Mtk-su Failed Critical Init Step 3 👑
setenforce 0
Some devices, like the ZTE Blade A7 Prime, have the fastboot oem unlock commands removed entirely, making permanent rooting impossible regardless of mtk-su’s status. In such cases, even if mtk-su worked, you might still be limited to temporary root only.
The most definitive way to resolve a "step 3" error is to rollback the device's operating system to an earlier version released before March 2020.
This is the most frequent cause. The vulnerability exploited by mtk-su was widely patched in early 2020. If your device's Android security patch level is dated , the vulnerability is likely fixed, and mtk-su will fail. Google had already released a fix in its Android update by March 2020, and many OEMs rolled out patches accordingly. Any firmware update released after March 2020 is bound to block the method used by the tool. The easiest way to check this is to navigate to Settings → About Phone → Android Security Patch Level on your device. If the date is 2020-03-01 or later, mtk-su will almost certainly fail. mtk-su failed critical init step 3
: Manufacturers like Oppo, Vivo, and Amazon updated their device firmware to restrict the /proc or /sys file system reads that the binary uses to find kernel symbol addresses. Direct Diagnostics: Is Your Device Compatible?
(2019 versions and newer) or other MediaTek-based phones where the kernel-level vulnerability used by has been closed. Common Causes & Solutions Patched Firmware
The mtk-su script operates by exploiting vulnerabilities in the MediaTek driver code. The process generally involves three crucial steps: Gaining arbitrary code execution. setenforce 0 Some devices, like the ZTE Blade
Ensure you are using the correct version for your chipset (arm64 vs arm).
The mtk-su tool is a specialized command-line binary developed by developer diplomatic on the XDA Forums . It targets a severe security vulnerability (CVE-2020-0069) found within the kernel drivers of several MediaTek (MTK) ARMv8 chipsets. The vulnerability allows a regular user application to read and write directly to physical memory addresses.
The mtk-easy-su project, which wraps mtk-su in an easy-to-use APK, has reported mixed results across different LG devices. While some models like the LG X Power2 (MT6750) and LG K10 (MT6750) show success, others like the LG K8 (MT6735) fail. This indicates that even among devices from the same manufacturer, the success of mtk-su varies significantly depending on the specific chipset and firmware version. This is the most frequent cause
Make sure BusyBox is installed and properly configured on your device.
In March 2020, Google patched CVE-2020-0069, closing the vulnerability that mtk-su exploited. MediaTek had known about this vulnerability since April 2019, but it took nearly a full year for the fix to be widely distributed. If your device received a security update after March 2020, the CMDQ driver was likely patched, and mtk-su will no longer function.
After disabling SELinux, retry the MTK-SU execution:
If mtk-su failed critical init step 3 appears, continuing with the same tool is impossible unless you change the underlying environment. Use these alternative paths to achieve your goals: Complexity Success Rate Medium (Data Loss) High (If bootloader permits) MediaTek Bypass Utility High (Hard-brick risk) High (For older chipsets) Official Bootloader Unlock Dependent on manufacturer policy Method 1: Firmware Downgrade (Rollback)
: Using a 32-bit binary on a 64-bit system (or vice versa) can lead to initialization errors. Troubleshooting and Fixes