You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Debian 13 mtkclient in Python3.8 virtualenv, (have tried with Python3.9 & Python 3.10 as well)
This is the device i am trying to do a full flash dump on: https://github.com/chainofexecution/Arcadyan-KVD21
For some back info this gateway uses the MTK T750 SoC so quite different arrangment than most use cases in this thread.
this is interfaced to the Debian machine via a USB-c extra port on the back of the gateway. Should be seeing MT6890/MT6880 (Dimensity 1000)
Starting out no MediaTek devices shows in lsusb or lsusb --tree
` $ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:800a Intel Corp. Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 8087:8002 Intel Corp. 8 channel internal hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 004: ID 413c:1004 Dell Computer Corp. Dell USB Keyboard Hub
Bus 003 Device 005: ID 046d:c016 Logitech, Inc. Optical Wheel Mouse
Bus 003 Device 006: ID 413c:2006 Dell Computer Corp. Dell USB Keyboard Hub
Bus 003 Device 007: ID 0781:5530 SanDisk Corp. Cruzer
Bus 003 Device 008: ID 8087:0032 Intel Corp. AX210 Bluetooth
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub'
'
'$ lsusb --tree
/: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=ehci-pci/2p, 480M
|__ Port 001: Dev 002, If 0, Class=Hub, Driver=hub/6p, 480M
/: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=ehci-pci/2p, 480M
|__ Port 001: Dev 002, If 0, Class=Hub, Driver=hub/8p, 480M
/: Bus 003.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/15p, 480M
|__ Port 004: Dev 008, If 0, Class=Wireless, Driver=btusb, 12M
|__ Port 004: Dev 008, If 1, Class=Wireless, Driver=btusb, 12M
|__ Port 008: Dev 004, If 0, Class=Hub, Driver=hub/3p, 12M
|__ Port 001: Dev 006, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M
|__ Port 001: Dev 006, If 1, Class=Human Interface Device, Driver=usbhid, 1.5M
|__ Port 011: Dev 005, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M
|__ Port 014: Dev 007, If 0, Class=Mass Storage, Driver=usb-storage, 480M
/: Bus 004.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/6p, 5000M'
'
After i run the following command and it fails
`$ mtk printgpt
MTK Flash/Exploit Client Public V2.0.1 (c) B.Kerler 2018-2024
Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.
...........
Port - Device detected :)
Preloader - CPU: MT6880/MT6890()
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x200000
Preloader - Var1: 0xa
Preloader - Disabling Watchdog...
Preloader - HW code: 0x992
Preloader - Target config: 0x5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Preloader - Get Target info
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca01
Preloader - SW Ver: 0x1
Preloader - ME_ID: F5EED4DF36FC9F823E5F8B5B119638BF
Mtk - We're not in bootrom, trying to crash da...
Exploitation - Crashing da...
Preloader
Preloader - [LIB]: upload_data failed with error: DAA_SIG_VERIFY_FAILED (0x7024)
Preloader
Preloader - [LIB]: Error on uploading da data
Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.
Port - Device detected :)
Preloader - CPU: MT6880/MT6890()
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x200000
Preloader - Var1: 0xa
Preloader - Disabling Watchdog...
Preloader - HW code: 0x992
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca01
Preloader - SW Ver: 0x1
Preloader - ME_ID: F5EED4DF36FC9F823E5F8B5B119638BF
Preloader
Preloader - [LIB]: Auth file is required. Use --auth option.
PLTools - Loading payload from generic_patcher_payload.bin, 0x538 bytes
Exploitation - Kamakiri Run
Exploitation
Exploitation - [LIB]: Error on sending payload.
PLTools
PLTools - [LIB]: Error on sending payload: /home/superuser/.pyenv/versions/3.8.0/envs/mtkclient/lib/python3.8/site-packages/mtkclient/payloads/generic_patcher_payload.bin
Traceback (most recent call last):
File "/home/superuser/.pyenv/versions/mtkclient/bin/mtk", line 8, in
sys.exit(main())
File "/home/superuser/.pyenv/versions/3.8.0/envs/mtkclient/lib/python3.8/site-packages/mtkclient/mtk.py", line 1017, in main
mtk = Main(args).run(parser)
File "/home/superuser/.pyenv/versions/3.8.0/envs/mtkclient/lib/python3.8/site-packages/mtkclient/Library/mtk_main.py", line 682, in run
mtk = da_handler.configure_da(mtk, preloader)
File "/home/superuser/.pyenv/versions/3.8.0/envs/mtkclient/lib/python3.8/site-packages/mtkclient/Library/DA/mtk_da_handler.py", line 101, in configure_da
mtk = mtk.bypass_security()
File "/home/superuser/.pyenv/versions/3.8.0/envs/mtkclient/lib/python3.8/site-packages/mtkclient/Library/mtk_class.py", line 205, in bypass_security
if plt.runpayload(filename=self.config.payloadfile):
File "/home/superuser/.pyenv/versions/3.8.0/envs/mtkclient/lib/python3.8/site-packages/mtkclient/Library/pltools.py", line 104, in runpayload
self.error(f"Error, payload answered instead: {hexlify(response_ack).decode('utf-8')}")
TypeError: a bytes-like object is required, not 'NoneType'
'
There is now this showing in lsusb and lsusb --tree
` $ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:800a Intel Corp. Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 8087:8002 Intel Corp. 8 channel internal hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 004: ID 413c:1004 Dell Computer Corp. Dell USB Keyboard Hub
Bus 003 Device 005: ID 046d:c016 Logitech, Inc. Optical Wheel Mouse
Bus 003 Device 006: ID 413c:2006 Dell Computer Corp. Dell USB Keyboard Hub
Bus 003 Device 007: ID 0781:5530 SanDisk Corp. Cruzer
Bus 003 Device 008: ID 8087:0032 Intel Corp. AX210 Bluetooth
Bus 003 Device 014: ID 0e8d:0003 MediaTek Inc. MT6227 phone
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub'
'lsusb --tree
/: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=ehci-pci/2p, 480M
|__ Port 001: Dev 002, If 0, Class=Hub, Driver=hub/6p, 480M
/: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=ehci-pci/2p, 480M
|__ Port 001: Dev 002, If 0, Class=Hub, Driver=hub/8p, 480M
/: Bus 003.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/15p, 480M
|__ Port 003: Dev 014, If 0, Class=Communications, Driver=[none], 480M
|__ Port 003: Dev 014, If 1, Class=CDC Data, Driver=[none], 480M
|__ Port 004: Dev 008, If 0, Class=Wireless, Driver=btusb, 12M
|__ Port 004: Dev 008, If 1, Class=Wireless, Driver=btusb, 12M
|__ Port 008: Dev 004, If 0, Class=Hub, Driver=hub/3p, 12M
|__ Port 001: Dev 006, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M
|__ Port 001: Dev 006, If 1, Class=Human Interface Device, Driver=usbhid, 1.5M
|__ Port 011: Dev 005, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M
|__ Port 014: Dev 007, If 0, Class=Mass Storage, Driver=usb-storage, 480M
/: Bus 004.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/6p, 5000M
'
if i run this command i have no /dev/ttyACM* devices ls -l /dev/ttyACM* ls: cannot access '/dev/ttyACM*': No such file or directory
'
If i do not touch router and reboot the pc and run the same command i now have an /dev/ttyACM* device
$ ls -l /dev/ttyACM* crw-rw----+ 1 root dialout 166, 0 Dec 25 09:35 /dev/ttyACM0
If i run the following command the device id completely changes,, the --iot switch seems to be getting close to making it work.
I see no mention whatsoever in the help files about the --iot switch...? I only found this to try and on the github readme for installation and tried it.
Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.
...........
Port - Device detected :)
'
,,, the command goes no further
Now lsusb info looks like",, it appears to be in 'preloader mode'
$ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:800a Intel Corp. Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 8087:8002 Intel Corp. 8 channel internal hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 004: ID 413c:1004 Dell Computer Corp. Dell USB Keyboard Hub
Bus 003 Device 005: ID 046d:c016 Logitech, Inc. Optical Wheel Mouse
Bus 003 Device 006: ID 413c:2006 Dell Computer Corp. Dell USB Keyboard Hub
Bus 003 Device 007: ID 0781:5530 SanDisk Corp. Cruzer
Bus 003 Device 008: ID 8087:0032 Intel Corp. AX210 Bluetooth
Bus 003 Device 015: ID 0e8d:2000 MediaTek Inc. MT65xx Preloader
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
$ sudo dmesg
[28552.956144] usb 3-3: USB disconnect, device number 14
[28565.104707] usb 3-3: new high-speed USB device number 15 using xhci_hcd
[28565.241442] usb 3-3: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice= 1.00
[28565.241454] usb 3-3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[28565.241458] usb 3-3: Product: MT65xx Preloader
[28565.241462] usb 3-3: Manufacturer: MediaTek
[28565.343746] cdc_acm 3-3:1.0: ttyACM0: USB ACM device `
'
Adding: I do have multiple firmare packages for the slightly older T700 SoC with preloader files etc. I tried manually entering these proloader files into the mtk commandline but i am missing something as the default preloader file is always being used. I do not have any firmware for this actual router,m This is why im wanting to doa full flash dump.
Can anyone explain why the device id is incorrect for this device..It should show up as an MT6880 (Dimensity1000) ,,am pretty certain.
For a little more info Have also tried breifly using the Fibocom T700 based modem in PCIe interface and the Debian OS loads the mtk_t7xx kernel module by default. This device works fine in a PCIe interface card
This T750 device USBed never loads the mtk_t7xx kernel modle..I think this is why i am having problems,,but dont know the cure. I think it needs to have some udev rules added manually,,but i dont know the precedure for generating the correct udev rules for product ID * vendor ID,etc.
Also,,I did try using code tags throughout this post,,,Not sure what im doing wrong to encase the code into the code tags.
Thanks
The text was updated successfully, but these errors were encountered:
Debian 13 mtkclient in Python3.8 virtualenv, (have tried with Python3.9 & Python 3.10 as well)
This is the device i am trying to do a full flash dump on: https://github.com/chainofexecution/Arcadyan-KVD21
For some back info this gateway uses the MTK T750 SoC so quite different arrangment than most use cases in this thread.
this is interfaced to the Debian machine via a USB-c extra port on the back of the gateway. Should be seeing MT6890/MT6880 (Dimensity 1000)
Starting out no MediaTek devices shows in lsusb or lsusb --tree
` $ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:800a Intel Corp. Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 8087:8002 Intel Corp. 8 channel internal hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 004: ID 413c:1004 Dell Computer Corp. Dell USB Keyboard Hub
Bus 003 Device 005: ID 046d:c016 Logitech, Inc. Optical Wheel Mouse
Bus 003 Device 006: ID 413c:2006 Dell Computer Corp. Dell USB Keyboard Hub
Bus 003 Device 007: ID 0781:5530 SanDisk Corp. Cruzer
Bus 003 Device 008: ID 8087:0032 Intel Corp. AX210 Bluetooth
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub'
'
'$ lsusb --tree
/: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=ehci-pci/2p, 480M
|__ Port 001: Dev 002, If 0, Class=Hub, Driver=hub/6p, 480M
/: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=ehci-pci/2p, 480M
|__ Port 001: Dev 002, If 0, Class=Hub, Driver=hub/8p, 480M
/: Bus 003.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/15p, 480M
|__ Port 004: Dev 008, If 0, Class=Wireless, Driver=btusb, 12M
|__ Port 004: Dev 008, If 1, Class=Wireless, Driver=btusb, 12M
|__ Port 008: Dev 004, If 0, Class=Hub, Driver=hub/3p, 12M
|__ Port 001: Dev 006, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M
|__ Port 001: Dev 006, If 1, Class=Human Interface Device, Driver=usbhid, 1.5M
|__ Port 011: Dev 005, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M
|__ Port 014: Dev 007, If 0, Class=Mass Storage, Driver=usb-storage, 480M
/: Bus 004.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/6p, 5000M'
'
After i run the following command and it fails
`$ mtk printgpt
MTK Flash/Exploit Client Public V2.0.1 (c) B.Kerler 2018-2024
Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.
...........
Port - Device detected :)
Preloader - CPU: MT6880/MT6890()
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x200000
Preloader - Var1: 0xa
Preloader - Disabling Watchdog...
Preloader - HW code: 0x992
Preloader - Target config: 0x5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Preloader - Get Target info
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca01
Preloader - SW Ver: 0x1
Preloader - ME_ID: F5EED4DF36FC9F823E5F8B5B119638BF
Mtk - We're not in bootrom, trying to crash da...
Exploitation - Crashing da...
Preloader
Preloader - [LIB]: upload_data failed with error: DAA_SIG_VERIFY_FAILED (0x7024)
Preloader
Preloader - [LIB]: Error on uploading da data
Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.
Port - Device detected :)
Preloader - CPU: MT6880/MT6890()
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x200000
Preloader - Var1: 0xa
Preloader - Disabling Watchdog...
Preloader - HW code: 0x992
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca01
Preloader - SW Ver: 0x1
Preloader - ME_ID: F5EED4DF36FC9F823E5F8B5B119638BF
Preloader
Preloader - [LIB]: Auth file is required. Use --auth option.
PLTools - Loading payload from generic_patcher_payload.bin, 0x538 bytes
Exploitation - Kamakiri Run
Exploitation
Exploitation - [LIB]: Error on sending payload.
PLTools
PLTools - [LIB]: Error on sending payload: /home/superuser/.pyenv/versions/3.8.0/envs/mtkclient/lib/python3.8/site-packages/mtkclient/payloads/generic_patcher_payload.bin
Traceback (most recent call last):
File "/home/superuser/.pyenv/versions/mtkclient/bin/mtk", line 8, in
sys.exit(main())
File "/home/superuser/.pyenv/versions/3.8.0/envs/mtkclient/lib/python3.8/site-packages/mtkclient/mtk.py", line 1017, in main
mtk = Main(args).run(parser)
File "/home/superuser/.pyenv/versions/3.8.0/envs/mtkclient/lib/python3.8/site-packages/mtkclient/Library/mtk_main.py", line 682, in run
mtk = da_handler.configure_da(mtk, preloader)
File "/home/superuser/.pyenv/versions/3.8.0/envs/mtkclient/lib/python3.8/site-packages/mtkclient/Library/DA/mtk_da_handler.py", line 101, in configure_da
mtk = mtk.bypass_security()
File "/home/superuser/.pyenv/versions/3.8.0/envs/mtkclient/lib/python3.8/site-packages/mtkclient/Library/mtk_class.py", line 205, in bypass_security
if plt.runpayload(filename=self.config.payloadfile):
File "/home/superuser/.pyenv/versions/3.8.0/envs/mtkclient/lib/python3.8/site-packages/mtkclient/Library/pltools.py", line 104, in runpayload
self.error(f"Error, payload answered instead: {hexlify(response_ack).decode('utf-8')}")
TypeError: a bytes-like object is required, not 'NoneType'
'
There is now this showing in lsusb and lsusb --tree
` $ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:800a Intel Corp. Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 8087:8002 Intel Corp. 8 channel internal hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 004: ID 413c:1004 Dell Computer Corp. Dell USB Keyboard Hub
Bus 003 Device 005: ID 046d:c016 Logitech, Inc. Optical Wheel Mouse
Bus 003 Device 006: ID 413c:2006 Dell Computer Corp. Dell USB Keyboard Hub
Bus 003 Device 007: ID 0781:5530 SanDisk Corp. Cruzer
Bus 003 Device 008: ID 8087:0032 Intel Corp. AX210 Bluetooth
Bus 003 Device 014: ID 0e8d:0003 MediaTek Inc. MT6227 phone
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub'
'lsusb --tree
/: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=ehci-pci/2p, 480M
|__ Port 001: Dev 002, If 0, Class=Hub, Driver=hub/6p, 480M
/: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=ehci-pci/2p, 480M
|__ Port 001: Dev 002, If 0, Class=Hub, Driver=hub/8p, 480M
/: Bus 003.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/15p, 480M
|__ Port 003: Dev 014, If 0, Class=Communications, Driver=[none], 480M
|__ Port 003: Dev 014, If 1, Class=CDC Data, Driver=[none], 480M
|__ Port 004: Dev 008, If 0, Class=Wireless, Driver=btusb, 12M
|__ Port 004: Dev 008, If 1, Class=Wireless, Driver=btusb, 12M
|__ Port 008: Dev 004, If 0, Class=Hub, Driver=hub/3p, 12M
|__ Port 001: Dev 006, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M
|__ Port 001: Dev 006, If 1, Class=Human Interface Device, Driver=usbhid, 1.5M
|__ Port 011: Dev 005, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M
|__ Port 014: Dev 007, If 0, Class=Mass Storage, Driver=usb-storage, 480M
/: Bus 004.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/6p, 5000M
'
if i run this command i have no /dev/ttyACM* devices
ls -l /dev/ttyACM* ls: cannot access '/dev/ttyACM*': No such file or directory'
If i do not touch router and reboot the pc and run the same command i now have an /dev/ttyACM* device
$ ls -l /dev/ttyACM* crw-rw----+ 1 root dialout 166, 0 Dec 25 09:35 /dev/ttyACM0If i run the following command the device id completely changes,, the --iot switch seems to be getting close to making it work.
I see no mention whatsoever in the help files about the --iot switch...? I only found this to try and on the github readme for installation and tried it.
`python mtk.py rf flash.bin --iot
MTK Flash/Exploit Client Public V2.0.1 (c) B.Kerler 2018-2024
Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.
...........
Port - Device detected :)
'
,,, the command goes no further
Now lsusb info looks like",, it appears to be in 'preloader mode'
$ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:800a Intel Corp. Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 8087:8002 Intel Corp. 8 channel internal hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 004: ID 413c:1004 Dell Computer Corp. Dell USB Keyboard Hub
Bus 003 Device 005: ID 046d:c016 Logitech, Inc. Optical Wheel Mouse
Bus 003 Device 006: ID 413c:2006 Dell Computer Corp. Dell USB Keyboard Hub
Bus 003 Device 007: ID 0781:5530 SanDisk Corp. Cruzer
Bus 003 Device 008: ID 8087:0032 Intel Corp. AX210 Bluetooth
Bus 003 Device 015: ID 0e8d:2000 MediaTek Inc. MT65xx Preloader
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
[28552.956144] usb 3-3: USB disconnect, device number 14
[28565.104707] usb 3-3: new high-speed USB device number 15 using xhci_hcd
[28565.241442] usb 3-3: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice= 1.00
[28565.241454] usb 3-3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[28565.241458] usb 3-3: Product: MT65xx Preloader
[28565.241462] usb 3-3: Manufacturer: MediaTek
[28565.343746] cdc_acm 3-3:1.0: ttyACM0: USB ACM device `
'
Adding: I do have multiple firmare packages for the slightly older T700 SoC with preloader files etc. I tried manually entering these proloader files into the mtk commandline but i am missing something as the default preloader file is always being used. I do not have any firmware for this actual router,m This is why im wanting to doa full flash dump.
Can anyone explain why the device id is incorrect for this device..It should show up as an MT6880 (Dimensity1000) ,,am pretty certain.
For a little more info Have also tried breifly using the Fibocom T700 based modem in PCIe interface and the Debian OS loads the mtk_t7xx kernel module by default. This device works fine in a PCIe interface card
This T750 device USBed never loads the mtk_t7xx kernel modle..I think this is why i am having problems,,but dont know the cure. I think it needs to have some udev rules added manually,,but i dont know the precedure for generating the correct udev rules for product ID * vendor ID,etc.
Also,,I did try using code tags throughout this post,,,Not sure what im doing wrong to encase the code into the code tags.
Thanks
The text was updated successfully, but these errors were encountered: