Patching Preloader using payload.

[CastorDYvaine]

I have a Samsung A03S running an MT6765.
I have bricked the device by rolling back to Android 11 using an MTkClient backup.
My hypothesis is this is due to either an anti-rollback efuse or the Preloader not verifying the LK.

So my question is is there a way to flash the Preloader partition with the MT6765 Preloader payload to disable signature verification on boot?

[Synonymous1]

Coincidentally did something very similar on same hardware. Trying to root att varient. Took full backup before tinkering.

Was up-to-date, Bootloader unlock works until reboot, tried going back to earliest possible stock rom.

Extracted and deflated official tar into lz4, deflated LZ4 to raw img files. Flashed with mtkclient instead of Odin. Brick. No recovery, no Odin mode, no fastboot, no vibrator on power. Only get Brom.

Restore my backup, but no change, still brick. I left preloader alone at all times.

Tried to flash newest stock same way, no change. Can't flash preloader (mtkclient gui freezes) (mtk cli says no preloader partition) Gemini says use mtk cli to write to boot1. Attempting now. May try flash full emmc option (it needs more warnings about what that is) with just my preloader bin (since preloader coincidentally is first partition) which Gemini seems to think will zero out my whole emmc after my 4mb preloader file.

[Synonymous1]

Did the bad thing. Gemini was correct and it did zero out my emmc, still no life.

Technical data here, do not follow my lead.
Gemini links only live a few days.
https://g.co/gemini/share/80b9ffad2a99
Attempting to derive memory locations from pit to compare with old mtkclient partition table.

If you dm me your email, we can exchange backups. What I need is the full emmc flash from the flashtools tab, in return I'll give you my partition backups from the partition tab. Please zip your 32gb file with 7z with maximum compression and I'll do the same. Both our backups are mostly empty space

[CastorDYvaine]

I'm not quite sure I understand. What purpose is sharing backups?
For context I have the 64/4GB dual-sim A037F/DS.

[Shocked-Cat]

mtk.py r preloader preloader_original.bin --parttype boot1 --preloader=preloader_bit8.bin

mtk.py w preloader preloader_bit8.bin --parttype boot1 --preloader=preloader_bit8.bin

Here is boot1 (preloader) taken from BL firmware 8 bit and unpacked via lz4
preloader_bit8.zip

[Synonymous1]

My problem was the preloader.
Gui would not write it, TUI did.
I used the preloader from newest rom, fully extracted and unpacked.

I get Odin now, and my problem is mtkclient destroying my gpttable when I write super.
If I do a printgpt with the debug flag, it fails and generated a log over 500mb.

I have to write my gpt backup and the new preloader again after.

I can attach log upon request

[CastorDYvaine]

How exactly did you do that? Because the GPT on my device doesn't show preloader, boot1, or "bootloader" partitions.

[Shocked-Cat]

I have to write my gpt backup

Do you have experience in this area?

[Synonymous1]

I meant past-present tense.
Yes, I have successfully written it back.
I took advantage of Odin mode to write super. I used the new erosflasher on linux

https://github.com/Gabriel2392/ErosFlashTool/releases
https://t.me/ErosMobileTool/84

My phone works. Still no root, back to square one