kaeru is an ARMv7 payload that provides arbitrary code execution on MediaTek bootloaders (LK) with full permissions, initiated post-hardware initialization and before the main LK function (app) execution. For more details about it, visit and read my blog.
- Python 3
liblk
gcc-arm-none-eabi
The payload needs to be built before injecting it:
git clone [email protected]:R0rt1z2/kaeru.git
cd kaeru
make
Debugging can be enabled by with
export KAERU_DEBUG=1
.
After successfully building the payload, it must be injected into your LK image with the provided script:
python3 inject_payload bin/lk.bin build/payload.bin <payload_address> <caller_address>
Both the payload address and the caller address can be found in
common.h
.
This project is licensed under the GPLv3 license - see the LICENSE
file for details.