How to unlock Mediatek bootloader using mtkclient any device - 2021

Unlock Mediatek bootloader using mtkclient


Just some mtk tool for exploitation, reading/writing flash, and doing crazy stuff. For windows, you need to install the stock mtk port and the usbdk driver (see instructions below). For Linux, a patched kernel is only needed when using old kamakiri (see Setup folder) (except for reading/writing to flash).

Once the mtk script is running, boot into Brom mode by powering off the device, press and hold either vol up + power or vol down + power and connect the phone. Once detected by the tool, release the buttons.


Credits::


kamakiri [xyzz]
linecode exploit [chimera]
Chaosmaster
All contributors

This guide will explain how to unlock a Mediatek device's bootloader using MTKclient. This will come in handy for those who can't unlock the bootloader using fastboot. This was tested on the LG K51

Warning: Your data will be wiped so backup important stuff first


Requirements



Steps to unlock Mediatek Bootloader using mtkclient


👇See the below video::

 



  1. Open the mtkclient folder, right-click the address bar at the top and copy the address

  2. Launch Command prompt and type cd <space> then paste the address you copied and tap enter

  3. You're set to run commands

  4. Run the following commands - 
  5. "python setup.py install"
  6. "pip3 install -r requirements.txt"
  7. Run the data wipe command then connect your device in BROM Mode
  8. "python mtk e metadata,userdata,md_udc"
  9. Run the bootloader unlock command then re-connect your device in BROM Mode
  10. "python mtk xflash seccfg unlock"
  11. Disconnect and boot


Credits


Credits to Warlockguitarman for the groundwork and discovering the exploit (from Chimera), also to the developer of mtkclient for integrating the exploit.

Important Notice


How you boot into BROM varies with the device so look it up for your model.
To re-lock Bootloader wipe seccfg or run

python mtk xflash seccfg lock


If you encounter an error using python in commands then try py -3

MTKClient Version 1.42::


  • Fixed wrong registers for some targets (mt6572,mt6735,mt6768,mt6785,mt8695)
  • Fixed libusb0 backport compatibility issue
  • Improved handshake speed
  • Added basic mt2601 smartwatch support



Post a Comment

Previous Post Next Post