|
I've got full eMMC backup via dd and netcat already.
The problem is not a missing eMMC image, but my current inability to restore eMMC content if I mess it up. (Or to be able to write to eMMCs in general)
So when I receive my eMMC reader, I'll do a backup.
Then I'll place a new empty eMMC chip inside and observe, what will happen. Maybe it will enter some kind of USB download mode.??
If not, then I'll try to look for JTAG on test pins with something like JTAGenum/JTAGulator.
If this will lead me nowhere, I'll make an automated test jig to periodically restart CPU with different logic levels on test pads that are static during startup and run and check UART/USB output.
In the datasheet for a different type of Mediatek CPU from the same family MT8x is information about bootloading, where you pull some GPIOs during start, and the CPU then enters UART download mode. Unfortunately, I found no other information about the process.
I'm mostly a HW guy, but I've got some friends that are experienced with binary reverse engineering. With them, we'll look into the u-boot binary to find out more about the unlocking feature.
Missing the datasheet for the MT8113 is a problem, as I cannot find anything about it, and the only info that I can get is from other CPU type datasheets.
|