Unbrick Xiaomi MediaTek Devices using MTK Exploit

In this guide, we will show you the steps to unbrick your Xiaomi MediaTek device using MTK Exploit. The devices from Xiaomi have always been among the most active players in custom development. Be it for flashing custom/GSI ROMs, installing a custom recovery like TWRP, or gaining administrative access by rooting your device via Magisk, there’s a lot to look forward to. However, this is just one side of the coin.

Carrying out these tweaks might prove to be risky as well. If not done correctly, then there’s every chance of the device going into a bootloop or getting bricked. If Fastboot Mode is accessible, then you could flash the Fastboot ROM via mi Flash or Fastboot Commands. But what if you cannot even access Fastboot? Well, fret not! Even if that happens, you could still unbrick your Xiaomi by using a nifty MediaTek Exploit. And in this guide, we will show you how to do just that.

What is SP Flash Tool’s SLA and DAA Authentication For MediaTek?

Similar to Qualcomm EDL mode, MediaTek devices have the Download Mode. This mode is used by service center employees to force-flash the firmware onto bricked devices. This flashing was carried out via the SP Flash Tool, a popular name in this MTK domain. Earlier, if any user bricked their MediaTek device, then they could easily flash the firmware via SP Flash Tool by booting their device to Download Mode.

But to prevent the users from carrying out this process, the OEMs began putting “Serial Link Authentication (SLA)” and “Download Agent Authentication (DAA)” in place. As a result, only the people who have the authorized Download Agent or Serial Link programs could carry out this flashing. So who were these people? Well, they are the authorized service center personnel. Hence if you ever bricked your device, you would have no option but to take your device to these centers.

But you could now keep all these issues to rest. Thanks to an exploit, it is now possible to keep both these SLA and DAA flags to false. As a result of which, the tool wouldn’t even check for either of these flags. Hence you will be able to straightway bypass this restriction and flash the firmware on your MTK device booted to Download Mode. And in this guide, we will help you with just that. So without further ado, let’s get started with the guide to unbrick your Xiaomi device via MTK Exploit.

How to Unbrick Xiaomi MediaTek using MTK Exploit

The below process will wipe off all the data from your device, so take a complete device backup beforehand. Droidwin and its members wouldn’t be held responsible in case of a thermonuclear war, your alarm doesn’t wake you up, or if anything happens to your device and data by performing the below steps.

Prerequisite: Download Xiaomi Unbrick Tool

1. To begin with, download and extract the Xiaomi Unbrick Tool to a convenient location on your PC.
2. It contains all the drivers and software that will be used throughout this guide to unbrick your Xiaomi device.

STEP 1: Download Fastboot ROM

1. First and foremost, download the Fastboot ROM for your device.
2. Once downloaded, extract it to any convenient location on your PC.

STEP 2: Install Python

1. To begin with, download Python from its official site.
2. Then double click on its EXE file to launch the setup.
3. Click on the Add Python to Path option situated at the bottom of the menu.
   
4. Then select the Install Now option if you wish to install it in the default location (recommended), which is [XX-XX is the version number]:

   C:\Users\UserName\AppData\Local\Programs\Python\PythonXX-XX

5. Remember this location as it will be used throughout the guide to unbrick your Xiaomi device.

STEP 3: Install Python Dependencies

1. Head over to the installation directory, type in CMD in its address bar, and hit Enter.
2. This shall launch the Command Prompt window.
3. Copy-paste the below command in the CMD window and hit Enter:

   pip install pyusb pyserial json5

   

4. With this, we have installed the required dependencies via the PIP command.

STEP 4: Install CDC_ACM Drivers

1. Head over to the folder where you have extracted the Unbrick Xiaomi Tool.
2. Then go to the Drivers folder, right-click on cdc-adm.inf > Show More Options > Install.
   
3. Wait for the drivers to get installed. Once done, move over to the next step to unbrick your Xiaomi MediaTek device.

STEP 5: Install MediaTek SP Flash Tool Driver

Next up, you will have to install the MediaTek Drivers that are designed specifically for the SP Flash Tool. Here’s how it could be done:

1. Go to the Unbrick Xiaomi Tool folder > MTK Driver folder.
2. Then launch the MTK_Driver_Auto_Installer_SP_Drivers_20160804.exe file.
3. Now proceed with the on-screen instructions to complete the setup.

STEP 6: Download MTK Bypass Utility Tool

1. Download the MTK Bypass Utility software from GitHub.
2. Then extract its content to any convenient location on your PC.
3. Now transfer all these files to the Python installation directory [extremely important].

STEP 7: Install libusb-win32

This library allows the user-space applications to access many USB devices on your Windows PC. This is actually the port of libusb-0.1 under Windows.

1. To begin with, download the libusb-win32 onto your PC.
2. Then double click on the libusb-win32-devel-filter-1.2.6.0 file to launch the setup.
3. Now, follow the on-screen instructions to complete the installation.
4. Once done, it will prompt you to launch the Filter Installer wizard.
5. So select Install a Device Filter and then wait at this device selection screen.

STEP 8: Boot Xiaomi MediaTek Device to Download Mode

The next step to unbrick your Xiaomi device vis MTK Exploit requires your device to be booted to Download Mode. Here’s how it could be done:

1. To begin with, power off your device. Then press the Volume Up button
2. Keeping the button pressed, plug in your device to the PC via USB cable.
3. Your device shall now be booted to Download Mode.
4. You should see it listed as MediaTek USB Port. So select it and hit Install.
5. Do note the timing is extremely important here. You should select MediaTek USB Port and hit Install as quickly as possible before your device is able to boot to the OS.
6. Once you get the “…device filter successfully installed for MediaTek USB port…” message, it signifies that the installation is successful.

STEP 9: Bypass SP Flash Tool SLA DAA Authentication

Make sure that your device is connected to the PC via USB cable and is booted to Download Mode. Likewise, you should have transferred the contents of the MTK Bypass Tool to the Python installation directory. If that’s all well and good, then proceed with the below steps to bypass MediaTek SP Flash Tool SLA and DAA Authentication.

1. Type in CMD in Python’s address bar and hit Enter. This shall launch Command Prompt inside the Python installation directory.
   
2. Now type in the below command to run the main.py python file:

   python main.py

3. As soon as it’s done, you should get “Protection Disabled, Press any key to continue”.

If that doesn’t work out, then here’s another approach that you could try out [this method might require 2-3 takes for successful execution].

1. To begin with, unplug your device from the PC but keep the USB cable plugged into your PC.
2. Then go to the extracted Unbrick Xiaomi Tool folder and launch the 2ND RUN THIS.bat file.
3. You should now get the Waiting for Device message.
4. So press and hold the Volume Up key and connect the other end of the USB cable to your device.
5. Your device will now be recognized and it will show Found Port=COM3.
6. Likewise, it should also show the Protection Disabled message.

STEP 10: Set up SP Flash Tool and Unbrick Xiaomi

1. Go to the Unbrick Xiaomi folder > SP Flash Tool folder and double-click on the flash_tool.exe file to launch the tool.
2. Now click on Choose next to Download Agent and load the DA_6765_6785_6768_6873_6885_6853.bin file present inside the SP Flash Tool folder.
3. After that click Choose next to Authentication File and select the auth_sv5.auth file present in the SP flash tool folder.
4. Then click Choose next to Scatter-loading File, go to the extracted Fastboot ROM Images folder and select the Android_scatter.txt file.
5. After that, change the Download Only Mode to Firmware upgrade.
6. Then go to the Options section and select Connection from the left menu bar (see below image).
7. Now select UART under the Connection Settings and set the Baud Rate to 921600. [Also make sure that the COM port is set to COM3].
   
8. Now close the Options menu and hit the Download button to start the flashing process. It will take time.
9. Once done, you will be greeted with Download OK message. You may now unplug the device and then charge for at least 10-15 minutes.
10. Then press the Power key and will be booted to the OS.

That’s it. These were the steps to unbrick your Xiaomi MediaTek device via MTK Exploit. If you have any queries concerning the aforementioned steps, do let us know in the comments. We will get back to you with a solution at the earliest.

• Bypass MediaTek SP Flash Tool SLA DAA Authentication
• Unbrick Xiaomi: Fix Device Stuck in EDL Mode via QFIL Tool
• Fix Mi Account Authorization | Unbrick Xiaomi | EDL Mode
• The system has been destroyed error on Xiaomi: How to Fix