Skip to content

HarryPottreDev/kaeru

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
bin
bin
 
 
scripts
scripts
 
 
src
src
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

かえる

kaeru is an ARMv7 payload that provides arbitrary code execution on MediaTek bootloaders (LK) with full permissions, initiated post-hardware initialization and before the main LK function (app) execution. For more details about it, visit and read my blog.

Building

Requirements

Linux

The payload needs to be built before injecting it:

git clone git@github.com:R0rt1z2/kaeru.git
cd kaeru
make

Debugging can be enabled by with export KAERU_DEBUG=1.

Injecting

After successfully building the payload, it must be injected into your LK image with the provided script:

python3 inject_payload bin/lk.bin build/payload.bin <payload_address> <caller_address>

Both the payload address and the caller address can be found in common.h.

License

This project is licensed under the GPLv3 license - see the LICENSE file for details.

About

Custom LK payload for MTK devices

blog.r0rt1z2.com/unsigned-code-execution-in-lk-bootloaders.html

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • C 82.1%
  • Python 15.7%
  • Makefile 2.2%