Proposal to launch a public fundraiser with a reward for bootloader unlocking documentation

[zagrobel]

I propose and suggest launching an official informational and recruitment crowdfunding website with a paid reward for documenting the mechanism of Xiaomi bootloaders and their communication with servers (including a link to Kickstarter, Indiegogo, GoFundMe, and Patreon). The winner will also be required to publish a sample protocol code on GitHub. This will put an end to paid unlocking and enable software development after future security attempts.

 

[ntlkr]

Doesn't sound like too bad of an idea.

Why don't u do it?

 

[JiaiJ]

An "official" and very public operation to hack Xiaomi servers and Qualcomm / Mediatek software, I don't think it is a great idea.

 

[Igor Eisberg]

An "official" and very public operation to hack Xiaomi servers and Qualcomm / Mediatek software, I don't think it is a great idea.

Indeed, reverse-engineering Qualcomm's bootloader to breach its security can easily be considered piracy.
Whoever attempts this publicly is likely to get in legal trouble with Qualcomm, maybe also with Xiaomi.

 

[zagrobel]

The issue might be solved legally, similar to the case with YouTube Vanced, which violated the license related to decompilation. After changing the approach, official YouTube ReVanced and Extended are now functional. Various IT researchers often appear as experts at public conferences (live events), sharing knowledge about broken or intercepted protocols and software, earning money and gaining fame. No one sues them. nc_unlock has announcements and operates on a large scale (YT, social, etc.).

 

[JiaiJ]

The 2 first examples are completely different from trying to actively benefit from a software vulnerability.

Ncunlock take his own risks.

 

[Igor Eisberg]

nc_unlock has announcements and operates on a large scale (YT, social, etc.).

LMAO... You do realize that him being in Vietnam pretty much makes him untouchable right?

 

[zagrobel]

LMAO... You do realize that him being in Vietnam pretty much makes him untouchable right?

I don't think so. Major tech companies like Xiaomi may have ties to China's Ministry of State Security (MSS). They operate actively in Southeast Asia (Vietnam). Shutting down NCUnlock wouldn’t be an issue. In 2025, Xiaomi was forced by government regulations to tighten restrictions and block bootloader unlocking. To avoid a sales decline or boycott, it’s possible that Xiaomi unofficially tolerates or even benefits from independent groups outside China researching the bootloader protocol and its communication with Mi servers—simply by doing nothing.

@JiaiJ: It is possible to conduct security research in an academic setting or as open IT research, officially analyzing the bootloader's functionality without directly advocating for its bypassing. In this case, the topic can be framed as research on interoperability and software transparency.

 

[JiaiJ]

@JiaiJ: It is possible to conduct security research in an academic setting or as open IT research, officially analyzing the bootloader's functionality without directly advocating for its bypassing. In this case, the topic can be framed as research on interoperability and software transparency.

Yes, it is my point. There are rules, and you would not get to use the results of the research.

 

[zagrobel]

@JiaiJ A community-funded reward can be established to document the bootloader weakness exploited by NCunlock. The discovered vulnerability will be reported to the company. Independent tools for analysis or modification may emerge, for which neither the community nor the company will be held responsible. The legal and technical issues may be resolved this way. The corporation may not respond or make insignificant changes. Their goal is to fulfill Chinese government blocking mandates and boost device sales without hindrance. Let’s help Xiaomi.

 

[JiaiJ]

So the goal would be that the community fund a research to find the vulnerability used by Ncunlock, and if something is found, give Qualcomm and/or Xiaomi 90 days to fix it, and then hope that they don't fix anything, and the Chinese government won't notice ?

 

[zagrobel]

@JiaiJ No. The legal justification for the fundraising is concern for our data (NCUnlock activity). The Chinese government issues regulations, and Xiaomi complies with them. When knowledge is available, no one controls the tools created to bypass it. With knowledge, modifications can be made more quickly. Lack of knowledge = lack of options, as is the case now.

Xiaomi and Qualcomm may not be interested in responding quickly to errors for several reasons (even to ensure backward compatibility), as was visible in their history. China and the mentioned company may achieve nothing in U.S. or possibly European legal cultures.

 

[JiaiJ]

You say no, but I can't see a meaningful difference from what I said.

The strategy fully rely on Xiaomi and Qualcomm doing nothing for months when they were officially provided beforehand with information that may even impact other phone manufacturers, including Google. And that's assuming the research find something in the first place.

If they fix the breach within 90 days, before it is published, all of it would have been for nothing, and you can' start the research again , hoping for another vulnerability.

Good luck then.

 

[zagrobel]

@JiaiJ For many months, the biggest manufacturers (Xiaomi, Qualcomm, Google, Samsung, and others) have known that their bootloaders are vulnerable to the exploit used by NcUnlock officialy. As can be observed, they haven't done anything about it, with no statements or attention given to the issue. I mentioned that, for some reasons, it’s not profitable for them to react.

 

[JiaiJ]

It is not the same to assume that someone is using a breach somewhere in a system with shared responsibilities among companies, and use resources to find it, or, when someone bring you all the details of a proven vulnerability, is ready to show it to the world, and then decide to not do anything about it.

 

[NOSS8]

Ncunlock does not use any exploits, it rents the servers with an authorized account.

 

[zagrobel]

We are not alone - Offici5l will be the next to launch a paid bootloader unlocking service, which he is working on and testing independently through his servers.