adb shell setenforce 0 (Note: On stock ROMs, this usually fails without root.) mtk-su supports arguments that can help bypass step 3 failures. Try:
Notice the pattern: Patch date is king. For the technically curious, “step 3” in mtk-su roughly corresponds to the do_root function after the selinux_set_root call. The exploit uses a technique called arbitrary kernel read/write to modify the current task’s credentials ( cred structure). Step 3 fails when the kernel’s commit_creds() function returns an error or when the kernel’s task_struct validation detects an inconsistency—like a UID that doesn’t match expected security capabilities. mtk-su failed critical init step 3
| Device | Chipset | Android | Security Patch | Result | | :--- | :--- | :--- | :--- | :--- | | Xiaomi Redmi Note 8T | MTK Helio G90T | Android 10 | May 2020 | | | Samsung Galaxy A20s | MT6765 | Android 10 | April 2020 | Fails at step 3 | | Tecno Camon 12 | MT6762 | Android 9 | December 2019 | Succeeds | | Motorola Moto E7 | MT6762 | Android 10 | February 2020 | Succeeds | adb shell setenforce 0 (Note: On stock ROMs,
For years, mtk-su has been a lifeline for Android users with devices powered by MediaTek (MTK) chipsets. This powerful command-line tool, developed by XDA Recognized Contributor diplomatic , allows for temporary root access and the exploitation of CVE-2020-0069, a vulnerability in MediaTek’s kernel. However, as Android versions have evolved and security patches have rolled out, users are increasingly encountering a frustrating roadblock: failed critical init step 3 . The exploit uses a technique called arbitrary kernel
If you see this error message in your terminal or command prompt, your exploit attempt has failed. But understanding why this happens is the first step to potentially fixing it—or accepting the limitations of your device.