-
-
[转帖]Dissecting a MediaTek BootROM exploit
-
发表于: 2021-2-1 17:02 2042
-
Dissecting a MediaTek BootROM exploit
A bricked Xiaomi phone led me to discover a project in Github that uses a MediaTek BootROM exploit that was undocumented. The exploit was found by Xyz, and implemented by Chaosmaster. The initial exploit was already available for quite a while. Since I have managed to revive my phone, I am documenting my journey to revive it and also explains how the exploit works. This exploit allows unsigned code execution, which in turn allows us to read/write any data from our phone.
For professionals: you can just skip to how the BootROM exploit works (spoiler: it is very simple). This guide will try to guide beginners so they can add support for their own phones. I want to show everything but it will violate MediaTek copyright, so I will only snippets of decompilation of the boot ROM.
https://tinyhack.com/2021/01/31/dissecting-a-mediatek-bootrom-exploit/