Dumping firmware from phones/MTK
Under construction, more info may soon appear here
The most common methods of dumping firmware from MTK powered phones involve UART test points or box software with a standard USB cable and a "boot key".
With that being said, the difficulty of dumping MTK devices depends a lot on the device you're trying to dump from. This could be anything from only needing a regular USB cable and some box software, to soldering wires from test points to a USB to UART adapter. If you cannot find the pinout on a phone page here on LPCWiki, you may be able to find it on forums such as GSM-Forum.
Disclaimer: For phones connected via UART test points, soldering experience is required. As said elsewhere, make sure you're comfortable soldering to small pads or to test on phones you won't be too upset about losing!
RevSkills[edit]
Using RevSkills, you can dump the firmware of many different MTK feature phones to a single .BIN file. A plethora of device presets are available in the "Device :" dropdown menu.
First, connect the phone to your computer. Open RevSkills and go to Hardware -> Port Utils -> MTK (Pro). A window called "MTK Dumper" should open, and then from there you can select the COM port of your phone or USB-UART device.
In the "Device:" tab, select your phone's model if it is listed. If it isn't, use one of the "MTK Generic auth" selections with the model of the chipset in the phone at the end. For example, this would be set to "MTK Generic auth (MT6223)" for the Doro PhoneEasy 410gsm and any other MT6223 powered phone.
Press "Readback Flash". A window should pop up asking you where you want to save readback.bin, which will be the firmware dump of your phone.
Once it says "Please press and hold the power button of the mobile till you see bytes being transferred...", press the power button as instructed until something happens (or both the RXD and TXD lights start flashing on your USB-UART device if it has them).
If a phone is detected, RevSkills will attempt to send the "Download Agent" to the phone in order to dump the firmware.
If all goes well, a progress bar should appear with the amount of data dumped and the speed of the data transmission.
Once the firmware dump is complete, a pop-up window saying "Done reading." should open.
Common errors[edit]
If you get an error about the download agent failing to save into the phone's SRAM, it may have lost power during the data transfer or a connection is loose. Check if your power source is good (e.g. if your phone battery is dead or if the power supply is giving enough current) and check your wires or soldering job for anything that appears disconnected.
DA_MEM_CMD or DA_INVALID_RANGE: The "Flash read length" is set to a value that is larger than the phone's storage capacity. It should tell you the size of the NAND/NOR flash chip in the text log, so if it does, set the read length accordingly. If it doesn't, keep going down on the list until it doesn't give you that error.
Miracle Thunder[edit]
Miracle Thunder can dump the firmware of many MediaTek devices, especially newer ones which aren't supported by RevSkills.
First, open Miracle Thunder and select Read on the MTK page.
Press Start Button, and it will tell you to power off the phone, reinsert the battery, and to connect the data cable to the phone while pressing a "boot key" (this is usually the * or # key).
If a phone is detected, Miracle Thunder will send a "boot agent" to the phone to dump its firmware, report its flash chip size, and firmware information. If everything is done correctly, a progress bar should appear in the bottom left of the window.
A window should pop up asking you where you want to save the firmware dump when it is finished.
Once the firmware dump is complete, it will say "Read OK" and on the log.
Sidenote: some newer MTK firmwares (e.g MT6260 devices) are compressed in a way where some resources may be more difficult to extract.
All done! If you wish to check the firmware dump, most (if not all) MTK firmware dumps should report the firmware version and other info in plain text.