Kaeru is a powerful tool that provides arbitrary code execution on MediaTek bootloaders. It is designed for devices that use ARMv7-based LK (Little Kernel) bootloaders, regardless of whether the device itself is ARMv7 or ARMv8. This utility gives you full control over the bootloader, enabling extensive customization of the boot process.

You can add your own fastboot commands, remap key combinations, remove those annoying bootloader warnings, and more. It's essentially a gateway into the earliest stages of your device's boot sequence.

Origin

You might be wondering why this project is called kaeru. I'm a bit obsessed with frogs, they're my favorite animals. Kaeru means "frog" in Japanese, and I thought it was a fitting name for a project where you keep jumping between the bootloader and the payload, back and forth, like a frog in motion.

The project began in 2023, inspired by amonet, a powerful two-stage exploit originally developed by xyzz and chaosmaster to unlock Amazon Fire tablets.

Amonet consists of a bootrom payload, which leverages low-level vulnerabilities to gain memory access, and an LK payload, which runs within the bootloader context to patch critical security functions on the fly.

My project, kaeru, specifically draws from the LK stage of amonet where unsigned code is executed to modify memory and bypass restrictions, while dropping the exploit chain entirely in favor of targeting unfused devices that already allow unsigned images to boot.

After two years of development, kaeru was completely rewritten into its current form; cleaner, more generic, and capable of supporting a much wider range of devices.

Continue here

The next page explains which devices are eligible for kaeru and how to check their eligibility.

Continue: Can I use kaeru on my device?