# mtkclient
Just some mtk tool for exploitation, reading/writing flash and doing crazy stuff.
For windows, you need to install the stock mtk port and the usbdk driver (see instructions below).
For linux, a patched kernel is only needed when using old kamakiri (see Setup folder) (except for read/write flash).
Once the mtk script is running, boot into brom mode by powering off device, press and hold either
vol up + power or vol down + power and connect the phone. Once detected by the tool,
release the buttons.
## Credits
- kamakiri [xyzz]
- linecode exploit [chimera]
- Chaosmaster
- cygnusx (GUI)
- All contributors
## Installation
### Use Re LiveDVD (everything ready to go, based on Ubuntu):
[Download Re Live DVD V3](https://drive.google.com/file/d/1OoGWFSZTqWqwfU35W6UAUwc20CJrK95t/view?usp=sharing)
User: user, Password:user (based on Ubuntu 22.04 LTS)
## Install
### Linux - (Ubuntu recommended, no patched kernel needed except for kamakiri)
#### Install python >=3.8, git and other deps
```
sudo apt install python3 git libusb-1.0-0 python3-pip
```
#### Grab files
```
git clone https://github.com/bkerler/mtkclient
cd mtkclient
pip3 install -r requirements.txt
python3 setup.py build
python3 setup.py install
```
#### Install rules
```
sudo usermod -a -G plugdev $USER
sudo usermod -a -G dialout $USER
sudo cp Setup/Linux/*.rules /etc/udev/rules.d
sudo udevadm control -R
```
Make sure to reboot after adding the user to dialout/plugdev.
---------------------------------------------------------------------------------------------------------------
### Windows
#### Install python + git
- Install python 3.9 and git
- If you install python from microsoft store, "python setup.py install" will fail, but that step isn't required.
- WIN+R ```cmd```
#### Grab files and install
```
git clone https://github.com/bkerler/mtkclient
cd mtkclient
pip3 install -r requirements.txt
```
#### Get latest UsbDk 64-Bit
- Install normal MTK Serial Port driver (or use default Windows COM Port one, make sure no exclamation is seen)
- Get usbdk installer (.msi) from [here](https://github.com/daynix/UsbDk/releases/) and install it
- Test on device connect using "UsbDkController -n" if you see a device with 0x0E8D 0x0003
- Works fine under Windows 10 and 11 :D
---------------------------------------------------------------------------------------------------------------
### Use kamakiri (optional, only needed for mt6260 or older)
- For linux (kamakiri attack), you need to recompile your linux kernel using this kernel patch :
```
sudo apt-get install build-essential libncurses-dev bison flex libssl-dev libelf-dev libdw-dev
git clone https://git.kernel.org/pub/scm/devel/pahole/pahole.git
cd pahole && mkdir build && cd build && cmake .. && make && sudo make install
sudo mv /usr/local/libdwarves* /usr/local/lib/ && sudo ldconfig
```
```
wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-`uname -r`.tar.xz
tar xvf linux-`uname -r`.tar.xz
cd linux-`uname -r`
patch -p1 < ../Setup/kernelpatches/disable-usb-checks-5.10.patch
cp -v /boot/config-$(uname -r) .config
make menuconfig
make
sudo make modules_install
sudo make install
```
- These aren't needed for current ubuntu (as make install will do, just for reference):
```
sudo update-initramfs -c -k `uname -r`
sudo update-grub
```
See Setup/kernels for ready-to-use kernel setups
- Reboot
```
sudo reboot
```
---------------------------------------------------------------------------------------------------------------
## Usage
### Root the phone (Tested with android 9 - 12)
1. Dump boot and vbmeta
```
python mtk r boot,vbmeta boot.img,vbmeta.img
```
2. Reboot the phone
```
python mtk reset
```
3. Download patched magisk for mtk:
Download (here)[https://raw.githubusercontent.com/vvb2060/magisk_files/44ca9ed38c29e22fa276698f6c03bc1168df2c10/app-release.apk]
4. Install on target phone
- you need to enable usb-debugging via Settings/About phone/Version, Tap 7x on build number
- Go to Settings/Additional settings/Developer options, enable "OEM unlock" and "USB Debugging"
- Install magisk apk
```
adb install app-release.apk
```
- accept auth rsa request on mobile screen of course to allow adb connection
5. Upload boot to /sdcard/Download
```
adb push boot.img /sdcard/Download
```
6. Start magisk, tap on Install, select boot.img from /sdcard/Download, then:
```
adb pull /sdcard/Download/[displayed magisk patched boot filename here]
mv [displayed magisk patched boot filename here] boot.patched
```
7. Do the steps needed in section "Unlock bootloader below"
8. Flash magisk-patched boot and empty vbmeta
```
python mtk w boot,vbmeta boot.patched,vbmeta.img.empty
```
9. Reboot the phone
```
python mtk reset
```
10. Disconnect usb cable and enjoy your rooted phone :)
### Boot to meta mode via payload
Example:
```
python mtk payload --metamode FASTBOOT
```
### Unlock bootloader
1. Erase metadata and userdata (and md_udc if existing):
```
python mtk e metadata,userdata,md_udc
```
2. Unlock bootloader:
```
python mtk da seccfg unlock
```
for relocking use:
```
python mtk da seccfg lock
```
3. Reboot the phone:
```
python mtk reset
```
and disconnect usb cable to let the phone reboot.
If you are getting a dm-verity error on Android 11, just press the power button,
then the device should boot and show a yellow warning about unlocked bootloader and
then the device should boot within 5 seconds.
### Read flash
Dump boot partition to filename boot.bin via preloader
```
python mtk r boot boot.bin
```
Dump boot partition to filename boot.bin via bootrom
```
python mtk r boot boot.bin [--preloader=Loader/Preloader/your_device_preloader.bin]
```
Dump preloader partition to filename preloader.bin via bootrom
```
python mtk r preloader preloader.bin --parttype=boot1 [--preloader=Loader/Preloader/your_device_preloader.bin]
```
Read full flash to filename flash.bin (use --preloader for brom)
```
python mtk rf flash.bin
```
Read flash offset 0x128000 with length 0x200000 to filename flash.bin (use --preloader for brom)
```
python mtk ro 0x128000 0x200000 flash.bin
```
Dump all partitions to directory "out". (use --preloader for brom)
```
python mtk rl out
```
Show gpt (use --preloader for brom)
```
python mtk printgpt
```
### Write flash
(use --preloader for brom)
Write filename boot.bin to boot partition
```
python mtk w boot boot.bin
```
Write filename flash.bin as full flash (currently only works in da mode)
```
python mtk wf flash.bin
```
Write all files in directory "out" to the flash partitions
```
python mtk wl out
```
write file flash.bin to flash offset 0x128000 with length 0x200000 (use --preloader for brom)
```
python mtk wo 0x128000 0x200000 flash.bin
```
### Erase flash
Erase boot partition
```
python mtk e boot
```
Erase boot sectors
```
python mtk es boot [sector count]
```
### DA commands:
Peek memory
```
python mtk da peek [addr in hex] [length in hex] [optional: -filename filename.bin for reading to file]
```
Poke memory
```
python mtk da peek [addr in hex] [data as hexstring or -filename for reading from file]
```
Read rpmb (Only xflash for now)
```
python mtk da rpmb r [will read to rpmb.bin]
```
Write rpmb [Currently broken, xflash only]
```
python mtk da rpmb w filename
```
Generate and display rpmb1-3 key
```
python mtk da generatekeys
```
Unlock / Lock bootloader
```
python mtk da seccfg [lock or unlock]
```
---------------------------------------------------------------------------------------------------------------
### Bypass SLA, DAA and SBC (using generic_patcher_payload)
``
python mtk payload
``
If you want to use SP Flash tool afterwards, make sure you select "UART" in the settings, not "USB".
### Dump preloader
- Device has to be in bootrom mode and preloader has to be intact on the device
```
python mtk dumppreloader [--ptype=["amonet","kamakiri","kamakiri2","hashimoto"]] [--filename=preloader.bin]
```
### Dump brom
- Device has to be in bootrom mod
没有合适的资源?快使用搜索试试~ 我知道了~
mtk芯片全机型解锁平台TFT-MTK-v1.0
共1509个文件
bin:881个
py:224个
pyc:222个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
5星 · 超过95%的资源 12 下载量 105 浏览量
2022-01-19
09:26:04
上传
评论 7
收藏 23.5MB RAR 举报
温馨提示
TFT MTK Module V1.1工具是Windows电脑的小工具。允许用户删除 FRP、小米帐号、Bootloader 重新锁定、解锁等。在该工具中,您可以找到许多用于从 oppo 和 Vivo MediaTek 设备中移除 FRP 或演示的新模型。此外,您只需单击一下即可在元模式下执行修复 IMEI 号码。工具界面非常好,您只需点击几下即可轻松使用和修复您的 mtk 设备。该工具免费提供给所有用户,无需激活或任何互联网连接。 外网软件 简单好使
资源推荐
资源详情
资源评论
收起资源包目录
mtk芯片全机型解锁平台TFT-MTK-v1.0 (1509个子文件)
preloader_yuanda6580_weg_l.bin.AF162DA769 2KB
kill.bat 101B
Command.bat 61B
MTK_AllInOne_DA_5.2136.bin 17.41MB
MTK_AllInOne_DA_5.1824.bin 10.7MB
MTK_AllInOne_DA_5.1420.bin 2.25MB
misc.bin 1024KB
para.bin 512KB
pl.bin 17KB
stage2.bin 16KB
da_x.bin 7KB
preloader_k62v1_64_mex_a32.bin 5KB
preloader_k62v1_64_mexico_jat.bin 5KB
preloader_k62v1_64_mexico.bin 5KB
preloader_vanzo82_cwet_kk.bin 5KB
preloader_k69v1_64.bin 4KB
preloader_k71v1_64_bsp_zteS02.bin 4KB
preloader_magc6570_cweg_m.bin 3KB
preloader_oppo6771_19350_OPPO_A91.bin 3KB
OPPO_A91_preloader_oppo6771_19350.bin 3KB
Reno_2F_preloader_oppo6771.bin 3KB
preloader_oppo6771_18311__.bin 3KB
preloader_oppo6771_A7x_18011.bin 3KB
A7x_preloader_oppo6771_18011.bin 3KB
preloader_oppo6771_18011.bin 3KB
preloader_oppo6771_18311.bin 3KB
preloader_ke5k.bin 3KB
preloader_oppo6771_18311_F9Pro.bin 3KB
preloader_oppo6771_18311_v9.bin 3KB
preloader_yuanda72_cwet_kk.bin 3KB
preloader_oppo6771_17331_F7_010520.bin 3KB
preloader_kd7_h6211.bin 3KB
preloader_k62v1_64_bsp_vivo_y15.bin 3KB
preloader_cd6_camon_16s.bin 3KB
preloader_oppo6769_Nazro_20.bin 3KB
preloader_kd7_h6211_Techno_spark_5.bin 3KB
preloader_k71v1_64_bsp_vivV15.bin 3KB
preloader_x680b_h6215.bin 3KB
preloader_oppo6763_17031_.bin 3KB
preloader_k61v1_64_mexico_amn.bin 3KB
preloader_camon_15_air.bin 3KB
preloader_oppo6771_17061.bin 3KB
preloader_kd7_spark5_pro.bin 3KB
preloader_full_oppo6763_17031.bin 3KB
preloader_k61v1_64_mexico_mrdlx3.bin 2KB
preloader.bin 2KB
preloader_oppo6763_17031.bin 2KB
preloader_oppo6763_17101.bin 2KB
preloader_k62v1_64_mexico_mrd.bin 2KB
preloader_PDA.bin 2KB
preloader_k61v1_64_mexico_mrd.bin 2KB
preloader_cd8_camon15_pro.bin 2KB
preloader_oppo6763_17101_A83_100519.bin 2KB
preloader_k79v1_64_MT6779_Generic.bin 2KB
preloader_cd7_h6214.bin 2KB
preloader_camon_15_cd7.bin 2KB
preloader_k61v1_64_mexico.bin 2KB
OPPO_A3_preloader_oppo6771_17331.bin 2KB
preloader_oppo6771_17331_.bin 2KB
preloader_k61v1_64_mexico_ksa.bin 2KB
preloader_oppo6771_17197.bin 2KB
preloader_ld7_h694.bin 2KB
preloader_ce7_camon_16.bin 2KB
preloader_k62v1_64_bsp_viv1901.bin 2KB
preloader_x692_h694.bin 2KB
preloader_fih_mt6771_64.bin 2KB
preloader_oppo6771_17331.bin 2KB
preloader_oppo6769.bin 2KB
preloader_oppo6785_Realme_7.bin 2KB
preloader_k62v1_64_bsp_zteS02.bin 2KB
preloader_oppo6779_F17_Pro.bin 2KB
preloader_oppo6769_Realme_6i.bin 2KB
0699_preloader_dura_BFE22C5E88.bin 2KB
preloader_dura.bin 2KB
preloader_dura64.bin 2KB
preloader_j7209.bin 2KB
preloader_k62v1_32_bsp_zteF02.bin 2KB
preloader_oppo6779.bin 2KB
preloader_cc6_h627.bin 2KB
preloader_k68v1_64_titan.bin 2KB
preloader_camon_12_air_cc6.bin 2KB
preloader_ke7_spark_6.bin 2KB
preloader_oppo6785.bin 2KB
preloader_muse6762_dh30x_q.bin 2KB
preloader_x683_h694.bin 2KB
preloader_bb4k_spark_4lite.bin 2KB
preloader_ce8_camon_16pro.bin 2KB
0766_preloader_k62v1_64_bsp_45762BFACF.bin 2KB
preloader_yk737_go_wcdma_sm02-24.bin 2KB
preloader_bali.bin 2KB
preloader_bsp_h8025.bin 2KB
preloader_q812_v03_37m_fdd_35g_u50a.bin 2KB
preloader_Hisense_U965_3G_yk737_go_wcdma.bin 2KB
preloader_yk737_go_wcdma_sm02-30.bin 2KB
preloader_nicklaus.bin 2KB
preloader_q812_v03_37m_fdd_35g_u50aplus.bin 2KB
preloader_cro_go.bin 2KB
preloader_e2001v21_v89_jbl1a698_2g.bin 2KB
preloader_oppo6771_18531_F11_PRO.bin 2KB
preloader_cc7_h626.bin 2KB
共 1509 条
- 1
- 2
- 3
- 4
- 5
- 6
- 16
安卓机器
- 粉丝: 5136
- 资源: 688
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
- 1
- 2
- 3
前往页