Saturday, April 30, 2016

How to install MediaTek MT65xx USB Preloader VCOM Drivers (all Windows, Linux)

In order to backup or flash new ROMs on Mediatek phones, you'll need to install the Preloader driver. The preloader is a little program that the MTK chipset uses for USB communication, for loading the ROM, charging the phone and many other important tasks.

This short guide will show you how to install the driver on Windows and Linux so the MTK SP Flash Tool can be used.

Steps to install the driver on Windows:

  1. Download the driver from here:  https://drive.google.com/open?id=0B7qGmYL2UHFNYXJtT1dRLXh1TG8
    Save the file on your Desktop and unpack it with an archiver (like http://www.7-zip.org/)
     
  2. If you are using 32-bit Windows XP, Vista or Windows 7 or newer, go to step three. If you're using a 64-bit version of Windows, there are a few extra steps needed before continuing. 64-bit versions of Windows are configured to work only with digitally signed drivers. This security feature needs to be disabled as follows:

    • On Vista or Windows 7 (64 bit), restart the PC then at the startup screen, press F8. This will open the advanced options screen. On this screen, select Disable driver signature enforcement then press Enter.
       
    • On Windows 8 or later (64 bit):
      • Press Windows key + C (taskbar will open)
      • Press Settings -> Change PC settings - > Update and Recovery - > Recovery - > Advanced startup -> Restart
      • After the reboot, a menu will apear. Go to Troubleshoot -> Advanced options -> Startup settings -> Restart
      • After the second reboot, the Startup Settings will apear again, this time you'll be able to select option number 7 (Disable driver signature enforcement) by pressing F7
    After the restart, Windows will be ready to accept unsigned drivers.
     
  3. On Windows XP, Vista, go to Start -> Control panel -> Add Hardware -> Yes I have already connected the hardware -> Add a new hardware device -> Install the hardware that I manually select from a list -> Show all devices -> Press Have disk. Then browse to the INF file for your OS and select it. Press OK, Next, Finish.

    On Windows 7 or newer, open the device manager (right click on My Computer -> Properties -> Device manager). In the manager window, right click on the PC name (first entry in the list) and select Add legacy hardware -> Install hardware that I manually select from a list -> Show all devices -> Have disk. Then browse for the folder of the driver (unpacked earlier) and select the INF file for Windows 7. Press Open again, a list of drivers will appear, press Next to install. If a security window appears, select Install anyway (required).
     
  4. Reboot the PC
     
  5. Test if the driver has correctly installed by connecting the phone to the PC in the Preloader mode. For this, take out the battery from the phone and unplug it from the PC. Then put back the battery and connect it to the PC and you should hear the sound of a new USB device plugged in.
    Another method to get to preloader mode that works especially for phones that have a non-removable battery is to reset the phone while holding the Volume up button (hold it up to 10 seconds after the phone reboots).
  
On Linux, the drivers will work out of the box (they are already installed - tested on Debian). The only thing that needs to be installed to use the SP Flash Tool is the "libusb-dev" package.

P.S. It's normal for the driver to stay connected only for 2-3 seconds and then disconnect. This is because the preloader of the phone will enter the charge mode if no command is sent to the driver. When using the SP Flash Tool to back up or flash the phone, the driver will stay connected.

That's it, you're now ready to backup or flash your Mediatek phone.

Wednesday, April 27, 2016

Fixing bricked Mediatek MT65xx MT6572 phones. Unbricking Philips S309 / S308 (SangFei) with testpoint

A few days ago I found this great deal on a relatively unknown phone, Philips S309. After researching a bit about it, it seems that it's actually built by a chinese company called SangFei. They have bought the rights to use the Philips brand after a joint venture they had together on the mobile market. The phones are quite decent and they have good prices, but they're not widely known, mainly because SangFei only exports them to China, Russia, Brazil, India and Romania.

Philips S309 on its box

The battery in my old Blackberry didn't hold too much charge anymore and it's a bit heavy to carry around so instead of investing in a new battery, I got the Philips. My joy was very short lived though, since I managed to brick it after only 2 days. Seemingly there are 2 versions of the S309, a 4GB one and an 8 GB one that is available only in Russia. Another difference is that the 8GB version has Android 5.1 installed. Of course, people managed to read the 5.1 ROM (easy to do on Mediatek phones) and uploaded the backup file on needrom.com, where I found it.

This is where things went downhill. As you probably know, Mediatek ROMs have a PRELOADER partition which is responsible for loading the OS. If this partition gets corrupted or replaced with an incompatible one, the phone will be completely dead, it will not switch on or connect to the computer in any way. The Flash Tool will not see it either, so there's no way of writing back the original ROM, even if a backup is available.

Even if I knew that the preloader should not be written to the phone under any circumstances, I made the mistake of completely writing the Lollipop ROM to my phone, thinking that it would work since, well, it was for Philips S309. Little did I know that SangFei released 2 versions of the same phone with different hardware. It turns out that the 4GB version cannot use the Lollipop rom. This led to my phone becoming a nice and shiny brick.

Searching online for a solution for this specific phone proved to be futile, but there was some info on unbricking, although useless in my case. For some phones it is possible to activate the "meta" mode (which is a sort of last ditch recovery option for Mediatek devices, officially advertised as "On-chip boot ROM for Factory Flash Programming") by holding the Menu button then plugging in the USB cable. This didn't work for me, but after some more digging, I found another interesting post by rua1 @ china-iphone.ru:

http://forum.china-iphone.ru/test-pointi-dlya-proshivki-preloader-na-mt6573-75-77-t22559.html#p730752

It looks like there's a second way of entering meta mode, but the case of the phone needs to be opened. On the mainboard of most Mediatek phones there's a test point called KCOL0 that gets the phone into meta mode when it is connected to GND. Of course, not all phones are the same, the testpoint could be pretty hard to find, and most of the time it's not labelled.

There are some things needed for finding the TP: a computer (Windows or Linux OS, I used Debian here) with the Flash Tool installed, USB cable, a piece of wire, multimeter, screwdrivers, phone case opening kit, the original software (or a complete backup) of the bricked phone and of course, patience.

Rules to find TP safely:

  • The TP is usually located near the Volume buttons, seems that they're somehow related
  • It carries around 1.8 volts. Use a multimeter to check the voltage (red lead on the TP, black on the GND)
  • If it's over 2.5 volts, it's not the one you need

Here's are the test points for Philips S309 and Philips S308:

Philips S309 KCOL0 testpoint

Philips S308 KCOL0 testpoint


The unbricking procedure for Windows (works on MT65XX phones):

  • Open up the case of the phone (for S308 / S309 take out the top and bottom plastic pieces first, there are scews hidden beneath them)
  • Use USBDeview from Nirsoft (http://www.nirsoft.net/utils/usb_devices_view.html) to remove all Mediatek drivers from your PC
  • Get the MediaTek USB VCOM drivers (http://spflashtool.com/) and unpack them to a folder
  • Open the Flash Tool, choose the scatter file from the backup ROM for your phone then go to download tab, select only PRELOADER
  • Connect the USB cable to the phone and the PC, press the Download button in the Flash Tool
  • Connect the TP to GND with a piece of wire. ATTENTION! Make sure to connect the TP only to Ground. Hold it connected for a few seconds. The computer will detect a new device, when it asks for the driver location point it to the MediaTek USB VCOM drivers
  • If the VCOM driver disconnects / dissapears too soon, press Download again in the Flash Tool, reconnect USB cable and the TP
  • If everything worked, a red progress bar will appear at the bottom of the Flash tool and the computer will upload the PRELOADER to the phone. Wait for the OK window (green circle) to appear.
  • If you want to also write the rest of the ROM, it's recommended to exit the Meta mode and enter normal flash mode. Go to the Download tab in the Flash Tool, deselect PRELOADER and select the other partitions, press Download. Disconnect and reconnect the phone to the USB cable while holding the Volume Up key. The phone will use the newly installed preloader to enter Flash mode without needing the testpoint.

On Linux, the steps are the same, the only exception is that no VCOM driver installation is needed, after connecting the testpoint the phone got detected instantly and the flashing begun. 

Things to keep in mind:
  •  Don't interrupt the flashing process!
  • Use only a copy of the ROM made exactly for your device. A complete backup made with the Flash Tool always saves the day.
  • Don't touch the NVRAM partition, it holds the IMEI and calibration data for your phone.
  • Don't use the Flash Tool to format or test the memory if you don't have a complete backup, it will clear everything, including the partition that holds the IMEI, etc.

FAQ

Q: What to do if the phone enters boot loop? (phone keeps resetting at the Android logo)
A: Turn off the phone and turn it on while holding the Up volume key. This will start the recovery mode. At the Android logo, short press the Power button
then navigate to "Format cache" then "Format user data" or "Reset user data" options. Choose them one by one with them vol Up button. After finishing, choose reset.

Q: What to do if I get a PMT error and the flashing stops?

A: This usually means that the ROM you chose has a different partitioning scheme than the one on the phone. To bypass it, instead of Download only option, select Firmware upgrade. This will tell the tool to update the partitioning scheme on the phone:

Change flashing mode to fix PMT error
In conclusion:
  • If it ain't broke, don't fix it!
  • Never ever update the preloader on Mediatek phones!
  • Always back up the complete ROM from Mediatek phones before flashing them (with the ReadBack function in Flash Tool)! It might save you from using the phone as a paper weight later on :-).

Another link that contains many tools and drivers:
https://www.china-devices.com/files/file/12-mtk-megapack-all-tools-here/


That's about it, I hope this helps someone.