Run cat /proc/sys/kernel/security/lockdown in an ADB shell. If it returns integrity or confidentiality , the kernel is in lockdown mode, which explicitly prevents runtime kernel exploits like mtk-su .
: If your device uses a non-vulnerable chipset (like some newer MT67xx series), the tool will likely continue to fail at this step. permission denied mtk-su (#3) · Issue - GitLab mtk-su failed critical init step 3