Possible Method to Unbrick Samsung MTK Devices with Antirollback

[Skorpion96]

This is a potential guide to unbrick MTK Samsung devices that people have tried to downgrade. Let’s first say that downgrading fully on Samsung is impossible. The problem is that they use a physical way to check antirollback. They have on the motherboard something called efuses or qfuses that prevent the flash or the load of a downgraded firmware, there are ways to load old APs etc, but that’s all, you can’t do a plain full downgrade, like flashing BL, and if you do the device will just refuse to boot. To downgrade i used mtk-bypass and then flashed an old binary firmware with sp flashtool, then device went back to brom/preloader permanently. At least in my case i don’t recall if i flashed latest firmware first or i first nand erased, but i can tell you something… DON’T NAND ERASE FROM SP FLASHTOOL, i tried it to remove the antirollback and it not only didn’t work but since firmware doesn’t have all partitions i got screwed, so don’t do it. That said, let’s get to the possible way to restore. First download your latest device firmware, also if you nand erased a dump, latest possible, or get one from a friend (note that flashing a dump could sometimes remove an "antirollback is set on da" warning on mtkclient, although since Samsung antrollback is physical this is almost useless, it's just helpful for downgrades). You can get the firmware from https://samfw.com/firmware/SM-T220 (replace SM-T220 with your device model), download and extract the firmware, then download: https://www.mediafire.com/file/fir79h1b ... s.rar/file (there should be sp flashtool as well but in case there isn’t or is not updated): https://github.com/gesangtome/SP_Flash_Tool_Linux or for Windows and Linux: https://spflashtool.com , disconnect your pc from internet and change your pc year to 2022, then run MTK Meta Utility, on it look for an option called, extract MTK Samsung Rom, click on it, then select the folder where you extracted the firmware for your device, the tool will convert it for sp flashtool. Then download and install USBdk:https://github.com/daynix/UsbDk/releases, clone: https://github.com/MTK-bypass/bypass_utility and setup it, run "python main.py" and connect the device in preloader, wait for it to say protection disabled, then run sp flashtool flash without format all option, load the scatter from the FIRMWARE_EXTRACTED directory inside the directory where you had extracted the Samsung rom, then click o the download button, the tool should start flashing. Side note, you can use dongles to flash if you have, i tried first sp flashtool yes but then i used hydra dongle, with it i didn’t need to use mtk-bypass as that step was done automatically and some sp flashtool errors were probably skipped as well. At the end of the flash the device should power on, if not try to yourself, it should go on download mode, if it doesn’t maybe you nand erased, use mtkclient or sp flashtool to restore the dump you previously downloaded and repeat sp flashtool step. If the device gets to download good, open odin, load all 4 AP CP CSC BL, then go on pit tab and load your device pit file, you can extract it from CSC with 7zip, then run the flash, the device willl restore to stock, it may ask to wipe data from recovery later, just do it, congrats you fixed. If after sp flashtool flash and dump flash the device still doesn’t work, like in my case…. use mtkclient:https://github.com/bkerler/mtkclient to extract expdb: “python mtk.py r expdb expdb” and then clone this repo and copy expdb inside: https://github.com/AgentFabulous/mtk-expdb-extract, then run main.py, it will dump some boot logs to help you understand what’s wrong, but at this point it’s up on you, i fixed thanks to Samsung first 8 bit firmware for my device, after flashing it with sp flashtool finally the device went in download mode and i was able to fix it, but may not be the case for you. Still i will never understand these antirollback bullshit measures, if i restored latest firmware why antirollback still pisses, and why on unlocked bl, i mean i know it’s because of efuses but on unlocked bootloader and after latest firmware restore? It’s getting ridiculous. Ah to unlock bl on repeated flashes i suggest you to dump your own unlocked seccfg or get an unlocked one from someone else like i did and flash it with sp flashtool, mtkclient or if you have a dongle.