Search options

Today I managed to run all on Ubuntu.

Unfortunately first loader wasn't loaded:

:/home/projects/ferny/fernly# ./build/fernly-usb-loader -s /dev/fernvale ./build/usb-loader.bin ./build/firmware.bin
Setting serial port parameters... Ok
Initiating communication... Ok
Getting hardware version... 0xca01
Getting chip ID... 0x625a
Getting boot config (low)... 0x0000
Getting boot config (high)... 0x0000
Getting hardware subcode... 0x8000
Getting hardware version (again)... 0xca01
Getting chip firmware version... 0x0001
Getting security version... v 5
Enabling security (?!)... Ok
Reading ME... 00000000 5a c2 9e 20 c9 5d 9c 31  24 e4 fb e3 8e dd b5 b3  |Z.. .].1$.......|
Disabling WDT... Ok
Reading RTC Baseband Power Up (0xa0710000)... 0x0001
Reading RTC Power Key 1 (0xa0710050)... 0xa357
Reading RTC Power Key 2 (0xa0710054)... 0x67d2
Setting seconds... Ok
Disabling alarm IRQs... Ok
Disabling RTC IRQ interval... Ok
Enabling transfers from core to RTC... Ok
Reading RTC Baseband Power Up (0xa0710000)... 0x0001
Getting security configuration... Unable to read from Sec Conf buffer: Success
Getting PSRAM mapping... 0x0000
Disabling PSRAM -> ROM remapping... Ok
Checking PSRAM mapping... 0x0002
Checking on PSRAM mapping again... 0x0002
Updating PSRAM mapping again for some reason... Ok
Reading some fuses... 0x00000007
Enabling UART... 0x0000
Loading Fernly USB loader... !! First response is 0x1d0d, not 0 !!

I tried several times and the result is the same.
What could be the reason ?

Kind regards.

Hi, if someone can share loaders as binary files, will be enough.

Regards.

Hi,

does it exist version for Windows users?

At least usb-loader.bin and firmware.bin?

Kind regards.

Well, I have a phone, based on MT6250 chipset. And it looks similar to MT6260.

It has ROM, VIVA (and ALICE) , but also has SECURE_RO_ME (some fundamental configuration region).

############################################################################################################
#
#  Control Block Region Setting
#
############################################################################################################         

control_block_region:
  rom:
    - file: SECURE_RO_ME

This region is encrypted. From my experience it's encrypted by blocks of 8 bytes and looks like DES or 3DES. But I haven't find any references to it in firmware.  In some other forums I read, that decryption is done by MCU.

That's why I asked if someone have more info.

Kind regards.

There is a rumor, that these MTK MCU's ( MT6250, MT6260 ...) have built-in symmetric  encrypting / decrypting algorithm.

May be someone know more about that?

Does someone decompressed VIVA image f.e?

Regards.