Topic: Tools to dump DA (download agent) info and communicate with BL/DA
As becomes clear from other topics here on Fernvale topic, hacking a particular SoC is a dead-end - there're too many of them, new ones displacing older all the time. Also as discussed in other topics, one approach to scale up to other chips is to get hold of vendor's "DA" (download agent) which provides common set of operations (e.g. read/write flash) across number of phones (by actually providing collection of SoC-specific executable blobs implementing common wire interface).
Well, common wire interface is wishful thinking, given number and variety of Mediatek SoC. There're 2 big-groups of MTK phone SoC:
1. ARM7/ARM11-nommu (soon Cortex-M?) based feature-phone targeted ones (MT62xx/MT25xx series).
2. ARM11mmu/Cortex-A based smart-phone targeted ones (MT65xx/MT67xx/MT26xx, also MT81xx/MT83xx tablet/mediabox-targetted).
So, unfortunately the common thing with their BootROM bootloaders is that you enter it with "\xa0\x0a\x50\x05" sequence. That's where commonality ends. With Cortex-A devices, next thing you do is to issue 0xfd command to get chip ID, but such command doesn't work on ARM7, where you need to read chip ID directly from registers, as can be seen in Fernly.
With such a prelude, I'm happy to announce https://github.com/mtek-hack-hack/mtk-open-tools repo, containing so far:
da-dump.py - tool to dump info from combined DA binary. This binary is usually named MTK_AllInOne_DA.bin, even though it's different files for Linux/non-Linux SoCs, coming from different vendor flash tools (however named almost the same - SP Flash Tool vs Flash Tool).
mtk-bootloader-tool.py - tool to load DA parts and communicate with them to read flash on a Linux phone. So far, it has hardcoded thing for MT6580.
The idea is to keel elaborating and generalizing these tools, eventually extended to non-Linux SoC like the main topic of Fernvale project.
Enjoy, share your experiences, submit clean patches!