Giter Site home page Giter Site logo

mtk_uartboot's Introduction

A third-party tool to load and execute binaries over UART for Mediatek SoCs.

The BootROM recovery support on Mediatek smartphone SoCs is also available on their ARM-based router SoCs over UART. However, there's no SP Flash Tool and accompanying download agent released for these router chips.

This tool implements basic support to load and execute a custom binary over UART as the download agent on Mediatek ARM SoCs with secure-boot disabled. With this, it's possible to recover Mediatek ARM routers over UART even if the bootloader in flash is completely broken.

Credits

The UART recovery protocol is exactly the same as the USB one on MTK smartphone SoCs, which has already been reverse-engineered by others. The knowledge of the protocol details come from these two projects:

bkerler/mtkclient

MTK-bypass/bypass_utility

Compatibility

This utility should work on all Mediatek SoCs with secure-boot disabled. It's been tested on MT7622/MT7629 and MT798x.

This utility won't work on secure-boot enabled routers.

Usage

Usage: mtk_uartboot [OPTIONS] --payload <PAYLOAD>

Options:
  -s, --serial <SERIAL>
          Serial port
  -p, --payload <PAYLOAD>
          Path to the binary code to be executed
  -l, --load-addr <LOAD_ADDR>
          Load address of the payload [default: 2101248]
  -a, --aarch64
          Whether this is an aarch64 payload
  -f, --fip <FIP>
          Path to an FIP payload. Use this to start an FIP using MTK BL2 built with UART download support
      --brom-load-baudrate <BROM_LOAD_BAUDRATE>
          Baud rate for loading bootrom payload [default: 460800]
      --bl2-load-baudrate <BL2_LOAD_BAUDRATE>
          Baud rate for loading bl2 payload [default: 921600]
  -h, --help
          Print help

Load and start a bootloader on ARM64 SoCs:

./mtk_uartboot -s /dev/ttyUSB0 -p da.bin --aarch64

Omit --aarch64 if you are working with ARMv7 SoCs.

If there's only one serial interface available on your system, you can omit -s as well. The program will use the first serial port it finds.

This utility also supports a UART-boot protocol available in BL2 on Mediatek routers. When using such a BL2 built with UART recovery as download agent, it can subsequently load and start an FIP after BL2 is started:

./mtk_uartboot -p bl2.bin --aarch64 -f bl31-uboot.fip

mtk_uartboot's People

Contributors

981213 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.