has been fixed in mt6853

[CoolDUp]

brom dump here https://github.com/CoolDUp/MTK-brom-dump/blob/main/mt6853.dat

[chaosmaster]

Thanks, I'll take a look. May I ask, how you dumped the brom?

[sarunelis]

Seems command E0 (E8) is modified, after unsuccessfully data validation it clears (fills with 0x44) 0x100A00 Buffer :(

[sarunelis]

ROM:0000F21E FF F7 CB FB BL comdl_get_data_sendcks_sub_E9B8 ROM:0000F222 49 48 LDR R0, =EXPL_unk_100A00 ROM:0000F224 01 21 MOVS R1, #1 ROM:0000F226 F7 F7 55 FB BL Validate_E0_sub_68D4 ROM:0000F22A 04 46 MOV R4, R0 ROM:0000F22C FF 2C CMP R4, #0xFF ROM:0000F22E 04 D3 BCC loc_F23A ROM:0000F230 45 48 LDR R0, =EXPL_unk_100A00 ROM:0000F232 44 21 MOVS R1, #0x44 ; 'D' ROM:0000F234 32 46 MOV R2, R6 ROM:0000F236 02 F0 1D FA BL MEM_FILL_sub_11674 <<<<<<<<<<<<<<< ROM:0000F23A ROM:0000F23A loc_F23A ; CODE XREF: DLCMD_E0_E8_sub_F1D0+28j ROM:0000F23A ; DLCMD_E0_E8_sub_F1D0+2Ej ROM:0000F23A ; DLCMD_E0_E8_sub_F1D0+3Ej ROM:0000F23A ; DLCMD_E0_E8_sub_F1D0+5Ej ROM:0000F23A A0 B2 UXTH R0, R4 ROM:0000F23C 01 21 MOVS R1, #1 ROM:0000F23E FF F7 5E FB BL comdl_put_word_sub_sub_E8FE

[chaosmaster]

It was also fixed in the usb handler itself. Would still be interested in how brom was dumped @CoolDUp Was it an insecure device? If so, which one?

[awsaxf]

Dimensity 720 and Dimensity 800U are also MT6853, but I think they should be different!Dimensity 800U, testing var_1 to 0x2c8 still can not dump brom! Dimensity 1200 (MT6893) test to 0x10b can not dump brom!

[chaosmaster]

var_1 for MT6853 would've been 0xA if it wasn't fixed. If I had to guess, MT6893 will probably also be fixed.

[awsaxf]

Yes, but I still want to try again, I bought a few machines to test!

[chaosmaster]

Yes, but I still want to try again, I bought a few machines to test!

Good luck! Hopefully one of your devices has security disabled and allows dumping the bootrom.

[k25c2yf]

Yes, but I still want to try again, I bought a few machines to test!

Good luck! Hopefully one of your devices has security disabled and allows dumping the bootrom.

I log in to the original download software and can use realme Q2 (MT6583),anything I can do to help?

download: https://drive.google.com/file/d/1ksZBNZJVJDUOAsSv-aafeCbnAzVaXPVn/view?usp=sharing

Note: The account may expire or be cancelled soon, please try to detect usb data/dump the certificate as soon as possible.

This is a Wireshark usb flashing dump and updataing log file. https://drive.google.com/file/d/1tJyypd0L6yGFTj1JCGPR6RKu6oe8KgsF/view?usp=sharing

log https://drive.google.com/file/d/1mgHCT5cgxpo-7qPtX3UAfa-XjDLs2jU7/view?usp=sharing

[sarunelis]

Its Ok and have nothing todo with BROM exploit. Maybe you not understoond full picture of BBK flashing process: After DA is loaded, DA need extra authenticaction with BBK server to continue flashing process (Its like VIP on SnapDragon)

[victoreduardob2k]

Someone already have a bypass for mt6853 ? I need that :(

[victory789]

Someone already have a bypass for mt6853 ? I need that :(

I also found that some tools already support all Dimensity SOC

[victoreduardob2k]

@victory789 it's a free tools ? If it works , please give link Thanks

[victory789]

@victory789 it's a free tools ? If it works , please give link Thanks

https://chimeratool.com/
This is the link I found in Google. I learned about it. It should be an annual fee.

[danis1233]

what is wrong? dimensity 800u, mt6853v/t, realme 7 5g

[chaosmaster]

Is UsbDK installed?

[danis1233]

UsbDK instaled, but: UsbDK driver instalation failed, its ok?

[chaosmaster]

UsbDk is required for the new SOCs like 6853. Alternatively you can use Linux which should be much more reliable.

[danis1233]

how to check whether the UsbDK is installed correctly?

[sarunelis]

https://github.com/daynix/UsbDk