dev = libusb_open_device_with_vid_pid(ctx, MTK_VID, BROM_PID); if (!dev) fprintf(stderr, "Device not in BROM mode\n"); return -1;
// BROM command constants #define BROM_CMD_SEND_DA 0xD7 #define BROM_CMD_GET_HWCODE 0xA0
int send_brom_command(libusb_device_handle *dev, uint8_t cmd, uint8_t *data, int len) int transferred; // BROM uses bulk OUT endpoint 0x01, bulk IN endpoint 0x81 return libusb_bulk_transfer(dev, 0x01, &cmd, 1, &transferred, BROM_TIMEOUT);
gcc -o brom_driver brom_driver.c -lusb-1.0 A) Send Download Agent (DA) – Bootloader Loading uint8_t da_data[] = /* raw DA binary */ ; uint8_t cmd = BROM_CMD_SEND_DA; libusb_bulk_transfer(dev, 0x01, &cmd, 1, &transferred, 0); libusb_bulk_transfer(dev, 0x01, da_data, sizeof(da_data), &transferred, 0); B) Python version (using pyusb ) import usb.core import usb.util dev = usb.core.find(idVendor=0x0E8D, idProduct=0x0003) if dev is None: raise ValueError("Device not found") mtk brom mode driver
#include <libusb-1.0/libusb.h> #include <stdio.h> #include <stdint.h> #define MTK_VID 0x0E8D #define BROM_PID 0x0003 #define BROM_TIMEOUT 2000
libusb_claim_interface(dev, 0);
int main() libusb_context *ctx = NULL; libusb_device_handle *dev = NULL; dev = libusb_open_device_with_vid_pid(ctx
printf("HW Code: %02X %02X\n", response[0], response[1]);
// Detach kernel driver if needed if (libusb_kernel_driver_active(dev, 0) == 1) libusb_detach_kernel_driver(dev, 0);
Example .inf snippet for Zadig/libwdi:
// Example: read hardware code uint8_t cmd = BROM_CMD_GET_HWCODE; uint8_t response[32] = 0; int transferred;
If you need a (not recommended), you’d write a KMDF USB driver that handles raw bulk transfers, but userspace libusb is the standard approach today.
libusb_bulk_transfer(dev, 0x01, &cmd, 1, &transferred, BROM_TIMEOUT); libusb_bulk_transfer(dev, 0x81, response, sizeof(response), &transferred, BROM_TIMEOUT); if (!dev) fprintf(stderr
libusb_release_interface(dev, 0); libusb_close(dev); libusb_exit(ctx); return 0;
[DeviceList] %MTK_BROM% = DriverInstall, USB\VID_0E8D&PID_0003 %MTK_BROM% = DriverInstall, USB\VID_0E8D&PID_2000 [Strings] MTK_BROM = "MediaTek USB BootROM (Preloader)" No special driver needed – the kernel’s usbhid or cdc_acm may claim it. Use a libusb userspace driver after detaching kernel driver. 3. Userspace Driver (libusb) – Core Protocol Here’s a minimal C + libusb driver skeleton to detect and talk to BROM.