #(api.cpp, line:2640)
[0000117] [13:01:01:372605] [Tid0x00009c94] [debug] <--[C58] DL_GetCount
[0000118] [13:01:01:372605] [Tid0x00009c94] [debug] -->[C59] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000119] [13:01:01:372605] [Tid0x00009c94] [debug] <--[C59] DL_Rom_GetInfoAll
[0000120] [13:01:01:373604] [Tid0x00009c94] [debug] -->[C60] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000121] [13:01:01:373604] [Tid0x00009c94] [debug] <--[C60] DL_Rom_SetEnableAttr
[0000122] [13:01:01:374605] [Tid0x00009c94] [debug] -->[C61] DL_GetCount #(api.cpp, line:2640)
[0000123] [13:01:01:374605] [Tid0x00009c94] [debug] <--[C61] DL_GetCount
[0000124] [13:01:01:374605] [Tid0x00009c94] [debug] -->[C62] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000125] [13:01:01:374605] [Tid0x00009c94] [debug] <--[C62] DL_Rom_GetInfoAll
[0000126] [13:01:01:375603] [Tid0x00009c94] [debug] -->[C63] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000127] [13:01:01:375603] [Tid0x00009c94] [debug] <--[C63] DL_Rom_SetEnableAttr
[0000128] [13:01:01:376605] [Tid0x00009c94] [debug] -->[C64] DL_GetCount #(api.cpp, line:2640)
[0000129] [13:01:01:376605] [Tid0x00009c94] [debug] <--[C64] DL_GetCount
[0000130] [13:01:01:376605] [Tid0x00009c94] [debug] -->[C65] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000131] [13:01:01:376605] [Tid0x00009c94] [debug] <--[C65] DL_Rom_GetInfoAll
[0000132] [13:01:01:377605] [Tid0x00009c94] [debug] -->[C66] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000133] [13:01:01:377605] [Tid0x00009c94] [debug] <--[C66] DL_Rom_SetEnableAttr
[0000134] [13:01:01:377605] [Tid0x00009c94] [debug] -->[C67] DL_GetCount #(api.cpp, line:2640)
[0000135] [13:01:01:378605] [Tid0x00009c94] [debug] <--[C67] DL_GetCount
[0000136] [13:01:01:378605] [Tid0x00009c94] [debug] -->[C68] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000137] [13:01:01:378605] [Tid0x00009c94] [debug] <--[C68] DL_Rom_GetInfoAll
[0000138] [13:01:01:380111] [Tid0x00009c94] [debug] -->[C69] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000139] [13:01:01:380111] [Tid0x00009c94] [debug] <--[C69] DL_Rom_SetEnableAttr
[0000140] [13:01:01:380111] [Tid0x00009c94] [debug] -->[C70] DL_GetCount #(api.cpp, line:2640)
[0000141] [13:01:01:380618] [Tid0x00009c94] [debug] <--[C70] DL_GetCount
[0000142] [13:01:01:380618] [Tid0x00009c94] [debug] -->[C71] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000143] [13:01:01:380677] [Tid0x00009c94] [debug] <--[C71] DL_Rom_GetInfoAll
[0000144] [13:01:01:382623] [Tid0x00009c94] [debug] -->[C72] DL_Rom_SetEnableAttr #(api.cpp, line:2859)
[0000145] [13:01:01:382623] [Tid0x00009c94] [debug] <--[C72] DL_Rom_SetEnableAttr
[0000146] [13:01:01:384043] [Tid0x00009c94] [debug] -->[C73] DL_SetChecksumLevel #(api.cpp, line:2540)
[0000147] [13:01:01:384043] [Tid0x00009c94] [debug] <--[C73] DL_SetChecksumLevel
[0000148] [13:02:28:796121] [Tid0x00009c94] [debug] -->[C74] DL_GetCount #(api.cpp, line:2640)
[0000149] [13:02:28:796121] [Tid0x00009c94] [debug] <--[C74] DL_GetCount
[0000150] [13:02:28:796121] [Tid0x00009c94] [debug] -->[C75] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000151] [13:02:28:796121] [Tid0x00009c94] [debug] <--[C75] DL_Rom_GetInfoAll
[0000152] [13:02:28:798119] [Tid0x00009c94] [debug] -->[C76] DL_GetCount #(api.cpp, line:2640)
[0000153] [13:02:28:798119] [Tid0x00009c94] [debug] <--[C76] DL_GetCount
[0000154] [13:02:28:798119] [Tid0x00009c94] [debug] -->[C77] DL_Rom_GetInfoAll #(api.cpp, line:2805)
[0000155] [13:02:28:798119] [Tid0x00009c94] [debug] <--[C77] DL_Rom_GetInfoAll
[0000156] [13:02:28:799622] [Tid0x00001d98] [debug] -->[C78] FlashTool_Connect_BROM_ByName #(api.cpp, line:1983)
[0000157] [13:02:28:799622] [Tid0x00001d98] [debug] -->[C79] FlashTool_Connect_BROM_Ex #(api.cpp, line:1881)
[0000158] [13:02:28:799622] [Tid0x00001d98] [debug] bCheckScatter: 1 #(api.cpp, line:1883)
[0000159] [13:02:28:799622] [Tid0x00001d98] [debug] have load scatter already #(api.cpp, line:1887)
[0000160] [13:02:28:799622] [Tid0x00001d98] [debug] libversion 2 #(api.cpp, line:1904)
[0000161] [13:02:28:799622] [Tid0x00001d98] [debug] -->[C80] cflashtool_api::FlashTool_Connect_BROM_Ex #(cflashtool_api.cpp, line:1023)
[0000162] [13:02:28:841917] [Tid0x00001d98] [warning] NOT support GetSupportModem API on chip MT6765 #(cflashtool_api.cpp, line:2414)
[0000163] [13:02:28:841917] [Tid0x00001d98] [warning] Get support Modem fail: 0xc0010003 #(cflashtool_api.cpp, line:1144)
[0000164] [13:02:28:842917] [Tid0x00001d98] [debug] connect_brom_ex OK #(cflashtool_api.cpp, line:1196)
[0000165] [13:02:28:842917] [Tid0x00001d98] [debug] <--[C80] cflashtool_api::FlashTool_Connect_BROM_Ex
[0000166] [13:02:28:842917] [Tid0x00001d98] [debug] <--[C79] FlashTool_Connect_BROM_Ex
[0000167] [13:02:28:842917] [Tid0x00001d98] [debug] <--[C78] FlashTool_Connect_BROM_ByName
[0000168] [13:02:28:842917] [Tid0x00001d98] [debug] -->[C81] FlashTool_GetBootResult #(api.cpp, line:1995)
[0000169] [13:02:28:842917] [Tid0x00001d98] [debug] <--[C81] FlashTool_GetBootResult
[0000170] [13:02:28:843649] [Tid0x00001d98] [debug] -->[C82] FlashTool_Connect_Download_DA #(api.cpp, line:2015)
[0000171] [13:02:28:843649] [Tid0x00001d98] [debug] bCheckScatter: 1 #(api.cpp, line:2016)
[0000172] [13:02:28:843649] [Tid0x00001d98] [debug] -->[C83] cflashtool_api::FlashTool_Connect_Download_DA #(cflashtool_api.cpp, line:1341)
[0000173] [13:02:28:843649] [Tid0x00001d98] [debug] bCheckScatter: 1 #(cflashtool_api.cpp, line:1342)
[0000174] [13:02:28:843649] [Tid0x00001d98] [debug] da_source type: 0 #(cflashtool_api.cpp, line:1371)
[0000175] [13:02:28:843649] [Tid0x00001d98] [debug] checksum_level: 0,  battery_setting: 2, reset_key_setting: 104 #(cflashtool_api.cpp, line:1472)
[0000176] [13:02:28:843649] [Tid0x00001d98] [debug] connect_da_end_stage: 2,  enable_dram_in_1st_da: 0, da_log_level: 0 #(cflashtool_api.cpp, line:1474)
[0000177] [13:05:30:732202] [Tid0x00001d98] [debug] <--[C83] cflashtool_api::FlashTool_Connect_Download_DA
[0000178] [13:05:30:732202] [Tid0x00001d98] [debug] <--[C82] FlashTool_Connect_Download_DA
[0000179] [13:05:30:732857] [Tid0x00001d98] [debug] -->[C84] FlashTool_Disconnect #(api.cpp, line:1035)
[0000180] [13:05:30:732857] [Tid0x00001d98] [debug] -->[C85] cflashtool_api::FlashTool_Disconnect #(cflashtool_api.cpp, line:33)
[0000181] [13:05:30:732857] [Tid0x00001d98] [debug] -->[C86] DL_ClearFTHandle #(api.cpp, line:2562)
[0000182] [13:05:30:732857] [Tid0x00001d98] [debug] <--[C86] DL_ClearFTHandle
[0000183] [13:05:30:732857] [Tid0x00001d98] [debug] <--[C85] cflashtool_api::FlashTool_Disconnect
[0000184] [13:05:30:732857] [Tid0x00001d98] [debug] <--[C84] FlashTool_Disconnect
[0000185] [13:07:34:322351] [Tid0x00009c94] [debug] -->[C87] DL_Rom_UnloadAll #(api.cpp, line:2848)
[0000186] [13:07:34:323410] [Tid0x00009c94] [debug] <--[C87] DL_Rom_UnloadAll
guevara.janosik
guevara.janosik
guevara.janosik
Enthusiastic Member
11
05-12-2024, 03:22 PM
#9
Windows - SP Flash Tool - GLB_20241205-130228_0.log:

[00000001] [13:02:28:800625] [Tid0x00001d98] [info] -->[C1] flashtool_create_session_with_handle #(undocument_api.cpp, line:80)
[00000002] [13:02:28:801129] [Tid0x00001d98] [info] create new hsession 0x3bd89a0 #(kernel.cpp, line:91)
[00000003] [13:02:28:801129] [Tid0x00001d98] [info] <--[C1] flashtool_create_session_with_handle
[00000004] [13:02:28:801129] [Tid0x00001d98] [info] -->[C3] flashtool_connect_brom #(flashtoolex_api.cpp, line:119)
[00000005] [13:02:28:801129] [Tid0x00001d98] [debug] -->[C4] connection::connect_brom #(connection.cpp, line:90)
[00000006] [13:02:28:801129] [Tid0x00001d98] [info] (1/2)connecting brom. #(connection.cpp, line:93)
[00000007] [13:02:28:801129] [Tid0x00001d98] [info] CFG: File Not Found: D:\hacking-mobile\Redmi.9C.NFC\no.auth\REDMI+9C+NO+AUTH\SP_Flash_Tool_v5.1804_Win\lib.cfg.xml #(lib_config_parser.cpp, line:28)
[00000008] [13:02:28:801129] [Tid0x00001d98] [info] -->[C5] comm_engine::open #(comm_engine.cpp, line:63)
[00000009] [13:02:28:801129] [Tid0x00001d98] [info] try to open device: \\.\COM3 baud rate 115200 #(comm_engine.cpp, line:71)
[00000010] [13:02:28:835160] [Tid0x00001d98] [info] \\.\COM3 open complete. #(comm_engine.cpp, line:168)
[00000011] [13:02:28:836160] [Tid0x00001d98] [info] <--[C5] comm_engine::open
[00000012] [13:02:28:836160] [Tid0x00001d98] [debug] -->[C6] boot_rom:Confusedet_transfer_channel #(boot_rom.cpp, line:37)
[00000013] [13:02:28:836160] [Tid0x00001d98] [debug] <--[C6] boot_rom:Confusedet_transfer_channel
[00000014] [13:02:28:836160] [Tid0x00001d98] [debug] -->[C7] boot_rom::connect #(boot_rom.cpp, line:43)
[00000015] [13:02:28:836160] [Tid0x00001d98] [info] start handshake with device. #(boot_rom.cpp, line:51)
[00000016] [13:02:28:836160] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[a0 ]
[00000017] [13:02:28:836160] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[5f ]
[00000018] [13:02:28:836160] [Tid0x00001d98] [debug] send 0xA0. receive 0x5F #(boot_rom.cpp, line:94)
[00000019] [13:02:28:836160] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[0a ]
[00000020] [13:02:28:836160] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[f5 ]
[00000021] [13:02:28:836160] [Tid0x00001d98] [debug] send 0x0A. receive 0xF5 #(boot_rom.cpp, line:94)
[00000022] [13:02:28:836160] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[50 ]
[00000023] [13:02:28:836160] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[af ]
[00000024] [13:02:28:836160] [Tid0x00001d98] [debug] send 0x50. receive 0xAF #(boot_rom.cpp, line:94)
[00000025] [13:02:28:836160] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[05 ]
[00000026] [13:02:28:836160] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[fa ]
[00000027] [13:02:28:836160] [Tid0x00001d98] [debug] send 0x05. receive 0xFA #(boot_rom.cpp, line:94)
[00000028] [13:02:28:836160] [Tid0x00001d98] [debug] <--[C7] boot_rom::connect
[00000029] [13:02:28:836160] [Tid0x00001d98] [info] (2/2)security verify tool and DA. #(connection.cpp, line:128)
[00000030] [13:02:28:836160] [Tid0x00001d98] [debug] -->[C16] boot_rom_logic:Confusedecurity_verify_connection #(boot_rom_logic.cpp, line:40)
[00000031] [13:02:28:836160] [Tid0x00001d98] [debug] -->[C17] boot_rom::get_preloader_version #(boot_rom.cpp, line:873)
[00000032] [13:02:28:837160] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[fe ]
[00000033] [13:02:28:838159] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[fe ]
[00000034] [13:02:28:838159] [Tid0x00001d98] [info] brom connection. not preloader. #(boot_rom.cpp, line:884)
[00000035] [13:02:28:838159] [Tid0x00001d98] [debug] <--[C17] boot_rom::get_preloader_version
[00000036] [13:02:28:838159] [Tid0x00001d98] [debug] -->[C20] boot_rom::get_get_me_id #(boot_rom.cpp, line:1108)
[00000037] [13:02:28:838159] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[e1 ]
[00000038] [13:02:28:838159] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[e1 ]
[00000039] [13:02:28:838159] [Tid0x00001d98] [debug] <-Rx: 0x00000004 Hex[00 00 00 10 ]
[00000040] [13:02:28:838159] [Tid0x00001d98] [debug] <-Rx: 0x00000010 Hex[c4 23 b5 bc bb f9 db 3e 3d ae ca ee 61 6f 2d 17 ]
[00000041] [13:02:28:838159] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000042] [13:02:28:838159] [Tid0x00001d98] [debug] <--[C20] boot_rom::get_get_me_id
[00000043] [13:02:28:838159] [Tid0x00001d98] [info] ME ID: [c4 23 b5 bc bb f9 db 3e 3d ae ca ee 61 6f 2d 17 ] #(boot_rom_logic.cpp, line:59)
[00000044] [13:02:28:838159] [Tid0x00001d98] [info] ME ID: [c4 23 b5 bc bb f9 db 3e 3d ae ca ee 61 6f 2d 17 ] #(boot_rom_logic.cpp, line:60)
[00000045] [13:02:28:838159] [Tid0x00001d98] [debug] -->[C26] boot_rom::get_chip_id #(boot_rom.cpp, line:109)
[00000046] [13:02:28:838159] [Tid0x00001d98] [info] get chip id  #(boot_rom.cpp, line:110)
[00000047] [13:02:28:838159] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[fd ]
[00000048] [13:02:28:838159] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[fd ]
[00000049] [13:02:28:838159] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[07 66 ]
[00000050] [13:02:28:838159] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000051] [13:02:28:838159] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[fc ]
[00000052] [13:02:28:838159] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[fc ]
[00000053] [13:02:28:838159] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[8a 00 ]
[00000054] [13:02:28:838159] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[ca 00 ]
[00000055] [13:02:28:838159] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000056] [13:02:28:838159] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000057] [13:02:28:838159] [Tid0x00001d98] [info] CFG: File Not Found: D:\hacking-mobile\Redmi.9C.NFC\no.auth\REDMI+9C+NO+AUTH\SP_Flash_Tool_v5.1804_Win\chip.mapping.cfg.xml #(lib_config_parser.cpp, line:28)
[00000058] [13:02:28:838159] [Tid0x00001d98] [info] Chip hw code revised from 0x766 to 0x6765. #(chip_mapping.cpp, line:167)
[00000059] [13:02:28:838159] [Tid0x00001d98] [info] chip id: hw_code[0x6765] hw_sub_code[0x8A00] hw_version[0xCA00] sw_version[0x0] #(boot_rom.cpp, line:175)
[00000060] [13:02:28:838159] [Tid0x00001d98] [debug] <--[C26] boot_rom::get_chip_id
[00000061] [13:02:28:838159] [Tid0x00001d98] [info] Print BROM log: #(boot_rom_logic.cpp, line:68)
[00000062] [13:02:28:838159] [Tid0x00001d98] [debug] -->[C37] boot_rom::print_bootrom_log #(boot_rom.cpp, line:1333)
[00000063] [13:02:28:839663] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[df ]
[00000064] [13:02:28:839663] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[df ]
[00000065] [13:02:28:839663] [Tid0x00001d98] [debug] <-Rx: 0x00000004 Hex[00 00 00 9e ]
[00000066] [13:02:28:839663] [Tid0x00001d98] [debug] BROM log message length: 158 #(boot_rom.cpp, line:1350)
[00000067] [13:02:28:839663] [Tid0x00001d98] [debug] <-Rx: 0x0000009e Hex[0a 0d 46 30 3a 20 31 30 32 42 20 30 30 30 30 0a ]
[00000068] [13:02:28:839663] [Tid0x00001d98] [debug] *****************bootrom_log*****************


F0: 102B 0000

F3: 1006 0037 [0200]

F3: 4000 00E0 [0200]

F3: 1006 0037

F3: 4000 00E0

00: 1005 0000

F3: 4000 00E0 [0200]

F3: 4000 00E0

01: 102A 0001


**************bootrom_log end****************

[00000069] [13:02:28:839663] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000070] [13:02:28:839663] [Tid0x00001d98] [debug] <--[C37] boot_rom::print_bootrom_log
[00000071] [13:02:28:839663] [Tid0x00001d98] [info] BROM log END.
[00000072] [13:02:28:839663] [Tid0x00001d98] [debug] -->[C43] boot_rom::get_soc_id #(boot_rom.cpp, line:1053)
[00000073] [13:02:28:839663] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[e7 ]
[00000074] [13:02:28:839663] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[e7 ]
[00000075] [13:02:28:839663] [Tid0x00001d98] [debug] <-Rx: 0x00000004 Hex[00 00 00 20 ]
[00000076] [13:02:28:839663] [Tid0x00001d98] [debug] <-Rx: 0x00000020 Hex[2f 7d 0d 31 01 88 4b 36 a4 44 dd 3b cb f4 18 55 ]
[00000077] [13:02:28:839663] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000078] [13:02:28:839663] [Tid0x00001d98] [debug] <--[C43] boot_rom::get_soc_id
[00000079] [13:02:28:839663] [Tid0x00001d98] [info] SOC ID: [2f 7d 0d 31 01 88 4b 36 a4 44 dd 3b cb f4 18 55 88 e5 e6 47 95 1c 14 bc 00 15 86 4d 50 1e 9c be ] #(boot_rom_logic.cpp, line:92)
[00000080] [13:02:28:839663] [Tid0x00001d98] [info] SOC ID: [2f 7d 0d 31 01 88 4b 36 a4 44 dd 3b cb f4 18 55 88 e5 e6 47 95 1c 14 bc 00 15 86 4d 50 1e 9c be ] #(boot_rom_logic.cpp, line:93)
[00000081] [13:02:28:840666] [Tid0x00001d98] [debug] cert is NULL #(boot_rom_logic.cpp, line:176)
[00000082] [13:02:28:840666] [Tid0x00001d98] [debug] -->[C49] boot_rom::get_security_config #(boot_rom.cpp, line:905)
[00000083] [13:02:28:840666] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[d8 ]
[00000084] [13:02:28:840666] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[d8 ]
[00000085] [13:02:28:840666] [Tid0x00001d98] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000086] [13:02:28:840666] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000087] [13:02:28:840666] [Tid0x00001d98] [debug] <--[C49] boot_rom::get_security_config
[00000088] [13:02:28:840666] [Tid0x00001d98] [error] open file: MT6765.key failed. #(efuse_file_handler.cpp, line:72)
[00000089] [13:02:28:840666] [Tid0x00001d98] [error] key file is not exist. #(efuse_file_handler.cpp, line:120)
[00000090] [13:02:28:840666] [Tid0x00001d98] [error] decryption failed. #(efuse_file_handler.cpp, line:88)
[00000091] [13:02:28:840666] [Tid0x00001d98] [error] Analysis register file failed[0xc001000d] #(boot_rom_logic.cpp, line:196)
[00000092] [13:02:28:840666] [Tid0x00001d98] [debug] brom read efuse operations: 0
[00000093] [13:02:28:840666] [Tid0x00001d98] [debug] <--[C16] boot_rom_logic:Confusedecurity_verify_connection
[00000094] [13:02:28:840666] [Tid0x00001d98] [debug] <--[C4] connection::connect_brom
[00000095] [13:02:28:840666] [Tid0x00001d98] [info] <--[C3] flashtool_connect_brom
[00000096] [13:02:28:840666] [Tid0x00001d98] [info] -->[C54] flashtool_device_control #(flashtoolex_api.cpp, line:309)
[00000097] [13:02:28:840666] [Tid0x00001d98] [debug] -->[C55] connection::device_control #(connection.cpp, line:634)
[00000098] [13:02:28:840666] [Tid0x00001d98] [info] device control: DEV_GET_CHIP_ID code[0x1] #(connection.cpp, line:641)
[00000099] [13:02:28:840666] [Tid0x00001d98] [debug] -->[C56] boot_rom::device_control #(boot_rom.cpp, line:725)
[00000100] [13:02:28:840666] [Tid0x00001d98] [debug] -->[C57] boot_rom::get_chip_id #(boot_rom.cpp, line:109)
[00000101] [13:02:28:840666] [Tid0x00001d98] [info] get chip id  #(boot_rom.cpp, line:110)
[00000102] [13:02:28:840666] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[fd ]
[00000103] [13:02:28:840666] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[fd ]
[00000104] [13:02:28:840666] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[07 66 ]
[00000105] [13:02:28:840666] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000106] [13:02:28:840666] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[fc ]
[00000107] [13:02:28:840666] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[fc ]
[00000108] [13:02:28:840666] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[8a 00 ]
[00000109] [13:02:28:840666] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[ca 00 ]
[00000110] [13:02:28:840666] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000111] [13:02:28:841917] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000112] [13:02:28:841917] [Tid0x00001d98] [info] CFG: File Not Found: D:\hacking-mobile\Redmi.9C.NFC\no.auth\REDMI+9C+NO+AUTH\SP_Flash_Tool_v5.1804_Win\chip.mapping.cfg.xml #(lib_config_parser.cpp, line:28)
[00000113] [13:02:28:841917] [Tid0x00001d98] [info] Chip hw code revised from 0x766 to 0x6765. #(chip_mapping.cpp, line:167)
[00000114] [13:02:28:841917] [Tid0x00001d98] [info] chip id: hw_code[0x6765] hw_sub_code[0x8A00] hw_version[0xCA00] sw_version[0x0] #(boot_rom.cpp, line:175)
[00000115] [13:02:28:841917] [Tid0x00001d98] [debug] <--[C57] boot_rom::get_chip_id
[00000116] [13:02:28:841917] [Tid0x00001d98] [debug] <--[C56] boot_rom::device_control
[00000117] [13:02:28:841917] [Tid0x00001d98] [debug] <--[C55] connection::device_control
[00000118] [13:02:28:841917] [Tid0x00001d98] [info] <--[C54] flashtool_device_control
[00000119] [13:02:28:841917] [Tid0x00001d98] [info] -->[C68] flashtool_device_control #(flashtoolex_api.cpp, line:309)
[00000120] [13:02:28:841917] [Tid0x00001d98] [debug] -->[C69] connection::device_control #(connection.cpp, line:634)
[00000121] [13:02:28:841917] [Tid0x00001d98] [info] device control: DEV_GET_CHIP_ID code[0x1] #(connection.cpp, line:641)
[00000122] [13:02:28:841917] [Tid0x00001d98] [debug] -->[C70] boot_rom::device_control #(boot_rom.cpp, line:725)
[00000123] [13:02:28:841917] [Tid0x00001d98] [debug] -->[C71] boot_rom::get_chip_id #(boot_rom.cpp, line:109)
[00000124] [13:02:28:841917] [Tid0x00001d98] [info] get chip id  #(boot_rom.cpp, line:110)
[00000125] [13:02:28:841917] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[fd ]
[00000126] [13:02:28:841917] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[fd ]
[00000127] [13:02:28:841917] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[07 66 ]
[00000128] [13:02:28:841917] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000129] [13:02:28:841917] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[fc ]
[00000130] [13:02:28:841917] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[fc ]
[00000131] [13:02:28:841917] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[8a 00 ]
[00000132] [13:02:28:841917] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[ca 00 ]
[00000133] [13:02:28:842917] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000134] [13:02:28:842917] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000135] [13:02:28:842917] [Tid0x00001d98] [info] CFG: File Not Found: D:\hacking-mobile\Redmi.9C.NFC\no.auth\REDMI+9C+NO+AUTH\SP_Flash_Tool_v5.1804_Win\chip.mapping.cfg.xml #(lib_config_parser.cpp, line:28)
[00000136] [13:02:28:842917] [Tid0x00001d98] [info] Chip hw code revised from 0x766 to 0x6765. #(chip_mapping.cpp, line:167)
[00000137] [13:02:28:842917] [Tid0x00001d98] [info] chip id: hw_code[0x6765] hw_sub_code[0x8A00] hw_version[0xCA00] sw_version[0x0] #(boot_rom.cpp, line:175)
[00000138] [13:02:28:842917] [Tid0x00001d98] [debug] <--[C71] boot_rom::get_chip_id
[00000139] [13:02:28:842917] [Tid0x00001d98] [debug] <--[C70] boot_rom::device_control
[00000140] [13:02:28:842917] [Tid0x00001d98] [debug] <--[C69] connection::device_control
[00000141] [13:02:28:842917] [Tid0x00001d98] [info] <--[C68] flashtool_device_control
[00000142] [13:02:28:843649] [Tid0x00001d98] [info] -->[C82] flashtool_connect_da #(flashtoolex_api.cpp, line:136)
[00000143] [13:02:28:843649] [Tid0x00001d98] [debug] -->[C83] connection::connect_da #(connection.cpp, line:242)
[00000144] [13:02:28:843649] [Tid0x00001d98] [info] (1/7)connecting DA. #(connection.cpp, line:245)
[00000145] [13:02:28:843649] [Tid0x00001d98] [info] (2/7)read DA config. #(connection.cpp, line:246)
[00000146] [13:02:28:843649] [Tid0x00001d98] [info] CFG: File Not Found: D:\hacking-mobile\Redmi.9C.NFC\no.auth\REDMI+9C+NO+AUTH\SP_Flash_Tool_v5.1804_Win\device.cfg.xml #(da_config_parser.cpp, line:36)
[00000147] [13:02:28:843649] [Tid0x00001d98] [warning] read DA config fail. ignore. #(connection.cpp, line:249)
[00000148] [13:02:28:843649] [Tid0x00001d98] [info] CFG: File Not Found: D:\hacking-mobile\Redmi.9C.NFC\no.auth\REDMI+9C+NO+AUTH\SP_Flash_Tool_v5.1804_Win\device.cfg.xml #(da_config_parser.cpp, line:36)
[00000149] [13:02:28:843649] [Tid0x00001d98] [info] (3/7)read DA image file. #(connection.cpp, line:258)
[00000150] [13:02:28:843649] [Tid0x00001d98] [debug] -->[C84] da_image::load #(da_image.cpp, line:24)
[00000151] [13:02:28:844959] [Tid0x00001d98] [info] local file: D:\hacking-mobile\Redmi.9C.NFC\no.auth\REDMI+9C+NO+AUTH\REDMI 9C\Scatter DA & Auth file\DA_mt_6765_6768_6785_6873.bin #(file_data_factory.cpp, line:22)
[00000152] [13:02:28:844959] [Tid0x00001d98] [debug] <--[C84] da_image::load
[00000153] [13:02:28:844959] [Tid0x00001d98] [info] (4/7)connecting 1st DA. #(connection.cpp, line:284)
[00000154] [13:02:28:844959] [Tid0x00001d98] [debug] -->[C85] connection::connect_1st_da #(connection.cpp, line:342)
[00000155] [13:02:28:844959] [Tid0x00001d98] [debug] -->[C86] boot_rom::get_chip_id #(boot_rom.cpp, line:109)
[00000156] [13:02:28:844959] [Tid0x00001d98] [info] get chip id  #(boot_rom.cpp, line:110)
[00000157] [13:02:28:844959] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[fd ]
[00000158] [13:02:28:844959] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[fd ]
[00000159] [13:02:28:845960] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[07 66 ]
[00000160] [13:02:28:845960] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000161] [13:02:28:845960] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[fc ]
[00000162] [13:02:28:845960] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[fc ]
[00000163] [13:02:28:845960] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[8a 00 ]
[00000164] [13:02:28:845960] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[ca 00 ]
[00000165] [13:02:28:845960] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000166] [13:02:28:845960] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000167] [13:02:28:845960] [Tid0x00001d98] [info] CFG: File Not Found: D:\hacking-mobile\Redmi.9C.NFC\no.auth\REDMI+9C+NO+AUTH\SP_Flash_Tool_v5.1804_Win\chip.mapping.cfg.xml #(lib_config_parser.cpp, line:28)
[00000168] [13:02:28:845960] [Tid0x00001d98] [info] Chip hw code revised from 0x766 to 0x6765. #(chip_mapping.cpp, line:167)
[00000169] [13:02:28:845960] [Tid0x00001d98] [info] chip id: hw_code[0x6765] hw_sub_code[0x8A00] hw_version[0xCA00] sw_version[0x0] #(boot_rom.cpp, line:175)
[00000170] [13:02:28:845960] [Tid0x00001d98] [debug] <--[C86] boot_rom::get_chip_id
[00000171] [13:02:28:845960] [Tid0x00001d98] [info] select DA use chip id. #(connection.cpp, line:363)
[00000172] [13:02:28:845960] [Tid0x00001d98] [debug] -->[C97] da_image:Confusedelect #(da_image.cpp, line:59)
[00000173] [13:02:28:845960] [Tid0x00001d98] [info] search DA: MT6765 #(da_image.cpp, line:65)
[00000174] [13:02:28:845960] [Tid0x00001d98] [info] da_description: MTK_AllInOne_DA_v3.3001.2020/03/06.ионГ11:16_497508 #(da_image.cpp, line:67)
[00000175] [13:02:28:845960] [Tid0x00001d98] [info] use DA index: 0x0 #(da_parser_v04.cpp, line:29)
[00000176] [13:02:28:845960] [Tid0x00001d98] [debug] <--[C97] da_image:Confusedelect
[00000177] [13:02:28:845960] [Tid0x00001d98] [info] get 1st DA data. #(connection.cpp, line:375)
[00000178] [13:02:28:845960] [Tid0x00001d98] [debug] -->[C98] da_image::get_section_data #(da_image.cpp, line:94)
[00000179] [13:02:28:845960] [Tid0x00001d98] [debug] <--[C98] da_image::get_section_data
[00000180] [13:02:28:845960] [Tid0x00001d98] [info] send 1st DA data to loader. #(connection.cpp, line:382)
[00000181] [13:02:28:845960] [Tid0x00001d98] [debug] -->[C99] boot_rom:Confusedend_da #(boot_rom.cpp, line:222)
[00000182] [13:02:28:845960] [Tid0x00001d98] [info] send DA data to boot rom.  #(boot_rom.cpp, line:223)
[00000183] [13:02:28:846960] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[d7 ]
[00000184] [13:02:28:846960] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[d7 ]
[00000185] [13:02:28:846960] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[00 20 00 00 ]
[00000186] [13:02:28:846960] [Tid0x00001d98] [debug] <-Rx: 0x00000004 Hex[00 20 00 00 ]
[00000187] [13:02:28:846960] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[00 03 36 08 ]
[00000188] [13:02:28:846960] [Tid0x00001d98] [debug] <-Rx: 0x00000004 Hex[00 03 36 08 ]
[00000189] [13:02:28:846960] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[00 00 01 00 ]
[00000190] [13:02:28:846960] [Tid0x00001d98] [debug] <-Rx: 0x00000004 Hex[00 00 01 00 ]
[00000191] [13:02:28:846960] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000192] [13:02:28:850466] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[ff ff ff ea 9c 14 00 fb 00 00 0f e1 c0 10 a0 e3 ]
[00000193] [13:02:28:853615] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[02 45 de e9 12 01 15 4b cd e9 00 67 00 19 cd f8 ]
[00000194] [13:02:28:856615] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[da f9 fe f7 c3 f8 02 28 06 d8 cd e9 00 67 2b 48 ]
[00000195] [13:02:28:860424] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[38 b5 04 46 0d 46 ff f7 d3 ff 84 42 a0 eb 04 00 ]
[00000196] [13:02:28:863429] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[17 d2 13 4e 2a 46 a1 b2 11 4d 33 68 18 78 ff f7 ]
[00000197] [13:02:28:867428] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[20 b9 36 48 94 f8 19 11 fb f7 d5 f9 f8 f7 be f8 ]
[00000198] [13:02:28:870436] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[04 d8 10 48 22 46 0b 49 f9 f7 d5 f9 29 46 30 46 ]
[00000199] [13:02:28:874021] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[80 13 2b 63 fe f7 4b f8 16 48 4f f4 c0 41 02 aa ]
[00000200] [13:02:28:877357] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[61 e1 22 00 37 b5 00 23 11 4a 05 46 01 93 1c 23 ]
[00000201] [13:02:28:880365] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[72 f3 22 00 8d f3 22 00 a9 f3 22 00 d4 f3 22 00 ]
[00000202] [13:02:28:883368] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[02 e0 0b 4c 0b 4b dc e7 0d b0 bd e8 f0 8f 00 bf ]
[00000203] [13:02:28:887369] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[11 ff 01 20 f0 f7 38 f8 61 78 20 46 09 04 01 f5 ]
[00000204] [13:02:28:890386] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[86 4a 87 4b 03 f0 b0 ff 20 46 82 49 4f f0 00 72 ]
[00000205] [13:02:28:893640] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[70 02 0b 00 09 09 09 00 38 0d 0a 00 38 0d 0b 00 ]
[00000206] [13:02:28:897390] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[21 46 3a 43 04 f5 80 34 30 46 ff f7 a3 ff 21 46 ]
[00000207] [13:02:28:900395] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[db 03 02 f0 1f 02 43 ea 82 22 3e 4b fd f7 ac ff ]
[00000208] [13:02:28:904399] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[34 e0 df f8 9c 91 12 04 20 46 02 f5 20 22 29 46 ]
[00000209] [13:02:28:907399] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[03 eb 42 03 84 4a d1 54 84 4f 00 26 fe 80 be 80 ]
[00000210] [13:02:28:910548] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[20 21 88 31 f7 f7 b0 ff 61 78 20 46 00 22 01 23 ]
[00000211] [13:02:28:913635] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[02 22 53 46 66 70 f0 f7 c7 fb 20 46 31 46 11 22 ]
[00000212] [13:02:28:917639] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[70 6c 61 74 66 6f 72 6d 5f 69 6e 69 74 20 70 61 ]
[00000213] [13:02:28:920647] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[34 44 34 44 29 20 3d 3d 20 28 28 67 66 68 5f 68 ]
[00000214] [13:02:28:924650] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[0a 00 5b 53 44 25 64 5d 20 45 72 61 73 65 20 69 ]
[00000215] [13:02:28:927651] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[72 65 20 73 74 61 72 74 20 2e 2e 2e 2e 2e 0a 00 ]
[00000216] [13:02:28:930564] [Tid0x00001d98] [debug] Tx->: 0x00002000 Hex[6d 70 44 65 62 75 67 49 6e 66 6f 5d 0a 09 6d 70 ]
[00000217] [13:02:28:933077] [Tid0x00001d98] [debug] Tx->: 0x00001608 Hex[61 20 6c 69 73 74 2e 2e 2e 2e 2e 2e 0a 00 70 65 ]
[00000218] [13:02:28:934077] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[52 56 ]
[00000219] [13:02:28:934077] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000220] [13:02:28:934077] [Tid0x00001d98] [debug] <--[C99] boot_rom:Confusedend_da
[00000221] [13:02:28:934077] [Tid0x00001d98] [info] jump to 1st DA. #(connection.cpp, line:389)
[00000222] [13:02:28:934077] [Tid0x00001d98] [debug] -->[C137] boot_rom::jump_to_da #(boot_rom.cpp, line:323)
[00000223] [13:02:28:934077] [Tid0x00001d98] [debug] -->[C138] boot_rom::jump_to #(boot_rom.cpp, line:370)
[00000224] [13:02:28:934077] [Tid0x00001d98] [info] boot rom jump to. #(boot_rom.cpp, line:371)
[00000225] [13:02:28:934077] [Tid0x00001d98] [debug] Tx->: 0x00000001 Hex[d5 ]
[00000226] [13:02:28:935078] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[d5 ]
[00000227] [13:02:28:935078] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[00 20 00 00 ]
[00000228] [13:02:28:935078] [Tid0x00001d98] [debug] <-Rx: 0x00000004 Hex[00 20 00 00 ]
[00000229] [13:02:28:935078] [Tid0x00001d98] [debug] <-Rx: 0x00000002 Hex[00 00 ]
[00000230] [13:02:28:935078] [Tid0x00001d98] [debug] <--[C138] boot_rom::jump_to
[00000231] [13:02:28:935078] [Tid0x00001d98] [info] Begin receive DA 1st sync char #(boot_rom.cpp, line:331)
[00000232] [13:02:28:969560] [Tid0x00001d98] [debug] <-Rx: 0x00000001 Hex[c0 ]
[00000233] [13:02:28:969560] [Tid0x00001d98] [debug] <--[C137] boot_rom::jump_to_da
[00000234] [13:02:28:970502] [Tid0x00001d98] [debug] -->[C145] device_instance::reset #(device_instance.cpp, line:44)
[00000235] [13:02:28:970502] [Tid0x00001d98] [info] -->[C146] data_mux:Confusedtop #(data_mux.cpp, line:91)
[00000236] [13:02:28:970502] [Tid0x00001d98] [info] <--[C146] data_mux:Confusedtop
[00000237] [13:02:28:970502] [Tid0x00001d98] [debug] worker_thr id: 8c1c
[00000238] [13:02:28:970502] [Tid0x00001d98] [debug] monitor_thr id: 9cf4
[00000239] [13:02:28:970502] [Tid0x00001d98] [debug] -->[C147] device_log_source::reset #(device_log_source.cpp, line:16)
[00000241] [13:02:28:970502] [Tid0x00001d98] [info] -->[C149] device_log_source:Confusedtop #(device_log_source.cpp, line:28)
[00000240] [13:02:28:970502] [Tid0x00008c1c] [info] -->[C148] data_mux::worker #(data_mux.cpp, line:162)
[00000243] [13:02:28:970502] [Tid0x00001d98] [info] <--[C149] device_log_source:Confusedtop
[00000242] [13:02:28:970502] [Tid0x00009cf4] [info] -->[C150] data_mux::monitor #(data_mux.cpp, line:120)
[00000244] [13:02:28:970502] [Tid0x00001d98] [debug] <--[C147] device_log_source::reset
[00000245] [13:02:28:970502] [Tid0x00001d98] [debug] <--[C145] device_instance::reset
[00000246] [13:02:28:971006] [Tid0x00001d98] [info] Start send SYNC signal.  #(device_instance.cpp, line:115) #(device_instance.cpp, line:115)
[00000247] [13:02:28:971006] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000248] [13:02:28:971006] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[53 59 4e 43 ]
[00000249] [13:02:28:971006] [Tid0x00001d98] [info] setup device environment #(connection.cpp, line:404)
[00000250] [13:02:28:971006] [Tid0x00001d98] [info] CFG: File Not Found: D:\hacking-mobile\Redmi.9C.NFC\no.auth\REDMI+9C+NO+AUTH\SP_Flash_Tool_v5.1804_Win\device.cfg.xml #(da_config_parser.cpp, line:36)
[00000251] [13:02:28:971006] [Tid0x00001d98] [info] setting da_log_level by UI #(connection.cpp, line:408)
[00000252] [13:02:28:971006] [Tid0x00001d98] [info] -->[C154] device_instance:Confusedetup_device_environment #(device_instance.cpp, line:155)
[00000253] [13:02:28:971006] [Tid0x00001d98] [info] /CMD/: SPECIAL_CMD_SETUP_ENVIRONMENT=0x10100 #(device_instance.cpp, line:159)
[00000254] [13:02:28:971006] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000255] [13:02:28:971006] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[00 01 01 00 ]
[00000256] [13:02:28:971006] [Tid0x00001d98] [info] struct: (int)da_log_level, (int)log_channel, (int)system_os, (int)reserve2.3. #(device_instance.cpp, line:163)
[00000257] [13:02:28:971006] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 14 00 00 00 ]
[00000258] [13:02:28:971006] [Tid0x00001d98] [debug] Tx->: 0x00000014 Hex[00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ]
[00000259] [13:02:28:972010] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000260] [13:02:28:972010] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000261] [13:02:28:972010] [Tid0x00001d98] [info] [result]: STATUS_OK #(device_instance.cpp, line:183)
[00000262] [13:02:28:972010] [Tid0x00001d98] [info] <--[C154] device_instance:Confusedetup_device_environment
[00000263] [13:02:28:972010] [Tid0x00001d98] [info] get special device init parameters. #(connection.cpp, line:418)
[00000264] [13:02:28:972010] [Tid0x00001d98] [info] No device parameter config file. skip. #(dev_param_config_parser.cpp, line:106)
[00000265] [13:02:29:187290] [Tid0x00001d98] [info] setup special device init parameters. #(connection.cpp, line:428)
[00000266] [13:02:29:187290] [Tid0x00001d98] [info] -->[C161] device_instance:Confusedetup_device_init_parameters #(device_instance.cpp, line:189)
[00000267] [13:02:29:187290] [Tid0x00001d98] [info] /CMD/: SPECIAL_CMD_SETUP_HW_INIT_PARAMS=0x10101 #(device_instance.cpp, line:193)
[00000268] [13:02:29:187290] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000269] [13:02:29:187290] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[01 01 01 00 ]
[00000270] [13:02:29:187290] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000271] [13:02:29:187290] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[00 00 00 00 ]
[00000272] [13:02:29:188290] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000273] [13:02:29:188290] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000274] [13:02:29:188290] [Tid0x00001d98] [info] [result]: STATUS_OK #(device_instance.cpp, line:224)
[00000275] [13:02:29:188290] [Tid0x00001d98] [info] <--[C161] device_instance:Confusedetup_device_init_parameters
[00000276] [13:02:29:188290] [Tid0x00001d98] [info] wait for 1st DA stable sync signal. #(connection.cpp, line:436)
[00000277] [13:02:29:188290] [Tid0x00001d98] [info] Receive SYNC signal. #(device_instance.cpp, line:125)
[00000278] [13:02:30:653239] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000279] [13:02:30:653239] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[53 59 4e 43 ]
[00000280] [13:02:30:653239] [Tid0x00001d98] [debug] <--[C85] connection::connect_1st_da
[00000281] [13:02:30:653239] [Tid0x00001d98] [info] (5/7)send DA some parameters. #(connection.cpp, line:291)
[00000282] [13:02:30:653239] [Tid0x00001d98] [debug] -->[C170] connection:Confusedet_da_ctrls #(connection.cpp, line:443)
[00000283] [13:02:30:653239] [Tid0x00001d98] [info] /CMD/: CMD_DEVICE_CTRL=0x10009 #(device_instance.cpp, line:289)
[00000284] [13:02:30:653239] [Tid0x00001d98] [info] /control-code/: unmapping command code: 0x40011=0x40011 #(device_instance.cpp, line:290)
[00000285] [13:02:30:653239] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000286] [13:02:30:653239] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[09 00 01 00 ]
[00000287] [13:02:30:654239] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000288] [13:02:30:654239] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000289] [13:02:30:654239] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000290] [13:02:30:654239] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[11 00 04 00 ]
[00000291] [13:02:30:655239] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000292] [13:02:30:655239] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[04 00 01 c0 ]
[00000293] [13:02:30:655239] [Tid0x00001d98] [warning] device control code not support. #(device_instance.cpp, line:311)
[00000294] [13:02:30:655239] [Tid0x00001d98] [info] DA expired date: 2099.1.1 #(connection.cpp, line:474)
[00000295] [13:02:30:655239] [Tid0x00001d98] [info] send reset key setting: 0x68  ##default[0x0]. 1 key[0x50]. 2 key[0x68] #(connection.cpp, line:481)
[00000296] [13:02:30:655239] [Tid0x00001d98] [info] /CMD/: CMD_DEVICE_CTRL=0x10009 #(device_instance.cpp, line:289)
[00000297] [13:02:30:655239] [Tid0x00001d98] [info] /control-code/: CC_SET_RESET_KEY=0x20004 #(device_instance.cpp, line:290)
[00000298] [13:02:30:655239] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000299] [13:02:30:655239] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[09 00 01 00 ]
[00000300] [13:02:30:655239] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000301] [13:02:30:656240] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000302] [13:02:30:656240] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000303] [13:02:30:656240] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[04 00 02 00 ]
[00000304] [13:02:30:656240] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000305] [13:02:30:656240] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000306] [13:02:30:656240] [Tid0x00001d98] [info] device support this control code. #(device_instance.cpp, line:315)
[00000307] [13:02:30:656240] [Tid0x00001d98] [info] send parameters. #(device_instance.cpp, line:319)
[00000308] [13:02:30:656240] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000309] [13:02:30:657239] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[68 00 00 00 ]
[00000310] [13:02:30:657239] [Tid0x00001d98] [info] receive response. #(device_instance.cpp, line:329)
[00000311] [13:02:30:658238] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000312] [13:02:30:658238] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000313] [13:02:30:658238] [Tid0x00001d98] [info] [result]: STATUS_OK #(device_instance.cpp, line:340)
[00000314] [13:02:30:658238] [Tid0x00001d98] [info] send battery setting: 0x2 ##battery[0x0]. USB power[0x1]. auto[0x2] #(connection.cpp, line:490)
[00000315] [13:02:30:658238] [Tid0x00001d98] [info] /CMD/: CMD_DEVICE_CTRL=0x10009 #(device_instance.cpp, line:289)
[00000316] [13:02:30:658238] [Tid0x00001d98] [info] /control-code/: CC_SET_BATTERY_OPT=0x20002 #(device_instance.cpp, line:290)
[00000317] [13:02:30:658238] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000318] [13:02:30:658238] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[09 00 01 00 ]
[00000319] [13:02:30:659742] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000320] [13:02:30:660255] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000321] [13:02:30:660255] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000322] [13:02:30:660255] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[02 00 02 00 ]
[00000323] [13:02:30:660255] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000324] [13:02:30:661258] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000325] [13:02:30:661258] [Tid0x00001d98] [info] device support this control code. #(device_instance.cpp, line:315)
[00000326] [13:02:30:661258] [Tid0x00001d98] [info] send parameters. #(device_instance.cpp, line:319)
[00000327] [13:02:30:661258] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000328] [13:02:30:661258] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[02 00 00 00 ]
[00000329] [13:02:30:661258] [Tid0x00001d98] [info] receive response. #(device_instance.cpp, line:329)
[00000330] [13:02:30:663611] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000331] [13:02:30:663611] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000332] [13:02:30:663611] [Tid0x00001d98] [info] [result]: STATUS_OK #(device_instance.cpp, line:340)
[00000333] [13:02:30:663611] [Tid0x00001d98] [info] send checksum level setting: 0x0 ##none[0x0]. USB[0x1]. storage[0x2], both[0x3] #(connection.cpp, line:499)
[00000334] [13:02:30:663611] [Tid0x00001d98] [info] /CMD/: CMD_DEVICE_CTRL=0x10009 #(device_instance.cpp, line:289)
[00000335] [13:02:30:663611] [Tid0x00001d98] [info] /control-code/: CC_SET_CHECKSUM_LEVEL=0x20003 #(device_instance.cpp, line:290)
[00000336] [13:02:30:663611] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000337] [13:02:30:664618] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[09 00 01 00 ]
[00000338] [13:02:30:664618] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000339] [13:02:30:664618] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000340] [13:02:30:664618] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000341] [13:02:30:664618] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[03 00 02 00 ]
[00000342] [13:02:30:665618] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000343] [13:02:30:665618] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000344] [13:02:30:665618] [Tid0x00001d98] [info] device support this control code. #(device_instance.cpp, line:315)
[00000345] [13:02:30:665618] [Tid0x00001d98] [info] send parameters. #(device_instance.cpp, line:319)
[00000346] [13:02:30:665618] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000347] [13:02:30:665618] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[00 00 00 00 ]
[00000348] [13:02:30:665618] [Tid0x00001d98] [info] receive response. #(device_instance.cpp, line:329)
[00000349] [13:02:30:666618] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000350] [13:02:30:666618] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000351] [13:02:30:666618] [Tid0x00001d98] [info] [result]: STATUS_OK #(device_instance.cpp, line:340)
[00000352] [13:02:30:666618] [Tid0x00001d98] [debug] <--[C170] connection:Confusedet_da_ctrls
[00000353] [13:02:30:666618] [Tid0x00001d98] [info] Check whether need to enter 2nd DA. #(connection.cpp, line:310)
[00000354] [13:02:30:666618] [Tid0x00001d98] [info] (6/7)eanble DRAM #(connection.cpp, line:316)
[00000355] [13:02:30:666618] [Tid0x00001d98] [info] /CMD/: CMD_DEVICE_CTRL=0x10009 #(device_instance.cpp, line:289)
[00000356] [13:02:30:666618] [Tid0x00001d98] [info] /control-code/: CC_GET_CONNECTION_AGENT=0x4000a #(device_instance.cpp, line:290)
[00000357] [13:02:30:666618] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000358] [13:02:30:666618] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[09 00 01 00 ]
[00000359] [13:02:30:667618] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000360] [13:02:30:667618] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000361] [13:02:30:667618] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000362] [13:02:30:667618] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[0a 00 04 00 ]
[00000363] [13:02:30:668619] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000364] [13:02:30:668619] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000365] [13:02:30:668619] [Tid0x00001d98] [info] device support this control code. #(device_instance.cpp, line:315)
[00000366] [13:02:30:668619] [Tid0x00001d98] [info] receive results. #(device_instance.cpp, line:325)
[00000367] [13:02:30:669619] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000368] [13:02:30:669619] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[62 72 6f 6d ]
[00000369] [13:02:30:669619] [Tid0x00001d98] [info] receive response. #(device_instance.cpp, line:329)
[00000370] [13:02:30:669619] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000371] [13:02:30:669619] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000372] [13:02:30:669619] [Tid0x00001d98] [info] [result]: STATUS_OK #(device_instance.cpp, line:340)
[00000373] [13:02:30:669619] [Tid0x00001d98] [info] local file: D:\hacking-mobile\Redmi.9C.NFC\flash\recovery\angelican_eea_global_images_V12.5.4.0.RCSEUXM_20220724.0000.00_11.0_eea\images\preloader_k65v1_64_bsp.bin #(file_data_factory.cpp, line:22)
[00000374] [13:02:30:669619] [Tid0x00001d98] [debug] -->[C232] connection::init_dram #(connection.cpp, line:547)
[00000375] [13:02:30:669619] [Tid0x00001d98] [info] /CMD/: CMD_DEVICE_CTRL=0x10009 #(device_instance.cpp, line:289)
[00000376] [13:02:30:669619] [Tid0x00001d98] [info] /control-code/: CC_GET_CONNECTION_AGENT=0x4000a #(device_instance.cpp, line:290)
[00000377] [13:02:30:669619] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000378] [13:02:30:669619] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[09 00 01 00 ]
[00000379] [13:02:30:670646] [Tid0x00008c1c] [debug] <-Rx: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000380] [13:02:30:670646] [Tid0x00008c1c] [debug] <-Rx: 0x00000004 Hex[00 00 00 00 ]
[00000381] [13:02:30:670646] [Tid0x00001d98] [debug] Tx->: 0x0000000c Hex[ef ee ee fe 01 00 00 00 04 00 00 00 ]
[00000382] [13:02:30:670646] [Tid0x00001d98] [debug] Tx->: 0x00000004 Hex[0a 00 04 00 ]
[00000383] [13:04:30:677281] [Tid0x00001d98] [error] device_control exception:  #(device_instance.cpp, line:335)
[00000384] [13:04:30:677281] [Tid0x00001d98] [error] ./dagent/device/protocol/data_mux.cpp(71): Throw in function void __thiscall data_mux::receive_exactly(class boost:Confusedhared_ptr<class command_buffer> &,unsigned int,data_type_t)
Dynamic exception type: class boost::exception_detail::clone_impl<class runtime_exception>
std::exception::what: data_mux receive timeout. #(data_mux.cpp, line:71)
#(device_instance.cpp, line:336)
[00000385] [13:04:30:677281] [Tid0x00001d98] [info] [result]: STATUS_DEVICE_CTRL_EXCEPTION #(device_instance.cpp, line:340)
[00000386] [13:04:30:677281] [Tid0x00001d98] [info] Find EMI in preloader #(connection.cpp, line:567)
[00000387] [13:04:30:677281] [Tid0x00001d98] [debug] -->[C240] emi_finder::get_emis #(emi_finder.cpp, line:64)
[00000388] [13:04:30:677281] [Tid0x00001d98] [debug] <--[C240] emi_finder::get_emis
[00000389] [13:04:30:677281] [Tid0x00001d98] [info] Send EMI to target.  #(connection.cpp, line:577)
[00000390] [13:04:30:677281] [Tid0x00001d98] [debug] -->[C241] device_instance::init_ext_ram #(device_instance.cpp, line:231)
[00000391] [13:04:30:677281] [Tid0x00001d98] [info] /CMD/: CMD_INIT_EXT_RAM=0x1000a #(device_instance.cpp, line:235)
[00000392] [13:05:30:715169] [Tid0x00001d98] [warning] @Tx Timeout. #(comm_engine.cpp, line:273)
[00000393] [13:05:30:715169] [Tid0x00001d98] [warning] Tx xferd_write length[0x0] != expected length[0xc] #(comm_engine.cpp, line:339)
[00000394] [13:05:30:730290] [Tid0x00001d98] [error] ext ram init exception:  #(device_instance.cpp, line:263)
[00000395] [13:05:30:731199] [Tid0x00001d98] [error] ./arch/win/comm_engine.cpp(340): Throw in function unsigned int __thiscall comm_engine:Confusedend(const unsigned char *,unsigned int,unsigned int)
Dynamic exception type: class boost::exception_detail::clone_impl<class runtime_exception>
std::exception::what: Tx data incomplete.
#(device_instance.cpp, line:264)
[00000396] [13:05:30:731199] [Tid0x00001d98] [info] [result]: STATUS_EXT_RAM_EXCEPTION #(device_instance.cpp, line:268)
[00000397] [13:05:30:731199] [Tid0x00001d98] [debug] <--[C241] device_instance::init_ext_ram
[00000398] [13:05:30:731199] [Tid0x00001d98] [debug] <--[C232] connection::init_dram
[00000399] [13:05:30:731199] [Tid0x00001d98] [debug] <--[C83] connection::connect_da
[00000400] [13:05:30:731199] [Tid0x00001d98] [error] <ERR_CHECKPOINT>[810][error][0xc0050005]</ERR_CHECKPOINT>flashtool_connect_da fail #(flashtoolex_api.cpp, line:143)
[00000401] [13:05:30:731199] [Tid0x00001d98] [info] <--[C82] flashtool_connect_da
[00000402] [13:05:30:731199] [Tid0x00001d98] [info] -->[C243] flashtool_destroy_session #(flashtoolex_api.cpp, line:106)
[00000403] [13:05:30:731199] [Tid0x00001d98] [debug] -->[C245] device_instance::~device_instance #(device_instance.cpp, line:30)
[00000404] [13:05:30:731199] [Tid0x00001d98] [info] -->[C246] device_log_source:Confusedtop #(device_log_source.cpp, line:28)
[00000405] [13:05:30:731199] [Tid0x00009f3c] [info] device_log_source worker thread interrupted. exit. #(device_log_source.cpp, line:57)
[00000406] [13:05:30:731199] [Tid0x00001d98] [info] <--[C246] device_log_source:Confusedtop
[00000407] [13:05:30:731199] [Tid0x00001d98] [info] -->[C247] data_mux:Confusedtop #(data_mux.cpp, line:91)
[00000408] [13:05:30:731199] [Tid0x00001d98] [debug] -->[C248] comm_engine::cancel #(comm_engine.cpp, line:370)
[00000409] [13:05:30:731199] [Tid0x00001d98] [debug] <--[C248] comm_engine::cancel
[00000410] [13:05:30:731199] [Tid0x00008c1c] [warning] Rx abort. #(comm_engine.cpp, line:204)
[00000411] [13:05:30:732202] [Tid0x00008c1c] [info] mux worker thread interrupted. exit. #(data_mux.cpp, line:194)
[00000412] [13:05:30:732202] [Tid0x00008c1c] [info] <--[C148] data_mux::worker
[00000413] [13:05:30:732202] [Tid0x00009cf4] [info] mux monitor thread interrupted. exit. #(data_mux.cpp, line:139)
[00000414] [13:05:30:732202] [Tid0x00009cf4] [info] <--[C150] data_mux::monitor
[00000415] [13:05:30:732202] [Tid0x00001d98] [info] <--[C247] data_mux:Confusedtop
[00000416] [13:05:30:732202] [Tid0x00001d98] [debug] <--[C245] device_instance::~device_instance
[00000417] [13:05:30:732202] [Tid0x00001d98] [info] -->[C249] comm_engine::close #(comm_engine.cpp, line:382)
[00000418] [13:05:30:732202] [Tid0x00001d98] [debug] -->[C250] comm_engine::cancel #(comm_engine.cpp, line:370)
[00000419] [13:05:30:732202] [Tid0x00001d98] [debug] <--[C250] comm_engine::cancel
[00000420] [13:05:30:732202] [Tid0x00001d98] [info] <--[C249] comm_engine::close
[00000421] [13:05:30:732202] [Tid0x00001d98] [info] delete hsession 0x3bd89a0 #(kernel.cpp, line:101)
[00000422] [13:05:30:732202] [Tid0x00001d98] [info] <--[C243] flashtool_destroy_session
[00000423] [13:05:30:732857] [Tid0x00001d98] [info] -->[C251] flashtool_shutdown_device #(flashtoolex_api.cpp, line:151)
[00000424] [13:05:30:732857] [Tid0x00001d98] [debug] -->[C252] connection:Confusedhutdown_device #(connection.cpp, line:939)
[00000425] [13:05:30:732857] [Tid0x00001d98] [error] invalid session. #(connection.cpp, line:944)
[00000426] [13:05:30:732857] [Tid0x00001d98] [debug] <--[C252] connection:Confusedhutdown_device
[00000427] [13:05:30:732857] [Tid0x00001d98] [error] <ERR_CHECKPOINT>[811][error][0xc001000a]</ERR_CHECKPOINT>flashtool_shutdown_device fail #(flashtoolex_api.cpp, line:156)
[00000428] [13:05:30:732857] [Tid0x00001d98] [info] <--[C251] flashtool_shutdown_device
[00000429] [13:05:30:732857] [Tid0x00001d98] [info] -->[C253] flashtool_destroy_session #(flashtoolex_api.cpp, line:106)
[00000430] [13:05:30:732857] [Tid0x00001d98] [info] <--[C253] flashtool_destroy_session
guevara.janosik
guevara.janosik
guevara.janosik
Enthusiastic Member
11
05-12-2024, 03:23 PM
#10
Windows - SP Flash Tool - QT_FLASH_TOOL.log:

==================================================================================================================================
MediaTek SP Flash Tool v5.1804.00 runtime trace is ON.
Build: 2018/01/31 12:08 (0x402299)
Comment: N/A
Load Path: D:/hacking-mobile/Redmi.9C.NFC/no.auth/REDMI+9C+NO+AUTH/SP_Flash_Tool_v5.1804_Win
==================================================================================================================================

12/05/2024 13:01:01.260 FlashTool[31048][40084][D]: AppCore::LoadDA(): loading DA (41, D:\hacking-mobile\Redmi.9C.NFC\no.auth\REDMI+9C+NO+AUTH\REDMI 9C\Scatter DA & Auth file\DA_mt_6765_6768_6785_6873.bin)(..\..\flashtool\Public\AppCore.cpp,54)
12/05/2024 13:01:01.260 FlashTool[31048][40084][D]: APCore:Big GrinAHandle:Big GrinAHandle(): ctor of DAHandle(..\..\flashtool\Resource\Handle\DAHandle.cpp,18)
12/05/2024 13:01:01.261 FlashTool[31048][40084][D]: DownloadWidget::LoadLastScatterFile(): Init read the history list size is 3.
(..\..\flashtool\UI\src\DownloadWidget.cpp,611)
12/05/2024 13:01:01.273 FlashTool[31048][40084][D]: APCore:Big GrinLHandle:Big GrinLHandle(): DL_Create(0)(..\..\flashtool\Resource\Handle\DLHandle.cpp,12)
12/05/2024 13:01:01.273 FlashTool[31048][40084][D]: APCore:Big GrinLHandle::SetStopLoadFlag(): set DL_SetStopFlag(0).(..\..\flashtool\Resource\Handle\DLHandle.cpp,222)
12/05/2024 13:01:01.273 FlashTool[31048][40084][D]: LoadScatterRunnable::LoadScatterRunnable(): ctor of LoadScatterRunnable...(..\..\flashtool\UI\src\AsyncResourceLoader.cpp,24)
12/05/2024 13:01:01.274 FlashTool[31048][39264][D]: AppCore::LoadScatter(): loading scatter (41, D:\hacking-mobile\Redmi.9C.NFC\flash\recovery\angelican_eea_global_images_V12.5.4.0.RCSEUXM_20220724.0000.00_11.0_eea\images\MT6765_Android_scatter.txt)(..\..\flashtool\Public\AppCore.cpp,225)
12/05/2024 13:01:01.274 FlashTool[31048][40084][D]: DownloadWidget::LoadAuthFile(): file_name: D:\hacking-mobile\Redmi.9C.NFC\no.auth\REDMI+9C+NO+AUTH\REDMI 9C\auth_sv5.auth(..\..\flashtool\UI\src\DownloadWidget.cpp,156)
12/05/2024 13:01:01.274 FlashTool[31048][40084][D]: DownloadWidget::LoadAuthFile(): The authFile history list size is 3.
(..\..\flashtool\UI\src\DownloadWidget.cpp,191)
12/05/2024 13:01:01.300 FlashTool[31048][39264][D]: ChksumRule::IniChksumMap(): Checksum File(D:/hacking-mobile/Redmi.9C.NFC/flash/recovery/angelican_eea_global_images_V12.5.4.0.RCSEUXM_20220724.0000.00_11.0_eea/images\Checksum.ini) is not found!(..\..\flashtool\Rules\ChksumRule.cpp,29)
12/05/2024 13:01:01.300 FlashTool[31048][39264][D]: AppCore::VerifyImageChksum(): Checksum is not on, skip...(..\..\flashtool\Public\AppCore.cpp,252)
12/05/2024 13:01:01.300 FlashTool[31048][39264][D]: LoadScatterRunnable::~LoadScatterRunnable(): dtor of LoadScatterRunnable...(..\..\flashtool\UI\src\AsyncResourceLoader.cpp,44)
12/05/2024 13:01:01.327 FlashTool[31048][40084][D]: APCore:Big GrinLHandle::GetPlatformInfo(): Platform Info: storage(EMMC), chip(MT6765)(..\..\flashtool\Resource\Handle\DLHandle.cpp,101)
12/05/2024 13:01:01.327 FlashTool[31048][40084][D]: TiXmlDocument::LoadFile(): LoadFile filename: D:/hacking-mobile/Redmi.9C.NFC/no.auth/REDMI+9C+NO+AUTH/SP_Flash_Tool_v5.1804_Win\platform.xml(..\..\flashtool\XMLParser\tinyxml.cpp,977)
12/05/2024 13:01:01.327 FlashTool[31048][40084][D]: TiXmlFOpen(): open file: D:/hacking-mobile/Redmi.9C.NFC/no.auth/REDMI+9C+NO+AUTH/SP_Flash_Tool_v5.1804_Win\platform.xml(..\..\flashtool\XMLParser\tinyxml.cpp,52)
12/05/2024 13:01:01.328 FlashTool[31048][40084][D]: TiXmlFOpen(): create time: 2024/11/27 23:07:57(..\..\flashtool\XMLParser\tinyxml.cpp,69)
12/05/2024 13:01:01.328 FlashTool[31048][40084][D]: TiXmlFOpen(): modify time: 2022/04/27 23:52:24(..\..\flashtool\XMLParser\tinyxml.cpp,77)
12/05/2024 13:01:01.328 FlashTool[31048][40084][D]: TiXmlFOpen(): access time: 2024/12/05 12:28:50(..\..\flashtool\XMLParser\tinyxml.cpp,85)
12/05/2024 13:01:01.328 FlashTool[31048][40084][D]: PlatformTable::parseScatterName(): PlatformTable::parseScatterName() : MT6765(..\..\flashtool\Rules\PlatformRule.cpp,143)
12/05/2024 13:01:01.328 FlashTool[31048][40084][D]: APCore:TonguelatformSetting::initByNewScatterFile(): PlatformSetting::initByNewScatterFile(): notifying OBs with new platform: MT6765(..\..\flashtool\Setting\PlatformSetting.cpp,115)
12/05/2024 13:01:01.328 FlashTool[31048][40084][D]: APCore:TonguelatformSetting::getLoadPlatformName(): PlatformSetting::getLoadPlatformName(): MT6765(..\..\flashtool\Setting\PlatformSetting.cpp,179)
12/05/2024 13:01:01.329 FlashTool[31048][40084][D]: APCore:Big GrinLHandle::GetScatterInfo(): Scatter version(V1.1.2)(..\..\flashtool\Resource\Handle\DLHandle.cpp,133)
12/05/2024 13:01:01.330 FlashTool[31048][40084][D]: APCore:TonguelatformSetting::getLoadPlatformName(): PlatformSetting::getLoadPlatformName(): MT6765(..\..\flashtool\Setting\PlatformSetting.cpp,179)
12/05/2024 13:01:01.330 FlashTool[31048][40084][D]: APCore:Big GrinLHandle::GetScatterInfo(): Scatter version(V1.1.2)(..\..\flashtool\Resource\Handle\DLHandle.cpp,133)
12/05/2024 13:01:01.330 FlashTool[31048][40084][D]: APCore:TonguelatformSetting::getLoadPlatformName(): PlatformSetting::getLoadPlatformName(): MT6765(..\..\flashtool\Setting\PlatformSetting.cpp,179)
12/05/2024 13:01:01.331 FlashTool[31048][40084][D]: APCore:TonguelatformSetting::initByNewScatterFile():
-------------dumping platform config-------------
name:MT6765_S00
simple_name:MT6765
-----------------------------------------------
(..\..\flashtool\Setting\PlatformSetting.cpp,118)
12/05/2024 13:01:01.331 FlashTool[31048][40084][D]: TiXmlDocument::LoadFile(): LoadFile filename: D:/hacking-mobile/Redmi.9C.NFC/no.auth/REDMI+9C+NO+AUTH/SP_Flash_Tool_v5.1804_Win\storage_setting.xml(..\..\flashtool\XMLParser\tinyxml.cpp,977)
12/05/2024 13:01:01.332 FlashTool[31048][40084][D]: TiXmlFOpen(): open file: D:/hacking-mobile/Redmi.9C.NFC/no.auth/REDMI+9C+NO+AUTH/SP_Flash_Tool_v5.1804_Win\storage_setting.xml(..\..\flashtool\XMLParser\tinyxml.cpp,52)
12/05/2024 13:01:01.332 FlashTool[31048][40084][D]: TiXmlFOpen(): create time: 2024/11/27 23:07:57(..\..\flashtool\XMLParser\tinyxml.cpp,69)
12/05/2024 13:01:01.332 FlashTool[31048][40084][D]: TiXmlFOpen(): modify time: 2022/04/27 23:52:28(..\..\flashtool\XMLParser\tinyxml.cpp,77)
12/05/2024 13:01:01.332 FlashTool[31048][40084][D]: TiXmlFOpen(): access time: 2024/12/05 12:28:50(..\..\flashtool\XMLParser\tinyxml.cpp,85)
12/05/2024 13:01:01.333 FlashTool[31048][40084][D]: FlashToolStorageTable::QueryStorageInfo(): platform(MT6765), storage_name(EMMC) to be queried.(..\..\flashtool\Rules\StorageRule.cpp,166)
12/05/2024 13:01:01.333 FlashTool[31048][40084][D]: FlashToolStorageTable::QueryStorageInfo(): MT6765 is matched.(..\..\flashtool\Rules\StorageRule.cpp,176)
12/05/2024 13:01:01.333 FlashTool[31048][40084][D]: FlashToolStorageTable::QueryStorageInfo(): EMMC type is matched, and (Yes) be supported.(..\..\flashtool\Rules\StorageRule.cpp,183)
12/05/2024 13:01:01.333 FlashTool[31048][40084][D]: FlashToolStorageConfig::QueryStorage(): (MT6765) is supported by (EMMC).(..\..\flashtool\Rules\StorageRule.cpp,289)
12/05/2024 13:01:01.333 FlashTool[31048][40084][D]: FlashToolStorageConfig::IsOperationChangend(): Old platform(), storage type().(..\..\flashtool\Rules\StorageRule.cpp,344)
12/05/2024 13:01:01.333 FlashTool[31048][40084][D]: FlashToolStorageConfig::IsOperationChangend(): New platform(MT6765), storage type(EMMC).(..\..\flashtool\Rules\StorageRule.cpp,350)
12/05/2024 13:01:01.333 FlashTool[31048][40084][D]: APCore:TonguelatformSetting::getLoadPlatformName(): PlatformSetting::getLoadPlatformName(): MT6765(..\..\flashtool\Setting\PlatformSetting.cpp,179)
12/05/2024 13:01:01.333 FlashTool[31048][40084][D]: APCore:Big GrinLHandle::GetScatterInfo(): Scatter version(V1.1.2)(..\..\flashtool\Resource\Handle\DLHandle.cpp,133)
12/05/2024 13:01:01.333 FlashTool[31048][40084][D]: APCore:TonguelatformSetting::getLoadPlatformName(): PlatformSetting::getLoadPlatformName(): MT6765(..\..\flashtool\Setting\PlatformSetting.cpp,179)
12/05/2024 13:01:01.333 FlashTool[31048][40084][D]: APCore:Big GrinLHandle::GetScatterInfo(): Scatter version(V1.1.2)(..\..\flashtool\Resource\Handle\DLHandle.cpp,133)
12/05/2024 13:01:01.334 FlashTool[31048][40084][D]: APCore:TonguelatformSetting::getLoadPlatformName(): PlatformSetting::getLoadPlatformName(): MT6765(..\..\flashtool\Setting\PlatformSetting.cpp,179)
12/05/2024 13:01:01.337 FlashTool[31048][40084][D]: APCore:Big GrinLHandle::GetScatterInfo(): Scatter version(V1.1.2)(..\..\flashtool\Resource\Handle\DLHandle.cpp,133)
12/05/2024 13:01:01.338 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(10) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.340 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(0): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.340 FlashTool[31048][40084][D]: APCore:Big GrinLHandle::GetScatterVersion(): Scatter version(V1.1.2)(..\..\flashtool\Resource\Handle\DLHandle.cpp,117)
12/05/2024 13:01:01.340 FlashTool[31048][40084][D]: DownloadWidget:TonguereloaderChanged(): scatter version: V1.1.2(..\..\flashtool\UI\src\DownloadWidget.cpp,1654)
12/05/2024 13:01:01.340 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.342 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(3): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.343 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.344 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(9): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.345 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.346 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(10): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.347 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.348 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(23): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.349 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.351 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(24): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.351 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.353 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(25): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.353 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.355 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(26): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.355 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.357 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(27): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.357 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.359 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(28): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.359 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.362 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(32): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.362 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.363 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(33): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.363 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.365 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(34): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.365 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.367 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(35): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.367 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.370 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(36): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.370 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.371 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(37): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.371 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.373 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(38): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.373 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.375 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(39): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.375 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.377 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(40): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.377 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.380 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(41): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.380 FlashTool[31048][40084][D]: EnumToRomString(): EnumToRomString: storage_(2),region_id(8) (..\..\flashtool\Utility\Utils.cpp,44)
12/05/2024 13:01:01.382 FlashTool[31048][40084][D]: AppCore::EnableROM(): enable ROM(42): 1(..\..\flashtool\Public\AppCore.cpp,414)
12/05/2024 13:01:01.384 FlashTool[31048][40084][D]: AppCore::EnableDAChksum(): DA Chksum Level: 0.(..\..\flashtool\Public\AppCore.cpp,535)
12/05/2024 13:01:01.384 FlashTool[31048][40084][D]: APCore:Big GrinLHandle::EnableDAChksum(): set DL_SetChecksumLevel(0).(..\..\flashtool\Resource\Handle\DLHandle.cpp,211)
12/05/2024 13:02:25.518 FlashTool[31048][40084][D]: OptionDialog::InitUARTInfo(): No com port detected.(..\..\flashtool\UI\src\OptionDialog.cpp,456)
12/05/2024 13:02:25.532 FlashTool[31048][40084][D]: OptionDialog::winEvent(): USB Device plug in.(..\..\flashtool\UI\src\OptionDialog.cpp,518)
12/05/2024 13:02:25.552 FlashTool[31048][40084][D]: OptionDialog::winEvent(): USB Device plug in.(..\..\flashtool\UI\src\OptionDialog.cpp,518)
12/05/2024 13:02:25.656 FlashTool[31048][40084][D]: OptionDialog::InitUARTInfo(): No com port detected.(..\..\flashtool\UI\src\OptionDialog.cpp,456)
12/05/2024 13:02:25.658 FlashTool[31048][40084][D]: OptionDialog::winEvent(): USB Device Removed.(..\..\flashtool\UI\src\OptionDialog.cpp,523)
12/05/2024 13:02:25.658 FlashTool[31048][40084][D]: OptionDialog::InitUARTInfo(): No com port detected.(..\..\flashtool\UI\src\OptionDialog.cpp,456)
12/05/2024 13:02:25.663 FlashTool[31048][40084][D]: OptionDialog::winEvent(): USB Device Removed.(..\..\flashtool\UI\src\OptionDialog.cpp,523)
12/05/2024 13:02:25.663 FlashTool[31048][40084][D]: OptionDialog::InitUARTInfo(): No com port detected.(..\..\flashtool\UI\src\OptionDialog.cpp,456)
12/05/2024 13:02:25.756 FlashTool[31048][40084][D]: OptionDialog::InitUARTInfo(): No com port detected.(..\..\flashtool\UI\src\OptionDialog.cpp,456)
12/05/2024 13:02:25.774 FlashTool[31048][40084][D]: OptionDialog::winEvent(): USB Device plug in.(..\..\flashtool\UI\src\OptionDialog.cpp,518)
12/05/2024 13:02:25.775 FlashTool[31048][40084][D]: OptionDialog::InitUARTInfo(): No com port detected.(..\..\flashtool\UI\src\OptionDialog.cpp,456)
12/05/2024 13:02:25.782 FlashTool[31048][40084][D]: OptionDialog::InitUARTInfo(): No com port detected.(..\..\flashtool\UI\src\OptionDialog.cpp,456)
12/05/2024 13:02:26.970 FlashTool[31048][40084][D]: OptionDialog::InitUARTInfo(): No com port detected.(..\..\flashtool\UI\src\OptionDialog.cpp,456)
12/05/2024 13:02:26.972 FlashTool[31048][40084][D]: OptionDialog::winEvent(): USB Device Removed.(..\..\flashtool\UI\src\OptionDialog.cpp,523)
12/05/2024 13:02:26.972 FlashTool[31048][40084][D]: OptionDialog::InitUARTInfo(): No com port detected.(..\..\flashtool\UI\src\OptionDialog.cpp,456)
12/05/2024 13:02:27.073 FlashTool[31048][40084][D]: OptionDialog::InitUARTInfo(): No com port detected.(..\..\flashtool\UI\src\OptionDialog.cpp,456)
12/05/2024 13:02:27.089 FlashTool[31048][40084][D]: OptionDialog::winEvent(): USB Device plug in.(..\..\flashtool\UI\src\OptionDialog.cpp,518)
12/05/2024 13:02:27.516 FlashTool[31048][40084][D]: OptionDialog::winEvent(): USB Device plug in.(..\..\flashtool\UI\src\OptionDialog.cpp,518)
12/05/2024 13:02:28.799 FlashTool[31048][40084][D]: MainWindow::CreateDLSetting(): Download sceneSadDOWNLOAD_ONLY).(..\..\flashtool\UI\src\MainWindow.cpp,468)
12/05/2024 13:02:28.799 FlashTool[31048][40084][D]: ISetting:Confusedet_stop_flag(): dummpy stop_flag(0x057EF228) set.(d:\home\mtk80839\autobuild\project\wcp2_cleanroom\da\download_agent_main\flashtool\setting\ISetting.h,44)
12/05/2024 13:02:28.799 FlashTool[31048][7576][D]: APCore::Connection::ConnectBROM(): Connecting to BROM...(..\..\flashtool\Conn\Connection.cpp,72)
12/05/2024 13:02:28.842 FlashTool[31048][7576][D]: APCore::Connection::ConnectBROM(): BROM connected(..\..\flashtool\Conn\Connection.cpp,82)
12/05/2024 13:02:28.843 FlashTool[31048][7576][D]: APCore::Connection::ConnectDA(): Downloading & Connecting to DA...(..\..\flashtool\Conn\Connection.cpp,126)
12/05/2024 13:02:28.843 FlashTool[31048][7576][D]: APCore::Connection::ConnectDA(): connect DA end stage: 2, enable DRAM in 1st DA: 0(..\..\flashtool\Conn\Connection.cpp,130)
12/05/2024 13:02:30.708 FlashTool[31048][40084][D]: OptionDialog::InitUARTInfo(): No com port detected.(..\..\flashtool\UI\src\OptionDialog.cpp,456)
12/05/2024 13:02:30.711 FlashTool[31048][40084][D]: OptionDialog::winEvent(): USB Device Removed.(..\..\flashtool\UI\src\OptionDialog.cpp,523)
12/05/2024 13:02:30.711 FlashTool[31048][40084][D]: OptionDialog::InitUARTInfo(): No com port detected.(..\..\flashtool\UI\src\OptionDialog.cpp,456)
12/05/2024 13:02:30.714 FlashTool[31048][40084][D]: OptionDialog::winEvent(): USB Device Removed.(..\..\flashtool\UI\src\OptionDialog.cpp,523)
12/05/2024 13:02:30.715 FlashTool[31048][40084][D]: OptionDialog::InitUARTInfo(): No com port detected.(..\..\flashtool\UI\src\OptionDialog.cpp,456)
12/05/2024 13:05:30.732 FlashTool[31048][7576][D]: APCore::Connection::ConnectDA(): Failed to Connect DA: STATUS_EXT_RAM_EXCEPTION(..\..\flashtool\Conn\Connection.cpp,145)
12/05/2024 13:05:30.732 FlashTool[31048][7576][D]: APCore::Connection:Big Grinisconnect(): Disconnect!(..\..\flashtool\Conn\Connection.cpp,155)
12/05/2024 13:05:30.732 FlashTool[31048][7576][D]: BackgroundWorker::run(): BROM Exception! ( ERROR : STATUS_EXT_RAM_EXCEPTION (0xC0050005)


[HINT]:
)((APCore::Connection::ConnectDA,..\..\flashtool\Conn\Connection.cpp,146))(..\..\flashtool\UI\src\BackgroundWorker.cpp,96)
12/05/2024 13:07:34.303 FlashTool[31048][40084][D]: MainWindow::closeEvent(): UI has unlocked!(..\..\flashtool\UI\src\MainWindow.cpp,2059)
12/05/2024 13:07:34.322 FlashTool[31048][40084][D]: BackgroundWorker::~BackgroundWorker(): dtor of BackgroundWorker...(..\..\flashtool\UI\src\BackgroundWorker.cpp,22)
12/05/2024 13:07:34.322 FlashTool[31048][40084][D]: APCore:Big GrinAHandle::~DAHandle(): dtor of DAHandle(..\..\flashtool\Resource\Handle\DAHandle.cpp,25)
12/05/2024 13:07:34.323 FlashTool[31048][40084][D]: APCore:Big GrinLHandle::~DLHandle(): dtor of DLHandle(..\..\flashtool\Resource\Handle\DLHandle.cpp,23)
12/05/2024 13:07:34.323 FlashTool[31048][40084][D]: APCore::RBHandle::~RBHandle(): dtor of RBHandle(..\..\flashtool\Resource\Handle\RBHandle.cpp,19)
12/05/2024 13:07:34.323 FlashTool[31048][40084][D]: APCore::RBHandle::~RBHandle(): RB_ClearAll(0)(..\..\flashtool\Resource\Handle\RBHandle.cpp,21)
12/05/2024 13:07:34.323 FlashTool[31048][40084][D]: APCore::RBHandle::~RBHandle(): RB_Destroy(0)(..\..\flashtool\Resource\Handle\RBHandle.cpp,23)
12/05/2024 13:07:34.323 FlashTool[31048][40084][D]: APCore::ScretHandle::~ScretHandle(): dtor of ScretHandle(..\..\flashtool\Resource\Handle\ScretHandle.cpp,23)
12/05/2024 13:07:34.323 FlashTool[31048][40084][D]: APCore::AuthHandle::~AuthHandle(): dtor of auth handle.(..\..\flashtool\Resource\Handle\AuthHandle.cpp,22)

Logger deinited.
Pages (2): 1 2 Next
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
Join us
WhTlYt