From 9478832620e2ef527e38fdf8a0580dbe82099b82 Mon Sep 17 00:00:00 2001
From: ColdWindScholar <3590361911@qq.com>
Date: Sat, 4 May 2024 12:06:39 +0800
Subject: [PATCH] Add missing packages to requirements.txt and reformat Some
 Codes

---
 mtkclient/Library/mtk_main.py |   2 +-
 mtkclient/Tools/brom_to_offs  | 138 +++++++++++++++++-----------------
 mtkclient/Tools/da_parser     |  68 +++++++++--------
 requirements.txt              |   2 +
 4 files changed, 111 insertions(+), 99 deletions(-)

diff --git a/mtkclient/Library/mtk_main.py b/mtkclient/Library/mtk_main.py
index 8fbc509..4ed2532 100755
--- a/mtkclient/Library/mtk_main.py
+++ b/mtkclient/Library/mtk_main.py
@@ -561,7 +561,7 @@ class Main(metaclass=LogBase):
                                 for pos in range(offset, offset + length, rlen):
                                     print("Reading pos %08X" % pos)
                                     res = mtk.preloader.read32(pos, rlen // 4)
-                                    if res == []:
+                                    if not res:
                                         break
                                     print(hexlify(b"".join([pack("<I", val) for val in res])).decode('utf-8'))
 
diff --git a/mtkclient/Tools/brom_to_offs b/mtkclient/Tools/brom_to_offs
index 876bcf8..982213f 100755
--- a/mtkclient/Tools/brom_to_offs
+++ b/mtkclient/Tools/brom_to_offs
@@ -63,24 +63,24 @@ def main():
         data = rf.read()
         base = 0
         mpos = find_binary(data, b"\xA0\x0A\x50\x05.\x00\x00\x00", 0)
-        usbdl_get_dword=None
-        usbdl_put_dword=None
-        usbdl_put_word=None
+        usbdl_get_dword = None
+        usbdl_put_dword = None
+        usbdl_put_word = None
         if mpos is not None:
             usbdl_put_data = unpack("<I", data[mpos - 0xC:mpos - 0xC + 4])[0]
-            base = (((usbdl_put_data >> 16) & 0xFFFFF)<<16)
+            base = (((usbdl_put_data >> 16) & 0xFFFFF) << 16)
             usbdl_get_data = unpack("<I", data[mpos - 0x10:mpos - 0x10 + 4])[0]
             usbdl_put_dword = unpack("<I", data[mpos - 0x14:mpos - 0x14 + 4])[0]
             usbdl_get_dword = unpack("<I", data[mpos - 0x18:mpos - 0x18 + 4])[0]
             usbdl_put_word = unpack("<I", data[mpos - 0x1C:mpos - 0x1C + 4])[0]
         else:
-            usbdl_get_data = find_binary(data,"2DE9F04780460F46")
-            usbdl_put_data = find_binary(data,"10B5064AD4689368")
+            usbdl_get_data = find_binary(data, "2DE9F04780460F46")
+            usbdl_put_data = find_binary(data, "10B5064AD4689368")
             usbdl_put_word = find_binary(data, b"\x2D\xE9\xF8\x4F\x80\x46\x8a\x46.\x48")
 
         usbdl_ptr = None
         if usbdl_put_word:
-            mpos=(usbdl_put_word&0xFFFFF)+7
+            mpos = (usbdl_put_word & 0xFFFFF) + 7
             offset, Rn = ldr_lit(mpos,
                                  unpack("<H", data[mpos:mpos + 2])[0])
             usbdl_ptr = (base | offset)
@@ -96,12 +96,12 @@ def main():
                         pos -= 0x4
         if pos is not None:
             pos += 1
-            send_usb_response=base|pos
+            send_usb_response = base | pos
         pos = find_binary(data, b"\x10\xB5.\xF0...\x46", 0)
         if pos is None:
             pos = find_binary(data, b"\xB5.\xF0...\x49", 0)
             if pos is not None:
-                pos-=1
+                pos -= 1
         else:
             pos2 = find_binary(data, "46FFF7", pos + 8)
             if pos2 != None:
@@ -120,58 +120,58 @@ def main():
             startpos = posr + 2
 
         pattern = b"\xB5.\xF0"
-        sla=None
+        sla = None
         if pos is not None:
             sbcpos = pos
-            print("sbc:\t\t\t\t\t\t0x%08X" % (base|pos))
+            print("sbc:\t\t\t\t\t\t0x%08X" % (base | pos))
             pos = find_binary(data, pattern, pos + 8)
             if pos is not None:
                 pos -= 1
-                print("sla:\t\t\t\t\t\t0x%08X" % (base|pos))
-                sla=pos
+                print("sla:\t\t\t\t\t\t0x%08X" % (base | pos))
+                sla = pos
                 if pos is not None:
-                    pos = find_binary(data, pattern, ((base|pos) + 2))
+                    pos = find_binary(data, pattern, ((base | pos) + 2))
                     if pos is not None:
                         pos -= 1
-                        print("daa:\t\t\t\t\t\t0x%08X" % (base|pos))
-        sec_mode=None
-        sec_sbc=None
+                        print("daa:\t\t\t\t\t\t0x%08X" % (base | pos))
+        sec_mode = None
+        sec_sbc = None
         if sla is not None:
-            if data[sla+9]&0xF0==0x60:
+            if data[sla + 9] & 0xF0 == 0x60:
                 offset, Rn = ldr_lit(sla + 6,
                                      unpack("<H", data[sla + 6:sla + 6 + 2])[0])
-                sec_sbc=unpack("<I",data[offset:offset+4])[0]
-                if data[sla+8]==0x51:
-                    sec_sbc+=4
-                sec_mode=0
+                sec_sbc = unpack("<I", data[offset:offset + 4])[0]
+                if data[sla + 8] == 0x51:
+                    sec_sbc += 4
+                sec_mode = 0
             else:
                 mpos = find_binary(data, "48C16809B1", 0)
                 if mpos is not None:
-                    mpos-=1
+                    mpos -= 1
                     sec_mode = 1
                     offset, Rn = ldr_lit(mpos,
-                                         unpack("<H", data[mpos:mpos+2])[0])
-                    rbase=unpack("<I",data[offset:offset+4])[0]
-                    simm5, sRt, sRn = ldr_imm(unpack("<H", data[mpos+2:mpos + 4])[0])
-                    sec_sbc = (rbase+(simm5*4))
-                    instr=unpack("<H", data[sla+0x12:sla+0x12+2])[0]
-                    offset, Rn = ldr_lit(sla+0x12,instr)
-                    rbase=unpack("<I",data[offset:offset+4])[0]
-                    simm5, sRt, sRn = ldr_imm(unpack("<H", data[sla+0x12+2:sla+0x12 + 4])[0])
+                                         unpack("<H", data[mpos:mpos + 2])[0])
+                    rbase = unpack("<I", data[offset:offset + 4])[0]
+                    simm5, sRt, sRn = ldr_imm(unpack("<H", data[mpos + 2:mpos + 4])[0])
+                    sec_sbc = (rbase + (simm5 * 4))
+                    instr = unpack("<H", data[sla + 0x12:sla + 0x12 + 2])[0]
+                    offset, Rn = ldr_lit(sla + 0x12, instr)
+                    rbase = unpack("<I", data[offset:offset + 4])[0]
+                    simm5, sRt, sRn = ldr_imm(unpack("<H", data[sla + 0x12 + 2:sla + 0x12 + 4])[0])
                     sec_sla = (rbase + (simm5 * 4))
 
-        func_wdt=None
-        func_acm=None
+        func_wdt = None
+        func_acm = None
         pos = find_binary(data, "70B50646A648", 0)
         if pos is not None:
             pos += 1
-            func_acm = base|pos
+            func_acm = base | pos
         pos = find_binary(data, "0F4941F6", 0)
         if pos is None:
             pos = find_binary(data, "124941F6", 0)
         if pos is not None:
             pos += 1
-            func_wdt=base|pos
+            func_wdt = base | pos
 
         pos = find_binary(data, "F8B50024", 0)
         if pos is None:
@@ -187,8 +187,8 @@ def main():
                     usb_buffer = unpack("<I", data[offset:offset + 4])[0]
                     break
 
-        vulnaddr=None
-        var1=None
+        vulnaddr = None
+        var1 = None
         pos = find_binary(data, b"\xA1..\xD0\x21", 0)
         if pos is not None:
             for i in range(0, 0x100, 2):
@@ -209,7 +209,8 @@ def main():
                                              unpack("<H", data[vuln_ctrl_handler + i:vuln_ctrl_handler + i + 2])[0])
                         vulnaddr = unpack("<I", data[offset:offset + 4])[0]
                     if data[vuln_ctrl_handler + i + 1] == 0x6A and usb_buffer != 0:
-                        simm5, sRt, sRn = ldr_imm(unpack("<H", data[vuln_ctrl_handler + i:vuln_ctrl_handler + i + 2])[0])
+                        simm5, sRt, sRn = ldr_imm(
+                            unpack("<H", data[vuln_ctrl_handler + i:vuln_ctrl_handler + i + 2])[0])
                         vulnoff = (simm5 * 4)
                         var1 = (usb_buffer - vulnaddr - vulnoff) / 0x34
                         if int(var1) != var1:
@@ -225,19 +226,19 @@ def main():
             pos = find_binary(data, b"\x10\xB5..\xF4.\x00\x21", 0)
         if pos is not None:
             pos += 1
-            cmd_handler=base|pos
+            cmd_handler = base | pos
 
         uart_info = None
         pos = find_binary(data, "10B5114A")
         if pos is not None:
-            uart_info=pos
+            uart_info = pos
 
         uart_addr = None
         pos = find_binary(data, "315F454E930F0E00")
         if pos is None:
             pos = find_binary(data, "0070315F454E00")
             if pos is not None:
-                pos+=6
+                pos += 6
                 uart_addr = unpack("<I", data[pos:pos + 4])[0]
         else:
             pos += 8
@@ -266,8 +267,8 @@ def main():
                     pos += 8
                     instr = unpack("<H", data[pos:pos + 2])[0]
                     offset, Rn = ldr_lit(pos, instr)
-                    blacklist_ptr = unpack("<I", data[offset:offset + 4])[0]&0xFFFFF
-                    blacklist = unpack("<I", data[blacklist_ptr-4:blacklist_ptr-4 + 4])[0]
+                    blacklist_ptr = unpack("<I", data[offset:offset + 4])[0] & 0xFFFFF
+                    blacklist = unpack("<I", data[blacklist_ptr - 4:blacklist_ptr - 4 + 4])[0]
             else:
                 pos += 10
         else:
@@ -282,16 +283,16 @@ def main():
         pos = find_binary(data, b"\x02\x4A\x02\x60")
         if pos is not None:
             pos += 4
-            blacklistcount = unpack("<H", data[pos:pos + 2])[0]&0xF
+            blacklistcount = unpack("<H", data[pos:pos + 2])[0] & 0xF
 
         blacklist2 = None
         pos = find_binary(data, b"\x10\xB5..\xD2\xF8\x90\x30\x10\x32")
         if pos is not None:
-            pos+=2
+            pos += 2
             instr = unpack("<H", data[pos:pos + 2])[0]
             offset, Rn = ldr_lit(pos, instr)
             bl2 = unpack("<I", data[offset:offset + 4])[0]
-            blacklist2 = bl2+0x90
+            blacklist2 = bl2 + 0x90
 
         pos = 0
         memread = None
@@ -314,14 +315,14 @@ def main():
                 payload_addr = unpack("<I", data[pos:pos + 4])[0]
                 break
 
-        coffs=(usbdl_put_data&0xFFFFF)+1
+        coffs = (usbdl_put_data & 0xFFFFF) + 1
         try:
             offset, Rn = ldr_lit(coffs,
-                             unpack("<H", data[coffs:coffs + 2])[0])
+                                 unpack("<H", data[coffs:coffs + 2])[0])
         except:
-            print("Err:"+sys.argv[1])
-        send_ptr_offset=offset
-        send_ptr=unpack("<I",data[offset:offset+4])[0]+8
+            print("Err:" + sys.argv[1])
+        send_ptr_offset = offset
+        send_ptr = unpack("<I", data[offset:offset + 4])[0] + 8
         send_ptr_offset = base | offset
         ctrl_addr = None
         pos = find_binary(data, "41434D2043")
@@ -329,7 +330,6 @@ def main():
             pos -= 0x10
             ctrl_addr = unpack("<I", data[pos:pos + 4])[0]
 
-
         socid_addr = None
         pos = find_binary(data, "10B501212020FF")
         if pos is not None:
@@ -346,18 +346,18 @@ def main():
             offset, Rn = ldr_lit(pos, instr)
             meid_addr = unpack("<I", data[offset:offset + 4])[0]
 
-        brom_register_access=None
-        brom_register_access_ptr=None
+        brom_register_access = None
+        brom_register_access_ptr = None
         pos2 = find_binary(data, "2DE9F04100244FF001")
         if pos2 is not None:
-            brom_register_access = base|pos2
+            brom_register_access = base | pos2
             pos = find_binary(data, b"\xA9\x07.\x48", pos2)
             if pos is not None:
                 pos += 2
                 instr = unpack("<H", data[pos:pos + 2])[0]
                 offset, Rn = ldr_lit(pos, instr)
-                brom_register_access_ptr=base|pos2
-                brom_register_access_ptr_offset=base|offset
+                brom_register_access_ptr = base | pos2
+                brom_register_access_ptr_offset = base | offset
             else:
                 pos = find_binary(data, "194D1B49", pos2)
                 if pos is not None:
@@ -379,7 +379,7 @@ def main():
             print("*sec_mode:\t\t\t\t\t0x%08X" % sec_mode)
         if sec_sbc:
             print("*sec_sbc:\t\t\t\t\t0x%08X" % sec_sbc)
-        if sec_mode==1:
+        if sec_mode == 1:
             print("*sec_sla:\t\t\t\t\t0x%08X" % sec_sla)
         print("*func_usb_buffer:\t\t\t0x%08X" % (func_usb_buffer + 1 | base))
         print("usb_buffer:\t\t\t\t\t0x%08X" % usb_buffer)
@@ -394,7 +394,7 @@ def main():
         if usbdl_ptr:
             print("usbdl_ptr:\t\t\t\t\t\t0x%08X" % usbdl_ptr)
         else:
-            print("Uhoh: "+sys.argv[1])
+            print("Uhoh: " + sys.argv[1])
         if memread:
             print("memread:\t\t\t\t\t0x%08X" % memread)
         if payload_addr:
@@ -422,26 +422,27 @@ def main():
         if cmd_handler:
             print("*cmd_handler:\t\t\t\t0x%08X" % cmd_handler)
         if brom_register_access_ptr:
-            print(f"brom_register_access_ptr:\t\t\t\t\t({hex(brom_register_access_ptr)},{hex(brom_register_access_ptr_offset)}),")
+            print(
+                f"brom_register_access_ptr:\t\t\t\t\t({hex(brom_register_access_ptr)},{hex(brom_register_access_ptr_offset)}),")
         if meid_addr:
             print(f"meid_addr:\t\t\t\t\t{hex(meid_addr)}")
         if socid_addr:
             print(f"socid_addr:\t\t\t\t\t{hex(socid_addr)}")
         print("da_range:\t\t\t\t\t0x%08X" % offset)
 
-    if sec_mode==1:
-        sec_offset=0x28
+    if sec_mode == 1:
+        sec_offset = 0x28
     else:
-        sec_offset=0x40
-        sec_sla=0
+        sec_offset = 0x40
+        sec_sla = 0
 
     if blacklist2 is None:
         blacklist2 = 0
     import os
-    socname=os.path.basename(sys.argv[1]).replace(".bin","")[:6]
+    socname = os.path.basename(sys.argv[1]).replace(".bin", "")[:6]
     try:
         if usbdl_ptr:
-            header =f"""
+            header = f"""
 #include <inttypes.h>
 #define PAYLOAD_2_0    
 char SOC_NAME[] = "{socname}";
@@ -455,7 +456,7 @@ volatile uint32_t **SEC_REG2=(volatile uint32_t **){hex(sec_sla)};
 volatile uint32_t SEC_OFFSET={hex(sec_offset)};
 volatile uint32_t *bladdr=(volatile uint32_t *){hex(blacklist)};
 volatile uint32_t *bladdr2=(volatile uint32_t *){hex(blacklist2)};
-volatile uint32_t *uart_reg0 = (volatile uint32_t*){hex(uart_addr+0x14)};
+volatile uint32_t *uart_reg0 = (volatile uint32_t*){hex(uart_addr + 0x14)};
 volatile uint32_t *uart_reg1 = (volatile uint32_t*){hex(uart_addr)};
 
 int (*cmd_handler)() = (void*){hex(cmd_handler)};
@@ -464,9 +465,10 @@ int (*cmd_handler)() = (void*){hex(cmd_handler)};
             print(header)
             if not os.path.exists("headers"):
                 os.mkdir("headers")
-            open(os.path.join("headers",socname+".h"),"w").write(header)
+            open(os.path.join("headers", socname + ".h"), "w").write(header)
     except:
         print(sys.argv[1])
 
+
 if __name__ == "__main__":
     main()
diff --git a/mtkclient/Tools/da_parser b/mtkclient/Tools/da_parser
index a364eab..8ef3f0c 100755
--- a/mtkclient/Tools/da_parser
+++ b/mtkclient/Tools/da_parser
@@ -6,6 +6,7 @@ from struct import unpack
 from mtkclient.config.payloads import pathconfig
 from mtkclient.Library.utils import read_object
 from mtkclient.Library.utils import find_binary
+
 entry_region = [
     ('m_buf', 'I'),
     ('m_len', 'I'),
@@ -27,7 +28,8 @@ DA = [
     # vector<entry_region> LoadRegion
 ]
 
-efusedb={}
+efusedb = {}
+
 
 def main():
     da_setup = []
@@ -54,7 +56,8 @@ def main():
                     da.append(entry_tmp)
                 da_setup.append(da)
                 print(f"Loader: {os.path.basename(loader)}")
-                dadb[da[0]["hw_code"]]=[("da_payload_addr",da[2]["m_start_addr"]),("pl_payload_addr", da[3]["m_start_addr"])]
+                dadb[da[0]["hw_code"]] = [("da_payload_addr", da[2]["m_start_addr"]),
+                                          ("pl_payload_addr", da[3]["m_start_addr"])]
                 print("hwcode: 0x%04X" % da[0]["hw_code"])
                 print("hw_sub_code: 0x%04X" % da[0]["hw_sub_code"])
                 print("hw_version: 0x%04X" % da[0]["hw_version"])
@@ -62,56 +65,60 @@ def main():
                 print("Reserved1: 0x%04X" % da[0]["reserved1"])
                 print("Reserved3: 0x%04X" % da[0]["reserved3"])
                 for i in range(da[0]["entry_region_count"]):
-                    entry=da[i+1]
-                    print(f"\t{i}: "+hex(entry['m_start_addr']))
-                mbuf=da[3]["m_buf"]
-                m_len=da[3]["m_len"]
-                startaddr=da[3]["m_start_addr"]
-                with open(loader,"rb") as rf:
+                    entry = da[i + 1]
+                    print(f"\t{i}: " + hex(entry['m_start_addr']))
+                mbuf = da[3]["m_buf"]
+                m_len = da[3]["m_len"]
+                startaddr = da[3]["m_start_addr"]
+                with open(loader, "rb") as rf:
                     rf.seek(mbuf)
-                    da2data=rf.read(m_len)
-                    fname=os.path.join("loaders",hex(da[0]["hw_code"])[2:]+"_"+hex(startaddr)[2:]+os.path.basename(loader))
-                    open(fname,"wb").write(da2data)
-                mbuf=da[2]["m_buf"]
-                m_len=da[2]["m_len"]
-                startaddr=da[2]["m_start_addr"]
+                    da2data = rf.read(m_len)
+                    fname = os.path.join("loaders",
+                                         hex(da[0]["hw_code"])[2:] + "_" + hex(startaddr)[2:] + os.path.basename(
+                                             loader))
+                    open(fname, "wb").write(da2data)
+                mbuf = da[2]["m_buf"]
+                m_len = da[2]["m_len"]
+                startaddr = da[2]["m_start_addr"]
                 sys.stdout.flush()
-                with open(loader,"rb") as rf:
+                with open(loader, "rb") as rf:
                     rf.seek(mbuf)
-                    data=rf.read(m_len)
-                    hashidx=data.find(int.to_bytes(0xC0070004,4,'little'))
-                    if hashidx!=-1:
+                    data = rf.read(m_len)
+                    hashidx = data.find(int.to_bytes(0xC0070004, 4, 'little'))
+                    if hashidx != -1:
                         print("Hash check found.")
                     else:
-                        hashidx = data.find(b"\xCC\xF2\x07\x09") # => b"\x4F\xF0\x00\x09""
+                        hashidx = data.find(b"\xCC\xF2\x07\x09")  # => b"\x4F\xF0\x00\x09""
                         if hashidx != -1:
                             print("Hash check 2 found.")
                         else:
-                            hashidx = find_binary(data,b"\x14\x2C\xF6.\xFE\xE7")  # => b"\x14\x2C\xF6\xD1\x00\x00"
+                            hashidx = find_binary(data, b"\x14\x2C\xF6.\xFE\xE7")  # => b"\x14\x2C\xF6\xD1\x00\x00"
                             if hashidx is not None:
                                 print("Hash check 3 found.")
                             else:
                                 print("HASH ERROR !!!!")
 
-                    fname=os.path.join("loaders",hex(da[0]["hw_code"])[2:]+"_"+hex(startaddr)[2:]+os.path.basename(loader))
-                    open(fname,"wb").write(data)
+                    fname = os.path.join("loaders",
+                                         hex(da[0]["hw_code"])[2:] + "_" + hex(startaddr)[2:] + os.path.basename(
+                                             loader))
+                    open(fname, "wb").write(data)
                 print(f"Offset: {hex(mbuf)}")
                 print(f"Length: {hex(m_len)}")
                 print(f"Addr: {hex(startaddr)}")
                 bootldr.seek(da[2]["m_buf"])
-                tt=bootldr.read(da[2]["m_len"])
+                tt = bootldr.read(da[2]["m_len"])
                 idx = tt.find(bytes.fromhex("70BB442D27D244A7"))
                 #idx = tt.find(bytes.fromhex("01279360D36013615361"))
-                if idx!=-1:
+                if idx != -1:
                     print("V3 Enabled")
                 bootldr.seek(da[3]["m_buf"])
-                tt=bootldr.read(da[3]["m_len"])
+                tt = bootldr.read(da[3]["m_len"])
                 idx2 = tt.find(bytes.fromhex("03 29 0D D9 07 4B 1B 68 03 60"))
-                if idx2!=-1:
-                    efusedb[da[0]["hw_code"]]=hex(int.from_bytes(tt[idx2+0x24:idx2+0x28],'little')&0xFFFFF000)
+                if idx2 != -1:
+                    efusedb[da[0]["hw_code"]] = hex(int.from_bytes(tt[idx2 + 0x24:idx2 + 0x28], 'little') & 0xFFFFF000)
                 else:
                     if not da[0]["hw_code"] in efusedb:
-                        efusedb[da[0]["hw_code"]]="None"
+                        efusedb[da[0]["hw_code"]] = "None"
                 print()
 
     sorted_dict = dict(sorted(efusedb.items()))
@@ -135,5 +142,6 @@ def main():
             print(str(idx)+" "+name+": "+hex(fields[2]))
     """
 
-if __name__=="__main__":
-    main()
\ No newline at end of file
+
+if __name__ == "__main__":
+    main()
diff --git a/requirements.txt b/requirements.txt
index 8e4749a..442e034 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,3 +9,5 @@ mock >= 4.0.3
 pyserial >= 3.5
 flake8
 fusepy
+unicorn
+capstone