MtkClient unlock BootLoader/FRP/Root/Flash/Repair ...More|MI ACC Perm remove free without box
1.7 هزار بار بازدید -
3 سال پیش
-
Hello The seccfg partition unlocks
Hello The seccfg partition unlocks the device
Instead of using box chimera cm2 .... or the following method for unlock bootloader now you can unlock free with some command using mtkclient and python for unlock mi perm frp flash custom recovery root more plz
go https://github.com/bkerler/mtkclient for more informations
mtkclient
Just some mtk tool for exploitation, reading/writing flash and doing crazy stuff. For windows, you need to install the stock mtk port and the usbdk driver (see instructions below). For linux, a patched kernel is only needed when using old kamakiri (see Setup folder) (except for read/write flash).
Once the mtk script is running, boot into brom mode by powering off device, press and hold either vol up + power or vol down + power and connect the phone. Once detected by the tool, release the buttons.
||||🔥 Offline Unlock free || No Need Auth Id Or ISP Pinout |||
●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●
ʟɪᴋᴇ | sᴜʙsᴄʀɪʙᴇ | sʜᴀʀᴇ | ᴄᴏᴍᴍᴇɴᴛ
●▬▬▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬●
About this video-
If my channel help you than be sure to Subscribe to my YouTube channel. This is very important for me (plz)
▬▬▬▬▬▬▬ஜ۩#ماتركس_ايجي۩ஜ▬▬▬▬▬▬▬▬
Files for install mtk client
https://mxegy.blogspot.com
https://github.com/bkerler/mtkclient
https://mxegy.blogspot.com/2021/10/mt...
●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●
#MtkClient
#unlockBootLoader
#root
#unlock
#mtk
You must initially unlock the bootloader through the MiUnlock application, then recover save the seccfg partition which contains the bootloader unlock information. But, it is easier to get rid of the requirement of the MiUnlock app.
1 Recover your seccfg partition:
* the phone in normal mode =
- We launch the command prompt and we write
adb shell
ls -al /dev/block/by-name
or
adb shell
ls -al /dev/block/platform/bootdevice/by-name
- Output (looking for "seccfg") =
lrwxrwxrwx 1 root root 16 2021-03-06 23:25 seccfg - /dev/block/sdc13
- We get seccfg on the internal memory =
dd if =/dev/block/sdc13 of =/sdcard/Partition_seccfg
(I named "Partition_seccfg", but you give the name you want)
- You save "Partition_seccfg" on your PC
* We can recover the "seccfg" partition by SPFlashTool
- Edit your "MTxxxx_Android_scatter.txt" from a stock ROM (with Notepad or other)
- We are looking for "seccfg" =
partition_index: SYS14
partition_name: seccfg
file_name: NONE
is_download: false
type: NORMAL_ROM
linear_start_addr: 0x13800000
physical_start_addr: 0x13800000
partition_size: 0x800000
- We turn off the phone
- we switch to EDL mode with the python script "bypass_utility-v.1.4.2" (see on the web for installation and other information, among other things to unbrick the phone)
- we do a "readback of the" seccfg "partition with SPFlashTool using linear_start_addr: 0x13800000 and partition_size: 0x800000 (check the location on the PC, where the "seccfg" partition will be saved with the name you have chosen)
2) Modify your "seccfg" partition:
* We edit the "seccfg" partition with a hexadecimal editor (Notepad or other)
- Total size 000000000 to 007ffff0 (000000040 to 007ffff0 : zero bytes = 00)
- Address 000000000 to 00000003f, we find :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 02 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 3d aa 79 3b
0000020 to 000002f
eb b0 56 bd 53 48 d3 6e 7d 54 a0 41 0c 2d 1a 90
0000030 to 000003f
58 1a 9c 5f ab 90 cc 0f 5c 11 63 a2 00 00 00 00
(The bootloader is locked!)
- We modify with our hexadecimal editor (Address 000000000 to 000000030) :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 03 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 57 b3 59 5d
0000020 to 000002f
9e bc 3d 02 33 91 84 9a 42 59 54 8e 07 aa 0f 34
0000030 to 000003f
f1 bb 1e 47 ea 8e cf 76 fb de 79 7b 00 00 00 00
(The bootloader is unlocked!)
- We save our changes
3) Write your "seccfg" partition on the phone:
* We flash the "seccfg" partition
- fastboot flash seccfg "path on your PC"\"name of your saved seccfg partition" (E:\MyFolder\Partition_seccfg for example), in fastboot mode,
- SPFlashTool using EDL mode with the python script "bypass_utility-v.1.4.2 "and by flashing your rom by not checking that the partition "seccfg",
- in adb mode, with the opposite operation, after having copied your partion "seccfg" on the internal memory of the telephone (name "Partition_seccfg" that I gave and that you choose) :
adb shell dd if=/sdcard/Partition_seccfg of=/dev/block/sdc13
- We restart the phone and the bootloader is unlocked without intervention from Xiaomi or other!
4) Warning :
Once all this information is published, subsequent MIUI updates may destroy our efforts by scheduling the bootloader release in a more complicated way!
now you can unlock root ez by mtkclient
Instead of using box chimera cm2 .... or the following method for unlock bootloader now you can unlock free with some command using mtkclient and python for unlock mi perm frp flash custom recovery root more plz
go https://github.com/bkerler/mtkclient for more informations
mtkclient
Just some mtk tool for exploitation, reading/writing flash and doing crazy stuff. For windows, you need to install the stock mtk port and the usbdk driver (see instructions below). For linux, a patched kernel is only needed when using old kamakiri (see Setup folder) (except for read/write flash).
Once the mtk script is running, boot into brom mode by powering off device, press and hold either vol up + power or vol down + power and connect the phone. Once detected by the tool, release the buttons.
||||🔥 Offline Unlock free || No Need Auth Id Or ISP Pinout |||
●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●
ʟɪᴋᴇ | sᴜʙsᴄʀɪʙᴇ | sʜᴀʀᴇ | ᴄᴏᴍᴍᴇɴᴛ
●▬▬▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬●
About this video-
If my channel help you than be sure to Subscribe to my YouTube channel. This is very important for me (plz)
▬▬▬▬▬▬▬ஜ۩#ماتركس_ايجي۩ஜ▬▬▬▬▬▬▬▬
Files for install mtk client
https://mxegy.blogspot.com
https://github.com/bkerler/mtkclient
https://mxegy.blogspot.com/2021/10/mt...
●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●
#MtkClient
#unlockBootLoader
#root
#unlock
#mtk
You must initially unlock the bootloader through the MiUnlock application, then recover save the seccfg partition which contains the bootloader unlock information. But, it is easier to get rid of the requirement of the MiUnlock app.
1 Recover your seccfg partition:
* the phone in normal mode =
- We launch the command prompt and we write
adb shell
ls -al /dev/block/by-name
or
adb shell
ls -al /dev/block/platform/bootdevice/by-name
- Output (looking for "seccfg") =
lrwxrwxrwx 1 root root 16 2021-03-06 23:25 seccfg - /dev/block/sdc13
- We get seccfg on the internal memory =
dd if =/dev/block/sdc13 of =/sdcard/Partition_seccfg
(I named "Partition_seccfg", but you give the name you want)
- You save "Partition_seccfg" on your PC
* We can recover the "seccfg" partition by SPFlashTool
- Edit your "MTxxxx_Android_scatter.txt" from a stock ROM (with Notepad or other)
- We are looking for "seccfg" =
partition_index: SYS14
partition_name: seccfg
file_name: NONE
is_download: false
type: NORMAL_ROM
linear_start_addr: 0x13800000
physical_start_addr: 0x13800000
partition_size: 0x800000
- We turn off the phone
- we switch to EDL mode with the python script "bypass_utility-v.1.4.2" (see on the web for installation and other information, among other things to unbrick the phone)
- we do a "readback of the" seccfg "partition with SPFlashTool using linear_start_addr: 0x13800000 and partition_size: 0x800000 (check the location on the PC, where the "seccfg" partition will be saved with the name you have chosen)
2) Modify your "seccfg" partition:
* We edit the "seccfg" partition with a hexadecimal editor (Notepad or other)
- Total size 000000000 to 007ffff0 (000000040 to 007ffff0 : zero bytes = 00)
- Address 000000000 to 00000003f, we find :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 02 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 3d aa 79 3b
0000020 to 000002f
eb b0 56 bd 53 48 d3 6e 7d 54 a0 41 0c 2d 1a 90
0000030 to 000003f
58 1a 9c 5f ab 90 cc 0f 5c 11 63 a2 00 00 00 00
(The bootloader is locked!)
- We modify with our hexadecimal editor (Address 000000000 to 000000030) :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 03 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 57 b3 59 5d
0000020 to 000002f
9e bc 3d 02 33 91 84 9a 42 59 54 8e 07 aa 0f 34
0000030 to 000003f
f1 bb 1e 47 ea 8e cf 76 fb de 79 7b 00 00 00 00
(The bootloader is unlocked!)
- We save our changes
3) Write your "seccfg" partition on the phone:
* We flash the "seccfg" partition
- fastboot flash seccfg "path on your PC"\"name of your saved seccfg partition" (E:\MyFolder\Partition_seccfg for example), in fastboot mode,
- SPFlashTool using EDL mode with the python script "bypass_utility-v.1.4.2 "and by flashing your rom by not checking that the partition "seccfg",
- in adb mode, with the opposite operation, after having copied your partion "seccfg" on the internal memory of the telephone (name "Partition_seccfg" that I gave and that you choose) :
adb shell dd if=/sdcard/Partition_seccfg of=/dev/block/sdc13
- We restart the phone and the bootloader is unlocked without intervention from Xiaomi or other!
4) Warning :
Once all this information is published, subsequent MIUI updates may destroy our efforts by scheduling the bootloader release in a more complicated way!
now you can unlock root ez by mtkclient
3 سال پیش
در تاریخ 1400/07/09 منتشر شده
است.
1,734
بـار بازدید شده