chipmunkmc/mtkclient
1
0
Fork 0
mirror of https://github.com/bkerler/mtkclient.git synced 2024-11-14 19:25:05 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add additional hash patch

Browse source
This commit is contained in:
Bjoern Kerler 2023-06-11 19:27:15 +02:00
parent 7d13beffd9
commit 65e905e32c
No known key found for this signature in database
GPG key ID: 52E823BB96A55380
3 changed files with 40 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
mtkclient/Library/mtk_class.py
View file

@ -34,7 +34,7 @@ class Mtk(metaclass=LogBase):
if preinit:
self.setup(self.vid, self.pid, self.interface, serialportname)
def patch_preloader_security(self, data):
def patch_preloader_security_da1(self, data):
patched = False
data = bytearray(data)
patches = [
@ -69,6 +69,40 @@ class Mtk(metaclass=LogBase):
data = data
return data
def patch_preloader_security_da2(self, data):
patched = False
data = bytearray(data)
patches = [
("A3687BB12846", "0123A3602846", "oppo security"),
("B3F5807F01D1", "B3F5807F01D14FF000004FF000007047", "mt6739 c30"),
("B3F5807F04BF4FF4807305F011B84FF0FF307047", "B3F5807F04BF4FF480734FF000004FF000007047", "regular"),
("10B50C680268", "10B5012010BD", "ram blacklist"),
("08B5104B7B441B681B68", "00207047000000000000", "seclib_sec_usbdl_enabled"),
("5072656C6F61646572205374617274","50617463686564204C205374617274", "Patched loader msg"),
("F0B58BB002AE20250C460746","002070470000000000205374617274", "sec_img_auth"),
("FFC0F3400008BD","FF4FF0000008BD","get_vfy_policy")
]
i = 0
for patchval in patches:
pattern = bytes.fromhex(patchval[0])
idx = data.find(pattern)
if idx != -1:
patch = bytes.fromhex(patchval[1])
data[idx:idx + len(patch)] = patch
self.info(f"Patched \"{patchval[2]}\" in preloader")
patched = True
# break
i += 1
if not patched:
self.warning(f"Failed to patch preloader security")
else:
# with open("preloader.patched", "wb") as wf:
# wf.write(data)
# print("Patched !")
# self.info(f"Patched preloader security: {hex(i)}")
data = data
return data
def parse_preloader(self, preloader):
if isinstance(preloader, str):
if os.path.exists(preloader):

6
mtkclient/Library/mtk_main.py
View file

@ -459,7 +459,7 @@ class Main(metaclass=LogBase):
with open(plstage, "rb") as rf:
rf.seek(0)
if os.path.basename(plstage)!="pl.bin":
pldata = mtk.patch_preloader_security(rf.read())
pldata = mtk.patch_preloader_security_da1(rf.read())
else:
pldata = rf.read()
if mtk.preloader.init():
@ -477,13 +477,13 @@ class Main(metaclass=LogBase):
"Trying to dump preloader from ram.")
plt = PLTools(mtk=mtk, loglevel=self.__logger.level)
dadata, filename = plt.run_dump_preloader(self.args.ptype)
mtk.config.preloader = mtk.patch_preloader_security(dadata)
mtk.config.preloader = mtk.patch_preloader_security_da1(dadata)
if mtk.config.preloader_filename is not None:
self.info("Using custom preloader : " + mtk.config.preloader_filename)
mtk.preloader.setreg_disablewatchdogtimer(mtk.config.hwcode)
daaddr, dadata = mtk.parse_preloader(mtk.config.preloader_filename)
dadata = mtk.config.preloader = mtk.patch_preloader_security(dadata)
dadata = mtk.config.preloader = mtk.patch_preloader_security_da1(dadata)
if mtk.preloader.send_da(daaddr, len(dadata), 0x100, dadata):
self.info(f"Sent preloader to {hex(daaddr)}, length {hex(len(dadata))}")
if mtk.preloader.jump_da(daaddr):

4
mtkclient/Library/xflash_ext.py
View file

@ -173,7 +173,7 @@ class xflashext(metaclass=LogBase):
self.info("Patching da1 ...")
if da1 is not None:
da1patched = bytearray(da1)
da1patched = self.mtk.patch_preloader_security(da1patched)
da1patched = self.mtk.patch_preloader_security_da1(da1patched)
# Patch security
da_version_check = find_binary(da1, b"\x1F\xB5\x00\x23\x01\xA8\x00\x93\x00\xF0\xDE\xFE")
@ -187,7 +187,7 @@ class xflashext(metaclass=LogBase):
return da1patched
def patch_da2(self, da2):
da2 = self.mtk.patch_preloader_security(da2)
da2 = self.mtk.patch_preloader_security_da2(da2)
# Patch error 0xC0030007
self.info("Patching da2 ...")
# open("da2.bin","wb").write(da2)