- © Copyright 2025. All Rights Reserved.
The deep benefit of OmniUS is permanently.
Here is the high-level magic:
But what is OmniUS? And why does it matter more than the temporary root exploits of 2016? To understand OmniUS, you have to understand the enemy: TrustZone and Boot Chain authentication .
Most MediaTek and some UniPhier bootloaders have a "preloader" or "DA (Download Agent)" mode. This mode listens for USB vendor commands. The vulnerability allows an attacker to send a specifically crafted USB control transfer that causes the bootloader to jump to a malicious payload loaded over USB RAM— the signature check on the main boot image occurs.
OmniUS changes the game because it exploits a vulnerability in the of the bootloader’s USB recovery stack. What is OmniUS? The Technical Core OmniUS is not a single exploit, but a method of exploiting a Use-After-Free (UAF) or an OOB (Out-of-Bounds) write in the USB download gadget mode.
If you own a device with a MediaTek Dimensity 700, 800, or certain Helio G series chips, you likely have OmniUS access right now. You have the power to strip the carrier bloatware, install a firewall at the kernel level, and run a mainline Linux kernel.
When you use OmniUS to unlock, you aren't just toggling a flag; you are often patching the keystore or sepolicy to allow a custom key to be injected. This means you can run an unsigned kernel.