The MTK platform was widely popular in certain Android modding communities as it was easy to completely rewrite all nonvolatile storage except for the boot ROM, making them effectively "unbrickable". There was no need to use any exploits specifically to root, as you could just go into BootROM mode by holding down a button while powering on and connect SPFlashTool to modify the system however you want. Now that they've gotten increasingly user-hostile too, these are the bugs that lead to freedom.
You could still brick these if you set certain efuses that the BootROM checks.
Also that's how some vendors mitigated the bug discussed in that article you linked, by disabling USB access to BootROM entirely through setting that efuse in a firmware update.
Lol, I remember when our Linux consultant engineer cleaned up the RockChip RV1109/1126 vendor kernel for our custom Linux board, that the only part that he said that he couldn’t get rid off was the RockChip logo on boot.
The MTK platform was widely popular in certain Android modding communities as it was easy to completely rewrite all nonvolatile storage except for the boot ROM, making them effectively "unbrickable". There was no need to use any exploits specifically to root, as you could just go into BootROM mode by holding down a button while powering on and connect SPFlashTool to modify the system however you want. Now that they've gotten increasingly user-hostile too, these are the bugs that lead to freedom.
Related interesting article: https://tinyhack.com/2021/01/31/dissecting-a-mediatek-bootro...
You could still brick these if you set certain efuses that the BootROM checks.
Also that's how some vendors mitigated the bug discussed in that article you linked, by disabling USB access to BootROM entirely through setting that efuse in a firmware update.
Source: https://blog.quarkslab.com/attacking-the-samsung-galaxy-a-bo... (blog.quarkslab.com/attacking-the-samsung-galaxy-a-boot-chain.html)
Lol, I remember when our Linux consultant engineer cleaned up the RockChip RV1109/1126 vendor kernel for our custom Linux board, that the only part that he said that he couldn’t get rid off was the RockChip logo on boot.
Previous discussion:
https://news.ycombinator.com/item?id=41919386