[MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

Search This thread
By:
Advanced…
K

k4y0z

Senior Member
Nov 27, 2015
1,468
2,055
As some of you have already noticed, a couple of weeks ago @Dinolek and I published a utility, that allows bypassing authentication on MTK devices.
The tool is based on an exploit dubbed kamakiri, which was originally found by @xyz` and released for the Amazon FireTV Stick 4K (mantis)

What does this mean?
You can use this utility to bypass Serial Link Authentication and Download Agent Authentication on supported devices to use software such as SP Flash Tool to unbrick devices that would otherwise require authentication (AUTH-file).

The tool has since been expanded to support more SOCs by contributions from @viperbjk, @Rortiz2 and others.

It currently supports the following SOCs (and their variations):
  • mt6261
  • mt6572
  • mt6580
  • mt6582
  • mt6592
  • mt6595
  • mt6735
  • mt6737
  • mt6739
  • mt6750
  • mt6753
  • mt6755
  • mt6757
  • mt6761
  • mt6763
  • mt6765
  • mt6768
  • mt6771
  • mt6779
  • mt6785
  • mt6795
  • mt6797
  • mt6799
  • mt6833
  • mt6853
  • mt6873
  • mt6885
  • mt8127
  • mt8163
  • mt8167
  • mt8173
  • mt8590
  • mt8695
There are two parts to this project, the Utility itself and the Exploit Collection.

Please refer to the projects README how to set up your environment to use this utility successfully.

Please note, this project has already been incorporated in multiple commercial tools without even a mention.
This software is free to use, but the courtesy of at least mentioning the original authors is expected.

If you like this software and would like to support us, you can donate
 
Last edited:
  • Like
  • Love
Reactions: spnk_251209, ddougg, LR Tecno and 38 others
hikari_calyx

hikari_calyx

Senior Member
Jul 20, 2016
635
862
Wuhan
hikaricalyx.com
Nintendo Switch
Nokia 8.3 5G
Nice work!
This will work on MTK devices that misconfigured on preloader, like this one:
Code: 
MTK_SEC_CHIP_SUPPORT=yes
MTK_SEC_USBDL=ATTR_SUSBDL_ONLY_ENABLE_ON_SCHIP
MTK_SEC_BOOT=ATTR_SBOOT_ONLY_ENABLE_ON_SCHIP
MTK_SECURITY_SW_SUPPORT=yes
CUSTOM_SEC_AUTH_SUPPORT=no

Which means the phone was secured but no authentication file is generated, and impossible to revive without some sort of programmer back then. An example is Nokia 3.
 
  • Like
  • Wow
Reactions: HemanthJabalpuri and tran_1903
XRed_CubeX

XRed_CubeX

Senior Member
Sep 6, 2018
425
79
Samsung Galaxy Tab 4
Meizu M2 / M2 Mini
Yoss Roness said:
Wow! Amazing work! Quick question, is there any chance in the future of expanding this exploit to support MTK6762? My Redmi 6 has been bricked for two years now because I can't get access to a Xiaomi Auth account...
Click to expand...
Click to collapse
It depends, if the developers will have a device with the same soc or a device with a similar soc then it is possible that they port it, or even another person who is good at decompilers who wants to port can do it, you can also but you always depend on whether you can do it
 
K

k4y0z

Senior Member
Nov 27, 2015
1,468
2,055
Yoss Roness said:
Wow! Amazing work! Quick question, is there any chance in the future of expanding this exploit to support MTK6762? My Redmi 6 has been bricked for two years now because I can't get access to a Xiaomi Auth account...
Click to expand...
Click to collapse

MT6762 should be the same as MT6761, so that should already be supported.

For unsupported devices you can try running the utility in testmode.
Code: 
./main.py -t

If you can get a bootrom-dump, we can see what we can do about support.
 
  • Like
Reactions: DoctorSubtilis and Kramar111
XRed_CubeX

XRed_CubeX

Senior Member
Sep 6, 2018
425
79
Samsung Galaxy Tab 4
Meizu M2 / M2 Mini
k4y0z said:
MT6762 should be the same as MT6761, so that should already be supported.

For unsupported devices you can try running the utility in testmode.
Code: 
./main.py -t

If you can get a bootrom-dump, we can see what we can do about support.
Click to expand...
Click to collapse
Can you create a guide on how to port (for noobs though)? I also have an unsupported device and would like to try porting.
 
Yoss Roness

Yoss Roness

Member
Jan 8, 2019
21
2
Xiaomi Poco F3
k4y0z said:
MT6762 should be the same as MT6761, so that should already be supported.

For unsupported devices you can try running the utility in testmode.
Code: 
./main.py -t

If you can get a bootrom-dump, we can see what we can do about support.
Click to expand...
Click to collapse
I tried, but when I ran your command I recieved this error: Unable to create process using '/bin/python3
 
W

wentaas

Member
May 17, 2019
24
5
firstly this is huge, soon enough we'll probably get rid of oems' dumb restrictions and paywalls for having permission over your own device but it doesnt work on my redmi note 8 pro global

it's just stuck on waiting for device, i've tried everything like cmd in admin, restarting, all the debug parameters, even class filters. i dont see mtk6785t but 6785 is there so i think that shouldnt be an issue? idk but any help would be great, i have the payloads in the payloads/ folder and the default_config.json5 file in the dir with main.py in it

i'm running it on a pc w ryzen 5 3600 so that could be why? i've checked the code it seems to just not find the serial port. if i should try on an intel cpu, how would i use it with a mac? because i dont have any other pcs. maybe through vm but i doubt that'd work. anyways amazing work just wait for someone to make a gui for it (maybe me but.. cries in tkinter) and it'll be an end to all the stupid oem stuff

again any help would be really appreciated i dont wanna get a realme or something just because i hate miui :(
 
  • Like
Reactions: Kelexine
K

k4y0z

Senior Member
Nov 27, 2015
1,468
2,055
wentaas said:
it's just stuck on waiting for device, i've tried everything like cmd in admin, restarting, all the debug parameters, even class filters. i dont see mtk6785t but 6785 is there so i think that shouldnt be an issue?
Click to expand...
Click to collapse

I don't know if mt6785 and mt6785t are the same.
If it doesn't even see your device your issue is something else.
Make sure your device is in bootrom-mode.
 
You must log in or register to reply here.

Similar threads

bucefal82
Cyanogenmod for mediatek devices
Replies
7K
Views
2M
flux_capacitor
flux_capacitor
D
Amazing Temp Root for MediaTek ARMv8 [2020-08-24]
Replies
2K
Views
903K
sosiskaaa23242
sosiskaaa23242
superdragonpt
[RECOVERYs] [ROMs] [UNLOCK BL] ASUS Memo Pad HD 7 (me173x) [MT8125] [MULTILANG]
Replies
2K
Views
1M
D
davidsummers
P
[DEV] [Huawei U8160/U8180] CyanogenMod 7.2.0-RC1 U8160 Port (14th August 2012)
Replies
5K
Views
1M
G
GuestD1009
yuweng
[PORT] [TOOL] Carliv Touch Recovery for MediaTek devices
Replies
920
Views
521K
A
Ankit.2004

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 41
    K
    k4y0z
    As some of you have already noticed, a couple of weeks ago @Dinolek and I published a utility, that allows bypassing authentication on MTK devices.
    The tool is based on an exploit dubbed kamakiri, which was originally found by @xyz` and released for the Amazon FireTV Stick 4K (mantis)

    What does this mean?
    You can use this utility to bypass Serial Link Authentication and Download Agent Authentication on supported devices to use software such as SP Flash Tool to unbrick devices that would otherwise require authentication (AUTH-file).

    The tool has since been expanded to support more SOCs by contributions from @viperbjk, @Rortiz2 and others.

    It currently supports the following SOCs (and their variations):
    • mt6261
    • mt6572
    • mt6580
    • mt6582
    • mt6592
    • mt6595
    • mt6735
    • mt6737
    • mt6739
    • mt6750
    • mt6753
    • mt6755
    • mt6757
    • mt6761
    • mt6763
    • mt6765
    • mt6768
    • mt6771
    • mt6779
    • mt6785
    • mt6795
    • mt6797
    • mt6799
    • mt6833
    • mt6853
    • mt6873
    • mt6885
    • mt8127
    • mt8163
    • mt8167
    • mt8173
    • mt8590
    • mt8695
    There are two parts to this project, the Utility itself and the Exploit Collection.

    Please refer to the projects README how to set up your environment to use this utility successfully.

    Please note, this project has already been incorporated in multiple commercial tools without even a mention.
    This software is free to use, but the courtesy of at least mentioning the original authors is expected.

    If you like this software and would like to support us, you can donate
    View
    5
    erktheerk
    erktheerk
    aIecxs said:
    download mode is not BROM mode. the guide linked is misleading and does not give correct instructions for installing preloader drivers.
    get help in proper section/thread for your device. this thread is for experts only (and we recommend linux btw)
    Click to expand...
    Click to collapse
    Even with 30+ years online I'll never understand people like you. Who waste effort, goodwill and everyone's time by typing out a response that is nothing more than a half assed way to say, Linux...no wait, I meant:

    "I'm smarter than you and far too busy to waste my time copy pasting a link for plebs who don't know the difference between two things on an obscure topic I've wasted way too much of my time becoming familiar with. I will however take the time to let you know I know the answer and I hope you feel bad because I'm not telling you. Now run along and search more, no information here, only experts talking to ourselves, oh and Linux "

    just don't ****ing say anything at all if your not bothering to answer something or be helpful. Not only do I now know you exist because of this comment, I don't like you. Imagine you contribute to the quality of life of those around you the same as here, negatively. I hope your smug life is terrible and your vast knowledge on things you can only be bothered to inform others you know about, but won't be telling them, remians eternally unfulfilled as wasted energy until entropy and the heat death of the universe erases the final shreds of anything ever being known at all .....linux
    View
    3
    XRed_CubeX
    XRed_CubeX
    abodoma said:
    REDMI 6A MT6765_Android no luck

    C:\Users\*****\AppData\Local\Programs\Python\Python37>python main.py
    Traceback (most recent call last):
    File "main.py", line 213, in <module>
    main()
    File "main.py", line 37, in main
    raise RuntimeError("Default config is missing")
    RuntimeError: Default config is missing
    Click to expand...
    Click to collapse
    Extract the exploit collection
    View
    2
    K
    k4y0z
    reserved #1
    View
    2
    Yoss Roness
    Yoss Roness
    Wow! Amazing work! Quick question, is there any chance in the future of expanding this exploit to support MTK6762? My Redmi 6 has been bricked for two years now because I can't get access to a Xiaomi Auth account...
    View

New posts