diff --git a/mtk b/mtk
index 30cbae8..a20998a 100755
--- a/mtk
+++ b/mtk
@@ -302,7 +302,7 @@ class Main(metaclass=LogBase):
             logfilename = os.path.join("logs", "log.txt")
             if os.path.exists(logfilename):
                 os.remove(logfilename)
-            fh = logging.FileHandler(logfilename)
+            fh = logging.FileHandler(logfilename, encoding='utf-8')
             self.__logger.addHandler(fh)
 
         self.debug(" ".join(sys.argv))
@@ -388,15 +388,17 @@ class Main(metaclass=LogBase):
                            "Trying to dump preloader from ram.")
                 plt = PLTools(mtk=mtk, loglevel=self.__logger.level)
                 dadata, filename = plt.run_dump_preloader(self.args.ptype)
-                mtk.config.preloader = self.patch_preloader_security(dadata)
+                mtk.config.preloader = mtk.patch_preloader_security(dadata)
             if mtk.config.preloader is not None:
                 self.info("Using custom preloader : "+filename)
                 daaddr, dadata = mtk.parse_preloader(mtk.config.preloader)
+                mtk.config.preloader = mtk.patch_preloader_security(dadata)
                 if mtk.preloader.send_da(daaddr, len(dadata), 0x100, dadata):
                     self.info(f"Sent preloader to {hex(daaddr)}, length {hex(len(dadata))}")
                     if mtk.preloader.jump_da(daaddr):
                         self.info(f"PL Jumped to daaddr {hex(daaddr)}.")
                         time.sleep(2)
+                        sys.exit(1)
                         mtk = Mtk(config=mtk.config, loglevel=self.__logger.level)
                         res = mtk.preloader.init()
                         if not res:
@@ -412,6 +414,9 @@ class Main(metaclass=LogBase):
                                     #    data=0x200*b"\x00"+data
                             mtk.preloader.send_partition_data(partition, pldata)
                             status = mtk.preloader.jump_to_partition(partition)  # Do not remove !
+                            res=mtk.preloader.read32(0x10C180,10)
+                            for val in res:
+                                print(hex(val))
                             if status!=0x0:
                                 self.error("Error on jumping to partition: "+self.eh.status(status))
                             else:
@@ -631,12 +636,6 @@ class Main(metaclass=LogBase):
             if mtk.port.cdc.connected and os.path.exists(".state"):
                 info=mtk.daloader.reinit()
             else:
-                if os.path.exists("logs"):
-                    try:
-                        shutil.rmtree("logs", ignore_errors=True, onerror=None)
-                        os.mkdir("logs")
-                    except:
-                        pass
                 try:
                     preloader = self.args.preloader
                 except:
@@ -1109,7 +1108,7 @@ class Main(metaclass=LogBase):
                 self.close()
 
 
-info = "MTK Flash/Exploit Client V1.50 (c) B.Kerler 2018-2021"
+info = "MTK Flash/Exploit Client V1.51 (c) B.Kerler 2018-2021"
 
 cmds = {
     "printgpt": "Print GPT Table information",
diff --git a/mtkclient/Library/Port.py b/mtkclient/Library/Port.py
index f837c46..48b1eb5 100755
--- a/mtkclient/Library/Port.py
+++ b/mtkclient/Library/Port.py
@@ -36,7 +36,7 @@ class Port(metaclass=LogBase):
 
         if loglevel == logging.DEBUG:
             logfilename = os.path.join("logs", "log.txt")
-            fh = logging.FileHandler(logfilename)
+            fh = logging.FileHandler(logfilename, encoding='utf-8')
             self.__logger.addHandler(fh)
             self.__logger.setLevel(logging.DEBUG)
         else:
diff --git a/mtkclient/Library/cqdma.py b/mtkclient/Library/cqdma.py
index c3ef497..30c9cc1 100755
--- a/mtkclient/Library/cqdma.py
+++ b/mtkclient/Library/cqdma.py
@@ -58,7 +58,7 @@ class cqdma(metaclass=LogBase):
         self.reg = cqdma_reg(setup)
         if loglevel == logging.DEBUG:
             logfilename = os.path.join("logs", "log.txt")
-            fh = logging.FileHandler(logfilename)
+            fh = logging.FileHandler(logfilename, encoding='utf-8')
             self.__logger.addHandler(fh)
             self.__logger.setLevel(logging.DEBUG)
         else:
diff --git a/mtkclient/Library/daconfig.py b/mtkclient/Library/daconfig.py
index 73353d4..53eec44 100755
--- a/mtkclient/Library/daconfig.py
+++ b/mtkclient/Library/daconfig.py
@@ -7,6 +7,7 @@ from struct import unpack
 from mtkclient.Library.utils import LogBase, read_object, logsetup
 from mtkclient.config.payloads import pathconfig
 from mtkclient.config.brom_config import damodes
+from mtkclient.Library.utils import structhelper
 
 class Storage:
     MTK_DA_HW_STORAGE_NOR = 0
@@ -73,27 +74,41 @@ class NandCellUsage:
     CELL_OCT = 7
 
 
-entry_region = [
-    ('m_buf', 'I'),
-    ('m_len', 'I'),
-    ('m_start_addr', 'I'),
-    ('m_start_offset', 'I'),
-    ('m_sig_len', 'I')]
+class entry_region:
+    m_buf = None
+    m_len = None
+    m_start_addr = None
+    m_start_offset = None
+    m_sig_len = None
+    def __init__(self, data):
+        sh = structhelper(data)
+        self.m_buf = sh.dword()
+        self.m_len = sh.dword()
+        self.m_start_addr = sh.dword()
+        self.m_start_offset = sh.dword()
+        self.m_sig_len = sh.dword()
 
-DA = [
-    ('magic', 'H'),
-    ('hw_code', 'H'),
-    ('hw_sub_code', 'H'),
-    ('hw_version', 'H'),
-    ('sw_version', 'H'),
-    ('reserved1', 'H'),
-    ('pagesize', 'H'),
-    ('reserved3', 'H'),
-    ('entry_region_index', 'H'),
-    ('entry_region_count', 'H')
-    # vector<entry_region> LoadRegion
-]
+class DA:
+    def __init__(self,data):
+        self.loader = None
+        sh = structhelper(data)
+        self.magic = sh.short()
+        self.hw_code = sh.short()
+        self.hw_sub_code = sh.short()
+        self.hw_version = sh.short()
+        self.sw_version = sh.short()
+        self.reserved1 = sh.short()
+        self.pagesize = sh.short()
+        self.reserved3 = sh.short()
+        self.entry_region_index = sh.short()
+        self.entry_region_count = sh.short()
+        self.region = []
+        for _ in range(self.entry_region_count):
+            entry_tmp = entry_region(sh.bytes(20))
+            self.region.append(entry_tmp)
 
+    def setfilename(self, loaderfilename: str):
+        self.loader = loaderfilename
 
 class DAconfig(metaclass=LogBase):
     def __init__(self, mtk, loader=None, preloader=None, loglevel=logging.INFO):
@@ -118,8 +133,9 @@ class DAconfig(metaclass=LogBase):
             loaders = []
             for root, dirs, files in os.walk(self.pathconfig.get_loader_path(), topdown=False):
                 for file in files:
-                    if "Preloader" not in root:
+                    if "MTK_AllInOne_DA" in file:
                         loaders.append(os.path.join(root, file))
+            loaders = sorted(loaders)[::-1]
             for loader in loaders:
                 self.parse_da_loader(loader)
         else:
@@ -148,9 +164,9 @@ class DAconfig(metaclass=LogBase):
             val = unpack("<I", emi[-4:])[0]
             if val == rlen:
                 emi = emi[:rlen]
-                if not self.config.chipconfig.damode==damodes.XFLASH:
-                    if emi.find(b"MTK_BIN")!=-1:
-                        emi=emi[emi.find(b"MTK_BIN")+0xC:]
+                if not self.config.chipconfig.damode == damodes.XFLASH:
+                    if emi.find(b"MTK_BIN") != -1:
+                        emi = emi[emi.find(b"MTK_BIN") + 0xC:]
                 return emi
         return None
 
@@ -165,16 +181,12 @@ class DAconfig(metaclass=LogBase):
                 with open(preloader, "rb") as rf:
                     data = rf.read()
             else:
-                assert "Preloader :"+preloader+" doesn't exist. Aborting."
+                assert "Preloader :" + preloader + " doesn't exist. Aborting."
                 exit(1)
         self.emi = self.m_extract_emi(data)
 
     def parse_da_loader(self, loader):
-        if not "MTK_AllInOne_DA" in loader:
-            return True
         try:
-            if loader not in self.dasetup:
-                self.dasetup[loader] = []
             with open(loader, 'rb') as bootldr:
                 # data = bootldr.read()
                 # self.debug(hexlify(data).decode('utf-8'))
@@ -182,15 +194,20 @@ class DAconfig(metaclass=LogBase):
                 count_da = unpack("<I", bootldr.read(4))[0]
                 for i in range(0, count_da):
                     bootldr.seek(0x6C + (i * 0xDC))
-                    datmp = read_object(bootldr.read(0x14), DA)  # hdr
-                    datmp["loader"] = loader
-                    da = [datmp]
-                    # bootldr.seek(0x6C + (i * 0xDC) + 0x14) #sections
-                    count = datmp["entry_region_count"]
-                    for m in range(0, count):
-                        entry_tmp = read_object(bootldr.read(20), entry_region)
-                        da.append(entry_tmp)
-                    self.dasetup[loader].append(da)
+                    da = DA(bootldr.read(0xDC))
+                    da.setfilename(loader)
+                    if da.hw_code not in self.dasetup:
+                        self.dasetup[da.hw_code] = [da]
+                    else:
+                        for ldr in self.dasetup[da.hw_code]:
+                            found = False
+                            if da.hw_version == ldr.hw_version:
+                                if da.sw_version == ldr.sw_version:
+                                    if da.hw_sub_code == da.hw_sub_code:
+                                        found = True
+                                        break
+                        if not found:
+                            self.dasetup[da.hw_code].append(da)
                 return True
         except Exception as e:
             self.error("Couldn't open loader: " + loader + ". Reason: " + str(e))
@@ -198,14 +215,14 @@ class DAconfig(metaclass=LogBase):
 
     def setup(self):
         dacode = self.config.chipconfig.dacode
-        for loader in self.dasetup:
-            for setup in self.dasetup[loader]:
-                if setup[0]["hw_code"] == dacode:
-                    if setup[0]["hw_version"] <= self.config.hwver:
-                        if setup[0]["sw_version"] <= self.config.swver:
-                            if self.loader is None:
-                                self.da = setup
-                                self.loader = loader
+        if dacode in self.dasetup:
+            loaders = self.dasetup[dacode]
+            for loader in loaders:
+                if loader.hw_version <= self.config.hwver:
+                    if loader.sw_version <= self.config.swver:
+                        if self.loader is None:
+                            self.da = loader
+                            self.loader = loader.loader
 
         if self.da is None:
             self.error("No da config set up")
diff --git a/mtkclient/Library/gpt.py b/mtkclient/Library/gpt.py
index 681927a..b851700 100755
--- a/mtkclient/Library/gpt.py
+++ b/mtkclient/Library/gpt.py
@@ -145,7 +145,7 @@ class gpt(metaclass=LogBase):
         self.__logger.setLevel(loglevel)
         if loglevel == logging.DEBUG:
             logfilename = "log.txt"
-            fh = logging.FileHandler(logfilename)
+            fh = logging.FileHandler(logfilename, encoding='utf-8')
             self.__logger.addHandler(fh)
 
     def parseheader(self, gptdata, sectorsize=512):
diff --git a/mtkclient/Library/hwcrypto_dxcc.py b/mtkclient/Library/hwcrypto_dxcc.py
index 8e7a782..966f0ff 100755
--- a/mtkclient/Library/hwcrypto_dxcc.py
+++ b/mtkclient/Library/hwcrypto_dxcc.py
@@ -29,7 +29,29 @@ oem_pubk = "DACD8B5FDA8A766FB7BCAA43F0B16915" + \
            "5CD9D430F02EE46F80DE6C63EA802BEF" + \
            "90673AAC4C6667F2883FB4501FA77455"
 
-mtk_oem_key = hashlib.sha256(bytes.fromhex(oem_pubk)).digest()
+huawei_med_lx9 = "C1A9D3E65C7EAEB31932E9DD224C07C0" + \
+                 "70D879FB4FE518C64E92C24B79DC1EE1" + \
+                 "535D91D38DD34D7E32A22DEED60F0727" + \
+                 "FF8F8747E2598ACB5DDC73C61D2434A9" + \
+                 "1D568FE3E773BD0D17AA46B0364E0DCF" + \
+                 "3B41E0034605D572B6CD7DD8A816E7D6" + \
+                 "84181B1646628576D1E22F55071687B9" + \
+                 "E5B2F9C9536167B7EDCF10F1F85BE57B" + \
+                 "6EE873BFE952BB33F0001140E0E46AF2" + \
+                 "D64D39C568D8E372BCE3609BCACA5316" + \
+                 "E4EBDDE5721B33611E064DF41A4BCF0A" + \
+                 "3A395791D3203BF220DC71F4267093CE" + \
+                 "B78E30A844D4631DE8CE6D0514202BB5" + \
+                 "8AD2024B16558C2AD9B30CE05043FF67" + \
+                 "C4D265A3D5F3275D93AFDC1A39625C2C" + \
+                 "5BD6FDCDBD75E76E6D9E74E9672B5897"
+
+buffer = bytearray(b"\x00" * 0x20C)
+buffer[0:4] = pack("<I", 3)
+buffer[4:8] = pack("<I", 256)
+buffer[12:15] = b"\x01\x00\x01"
+buffer[0x10C:0x20C] = bytes.fromhex(huawei_med_lx9)
+huawei_oem_key = bytearray(hashlib.sha256(buffer).digest())
 
 regval = {
     "DXCC_CON": 0x0000,
@@ -1072,7 +1094,7 @@ class dxcc(metaclass=LogBase):
             itrustee = b"TrustedCorekeymaster" + b"\x07" * 0x10
             seed = itrustee + pack("<B", ctr)
             paddr = self.SBROM_AesCmac(1, 0x0, seed, 0x0, len(seed), dstaddr)
-            for field in self.read32(paddr + 0x108, 4):
+            for field in self.read32(paddr, 4):
                 fdekey += pack("<I", field)
         self.tzcc_clk(0)
         return fdekey
@@ -1099,8 +1121,29 @@ class dxcc(metaclass=LogBase):
         prov_key = b"PROVISION KEY"
         self.tzcc_clk(1)
         dstaddr = self.da_payload_addr - 0x300
-        platkey = self.SBROM_KeyDerivation(2, plat_key, mtk_oem_key, 0x20, dstaddr)
-        provkey = self.SBROM_KeyDerivation(5, prov_key, mtk_oem_key, 0x20, dstaddr)
+
+        mtk_oem_key = hashlib.sha256(bytes.fromhex(oem_pubk)).digest()
+        provkey = self.SBROM_KeyDerivation(HwCryptoKey.PROVISIONING_KEY, plat_key, mtk_oem_key, 0x10, dstaddr)
+        while True:
+            val = self.read32(self.dxcc_base + 0xAF4) & 1
+            if val != 0:
+                break
+        platkey = self.SBROM_KeyDerivation(HwCryptoKey.PLATFORM_KEY, prov_key, mtk_oem_key, 0x10, dstaddr)
+        self.write32(self.dxcc_base + 0xAC0, 0)
+        self.write32(self.dxcc_base + 0xAC4, 0)
+        self.write32(self.dxcc_base + 0xAC8, 0)
+        self.write32(self.dxcc_base + 0xACC, 0)
+        pdesc = hw_desc_init()
+        pdesc[0] = 0
+        pdesc[1] = 0x8000081
+        pdesc[2] = 0
+        pdesc[3] = 0
+        pdesc[4] = 0x4801C20
+        pdesc[5] = 0
+        self.sasi_sb_adddescsequence(pdesc)
+        dstaddr = self.da_payload_addr - 0x300
+        self.SB_HalWaitDescCompletion(dstaddr)
+        # data=self.read32(0x200D90)
         self.tzcc_clk(0)
         return platkey, provkey
 
@@ -1112,54 +1155,39 @@ class dxcc(metaclass=LogBase):
             result.extend(pack("<I", field))
         return result
 
-    # SBROM_KeyDerivation(dxcc_base,encmode=1,fde1,8,fde2,4,fdekey,fdekey>>31,fdekeylen
-    """
-    SBROM_KeyDerivation PC(00230B77) R0:10210000,R1:00000001,R2:001209D8,R3:00000008,R4:00100000,R5:00233760,R6:00000010
-    R2:53514e43214c465a
-    R5:52504d42204b45595341534953514e43
-    key="SQNC!LFZ",8
-    salt="SASI",4
-    requestedlen=0x10
-    """
-
-    def SBROM_KeyDerivation(self, aeskeytype, key, salt, requestedlen, destaddr):
+    def SBROM_KeyDerivation(self, aeskeytype, label, salt, requestedlen, destaddr):
         result = bytearray()
-        buffer = bytearray(b"\x00" * 0x43)
         if aeskeytype - 1 > 4 or (1 << (aeskeytype - 1) & 0x17) == 0:
             return 0xF2000002
         if requestedlen > 0xFF or (requestedlen << 28) & 0xFFFFFFFF:
             return 0xF2000003
-        if 0x0 >= len(key) > 0x20:
+        if 0x0 >= len(label) > 0x20:
             return 0xF2000003
-        bufferlen = len(salt) + 3 + len(key)
+        bufferlen = len(salt) + 3 + len(label)
         iterlength = (requestedlen + 0xF) >> 4
-        if len(key) == 0:
-            keyend = 1
-        else:
-            buffer[1:1 + len(key)] = key
-            keyend = len(key) + 1
-        saltstart = keyend + 1
-        if len(salt) > 0:
-            buffer[saltstart:saltstart + len(salt)] = salt
-        # ToDo: verify buffer structure
-        buffer[saltstart + len(salt):saltstart + len(salt) + 4] = pack("<I", 8 * requestedlen)
-        # buffer=0153514e43214c465a005442544a80
         for i in range(0, iterlength):
-            buffer[0] = i + 1
-            dstaddr = self.SBROM_AesCmac(aeskeytype, 0x0, buffer, 0, bufferlen, destaddr)
+            buffer = pack("<B", i + 1) + label + b"\x00" + salt + pack("<B", (8 * requestedlen) & 0xFF)
+            dstaddr = self.SBROM_AesCmac(aeskeytype, 0x0, buffer[:bufferlen], 0, bufferlen, destaddr)
             if dstaddr != 0:
-                for field in self.read32(dstaddr + 0x108, 4):
+                for field in self.read32(dstaddr, 4):
                     result.extend(pack("<I", field))
         return result
 
-    def SBROM_AesCmac(self, aesKeyType, pInternalKey, buffer, flag, bufferlen, destaddr):
-        dataptr = destaddr + 0x118  # SP - 0xA8 - 0x24 - 0x28 - 0x38 - 0x88 - 0x30 - ((12 * 8) - 16)
-        pInternalKeyptr = destaddr + 0x108  # dataptr - 0x10
-        destptr = destaddr
-        self.writemem(dataptr, buffer[:bufferlen])
-        self.writemem(pInternalKeyptr, pack("<Q", pInternalKey))
-        if self.SBROM_AesCmacDriver(aesKeyType, pInternalKeyptr, dataptr, DmaMode.DMA_DLLI, bufferlen, destaddr):
-            return destptr
+    def SBROM_AesCmac(self, aesKeyType, InternalKey, DataIn, dmaMode, bufferlen, destaddr):
+        sramAddr = destaddr
+        ivSramAddr = sramAddr
+        inputSramAddr = ivSramAddr + AES_IV_COUNTER_SIZE_IN_BYTES
+        blockSize = len(DataIn) // 0x20 * 0x20
+        outputSramAddr = inputSramAddr + blockSize
+        keySramAddr = outputSramAddr + blockSize
+        pInternalKey = keySramAddr
+        if InternalKey != 0:
+            self.writemem(keySramAddr, InternalKey)
+        if dmaMode != 0:
+            dmaMode = dmaMode
+        self.writemem(inputSramAddr, DataIn[:bufferlen])
+        if self.SBROM_AesCmacDriver(aesKeyType, pInternalKey, inputSramAddr, dmaMode, bufferlen, sramAddr):
+            return pInternalKey
         return 0
 
     def SB_HalInit(self):
@@ -1191,6 +1219,7 @@ class dxcc(metaclass=LogBase):
             return 0xF6000001
 
     def SBROM_AesCmacDriver(self, aesKeyType, pInternalKey, pDataIn, dmaMode, blockSize, pCMacResult):
+        ivSramAddr = 0
         if aesKeyType == HwCryptoKey.ROOT_KEY:
             if self.read32(self.dxcc_base + self.DX_HOST_SEP_HOST_GPR4) & 2 != 0:
                 keySizeInBytes = 0x20  # SEP_AES_256_BIT_KEY_SIZE
@@ -1204,22 +1233,25 @@ class dxcc(metaclass=LogBase):
         pdesc = hw_desc_set_cipher_mode(pdesc, sep_cipher_mode.SEP_CIPHER_CMAC)  # desc[4]=0x1C00
         pdesc = hw_desc_set_cipher_config0(pdesc, DescDirection.DESC_DIRECTION_ENCRYPT_ENCRYPT)
         pdesc = hw_desc_set_key_size_aes(pdesc, keySizeInBytes)  # desc[4]=0x801C00
-        # pdesc = hw_desc_set_din_sram(pdesc, ivSramAddr, AES_IV_COUNTER_SIZE_IN_BYTES)
+        pdesc = hw_desc_set_din_sram(pdesc, ivSramAddr, AES_IV_COUNTER_SIZE_IN_BYTES)
         pdesc = hw_desc_set_din_const(pdesc, 0, AES_IV_COUNTER_SIZE_IN_BYTES)  # desc[1]=0x8000041
         pdesc = hw_desc_set_flow_mode(pdesc, FlowMode.S_DIN_to_AES)  # desc[4]=0x801C20
         pdesc = hw_desc_set_setup_mode(pdesc, SetupOp.SETUP_LOAD_STATE0)  # desc[4]=0x1801C20
+        pdesc[1] |= 0x8000000
         self.sasi_sb_adddescsequence(pdesc)
 
         # Load key
         mdesc = hw_desc_init()
         if aesKeyType == HwCryptoKey.USER_KEY:
-            mdesc = hw_desc_set_din_sram(mdesc, pInternalKey, AES_Key128Bits_SIZE_IN_BYTES)
+            keySramAddr = pInternalKey
+            mdesc = hw_desc_set_din_sram(mdesc, keySramAddr, AES_Key128Bits_SIZE_IN_BYTES)
         mdesc = hw_desc_set_cipher_do(mdesc, aesKeyType)  # desc[4]=0x8000
         mdesc = hw_desc_set_cipher_mode(mdesc, sep_cipher_mode.SEP_CIPHER_CMAC)  # desc[4]=0x9C00
         mdesc = hw_desc_set_cipher_config0(mdesc, DescDirection.DESC_DIRECTION_ENCRYPT_ENCRYPT)
         mdesc = hw_desc_set_key_size_aes(mdesc, keySizeInBytes)  # desc[4]=0x809C00
         mdesc = hw_desc_set_flow_mode(mdesc, FlowMode.S_DIN_to_AES)  # desc[4]=0x809C20
         mdesc = hw_desc_set_setup_mode(mdesc, SetupOp.SETUP_LOAD_KEY0)  # desc[4]=0x4809C20
+        mdesc[4] |= ((aesKeyType >> 2) & 3) << 20
         self.sasi_sb_adddescsequence(mdesc)
 
         # Process input data
diff --git a/mtkclient/Library/hwcrypto_sej.py b/mtkclient/Library/hwcrypto_sej.py
index f035f53..1120e61 100755
--- a/mtkclient/Library/hwcrypto_sej.py
+++ b/mtkclient/Library/hwcrypto_sej.py
@@ -153,7 +153,7 @@ class sej(metaclass=LogBase):
         self.info = self.__logger.info
         if loglevel == logging.DEBUG:
             logfilename = os.path.join("logs", "log.txt")
-            fh = logging.FileHandler(logfilename)
+            fh = logging.FileHandler(logfilename, encoding='utf-8')
             self.__logger.addHandler(fh)
             self.__logger.setLevel(logging.DEBUG)
         else:
diff --git a/mtkclient/Library/mtk_dalegacy.py b/mtkclient/Library/mtk_dalegacy.py
index df54f72..b864ec9 100755
--- a/mtkclient/Library/mtk_dalegacy.py
+++ b/mtkclient/Library/mtk_dalegacy.py
@@ -7,82 +7,155 @@ import os
 import time
 from struct import pack, unpack
 from binascii import hexlify
-from mtkclient.Library.utils import LogBase, progress, read_object, logsetup
+from mtkclient.Library.utils import LogBase, progress, read_object, logsetup, structhelper
 from mtkclient.Library.error import ErrorHandler
 from mtkclient.Library.daconfig import DaStorage, EMMC_PartitionType
 from mtkclient.Library.partition import Partition
 from mtkclient.config.payloads import pathconfig
 
-norinfo = [
-    ('m_nor_ret', '>I'),
-    ('m_nor_chip_select', '2B'),
-    ('m_nor_flash_id', '>H'),
-    ('m_nor_flash_size', '>I'),
-    ('m_nor_flash_dev_code', '>4H'),
-    ('m_nor_flash_otp_status', '>I'),
-    ('m_nor_flash_otp_size', '>I')
-]
 
-nandinfo32 = [
-    ('m_nand_info', '>I'),
-    ('m_nand_chip_select', '>B'),
-    ('m_nand_flash_id', '>H'),
-    ('m_nand_flash_size', '>I'),
-    ('m_nand_flash_id_count', '>H'),
-]
+class norinfo:
+    m_nor_ret = None
+    m_nor_chip_select = None
+    m_nor_flash_id = None
+    m_nor_flash_size = None
+    m_nor_flash_dev_code = None
+    m_nor_flash_otp_status = None
+    m_nor_flash_otp_size = None
+
+    def __init__(self, data):
+        sh = structhelper(data)
+        self.m_nor_ret = sh.dword(True)
+        self.m_nor_chip_select = sh.bytes(2)
+        self.m_nor_flash_id = sh.short(True)
+        self.m_nor_flash_size = sh.dword(True)
+        self.m_nor_flash_dev_code = sh.shorts(4, True)
+        self.m_nor_flash_otp_status = sh.dword(True)
+        self.m_nor_flash_otp_size = sh.dword(True)
+
+
+class nandinfo32:
+    m_nand_info = None
+    m_nand_chip_select = None
+    m_nand_flash_id = None
+    m_nand_flash_size = None
+    m_nand_flash_id_count = None
+    info2 = None
+
+    def __init__(self, data):
+        sh = structhelper(data)
+        self.m_nand_info = sh.dword(True)
+        self.m_nand_chip_select = sh.bytes(1)
+        self.m_nand_flash_id = sh.short(True)
+        self.m_nand_flash_size = sh.dword(True)
+        self.m_nand_flash_id_count = sh.short(True)
+        self.info2 = None
+
+
+class nandinfo64:
+    m_nand_info = None
+    m_nand_chip_select = None
+    m_nand_flash_id = None
+    m_nand_flash_size = None
+    m_nand_flash_id_count = None
+    info2 = None
+
+    def __init__(self, data):
+        sh = structhelper(data)
+        self.m_nand_info = sh.dword(True)
+        self.m_nand_chip_select = sh.bytes(1)
+        self.m_nand_flash_id = sh.short(True)
+        self.m_nand_flash_size = sh.qword(True)
+        self.m_nand_flash_id_count = sh.short(True)
+        self.info2 = None
 
-nandinfo64 = [
-    ('m_nand_info', '>I'),
-    ('m_nand_chip_select', '>B'),
-    ('m_nand_flash_id', '>H'),
-    ('m_nand_flash_size', '>Q'),
-    ('m_nand_flash_id_count', '>H'),
-]
 
 # ('m_nand_flash_dev_code', '>7H'),
 
-nandinfo2 = [
-    ('m_nand_pagesize', '>H'),
-    ('m_nand_sparesize', '>H'),
-    ('m_nand_pages_per_block', '>H'),
-    ('m_nand_io_interface', 'B'),
-    ('m_nand_addr_cycle', 'B'),
-    ('m_nand_bmt_exist', 'B'),
-]
+class nandinfo2:
+    m_nand_pagesize = None
+    m_nand_sparesize = None
+    m_nand_pages_per_block = None
+    m_nand_io_interface = None
+    m_nand_addr_cycle = None
+    m_nand_bmt_exist = None
 
-emmcinfo = [
-    ('m_emmc_ret', '>I'),
-    ('m_emmc_boot1_size', '>Q'),
-    ('m_emmc_boot2_size', '>Q'),
-    ('m_emmc_rpmb_size', '>Q'),
-    ('m_emmc_gp_size', '>4Q'),
-    ('m_emmc_ua_size', '>Q'),
-    ('m_emmc_cid', '>2Q'),
-    ('m_emmc_fwver', '8B')
-]
+    def __init__(self, data):
+        sh = structhelper(data)
+        self.m_nand_pagesize = sh.short(True)
+        self.m_nand_sparesize = sh.short(True)
+        self.m_nand_pages_per_block = sh.short(True)
+        self.m_nand_io_interface = sh.bytes(1)
+        self.m_nand_addr_cycle = sh.bytes(1)
+        self.m_nand_bmt_exist = sh.bytes(1)
 
-sdcinfo = [
-    ('m_sdmmc_info', '>I'),
-    ('m_sdmmc_ua_size', '>Q'),
-    ('m_sdmmc_cid', '>2Q')
-]
 
-configinfo = [
-    ('m_int_sram_ret', '>I'),
-    ('m_int_sram_size', '>I'),
-    ('m_ext_ram_ret', '>I'),
-    ('m_ext_ram_type', 'B'),
-    ('m_ext_ram_chip_select', 'B'),
-    ('m_ext_ram_size', '>Q'),
-    ('randomid', '>2Q'),
-]
+class emmcinfo:
+    m_emmc_ret = None
+    m_emmc_boot1_size = None
+    m_emmc_boot2_size = None
+    m_emmc_rpmb_size = None
+    m_emmc_gp_size = None
+    m_emmc_ua_size = None
+    m_emmc_cid = None
+    m_emmc_fwver = None
 
-passinfo = [
-    ('ack', 'B'),
-    ('m_download_status', '>I'),
-    ('m_boot_style', '>I'),
-    ('soc_ok', 'B')
-]
+    def __init__(self, data):
+        sh = structhelper(data)
+        self.m_emmc_ret = sh.dword(True)
+        self.m_emmc_boot1_size = sh.qword(True)
+        self.m_emmc_boot2_size = sh.qword(True)
+        self.m_emmc_rpmb_size = sh.qword(True)
+        self.m_emmc_gp_size = sh.qwords(4, True)
+        self.m_emmc_ua_size = sh.qword(True)
+        self.m_emmc_cid = sh.qwords(2, True)
+        self.m_emmc_fwver = sh.bytes(8)
+
+
+class sdcinfo:
+    m_sdmmc_info = None
+    m_sdmmc_ua_size = None
+    m_sdmmc_cid = None
+
+    def __init__(self, data):
+        sh = structhelper(data)
+        self.m_sdmmc_info = sh.dword(True)
+        self.m_sdmmc_ua_size = sh.qword(True)
+        self.m_sdmmc_cid = sh.qwords(2, True)
+
+
+class configinfo:
+    m_int_sram_ret = None
+    m_int_sram_size = None
+    m_ext_ram_ret = None
+    m_ext_ram_type = None
+    m_ext_ram_chip_select = None
+    m_ext_ram_size = None
+    randomid = None
+
+    def __init__(self, data):
+        sh = structhelper(data)
+        self.m_int_sram_ret = sh.dword(True)
+        self.m_int_sram_size = sh.dword(True)
+        self.m_ext_ram_ret = sh.dword(True)
+        self.m_ext_ram_type = sh.bytes()
+        self.m_ext_ram_chip_select = sh.bytes()
+        self.m_ext_ram_size = sh.qword(True)
+        self.randomid = sh.qwords(2, True)
+
+
+class passinfo:
+    ack = None
+    m_download_status = None
+    m_boot_style = None
+    soc_ok = None
+
+    def __init__(self, data):
+        sh = structhelper(data)
+        self.ack = sh.bytes()
+        self.m_download_status = sh.dword(True)
+        self.m_boot_style = sh.dword(True)
+        self.soc_ok = sh.bytes()
 
 
 def crc_word(data, chs=0):
@@ -491,6 +564,9 @@ class DALegacy(metaclass=LogBase):
 
     def __init__(self, mtk, daconfig, loglevel=logging.INFO):
         self.__logger = logsetup(self, self.__logger, loglevel)
+        self.debug = self.debug
+        self.error = self.error
+        self.info = self.info
         self.emmc = None
         self.nand = None
         self.nor = None
@@ -731,7 +807,7 @@ class DALegacy(metaclass=LogBase):
                             dramlength = unpack(">I", self.usbread(0x4))[0]  # 0x000000BC
                             self.debug("Info: " + hex(dramlength))
                             self.usbwrite(self.Rsp.ACK)
-                            lendram=len(self.daconfig.emi)
+                            lendram = len(self.daconfig.emi)
                             self.usbwrite(pack(">I", lendram))
                         elif val in [0x0B]:
                             info = self.usbread(0x10)  # 0x000000BC
@@ -762,22 +838,19 @@ class DALegacy(metaclass=LogBase):
         return buffer
 
     def read_flash_info(self):
-        data = self.usbread(0x1C)
-        self.nor = read_object(data, norinfo)
+        self.nor = norinfo(self.usbread(0x1C))
         data = self.usbread(0x11)
-        self.nand = read_object(data, nandinfo64)
-        nandcount = self.nand["m_nand_flash_id_count"]
+        self.nand = nandinfo64(data)
+        nandcount = self.nand.m_nand_flash_id_count
         if nandcount == 0:
-            self.nand = read_object(data, nandinfo32)
-            nandcount = self.nand["m_nand_flash_id_count"]
+            self.nand = nandinfo32(data)
+            nandcount = self.nand.m_nand_flash_id_count
             nc = data[-4:] + self.usbread(nandcount * 2 - 4)
         else:
             nc = self.usbread(nandcount * 2)
         m_nand_dev_code = unpack(">" + str(nandcount) + "H", nc)
-        self.nand["m_nand_flash_dev_code"] = m_nand_dev_code
-        ni2 = read_object(self.usbread(9), nandinfo2)
-        for ni in ni2:
-            self.nand[ni] = ni2[ni]
+        self.nand.m_nand_flash_dev_code = m_nand_dev_code
+        self.nand.info2 = nandinfo2(self.usbread(9))
         self.emmc = read_object(self.usbread(0x5C), emmcinfo)
         self.sdc = read_object(self.usbread(0x1C), sdcinfo)
         self.flashconfig = read_object(self.usbread(0x26), configinfo)
@@ -798,11 +871,11 @@ class DALegacy(metaclass=LogBase):
             self.info("Uploading stage 1...")
             with open(loader, 'rb') as bootldr:
                 # stage 1
-                stage = 2
-                offset = self.daconfig.da[stage]["m_buf"]
-                size = self.daconfig.da[stage]["m_len"]
-                address = self.daconfig.da[stage]["m_start_addr"]
-                sig_len = self.daconfig.da[stage]["m_sig_len"]
+                stage = 1
+                offset = self.daconfig.da.region[stage].m_buf
+                size = self.daconfig.da.region[stage].m_len
+                address = self.daconfig.da.region[stage].m_start_addr
+                sig_len = self.daconfig.da.region[stage].m_sig_len
                 bootldr.seek(offset)
                 dadata = bootldr.read(size)
                 if self.mtk.preloader.send_da(address, size, sig_len, dadata):
@@ -849,16 +922,16 @@ class DALegacy(metaclass=LogBase):
                 self.set_stage2_config(self.config.hwcode)
                 self.info("Uploading stage 2...")
                 # stage 2
-                if self.brom_send(self.daconfig, bootldr, 3):
+                if self.brom_send(self.daconfig, bootldr, 2):
                     if self.read_flash_info():
                         if self.daconfig.flashtype == "nand":
-                            self.daconfig.flashsize = self.nand["m_nand_flash_size"]
+                            self.daconfig.flashsize = self.nand.m_nand_flash_size
                         elif self.daconfig.flashtype == "emmc":
-                            self.daconfig.flashsize = self.emmc["m_emmc_ua_size"]
+                            self.daconfig.flashsize = self.emmc.m_emmc_ua_size
                             if self.daconfig.flashsize == 0:
-                                self.daconfig.flashsize = self.sdc["m_sdmmc_ua_size"]
+                                self.daconfig.flashsize = self.sdc.m_sdmmc_ua_size
                         elif self.daconfig.flashtype == "nor":
-                            self.daconfig.flashsize = self.nor["m_nor_flash_size"]
+                            self.daconfig.flashsize = self.nor.m_nor_flash_size
                         self.info("Reconnecting to preloader")
                         self.set_usb_cmd()
                         self.mtk.port.close(reset=False)
@@ -908,9 +981,9 @@ class DALegacy(metaclass=LogBase):
         self.mtk.port.close(reset=True)
 
     def brom_send(self, dasetup, da, stage, packetsize=0x1000):
-        offset = dasetup.da[stage]["m_buf"]
-        size = dasetup.da[stage]["m_len"]
-        address = dasetup.da[stage]["m_start_addr"]
+        offset = dasetup.da.region[stage].m_buf
+        size = dasetup.da.region[stage].m_len
+        address = dasetup.da.region[stage].m_start_addr
         da.seek(offset)
         dadata = da.read(size)
         self.usbwrite(pack(">I", address))
@@ -974,43 +1047,11 @@ class DALegacy(metaclass=LogBase):
         return False
 
     def sdmmc_write_data(self, addr, length, filename, offset=0, parttype=None, wdata=None, display=True):
-        if parttype is None or parttype == "user":
-            length = min(length, self.emmc["m_emmc_ua_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_USER
-        elif parttype == "boot1":
-            length = min(length, self.emmc["m_emmc_boot1_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_BOOT1
-        elif parttype == "boot2":
-            length = min(length, self.emmc["m_emmc_boot2_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_BOOT2
-        elif parttype == "gp1":
-            length = min(length, self.emmc["m_emmc_gp_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_GP1
-        elif parttype == "gp2":
-            length = min(length, self.emmc["m_emmc_gp_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_GP2
-        elif parttype == "gp3":
-            length = min(length, self.emmc["m_emmc_gp_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_GP3
-        elif parttype == "gp4":
-            length = min(length, self.emmc["m_emmc_gp_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_GP4
-        elif parttype == "rpmb":
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_RPMB
-
-        if self.daconfig.flashtype == "nor":
-            storage = DaStorage.MTK_DA_STORAGE_NOR
-        elif self.daconfig.flashtype == "nand":
-            storage = DaStorage.MTK_DA_STORAGE_NAND
-        elif self.daconfig.flashtype == "ufs":
-            storage = DaStorage.MTK_DA_STORAGE_UFS
-        elif self.daconfig.flashtype == "sdc":
-            storage = DaStorage.MTK_DA_STORAGE_SDMMC
-        else:
-            storage = DaStorage.MTK_DA_STORAGE_EMMC
+        length, parttype = self.get_parttype(length, parttype)
+        storage = self.get_storage()
 
         if filename is not None:
-            fh=open(filename, "rb")
+            fh = open(filename, "rb")
             fh.seek(offset)
         self.progress.show_progress("Write", 0, 100, display)
         self.usbwrite(self.Cmd.SDMMC_WRITE_DATA_CMD)
@@ -1029,20 +1070,33 @@ class DALegacy(metaclass=LogBase):
             if fh:
                 data = bytearray(fh.read(count))
             else:
-                data = wdata[offset:offset+count]
+                data = wdata[offset:offset + count]
             self.usbwrite(data)
             chksum = sum(data) & 0xFFFF
             self.usbwrite(pack(">H", chksum))
             if self.usbread(1) != self.Rsp.CONT_CHAR:
                 self.error("Data ack failed for sdmmc_write_data")
                 return False
-            self.progress.show_progress("Write",offset,length,display)
+            self.progress.show_progress("Write", offset, length, display)
             offset += count
         if fh:
             fh.close()
         self.progress.show_progress("Write", 100, 100, display)
         return True
 
+    def get_storage(self):
+        if self.daconfig.flashtype == "nor":
+            storage = DaStorage.MTK_DA_STORAGE_NOR
+        elif self.daconfig.flashtype == "nand":
+            storage = DaStorage.MTK_DA_STORAGE_NAND
+        elif self.daconfig.flashtype == "ufs":
+            storage = DaStorage.MTK_DA_STORAGE_UFS
+        elif self.daconfig.flashtype == "sdc":
+            storage = DaStorage.MTK_DA_STORAGE_SDMMC
+        else:
+            storage = DaStorage.MTK_DA_STORAGE_EMMC
+        return storage
+
     def sdmmc_write_image(self, addr, length, filename, display=True):
         if filename != "":
             with open(filename, "rb") as rf:
@@ -1091,29 +1145,7 @@ class DALegacy(metaclass=LogBase):
                                      wdata=wdata, display=display)
 
     def formatflash(self, addr, length, parttype=None, display=True):
-        if parttype is None or parttype == "user" or parttype == "":
-            length = min(length, self.emmc["m_emmc_ua_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_USER
-        elif parttype == "boot1":
-            length = min(length, self.emmc["m_emmc_boot1_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_BOOT1
-        elif parttype == "boot2":
-            length = min(length, self.emmc["m_emmc_boot2_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_BOOT2
-        elif parttype == "gp1":
-            length = min(length, self.emmc["m_emmc_gp_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_GP1
-        elif parttype == "gp2":
-            length = min(length, self.emmc["m_emmc_gp_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_GP2
-        elif parttype == "gp3":
-            length = min(length, self.emmc["m_emmc_gp_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_GP3
-        elif parttype == "gp4":
-            length = min(length, self.emmc["m_emmc_gp_size"])
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_GP4
-        elif parttype == "rpmb":
-            parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_RPMB
+        length, parttype = self.get_parttype(length, parttype)
         self.check_usb_cmd()
         if self.daconfig.flashtype == "emmc":
             self.sdmmc_switch_part(parttype)
@@ -1149,30 +1181,34 @@ class DALegacy(metaclass=LogBase):
                     return True
             return False
 
-    def readflash(self, addr, length, filename, parttype=None, display=True):
+    def get_parttype(self, length, parttype):
         if parttype is None or parttype == "user" or parttype == "":
-            length = min(length, self.emmc["m_emmc_ua_size"])
+            length = min(length, self.emmc.m_emmc_ua_size)
             parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_USER
         elif parttype == "boot1":
-            length = min(length, self.emmc["m_emmc_boot1_size"])
+            length = min(length, self.emmc.m_emmc_boot1_size)
             parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_BOOT1
         elif parttype == "boot2":
-            length = min(length, self.emmc["m_emmc_boot2_size"])
+            length = min(length, self.emmc.m_emmc_boot2_size)
             parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_BOOT2
         elif parttype == "gp1":
-            length = min(length, self.emmc["m_emmc_gp_size"])
+            length = min(length, self.emmc.m_emmc_gp_size)
             parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_GP1
         elif parttype == "gp2":
-            length = min(length, self.emmc["m_emmc_gp_size"])
+            length = min(length, self.emmc.m_emmc_gp_size)
             parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_GP2
         elif parttype == "gp3":
-            length = min(length, self.emmc["m_emmc_gp_size"])
+            length = min(length, self.emmc.m_emmc_gp_size)
             parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_GP3
         elif parttype == "gp4":
-            length = min(length, self.emmc["m_emmc_gp_size"])
+            length = min(length, self.emmc.m_emmc_gp_size)
             parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_GP4
         elif parttype == "rpmb":
             parttype = EMMC_PartitionType.MTK_DA_EMMC_PART_RPMB
+        return length, parttype
+
+    def readflash(self, addr, length, filename, parttype=None, display=True):
+        length, parttype = self.get_parttype(length, parttype)
         self.check_usb_cmd()
         packetsize = 0x0
         if self.daconfig.flashtype == "emmc":
@@ -1210,7 +1246,7 @@ class DALegacy(metaclass=LogBase):
             self.daconfig.readsize = self.daconfig.flashsize // self.daconfig.pagesize * (
                     self.daconfig.pagesize + self.daconfig.sparesize)
         if display:
-            self.progress.show_progress("Read",0,100,display)
+            self.progress.show_progress("Read", 0, 100, display)
         if filename != "":
             with open(filename, "wb") as wf:
                 bytestoread = length
@@ -1220,10 +1256,10 @@ class DALegacy(metaclass=LogBase):
                         size = packetsize
                     wf.write(self.usbread(size))
                     bytestoread -= size
-                    checksum = unpack(">H", self.usbread(1)+self.usbread(1))[0]
+                    checksum = unpack(">H", self.usbread(1) + self.usbread(1))[0]
                     self.debug("Checksum: %04X" % checksum)
                     self.usbwrite(self.Rsp.ACK)
-                    self.progress.show_progress("Read", length-bytestoread, length, display)
+                    self.progress.show_progress("Read", length - bytestoread, length, display)
                 self.progress.show_progress("Read", 100, 100, display)
                 return True
         else:
@@ -1238,6 +1274,6 @@ class DALegacy(metaclass=LogBase):
                 checksum = unpack(">H", self.usbread(2))[0]
                 self.debug("Checksum: %04X" % checksum)
                 self.usbwrite(self.Rsp.ACK)
-                self.progress.show_progress("Read", length-bytestoread, length, display)
+                self.progress.show_progress("Read", length - bytestoread, length, display)
             self.progress.show_progress("Read", 100, 100, display)
             return buffer
diff --git a/mtkclient/Library/mtk_daxflash.py b/mtkclient/Library/mtk_daxflash.py
index 9b4b066..e112259 100755
--- a/mtkclient/Library/mtk_daxflash.py
+++ b/mtkclient/Library/mtk_daxflash.py
@@ -885,7 +885,7 @@ class DAXFlash(metaclass=LogBase):
                     dsize = min(write_packet_size, bytestowrite)
                     if fh:
                         data = bytearray(fh.read(dsize))
-                        if len(data)<0x200:
+                        if len(data)<write_packet_size:
                             data.extend(b"\x00"*fill)
                     else:
                         data = wdata[pos:pos + dsize]
@@ -945,18 +945,18 @@ class DAXFlash(metaclass=LogBase):
         self.info(f"Uploading stage 1 from {os.path.basename(loader)}")
         with open(loader, 'rb') as bootldr:
             # stage 1
-            da1offset = self.daconfig.da[2]["m_buf"]
-            da1size = self.daconfig.da[2]["m_len"]
-            da1address = self.daconfig.da[2]["m_start_addr"]
-            da2address = self.daconfig.da[2]["m_start_addr"]
-            da1sig_len = self.daconfig.da[2]["m_sig_len"]
+            da1offset = self.daconfig.da.region[1].m_buf
+            da1size = self.daconfig.da.region[1].m_len
+            da1address = self.daconfig.da.region[1].m_start_addr
+            da2address = self.daconfig.da.region[1].m_start_addr
+            da1sig_len = self.daconfig.da.region[1].m_sig_len
             bootldr.seek(da1offset)
             da1 = bootldr.read(da1size)
             # ------------------------------------------------
-            da2offset = self.daconfig.da[3]["m_buf"]
-            da2sig_len = self.daconfig.da[3]["m_sig_len"]
+            da2offset = self.daconfig.da.region[2].m_buf
+            da2sig_len = self.daconfig.da.region[2].m_sig_len
             bootldr.seek(da2offset)
-            da2 = bootldr.read(self.daconfig.da[3]["m_len"])
+            da2 = bootldr.read(self.daconfig.da.region[2].m_len)
 
             hashaddr, hashmode = self.compute_hash_pos(da1, da2[:-da2sig_len])
             if hashaddr is not None:
@@ -983,7 +983,7 @@ class DAXFlash(metaclass=LogBase):
                             self.info("Successfully received DA sync")
                             return True
                         else:
-                            self.error("Error on jumping to DA: " + hexlify(res).decode('utf-8'))
+                            self.error(f"Error jumping to DA: {res}")
                 else:
                     self.error("Error on jumping to DA.")
             else:
@@ -1041,7 +1041,7 @@ class DAXFlash(metaclass=LogBase):
             # dramtype = self.get_dram_type()
             stage = None
             if connagent == b"brom":
-                stage = 2
+                stage = 1
                 if self.daconfig.emi is None:
                     self.info("No preloader given. Searching for preloader")
                     found = False
@@ -1073,12 +1073,12 @@ class DAXFlash(metaclass=LogBase):
                     else:
                         self.info("Sending emi data succeeded.")
             elif connagent == b"preloader":
-                stage = 2
-            if stage == 2:
+                stage = 1
+            if stage == 1:
                 self.info("Uploading stage 2...")
                 with open(self.daconfig.loader, 'rb') as bootldr:
                     stage = stage + 1
-                    loaded = self.boot_to(self.daconfig.da[stage]["m_start_addr"], self.daconfig.da2)
+                    loaded = self.boot_to(self.daconfig.da.region[stage].m_start_addr, self.daconfig.da2)
                     if loaded:
                         self.info("Successfully uploaded stage 2")
                         self.reinit(True)
diff --git a/mtkclient/Library/mtk_preloader.py b/mtkclient/Library/mtk_preloader.py
index 3a137b4..1b9a8b3 100755
--- a/mtkclient/Library/mtk_preloader.py
+++ b/mtkclient/Library/mtk_preloader.py
@@ -2,6 +2,7 @@
 # -*- coding: utf-8 -*-
 # (c) B.Kerler 2018-2021 MIT License
 import os
+import shutil
 import logging
 from enum import Enum
 from struct import unpack, pack
diff --git a/mtkclient/Library/pltools.py b/mtkclient/Library/pltools.py
index 95b42ad..25eb9bd 100755
--- a/mtkclient/Library/pltools.py
+++ b/mtkclient/Library/pltools.py
@@ -46,7 +46,7 @@ class PLTools(metaclass=LogBase):
         self.pathconfig = pathconfig()
         if loglevel == logging.DEBUG:
             logfilename = os.path.join("logs", "log.txt")
-            fh = logging.FileHandler(logfilename)
+            fh = logging.FileHandler(logfilename, encoding='utf-8')
             self.__logger.addHandler(fh)
             self.__logger.setLevel(logging.DEBUG)
         else:
diff --git a/mtkclient/Library/usblib.py b/mtkclient/Library/usblib.py
index 39bf3ca..9e6a160 100755
--- a/mtkclient/Library/usblib.py
+++ b/mtkclient/Library/usblib.py
@@ -95,7 +95,7 @@ class usb_class(metaclass=LogBase):
         self.__logger.setLevel(loglevel)
         if loglevel == logging.DEBUG:
             logfilename = os.path.join("logs", "log.txt")
-            fh = logging.FileHandler(logfilename)
+            fh = logging.FileHandler(logfilename, encoding='utf-8')
             self.__logger.addHandler(fh)
 
         if sys.platform.startswith('freebsd') or sys.platform.startswith('linux'):
diff --git a/mtkclient/Library/utils.py b/mtkclient/Library/utils.py
index 27956cd..290d10e 100755
--- a/mtkclient/Library/utils.py
+++ b/mtkclient/Library/utils.py
@@ -14,8 +14,9 @@ import copy
 import time
 import io
 import datetime as dt
-sys.stdout = io.TextIOWrapper(sys.stdout.detach(), encoding = 'utf-8')
-sys.stderr = io.TextIOWrapper(sys.stderr.detach(), encoding = 'utf-8')
+
+sys.stdout = io.TextIOWrapper(sys.stdout.detach(), encoding='utf-8')
+sys.stderr = io.TextIOWrapper(sys.stderr.detach(), encoding='utf-8')
 
 try:
     from capstone import *
@@ -59,6 +60,7 @@ def find_binary(data, strf, pos=0):
             pre += 1
     return None
 
+
 class progress:
     def __init__(self, pagesize):
         self.progtime = 0
@@ -76,7 +78,7 @@ class progress:
             lefttime = testimated - telapsed  # in seconds
             return (int(telapsed), int(lefttime), finishtime)
         else:
-            return 0,0,""
+            return 0, 0, ""
 
     def show_progress(self, prefix, pos, total, display=True):
         prog = round(float(pos) / float(total) * float(100), 1)
@@ -136,28 +138,39 @@ class structhelper:
         self.pos = 0
         self.data = data
 
-    def qword(self):
-        dat = unpack("<Q", self.data[self.pos:self.pos + 8])[0]
+    def qword(self, big=False):
+        e = ">" if big else "<"
+        dat = unpack(e + "Q", self.data[self.pos:self.pos + 8])[0]
         self.pos += 8
         return dat
 
-    def dword(self):
-        dat = unpack("<I", self.data[self.pos:self.pos + 4])[0]
+    def dword(self, big=False):
+        e = ">" if big else "<"
+        dat = unpack(e + "I", self.data[self.pos:self.pos + 4])[0]
         self.pos += 4
         return dat
 
-    def dwords(self, dwords=1):
-        dat = unpack("<" + str(dwords) + "I", self.data[self.pos:self.pos + 4 * dwords])
+    def dwords(self, dwords=1, big=False):
+        e = ">" if big else "<"
+        dat = unpack(e + str(dwords) + "I", self.data[self.pos:self.pos + 4 * dwords])
         self.pos += 4 * dwords
         return dat
 
-    def short(self):
-        dat = unpack("<H", self.data[self.pos:self.pos + 2])[0]
+    def qwords(self, qwords=1, big=False):
+        e = ">" if big else "<"
+        dat = unpack(e + str(qwords) + "Q", self.data[self.pos:self.pos + 8 * qwords])
+        self.pos += 4 * qwords
+        return dat
+
+    def short(self, big=False):
+        e = ">" if big else "<"
+        dat = unpack(e + "H", self.data[self.pos:self.pos + 2])[0]
         self.pos += 2
         return dat
 
-    def shorts(self, shorts):
-        dat = unpack("<" + str(shorts) + "H", self.data[self.pos:self.pos + 2 * shorts])
+    def shorts(self, shorts, big=False):
+        e = ">" if big else "<"
+        dat = unpack(e + str(shorts) + "H", self.data[self.pos:self.pos + 2 * shorts])
         self.pos += 2 * shorts
         return dat
 
@@ -358,7 +371,7 @@ def logsetup(self, logger, loglevel):
     self.warning = logger.warning
     if loglevel == logging.DEBUG:
         logfilename = os.path.join("logs", "log.txt")
-        fh = logging.FileHandler(logfilename)
+        fh = logging.FileHandler(logfilename, encoding='utf-8')
         logger.addHandler(fh)
         logger.setLevel(logging.DEBUG)
     else:
diff --git a/mtkclient/Library/xflash_ext.py b/mtkclient/Library/xflash_ext.py
index 99b3ac3..0583f7d 100644
--- a/mtkclient/Library/xflash_ext.py
+++ b/mtkclient/Library/xflash_ext.py
@@ -120,7 +120,7 @@ class xflashext(metaclass=LogBase):
 
     def patch(self):
         self.da2 = self.xflash.daconfig.da2
-        self.da2address = self.xflash.daconfig.da[3]["m_start_addr"]  # at_address
+        self.da2address = self.xflash.daconfig.da.region[2].m_start_addr  # at_address
         daextensions = os.path.join(self.pathconfig.get_payloads_path(), "da_x.bin")
         if os.path.exists(daextensions):
             daextdata = bytearray(open(daextensions, "rb").read())
@@ -515,6 +515,8 @@ class xflashext(metaclass=LogBase):
             socid = bytes.fromhex(open(os.path.join("logs", "socid.txt"), "r").read())
             self.info("SOCID        : " + hexlify(socid).decode('utf-8'))
         if self.config.chipconfig.dxcc_base is not None:
+            self.info("Generating dxcc platkey + provkey key...")
+            platkey, provkey = hwc.aes_hwcrypt(btype="dxcc", mode="prov")
             self.info("Generating dxcc rpmbkey...")
             rpmbkey = hwc.aes_hwcrypt(btype="dxcc", mode="rpmb")
             self.info("Generating dxcc fdekey...")
@@ -523,7 +525,8 @@ class xflashext(metaclass=LogBase):
             rpmb2key = hwc.aes_hwcrypt(btype="dxcc", mode="rpmb2")
             self.info("Generating dxcc itrustee key...")
             ikey = hwc.aes_hwcrypt(btype="dxcc", mode="itrustee")
-
+            self.info("Provkey     : " + hexlify(provkey).decode('utf-8'))
+            self.info("Platkey     : " + hexlify(platkey).decode('utf-8'))
             if rpmbkey is not None:
                 self.info("RPMB        : " + hexlify(rpmbkey).decode('utf-8'))
                 open(os.path.join("logs", "rpmbkey.txt"), "wb").write(hexlify(rpmbkey))
@@ -543,10 +546,15 @@ class xflashext(metaclass=LogBase):
                 open(os.path.join("logs", "hrid.txt"), "wb").write(hexlify(hrid))
             """
         elif self.config.chipconfig.sej_base is not None:
+            if meid == b"":
+                if self.config.chipconfig.meid_addr:
+                    meid = self.custom_read(self.config.chipconfig.meid_addr,16)
             if meid != b"":
                 self.info("Generating sej rpmbkey...")
                 self.setotp(hwc)
                 rpmbkey = hwc.aes_hwcrypt(mode="rpmb", data=meid, btype="sej")
                 self.info("RPMB        : " + hexlify(rpmbkey).decode('utf-8'))
                 open(os.path.join("logs", "rpmbkey.txt"), "wb").write(hexlify(rpmbkey))
+            else:
+                self.info("SEJ Mode: No meid found. Are you in brom mode ?")
         return True
diff --git a/mtkclient/Loader/MTK_AllInOne_DA_5.2124.bin b/mtkclient/Loader/MTK_AllInOne_DA_5.2136.bin
similarity index 82%
rename from mtkclient/Loader/MTK_AllInOne_DA_5.2124.bin
rename to mtkclient/Loader/MTK_AllInOne_DA_5.2136.bin
index 4b0316f..ca42c17 100644
Binary files a/mtkclient/Loader/MTK_AllInOne_DA_5.2124.bin and b/mtkclient/Loader/MTK_AllInOne_DA_5.2136.bin differ
diff --git a/mtkclient/config/brom_config.py b/mtkclient/config/brom_config.py
index 632179e..7915c8c 100644
--- a/mtkclient/config/brom_config.py
+++ b/mtkclient/config/brom_config.py
@@ -611,29 +611,30 @@ hwconfig = {
         description="Helio P20",
         loader="mt6757_payload.bin"),
     0x688: chipconfig(
-        # var1
-        watchdog=0x10210000,
+        var1=0xA,
+        watchdog=0x10211000, #
         uart=0x11020000,
-        brom_payload_addr=0x100A00,
-        da_payload_addr=0x201000,
+        brom_payload_addr=0x100A00, #
+        da_payload_addr=0x201000, #
         pl_payload_addr=0x40200000,  #
-        gcpu_base=0x10050000,
+        gcpu_base=0x10050000, #
         sej_base=0x10080000,  # hacc
-        dxcc_base=0x11240000,
-        cqdma_base=0x10200000,
-        ap_dma_mem=0x11000000 + 0x1A0,
-        # blacklist
-        # blacklist_count
-        # send_ptr
-        # ctrl_buffer
-        # cmd_handler
-        # brom_Register_access
-        # meid_addr
+        dxcc_base=0x11240000, #
+        cqdma_base=0x10200000, #
+        ap_dma_mem=0x11000000 + 0x1A0, #
+        blacklist=[(0x102830,0),(0x106A60,0)],
+        blacklist_count=0xA,
+        send_ptr=(0x102874,0xd860),
+        ctrl_buffer=0x102B28,
+        cmd_handler=0xE58D, 
+        brom_register_access=(0xdc74,0xdd2c),
+        meid_addr=0x102bf8,
+        socid_addr=0x102c08,
         damode=damodes.XFLASH,
         dacode=0x6758,
         name="MT6758",
         description="Helio P30",
-        # loader
+        loader="mt6758_payload.bin"
     ),
     0x507: chipconfig(  # var1
         watchdog=0x10210000,
diff --git a/mtkclient/config/missing_brom.txt b/mtkclient/config/missing_brom.txt
new file mode 100644
index 0000000..653349d
--- /dev/null
+++ b/mtkclient/config/missing_brom.txt
@@ -0,0 +1,34 @@
+mt0571
+mt0598
+mt0992
+
+mt2503
+mt3967
+mt5700
+mt6255
+mt6280
+
+mt6516
+mt6570  = 0x633
+mt6571
+mt6573
+mt6575
+mt6577
+mt6588
+mt6583
+
+mt6750  = 6x601
+mt6752
+mt6758  = 0x688
+mt6759  = 0x507
+
+mt6877  = 0x959
+
+mt8110
+mt8135
+mt8168
+mt8176
+mt8195  = 0x930
+mt8512
+mt8518
+mt8696  = 0x908
\ No newline at end of file
diff --git a/mtkclient/config/usb_ids.py b/mtkclient/config/usb_ids.py
index 420e5dd..7914999 100755
--- a/mtkclient/config/usb_ids.py
+++ b/mtkclient/config/usb_ids.py
@@ -7,5 +7,4 @@ default_ids = [
     [0x1004, 0x6000, 2], # LG Preloader
     [0x22d9, 0x0006, -1], # OPPO Preloader
     [0x0FCE, 0xF200, -1], # Sony Brom
-    [0x1a86, 0x7523, 0]
 ]
diff --git a/mtkclient/payloads/da_x.bin b/mtkclient/payloads/da_x.bin
index 012eb4b..e13d32d 100755
Binary files a/mtkclient/payloads/da_x.bin and b/mtkclient/payloads/da_x.bin differ
diff --git a/mtkclient/payloads/mt6758_payload.bin b/mtkclient/payloads/mt6758_payload.bin
new file mode 100755
index 0000000..86590c6
Binary files /dev/null and b/mtkclient/payloads/mt6758_payload.bin differ
diff --git a/stage2 b/stage2
index 5944481..32f4bac 100755
--- a/stage2
+++ b/stage2
@@ -33,7 +33,7 @@ class Stage2(metaclass=LogBase):
             logfilename = os.path.join("logs", "log.txt")
             if os.path.exists(logfilename):
                 os.remove(logfilename)
-            fh = logging.FileHandler(logfilename)
+            fh = logging.FileHandler(logfilename, encoding='utf-8')
             self.__logger.addHandler(fh)
             self.__logger.setLevel(logging.DEBUG)
         else: