So, fast forward, I'm bricked now for the second time. Luckily, from the first time, I have the BROM Flash log from SP Flash Tools. For those unaware on why a Mi authorized account is needed in the first place (speaking wrt to MTK platforms), MTK provides for a feature called SLA, which happens to be Serial Link Authentication/Authorization. Most OEMs don't implement this and MediaTek's own release of SP Flash doesn't have much in regards to SLA.
Xiaomi has SLA implemented and does things server side. The device generates 16 random bytes that it expects decrypted. If you give it the right answer, it'll continue with connect_brom and start flashing whereas wrong answer, it puts itself in an endless loop and won't listen to any more commands until BROM times out and goes for a reboot.
Xiaomi has SLA implemented and does things server side. The device generates 16 random bytes that it expects decrypted. If you give it the right answer, it'll continue with connect_brom and start flashing whereas wrong answer, it puts itself in an endless loop and won't listen to any more commands until BROM times out and goes for a reboot.
Now, if we are able to send DA to the device and connect to it without actually doing SLA, we wouldn't need to do SLA at all. A simple change to SP Flash should be enough to reflash the device.
Forwarded from Kshitij Gupta
MTK_AllInOne_DA_mt6765_mt6785.bin:
Data sent to the device is between
Data sent to the device is between
0x39DC and 0x3B9DCForwarded from Kshitij Gupta
I tried running SLA and providing it weird data. The device just stops responding until it times out for restart
https://github.com/AgentFabulous/xiaomi_mtk_brom_experiments/blob/master/main.py
For anyone interested in the spaghetti script
For anyone interested in the spaghetti script
GitHub
xiaomi_mtk_brom_experiments/main.py at master · AgentFabulous/xiaomi_mtk_brom_experiments
Contribute to AgentFabulous/xiaomi_mtk_brom_experiments development by creating an account on GitHub.
So I'm at yet another service center and they are ready to look into my 8 Pro without a bill. What do you think? Will they diagnose it correctly as a software flash or as a dead motherboard?
Final Results
38%
Software flash/hardbrick
62%
Dead motherboard
(Potentially) good news. They were trying to flash it. They were unable to however, because they were trying to load the global firmware on the indian variant. Showed them the right firmware and told them the steps to flash just in case. They're trying again now xD
They showed me the error, and it was yet another BROM cmd fail. Looks like BROM verifies things itself too, before starting the flash.
They showed me the error, and it was yet another BROM cmd fail. Looks like BROM verifies things itself too, before starting the flash.
Forwarded from Kshitij Gupta
Okay they may have fucked something up
Forwarded from Kshitij Gupta
It's not detecting Sim cards/has no IMEI
On the Redmi Note 8 Pro, If you ever lose your IMEI and have a full TWRP backup, restore the following partitions:
- nvcfg
- nvdata
- nvram
- persist
- protect_f
- protect_s
Most notable protect_f and protect_s. This apparently contains modem files. Restoring the others fixed an issue where it didn't ask for MIUI account login after factory reset.
- nvcfg
- nvdata
- nvram
- persist
- protect_f
- protect_s
Most notable protect_f and protect_s. This apparently contains modem files. Restoring the others fixed an issue where it didn't ask for MIUI account login after factory reset.
What in the world was Xiaomi thinking when they introduced the "Sounds of nature" feature in MIUI 11? With notification sounds like these, I think I'd NEVER know I got a notification.