#author("2022-02-07T12:27:54+09:00","","") NEOはMediatek製SOC搭載のため、preloaderモードがある。preloaderモードでは次のことができる。 #author("2022-02-07T12:30:52+09:00","","") NEOはMediatek製SOC搭載のため、preloaderモードがある。preloaderモードでは次のことができます。 この記事の内容は未検証ですがチャレンジパッド3、Nextでも通用すると思います。 1,metaモード、factoryモード、advanced metaモード、fastbootに入る 2,パーティションのバックアップ(現時点で不可) 3,パーティションへのイメージファイル書き込み(現時点で不可) *preloaderモードへの入り方 [#n2cb2854] 電源を切った後USB接続するだけです。3秒ほどpreloaderモードに入ります。その間にpreloaderモードを使用した操作を行えばpreloaderモードが維持されます。 *1の各モードへの入り方 [#dd6b0efa] 1,mtk-bootseq.pyをダウンロード。 [[https://gist.github.com/plugnburn/b3b0bcfd926c48ec5373bea84ce59337]] 2,Linuxの場合以下のコマンドを実行する python mtk-bootseq.py モード /dev/ttyACM0 Windowsの場合は/dev/ttyACM0を変更する必用がある。どうするかはよくわかってない。 「モード」の部分には以下のものを入れます。 |モード名|「モード」部分に入れる文字|機能| |METAモード|METAMETA|起動画面で固まり、adb shellが有効になる。adb installや設定変更などは機能しない。imeiやシリアル番号の変更ができるらしい| |Advanced METAモード|ADVEMETA|METAモードと同じ| |FASTBOOTモード|FASTBOOT|FASTBOOTコマンドが使用できるようになる。書き込みや消去はアンロックが必須だが今の所アンロックは成功していない。| |Factoryモード|FACTFACT|ハードウェアの動作テストができる。中国語の文字が表示される。| |ATE signaling test?|FACTORYM|ATE signaling testが表示される。用途がよくわからない。| **Factoryモード [#mb8e5d65] &ref(https://i.imgur.com/KFKVWQI.jpg,nolink,861x646); &ref(https://i.imgur.com/kemXmPP.jpg,nolink,861x646); **ATE signaling test [#ea1d1ce9] &ref(https://i.imgur.com/g2TxOsp.jpg,nolink,861x646); *2と3のバックアップとフラッシュ [#pc6db287] この機能は専用のダウンロードエージェントが必用なため機能しない。 脆弱性をついてブートローダーのアンロックなどを行えるmtkclient [[https://github.com/bkerler/mtkclient]]はmt8168がサポートされていない。開発者に聞いたところmtk bruteコマンドを実行して得られたファイルを送れば対応させることが可能とのことだったがmtk brute自体が実行できない。 $mtk brute Port - Hint: Power off the phone before connecting. For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb. For preloader mode, don't press any hw button and connect usb. ........Port - Device detected :) Preloader - Get Target info Mtk - We're not in bootrom, trying to crash da... PLTools - Crashing da... Preloader Preloader - [LIB]: upload_data failed with error: DA_IMAGE_SIG_VERIFY_FAIL (0x2001) Preloader Preloader - [LIB]: Error on uploading da data Preloader - Jumping to 0x0 Preloader - Status: Waiting for PreLoader VCOM, please connect mobile Preloader Preloader - [LIB]: Status: Handshake failed, retrying... Preloader Preloader - [LIB]: Status: Handshake failed, retrying... Preloader Preloader - [LIB]: Status: Handshake failed, retrying... *Scatterファイル(wwr mtkで作成) [#ge125a9b] このファイルは現時点では使用不可だが今後何らかの書き込む方法が見つかった場合には機能すると思われる。ファイルはupdate.zip内のscatter.txtをwwr mtkで改変したもの。 #########################################__WwR_MTK_2.50__################################################### # # General Setting # #########################################__WwR_MTK_2.50__################################################### - general: MTK_PLATFORM_CFG info: - config_version: V1.1.2 platform: MT8168 project: WwR_Testing storage: EMMC boot_channel: MSDC_0 block_size: 0x20000 ############################################################################################################ # # Layout Setting # ############################################################################################################ - partition_index: SYS0 partition_name: preloader file_name: preloader.img is_download: true type: SV5_BL_BIN linear_start_addr: 0x0 physical_start_addr: 0x0 partition_size: 0x0 region: EMMC_BOOT_1 storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: BOOTLOADERS is_upgradable: true empty_boot_needed: false reserve: 0x00 - partition_index: SYS1 partition_name: pgpt file_name: pgpt.img is_download: true type: NORMAL_ROM linear_start_addr: 0x0 physical_start_addr: 0x0 partition_size: 0x80000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS2 partition_name: proinfo file_name: proinfo.img is_download: true type: NORMAL_ROM linear_start_addr: 0x80000 physical_start_addr: 0x80000 partition_size: 0x300000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS3 partition_name: boot_para file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x380000 physical_start_addr: 0x380000 partition_size: 0x100000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS4 partition_name: cam_vpu1 file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x480000 physical_start_addr: 0x480000 partition_size: 0xF00000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: true empty_boot_needed: false reserve: 0x00 - partition_index: SYS5 partition_name: cam_vpu2 file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x1380000 physical_start_addr: 0x1380000 partition_size: 0xF00000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: true empty_boot_needed: false reserve: 0x00 - partition_index: SYS6 partition_name: cam_vpu3 file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x2280000 physical_start_addr: 0x2280000 partition_size: 0xF00000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: true empty_boot_needed: false reserve: 0x00 - partition_index: SYS7 partition_name: nvram file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x3180000 physical_start_addr: 0x3180000 partition_size: 0x500000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS8 partition_name: protect1 file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x3680000 physical_start_addr: 0x3680000 partition_size: 0xA00000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS9 partition_name: protect2 file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x4080000 physical_start_addr: 0x4080000 partition_size: 0xA00000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS10 partition_name: persist file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x4A80000 physical_start_addr: 0x4A80000 partition_size: 0x3000000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS11 partition_name: nvcfg file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x7A80000 physical_start_addr: 0x7A80000 partition_size: 0x800000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS12 partition_name: seccfg file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x8280000 physical_start_addr: 0x8280000 partition_size: 0x40000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS13 partition_name: lk file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x82C0000 physical_start_addr: 0x82C0000 partition_size: 0x100000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: true empty_boot_needed: true reserve: 0x00 - partition_index: SYS14 partition_name: lk2 file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x83C0000 physical_start_addr: 0x83C0000 partition_size: 0x100000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: true empty_boot_needed: false reserve: 0x00 - partition_index: SYS15 partition_name: boot file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x84C0000 physical_start_addr: 0x84C0000 partition_size: 0x1000000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: true empty_boot_needed: false reserve: 0x00 - partition_index: SYS16 partition_name: recovery file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x94C0000 physical_start_addr: 0x94C0000 partition_size: 0x1000000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: true empty_boot_needed: false reserve: 0x00 - partition_index: SYS17 partition_name: para file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0xA4C0000 physical_start_addr: 0xA4C0000 partition_size: 0x80000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS18 partition_name: logo file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0xA540000 physical_start_addr: 0xA540000 partition_size: 0x800000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: true reserve: 0x00 - partition_index: SYS19 partition_name: dtbo file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0xAD40000 physical_start_addr: 0xAD40000 partition_size: 0x800000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: true empty_boot_needed: false reserve: 0x00 - partition_index: SYS20 partition_name: expdb file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0xB540000 physical_start_addr: 0xB540000 partition_size: 0xA00000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS21 partition_name: frp file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0xBF40000 physical_start_addr: 0xBF40000 partition_size: 0x100000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS22 partition_name: nvdata file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0xC040000 physical_start_addr: 0xC040000 partition_size: 0x2000000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS23 partition_name: tee1 file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0xE040000 physical_start_addr: 0xE040000 partition_size: 0x500000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: true empty_boot_needed: true reserve: 0x00 - partition_index: SYS24 partition_name: tee2 file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0xE540000 physical_start_addr: 0xE540000 partition_size: 0x500000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: true empty_boot_needed: false reserve: 0x00 - partition_index: SYS25 partition_name: kb file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0xEA40000 physical_start_addr: 0xEA40000 partition_size: 0x200000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS26 partition_name: dkb file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0xEC40000 physical_start_addr: 0xEC40000 partition_size: 0x200000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS27 partition_name: metadata file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0xEE40000 physical_start_addr: 0xEE40000 partition_size: 0x2000000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS28 partition_name: vbmeta file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x10E40000 physical_start_addr: 0x10E40000 partition_size: 0xB40000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: true empty_boot_needed: false reserve: 0x00 - partition_index: SYS29 partition_name: system file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x11980000 physical_start_addr: 0x11980000 partition_size: 0x54400000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: true empty_boot_needed: false reserve: 0x00 - partition_index: SYS30 partition_name: vendor file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x65D80000 physical_start_addr: 0x65D80000 partition_size: 0x19000000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: true empty_boot_needed: false reserve: 0x00 - partition_index: SYS31 partition_name: factory file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x7ED80000 physical_start_addr: 0x7ED80000 partition_size: 0x1000000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS32 partition_name: cache file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0x7FD80000 physical_start_addr: 0x7FD80000 partition_size: 0x40000000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS33 partition_name: userdata file_name: dummy.img is_download: true type: NORMAL_ROM linear_start_addr: 0xBFD80000 physical_start_addr: 0xBFD80000 partition_size: 0x0 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: UPDATE is_upgradable: false empty_boot_needed: false reserve: 0x00 - partition_index: SYS34 partition_name: sgpt file_name: dummy.img is_download: false type: NORMAL_ROM linear_start_addr: 0xFFFF0000 physical_start_addr: 0xFFFF0000 partition_size: 0x0 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: false is_reserved: true operation_type: RESERVED is_upgradable: false empty_boot_needed: false reserve: 0x00