×
If you are an Android enthusiast, developer, or a user attempting to gain root access on a MediaTek (MTK) device, you may have encountered the dreaded error message: .
Not all MediaTek devices respond consistently to MTK-SU, even when running vulnerable firmware. The community-reported results show that while many devices worked successfully, others failed completely:
mtk-su is an exploit tool targeting MediaTek devices that uses CVE-2020-0069 to elevate privileges from an unprivileged shell ( $ ) to a fully privileged root shell ( # ). The tool was originally developed by a developer known as "Diplomatic" on the XDA Developers forum. It works by leveraging a vulnerability within the MediaTek Command Queue (CMDQ) driver, which allows a local attacker to achieve arbitrary read/write of physical memory addresses, leading to privilege escalation.
On many modern devices (Android 6.0+), Verified Boot and dm-verity may block the necessary modifications even if the exploit technically "runs". User Experiences & Community Consensus mtk-su failed critical init step 3
Verify your device's architecture before selecting the MTK-SU binary:
Then retry running ./mtk-su . Note that this only works if your kernel was built before the patches were applied, as later kernels will ignore the setenforce 0 command unless compiled with CONFIG_SECURITY_SELINUX_DEVELOP enabled. If SELinux is preventing the exploit from running, this method may resolve the issue.
: Ensure the file is in a directory that allows execution, such as /data/local/tmp , and that you have granted it the necessary 755 permissions via ADB . If you are an Android enthusiast, developer, or
The causes of this error can vary but might include:
Re-open the app, tap the option menu, and verify if a prompt asks to download or update internal assets.
For the uninitiated, this error signals a dead end. But what does it actually mean? Why does it happen on some devices and not others? And most importantly, is there any way around it? The tool was originally developed by a developer
There are more than ten System-on-Chips (SoCs) impacted by this vulnerability, affecting devices running Android versions 7 Nougat, 8 Oreo, or 9 Pie, with Linux Kernel versions 3.18, 4.4, 4.9, or 4.14. MediaTek devices running Android 10 are not vulnerable since "the access permission of CMDQ device nodes is also enforced by SELinux".
The "mtk-su failed critical init step 3" error is a common roadblock in modern Android rooting, primarily due to updated security patches. By ensuring you are using the latest mtk-su binary, utilizing proper adb commands, and verifying your device’s security patch level, you may be able to resolve the issue. If the patch level is too new, your best option is to pursue a permanent bootloader unlock.
Here’s a helpful post for anyone encountering the error. You’re welcome to copy, adapt, or share it.