Hello!
In this thread I want to show you how to use MTK Engineer tools. You will need a phone with a MTK (Mediatek) chip to work with this tools.
The most important tool I want to introduce you is MTK Catcher. MTK Catcher is an engineer program for Windows which allows to log and debug low level information on MTK devices (running android). The most interesting thing is that you can see GSM/UMTS radio messages between the phone and the cellular network. This is something special because all mobile phones have proprietary baseband firmware. We can gain insight in underlying GSM/GPRS protocols. MTK Catcher will display the information like in Wireshark. Xgoldmon and OsmocomBB are other projects which give the possibility to monitor this information but this is by far the user-friendliest way to do this.
However there is more potential behind this. The problem is that everything is proprietary here. It would be great if we could parse all information direct on the phone with MTK Catcher. We need to reverse engineer how MTK Catcher decodes the information using the database files. If we can analyze low level data direct on the phone, we could use e.g. this information for our IMSI Catcher Detector project to detect IMSI Catchers aka Stingrays much more reliable (Here you can see what kind of information we need to achieve this).
For more information about MTK Catcher read the manuals.
Warning: Working with Engineer tools means that you can damage your phone! Everything you do is at your own risk!
a) Capture network events and analyze later
b) Capture network events live over USB and access phone with other tools
How to edit NVRAM
Please share everything relevant about what you could find out regarding MTK engineer tools! Thank you!
Everything you need is in this Dropbox folder
In this thread I want to show you how to use MTK Engineer tools. You will need a phone with a MTK (Mediatek) chip to work with this tools.
The most important tool I want to introduce you is MTK Catcher. MTK Catcher is an engineer program for Windows which allows to log and debug low level information on MTK devices (running android). The most interesting thing is that you can see GSM/UMTS radio messages between the phone and the cellular network. This is something special because all mobile phones have proprietary baseband firmware. We can gain insight in underlying GSM/GPRS protocols. MTK Catcher will display the information like in Wireshark. Xgoldmon and OsmocomBB are other projects which give the possibility to monitor this information but this is by far the user-friendliest way to do this.
However there is more potential behind this. The problem is that everything is proprietary here. It would be great if we could parse all information direct on the phone with MTK Catcher. We need to reverse engineer how MTK Catcher decodes the information using the database files. If we can analyze low level data direct on the phone, we could use e.g. this information for our IMSI Catcher Detector project to detect IMSI Catchers aka Stingrays much more reliable (Here you can see what kind of information we need to achieve this).
For more information about MTK Catcher read the manuals.
Warning: Working with Engineer tools means that you can damage your phone! Everything you do is at your own risk!
a) Capture network events and analyze later
- Check if you have MTKLogger installed, this tool comes preinstalled on many MTK devices
- Open MTK EngineerMode (you can use Mobileuncle MTK Tools to do this)
- Open MTKLogger in “Log and Debugging”
- Activate option “ModemLog”.
- Start recording with MTKLogger and stop later.
- On your sdcard you will find folder “mtklog” where all captures are saved including a database file.
- Copy mtklog from your phone to PC
- Open Catcher.exe
- Select in Config → Database path your database file (BPLGU...)
- Select in Controls → Dump File your MDLog_PS file (MDLog_L1 is not displayed)
b) Capture network events live over USB and access phone with other tools
- You will need the database file so obtain it doing the procedure under a)
- Activate USB Debugging in Developer Options
- Open MTKLogger preferences
- In ModemLog menu change Log Mode to “USB Mode”
- Install MTK USB drivers
- Install ADB drivers
- Connect your phone with USB cable to your PC
- Open Catcher.exe
- Select in Config → Database path your database file (BPLGU...)
- Start recording with MTKLogger *important*
- Select in Configure Port → Conn. Mode “Smartphone USB Logging (MD1)”
- Select in Controls → Set Filter what you want to display or just select all
- Check Advanced menu out, there will be e.g. SIM/USIM Editor
How to edit NVRAM
- Install MTK USB drivers
- Install Maui META
- Power off your phone
- Attach your phone to USB → VCOM port should get installed
- Open META (it needs admin privileges to create log files under C:/)
- Select in Options → Connect Smartphone into META mode
- Press Reconnect button
- Attach powered off phone to USB
- Power on the phone → Phone should get stuck on boot screen and fail driver install
- Open device manager, Select “ALL MTK Drivers” as driver update path
- Gadget CDC VCOM appears
- Detach phone from USB
- Power off the phone (hold power key for 10 seconds or remove battery)
- Close META and try again the steps 5-9
- If not successful try again 5-9 and 12-13
- META shows “Connected with target” → Phone is in META mode
- Select NVRAM editor in drop down menu
- Press “Read from NVRAM” button
- Select database file (BPLGU...)
Please share everything relevant about what you could find out regarding MTK engineer tools! Thank you!
Everything you need is in this Dropbox folder