Samsung meets MediaTek: The story of a small bug chain [pdf]

The MTK platform was widely popular in certain Android modding communities as it was easy to completely rewrite all nonvolatile storage except for the boot ROM, making them effectively &quot;unbrickable&quot;. There was no need to use any exploits specifically to root, as you could just go into BootROM mode by holding down a button while powering on and connect SPFlashTool to modify the system however you want. Now that they&#x27;ve gotten increasingly user-hostile too, these are the bugs that lead to freedom.<p>Related interesting article: <a href="https:&#x2F;&#x2F;tinyhack.com&#x2F;2021&#x2F;01&#x2F;31&#x2F;dissecting-a-mediatek-bootrom-exploit&#x2F;" rel="nofollow">https:&#x2F;&#x2F;tinyhack.com&#x2F;2021&#x2F;01&#x2F;31&#x2F;dissecting-a-mediatek-bootro...</a>

Source: <a href="https:&#x2F;&#x2F;blog.quarkslab.com&#x2F;attacking-the-samsung-galaxy-a-boot-chain.html" rel="nofollow">https:&#x2F;&#x2F;blog.quarkslab.com&#x2F;attacking-the-samsung-galaxy-a-bo...</a> (blog.quarkslab.com&#x2F;attacking-the-samsung-galaxy-a-boot-chain.html)

Lol, I remember when our Linux consultant engineer cleaned up the RockChip RV1109&#x2F;1126 vendor kernel for our custom Linux board, that the only part that he said that he couldn’t get rid off was the RockChip logo on boot.

Previous discussion:<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41919386">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41919386</a>