yes, i know, this question has been asked multiple times, but no one has ever given me a clear answer. I have unlocked xiaomi devices before (alioth w/ miui 14), but when i tried to unlock the bootloader on sapphiren w/ hyperos 2.0, i am extremely confused. I applied in Mi Community, and it said "the quota has been reached, try again 19th january 0:00 bejing time". so i did (yes, in bejing time). And then, it moved to "try again 20th january 0:00 bejing time" and so on. it kept moving forward! can anyone help? i tried every possible exploit, but they all try to install settings for sdk level 34 (android 14), and it doesn't go through because it's a downgrade. help please? i have been in mi community for 700+ days btw.
hyperos 2.0 a15 bl unlock, sapphiren
- Thread starter redminote13_4g_sapphiren
- Start date
once again, i tried today (its 20th january bejing time) AND AGAIN IT MOVED FURTHER! Now it says 21st january bejing time.
zagrobel
Members
- 2 Apr 2024
- 29
- 15
Forcibly Flashing an Unlocked Bootloader Image
In HyperOS 1.0 and 2.0, as shown by paid methods, the bootloader can be unlocked instantly in just 2 minutes without Xiaomi’s approval or authorization. This is done by exposing the USB protocol over IP with the phone in fastboot mode. Users who paid for the service report this method works.
Can someone correct me and explain what I’m misunderstanding? Why wouldn’t this strategy work?:
In HyperOS 1.0 and 2.0, as shown by paid methods, the bootloader can be unlocked instantly in just 2 minutes without Xiaomi’s approval or authorization. This is done by exposing the USB protocol over IP with the phone in fastboot mode. Users who paid for the service report this method works.
Can someone correct me and explain what I’m misunderstanding? Why wouldn’t this strategy work?:
- Put the phone in fastboot mode and enter deep repair mode (Test Point EDL + Xiaomi Auth) to bypass Xiaomi's restrictions. This can be done using online services for about $5 or for free by physically shorting the TestPoint pins.
- Flash boot.img / vendor_boot.img from an already other img unlocked phone into slot B.
- Reboot, which should restore the image in slot A and start the phone with an unlocked bootloader.
- 6 Oct 2016
- 10,313
- 322
And where did you take that info from? Bootloader unlock state isn't stored on boot or vendor_boot. Those images are loaded by the bootloader.
zagrobel
Members
- 2 Apr 2024
- 29
- 15
@Igor Eisberg Is the bootloader status stored in the Devinfo Partition on Xiaomi devices? Have you come across any unofficial documentation for Chinese devices? What prevents secretly intercepting the USB-C to smartphone transmission on the owner's computer during a paid bootloader unlocking attempt?
- 6 Oct 2016
- 10,313
- 322
Doubt anyone has any documentation about that, but definitely not in a partition that gets replaced every ROM update.
In fact it's very likely not stored on any partition. Device information that you can see with "fastboot getvar all" could be stored somewhere else, somewhere persistent, might even be a small, embedded memory chip as part of the SoC.
This might give some hints: https://docs.qualcomm.com/bundle/publicresource/topics/80-70014-4/bootloader.html
These PDFs are a bit old by now, but give some insight anyway:
https://www.qualcomm.com/content/dam/qcomm-martech/dm-assets/documents/qpss22-christopher-wade.pdf
zagrobel
Members
- 2 Apr 2024
- 29
- 15
@Igor Eisberg A public fundraiser could be a good way to incentivize the development of a detailed work bootloader mechanism. The global and European community has significant potential to contribute. Currently, the issue seems confined to GSM forums. Developers working on drivers and automotive systems might have the necessary expertise to analyze Qualcomm processors. Perhaps you could pass this information to the right place to facilitate the fundraiser and set up a dedicated website for the establishment of a reward from an officially available collection. We know very well that Google's restrictions, set to take effect this year, along with Xiaomi's decisions, could kill our community.
Last edited:
- 6 Oct 2016
- 10,313
- 322
You're making 2 assumptions:
1. That I know anyone with the required skills to reverse-engineer and successfully find an exploit in a proprietary bootloader written by highly skilled engineers working for Qualcomm.
2. That a fundraiser would result in a success and not a disappointment, which means a lot of people funding nothing, and if I get involved, people will be blaming me. No, thanks.
zagrobel
Members
- 2 Apr 2024
- 29
- 15
@Igor Eisberg I think I expressed myself poorly and in an unskillful way, that’s my mistake. What I meant was to establish contact with people who are capable of launching an informational website about the initiative. It will include a redirect to a public fundraising campaign handled by well-known platforms. The group will remain completely anonymous, but donors will be visible in the fundraising system. The .eu forum will be limited only to an announcement about the event and nothing more. I don’t expect anything from you—you've put an immense amount of work into the community, and thanks to you, .eu exists in its current form.
It seems that there are no more problems with unlocking the bootloader. After the last update to HyperOs 2, I unlocked it without waiting and without the Mi community app. So far, I have not been able to get permission. Try simply entering developer options and linking the phone to the account. Just run MiUnlock and follow the instructions on the computer.
