r0rt1z2/kaeru
1
0
Fork 0
mirror of https://github.com/R0rt1z2/kaeru.git synced 2026-04-23 02:36:04 +02:00
Code Issues Projects Releases Packages Wiki Activity
ARMv7 payload that provides arbitrary code execution on MediaTek bootloaders
202 commits 1 branch 1 tag 870 KiB
  • C 80.6%
  • C++ 5.2%
  • Python 4.2%
  • Makefile 3.7%
  • Assembly 2.3%
  • Other 4%
Find a file
Exact
Fahad 2676051849
 kaeru: Add support for Infinix Note 12
2026-04-21 12:00:25 +02:00
arch arm: Fix missing icache sync in code patching 2026-04-15 13:27:31 +02:00
board kaeru: Add support for Infinix Note 12 2026-04-21 12:00:25 +02:00
configs kaeru: Add support for Infinix Note 12 2026-04-21 12:00:25 +02:00
drivers drivers: Switch to mmio.h for register access 2026-04-15 12:43:23 +02:00
include arm: Fix missing icache sync in code patching 2026-04-15 13:27:31 +02:00
lib kaeru: Drop old remnants of mt_boot_init hooking 2026-04-21 11:44:55 +02:00
main kaeru: Drop old remnants of mt_boot_init hooking 2026-04-21 11:44:55 +02:00
scripts kconfig: Convert xfgets() to ANSI C function definition 2026-02-07 13:09:49 +01:00
soc soc: Add support for MediaTek MT6889 2026-03-12 15:50:36 +01:00
stage1 arm: Fix missing icache sync in code patching 2026-04-15 13:27:31 +02:00
utils kaeru: Drop old remnants of mt_boot_init hooking 2026-04-21 11:44:55 +02:00
.clang-format kaeru: Initial code upload 2025-05-17 21:32:29 +02:00
.gitattributes kaeru: Add in a minimal .gitattributes 2026-04-13 12:04:50 +02:00
.gitignore kaeru: Add stageone binary to .gitignore 2025-11-27 23:22:38 +01:00
build.sh kaeru: Fix shebangs for bash scripts 2025-12-04 00:45:59 +01:00
docker_run.sh kaeru: Fix shebangs for bash scripts 2025-12-04 00:45:59 +01:00
Dockerfile kaeru: Improve Docker environment 2025-10-17 15:10:21 +02:00
flake.lock kaeru: Add nix development shell 2025-10-27 22:55:46 +01:00
flake.nix kaeru: Add missing python dependency to nix flake 2025-11-27 23:20:08 +01:00
format.sh kaeru: Fix shebangs for bash scripts 2025-12-04 00:45:59 +01:00
Kconfig arch: Refactor cache maintenance APIs 2026-04-11 17:46:21 +02:00
LICENSE kaeru: Initial code upload 2025-05-17 21:32:29 +02:00
Makefile stage1: Exclude unused memory functions 2026-04-15 11:20:30 +02:00
README.md kaeru: Add shomy to the copyright notice 2026-03-02 18:08:24 +01:00
README_ja-JP.md kaeru: Update main copyright dates 2026-02-17 23:16:23 +01:00
setup.sh kaeru: Fix shebangs for bash scripts 2025-12-04 00:45:59 +01:00

README.md

🐸 かえる

Language: 日本語

This repository contains an ARMv7 payload that provides arbitrary code execution on MediaTek bootloaders (LK).

Overview

Caution

If you don't know what you're doing, you can brick your device. This is not a beginner's project. Please READ THE DOCUMENTATION carefully and understand the implications of modifying your bootloader.

Given a bootloader image, this tool will output a patched version that can be flashed to the device. The patched image will contain a custom payload that allows you to run arbitrary code during the boot process.

Things to keep in mind:

  • This payload is designed for devices using an ARMv7 Little Kernel (LK) as their bootloader.
  • Offsets and addresses are specific to the device and bootloader version. You may need to adjust them for your specific device and bootloader version.

The following list showcases the most common use cases for kaeru:

  • Advanced debugging: Use the payload to debug the boot process of your device by hooking into the bootloader's functions and variables.
  • Custom fastboot commands: Add your own fastboot commands to the bootloader.
  • Remap button combinations: You can set up custom boot modes and key combinations to enter different modes (e.g., recovery, fastboot, etc.).
  • Remove bootloader warnings: Remove the "unlocked bootloader" warning that appears when the device is booted with an unlocked bootloader.

... and much more!

Wiki

An elaborate wiki with multiple guides and notes has been provided to help you understand how kaeru works. Please refer to it to learn how to build, add support for a new device, and more:

  1. Table of contents
  2. Introduction
  3. Can I use kaeru on my device?
  4. Porting kaeru to a new device
  5. Customization and kaeru APIs

License

This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).

Key points to be aware of:

  • You are free to use, modify, and distribute the software.
  • If you modify and use the software publicly, you must release your source code.
  • You must retain the same license (AGPL-3.0) when redistributing modified versions.
  • You cannot keep modifications private if the software is used to provide a networked service.

For full details, please refer to the LICENSE file.

Copyright & Developers

Acknowledgments

Linux

Some of the Makefile and build-related scripts were adapted from the Linux kernel source code.

Linux which is licensed under the GNU General Public License v2.

© The Linux Foundation and contributors.

Original source: https://github.com/torvalds/linux

nanoprintf

This project includes nanoprintf, a minimal implementation of printf-style formatting designed for embedded systems.

nanoprintf is dual-licensed under the Unlicense and the Zero-Clause BSD (0BSD).

© 2019 Charles Nicholson.

Original source: https://github.com/charlesnicholson/nanoprintf

libsej

This project includes libsej, a library for interacting with MediaTek's Security Engine (SEJ/HACC) hardware.

libsej is licensed under the GNU General Public License v3.

© 2024 B.Kerler, 2025 Shomy.

Original source: https://github.com/shomykohai/mtk-payloads/tree/main/libsej

Disclaimer

This software is provided "as is" without any warranty of any kind, express or implied. By using this tool, you acknowledge that:

  • Modifying the bootloader or flashing modified images carries a high risk of permanently damaging your device (bricking).
  • You are solely responsible for any consequences resulting from the use, misuse, or inability to use this software.
  • The maintainers and contributors of this project are not liable for any damage, data loss, device malfunction, or legal issues that may arise.
  • This project is intended for educational and research purposes only. It is not intended for illegal or unauthorized use.

Proceed only if you fully understand the risks and implications.