Page 1 of 1

Unisoc/MTK Universal Potential Unbrick Method. The Dead Who Never Really Dies

Posted: Fri Aug 09, 2024 6:33 am
by Skorpion96
It's always the same story, you do a wrong flash and the device brick, and if you do really bad ones, like flashing wrong device firmwares it will brick forever.... NO! i can tell you this is not the case for at least two type of phone processors, mediatek and unisoc: let's illustrate why. Well first tools for flashing unisoc and mediatek are publicly available, this is indeed important, but it's not the only reason. The most important reason is: No matter what you screw on them, you could even screw bootloader or splloader, them will always fallback on bootrom. The only time you will be screwed will be when on mediatek you have burned efuses and so the device will be unable to boot in brom, for the other cases you will be set, let's cover the process for mtk first. Let's assume you bricked and the device is in preloader. You have two choices, the first is to install USBDK:https://github.com/daynix/UsbDk/releases, then run mtk-bypass:https://github.com/MTK-bypass/bypass_utility and SP Flashtool, there is V5 and V6 online, for linux as well:https://github.com/gesangtome/SP_Flash_Tool_Linux or:https://spflashtool.com/download/SP_Fla ... 00.100.zip, try both, then you just flash, or you can use mtkclient to flash every partition of your firmware back to the device: https://github.com/bkerler/mtkclient on mediatek you can as well unlock bootloader first by mtkclient, restore is guarranteed. Now about Unisoc, let's assume you did a wrong flash or for your device didn't exist stock firmware and now there is some update.zip or you found a dump. you can't flash it through research download tool and you screwed splloader (personal experience), the device doesn't boot anywhere and it's on permanent unisoc bootrom. You say "i'm screwed". It's not true, a zip flashable update it's all you need. unzip the update, if it's on payload.bin format you may want to extract it using tools like:https://www.thecustomdroid.com/how-to-e ... -bin-file/ if you have the pac, load it on research download tool, browse it's dir and get the image files on "ImageFiles" dir. then, download:https://github.com/TomKing062/CVE-2022- ... 240714.zip or you can compile it yourself:https://github.com/TomKing062/spreadtru ... me-ov-file go on SPRD dir and copy inside your firmware partitions. That said the flash can start, the base command is the following:spd_dump exec_addr 0x4ee8 fdl fdl1.img 0x5000 fdl fdl2.img 0x9efffe00 exec write_part "part_to_write" "file_to_write" (you can add reset at the end to reboot the device), note that 0x9efffe00 and 0x4ee8 could be different, you also have to get the files for these and put them on the flash directory, here is the exec for this example, it may or may not work for you:https://www.mediafire.com/file/scpyg1ni ... 8.bin/file . Returning to splloader flash, in our case: spd_dump exec_addr 0x4ee8 fdl fdl1.img 0x5000 fdl fdl2.img 0x9efffe00 exec write_part splloader splloader.img reset [enter], connect the device, if everything is correct the flash will start and the device reboot. If you flashed the right splloader the device should go to bootlogo, in case it doesn't flash uboot as well, in any case after flashing splloader the device should be visisble on research download tool. Boot it again on bootrom by removing and reinserting battery or by buttons and run research download tool firmware flash, if you are lucky the flash will start and maybe work. What if i don't have a firmware for the device in pac format? use a similar device one, it must have the same soc, like sc9863a, deselect everything except fdl1, on fdl2 load your device bootloader image file, then replace other partitions with ones from your dump/update.zip and after that save the pac (you can ignore cache and userdata in theory as well). then load it again on research download tool but uncheck imei, nv and other stuff backup, i know this will make you lose imei but there is no other choice, you will restore later. Then run the flash and connect the device in brom, after the flash finishes power on the device. If everything goes as it should it will boot on the system but you will have no imei as i explained previously, restore it using the method you like. Side Note: I highly don't reccomend you to try and restore every partition through spd_dump, it's so basic and many partition flashes will fail, personal experience, so use it to restore splloader and uboot and then use research download tool.