Everyone in Android Community knows about Rooting and there are a number of people who want to Root their Android. Phones with Snapdragon and Exynos processor have a lot of third-party development, developers post methods to Root these devices but MediaTek and Kirin devices don’t see much development. MediaTek processor is generally used in low-end devices which don’t sell a lot. But MediaTek Processors have a flaw, using which XDA Senior developer diplomatic as created a tool MTK-SU to root MediaTek ARM V8 devices.
Root MediaTek Devices using MTK-SU Tool
It’s a tool created by diplomatic, MTK-SU takes advantage of the weakness in the Chipset software design. It was originally created at helping Amazon Fire HD Tablets and Fire TV gen 2. Amazon ships most of there Amazon Fire Tablets with MediaTek chipsets. But the funny story is, this method works on all the MediaTek’s 64-bit chipsets.
It means we can root all Mediatek V8 chips, it doesn’t matter if the device is Phone, Tablet or TV. So to root a MediaTek device with MTK-SU you don’t even need to unlock your device Bootloader, you can root the devices even when the Bootloader is locked. But the root is temporary and the device is unrooted after reboot.
You may already know that Rooting device voids your warranty. To root you will be using third-party software and tools. Using these tools is at your own risk. No one is responsible for data loss or damage to your device. You should understand and will be solely responsible for your actions. You can go ahead to root the device with confidence and there may be situations where things may go wrong. We have warned about that and ThemeFoxx cannot be held liable for any damage to the device.
Before you proceed with the rooting the device make sure you have a backup of all the important contents of your phone.
Requirements to Root MediaTek devices
- Any device either a phone, tablet or TV box based on Mediatek MT67xx, MT816x or MT817x chipsets.
- A PC with ADB and Fastboot drivers installed to interact with your device and familiarity with ADB and Shell Commands.
- Enable USB debugging and OEM unlock on your device, found in Developer options.
- Make sure the device is charged and have at least 50% of charge before you continue with Root.
Steps to root MediaTek devices
- Download the MTK-SU file from the above download link, if you want the latest version of the tool, check the source link at the bottom of this article.
- Unzip the file and there will be two folders “arm” & “arm64” with an ‘mtk-su’ binary in each folder. Pick one for your device.
- arm: 32-bit userspace on a 64-bit or 32-bit kernel
- arm64: 64-bit kernel and userspace
- Connect your device to ADB and use below command to push mtk-su to your /data/local/tmp folder
adb push path/to/mtk-su /data/local/tmp/
- Next, open adb shell
- Change to your tmp folder
- Add executable permissions to the binary
chmod 755 mtk-su
- Finally, run the below command and make sure your device screen is on and don’t let it go to sleep
This should provide you the root shell. It takes a second or a two second if the program gets stuck more than a few seconds and your device screen is on, Just press Ctrl+C to close it. Run the following command, for verbose print which helps the developer in debugging any problems
The output of the command will be something like this.
P00A_2:/data/local/tmp $ ./mtk-su -v param1: 0x3000, param2: 0x18040, type: 2 Building symbol table kallsyms_addresses pa 0x40bdd500 kallsyms_num_syms 70337, addr_count 70337 kallsyms_names pa 0x40c66d00, size 862960 kallsyms_markers pa 0x40d39800 kallsyms_token_table pa 0x40d3a100 kallsyms_token_index pa 0x40d3a500 Patching credentials init_task VA: 0xffffffc000fa2a20 Potential list_head tasks at offset 0x340 0xffffffc003148340 0xffffffc01d0bb240 0x0000000000008c comm swapper/0 at offset 0x5c0 Found own task_struct at node 0 real_cred VA: 0xffffffc0508b29c0 Parsing sel_read_enforce ffffffc0002fadb4+04: ADRP x0, 0xffffffc001113000 ffffffc0002fadb4+1c: LDR [x0, 404] selinux_enforce VA: 0xffffffc001113194 Setting selinux_enforce Switching selinux to permissive New UID/GID: 0/0 starting /system/bin/sh P00A_2:/data/local/tmp # id uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:shell:s0
Hope this tutorial helped you in root MediaTek V8 chipset devices by using MTK-SU.