I'm not sure.
Try to talk with developers here:
Issues · MTK-bypass/exploits_collection
Contribute to MTK-bypass/exploits_collection development by creating an account on GitHub.
github.com
Try to talk with developers here:
github.com
Thanks to:
chaosmaster / k4y0z: GitHub / XDA
xyzz / xyz`: GitHub / XDA
Dinolek: GitHub / XDA
1. Download the attached file: VD171_MTK-bypass.zip.
- How to install:
2. Extract the file and open the folder.
3. Run and install python: python-3.9.1-amd64.exe.
Keep atention: You need to select "Add Python to PATH" before starting the installation.
4. Open cmd or powershell and execute this command:
pip install pyusb pyserial json5
5. Go to the Driver folder and right-click on the cdc-acm.inf file, then click Install and then, close window.
6. Run and install filter wizard: libusb-win32-devel-filter-1.2.6.0.exe.
7. Launch filter wizard.
8. Select Install a device filter and click Next.
9. Connect powered off phone with volume- button to boot in EDL mode.
10. Once you see new MediaTek USB Port in the list, select it and click Install.
Now, you are ready for bypassing EDL !
1. Go to the Bypass folder. Run the script: bypass.bat.
- How to bypass:
2. Connect powered off phone with volume- button to boot in EDL mode.
3. Once you get "Protection disabled" at the end, without disconnecting phone and usb, run SP Flash Tool.
4. Once the SP Flash Tool opens, click Options > Options > Connection.
5. Select UART mode and select Baud rate to 921600.
Now, you are ready for flashing !
1. Download latest release of the tool: https://github.com/MTK-bypass/bypass_utility/releases/latest
- How to update:
2. Download latest release of payloads: https://github.com/MTK-bypass/exploits_collection/releases/latest
3. Extract the content of both files to the Bypass folder.
Now, you are updated !
- How does the bypass work?
Dissecting a MediaTek BootROM exploit
A bricked Xiaomi phone led me to discover a project in Github that uses a MediaTek BootROM exploit that was undocumented. The exploit was found by Xyz, and implemented by Chaosmaster. The initial exploit was already available for quite a while. Since I have managed to revive my phone, I am documentitinyhack.com
All Credits To:
chaosmaster / k4y0z: GitHub / XDA
xyzz / xyz`: GitHub / XDA
Dinolek: GitHub / XDA
Do you need help with your MERLIN device ?
Read this FAQ: https://xdaforums.com/t/faq-guide-h...for-merlin-redmi-note-9-redmi-10x-4g.4225163/
#NoAuth #NoAuthentication #No-Auth #No-Authentication #MediaTek #Xiaomi
#MiAuth #MiAuthentication #Mi-Auth #Mi-Authentication #XiaoMiAuth #free
#XiaoMiAuthentication #XiaoMi-Auth #XiaoMi-Authentication #unbricking
#unbricked #unbrick
#MTK #MT6572 #MT6735 #MT6737 #MT6739 #MT6750 #MT6765 #MT6762
#MT6761 #MT6768 #MT6771 #MT6785 #MT8127 #MT8163 #MT8173 #MT8695
THANKS SO MUCH ... U SAVED My DAY ..
OMG THANK YOU SO MUCHThanks to:
chaosmaster / k4y0z: GitHub / XDA
xyzz / xyz`: GitHub / XDA
Dinolek: GitHub / XDA
1. Download the attached file: VD171_MTK-bypass.zip.
- How to install:
2. Extract the file and open the folder.
3. Run and install python: python-3.9.1-amd64.exe.
Keep atention: You need to select "Add Python to PATH" before starting the installation.
4. Open cmd or powershell and execute this command:
pip install pyusb pyserial json5
5. Go to the Driver folder and right-click on the cdc-acm.inf file, then click Install and then, close window.
6. Run and install filter wizard: libusb-win32-devel-filter-1.2.6.0.exe.
7. Launch filter wizard.
8. Select Install a device filter and click Next.
9. Connect powered off phone with volume- button to boot in EDL mode.
10. Once you see new MediaTek USB Port in the list, select it and click Install.
Now, you are ready for bypassing EDL !
1. Go to the Bypass folder. Run the script: bypass.bat.
- How to bypass:
2. Connect powered off phone with volume- button to boot in EDL mode.
3. Once you get "Protection disabled" at the end, without disconnecting phone and usb, run SP Flash Tool.
4. Once the SP Flash Tool opens, click Options > Options > Connection.
5. Select UART mode and select Baud rate to 921600.
Now, you are ready for flashing !
1. Download latest release of the tool: https://github.com/MTK-bypass/bypass_utility/releases/latest
- How to update:
2. Download latest release of payloads: https://github.com/MTK-bypass/exploits_collection/releases/latest
3. Extract the content of both files to the Bypass folder.
Now, you are updated !
- How does the bypass work?
Dissecting a MediaTek BootROM exploit
A bricked Xiaomi phone led me to discover a project in Github that uses a MediaTek BootROM exploit that was undocumented. The exploit was found by Xyz, and implemented by Chaosmaster. The initial exploit was already available for quite a while. Since I have managed to revive my phone, I am documentitinyhack.com
All Credits To:
chaosmaster / k4y0z: GitHub / XDA
xyzz / xyz`: GitHub / XDA
Dinolek: GitHub / XDA
Read this FAQ: https://xdaforums.com/t/faq-guide-h...for-merlin-redmi-note-9-redmi-10x-4g.4225163/
#NoAuth #NoAuthentication #No-Auth #No-Authentication #MediaTek #Xiaomi
#MiAuth #MiAuthentication #Mi-Auth #Mi-Authentication #XiaoMiAuth #free
#XiaoMiAuthentication #XiaoMi-Auth #XiaoMi-Authentication #unbricking
#unbricked #unbrick
#MTK #MT6572 #MT6735 #MT6737 #MT6739 #MT6750 #MT6765 #MT6762
#MT6761 #MT6768 #MT6771 #MT6785 #MT8127 #MT8163 #MT8173 #MT8695
I dont know what i would have done without this guide
You are welcome, my friend.OMG THANK YOU SO MUCH
I dont know what i would have done without this guide
Enjoy
after this guide, Should I follow this one? https://xdaforums.com/t/guide-how-t...for-merlin-redmi-note-9-redmi-10x-4g.4229937/
Exactly.
First, you bypass auth and then use sp flash tool as you want.
Remember, if you remove usb cable, you need to bypass auth again.
Can I flash a custom rom with sp flash tool even though my device is in bootloop right now and I need to bypass auth? Or i need to flash the official firmware . If I need to flash the firmware , it has to be the fastboot or recovery?
Can I use this method for qualcomm devices?Thanks to:
chaosmaster / k4y0z: GitHub / XDA
xyzz / xyz`: GitHub / XDA
Dinolek: GitHub / XDA
1. Download the attached file: VD171_MTK-bypass.zip.
- How to install:
2. Extract the file and open the folder.
3. Run and install python: python-3.9.1-amd64.exe.
Keep atention: You need to select "Add Python to PATH" before starting the installation.
4. Open cmd or powershell and execute this command:
pip install pyusb pyserial json5
5. Go to the Driver folder and right-click on the cdc-acm.inf file, then click Install and then, close window.
6. Run and install filter wizard: libusb-win32-devel-filter-1.2.6.0.exe.
7. Launch filter wizard.
8. Select Install a device filter and click Next.
9. Connect powered off phone with volume- button to boot in EDL mode.
10. Once you see new MediaTek USB Port in the list, select it and click Install.
Now, you are ready for bypassing EDL !
1. Go to the Bypass folder. Run the script: bypass.bat.
- How to bypass:
2. Connect powered off phone with volume- button to boot in EDL mode.
3. Once you get "Protection disabled" at the end, without disconnecting phone and usb, run SP Flash Tool.
4. Once the SP Flash Tool opens, click Options > Options > Connection.
5. Select UART mode and select Baud rate to 921600.
Now, you are ready for flashing !
1. Download latest release of the tool: https://github.com/MTK-bypass/bypass_utility/releases/latest
- How to update:
2. Download latest release of payloads: https://github.com/MTK-bypass/exploits_collection/releases/latest
3. Extract the content of both files to the Bypass folder.
Now, you are updated !
- How does the bypass work?
Dissecting a MediaTek BootROM exploit
A bricked Xiaomi phone led me to discover a project in Github that uses a MediaTek BootROM exploit that was undocumented. The exploit was found by Xyz, and implemented by Chaosmaster. The initial exploit was already available for quite a while. Since I have managed to revive my phone, I am documentitinyhack.com
All Credits To:
chaosmaster / k4y0z: GitHub / XDA
xyzz / xyz`: GitHub / XDA
Dinolek: GitHub / XDA
Read this FAQ: https://xdaforums.com/t/faq-guide-h...for-merlin-redmi-note-9-redmi-10x-4g.4225163/
#NoAuth #NoAuthentication #No-Auth #No-Authentication #MediaTek #Xiaomi
#MiAuth #MiAuthentication #Mi-Auth #Mi-Authentication #XiaoMiAuth #free
#XiaoMiAuthentication #XiaoMi-Auth #XiaoMi-Authentication #unbricking
#unbricked #unbrick
#MTK #MT6572 #MT6735 #MT6737 #MT6739 #MT6750 #MT6765 #MT6762
#MT6761 #MT6768 #MT6771 #MT6785 #MT8127 #MT8163 #MT8173 #MT8695
No.
This is for mediatek only.
For snapdragon devices you should use a firehose preloader.
Last edited:
Hi! I plugged my Redmi note 9 (locked BL) via usb while installing Device Filter(s) but can't seem to find the Mediatek USB Port. Is there a driver I need to install?
when i run the bypass.bat script while pressing volumedown button in poweroff state then i get thi errorGood work, my friend
It solves all our problems for unbricking
it says
usb.core.NoBackendError : No backend available
Last edited:
I'm not sure about that error.
Please, contact developers here:
Issues · MTK-bypass/exploits_collection
Contribute to MTK-bypass/exploits_collection development by creating an account on GitHub.
github.com
So will it be ok if i just skip auth by flashing preloader.bin in fastboot mode and then turn off my device and flash with spflashI'm not sure about that error.
Please, contact developers here:
Issues · MTK-bypass/exploits_collection
Contribute to MTK-bypass/exploits_collection development by creating an account on GitHub.
Will i need to select preloader.bin in spflash again while flashing?
I want to downgrade from 12.5.5 to 12.0.2
Hello all masters.
I have a stuck in edl mode on note 11 pro.
And this step i need to do to finish my problem.
I do all steps, but when i hit bypass, cmd window popup, and i just get this.
[2022-10-27 22:51:36.125199] Waiting for device
and nothing happens.
I have a stuck in edl mode on note 11 pro.
And this step i need to do to finish my problem.
I do all steps, but when i hit bypass, cmd window popup, and i just get this.
[2022-10-27 22:51:36.125199] Waiting for device
and nothing happens.
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
16Thanks to:
chaosmaster / k4y0z: GitHub / XDA
xyzz / xyz`: GitHub / XDA
Dinolek: GitHub / XDA
- How to install:
2. Extract the file and open the folder.
3. Run and install python: python-3.9.1-amd64.exe.
Keep atention: You need to select "Add Python to PATH" before starting the installation.
4. Open cmd or powershell and execute this command:
pip install pyusb pyserial json5
5. Go to the Driver folder and right-click on the cdc-acm.inf file, then click Install and then, close window.
6. Run and install filter wizard: libusb-win32-devel-filter-1.2.6.0.exe.
7. Launch filter wizard.
8. Select Install a device filter and click Next.
9. Connect powered off phone with volume- button to boot in EDL mode.
10. Once you see new MediaTek USB Port in the list, select it and click Install.
Now, you are ready for bypassing EDL !
- How to bypass:
2. Connect powered off phone with volume- button to boot in EDL mode.
3. Once you get "Protection disabled" at the end, without disconnecting phone and usb, run SP Flash Tool.
4. Once the SP Flash Tool opens, click Options > Options > Connection.
5. Select UART mode and select Baud rate to 921600.
Now, you are ready for flashing !
- How to update:
2. Download latest release of payloads: https://github.com/MTK-bypass/exploits_collection/releases/latest
3. Extract the content of both files to the Bypass folder.
Now, you are updated !
- How does the bypass work?
All Credits To:
chaosmaster / k4y0z: GitHub / XDA
xyzz / xyz`: GitHub / XDA
Dinolek: GitHub / XDA
Do you need help with your MERLIN device ?
Read this FAQ: https://xdaforums.com/t/faq-guide-h...for-merlin-redmi-note-9-redmi-10x-4g.4225163/
#NoAuth #NoAuthentication #No-Auth #No-Authentication #MediaTek #Xiaomi
#MiAuth #MiAuthentication #Mi-Auth #Mi-Authentication #XiaoMiAuth #free
#XiaoMiAuthentication #XiaoMi-Auth #XiaoMi-Authentication #unbricking
#unbricked #unbrick
#MTK #MT6572 #MT6735 #MT6737 #MT6739 #MT6750 #MT6765 #MT6762
#MT6761 #MT6768 #MT6771 #MT6785 #MT8127 #MT8163 #MT8173 #MT86952woah this can speed up custom rom development for the device, just like the factory images on redmi note 8 pro, i hope lots of people see this!2
Hello, my friend.
I've attached only the payload specific for MT6768.
For MT6580, you need to do one step before:
1. Open the folder "Bypass".
2. Edit the file "main.py".
3. Modify the line #14:
Change:
ToCode:DEFAULT_PAYLOAD = "mt6768_payload.bin"
4. Save the file.Code:DEFAULT_PAYLOAD = "mt6580_payload.bin"
Done.
Now, you can bypass your device too.
Good luck2
Hello bro, today I was able to recover my Redmi 9 with the update of the tool that you shared, it was a bit complicated but in the end if it recovered, now, I have a problem, this Redmi is dual SIM and the two IMEIs appear unknown to me and a Wi-Fi network called NVram warning: Err = 0x10 appears, is there any solution to this error?
