Port - Device detected :)
Preloader - CPU: MT6737M/MT6735G()
Preloader - HW version: 0x0
Preloader - WDT: 0x10212000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10217c00
Preloader - Var1: 0x28
Preloader - Disabling Watchdog...
Preloader - HW code: 0x335
Preloader - Target config: 0x5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Preloader - Get Target info
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xcb00
Preloader - SW Ver: 0x0
Mtk - We're not in bootrom, trying to crash da...
Exploitation - Crashing da...
Preloader - Jumping to 0x0
Preloader - Jumping to 0x0: ok.
Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode
Port - Device detected :)
Preloader - CPU: MT6737M/MT6735G()
Preloader - HW version: 0x0
Preloader - WDT: 0x10212000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10217c00
Preloader - Var1: 0x28
Preloader - Disabling Watchdog...
Preloader - HW code: 0x335
Preloader - Target config: 0x5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xcb00
Preloader - SW Ver: 0x0
Preloader - ME_ID: EB1B2CEBECB823064DF4703E9EB9F1E7
PLTools - Loading payload from mt6737_payload.bin, 0x258 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/kai/src/mtkclient/mtkclient/payloads/mt6737_payload.bin
Port - Device detected :)
DA_handler - Device was protected. Successfully bypassed security.
DA_handler - Device is in BROM mode. Trying to dump preloader.
Successfully extracted preloader for this device to: preloader_ne1.bin
DALegacy - Uploading legacy da...
DALegacy - Uploading legacy stage 1 from MTK_DA_V5.bin
legacyext - Legacy DA2 is patched.
legacyext - Legacy DA2 CMD F0 is patched.
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DALegacy - Got loader sync !
DALegacy - Reading nand info
DALegacy - Reading emmc info
DALegacy - ACK: 04029b
DALegacy - Setting stage 2 config ...
DALegacy - DRAM config needed for : 510001154d333145644f0d42e32cb3cc
DALegacy - Reading dram nand info ...
DALegacy - Sending dram info ...
DALegacy - RAM-Length: 0xbc
DALegacy - Checksum: 6FE2
DALegacy - M_EXT_RAM_RET : 0
DALegacy - M_EXT_RAM_TYPE : 0x2
DALegacy - M_EXT_RAM_CHIP_SELECT : 0x0
DALegacy - M_EXT_RAM_SIZE : 0x80000000
DALegacy - Uploading stage 2...
DALegacy - Successfully uploaded stage 2
DALegacy - Connected to stage2
DALegacy - Reconnecting to stage2 with higher speed
DeviceClass - [Errno 2] Entity not found
DALegacy - Connected to stage2 with higher speed
DALegacy - m_int_sram_ret = 0x0
m_int_sram_size = 0x20000
m_ext_ram_ret = 0x0
m_ext_ram_type = 0x2
m_ext_ram_chip_select = 0x0
m_int_sram_ret = 0x0
m_ext_ram_size = 0x80000000
randomid = 0x3BD8221EE35D6EDF3664D35AB0482CB
m_emmc_ret = 0x0
m_emmc_boot1_size = 0x400000
m_emmc_boot2_size = 0x400000
m_emmc_rpmb_size = 0x400000
m_emmc_gp_size[0] = 0x0
m_emmc_gp_size[1] = 0x0
m_emmc_gp_size[2] = 0x0
m_emmc_gp_size[3] = 0x0
m_emmc_ua_size = 0x3a3e00000
m_emmc_cid = 4531334d15010051ccb334e3420d4f64
m_emmc_fwver = 0d00000000000000
GPT Table:
-------------
proinfo: Offset 0x0000000000080000, Length 0x0000000000300000, Flags 0x00000000, UUID f57ad330-39c2-4488-b09b-00cb43c9ccd4, Type EFI_BASIC_DATA
nvram: Offset 0x0000000000380000, Length 0x0000000000500000, Flags 0x00000000, UUID fe686d97-3544-4a41-21be-167e25b61b6f, Type EFI_BASIC_DATA
protect1: Offset 0x0000000000880000, Length 0x0000000000a00000, Flags 0x00000000, UUID 1cb143a8-b1a8-4b57-51b2-945c5119e8fe, Type EFI_BASIC_DATA
protect2: Offset 0x0000000001280000, Length 0x0000000000a00000, Flags 0x00000000, UUID 3b9e343b-cdc8-4d7f-a69f-b6812e50ab62, Type EFI_BASIC_DATA
lk: Offset 0x0000000001c80000, Length 0x0000000000080000, Flags 0x00000000, UUID 5f6a2c79-6617-4b85-02ac-c2975a14d2d7, Type EFI_BASIC_DATA
para: Offset 0x0000000001d00000, Length 0x0000000000080000, Flags 0x00000000, UUID 4ae2050b-5db5-4ff7-d3aa-5730534be63d, Type EFI_BASIC_DATA
boot: Offset 0x0000000001d80000, Length 0x0000000001000000, Flags 0x00000000, UUID 1f9b0939-e16b-4bc9-bca5-dc2ee969d801, Type EFI_BASIC_DATA
recovery: Offset 0x0000000002d80000, Length 0x0000000001000000, Flags 0x00000000, UUID d722c721-0dee-4cb8-838a-2c63cd1393c7, Type EFI_BASIC_DATA
logo: Offset 0x0000000003d80000, Length 0x0000000000800000, Flags 0x00000000, UUID e02179a8-ceb5-48a9-3188-4f1c9c5a8695, Type EFI_BASIC_DATA
expdb: Offset 0x0000000004580000, Length 0x0000000000a00000, Flags 0x00000000, UUID 84b09a81-fad2-41ac-0e89-407c24975e74, Type EFI_BASIC_DATA
seccfg: Offset 0x0000000004f80000, Length 0x0000000000080000, Flags 0x00000000, UUID e8f0a5ef-8d1b-42ea-2a9c-835cd77de363, Type EFI_BASIC_DATA
oemkeystore: Offset 0x0000000005000000, Length 0x0000000000200000, Flags 0x00000000, UUID d5f0e175-a6e1-4db7-c094-f82ad032950b, Type EFI_BASIC_DATA
secro: Offset 0x0000000005200000, Length 0x0000000000600000, Flags 0x00000000, UUID 1d9056e1-e139-4fca-0b8c-b75fd74d81c6, Type EFI_BASIC_DATA
keystore: Offset 0x0000000005800000, Length 0x0000000000800000, Flags 0x00000000, UUID 7792210b-b6a8-45d5-91ad-3361ed14c608, Type EFI_BASIC_DATA
tee1: Offset 0x0000000006000000, Length 0x0000000000500000, Flags 0x00000004, UUID 138a6db9-1032-451d-e991-0fa38ff94fbb, Type EFI_BASIC_DATA
tee2: Offset 0x0000000006500000, Length 0x0000000000500000, Flags 0x00000000, UUID 756d934c-50e3-4c91-46af-02d824169ca7, Type EFI_BASIC_DATA
box: Offset 0x0000000006a00000, Length 0x0000000000800000, Flags 0x00000000, UUID a3f3c267-5521-42dd-24a7-3bdec20c7c6f, Type EFI_BASIC_DATA
sys_info: Offset 0x0000000007200000, Length 0x0000000000100000, Flags 0x00000000, UUID 8c68cd2a-ccc9-4c5d-578b-34ae9b2dd481, Type EFI_BASIC_DATA
sutinfo: Offset 0x0000000007300000, Length 0x0000000000020000, Flags 0x00000000, UUID 6a5cebf8-54a7-4b89-1d8d-c5eb140b095b, Type EFI_BASIC_DATA
hidden: Offset 0x0000000007320000, Length 0x0000000002000000, Flags 0x00000000, UUID a0d65bf8-e8de-4107-3494-1d318c843d37, Type EFI_BASIC_DATA
cda: Offset 0x0000000009320000, Length 0x0000000000800000, Flags 0x00000000, UUID 46f0c0bb-f227-4eb6-2fb8-66408e13e36d, Type EFI_BASIC_DATA
frp: Offset 0x0000000009b20000, Length 0x0000000000100000, Flags 0x00000000, UUID fbc2c131-6392-4217-1eb5-548a6edb03d0, Type EFI_BASIC_DATA
nvdata: Offset 0x0000000009c20000, Length 0x0000000002000000, Flags 0x00000000, UUID e195a981-e285-4734-2580-ec323e9589d9, Type EFI_BASIC_DATA
metadata: Offset 0x000000000bc20000, Length 0x00000000023e0000, Flags 0x00000000, UUID e29052f8-5d3a-4e97-b5ad-5f312ce6610a, Type EFI_BASIC_DATA
system: Offset 0x000000000e000000, Length 0x0000000100000000, Flags 0x00000000, UUID 9c3cabd7-a35d-4b45-578c-b80775426b35, Type EFI_BASIC_DATA
cache: Offset 0x000000010e000000, Length 0x0000000019000000, Flags 0x00000000, UUID e7099731-95a6-45a6-e5a1-1b6aba032cf1, Type EFI_BASIC_DATA
userdata: Offset 0x0000000127000000, Length 0x000000027bd80000, Flags 0x00000000, UUID 8273e1ab-846f-4468-99b9-ee2ea8e50a16, Type EFI_BASIC_DATA
flashinfo: Offset 0x00000003a2d80000, Length 0x0000000001000000, Flags 0x00000000, UUID d26472f1-9ebc-421d-14ba-311296457c90, Type EFI_BASIC_DATA
Total disk size:0x00000003a3d84200, sectors:0x0000000001d1ec21
Port - Device detected :)
Preloader - CPU: MT6737M/MT6735G()
Preloader - HW version: 0x0
Preloader - WDT: 0x10212000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10217c00
Preloader - Var1: 0x28
Preloader - Disabling Watchdog...
Preloader - HW code: 0x335
Preloader - Target config: 0x5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Preloader - Get Target info
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xcb00
Preloader - SW Ver: 0x0
Main - Getting target info...
Preloader - Target config: 0x5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Comments
Post a Comment