The phone is stuck in a bootloop displaying "Orange State", does not respond to any buttons presses, and can't enter recovery or fastboot.

• This guide requires you to scrape off the solder mask of a micropin on the motherboard using a needle. A microscope is highly recommended for this

• I did many things during my unbricking process. I don't know which of these are important, so I wrote all of them here

Download the following:

• The original firmware

• The unbricking tools

1. Disassemble the device. There is nothing special here; just remove the back cover, unscrew all the screws on the top half and unplug all the wires

2. Remove the motherboard from the device and turn it around

3. Remove this metal cover:

4. Find the testpoint and carefully scrape off the solder mask:

Now assemble the phone is such a way that you can still access the testpoint, even when it's powered on. I did it like this:

The testpoint has to be shorted to ground for it to work. I recommend using a sharp needle, connected with a wire to the phone's ground (any large metal surface). I shoved the wire into the SIM tray level, because it can actually hold the wire without any tape.

Here are the things I did to this phone, in order:

1. Flashed the firmware in "Download Only" mode (see §Using SP Flash Tool)

   • This didn't do anything to the phone

2. Flashed vbmeta and vbmeta_system with --disable-verity --disable-verification (see §Using fastboot)

3. Changed the active slot from "B" to "A": fastboot set-active a

4. At this point "MTKMETAUtility" stopped working, so I switched to "MTK-Auth-Bypass", which can't enter fastboot

5. Flashed the firmware in "Firmware Upgrade" mode

   • The flashing failed with a "verification error"

   • The phone successfully booted, but with a "Download did not finish" warning on startup

6. Flashed the firmware using "Download Only" mode (again)

   • The flashing failed with the same error

7. Flashed the firmware using "Download Only" mode, but disabled the tranfs partition

   • The phone successfully booted without a warning

During this process I did not loose my IMEIs

1. Unpack it from the unbricking tools

2. Set the "Scatter-loading File" to MT6768_Android_scatter.txt (inside the firmware directory)

3. Set the mode to "Download Only" or "Firmware Upgrade"

   • Do not use "Format All", it will wipe your IMEIs and may render the phone unrecoverable

4. Remove the checkmark next to tranfs in the bottom table if needed

5. Use §MTKMETAUtility or §MTK Auth Bypass Tool

6. Press download

1. Unpack it from the unbricking tools

2. Set the date to January 1st 2022

   • This has to be done before the program is executed, as the program rewrites itself when executed after it's "expiration date"

   • There seems to be some other heuristic that stops the program from running, which I wasn't able to figure out. So, if you can, run the program in a disposable virtual machine

3. Open the "BRom" tab

   • Select "Disable Auth" if using with SP Flash Tool,

   • and "Reboot Fastboot Mode" is using with fastboot

4. Plug in the phone while shorting the testpoint

5. Disconnect the testpoint

1. Unpack it from the unbricking tools

2. Open it; press "Disable Auth"

3. Plug in the phone while shorting the testpoint

4. Wait for the process to finish

5. Disconnect the testpoint and use SP Flash Tool

1. Use §MTKMETAUtility to enter fastboot mode

2. Now use fastboot as normal

   • If it complains about the battery being too low, disconnect the battery (while the phone is still connected and booted into fastboot mode)