Xiaomi Redmi Note 3, MTK Bootloaderı açınca açılmıyor

electro

Yetkin
Katılım
23 Aralık 2023
Mesajlar
687
Makaleler
1
Çözümler
9
Beğeniler
654
Cihaz
Redmi Note 3 Mediatek, hennessy
MTKClient ile islemi Linux uzerinde gerceklestirdim. Tekrar kilitleyip Stock ROM flashlayinca aciliyor ancak bootloaderi acinca yine acilmiyor.

@kullanıcı311 @rpmb @Heribert Yavuz
 
Son düzenleme:
Tarihe göre sırala Puana göre sırala
Xiaomi'nin unlock algoritması garip biraz, ondan yapıyor olabilir. Vbmeta'yı devre dışı birakıp tekrar deneyin (vbmeta.img'yi fastboot'tan --disable-verity --disabbe-verification ile flaşlayın).

Ayrıca, cihazı unlock yaptıktan sonra yeniden başlatıp birkaç kere yeniden başlamasını sağlayın. Sonrasında MTKClient ile "expdb" isimli disk bölümünü dump edin. Dump sonucu çıkan dosyayı bir şekildebana ulaştırırsanız yardımı dokunur.

Şu şekilde expdb'yi alabilirsiniz:
mtk r expdb expdb.bin
 
Artı 0 Eksi
Tamam, deneyip expdb'yi buraya atarım.

Vbmeta.img'yi nasil alabilirim?

Kod: 
MTK Flash/Exploit Client Public V2.0.1 (c) B.Kerler 2018-2024

Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.


.....Port - Device detected :)
Preloader -     CPU:            MT6795(Helio X10)
Preloader -     HW version:        0x0
Preloader -     WDT:            0x10007000
Preloader -     Uart:            0x11002000
Preloader -     Brom payload addr:    0x100a00
Preloader -     DA payload addr:    0x110000
Preloader -     CQ_DMA addr:        0x10212c00
Preloader -     Var1:            0xa
Preloader - Disabling Watchdog...
Preloader - HW code:            0x6795
Preloader - Target config:        0x1
Preloader -     SBC enabled:        True
Preloader -     SLA enabled:        False
Preloader -     DAA enabled:        False
Preloader -     SWJTAG enabled:        False
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:    False
Preloader -     Root cert required:    False
Preloader -     Mem read auth:        False
Preloader -     Mem write auth:        False
Preloader -     Cmd 0xC8 blocked:    False
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -     HW subcode:        0x8a00
Preloader -     HW Ver:            0xca00
Preloader -     SW Ver:            0x0
Preloader - ME_ID:            A769A1C338720663151CB7DA4C1A4891
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6795_payload.bin, 0x258 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/ubuntu/mtkclient/mtkclient/payloads/mt6795_payload.bin
Port - Device detected :)
DaHandler
DaHandler - [LIB]: Device is in BROM mode. No preloader given, trying to dump preloader from ram.
Successfully extracted preloader for this device to: preloader_lcsh6795_lwt_l.bin
DALegacy - Uploading legacy da...
DALegacy - Uploading legacy stage 1 from MTK_DA_V5.bin
LegacyExt - Legacy DA2 is patched.
LegacyExt - Legacy DA2 CMD F0 is patched.
Preloader - Jumping to 0x110000
Preloader - Jumping to 0x110000: ok.
DALegacy - Got loader sync !
DALegacy - Reading nand info
DALegacy - Reading emmc info
DALegacy - ACK: 03029a
DALegacy - Setting stage 2 config ...
DALegacy - DRAM config needed for : 11010030333247373400e6574436b2bd
DALegacy - Reading dram nand info ...
DALegacy - Sending dram info ... EMI-Version 0xf
DALegacy - RAM-Length: 0xb0
DALegacy - Checksum: 6282
DALegacy - M_EXT_RAM_RET : 0
DALegacy - M_EXT_RAM_TYPE : 0x2
DALegacy - M_EXT_RAM_CHIP_SELECT : 0x0
DALegacy - M_EXT_RAM_SIZE : 0x40000000
DALegacy - Uploading stage 2...
DALegacy - Successfully uploaded stage 2
DALegacy - Connected to stage2
DALegacy - Reconnecting to stage2 with higher speed
DeviceClass - [Errno 2] Entity not found
DALegacy - Connected to stage2 with higher speed
DALegacy - m_int_sram_ret = 0x0
m_int_sram_size = 0x20000
m_ext_ram_ret = 0x0
m_ext_ram_type = 0x2
m_ext_ram_chip_select = 0x0
m_int_sram_ret = 0x0
m_ext_ram_size = 0x80000000
randomid = 0x6861C7E85EEB16E3CC4F1ADAD968D339

m_emmc_ret = 0x0
m_emmc_boot1_size = 0x400000
m_emmc_boot2_size = 0x400000
m_emmc_rpmb_size = 0x400000
m_emmc_gp_size[0] = 0x0
m_emmc_gp_size[1] = 0x0
m_emmc_gp_size[2] = 0x0
m_emmc_gp_size[3] = 0x0
m_emmc_ua_size = 0x747c00000
m_emmc_cid = 33324737110100304436b2bd3400e657
m_emmc_fwver = 0000000000000000

DaHandler - Requesting available partitions ....
DaHandler - Dumping partition "boot"
Progress: |██████████| 100.0% Read (0x8000/0x8000, ) 1.96 MB/s97 MB/s
DaHandler - Dumped sector 67072 with sector count 32768 as boot.img.
DaHandler
DaHandler - [LIB]: Error: Couldn't detect partition: vbmeta
Available partitions:
DaHandler - proinfo
DaHandler - nvram
DaHandler - protect1
DaHandler - protect2
DaHandler - seccfg
DaHandler - lk
DaHandler - boot
DaHandler - recovery
DaHandler - secro
DaHandler - para
DaHandler - logo
DaHandler - expdb
DaHandler - tee1
DaHandler - tee2
DaHandler - system
DaHandler - cache
DaHandler - userdata
DaHandler - otp
DaHandler - flashinfo
Boyle bir cikti aliyorum vbmeta ve boot almaya calistigimda.

@rpmb
 
Son düzenleme:
Artı 0 Eksi

O cihazda vbmeta yok. seccfg oem unlock açması gerekirdi normalde. Resmi yöntemi de denediniz mi?
 
Artı 0 Eksi
kullanıcı311 dedi:
O cihazda vbmeta yok. seccfg oem unlock açması gerekirdi normalde. Resmi yöntemi de denediniz mi?
Genişletmek için tıkla...

Hayir, denemedim. Bootloader'i acmak icin bir uygulamaya yonlendiriyor ancak tamamen Çince. Cevirince miui.comdan Bootloader acma istegi gonderin gibi bir şeyler cikiyor.

Kod: 
mtk.py seccfg unlock

Seklinde denedim ama iste kilit acilinca telefon bromdan cikmiyor batarya konnektoru sokulse dahi.

Kod: 
...........

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.

.Port - Device detected :)
Preloader - CPU: MT6795(Helio X10)
Preloader - HW version: 0x0.
Preloader - WDT: 0x10007000.
Preloader - Uart: 0x11002000.
Preloader - Brom payload addr: 0x100a00.
Preloader - DA payload addr: 0x110000.
Preloader - CQ_DMA addr: 0x10212c00.
Preloader - Var1: 0xa.
Preloader - Disabling Watchdog...
Preloader - HW code: 0x6795.
Preloader - Target config: 0x1.
Preloader - SBC enabled: True.
Preloader - SLA enabled: False.
Preloader - DAA enabled: False.
Preloader - SWJTAG enabled: False.
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False.
Preloader - Root cert required: False.
Preloader - Mem read auth: False.
Preloader - Mem write auth: False.
Preloader - Cmd 0xC8 blocked: False.
Preloader - Get Target info.
Preloader - HW subcode: 0x8a00.
Preloader - HW Ver: 0xca00.
Preloader - SW Ver: 0x0.
Mtk - We're not in bootrom, trying to crash da...
Exploitation - Crashing da...
Preloader.
Preloader - [LIB]: upload_data failed with error: DA_IMAGE_SIG_VERIFY_FAIL (0x2001)
Preloader.
Preloader - [LIB]: Error on uploading da data.
Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode.
DeviceClass.
DeviceClass - [LIB]: Couldn't get device configuration.
Port - Device detected :)
Preloader - CPU: MT6795(Helio X10)
Preloader - HW version: 0x0.
Preloader - WDT: 0x10007000.
Preloader - Uart: 0x11002000.
Preloader - Brom payload addr: 0x100a00.
Preloader - DA payload addr: 0x110000.
Preloader - CQ_DMA addr: 0x10212c00.
Preloader - Var1: 0xa.
Preloader - Disabling Watchdog...
Preloader - HW code: 0x6795.
Preloader - Target config: 0x1.
Preloader - SBC enabled: True.
Preloader - SLA enabled: False.
Preloader - DAA enabled: False.
Preloader - SWJTAG enabled: False.
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False.
Preloader - Root cert required: False.
Preloader - Mem read auth: False.
Preloader - Mem write auth: False.
Preloader - Cmd 0xC8 blocked: False.
Preloader - Get Target info.
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00.
Preloader - HW Ver: 0xca00.
Preloader - SW Ver: 0x0.
Preloader - ME_ID: A769A1C338720663151CB7DA4C1A4891
PLTools - Loading payload from mt6795_payload.bin, 0x258 bytes.
Exploitation - Kamakiri Run.
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/ubuntu/mtkclient/mtkclient/payloads/mt6795_payload.bin
Port - Device detected :)
DaHandler - Device was protected. Successfully bypassed security.
DaHandler - Device is in BROM mode. Trying to dump preloader.
DALegacy - Uploading legacy da...
DALegacy - Uploading legacy stage 1 from MTK_DA_V5.bin
LegacyExt - Legacy DA2 is patched.
LegacyExt - Legacy DA2 CMD F0 is patched.
Preloader - Jumping to 0x110000.
Preloader - Jumping to 0x110000: ok.
DALegacy - Got loader sync !
DALegacy - Reading nand info.
DALegacy - Reading emmc info.
DALegacy - ACK: 03029a.
DALegacy - Setting stage 2 config ...
DALegacy - DRAM config needed for : 11010030333247373400e6574436b2bd
DALegacy - Reading dram nand info ...
DALegacy - Sending dram info ... EMI-Version 0xf.
DALegacy - RAM-Length: 0xb0.
DALegacy - Checksum: 6282.
DALegacy - M_EXT_RAM_RET : 0
DALegacy - M_EXT_RAM_TYPE : 0x2.
DALegacy - M_EXT_RAM_CHIP_SELECT : 0x0.
DALegacy - M_EXT_RAM_SIZE : 0x40000000.
DALegacy - Uploading stage 2...
DALegacy - Successfully uploaded stage 2
DALegacy - Connected to stage2.
DALegacy - Reconnecting to stage2 with higher speed.
DeviceClass - [Errno 2] Entity not found.
DALegacy - Connected to stage2 with higher speed.
DALegacy - m_int_sram_ret = 0x0.
m_int_sram_size = 0x20000.
m_ext_ram_ret = 0x0.
m_ext_ram_type = 0x2.
m_ext_ram_chip_select = 0x0.
m_int_sram_ret = 0x0.
m_ext_ram_size = 0x80000000.
randomid = 0x6861C7E85EEB16E3CC4F1ADAD968D339

m_emmc_ret = 0x0.
m_emmc_boot1_size = 0x400000.
m_emmc_boot2_size = 0x400000.
m_emmc_rpmb_size = 0x400000.
m_emmc_gp_size[0] = 0x0.
m_emmc_gp_size[1] = 0x0.
m_emmc_gp_size[2] = 0x0.
m_emmc_gp_size[3] = 0x0.
m_emmc_ua_size = 0x747c00000.
m_emmc_cid = 33324737110100304436b2bd3400e657
m_emmc_fwver = 0000000000000000.

LegacyExt - Detected V3 Lockstate.
Sej - HACC init.
Sej - HACC run.
Sej - HACC terminate.
Sej - HACC init.
Sej.
Sej - [LIB]: SEJ Legacy Hardware seems not to be configured correctly. Results may be wrong.
Sej - HACC run.
Sej - HACC terminate.
Progress: |██████████| 100.0% Write (0xD/0xD, ) 98.97 MB/s
DaHandler - Successfully wrote seccfg.

Bootloader acma islemi ciktisi da bu sekilde.
Filebin | 6f5txekjlvpse0hf expdb. Bin ciktisi.
 
Son düzenleme:
Artı 0 Eksi

Expdb disk bölümüne 0 KB bir dosya flaşlayıp seccfg kilidi açık bir şekilde cihazı yeniden başlatın, takılı kalırsa Expdb'yi tekrar alıp gönderin.
 
Artı 0 Eksi
rpmb dedi:
Expdb disk bölümüne 0 KB bir dosya flaşlayıp seccfg kilidi açık bir şekilde cihazı yeniden başlatın, takılı kalırsa Expdb'yi tekrar alıp gönderin.
Genişletmek için tıkla...
Kod: 
MTK Flash/Exploit Client Public V2.0.1 (c) B.Kerler 2018-2024

Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.


..........Port - Device detected :)
Preloader -     CPU:            MT6795(Helio X10)
Preloader -     HW version:        0x0
Preloader -     WDT:            0x10007000
Preloader -     Uart:            0x11002000
Preloader -     Brom payload addr:    0x100a00
Preloader -     DA payload addr:    0x110000
Preloader -     CQ_DMA addr:        0x10212c00
Preloader -     Var1:            0xa
Preloader - Disabling Watchdog...
Preloader - HW code:            0x6795
Preloader - Target config:        0x1
Preloader -     SBC enabled:        True
Preloader -     SLA enabled:        False
Preloader -     DAA enabled:        False
Preloader -     SWJTAG enabled:        False
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:    False
Preloader -     Root cert required:    False
Preloader -     Mem read auth:        False
Preloader -     Mem write auth:        False
Preloader -     Cmd 0xC8 blocked:    False
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -     HW subcode:        0x8a00
Preloader -     HW Ver:            0xca00
Preloader -     SW Ver:            0x0
Preloader - ME_ID:            A769A1C338720663151CB7DA4C1A4891
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6795_payload.bin, 0x258 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/ubuntu/mtkclient/mtkclient/payloads/mt6795_payload.bin
Port - Device detected :)
DaHandler
DaHandler - [LIB]: Device is in BROM mode. No preloader given, trying to dump preloader from ram.
DALegacy - Uploading legacy da...
DALegacy - Uploading legacy stage 1 from MTK_DA_V5.bin
LegacyExt - Legacy DA2 is patched.
LegacyExt - Legacy DA2 CMD F0 is patched.
Preloader - Jumping to 0x110000
Preloader - Jumping to 0x110000: ok.
DALegacy - Got loader sync !
DALegacy - Reading nand info
DALegacy - Reading emmc info
DALegacy - ACK: 03029a
DALegacy - Setting stage 2 config ...
DALegacy - DRAM config needed for : 11010030333247373400e6574436b2bd
DALegacy - Reading dram nand info ...
DALegacy - Sending dram info ... EMI-Version 0xf
DALegacy - RAM-Length: 0xb0
DALegacy - Checksum: 6282
DALegacy - M_EXT_RAM_RET : 0
DALegacy - M_EXT_RAM_TYPE : 0x2
DALegacy - M_EXT_RAM_CHIP_SELECT : 0x0
DALegacy - M_EXT_RAM_SIZE : 0x40000000
DALegacy - Uploading stage 2...
DALegacy - Successfully uploaded stage 2
DALegacy - Connected to stage2
DALegacy - Reconnecting to stage2 with higher speed
DeviceClass - [Errno 2] Entity not found
DALegacy - Connected to stage2 with higher speed
DALegacy - m_int_sram_ret = 0x0
m_int_sram_size = 0x20000
m_ext_ram_ret = 0x0
m_ext_ram_type = 0x2
m_ext_ram_chip_select = 0x0
m_int_sram_ret = 0x0
m_ext_ram_size = 0x80000000
randomid = 0x6861C7E85EEB16E3CC4F1ADAD968D339

m_emmc_ret = 0x0
m_emmc_boot1_size = 0x400000
m_emmc_boot2_size = 0x400000
m_emmc_rpmb_size = 0x400000
m_emmc_gp_size[0] = 0x0
m_emmc_gp_size[1] = 0x0
m_emmc_gp_size[2] = 0x0
m_emmc_gp_size[3] = 0x0
m_emmc_ua_size = 0x747c00000
m_emmc_cid = 33324737110100304436b2bd3400e657
m_emmc_fwver = 0000000000000000

Done |----------| 0.0% Write (0x0/0x0) 0.00 MB/sDALegacy
DALegacy - [LIB]: Couldn't send sdmmc_write_data header
Failed to write expdb2.bin to sector 391680 with sector count 20480.
Bos bir bin dosyasi olusturup flasladim ancak cikti yukaridaki gibi oldu ve yine calismadi. Bootloader kapatinca expdb 0kb flashlaninca aciliyor.
 
Artı 0 Eksi
Seccfg kilidini kapatın, cihazı Android'e başlatın. Sonrsında cihazı kapatın, seccfg kilidini açın, yeniden başlatın, takılı kalınca expdb'yi gönderin.

Gördüğüm en tilt cihaz olabilir, Xiaomi bir şeyler döndürüyor.
 
Artı 0 Eksi
Tamam, boot etmesini bekliyorum.

Yine acilmiyor.
Belki faydasi olabilir diye kullandigim rom:
Kod: 
hennessy_images_V9.6.1.0.LHNCNFD_20180620.0000.00_5.0_cn
 
Son düzenleme:
Artı 0 Eksi
Mesaj yazmak için giriş yapmalı ya da kaydolmalısınız.

Benzer konular

Xiaomi Redmi 9C'de MTK auth bypass tool açılmıyor
Mesaj
4
Görüntüleme
78
Jahrein Fan
W
Xiaomi Redmi Note 8 Pro'da Bootloader açılmıyor
2
Mesaj
16
Görüntüleme
299
kullanıcı311
  • Soru Soru
Xiaomi Redmi Note 12 4G sıcaklık sorunu
Mesaj
9
Görüntüleme
121
Beyazıt
P
Redmi Note 12 Pro Plus 5G'de bootloader açılmıyor
Mesaj
5
Görüntüleme
220
rpmb
Menü
Giriş yap
Kaydol
Bu siteyi kullanmak için çerezler gereklidir. Siteyi kullanmaya devam etmek için çerezleri kabul etmelisiniz. Daha Fazlasını Öğren.…