• Stars
    star
    2,421
  • Rank 19,000 (Top 0.4 %)
  • Language
    PHP
  • Created about 1 year ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community restrictions of BootLoader unlocked account bindings.

Xiaomi HyperOS BootLoader Bypass

Version: 1.0 中文文档 日本語

A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community restrictions of BootLoader unlocked account bindings.

Feel free pull request if you want :)

💘 php-adb

The project proudly uses the php-adb library.

☕ Buy me a Coffee

✨ If you like my projects, you can buy me a coffee at:

⚠️ Warning

After unlocking the BootLoader, you may encounter the following situations:

  • Software or hardware not working properly or even damaged.
  • Loss of data stored in the device.
  • Credit card theft, or other financial loss.

If you're experiencing any of the above, you should take all the responsibility yourself as this is the risk you may encounter when unlocking BootLoader. This obviously does not cover all risks. You've been warned.

  • Warranty lost. Not only the base warranty, but some of the extra extended warranties (such as Mi Care or broken-screen warranty) that you have purchased may also be lost according to the exclusions provided by Xiaomi.
  • Hardware level self-destruct like Samsung Knox. TEE-related features will be permanently damaged. There is no way to restore other than by replacing the motherboard.
  • Functional anomalies after flashing a third-party system due to closed-source kernel source code.
  • Device or account banned by unlocking BootLoader.

If you're experiencing any of the above, consider yourself damned. Ever since Xiaomi restricted unlocking BootLoader, it has been against Xiaomi's 'geek' spirit and even the GPL. Xiaomi's restrictions on BootLoader unlocking are endless, and there's nothing we as developers can do about it.

📲 Unlocking requirements

  • An valid device:

    • A unbanned* Xiaomi, Redmi or POCO device.
    • Your device is running the official version of HyperOS.
    • (Update 2023/11/23) Your device is not forced to verify account qualification by Xiaomi.
  • An valid SIM card:

    • * Except for tablets that cannot use SIM cards.
    • SIM card must not be out of service.
    • SIM card needs to be able to access the internet.
    • Only 2 devices per valid SIM card are allowed to be unlock to a valid SIM card within a three-month period.
  • An valid Xiaomi account:

    • A unbanned* Xiaomi account.
    • Each account can only unlock 1 phone in a month and 3 phones in a year period.
  • You have read and understood the Warning above.

  • * According to the unlocking instructions provided by Xiaomi, it will prohibit some accounts and devices from using the unlocking tool, which is called "risk control".

⚙️ How to use

  1. Download and install PHP 8.0+ for your system from the official website.
  2. Enable OpenSSL and Curl extension in php.ini.
  3. Place adb.php in php-adb to the directory.
  4. Download platform-tools and place them in libraries. Note: Mac OS needs to rename adb to adb-darwin.
  5. Open a terminal and use PHP interpreter to execute the script.
  • p.s. Releases has packaged the required files and click-to-run scripts.
  1. Tap repeatedly on the Settings - About Phone - MIUI Version to enable Development Options.
  2. Enable OEM Unlocking, USB Debugging and USB Debugging (Security Settings) in Settings - Additional Settings - Development Options.
  3. Log in an valid* Xiaomi account.
  4. Connect phone to PC via wired interface.
  5. Check Always allow from this computer and click OK.
  1. Wait and follow the prompts of script.
  2. After successful binding, you can use the official unlock tool to check the time you need to wait.
  3. During the waiting period, please use the device normally, keep the SIM card inserted, do not log out of your account or turn off Find My Phone, and do not re-bind the device until it is successfully unlocked. The device will automatically send HeartBeat packets to the server every once in a while.

📖 Workaround

  • Undergoing maintenance...

🔖 FAQs

  • Q: Why does the unlock tool still remind me to wait 168/360 (or more) hours?

    • A: By principle, this PoC only bypasses the restrictions added for HyperOS. You still need to comply with the restrictions for MIUI.
  • Q: The device shows Couldn't verify, wait a minute or two and try again.

    • A: This is normal, the binding request on the device side has been blocked by our script. The actual binding result is subject to the script prompt.
  • Q: Binding failed with error code 401.

    • A: Your Xiaomi account credentials have expired, you need to log out and log in again in your device.
  • Q: Binding failed with error code 20086.

    • A: Your device credentials have expired, you need to reboot your device.
  • Q: Binding failed with error code 20090 or 20091.

    • A: Device's Security Device Credential Manager function failure, contact after-sales.
  • Q: Binding failed with error code 30001.

    • A: Your device has been forced to verify the account qualification by Xiaomi. Xiaomi lost its 'geek' spirit a long time ago, and there's nothing we can do about it.
  • Q: Binding failed with error code 86015.

    • A: The server has rejected this bind request, please try again.

⚖️ License

No license, you are only allowed to use this project. All copyright (and link, etc.) in this software is not allowed to be deleted or changed without permission. All rights are reserved by MeowCat Studio, Meow Mobile and NekoYuzu.

More Repositories

1

Xiaomi-BootLoader-Questionnaire

小米 BootLoader《解锁资格答题测试》更新记录
2,744
star
2

WSAPackagingTool

Allows you to modify WSA's Msixbundle and redistribute it.
Batchfile
136
star
3

Il2CppMemoryDumper

Dump Il2Cpp unprotected executable ELF and metadata from process memory
Shell
102
star
4

php-adb

Simple wrapper of Android Debug Bridge for PHP
PHP
39
star
5

Magic-Splash-Wand

Tool for unpacking and packaging splash image for Qualcomm & OPlus Qualcomm devices
PHP
33
star
6

libil2cpp

Collection of source code for Unity IL2CPP
29
star
7

FunHouse-F10-MPro-Ice-Lake-Hackintosh

Hackintosh EFI for FunHouse F10 MPro (Ice Lake)
ASL
27
star
8

MlgmXyysd

This... It's me?
24
star
9

kernel-assisted-superuser

Mirror of Kernel-Assisted Superuser
C
24
star
10

DDLC-Plus-Asset-Decrypter

Doki Doki Literature Club Plus Asset Decrypter
PHP
19
star
11

Log-Catcher

Shell
17
star
12

F21ProInjector

Exploit the vulnerability to install arbitrary applications in k61v1 without ROOT
PHP
16
star
13

NoneDisplayCutout

Kill the display cutout
Shell
14
star
14

KFMark-Enabler

A Magisk module called KFMark Enabler.
Shell
13
star
15

SAFTest

PoC for SAF
Java
12
star
16

MusicBox

一个音乐盒插件,可以通过输入乐谱来自动播放对应的曲子,同时可以配置其音色和播放速度等。
JavaScript
11
star
17

GooTool

Gootool for Android
Java
11
star
18

AngryBirdsLevelEditor

愤怒的小鸟关卡编辑器,可用于自制关卡
JavaScript
7
star
19

OnePlus-Report

Bug report or suggestion
6
star
20

MagiskTrustUserCerts

Shell
6
star
21

Bad-Piggies-Progress-Crypto

Bad Piggies Progress.dat Decrypter / Encrypter
PHP
5
star
22

EdXposedManagerR

Java
4
star
23

Magisk-modules-template

Shell
4
star
24

Mirror

A Minecraft Server Core Mirror.
4
star
25

2D-BOY-s-Boy-Framework

A copy of 2D Boy Framework.
C++
3
star
26

Snow.js

Let your page snowing
JavaScript
3
star
27

android_device_htc_rtx

Device configuration for HTC 5G Hub
2
star
28

ADBLib

A Java library implementation of the ADB network protocol
2
star
29

android_device_oneplus_sm8150-common

Shell
2
star
30

RichTap-Preview

Java
2
star
31

Xposed-Dalvik

Shell
2
star
32

MOM-s-Computer

Rewrite World of Goo's level 'MOM's Computer' with HTML5.
JavaScript
2
star
33

OnePlus-6-Beta-Modified

Shell
2
star
34

android_device_oneplus_guacamoleg

Makefile
2
star
35

GlitchedText

ĽřāũáJïuŧsŅtĕþMĹoČnŵiÏkła³ŵę£ŭĽÒ
Java
2
star
36

PopCap-Games-Open-Source

This repo is a backup of PopCap Games open source. The original source is in SourceForge by PopCap Games, Inc.
C
2
star
37

2D-BOY-s-Boy-Framework-Modified

A copy of modified version of 2D Boy Rapid Prototyping Framework.
C++
2
star
38

android_device_oneplus_guacamoles

Makefile
2
star
39

DontTapTheWhiteTile

Don't Tap The White Tile for Minecraft.
Java
1
star
40

MCSCrypto

MeowCat Cryptography Security
1
star
41

android_kernel_xiaomi_baiji

Kernel source for Xiaomi Mi Watch series
1
star
42

Bukkit_Tutorial_Source

Java
1
star
43

tmcraft

Tianmu Server by MeowCat Studio
CSS
1
star
44

test

1
star
45

Signatest

Signatest
Java
1
star
46

Mohist-2.0

Java
1
star
47

MeowPage-MlgmXyysd-Friends

HTML
1
star
48

MusicBeep

C++
1
star
49

Huawei-Honor-4X-Modified

Shell
1
star
50

Teleport

Teleport× MeowEssentials✓
Java
1
star