How To Unlock Mediatek Bootloader Using MtkClient Any Device

Unlock Mediatek bootloader using mtkclient

Just some mtk tool for exploitation, reading/writing flash, and doing crazy stuff. For windows, you need to install the stock mtk port and the usbdk driver (see instructions below). For Linux, a patched kernel is only needed when using old kamakiri (see Setup folder) (except for reading/writing to flash).
Once the mtk script is running, boot into Brom mode by powering off the device, press and hold either vol up + power or vol down + power and connect the phone. Once detected by the tool, release the buttons.
How to unlock mediatek bootloader using mtkclient any device


kamakiri [xyzz]
linecode exploit [chimera]
All contributors
This guide will explain how to unlock a Mediatek device’s bootloader using MTKclient. This will come in handy for those who can’t unlock the bootloader using fastboot. This was tested on the LG K51
  • Open the mtkclient folder, right-click the address bar at the top and copy the address
  • 1
  • Launch Command prompt and type cd <space> then paste the address you copied and tap enter
  • Image
  • You’re set to run commands
  • Image 1
    1. Run the following commands –
    2. “python setup.py install”
    3. “pip3 install -r requirements.txt”
    4. Run the data wipe command then connect your device in BROM Mode
    5. “python mtk e metadata,userdata,md_udc”
    6. Run the bootloader unlock command then re-connect your device in BROM Mode
    7. “python mtk xflash seccfg unlock”
    8. Disconnect and boot


    Credits to Warlockguitarman for the groundwork and discovering the exploit (from Chimera), also to the developer of mtkclient for integrating the exploit.

    Important Notice

    How you boot into BROM varies with the device so look it up for your model.
    To re-lock Bootloader wipe seccfg or run

    python mtk xflash seccfg lock

    If you encounter an error using python in commands then try py -3

    MTKClient Version 1.42::

    • Fixed wrong registers for some targets (mt6572,mt6735,mt6768,mt6785,mt8695)
    • Fixed libusb0 backport compatibility issue
    • Improved handshake speed
    • Added basic mt2601 smartwatch support

About the author

Avatar of muhhamd shoaib

Muhhamd Shoaib