MCT MTK bypass tool is a small utility run custom payload to disable Bootrom protection (SLA and DAA), watchdog timer, and the handler for USB control transfer. Methods for exploit Bootrom authentication in Mediatek SOCs targeting the Bootrom as it is loading and verifying the preloader executable. The Bootrom is the immutable first stage in the boot process and serves as the hardware root of trust for the SoC. Many MediaTek mobile and tablet SoCs follow a regular boot process, as shown by the following figure.
Simple and Effective
MCT bypass tool is a Mediatek exploit standalone software that can run without installation procedure (portable). We don't need to bother installing Python and Libusb-win32 to bypass Mediatek authentication. MCT Tool will detect Mediatek USB Port and then disable Bootrom protection. In the next step, we can flash the phone using the SP Flash Tool, UFI, MRT, etc.
MCT Bypass Rev4
MCT Bypass Rev4 has more Mediatek SOC support than previous versions. More and more phone models that we can flash without authentication.
|MT6261||SMART WATCHS & POLYPHONIC PHONES|
|MT6580||ASUS Z00VD, INFINIX HOT 5, INFINIX SMART HD, VIVO Y25, etc|
|MT6582||LG K10, OPPO R1201, OPPO R827, OPPO A33W, VIVO Y11, VIVO Y15, etc|
|MT6735||MEIZU M2, LG K8, LG X POWER, etc|
|MT6737||ASUS X008, MEIZU A5, MEIZU M5C, NOKIA 3, etc|
|MT6739||LG K20, MOTOROLA MOTO E6 PLAY, HUAWEI HONOR 7S, LENOVO A5, ULEFONE POWER 3L, etc|
|MT6755||MEIZU M5 NOTE, LENOVO K5 NOTE, OPPO F1 PLUS, etc|
|MT6757||INFINIX HOT 7 PRO, LENOVO K8, etc|
|MT6761||XIAOMI REDMI 6A, VIVO Y81i, VIVO Y90, NOKIA 2.3, etc|
|MT6763||OUKITEL E3, ULEFONE ARMOR X5, etc|
|MT6765||INFINIX S5 PRO, OPPO A12S, OPPO A11K, OPPO A31, OPPO A35, OPPO A54, OPPO A5S, VIVO Y12S, VIVO Y30, HUAWEI HONOR 8A PRIME, XIAOMI MI PLAY, etc|
► Installing driver... [OKAY] ► Waiting for brom... [FOUND] ● DETECT AS MediaTek USB Port (COM11) ► Configuration port... [OKAY] ► Handshaking... [OKAY] ► Retriving information... [OKAY] ● device hw code: 0x0766 ● device hw sub code: 0x8a00 ● device hw version: 0xca00 ● device sw version: 0x0000 ● sl auth: Yes ● da auth: Yes ► Reading configuration... [OKAY] ► Disabling watchdog timer... [OKAY] ► Disabling protection... [OKAY]