Skip to content

R0rt1z2/kaeru

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

かえる

kaeru is an ARMv7 payload that provides arbitrary code execution on MediaTek bootloaders (LK) with full permissions, initiated post-hardware initialization and before the main LK function (app) execution. For more details about it, visit and read my blog.

Building

Requirements

Linux

The payload needs to be built before injecting it:

git clone [email protected]:R0rt1z2/kaeru.git
cd kaeru
make

Debugging can be enabled by with export KAERU_DEBUG=1.

Injecting

After successfully building the payload, it must be injected into your LK image with the provided script:

python3 inject_payload bin/lk.bin build/payload.bin <payload_address> <caller_address>

Both the payload address and the caller address can be found in common.h.

License

This project is licensed under the GPLv3 license - see the LICENSE file for details.