diff --git a/README.md b/README.md index 0945b011..b15e2105 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Once the mtk script is running, boot into brom mode by powering off device, pres vol up + power or vol down + power and connect the phone. Once detected by the tool, release the buttons. -## MT678x, MT689x, MT688x, MT698x +## MT6781, MT6789, MT6855, MT6886, MT6895, MT6983, MT8985 - These chipsets use a new protocol called V6 and the bootrom is patched, thus you need a valid da via --loader option. - On some devices, preloader is deactivated, but you still use it by running "adb reboot edl". - This only works with UNFUSED devices currently. diff --git a/mtkclient/Library/DA/legacy/extension/legacy.py b/mtkclient/Library/DA/legacy/extension/legacy.py index 1c2f58a1..a7f85584 100755 --- a/mtkclient/Library/DA/legacy/extension/legacy.py +++ b/mtkclient/Library/DA/legacy/extension/legacy.py @@ -217,7 +217,7 @@ def read_pubk(self): if self.mtk.config.chipconfig.efuse_addr is not None: base = self.mtk.config.chipconfig.efuse_addr addr = base + 0x90 - data = bytearray(self.mtk.daloader.peek(addr=addr, length=0x20)) + data = bytearray(self.mtk.daloader.peek(addr=addr, length=0x30)) return data return None diff --git a/mtkclient/Library/DA/xflash/extension/xflash.py b/mtkclient/Library/DA/xflash/extension/xflash.py index 0d91925a..257ba157 100755 --- a/mtkclient/Library/DA/xflash/extension/xflash.py +++ b/mtkclient/Library/DA/xflash/extension/xflash.py @@ -637,7 +637,7 @@ def read_pubk(self): if self.mtk.config.chipconfig.efuse_addr is not None: base = self.mtk.config.chipconfig.efuse_addr addr = base + 0x90 - data = bytearray(self.mtk.daloader.peek(addr=addr, length=0x20)) + data = bytearray(self.mtk.daloader.peek(addr=addr, length=0x30)) return data return None diff --git a/mtkclient/Library/DA/xflash/xflash_lib.py b/mtkclient/Library/DA/xflash/xflash_lib.py index 7fad00ae..f69f10a2 100755 --- a/mtkclient/Library/DA/xflash/xflash_lib.py +++ b/mtkclient/Library/DA/xflash/xflash_lib.py @@ -748,7 +748,7 @@ def get_sla_status(self): status = self.status() if status == 0: - return int.from_bytes(resp,'little') + return int.from_bytes(resp, 'little') else: self.error(f"Error on getting sla enabled status: {self.eh.status(status)}") return None @@ -1140,23 +1140,26 @@ def set_remote_sec_policy(self, data): return self.send_devctrl(self.Cmd.SET_REMOTE_SEC_POLICY, data) def handle_sla(self, da2): - res = self.get_dev_fw_info() - if res!=b"": - data = res[4:4+0x10] - found = False - for key in da_sla_keys: - if da2.find(bytes.fromhex(key.n)) != -1: - sla_signature = generate_da_sla_signature(data=data, key=key.key) - found = self.set_remote_sec_policy(data=sla_signature) - if found: - break - if not found: - print("No valid sla key found, using dummy auth ....") - sla_signature = b"\x00" * 0x100 - found = self.set_remote_sec_policy(data=sla_signature) - if found: + rsakey = None + for key in da_sla_keys: + if da2.find(bytes.fromhex(key.n)) != -1: + rsakey = key + break + if rsakey is None: + print("No valid sla key found, trying dummy auth ....") + sla_signature = b"\x00" * 0x100 + if self.set_remote_sec_policy(data=sla_signature): print("SLA Signature was accepted.") - return found + return True + else: + res = self.get_dev_fw_info() + if res != b"": + data = res[4:4 + 0x10] + sla_signature = generate_da_sla_signature(data=data, key=rsakey.key) + if self.set_remote_sec_policy(data=sla_signature): + print("SLA Signature was accepted.") + return True + return False def upload_da(self): if not self.mtk.daloader.patch: diff --git a/mtkclient/Library/DA/xml/extension/v6.py b/mtkclient/Library/DA/xml/extension/v6.py index 386aade9..09bd4c35 100755 --- a/mtkclient/Library/DA/xml/extension/v6.py +++ b/mtkclient/Library/DA/xml/extension/v6.py @@ -695,7 +695,7 @@ def read_pubk(self): if self.mtk.config.chipconfig.efuse_addr is not None: base = self.mtk.config.chipconfig.efuse_addr addr = base + 0x90 - data = bytearray(self.mtk.daloader.peek_reg(addr=addr, length=0x20)) + data = bytearray(self.mtk.daloader.peek_reg(addr=addr, length=0x30)) return data return None diff --git a/mtkclient/Library/DA/xml/xml_lib.py b/mtkclient/Library/DA/xml/xml_lib.py index ee94b04d..c6513932 100755 --- a/mtkclient/Library/DA/xml/xml_lib.py +++ b/mtkclient/Library/DA/xml/xml_lib.py @@ -617,22 +617,21 @@ def upload_da(self): self.info("SLA is disabled") else: self.info("SLA is enabled") - self.dev_info = self.get_dev_info() - found = False + rsakey = None for key in da_sla_keys: if isinstance(key, SlaKey): if da2.find(bytes.fromhex(key.n)) != -1: - sla_signature = generate_da_sla_signature(data=self.dev_info["rnd"], key=key.key) - if self.handle_sla(data=sla_signature): - found = True - break - if not found: + rsakey = key + if rsakey is None: print("No valid sla key found, using dummy auth ....") sla_signature = b"\x00" * 0x100 - self.handle_sla(data=sla_signature) - - else: - self.error(res) + if not self.handle_sla(data=sla_signature): + print("SLA Key wasn't accepted.") + else: + self.dev_info = self.get_dev_info() + sla_signature = generate_da_sla_signature(data=self.dev_info["rnd"], key=rsakey.key) + if not self.handle_sla(data=sla_signature): + print("SLA Key wasn't accepted.") if self.patch: xmlcmd = self.Cmd.create_cmd("CUSTOM") if self.xsend(xmlcmd):