ββββ ββββββ ββββββ βββ βββ ββββββ ββββββ
βββββ ββββββ ββββββ βββ βββ βββββββββββββββ
ββββββ ββββββ ββββββ βββ βββββββ βββββββββββ
βββββββββββββ ββββββ βββ βββββββ βββββββββββ
βββ ββββββββββββββββββββββββββββββββββ βββββββββ βββ
βββ βββββ βββββββ βββββββββββββββββββ βββββββββ βββ
[ MOBILE SECURITY FRAMEWORK v3.0 | bad-antics ]
π Join discord.gg/killers for encryption keys & firmware unlocks!
- 8 New Manufacturers β Nothing, OPPO, Vivo, Realme, ASUS, ZTE, Fairphone, TCL
- Baseband Exploitation β Shannon/Exynos/Qualcomm modem tools
- eSIM Tools β eUICC provisioning and extraction
- 5G/LTE Security β Band locking, IMSI analysis, carrier unlock
- iOS 17/18 Support β Updated checkm8 toolchain
- Android 14/15 Support β New bypass techniques
- GUI Mode β Optional graphical interface
- Plugin System β Extend with custom modules
curl -sL https://raw.githubusercontent.com/bad-antics/nullkia/main/get-nullkia.sh | bashiwr -useb https://raw.githubusercontent.com/bad-antics/nullkia/main/install.ps1 | iexpkg install git && git clone https://github.com/bad-antics/nullkia && cd nullkia && make termuxdocker run -it --privileged -v /dev/bus/usb:/dev/bus/usb ghcr.io/bad-antics/nullkia:3.0nullkia --gui # Launches graphical interface| Feature | Description |
|---|---|
| π± 18 Manufacturers | Samsung, Apple, Google, OnePlus, Xiaomi, Huawei, Motorola, LG, Sony, Nokia, Nothing, OPPO, Vivo, Realme, ASUS, ZTE, Fairphone, TCL |
| β‘ Device Detection | Auto-detect ADB, Fastboot, EDL, DFU, Download, BROM modes |
| π Bootloader Tools | Unlock bootloaders across all manufacturers |
| π¦ Firmware Utils | Dump, extract, flash, decrypt, and analyze firmware |
| π‘οΈ Security Bypass | Knox, Titan M, TrustZone, TEE research tools |
| π‘ Baseband Tools | Modem exploitation, IMSI extraction, band manipulation |
| πΆ Cellular Security | 5G/LTE analysis, carrier unlock, eSIM tools |
| π§ Unbrick Tools | Recover hard-bricked devices |
| π₯οΈ Cross-Platform | Linux, macOS, Windows, Termux, Docker |
| π¨ GUI Mode | Optional graphical interface |
| π Plugin System | Extend with custom modules |
# Show help
nullkia help
# Launch GUI mode
nullkia --gui
# Scan for connected devices
nullkia device scan
nullkia device info # Detailed device information
# Samsung tools
nullkia samsung knox-bypass
nullkia samsung odin
nullkia samsung frp-bypass
nullkia samsung dump-efs # NEW: Dump EFS partition
# Apple tools (checkm8 devices)
nullkia apple checkm8
nullkia apple dfu
nullkia apple activation # NEW: Activation bypass
nullkia apple icloud # NEW: iCloud tools
# Google Pixel
nullkia google titan-dump # NEW: Titan M research
nullkia google avb-bypass # NEW: AVB bypass
# Baseband/Modem (NEW)
nullkia baseband dump # Dump modem firmware
nullkia baseband shannon # Samsung Shannon exploits
nullkia baseband qualcomm # Qualcomm modem tools
nullkia baseband analyze # Analyze baseband binary
# Cellular/Network (NEW)
nullkia cellular unlock # Carrier unlock
nullkia cellular bands # Band manipulation
nullkia cellular esim # eSIM extraction/provisioning
nullkia cellular imsi # IMSI/IMEI analysis
# Firmware operations
nullkia firmware dump
nullkia firmware flash
nullkia firmware decrypt # NEW: Decrypt firmware
nullkia firmware analyze
nullkia firmware diff # NEW: Compare firmware versions
# Security research
nullkia trustzone dump # NEW: TEE extraction
nullkia bootrom dump # NEW: BootROM extraction
nullkia secure-element # NEW: SE research
# Plugin system (NEW)
nullkia plugin list
nullkia plugin install <name>
nullkia plugin create <name>
# Reboot device
nullkia device reboot fastboot
nullkia device reboot recovery
nullkia device reboot edl
nullkia device reboot brom # NEW: MediaTek BROM mode| Manufacturer | Devices | Features |
|---|---|---|
| Samsung | Galaxy S/Note/A/M/Z series | Knox bypass, ODIN, FRP, EFS dump, Shannon baseband |
| Apple | iPhone 4s β iPhone X (A5-A11) | checkm8, DFU, activation bypass, iCloud tools |
| Pixel 1-9, Tensor | Titan M research, fastboot unlock, AVB bypass | |
| OnePlus | All models | MSM unbrick, OxygenOS tools, Engineering mode |
| Xiaomi | Mi/Redmi/POCO/Black Shark | Mi Unlock bypass, EDL, MIUI flash, Secure boot |
| Manufacturer | Devices | Features |
|---|---|---|
| Huawei | P/Mate/Nova (pre-2020) | HiSuite, bootloader unlock, Kirin tools |
| OPPO | Find/Reno/A series | ColorOS tools, MSM mode, test points |
| Vivo | X/V/Y series | Funtouch tools, fastboot, EDL mode |
| Realme | GT/Number series | Realme UI tools, deep testing |
| Motorola | Edge/G/Razr | Fastboot unlock, RSD Lite |
| Nothing | Phone (1)/(2)/(2a) | Fastboot unlock, Nothing OS tools |
| ASUS | ROG Phone/ZenFone | APX mode, unlock tools |
| Manufacturer | Devices | Features |
|---|---|---|
| Sony | Xperia series | Fastboot unlock, Emma tools |
| LG | Legacy devices | LAF mode, LGUP |
| Nokia | Android devices | Fastboot, OST tools |
| ZTE | Blade/Axon | MiFavor tools, EDL |
| Fairphone | FP3/FP4/FP5 | Fastboot unlock (official) |
| TCL | 10/20/30 series | TCL tools, EDL mode |
| Vendor | Chipsets | Capabilities |
|---|---|---|
| Qualcomm | SDX55, SDX65, X65, X70 | Firmware dump, diag mode, band lock |
| Samsung Shannon | Shannon 5100, 5123, 5300 | EFS dump, IMEI repair, NV extraction |
| MediaTek | Dimensity series | BROM exploit, modem dump |
| Intel/Apple | XMM 7560, 8160 | Legacy iPhone baseband |
| Exynos Modem | Exynos 5G | Research tools |
# Dump modem firmware
nullkia baseband dump --output modem.bin
# Samsung Shannon specific
nullkia baseband shannon --extract-nv
nullkia baseband shannon --patch-imei
# Qualcomm diag mode
nullkia baseband qualcomm --diag-enable
nullkia baseband qualcomm --read-efs
# Band manipulation
nullkia cellular bands --lock "1,3,7,20,28"
nullkia cellular bands --unlock-all
# eSIM operations
nullkia cellular esim --dump-euicc
nullkia cellular esim --list-profiles# Dump TrustZone components
nullkia trustzone dump --output tz_dump/
# Extract secure world binaries
nullkia trustzone extract-ta # Trusted Applications
# Analyze TEE
nullkia trustzone analyze# Dump BootROM (where supported)
nullkia bootrom dump --chipset exynos9825
# Exploit known vulnerabilities
nullkia bootrom exploit --checkm8 # Apple
nullkia bootrom exploit --mtk-brom # MediaTek# SE research (Titan M, Knox, etc.)
nullkia secure-element info
nullkia secure-element dump-attestationnullkia/
βββ install.sh # Linux/macOS installer
βββ install.ps1 # Windows installer
βββ get-nullkia.sh # One-line curl installer
βββ Dockerfile # Docker support
βββ Makefile # Build system
βββ INSTALL.md # Installation guide
β
βββ samsung/ # Samsung/Knox tools
βββ apple/ # iOS/checkm8 tools
βββ google/ # Pixel/Titan M tools
βββ oneplus/ # OnePlus tools
βββ xiaomi/ # Xiaomi/MIUI tools
βββ huawei/ # Huawei/EMUI tools
βββ oppo/ # OPPO/ColorOS tools (NEW)
βββ vivo/ # Vivo/Funtouch tools (NEW)
βββ realme/ # Realme tools (NEW)
βββ motorola/ # Motorola tools
βββ nothing/ # Nothing Phone tools (NEW)
βββ asus/ # ASUS ROG tools (NEW)
βββ lg/ # LG tools
βββ sony/ # Sony tools
βββ nokia/ # Nokia tools
βββ zte/ # ZTE tools (NEW)
βββ fairphone/ # Fairphone tools (NEW)
βββ tcl/ # TCL tools (NEW)
β
βββ baseband/ # Modem/baseband tools (NEW)
βββ cellular/ # 5G/LTE tools (NEW)
βββ trustzone/ # TEE research tools (NEW)
βββ bootrom/ # BootROM tools (NEW)
βββ secure-element/ # SE research (NEW)
β
βββ firmware/ # Firmware utilities
βββ installer/ # Platform installers
βββ plugins/ # Plugin system (NEW)
βββ gui/ # GUI components (NEW)
βββ tools/ # Common utilities
Extend NullKia with custom modules:
# List available plugins
nullkia plugin list
# Install community plugin
nullkia plugin install samsung-advanced
nullkia plugin install mtk-bypass
# Create your own plugin
nullkia plugin create my-pluginplugins/my-plugin/
βββ manifest.json # Plugin metadata
βββ main.py # Entry point
βββ commands/ # CLI commands
βββ lib/ # Supporting code
Launch the graphical interface:
nullkia --guiFeatures:
- Device detection dashboard
- One-click operations
- Firmware browser
- Log viewer
- Theme support (dark/light)
Some features require encryption keys available exclusively on our Discord:
π discord.gg/killers
- Knox bypass keys
- Firmware decryption keys
- EDL firehose loaders
- Bootloader unlock tokens
- Baseband research tools
- eSIM provisioning keys
| Platform | Requirements |
|---|---|
| Linux | adb, fastboot, libusb, python3 |
| macOS | Homebrew, android-platform-tools |
| Windows | USB drivers, PowerShell 5+ |
| Termux | android-tools package |
| Docker | Docker Desktop with USB passthrough |
| GUI | GTK3 or Qt5 |
- Added 8 new manufacturers (Nothing, OPPO, Vivo, Realme, ASUS, ZTE, Fairphone, TCL)
- Baseband exploitation tools (Shannon, Qualcomm, MediaTek)
- eSIM/eUICC tools
- 5G/LTE security analysis
- TrustZone/TEE research tools
- BootROM extraction (where supported)
- Secure Element research
- GUI mode
- Plugin system
- iOS 17/18 support
- Android 14/15 support
- Multi-manufacturer support
- Docker support
- Cross-platform installers
- Initial release
- Samsung, Apple, Google support
This tool is for security research and educational purposes only. Use responsibly and only on devices you own or have explicit permission to test. The authors are not responsible for any misuse or damage.
MIT License - @bad-antics
β Star this repo | π Get Keys | π Report Bug | π± Device Request
Part of the NullSec Linux ecosystem