Proposal to launch a public fundraiser with a reward for bootloader unlocking documentation


zagrobel

Members
2 Apr 2024
28
15
I propose and suggest launching an official informational and recruitment crowdfunding website with a paid reward for documenting the mechanism of Xiaomi bootloaders and their communication with servers (including a link to Kickstarter, Indiegogo, GoFundMe, and Patreon). The winner will also be required to publish a sample protocol code on GitHub. This will put an end to paid unlocking and enable software development after future security attempts.
 
An "official" and very public operation to hack Xiaomi servers and Qualcomm / Mediatek software, I don't think it is a great idea.
 
  • Like
Reactions: NXTwoThou
An "official" and very public operation to hack Xiaomi servers and Qualcomm / Mediatek software, I don't think it is a great idea.
Indeed, reverse-engineering Qualcomm's bootloader to breach its security can easily be considered piracy.
Whoever attempts this publicly is likely to get in legal trouble with Qualcomm, maybe also with Xiaomi.
 
  • Like
Reactions: jericho246
The issue might be solved legally, similar to the case with YouTube Vanced, which violated the license related to decompilation. After changing the approach, official YouTube ReVanced and Extended are now functional. Various IT researchers often appear as experts at public conferences (live events), sharing knowledge about broken or intercepted protocols and software, earning money and gaining fame. No one sues them. nc_unlock has announcements and operates on a large scale (YT, social, etc.).
 
Last edited:
The 2 first examples are completely different from trying to actively benefit from a software vulnerability.

Ncunlock take his own risks.
 
LMAO... You do realize that him being in Vietnam pretty much makes him untouchable right?

I don't think so. Major tech companies like Xiaomi may have ties to China's Ministry of State Security (MSS). They operate actively in Southeast Asia (Vietnam). Shutting down NCUnlock wouldn’t be an issue. In 2025, Xiaomi was forced by government regulations to tighten restrictions and block bootloader unlocking. To avoid a sales decline or boycott, it’s possible that Xiaomi unofficially tolerates or even benefits from independent groups outside China researching the bootloader protocol and its communication with Mi servers—simply by doing nothing.

@JiaiJ: It is possible to conduct security research in an academic setting or as open IT research, officially analyzing the bootloader's functionality without directly advocating for its bypassing. In this case, the topic can be framed as research on interoperability and software transparency.
 
Last edited:
@JiaiJ: It is possible to conduct security research in an academic setting or as open IT research, officially analyzing the bootloader's functionality without directly advocating for its bypassing. In this case, the topic can be framed as research on interoperability and software transparency.
Yes, it is my point. There are rules, and you would not get to use the results of the research.
 
@JiaiJ A community-funded reward can be established to document the bootloader weakness exploited by NCunlock. The discovered vulnerability will be reported to the company. Independent tools for analysis or modification may emerge, for which neither the community nor the company will be held responsible. The legal and technical issues may be resolved this way. The corporation may not respond or make insignificant changes. Their goal is to fulfill Chinese government blocking mandates and boost device sales without hindrance. Let’s help Xiaomi.
 
Last edited:
So the goal would be that the community fund a research to find the vulnerability used by Ncunlock, and if something is found, give Qualcomm and/or Xiaomi 90 days to fix it, and then hope that they don't fix anything, and the Chinese government won't notice ?
 
@JiaiJ No. The legal justification for the fundraising is concern for our data (NCUnlock activity). The Chinese government issues regulations, and Xiaomi complies with them. When knowledge is available, no one controls the tools created to bypass it. With knowledge, modifications can be made more quickly. Lack of knowledge = lack of options, as is the case now.

Xiaomi and Qualcomm may not be interested in responding quickly to errors for several reasons (even to ensure backward compatibility), as was visible in their history. China and the mentioned company may achieve nothing in U.S. or possibly European legal cultures.
 
Last edited:
You say no, but I can't see a meaningful difference from what I said.

The strategy fully rely on Xiaomi and Qualcomm doing nothing for months when they were officially provided beforehand with information that may even impact other phone manufacturers, including Google. And that's assuming the research find something in the first place.

If they fix the breach within 90 days, before it is published, all of it would have been for nothing, and you can' start the research again , hoping for another vulnerability.

Good luck then.
 
@JiaiJ For many months, the biggest manufacturers (Xiaomi, Qualcomm, Google, Samsung, and others) have known that their bootloaders are vulnerable to the exploit used by NcUnlock officialy. As can be observed, they haven't done anything about it, with no statements or attention given to the issue. I mentioned that, for some reasons, it’s not profitable for them to react.
 
It is not the same to assume that someone is using a breach somewhere in a system with shared responsibilities among companies, and use resources to find it, or, when someone bring you all the details of a proven vulnerability, is ready to show it to the world, and then decide to not do anything about it.
 
Last edited:
We are not alone - Offici5l will be the next to launch a paid bootloader unlocking service, which he is working on and testing independently through his servers.
 
  • Like
  • Haha
Reactions: moritzn and NOSS8