mirror of
https://github.com/bkerler/mtkclient.git
synced 2025-01-05 20:22:11 -05:00
1. Fix kamakiri not working
2. Fix vendor interfaces not detected (aka CDC Interface issue) 3. Fix UFS read flash issue 4. Add further improvements for meid detection
This commit is contained in:
Bjoern Kerler
parent
6e2686bc7a
commit
646311cd3d
11 changed files with 187 additions and 95 deletions
|
|
@ -49,7 +49,9 @@ sudo usermod -a -G dialout $USER
|
||||||
sudo cp Setup/Linux/*.rules /etc/udev/rules.d
|
sudo cp Setup/Linux/*.rules /etc/udev/rules.d
|
||||||
sudo udevadm control -R
|
sudo udevadm control -R
|
||||||
```
|
```
|
||||||
Make sure to reboot after adding the user to dialout/plugdev.
|
Make sure to reboot after adding the user to dialout/plugdev. If the device
|
||||||
|
has a vendor interface 0xFF (like LG), make sure to add "blacklist qcaux" to
|
||||||
|
the "/etc/modprobe.d/blacklist.conf".
|
||||||
|
|
||||||
---------------------------------------------------------------------------------------------------------------
|
---------------------------------------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -132,7 +132,7 @@ class Port(metaclass=LogBase):
|
||||||
data = [data]
|
data = [data]
|
||||||
for val in data:
|
for val in data:
|
||||||
self.usbwrite(val)
|
self.usbwrite(val)
|
||||||
tmp = self.usbread(len(val))
|
tmp = self.usbread(len(val), maxtimeout=0)
|
||||||
# print(hexlify(tmp))
|
# print(hexlify(tmp))
|
||||||
if val != tmp:
|
if val != tmp:
|
||||||
return False
|
return False
|
||||||
|
|
|
||||||
|
|
@ -71,8 +71,11 @@ class Kamakiri(metaclass=LogBase):
|
||||||
|
|
||||||
def kamakiri2(self, addr):
|
def kamakiri2(self, addr):
|
||||||
self.udev = self.mtk.port.cdc.device
|
self.udev = self.mtk.port.cdc.device
|
||||||
self.udev.ctrl_transfer(0x21, 0x20, 0, 0, self.linecode + array.array('B', pack("<I", addr)))
|
try:
|
||||||
self.udev.ctrl_transfer(0x80, 0x6, 0x0200, 0, 9)
|
self.udev.ctrl_transfer(0x21, 0x20, 0, 0, self.linecode + array.array('B', pack("<I", addr)))
|
||||||
|
self.udev.ctrl_transfer(0x80, 0x6, 0x0200, 0, 9)
|
||||||
|
except:
|
||||||
|
pass
|
||||||
|
|
||||||
def da_read_write(self, address, length, data=None, check_result=True):
|
def da_read_write(self, address, length, data=None, check_result=True):
|
||||||
self.udev = self.mtk.port.cdc.device
|
self.udev = self.mtk.port.cdc.device
|
||||||
|
|
@ -214,6 +217,7 @@ class Kamakiri(metaclass=LogBase):
|
||||||
return True, address
|
return True, address
|
||||||
except RuntimeError:
|
except RuntimeError:
|
||||||
try:
|
try:
|
||||||
|
self.info("Bruteforce, testing " + hex(address) + "...")
|
||||||
self.mtk.preloader.read32(addr)
|
self.mtk.preloader.read32(addr)
|
||||||
except:
|
except:
|
||||||
return False, address + 4
|
return False, address + 4
|
||||||
|
|
|
||||||
|
|
@ -185,7 +185,6 @@ class legacyext(metaclass=LogBase):
|
||||||
|
|
||||||
def generate_keys(self):
|
def generate_keys(self):
|
||||||
hwc = self.cryptosetup()
|
hwc = self.cryptosetup()
|
||||||
meid = b""
|
|
||||||
retval = {}
|
retval = {}
|
||||||
retval["hwcode"] = hex(self.config.hwcode)
|
retval["hwcode"] = hex(self.config.hwcode)
|
||||||
meid = self.config.get_meid()
|
meid = self.config.get_meid()
|
||||||
|
|
@ -194,11 +193,10 @@ class legacyext(metaclass=LogBase):
|
||||||
self.info("MEID : " + hexlify(meid).decode('utf-8'))
|
self.info("MEID : " + hexlify(meid).decode('utf-8'))
|
||||||
else:
|
else:
|
||||||
try:
|
try:
|
||||||
if self.config.chipconfig.meid_addr is not None:
|
meid = b"".join([pack("<I", val) for val in self.readmem(0x1008ec, 4)])
|
||||||
meid = b"".join([pack("<I", val) for val in self.readmem(self.config.chipconfig.meid_addr, 4)])
|
self.config.set_meid(meid)
|
||||||
self.config.set_meid(meid)
|
self.info("MEID : " + hexlify(meid).decode('utf-8'))
|
||||||
self.info("MEID : " + hexlify(meid).decode('utf-8'))
|
retval["meid"] = hexlify(meid).decode('utf-8')
|
||||||
retval["meid"] = hexlify(meid).decode('utf-8')
|
|
||||||
except Exception as err:
|
except Exception as err:
|
||||||
pass
|
pass
|
||||||
if socid is not None:
|
if socid is not None:
|
||||||
|
|
@ -206,11 +204,10 @@ class legacyext(metaclass=LogBase):
|
||||||
retval["socid"] = socid
|
retval["socid"] = socid
|
||||||
else:
|
else:
|
||||||
try:
|
try:
|
||||||
if self.config.chipconfig.socid_addr is not None:
|
socid = b"".join([pack("<I", val) for val in self.readmem(0x100934, 8)])
|
||||||
socid = b"".join([pack("<I",val) for val in self.readmem(self.config.chipconfig.socid_addr,8)])
|
self.config.set_socid(socid)
|
||||||
self.config.set_socid(socid)
|
self.info("SOCID : " + hexlify(socid).decode('utf-8'))
|
||||||
self.info("SOCID : " + hexlify(socid).decode('utf-8'))
|
retval["socid"] = hexlify(socid).decode('utf-8')
|
||||||
retval["socid"] = hexlify(socid).decode('utf-8')
|
|
||||||
except Exception as err:
|
except Exception as err:
|
||||||
pass
|
pass
|
||||||
if self.config.chipconfig.dxcc_base is not None:
|
if self.config.chipconfig.dxcc_base is not None:
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@ from binascii import hexlify
|
||||||
from mtkclient.Library.utils import LogBase, logsetup, getint
|
from mtkclient.Library.utils import LogBase, logsetup, getint
|
||||||
from mtkclient.config.payloads import pathconfig
|
from mtkclient.config.payloads import pathconfig
|
||||||
from mtkclient.Library.error import ErrorHandler
|
from mtkclient.Library.error import ErrorHandler
|
||||||
|
from mtkclient.Library.utils import progress
|
||||||
|
|
||||||
class DA_handler(metaclass=LogBase):
|
class DA_handler(metaclass=LogBase):
|
||||||
def __init__(self, mtk, loglevel=logging.INFO):
|
def __init__(self, mtk, loglevel=logging.INFO):
|
||||||
|
|
@ -89,6 +89,8 @@ class DA_handler(metaclass=LogBase):
|
||||||
preloader = self.dump_preloader_ram()
|
preloader = self.dump_preloader_ram()
|
||||||
else:
|
else:
|
||||||
self.info("Device is unprotected.")
|
self.info("Device is unprotected.")
|
||||||
|
#if not mtk.config.is_brom:
|
||||||
|
# self.mtk.preloader.reset_to_brom()
|
||||||
if mtk.config.is_brom:
|
if mtk.config.is_brom:
|
||||||
self.info("Device is in BROM-Mode. Bypassing security.")
|
self.info("Device is in BROM-Mode. Bypassing security.")
|
||||||
mtk = mtk.bypass_security() # Needed for dumping preloader
|
mtk = mtk.bypass_security() # Needed for dumping preloader
|
||||||
|
|
@ -109,8 +111,6 @@ class DA_handler(metaclass=LogBase):
|
||||||
mtk.daloader.writestate()
|
mtk.daloader.writestate()
|
||||||
return mtk
|
return mtk
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def da_gpt(self, directory:str):
|
def da_gpt(self, directory:str):
|
||||||
if directory is None:
|
if directory is None:
|
||||||
directory = ""
|
directory = ""
|
||||||
|
|
@ -234,13 +234,13 @@ class DA_handler(metaclass=LogBase):
|
||||||
def da_rf(self, filename, parttype):
|
def da_rf(self, filename, parttype):
|
||||||
if self.mtk.daloader.daconfig.flashtype == "ufs":
|
if self.mtk.daloader.daconfig.flashtype == "ufs":
|
||||||
if parttype == "lu0":
|
if parttype == "lu0":
|
||||||
length = self.mtk.daloader.daconfig.flashsize[0]
|
length = self.mtk.daloader.daconfig.flashsize
|
||||||
elif parttype == "lu1":
|
elif parttype == "lu1":
|
||||||
length = self.mtk.daloader.daconfig.flashsize[1]
|
length = self.mtk.daloader.daconfig.flashsize
|
||||||
elif parttype == "lu2":
|
elif parttype == "lu2":
|
||||||
length = self.mtk.daloader.daconfig.flashsize[2]
|
length = self.mtk.daloader.daconfig.flashsize
|
||||||
else:
|
else:
|
||||||
length = self.mtk.daloader.daconfig.flashsize[0]
|
length = self.mtk.daloader.daconfig.flashsize
|
||||||
else:
|
else:
|
||||||
length = self.mtk.daloader.daconfig.flashsize
|
length = self.mtk.daloader.daconfig.flashsize
|
||||||
print(f"Dumping sector 0 with flash size {hex(length)} as {filename}.")
|
print(f"Dumping sector 0 with flash size {hex(length)} as {filename}.")
|
||||||
|
|
@ -494,14 +494,34 @@ class DA_handler(metaclass=LogBase):
|
||||||
f"sector count {str(size // 0x200)}.")
|
f"sector count {str(size // 0x200)}.")
|
||||||
|
|
||||||
def da_peek(self, addr: int, length: int, filename: str):
|
def da_peek(self, addr: int, length: int, filename: str):
|
||||||
data = self.mtk.daloader.peek(addr=addr, length=length)
|
bytestoread = length
|
||||||
if data != b"":
|
pos = 0
|
||||||
if filename is not None:
|
pagesize = 0x200
|
||||||
open(filename, "wb").write(data)
|
if self.mtk.daloader.xflash:
|
||||||
self.info(f"Successfully wrote data from {hex(addr)}, length {hex(length)} to {filename}")
|
pagesize = 1*1024*1024
|
||||||
|
pg = progress(pagesize)
|
||||||
|
bytesread=0
|
||||||
|
wf = None
|
||||||
|
if filename is not None:
|
||||||
|
wf = open(filename, "wb")
|
||||||
|
retval = bytearray()
|
||||||
|
while bytestoread > 0:
|
||||||
|
msize = min(bytestoread,pagesize)
|
||||||
|
data = self.mtk.daloader.peek(addr=addr+pos, length=msize)
|
||||||
|
if wf is not None:
|
||||||
|
wf.write(data)
|
||||||
else:
|
else:
|
||||||
self.info(
|
retval.extend(data)
|
||||||
f"Data read from {hex(addr)}, length: {hex(length)}:\n{hexlify(data).decode('utf-8')}\n")
|
pg.show_progress("Dump:",bytesread//pagesize,length//pagesize)
|
||||||
|
pos+=len(data)
|
||||||
|
bytesread+=len(data)
|
||||||
|
bytestoread-=len(data)
|
||||||
|
if filename is not None:
|
||||||
|
wf.close()
|
||||||
|
self.info(f"Successfully wrote data from {hex(addr)}, length {hex(length)} to {filename}")
|
||||||
|
else:
|
||||||
|
self.info(
|
||||||
|
f"Data read from {hex(addr)}, length: {hex(length)}:\n{hexlify(retval).decode('utf-8')}\n")
|
||||||
|
|
||||||
def da_poke(self, addr: int, data: str, filename: str):
|
def da_poke(self, addr: int, data: str, filename: str):
|
||||||
if filename is not None:
|
if filename is not None:
|
||||||
|
|
|
||||||
|
|
@ -865,7 +865,7 @@ class DALegacy(metaclass=LogBase):
|
||||||
skipdl = 0
|
skipdl = 0
|
||||||
self.usbwrite(pack(">I", skipdl))
|
self.usbwrite(pack(">I", skipdl))
|
||||||
elif hwcode == 0x6582:
|
elif hwcode == 0x6582:
|
||||||
newcombo = 0
|
newcombo = 1
|
||||||
self.usbwrite(pack(">I", newcombo))
|
self.usbwrite(pack(">I", newcombo))
|
||||||
time.sleep(0.350)
|
time.sleep(0.350)
|
||||||
buffer = self.usbread(toread)
|
buffer = self.usbread(toread)
|
||||||
|
|
@ -1049,14 +1049,16 @@ class DALegacy(metaclass=LogBase):
|
||||||
self.daconfig.flashsize = self.sdc.m_sdmmc_ua_size
|
self.daconfig.flashsize = self.sdc.m_sdmmc_ua_size
|
||||||
elif self.daconfig.flashtype == "nor":
|
elif self.daconfig.flashtype == "nor":
|
||||||
self.daconfig.flashsize = self.nor.m_nor_flash_size
|
self.daconfig.flashsize = self.nor.m_nor_flash_size
|
||||||
self.info("Reconnecting to preloader")
|
|
||||||
self.set_usb_cmd()
|
|
||||||
self.mtk.port.close(reset=False)
|
|
||||||
time.sleep(2)
|
|
||||||
while not self.mtk.port.cdc.connect():
|
|
||||||
time.sleep(0.5)
|
|
||||||
self.info("Connected to preloader")
|
self.info("Connected to preloader")
|
||||||
self.check_usb_cmd()
|
speed = self.check_usb_cmd()
|
||||||
|
if speed[0] == 0: # 1 = USB High Speed, 2= USB Ultra high speed
|
||||||
|
self.info("Reconnecting to preloader")
|
||||||
|
self.set_usb_cmd()
|
||||||
|
self.mtk.port.close(reset=False)
|
||||||
|
time.sleep(2)
|
||||||
|
while not self.mtk.port.cdc.connect():
|
||||||
|
time.sleep(0.5)
|
||||||
|
self.info("Connected to preloader")
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
@ -1112,14 +1114,13 @@ class DALegacy(metaclass=LogBase):
|
||||||
if self.usbwrite(self.Cmd.USB_CHECK_STATUS): # 72
|
if self.usbwrite(self.Cmd.USB_CHECK_STATUS): # 72
|
||||||
res = self.usbread(1)
|
res = self.usbread(1)
|
||||||
if res == self.Rsp.ACK:
|
if res == self.Rsp.ACK:
|
||||||
res = self.usbread(1)
|
speed = self.usbread(1)
|
||||||
if len(res) > 0:
|
return speed
|
||||||
return True
|
return None
|
||||||
return False
|
|
||||||
|
|
||||||
def set_usb_cmd(self):
|
def set_usb_cmd(self):
|
||||||
if self.usbwrite(self.Cmd.USB_SETUP_PORT): # 72
|
if self.usbwrite(self.Cmd.USB_SETUP_PORT): # 72
|
||||||
if self.usbwrite(b"\x01"):
|
if self.usbwrite(b"\x01"): # USB_HIGH_SPEED
|
||||||
res = self.usbread(1)
|
res = self.usbread(1)
|
||||||
if len(res) > 0:
|
if len(res) > 0:
|
||||||
if res[0] is self.Rsp.ACK[0]:
|
if res[0] is self.Rsp.ACK[0]:
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,15 @@ from struct import unpack, pack
|
||||||
from binascii import hexlify
|
from binascii import hexlify
|
||||||
from mtkclient.Library.utils import LogBase, logsetup
|
from mtkclient.Library.utils import LogBase, logsetup
|
||||||
from mtkclient.Library.error import ErrorHandler
|
from mtkclient.Library.error import ErrorHandler
|
||||||
|
import time
|
||||||
|
|
||||||
|
USBDL_BIT_EN = 0x00000001 # 1: download bit enabled
|
||||||
|
USBDL_BROM = 0x00000002 # 0: usbdl by brom; 1: usbdl by bootloader
|
||||||
|
USBDL_TIMEOUT_MASK = 0x0000FFFC # 14-bit timeout: 0x0000~0x3FFE: second; 0x3FFFF: no timeout
|
||||||
|
USBDL_TIMEOUT_MAX = (USBDL_TIMEOUT_MASK >> 2) # maximum timeout indicates no timeout
|
||||||
|
USBDL_MAGIC = 0x444C0000 # Brom will check this magic number
|
||||||
|
MISC_LOCK_KEY_MAGIC = 0xAD98
|
||||||
|
|
||||||
|
|
||||||
def calc_xflash_checksum(data):
|
def calc_xflash_checksum(data):
|
||||||
checksum = 0
|
checksum = 0
|
||||||
|
|
@ -109,9 +118,9 @@ class Preloader(metaclass=LogBase):
|
||||||
def __init__(self, mtk, loglevel=logging.INFO):
|
def __init__(self, mtk, loglevel=logging.INFO):
|
||||||
self.mtk = mtk
|
self.mtk = mtk
|
||||||
self.__logger = logsetup(self, self.__logger, loglevel, mtk.config.gui)
|
self.__logger = logsetup(self, self.__logger, loglevel, mtk.config.gui)
|
||||||
#self.info = self.__logger.info
|
# self.info = self.__logger.info
|
||||||
#self.debug = self.__logger.debug
|
# self.debug = self.__logger.debug
|
||||||
#self.error = self.__logger.error
|
# self.error = self.__logger.error
|
||||||
self.eh = ErrorHandler()
|
self.eh = ErrorHandler()
|
||||||
self.gcpu = None
|
self.gcpu = None
|
||||||
self.config = mtk.config
|
self.config = mtk.config
|
||||||
|
|
@ -130,7 +139,7 @@ class Preloader(metaclass=LogBase):
|
||||||
os.remove(".state")
|
os.remove(".state")
|
||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
readsocid=self.config.readsocid
|
readsocid = self.config.readsocid
|
||||||
skipwdt = self.config.skipwdt
|
skipwdt = self.config.skipwdt
|
||||||
|
|
||||||
if not display:
|
if not display:
|
||||||
|
|
@ -198,7 +207,7 @@ class Preloader(metaclass=LogBase):
|
||||||
self.info("\tHW subcode:\t\t" + hex(self.config.hwsubcode))
|
self.info("\tHW subcode:\t\t" + hex(self.config.hwsubcode))
|
||||||
self.info("\tHW Ver:\t\t\t" + hex(self.config.hwver))
|
self.info("\tHW Ver:\t\t\t" + hex(self.config.hwver))
|
||||||
self.info("\tSW Ver:\t\t\t" + hex(self.config.swver))
|
self.info("\tSW Ver:\t\t\t" + hex(self.config.swver))
|
||||||
meid=self.get_meid()
|
meid = self.get_meid()
|
||||||
if meid is not None:
|
if meid is not None:
|
||||||
self.config.set_meid(meid)
|
self.config.set_meid(meid)
|
||||||
if self.display:
|
if self.display:
|
||||||
|
|
@ -259,6 +268,33 @@ class Preloader(metaclass=LogBase):
|
||||||
value += b"\x00"
|
value += b"\x00"
|
||||||
self.write32(addr + i, unpack("<I", value))
|
self.write32(addr + i, unpack("<I", value))
|
||||||
|
|
||||||
|
def reset_to_brom(self, en=True, timeout=0):
|
||||||
|
usbdlreg = 0
|
||||||
|
|
||||||
|
# if anything is wrong and caused wdt reset, enter bootrom download mode #
|
||||||
|
timeout = USBDL_TIMEOUT_MAX if timeout == 0 else timeout // 1000
|
||||||
|
timeout <<= 2
|
||||||
|
timeout &= USBDL_TIMEOUT_MASK # usbdl timeout cannot exceed max value
|
||||||
|
|
||||||
|
usbdlreg |= timeout
|
||||||
|
if en:
|
||||||
|
usbdlreg |= USBDL_BIT_EN
|
||||||
|
else:
|
||||||
|
usbdlreg &= ~USBDL_BIT_EN
|
||||||
|
|
||||||
|
usbdlreg &= ~USBDL_BROM
|
||||||
|
# Add magic number for MT6582
|
||||||
|
usbdlreg |= USBDL_MAGIC # | 0x444C0000
|
||||||
|
|
||||||
|
# set BOOT_MISC0 as watchdog resettable
|
||||||
|
RST_CON = self.config.chipconfig.misc_lock + 8
|
||||||
|
USBDL_FLAG = self.config.chipconfig.misc_lock - 0x20
|
||||||
|
self.write32(self.config.chipconfig.misc_lock, MISC_LOCK_KEY_MAGIC)
|
||||||
|
self.write32(RST_CON, 1)
|
||||||
|
self.write32(self.config.chipconfig.misc_lock, 0)
|
||||||
|
self.write32(USBDL_FLAG, usbdlreg)
|
||||||
|
return
|
||||||
|
|
||||||
def run_ext_cmd(self, cmd: bytes = b"\xB1"):
|
def run_ext_cmd(self, cmd: bytes = b"\xB1"):
|
||||||
self.usbwrite(self.Cmd.CMD_C8.value)
|
self.usbwrite(self.Cmd.CMD_C8.value)
|
||||||
assert self.usbread(1) == self.Cmd.CMD_C8.value
|
assert self.usbread(1) == self.Cmd.CMD_C8.value
|
||||||
|
|
@ -474,7 +510,7 @@ class Preloader(metaclass=LogBase):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def get_brom_log(self):
|
def get_brom_log(self):
|
||||||
if self.echo(self.Cmd.BROM_DEBUGLOG.value): # 0xDD
|
if self.echo(self.Cmd.BROM_DEBUGLOG.value): # 0xDD
|
||||||
length = self.rdword()
|
length = self.rdword()
|
||||||
logdata = self.rbyte(length)
|
logdata = self.rbyte(length)
|
||||||
return logdata
|
return logdata
|
||||||
|
|
@ -483,7 +519,7 @@ class Preloader(metaclass=LogBase):
|
||||||
return b""
|
return b""
|
||||||
|
|
||||||
def get_brom_log_new(self):
|
def get_brom_log_new(self):
|
||||||
if self.echo(self.Cmd.GET_BROM_LOG_NEW.value): # 0xDF
|
if self.echo(self.Cmd.GET_BROM_LOG_NEW.value): # 0xDF
|
||||||
length = self.rdword()
|
length = self.rdword()
|
||||||
logdata = self.rbyte(length)
|
logdata = self.rbyte(length)
|
||||||
status = self.rword()
|
status = self.rword()
|
||||||
|
|
@ -502,36 +538,36 @@ class Preloader(metaclass=LogBase):
|
||||||
mode = 0
|
mode = 0
|
||||||
else:
|
else:
|
||||||
mode = 1
|
mode = 1
|
||||||
self.mtk.port.echo(self.Cmd.brom_register_access.value)
|
if self.mtk.port.echo(self.Cmd.brom_register_access.value):
|
||||||
self.mtk.port.echo(pack(">I", mode))
|
self.mtk.port.echo(pack(">I", mode))
|
||||||
self.mtk.port.echo(pack(">I", address))
|
self.mtk.port.echo(pack(">I", address))
|
||||||
self.mtk.port.echo(pack(">I", length))
|
self.mtk.port.echo(pack(">I", length))
|
||||||
status = self.mtk.port.usbread(2)
|
|
||||||
try:
|
|
||||||
status = unpack("<H", status)[0]
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
|
|
||||||
if status != 0:
|
|
||||||
if isinstance(status, int):
|
|
||||||
raise RuntimeError(self.eh.status(status))
|
|
||||||
else:
|
|
||||||
raise RuntimeError("Kamakiri2 failed :(")
|
|
||||||
|
|
||||||
if mode == 0:
|
|
||||||
data = self.mtk.port.usbread(length)
|
|
||||||
else:
|
|
||||||
self.mtk.port.usbwrite(data[:length])
|
|
||||||
|
|
||||||
if check_status:
|
|
||||||
status = self.mtk.port.usbread(2)
|
status = self.mtk.port.usbread(2)
|
||||||
try:
|
try:
|
||||||
status = unpack("<H", status)[0]
|
status = unpack("<H", status)[0]
|
||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
if status != 0:
|
if status != 0:
|
||||||
raise RuntimeError(self.eh.status(status))
|
if isinstance(status, int):
|
||||||
return data
|
raise RuntimeError(self.eh.status(status))
|
||||||
|
else:
|
||||||
|
raise RuntimeError("Kamakiri2 failed :(")
|
||||||
|
|
||||||
|
if mode == 0:
|
||||||
|
data = self.mtk.port.usbread(length)
|
||||||
|
else:
|
||||||
|
self.mtk.port.usbwrite(data[:length])
|
||||||
|
|
||||||
|
if check_status:
|
||||||
|
status = self.mtk.port.usbread(2)
|
||||||
|
try:
|
||||||
|
status = unpack("<H", status)[0]
|
||||||
|
except:
|
||||||
|
pass
|
||||||
|
if status != 0:
|
||||||
|
raise RuntimeError(self.eh.status(status))
|
||||||
|
return data
|
||||||
|
|
||||||
def get_plcap(self):
|
def get_plcap(self):
|
||||||
res = self.sendcmd(self.Cmd.GET_PL_CAP.value, 8) # 0xFB
|
res = self.sendcmd(self.Cmd.GET_PL_CAP.value, 8) # 0xFB
|
||||||
|
|
@ -539,7 +575,7 @@ class Preloader(metaclass=LogBase):
|
||||||
return self.mtk.config.plcap
|
return self.mtk.config.plcap
|
||||||
|
|
||||||
def get_hw_sw_ver(self):
|
def get_hw_sw_ver(self):
|
||||||
res = self.sendcmd(self.Cmd.GET_HW_SW_VER.value, 8) # 0xFC
|
res = self.sendcmd(self.Cmd.GET_HW_SW_VER.value, 8) # 0xFC
|
||||||
return unpack(">HHHH", res)
|
return unpack(">HHHH", res)
|
||||||
|
|
||||||
def get_meid(self):
|
def get_meid(self):
|
||||||
|
|
@ -552,7 +588,7 @@ class Preloader(metaclass=LogBase):
|
||||||
self.mtk.config.meid = self.usbread(length)
|
self.mtk.config.meid = self.usbread(length)
|
||||||
status = unpack("<H", self.usbread(2))[0]
|
status = unpack("<H", self.usbread(2))[0]
|
||||||
if status == 0:
|
if status == 0:
|
||||||
self.config.is_brom=True
|
self.config.is_brom = True
|
||||||
return self.mtk.config.meid
|
return self.mtk.config.meid
|
||||||
else:
|
else:
|
||||||
self.error("Error on get_meid: " + self.eh.status(status))
|
self.error("Error on get_meid: " + self.eh.status(status))
|
||||||
|
|
@ -581,8 +617,8 @@ class Preloader(metaclass=LogBase):
|
||||||
if len(data + sigdata) % 2 != 0:
|
if len(data + sigdata) % 2 != 0:
|
||||||
data += b"\x00"
|
data += b"\x00"
|
||||||
for x in range(0, len(data), 2):
|
for x in range(0, len(data), 2):
|
||||||
gen_chksum ^= unpack("<H", data[x:x + 2])[0] #3CDC
|
gen_chksum ^= unpack("<H", data[x:x + 2])[0] # 3CDC
|
||||||
if len(data)&1!=0:
|
if len(data) & 1 != 0:
|
||||||
gen_chksum ^= data[-1:]
|
gen_chksum ^= data[-1:]
|
||||||
return gen_chksum, data
|
return gen_chksum, data
|
||||||
|
|
||||||
|
|
@ -603,7 +639,7 @@ class Preloader(metaclass=LogBase):
|
||||||
if 0 <= status <= 0xFF:
|
if 0 <= status <= 0xFF:
|
||||||
return True
|
return True
|
||||||
else:
|
else:
|
||||||
self.error(f"upload_data failed with error: "+self.eh.status(status))
|
self.error(f"upload_data failed with error: " + self.eh.status(status))
|
||||||
return False
|
return False
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
self.error(f"upload_data resp error : " + str(e))
|
self.error(f"upload_data resp error : " + str(e))
|
||||||
|
|
|
||||||
|
|
@ -291,7 +291,7 @@ class usb_class(metaclass=LogBase):
|
||||||
for itf in self.configuration:
|
for itf in self.configuration:
|
||||||
if self.devclass == -1:
|
if self.devclass == -1:
|
||||||
self.devclass = 2
|
self.devclass = 2
|
||||||
if itf.bInterfaceClass == self.devclass:
|
if itf.bInterfaceClass in [self.devclass,0xFF]:
|
||||||
if self.interface == -1 or self.interface == itf.bInterfaceNumber:
|
if self.interface == -1 or self.interface == itf.bInterfaceNumber:
|
||||||
self.interface = itf
|
self.interface = itf
|
||||||
self.EP_OUT = EP_OUT
|
self.EP_OUT = EP_OUT
|
||||||
|
|
@ -394,7 +394,7 @@ class usb_class(metaclass=LogBase):
|
||||||
self.verify_data(bytearray(command), "TX:")
|
self.verify_data(bytearray(command), "TX:")
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def usbread(self, resplen):
|
def usbread(self, resplen, maxtimeout=10):
|
||||||
if resplen <= 0:
|
if resplen <= 0:
|
||||||
self.info("Warning !")
|
self.info("Warning !")
|
||||||
res = bytearray()
|
res = bytearray()
|
||||||
|
|
@ -403,6 +403,7 @@ class usb_class(metaclass=LogBase):
|
||||||
epr = self.EP_IN.read
|
epr = self.EP_IN.read
|
||||||
wMaxPacketSize = self.EP_IN.wMaxPacketSize
|
wMaxPacketSize = self.EP_IN.wMaxPacketSize
|
||||||
extend = res.extend
|
extend = res.extend
|
||||||
|
|
||||||
while len(res) < resplen:
|
while len(res) < resplen:
|
||||||
try:
|
try:
|
||||||
extend(epr(resplen))
|
extend(epr(resplen))
|
||||||
|
|
@ -410,7 +411,7 @@ class usb_class(metaclass=LogBase):
|
||||||
error = str(e.strerror)
|
error = str(e.strerror)
|
||||||
if "timed out" in error:
|
if "timed out" in error:
|
||||||
self.debug("Timed out")
|
self.debug("Timed out")
|
||||||
if timeout == 10:
|
if timeout == maxtimeout:
|
||||||
return b""
|
return b""
|
||||||
timeout += 1
|
timeout += 1
|
||||||
pass
|
pass
|
||||||
|
|
|
||||||
|
|
@ -346,7 +346,7 @@ class xflashext(metaclass=LogBase):
|
||||||
def custom_rpmb_init(self):
|
def custom_rpmb_init(self):
|
||||||
hwc = self.cryptosetup()
|
hwc = self.cryptosetup()
|
||||||
if self.config.chipconfig.meid_addr:
|
if self.config.chipconfig.meid_addr:
|
||||||
meid = self.custom_read(self.config.chipconfig.meid_addr, 16)
|
meid = self.custom_read(0x1008ec, 16)
|
||||||
if meid != b"":
|
if meid != b"":
|
||||||
self.config.set_meid(meid)
|
self.config.set_meid(meid)
|
||||||
self.info("Generating sej rpmbkey...")
|
self.info("Generating sej rpmbkey...")
|
||||||
|
|
@ -542,11 +542,10 @@ class xflashext(metaclass=LogBase):
|
||||||
self.info("MEID : " + hexlify(meid).decode('utf-8'))
|
self.info("MEID : " + hexlify(meid).decode('utf-8'))
|
||||||
else:
|
else:
|
||||||
try:
|
try:
|
||||||
if self.config.chipconfig.meid_addr is not None:
|
meid = b"".join([pack("<I", val) for val in self.readmem(0x1008ec, 4)])
|
||||||
meid = b"".join([pack("<I", val) for val in self.readmem(self.config.chipconfig.meid_addr, 4)])
|
self.config.set_meid(meid)
|
||||||
self.config.set_meid(meid)
|
self.info("MEID : " + hexlify(meid).decode('utf-8'))
|
||||||
self.info("MEID : " + hexlify(meid).decode('utf-8'))
|
retval["meid"]=hexlify(meid).decode('utf-8')
|
||||||
retval["meid"]=hexlify(meid).decode('utf-8')
|
|
||||||
except Exception as err:
|
except Exception as err:
|
||||||
pass
|
pass
|
||||||
if socid is not None:
|
if socid is not None:
|
||||||
|
|
@ -554,11 +553,10 @@ class xflashext(metaclass=LogBase):
|
||||||
retval["socid"] = hexlify(socid).decode('utf-8')
|
retval["socid"] = hexlify(socid).decode('utf-8')
|
||||||
else:
|
else:
|
||||||
try:
|
try:
|
||||||
if self.config.chipconfig.socid_addr is not None:
|
socid = b"".join([pack("<I", val) for val in self.readmem(0x100934, 8)])
|
||||||
socid = b"".join([pack("<I", val) for val in self.readmem(self.config.chipconfig.socid_addr, 8)])
|
self.config.set_socid(socid)
|
||||||
self.config.set_socid(socid)
|
self.info("SOCID : " + hexlify(socid).decode('utf-8'))
|
||||||
self.info("SOCID : " + hexlify(socid).decode('utf-8'))
|
retval["socid"] = hexlify(socid).decode('utf-8')
|
||||||
retval["socid"] = hexlify(socid).decode('utf-8')
|
|
||||||
except Exception as err:
|
except Exception as err:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
@ -608,8 +606,7 @@ class xflashext(metaclass=LogBase):
|
||||||
val=json.loads(open("tee.json","r").read())
|
val=json.loads(open("tee.json","r").read())
|
||||||
self.decrypt_tee(val["filename"],bytes.fromhex(val["data"]),bytes.fromhex(val["data2"]))
|
self.decrypt_tee(val["filename"],bytes.fromhex(val["data"]),bytes.fromhex(val["data2"]))
|
||||||
if meid == b"":
|
if meid == b"":
|
||||||
if self.config.chipconfig.meid_addr:
|
meid = self.custom_read(0x1008ec, 16)
|
||||||
meid = self.custom_read(self.config.chipconfig.meid_addr, 16)
|
|
||||||
if meid != b"":
|
if meid != b"":
|
||||||
self.config.set_meid(meid)
|
self.config.set_meid(meid)
|
||||||
self.info("Generating sej rpmbkey...")
|
self.info("Generating sej rpmbkey...")
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ class chipconfig:
|
||||||
gcpu_base=None, ap_dma_mem=None, name="", description="", dacode=None,
|
gcpu_base=None, ap_dma_mem=None, name="", description="", dacode=None,
|
||||||
meid_addr=None, socid_addr=None, blacklist=(), blacklist_count=None,
|
meid_addr=None, socid_addr=None, blacklist=(), blacklist_count=None,
|
||||||
send_ptr=None, ctrl_buffer=(), cmd_handler=None, brom_register_access=None,
|
send_ptr=None, ctrl_buffer=(), cmd_handler=None, brom_register_access=None,
|
||||||
damode=damodes.DEFAULT, loader=None, prov_addr=None):
|
damode=damodes.DEFAULT, loader=None, prov_addr=None, misc_lock=None):
|
||||||
self.var1 = var1
|
self.var1 = var1
|
||||||
self.watchdog = watchdog
|
self.watchdog = watchdog
|
||||||
self.uart = uart
|
self.uart = uart
|
||||||
|
|
@ -36,6 +36,7 @@ class chipconfig:
|
||||||
self.dacode = dacode
|
self.dacode = dacode
|
||||||
self.damode = damode
|
self.damode = damode
|
||||||
self.loader = loader
|
self.loader = loader
|
||||||
|
self.misc_lock = misc_lock
|
||||||
|
|
||||||
# Credits to cyrozap and Chaosmaster for some values
|
# Credits to cyrozap and Chaosmaster for some values
|
||||||
"""
|
"""
|
||||||
|
|
@ -261,6 +262,7 @@ hwconfig = {
|
||||||
# cqdma_base
|
# cqdma_base
|
||||||
# ap_dma_mem
|
# ap_dma_mem
|
||||||
# blacklist
|
# blacklist
|
||||||
|
misc_lock=0x1000141C,
|
||||||
damode=damodes.DEFAULT, #
|
damode=damodes.DEFAULT, #
|
||||||
dacode=0x6571,
|
dacode=0x6571,
|
||||||
name="MT6571"),
|
name="MT6571"),
|
||||||
|
|
@ -283,6 +285,7 @@ hwconfig = {
|
||||||
cmd_handler=0x40C5AF,
|
cmd_handler=0x40C5AF,
|
||||||
brom_register_access=(0x40bd48, 0x40befc),
|
brom_register_access=(0x40bd48, 0x40befc),
|
||||||
meid_addr=0x11142C34,
|
meid_addr=0x11142C34,
|
||||||
|
misc_lock=0x1000141C,
|
||||||
damode=damodes.DEFAULT, #
|
damode=damodes.DEFAULT, #
|
||||||
dacode=0x6572,
|
dacode=0x6572,
|
||||||
name="MT6572",
|
name="MT6572",
|
||||||
|
|
@ -346,6 +349,7 @@ hwconfig = {
|
||||||
ctrl_buffer=0x00103060,
|
ctrl_buffer=0x00103060,
|
||||||
cmd_handler=0x0000C113,
|
cmd_handler=0x0000C113,
|
||||||
brom_register_access=(0xb8e0, 0xba94),
|
brom_register_access=(0xb8e0, 0xba94),
|
||||||
|
misc_lock=0x10001838,
|
||||||
meid_addr=0x1030B4,
|
meid_addr=0x1030B4,
|
||||||
damode=damodes.DEFAULT,
|
damode=damodes.DEFAULT,
|
||||||
dacode=0x6580,
|
dacode=0x6580,
|
||||||
|
|
@ -370,6 +374,7 @@ hwconfig = {
|
||||||
cmd_handler=0x0000B2E7,
|
cmd_handler=0x0000B2E7,
|
||||||
brom_register_access=(0xa8d0, 0xaa84),
|
brom_register_access=(0xa8d0, 0xaa84),
|
||||||
meid_addr=0x1030CC,
|
meid_addr=0x1030CC,
|
||||||
|
misc_lock=0x10002050,
|
||||||
damode=damodes.DEFAULT, #
|
damode=damodes.DEFAULT, #
|
||||||
dacode=0x6582,
|
dacode=0x6582,
|
||||||
name="MT6582/MT6574",
|
name="MT6582/MT6574",
|
||||||
|
|
@ -386,6 +391,7 @@ hwconfig = {
|
||||||
# blacklist
|
# blacklist
|
||||||
cqdma_base=0x10212000, # This chip might not support cqdma
|
cqdma_base=0x10212000, # This chip might not support cqdma
|
||||||
ap_dma_mem=0x11000000 + 0x320, # AP_DMA_I2C_0_RX_MEM_ADDR
|
ap_dma_mem=0x11000000 + 0x320, # AP_DMA_I2C_0_RX_MEM_ADDR
|
||||||
|
misc_lock=0x10002050,
|
||||||
damode=damodes.DEFAULT,
|
damode=damodes.DEFAULT,
|
||||||
dacode=0x6589,
|
dacode=0x6589,
|
||||||
name="MT6583/6589"),
|
name="MT6583/6589"),
|
||||||
|
|
@ -408,6 +414,7 @@ hwconfig = {
|
||||||
cmd_handler=0x0000B09F,
|
cmd_handler=0x0000B09F,
|
||||||
brom_register_access=(0xa838, 0xa9ec),
|
brom_register_access=(0xa838, 0xa9ec),
|
||||||
meid_addr=0x1030A8,
|
meid_addr=0x1030A8,
|
||||||
|
misc_lock=0x10002050,
|
||||||
dacode=0x6592,
|
dacode=0x6592,
|
||||||
damode=damodes.DEFAULT, #
|
damode=damodes.DEFAULT, #
|
||||||
name="MT6592",
|
name="MT6592",
|
||||||
|
|
@ -453,6 +460,7 @@ hwconfig = {
|
||||||
cmd_handler=0x0000A17F,
|
cmd_handler=0x0000A17F,
|
||||||
brom_register_access=(0x98cc, 0x9a94),
|
brom_register_access=(0x98cc, 0x9a94),
|
||||||
meid_addr=0x1030B0,
|
meid_addr=0x1030B0,
|
||||||
|
misc_lock=0x10001838,
|
||||||
damode=damodes.DEFAULT, #
|
damode=damodes.DEFAULT, #
|
||||||
dacode=0x6735,
|
dacode=0x6735,
|
||||||
name="MT6735/T",
|
name="MT6735/T",
|
||||||
|
|
@ -502,6 +510,7 @@ hwconfig = {
|
||||||
meid_addr=0x102AF8,
|
meid_addr=0x102AF8,
|
||||||
socid_addr=0x102b08,
|
socid_addr=0x102b08,
|
||||||
prov_addr=0x10720C,
|
prov_addr=0x10720C,
|
||||||
|
misc_lock=0x1001a100,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6739,
|
dacode=0x6739,
|
||||||
name="MT6739/MT6731",
|
name="MT6739/MT6731",
|
||||||
|
|
@ -518,6 +527,7 @@ hwconfig = {
|
||||||
cqdma_base=0x10212C00,
|
cqdma_base=0x10212C00,
|
||||||
ap_dma_mem=0x11000000 + 0x1A0, # AP_DMA_I2C_1_RX_MEM_ADDR
|
ap_dma_mem=0x11000000 + 0x1A0, # AP_DMA_I2C_1_RX_MEM_ADDR
|
||||||
# blacklist
|
# blacklist
|
||||||
|
misc_lock=0x10001838,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6755,
|
dacode=0x6755,
|
||||||
name="MT6750"),
|
name="MT6750"),
|
||||||
|
|
@ -557,6 +567,7 @@ hwconfig = {
|
||||||
meid_addr=0x1030B0,
|
meid_addr=0x1030B0,
|
||||||
damode=damodes.DEFAULT, #
|
damode=damodes.DEFAULT, #
|
||||||
dacode=0x6735,
|
dacode=0x6735,
|
||||||
|
misc_lock=0x10001838,
|
||||||
name="MT6753",
|
name="MT6753",
|
||||||
loader="mt6753_payload.bin"),
|
loader="mt6753_payload.bin"),
|
||||||
0x326: chipconfig(
|
0x326: chipconfig(
|
||||||
|
|
@ -602,6 +613,7 @@ hwconfig = {
|
||||||
cmd_handler=0x0000A8FB,
|
cmd_handler=0x0000A8FB,
|
||||||
brom_register_access=(0xa030, 0xa0e8),
|
brom_register_access=(0xa030, 0xa0e8),
|
||||||
meid_addr=0x1030B4,
|
meid_addr=0x1030B4,
|
||||||
|
misc_lock=0x10001838,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6757,
|
dacode=0x6757,
|
||||||
name="MT6757/MT6757D",
|
name="MT6757/MT6757D",
|
||||||
|
|
@ -679,6 +691,7 @@ hwconfig = {
|
||||||
meid_addr=0x102AF8,
|
meid_addr=0x102AF8,
|
||||||
socid_addr=0x102b08,
|
socid_addr=0x102b08,
|
||||||
prov_addr=0x1054F4,
|
prov_addr=0x1054F4,
|
||||||
|
misc_lock=0x1001a100,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6761,
|
dacode=0x6761,
|
||||||
name="MT6761/MT6762/MT3369/MT8766B",
|
name="MT6761/MT6762/MT3369/MT8766B",
|
||||||
|
|
@ -705,6 +718,7 @@ hwconfig = {
|
||||||
meid_addr=0x102B78,
|
meid_addr=0x102B78,
|
||||||
socid_addr=0x102b88,
|
socid_addr=0x102b88,
|
||||||
prov_addr=0x106804,
|
prov_addr=0x106804,
|
||||||
|
misc_lock=0x1001a100,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6763,
|
dacode=0x6763,
|
||||||
name="MT6763",
|
name="MT6763",
|
||||||
|
|
@ -731,6 +745,7 @@ hwconfig = {
|
||||||
meid_addr=0x102AF8,
|
meid_addr=0x102AF8,
|
||||||
socid_addr=0x102b08,
|
socid_addr=0x102b08,
|
||||||
prov_addr=0x1054F4,
|
prov_addr=0x1054F4,
|
||||||
|
misc_lock=0x1001a100,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6765,
|
dacode=0x6765,
|
||||||
name="MT6765/MT8768t",
|
name="MT6765/MT8768t",
|
||||||
|
|
@ -757,6 +772,7 @@ hwconfig = {
|
||||||
meid_addr=0x102AF8,
|
meid_addr=0x102AF8,
|
||||||
socid_addr=0x102b08,
|
socid_addr=0x102b08,
|
||||||
prov_addr=0x1054F4,
|
prov_addr=0x1054F4,
|
||||||
|
misc_lock=0x1001a100,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6768,
|
dacode=0x6768,
|
||||||
name="MT6768",
|
name="MT6768",
|
||||||
|
|
@ -783,6 +799,7 @@ hwconfig = {
|
||||||
meid_addr=0x102B38,
|
meid_addr=0x102B38,
|
||||||
socid_addr=0x102B48,
|
socid_addr=0x102B48,
|
||||||
prov_addr=0x1065C0,
|
prov_addr=0x1065C0,
|
||||||
|
misc_lock=0x1001a100,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6771,
|
dacode=0x6771,
|
||||||
name="MT6771/MT8385/MT8183/MT8666",
|
name="MT6771/MT8385/MT8183/MT8666",
|
||||||
|
|
@ -819,6 +836,7 @@ hwconfig = {
|
||||||
meid_addr=0x102B38,
|
meid_addr=0x102B38,
|
||||||
socid_addr=0x102B48,
|
socid_addr=0x102B48,
|
||||||
prov_addr=0x1065C0,
|
prov_addr=0x1065C0,
|
||||||
|
misc_lock=0x1001a100,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6779,
|
dacode=0x6779,
|
||||||
name="MT6779",
|
name="MT6779",
|
||||||
|
|
@ -870,6 +888,7 @@ hwconfig = {
|
||||||
meid_addr=0x102B38,
|
meid_addr=0x102B38,
|
||||||
socid_addr=0x102B48,
|
socid_addr=0x102B48,
|
||||||
prov_addr=0x1065C0,
|
prov_addr=0x1065C0,
|
||||||
|
misc_lock=0x1001a100,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6785,
|
dacode=0x6785,
|
||||||
name="MT6785",
|
name="MT6785",
|
||||||
|
|
@ -918,6 +937,7 @@ hwconfig = {
|
||||||
cmd_handler=0x0000AA3F,
|
cmd_handler=0x0000AA3F,
|
||||||
brom_register_access=(0xa18c, 0xa354),
|
brom_register_access=(0xa18c, 0xa354),
|
||||||
meid_addr=0x1030AC,
|
meid_addr=0x1030AC,
|
||||||
|
misc_lock=0x10002050,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6797,
|
dacode=0x6797,
|
||||||
name="MT6797/MT6767",
|
name="MT6797/MT6767",
|
||||||
|
|
@ -994,6 +1014,7 @@ hwconfig = {
|
||||||
meid_addr=0x102b78,
|
meid_addr=0x102b78,
|
||||||
socid_addr=0x102b88,
|
socid_addr=0x102b88,
|
||||||
prov_addr=0x1066C0,
|
prov_addr=0x1066C0,
|
||||||
|
misc_lock=0x1001A100,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6853,
|
dacode=0x6853,
|
||||||
name="MT6853",
|
name="MT6853",
|
||||||
|
|
@ -1020,6 +1041,7 @@ hwconfig = {
|
||||||
meid_addr=0x102B78,
|
meid_addr=0x102B78,
|
||||||
socid_addr=0x102B88,
|
socid_addr=0x102B88,
|
||||||
prov_addr=0x1066C0,
|
prov_addr=0x1066C0,
|
||||||
|
misc_lock=0x1001A100,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6873,
|
dacode=0x6873,
|
||||||
name="MT6873",
|
name="MT6873",
|
||||||
|
|
@ -1073,6 +1095,7 @@ hwconfig = {
|
||||||
meid_addr=0x102B78,
|
meid_addr=0x102B78,
|
||||||
socid_addr=0x102B88,
|
socid_addr=0x102B88,
|
||||||
prov_addr=0x1066C0,
|
prov_addr=0x1066C0,
|
||||||
|
misc_lock=0x1001A100,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
dacode=0x6885,
|
dacode=0x6885,
|
||||||
name="MT6885/MT6883/MT6889/MT6880/MT6890",
|
name="MT6885/MT6883/MT6889/MT6880/MT6890",
|
||||||
|
|
@ -1136,6 +1159,7 @@ hwconfig = {
|
||||||
cmd_handler=0x0000BDF3,
|
cmd_handler=0x0000BDF3,
|
||||||
brom_register_access=(0xb58c, 0xb740),
|
brom_register_access=(0xb58c, 0xb740),
|
||||||
meid_addr=0x1031CC,
|
meid_addr=0x1031CC,
|
||||||
|
misc_lock=0x10002050,
|
||||||
damode=damodes.DEFAULT, #
|
damode=damodes.DEFAULT, #
|
||||||
dacode=0x8127,
|
dacode=0x8127,
|
||||||
name="MT8127/MT3367",
|
name="MT8127/MT3367",
|
||||||
|
|
@ -1183,6 +1207,7 @@ hwconfig = {
|
||||||
cmd_handler=0x0000CCB3,
|
cmd_handler=0x0000CCB3,
|
||||||
brom_register_access=(0xc400, 0xc5c8),
|
brom_register_access=(0xc400, 0xc5c8),
|
||||||
meid_addr=0x1031C0,
|
meid_addr=0x1031C0,
|
||||||
|
misc_lock=0x10002050,
|
||||||
damode=damodes.DEFAULT, #
|
damode=damodes.DEFAULT, #
|
||||||
dacode=0x8163,
|
dacode=0x8163,
|
||||||
name="MT8163",
|
name="MT8163",
|
||||||
|
|
@ -1254,6 +1279,7 @@ hwconfig = {
|
||||||
cmd_handler=0x0000AC6B,
|
cmd_handler=0x0000AC6B,
|
||||||
brom_register_access=(0xa3b8, 0xa580),
|
brom_register_access=(0xa3b8, 0xa580),
|
||||||
meid_addr=0x1230B0,
|
meid_addr=0x1230B0,
|
||||||
|
misc_lock=0x1202050,
|
||||||
damode=damodes.DEFAULT, #
|
damode=damodes.DEFAULT, #
|
||||||
dacode=0x8173,
|
dacode=0x8173,
|
||||||
name="MT8173",
|
name="MT8173",
|
||||||
|
|
@ -1304,6 +1330,7 @@ hwconfig = {
|
||||||
# brom_register_access
|
# brom_register_access
|
||||||
# meid_addr
|
# meid_addr
|
||||||
# socid_addr
|
# socid_addr
|
||||||
|
misc_lock=0x1001A100,
|
||||||
dacode=0x8195,
|
dacode=0x8195,
|
||||||
damode=damodes.XFLASH,
|
damode=damodes.XFLASH,
|
||||||
# description
|
# description
|
||||||
|
|
|
||||||
|
|
@ -74,6 +74,8 @@ class Mtk_Config(metaclass=LogBase):
|
||||||
def get_meid(self):
|
def get_meid(self):
|
||||||
if self.meid is None and self.hwparam is not None:
|
if self.meid is None and self.hwparam is not None:
|
||||||
self.meid = self.hwparam.loadsetting("meid")
|
self.meid = self.hwparam.loadsetting("meid")
|
||||||
|
elif self.meid is not None:
|
||||||
|
self.hwparam.writesetting("meid",hexlify(self.meid).decode('utf-8'))
|
||||||
return self.meid
|
return self.meid
|
||||||
|
|
||||||
def set_socid(self,socid):
|
def set_socid(self,socid):
|
||||||
|
|
@ -183,6 +185,11 @@ class Mtk_Config(metaclass=LogBase):
|
||||||
bmtflag = 1
|
bmtflag = 1
|
||||||
bmtblockcount = 0xA8
|
bmtblockcount = 0xA8
|
||||||
bmtpartsize = 0x1500000
|
bmtpartsize = 0x1500000
|
||||||
|
elif hwcode in [0x6582]:
|
||||||
|
if self.da.daconfig.flashtype == "emmc":
|
||||||
|
bmtflag = 2
|
||||||
|
bmtblockcount = 0xA8
|
||||||
|
bmtpartsize = 0x1500000
|
||||||
elif hwcode in [0x6572]:
|
elif hwcode in [0x6572]:
|
||||||
if self.da.daconfig.flashtype == "nand":
|
if self.da.daconfig.flashtype == "nand":
|
||||||
bmtflag = 0
|
bmtflag = 0
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue