commit
0f7c90965d
@ -0,0 +1 @@
|
||||
* text eol=lf
|
||||
@ -1,380 +1,380 @@
|
||||
<?php
|
||||
/**
|
||||
*
|
||||
* Copyright (C) 2002-2024 NekoYuzu (MlgmXyysd) All Rights Reserved.
|
||||
* Copyright (C) 2013-2024 MeowCat Studio All Rights Reserved.
|
||||
* Copyright (C) 2020-2024 Meow Mobile All Rights Reserved.
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
*
|
||||
* Xiaomi HyperOS BootLoader Bypass
|
||||
*
|
||||
* https://github.com/MlgmXyysd/Xiaomi-BootLoader-Bypass
|
||||
*
|
||||
* Bypass Xiaomi HyperOS community restrictions of BootLodaer unlock account bind.
|
||||
*
|
||||
* Environment requirement:
|
||||
* - PHP 8.0+
|
||||
* - OpenSSL Extension
|
||||
* - Curl Extension
|
||||
* - ADB
|
||||
*
|
||||
* @author MlgmXyysd
|
||||
* @version 1.0
|
||||
*
|
||||
* All copyright in the software is not allowed to be deleted
|
||||
* or changed without permission.
|
||||
*
|
||||
*/
|
||||
|
||||
/***********************
|
||||
* Configs Start *
|
||||
***********************/
|
||||
|
||||
// Global flag
|
||||
// If you are running a Global ROM (Non-China Mainland), set it to true
|
||||
$useGlobal = false;
|
||||
|
||||
/*********************
|
||||
* Configs End *
|
||||
*********************/
|
||||
|
||||
|
||||
/***************************************
|
||||
* WARNING *
|
||||
* Do NOT modify the codes below *
|
||||
* WARNING *
|
||||
***************************************/
|
||||
|
||||
// Include php-adb library
|
||||
// https://github.com/MlgmXyysd/php-adb
|
||||
|
||||
require_once __DIR__ . DIRECTORY_SEPARATOR . "adb.php";
|
||||
|
||||
use MeowMobile\ADB;
|
||||
|
||||
/*************************
|
||||
* Constants Start *
|
||||
*************************/
|
||||
|
||||
global $api;
|
||||
global $sign_key;
|
||||
global $data_pass;
|
||||
global $data_iv;
|
||||
|
||||
$api = $useGlobal ? "https://unlock.update.intl.miui.com/v1/" : "https://unlock.update.miui.com/v1/";
|
||||
$sign_key = "10f29ff413c89c8de02349cb3eb9a5f510f29ff413c89c8de02349cb3eb9a5f5";
|
||||
$data_pass = "20nr1aobv2xi8ax4";
|
||||
$data_iv = "0102030405060708";
|
||||
|
||||
$version = "1.0";
|
||||
|
||||
/***********************
|
||||
* Constants End *
|
||||
***********************/
|
||||
|
||||
/*************************
|
||||
* Functions Start *
|
||||
*************************/
|
||||
|
||||
/**
|
||||
* Formatted Log
|
||||
* @param $a ADB required ADB instance
|
||||
* @return array List of connected adb devices
|
||||
* @author NekoYuzu (MlgmXyysd)
|
||||
* @date 2022/03/24 14:01:03
|
||||
*/
|
||||
|
||||
function parseDeviceList(ADB $a): array
|
||||
{
|
||||
$s = $a -> refreshDeviceList();
|
||||
$t = array();
|
||||
foreach ($s as $d) {
|
||||
if ($d["status"] === $a::CONNECT_TYPE_DEVICE) {
|
||||
$t[] = array($d["serial"], $d["transport"]);
|
||||
}
|
||||
}
|
||||
return $t;
|
||||
}
|
||||
|
||||
/**
|
||||
* Formatted Log
|
||||
* @param $m string optional Message
|
||||
* @param $c string optional Color
|
||||
* @param $p string optional Indicator
|
||||
* @param $t string optional Type (Level)
|
||||
* @author NekoYuzu (MlgmXyysd)
|
||||
* @date 2022/03/24 14:50:01
|
||||
*/
|
||||
|
||||
function logf(string $m = "", string $c = "", string $p = "-", string $t = "I"): void
|
||||
{
|
||||
switch (strtoupper($c)) {
|
||||
case "G":
|
||||
$c = "\033[32m";
|
||||
break;
|
||||
case "R":
|
||||
$c = "\033[31m";
|
||||
break;
|
||||
case "Y":
|
||||
$c = "\033[33m";
|
||||
break;
|
||||
default:
|
||||
$c = "";
|
||||
}
|
||||
switch (strtoupper($t)) {
|
||||
case "W":
|
||||
$t = "WARN";
|
||||
break;
|
||||
case "E":
|
||||
$t = "ERROR";
|
||||
break;
|
||||
case "I":
|
||||
default:
|
||||
$t = "INFO";
|
||||
}
|
||||
print(date("[Y-m-d] [H:i:s]") . " [" . $t . "] " . $p . " " . $c . $m . "\033[0m" . PHP_EOL);
|
||||
}
|
||||
|
||||
/**
|
||||
* Curl HTTP wrapper function
|
||||
* @param $url string required Target url
|
||||
* @param $method string required Request method
|
||||
* @param $fields array optional Request body
|
||||
* @param $header array optional Request header
|
||||
* @param $useForm bool optional Treat request body as urlencoded form
|
||||
* @return array Curl response
|
||||
* @author NekoYuzu (MlgmXyysd)
|
||||
* @date 2023/11/20 23:50:39
|
||||
*/
|
||||
|
||||
function http(string $url, string $method, array $fields = array(), array $header = array(), bool $useForm = false): array
|
||||
{
|
||||
if ($useForm) {
|
||||
$fields = http_build_query($fields);
|
||||
}
|
||||
$curl = curl_init();
|
||||
curl_setopt_array($curl, array(
|
||||
CURLOPT_URL => $url,
|
||||
CURLOPT_RETURNTRANSFER => true,
|
||||
CURLOPT_ENCODING => "",
|
||||
CURLOPT_SSL_VERIFYPEER => false,
|
||||
CURLOPT_SSL_VERIFYHOST => false,
|
||||
CURLOPT_MAXREDIRS => 10,
|
||||
CURLOPT_CONNECTTIMEOUT => 2,
|
||||
CURLOPT_TIMEOUT => 6,
|
||||
CURLOPT_CUSTOMREQUEST => $method,
|
||||
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
|
||||
CURLOPT_POST => $method == "POST",
|
||||
CURLOPT_POSTFIELDS => $fields,
|
||||
CURLOPT_HTTPHEADER => $header
|
||||
));
|
||||
|
||||
$response = curl_exec($curl);
|
||||
$info = curl_getinfo($curl);
|
||||
$info["errno"] = curl_errno($curl);
|
||||
$info["error"] = curl_error($curl);
|
||||
$info["request"] = json_encode($fields);
|
||||
$info["response"] = $response;
|
||||
curl_close($curl);
|
||||
return $info;
|
||||
}
|
||||
|
||||
/**
|
||||
* HTTP POST wrapper
|
||||
* @param $_api string required Target endpoint
|
||||
* @param $data array optional Request body
|
||||
* @param $header array optional Request header
|
||||
* @param $useForm bool optional Treat request body as urlencoded form
|
||||
* @return array Curl response
|
||||
* @return false Response code is not HTTP 200 OK
|
||||
* @author NekoYuzu (MlgmXyysd)
|
||||
* @date 2023/11/20 23:55:41
|
||||
*/
|
||||
|
||||
function postApi(string $_api, array $data = array(), array $header = array(), bool $useForm = false): array|false
|
||||
{
|
||||
$response = http($GLOBALS["api"] . $_api, "POST", $data, $header, $useForm);
|
||||
if ($response["http_code"] != 200) {
|
||||
return false;
|
||||
}
|
||||
return json_decode($response["response"], true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sign data using HMAC SHA-1
|
||||
* @param $data string required Data to sign
|
||||
* @return string Signed hash
|
||||
* @author NekoYuzu (MlgmXyysd)
|
||||
* @date 2023/11/21 00:20:56
|
||||
*/
|
||||
|
||||
function signData(string $data): string
|
||||
{
|
||||
return strtolower(bin2hex(hash_hmac("sha1", "POST\n/v1/unlock/applyBind\ndata=" . $data . "&sid=miui_sec_android", $GLOBALS["sign_key"], true)));
|
||||
}
|
||||
|
||||
/**
|
||||
* Decrypt data using AES/CBC/PKCS5Padding
|
||||
* @param $data string required Data to decrypt
|
||||
* @return string Decrypted data
|
||||
* @return false Failed to decrypt
|
||||
* @author NekoYuzu (MlgmXyysd)
|
||||
* @date 2023/11/21 00:15:30
|
||||
*/
|
||||
|
||||
function decryptData(string $data): string|false
|
||||
{
|
||||
return openssl_decrypt(base64_decode($data), "AES-128-CBC", $GLOBALS["data_pass"], OPENSSL_RAW_DATA, $GLOBALS["data_iv"]);
|
||||
}
|
||||
|
||||
/***********************
|
||||
* Functions End *
|
||||
***********************/
|
||||
|
||||
/**********************
|
||||
* Banner Start *
|
||||
**********************/
|
||||
|
||||
logf("************************************", "g");
|
||||
logf("* Xiaomi HyperOS BootLoader Bypass *", "g");
|
||||
logf("* By NekoYuzu Version " . $version . " *", "g");
|
||||
logf("************************************", "g");
|
||||
logf("GitHub: https://github.com/MlgmXyysd");
|
||||
logf("XDA: https://xdaforums.com/m/mlgmxyysd.8430637");
|
||||
logf("X (Twitter): https://x.com/realMlgmXyysd");
|
||||
logf("PayPal: https://paypal.me/MlgmXyysd");
|
||||
logf("My Blog: https://www.neko.ink/");
|
||||
logf("************************************", "g");
|
||||
|
||||
/********************
|
||||
* Banner End *
|
||||
********************/
|
||||
|
||||
/********************
|
||||
* Main Logic *
|
||||
********************/
|
||||
|
||||
logf("Starting ADB server...");
|
||||
|
||||
$adb = new ADB(__DIR__ . DIRECTORY_SEPARATOR . "libraries");
|
||||
|
||||
$devices = parseDeviceList($adb);
|
||||
$devices_count = count($devices);
|
||||
|
||||
while ($devices_count != 1) {
|
||||
if ($devices_count == 0) {
|
||||
logf("Waiting for device connection...");
|
||||
} else {
|
||||
logf("Only one device is allowed to connect, disconnect others to continue. Current number of devices: " . $devices_count);
|
||||
}
|
||||
sleep(1);
|
||||
$devices = parseDeviceList($adb);
|
||||
$devices_count = count($devices);
|
||||
}
|
||||
|
||||
$device = $devices[0];
|
||||
$id = $adb -> getDeviceId($device[1], true);
|
||||
logf("Processing device " . $device[0] . "(" . $device[1] . ")...");
|
||||
|
||||
$adb -> clearLogcat($id);
|
||||
$adb -> runAdb($id . "shell svc data enable");
|
||||
|
||||
logf("Finding BootLoader unlock bind request...");
|
||||
|
||||
$focus = $adb -> getCurrentActivity();
|
||||
if ($focus[0] != "com.android.settings") {
|
||||
if ($focus[0] != "NotificationShade") {
|
||||
$adb -> runAdb($id . "shell am start -a android.settings.APPLICATION_DEVELOPMENT_SETTINGS");
|
||||
}
|
||||
} else {
|
||||
if ($focus[1] != "com.android.settings.bootloader.BootloaderStatusActivity") {
|
||||
$adb -> runAdb($id . "shell am start -a android.settings.APPLICATION_DEVELOPMENT_SETTINGS");
|
||||
}
|
||||
}
|
||||
logf("Now you can bind account in the developer options.", "y", "*");
|
||||
|
||||
$args = $headers = null;
|
||||
|
||||
$process = proc_open($adb -> bin . " " . $id . "logcat *:S CloudDeviceStatus:V", array(
|
||||
1 => ["pipe", "w"]
|
||||
), $pipes);
|
||||
|
||||
if (is_resource($process)) {
|
||||
while (!feof($pipes[1])) {
|
||||
$output = fgets($pipes[1]);
|
||||
|
||||
if (str_contains($output, "CloudDeviceStatus: args:")) {
|
||||
if (preg_match("/args:(.*)/", $output, $matches)) {
|
||||
$args = trim($matches[1]);
|
||||
}
|
||||
$adb -> runAdb($id . "shell svc data disable");
|
||||
}
|
||||
|
||||
if (str_contains($output, "CloudDeviceStatus: headers:")) {
|
||||
if (preg_match("/headers:(.*)/", $output, $matches)) {
|
||||
$headers = trim($matches[1]);
|
||||
}
|
||||
logf("Account bind request found! Let's block it.");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
fclose($pipes[1]);
|
||||
}
|
||||
|
||||
logf("Refactoring parameters...");
|
||||
|
||||
$data = json_decode(decryptData($args), true);
|
||||
|
||||
// V816 is the special identity for HyperOS in MIUI version
|
||||
$data["rom_version"] = str_replace("V816", "V14", $data["rom_version"]);
|
||||
|
||||
$data = json_encode($data);
|
||||
$sign = signData($data);
|
||||
|
||||
$headers = decryptData($headers);
|
||||
$cookies = null;
|
||||
if (preg_match("/Cookie=\[(.*)\]/", $headers, $matches)) {
|
||||
$cookies = trim($matches[1]);
|
||||
}
|
||||
|
||||
logf("Sending POST request...");
|
||||
$res = postApi("unlock/applyBind", array(
|
||||
"data" => $data,
|
||||
"sid" => "miui_sec_android",
|
||||
"sign" => $sign
|
||||
), array(
|
||||
"Cookie: " . $cookies,
|
||||
"Content-Type: application/x-www-form-urlencoded"
|
||||
), true);
|
||||
|
||||
$adb -> runAdb($id . "shell svc data enable");
|
||||
|
||||
if (!$res) {
|
||||
logf("Fail to send request, check your internet connection.", "r", "!");
|
||||
exit();
|
||||
}
|
||||
|
||||
switch ($res["code"]) {
|
||||
case 0:
|
||||
logf("Target account: " . $res["data"]["userId"], "g");
|
||||
logf("Account bound successfully, wait time can be viewed in the unlock tool.", "g");
|
||||
break;
|
||||
case 401:
|
||||
logf("Account credentials have expired, re-login to your account in your phone. (401)", "y");
|
||||
break;
|
||||
case 20086:
|
||||
logf("Device credentials expired. (20086)", "y");
|
||||
break;
|
||||
case 30001:
|
||||
logf("Binding failed, this device has been forced to verify the account qualification by Xiaomi. (30001)", "y");
|
||||
break;
|
||||
case 86015:
|
||||
logf("Fail to bind account, invalid device signature. (86015)", "y");
|
||||
break;
|
||||
default:
|
||||
logf($res["descEN"] . " (" . $res["code"] . ")", "y");
|
||||
}
|
||||
<?php
|
||||
/**
|
||||
*
|
||||
* Copyright (C) 2002-2024 NekoYuzu (MlgmXyysd) All Rights Reserved.
|
||||
* Copyright (C) 2013-2024 MeowCat Studio All Rights Reserved.
|
||||
* Copyright (C) 2020-2024 Meow Mobile All Rights Reserved.
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
*
|
||||
* Xiaomi HyperOS BootLoader Bypass
|
||||
*
|
||||
* https://github.com/MlgmXyysd/Xiaomi-BootLoader-Bypass
|
||||
*
|
||||
* Bypass Xiaomi HyperOS community restrictions of BootLodaer unlock account bind.
|
||||
*
|
||||
* Environment requirement:
|
||||
* - PHP 8.0+
|
||||
* - OpenSSL Extension
|
||||
* - Curl Extension
|
||||
* - ADB
|
||||
*
|
||||
* @author MlgmXyysd
|
||||
* @version 1.0
|
||||
*
|
||||
* All copyright in the software is not allowed to be deleted
|
||||
* or changed without permission.
|
||||
*
|
||||
*/
|
||||
|
||||
/***********************
|
||||
* Configs Start *
|
||||
***********************/
|
||||
|
||||
// Global flag
|
||||
// If you are running a Global ROM (Non-China Mainland), set it to true
|
||||
$useGlobal = false;
|
||||
|
||||
/*********************
|
||||
* Configs End *
|
||||
*********************/
|
||||
|
||||
|
||||
/***************************************
|
||||
* WARNING *
|
||||
* Do NOT modify the codes below *
|
||||
* WARNING *
|
||||
***************************************/
|
||||
|
||||
// Include php-adb library
|
||||
// https://github.com/MlgmXyysd/php-adb
|
||||
|
||||
require_once __DIR__ . DIRECTORY_SEPARATOR . "adb.php";
|
||||
|
||||
use MeowMobile\ADB;
|
||||
|
||||
/*************************
|
||||
* Constants Start *
|
||||
*************************/
|
||||
|
||||
global $api;
|
||||
global $sign_key;
|
||||
global $data_pass;
|
||||
global $data_iv;
|
||||
|
||||
$api = $useGlobal ? "https://unlock.update.intl.miui.com/v1/" : "https://unlock.update.miui.com/v1/";
|
||||
$sign_key = "10f29ff413c89c8de02349cb3eb9a5f510f29ff413c89c8de02349cb3eb9a5f5";
|
||||
$data_pass = "20nr1aobv2xi8ax4";
|
||||
$data_iv = "0102030405060708";
|
||||
|
||||
$version = "1.0";
|
||||
|
||||
/***********************
|
||||
* Constants End *
|
||||
***********************/
|
||||
|
||||
/*************************
|
||||
* Functions Start *
|
||||
*************************/
|
||||
|
||||
/**
|
||||
* Formatted Log
|
||||
* @param $a ADB required ADB instance
|
||||
* @return array List of connected adb devices
|
||||
* @author NekoYuzu (MlgmXyysd)
|
||||
* @date 2022/03/24 14:01:03
|
||||
*/
|
||||
|
||||
function parseDeviceList(ADB $a): array
|
||||
{
|
||||
$s = $a -> refreshDeviceList();
|
||||
$t = array();
|
||||
foreach ($s as $d) {
|
||||
if ($d["status"] === $a::CONNECT_TYPE_DEVICE) {
|
||||
$t[] = array($d["serial"], $d["transport"]);
|
||||
}
|
||||
}
|
||||
return $t;
|
||||
}
|
||||
|
||||
/**
|
||||
* Formatted Log
|
||||
* @param $m string optional Message
|
||||
* @param $c string optional Color
|
||||
* @param $p string optional Indicator
|
||||
* @param $t string optional Type (Level)
|
||||
* @author NekoYuzu (MlgmXyysd)
|
||||
* @date 2022/03/24 14:50:01
|
||||
*/
|
||||
|
||||
function logf(string $m = "", string $c = "", string $p = "-", string $t = "I"): void
|
||||
{
|
||||
switch (strtoupper($c)) {
|
||||
case "G":
|
||||
$c = "\033[32m";
|
||||
break;
|
||||
case "R":
|
||||
$c = "\033[31m";
|
||||
break;
|
||||
case "Y":
|
||||
$c = "\033[33m";
|
||||
break;
|
||||
default:
|
||||
$c = "";
|
||||
}
|
||||
switch (strtoupper($t)) {
|
||||
case "W":
|
||||
$t = "WARN";
|
||||
break;
|
||||
case "E":
|
||||
$t = "ERROR";
|
||||
break;
|
||||
case "I":
|
||||
default:
|
||||
$t = "INFO";
|
||||
}
|
||||
print(date("[Y-m-d] [H:i:s]") . " [" . $t . "] " . $p . " " . $c . $m . "\033[0m" . PHP_EOL);
|
||||
}
|
||||
|
||||
/**
|
||||
* Curl HTTP wrapper function
|
||||
* @param $url string required Target url
|
||||
* @param $method string required Request method
|
||||
* @param $fields array optional Request body
|
||||
* @param $header array optional Request header
|
||||
* @param $useForm bool optional Treat request body as urlencoded form
|
||||
* @return array Curl response
|
||||
* @author NekoYuzu (MlgmXyysd)
|
||||
* @date 2023/11/20 23:50:39
|
||||
*/
|
||||
|
||||
function http(string $url, string $method, array $fields = array(), array $header = array(), bool $useForm = false): array
|
||||
{
|
||||
if ($useForm) {
|
||||
$fields = http_build_query($fields);
|
||||
}
|
||||
$curl = curl_init();
|
||||
curl_setopt_array($curl, array(
|
||||
CURLOPT_URL => $url,
|
||||
CURLOPT_RETURNTRANSFER => true,
|
||||
CURLOPT_ENCODING => "",
|
||||
CURLOPT_SSL_VERIFYPEER => false,
|
||||
CURLOPT_SSL_VERIFYHOST => false,
|
||||
CURLOPT_MAXREDIRS => 10,
|
||||
CURLOPT_CONNECTTIMEOUT => 2,
|
||||
CURLOPT_TIMEOUT => 6,
|
||||
CURLOPT_CUSTOMREQUEST => $method,
|
||||
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
|
||||
CURLOPT_POST => $method == "POST",
|
||||
CURLOPT_POSTFIELDS => $fields,
|
||||
CURLOPT_HTTPHEADER => $header
|
||||
));
|
||||
|
||||
$response = curl_exec($curl);
|
||||
$info = curl_getinfo($curl);
|
||||
$info["errno"] = curl_errno($curl);
|
||||
$info["error"] = curl_error($curl);
|
||||
$info["request"] = json_encode($fields);
|
||||
$info["response"] = $response;
|
||||
curl_close($curl);
|
||||
return $info;
|
||||
}
|
||||
|
||||
/**
|
||||
* HTTP POST wrapper
|
||||
* @param $_api string required Target endpoint
|
||||
* @param $data array optional Request body
|
||||
* @param $header array optional Request header
|
||||
* @param $useForm bool optional Treat request body as urlencoded form
|
||||
* @return array Curl response
|
||||
* @return false Response code is not HTTP 200 OK
|
||||
* @author NekoYuzu (MlgmXyysd)
|
||||
* @date 2023/11/20 23:55:41
|
||||
*/
|
||||
|
||||
function postApi(string $_api, array $data = array(), array $header = array(), bool $useForm = false): array|false
|
||||
{
|
||||
$response = http($GLOBALS["api"] . $_api, "POST", $data, $header, $useForm);
|
||||
if ($response["http_code"] != 200) {
|
||||
return false;
|
||||
}
|
||||
return json_decode($response["response"], true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sign data using HMAC SHA-1
|
||||
* @param $data string required Data to sign
|
||||
* @return string Signed hash
|
||||
* @author NekoYuzu (MlgmXyysd)
|
||||
* @date 2023/11/21 00:20:56
|
||||
*/
|
||||
|
||||
function signData(string $data): string
|
||||
{
|
||||
return strtolower(bin2hex(hash_hmac("sha1", "POST\n/v1/unlock/applyBind\ndata=" . $data . "&sid=miui_sec_android", $GLOBALS["sign_key"], true)));
|
||||
}
|
||||
|
||||
/**
|
||||
* Decrypt data using AES/CBC/PKCS5Padding
|
||||
* @param $data string required Data to decrypt
|
||||
* @return string Decrypted data
|
||||
* @return false Failed to decrypt
|
||||
* @author NekoYuzu (MlgmXyysd)
|
||||
* @date 2023/11/21 00:15:30
|
||||
*/
|
||||
|
||||
function decryptData(string $data): string|false
|
||||
{
|
||||
return openssl_decrypt(base64_decode($data), "AES-128-CBC", $GLOBALS["data_pass"], OPENSSL_RAW_DATA, $GLOBALS["data_iv"]);
|
||||
}
|
||||
|
||||
/***********************
|
||||
* Functions End *
|
||||
***********************/
|
||||
|
||||
/**********************
|
||||
* Banner Start *
|
||||
**********************/
|
||||
|
||||
logf("************************************", "g");
|
||||
logf("* Xiaomi HyperOS BootLoader Bypass *", "g");
|
||||
logf("* By NekoYuzu Version " . $version . " *", "g");
|
||||
logf("************************************", "g");
|
||||
logf("GitHub: https://github.com/MlgmXyysd");
|
||||
logf("XDA: https://xdaforums.com/m/mlgmxyysd.8430637");
|
||||
logf("X (Twitter): https://x.com/realMlgmXyysd");
|
||||
logf("PayPal: https://paypal.me/MlgmXyysd");
|
||||
logf("My Blog: https://www.neko.ink/");
|
||||
logf("************************************", "g");
|
||||
|
||||
/********************
|
||||
* Banner End *
|
||||
********************/
|
||||
|
||||
/********************
|
||||
* Main Logic *
|
||||
********************/
|
||||
|
||||
logf("Starting ADB server...");
|
||||
|
||||
$adb = new ADB(__DIR__ . DIRECTORY_SEPARATOR . "libraries");
|
||||
|
||||
$devices = parseDeviceList($adb);
|
||||
$devices_count = count($devices);
|
||||
|
||||
while ($devices_count != 1) {
|
||||
if ($devices_count == 0) {
|
||||
logf("Waiting for device connection...");
|
||||
} else {
|
||||
logf("Only one device is allowed to connect, disconnect others to continue. Current number of devices: " . $devices_count);
|
||||
}
|
||||
sleep(1);
|
||||
$devices = parseDeviceList($adb);
|
||||
$devices_count = count($devices);
|
||||
}
|
||||
|
||||
$device = $devices[0];
|
||||
$id = $adb -> getDeviceId($device[1], true);
|
||||
logf("Processing device " . $device[0] . "(" . $device[1] . ")...");
|
||||
|
||||
$adb -> clearLogcat($id);
|
||||
$adb -> runAdb($id . "shell svc data enable");
|
||||
|
||||
logf("Finding BootLoader unlock bind request...");
|
||||
|
||||
$focus = $adb -> getCurrentActivity();
|
||||
if ($focus[0] != "com.android.settings") {
|
||||
if ($focus[0] != "NotificationShade") {
|
||||
$adb -> runAdb($id . "shell am start -a android.settings.APPLICATION_DEVELOPMENT_SETTINGS");
|
||||
}
|
||||
} else {
|
||||
if ($focus[1] != "com.android.settings.bootloader.BootloaderStatusActivity") {
|
||||
$adb -> runAdb($id . "shell am start -a android.settings.APPLICATION_DEVELOPMENT_SETTINGS");
|
||||
}
|
||||
}
|
||||
logf("Now you can bind account in the developer options.", "y", "*");
|
||||
|
||||
$args = $headers = null;
|
||||
|
||||
$process = proc_open($adb -> bin . " " . $id . "logcat *:S CloudDeviceStatus:V", array(
|
||||
1 => ["pipe", "w"]
|
||||
), $pipes);
|
||||
|
||||
if (is_resource($process)) {
|
||||
while (!feof($pipes[1])) {
|
||||
$output = fgets($pipes[1]);
|
||||
|
||||
if (str_contains($output, "CloudDeviceStatus: args:")) {
|
||||
if (preg_match("/args:(.*)/", $output, $matches)) {
|
||||
$args = trim($matches[1]);
|
||||
}
|
||||
$adb -> runAdb($id . "shell svc data disable");
|
||||
}
|
||||
|
||||
if (str_contains($output, "CloudDeviceStatus: headers:")) {
|
||||
if (preg_match("/headers:(.*)/", $output, $matches)) {
|
||||
$headers = trim($matches[1]);
|
||||
}
|
||||
logf("Account bind request found! Let's block it.");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
fclose($pipes[1]);
|
||||
}
|
||||
|
||||
logf("Refactoring parameters...");
|
||||
|
||||
$data = json_decode(decryptData($args), true);
|
||||
|
||||
// V816 is the special identity for HyperOS in MIUI version
|
||||
$data["rom_version"] = str_replace("V816", "V14", $data["rom_version"]);
|
||||
|
||||
$data = json_encode($data);
|
||||
$sign = signData($data);
|
||||
|
||||
$headers = decryptData($headers);
|
||||
$cookies = null;
|
||||
if (preg_match("/Cookie=\[(.*)\]/", $headers, $matches)) {
|
||||
$cookies = trim($matches[1]);
|
||||
}
|
||||
|
||||
logf("Sending POST request...");
|
||||
$res = postApi("unlock/applyBind", array(
|
||||
"data" => $data,
|
||||
"sid" => "miui_sec_android",
|
||||
"sign" => $sign
|
||||
), array(
|
||||
"Cookie: " . $cookies,
|
||||
"Content-Type: application/x-www-form-urlencoded"
|
||||
), true);
|
||||
|
||||
$adb -> runAdb($id . "shell svc data enable");
|
||||
|
||||
if (!$res) {
|
||||
logf("Fail to send request, check your internet connection.", "r", "!");
|
||||
exit();
|
||||
}
|
||||
|
||||
switch ($res["code"]) {
|
||||
case 0:
|
||||
logf("Target account: " . $res["data"]["userId"], "g");
|
||||
logf("Account bound successfully, wait time can be viewed in the unlock tool.", "g");
|
||||
break;
|
||||
case 401:
|
||||
logf("Account credentials have expired, re-login to your account in your phone. (401)", "y");
|
||||
break;
|
||||
case 20086:
|
||||
logf("Device credentials expired. (20086)", "y");
|
||||
break;
|
||||
case 30001:
|
||||
logf("Binding failed, this device has been forced to verify the account qualification by Xiaomi. (30001)", "y");
|
||||
break;
|
||||
case 86015:
|
||||
logf("Fail to bind account, invalid device signature. (86015)", "y");
|
||||
break;
|
||||
default:
|
||||
logf($res["descEN"] . " (" . $res["code"] . ")", "y");
|
||||
}
|
||||
|
||||
@ -0,0 +1,119 @@
|
||||
# Xiaomi HyperOS BootLoader Bypass
|
||||
|
||||
 [](README.md) [](README-zh.md)
|
||||
|
||||
脆弱性を悪用し、コミュニティレベルのアカウントバインド制限をバイパスして、Xiaomi HyperOS の BootLoader のロックを解除できる PoC。
|
||||
|
||||
Pull reqeust で このプロジェクトの改善を提案できます :)
|
||||
|
||||
## 💘 php-adb
|
||||
|
||||
このプロジェクトでは [php-adb](https://github.com/MlgmXyysd/php-adb) ライブラリを使用しています。
|
||||
|
||||
## ☕ コーヒーを奢る
|
||||
|
||||
✨ このプロジェクトが気に入ったら、以下の方法でコーヒーを奢ってください:
|
||||
|
||||
- [AFDIAN](https://afdian.net/@MlgmXyysd)
|
||||
- [PayPal](https://paypal.me/MlgmXyysd)
|
||||
- [Patreon](https://www.patreon.com/MlgmXyysd)
|
||||
|
||||
## ⚠️ 警告
|
||||
|
||||
BootLoader のロックを解除した後、以下の問題が発生する可能性があります:
|
||||
|
||||
- ソフトウェアの異常動作/ハードウェアの損傷
|
||||
- デバイスに保存されているデータの損失
|
||||
- クレジットカードの盗難、またはその他の経済的損失
|
||||
|
||||
上記のいずれかが発生した場合は、BootLoader のロックを解除する際に発生する可能性があるリスクであるため、すべての責任は自分で負う必要があります。
|
||||
これは明らかにすべてのリスクを保障するものではありません。**警告しましたからね**。
|
||||
|
||||
- 保証適用外
|
||||
基本保証だけでなく、購入した追加の延長保証の一部 (Mi Care や画面破損の保証など) も、Xiaomi が提供する除外規定に従って失われる可能性があります。
|
||||
- TEE 関連の機能は永久に使用不可能です。
|
||||
Samsung Knox のようにハードウェア レベルで自己破壊するため、マザーボードを交換する以外に復旧方法はありません。
|
||||
- ソースコード非公開のカーネルが原因で、サードパーティ システムをフラッシュした後の機能異常
|
||||
- BootLoader のロックを解除すると、デバイスまたはアカウントが BAN されます。
|
||||
|
||||
上記のいずれかが発生した場合は、運が悪いと思ってください。
|
||||
Xiaomi が BootLoader のロック解除を制限して以来、Xiaomi の「オタク」精神、さらには GPL にも違反しています。
|
||||
BootLoader のロック解除に対する Xiaomi の制限は無限であり、開発者としてそれに対してできることは何もありません。
|
||||
|
||||
## 📲 アンロック要件
|
||||
|
||||
- 対象デバイス:
|
||||
- BAN されていない(※) Xiaomi、Redmi、または POCO デバイス
|
||||
- デバイスが HyperOS の公式バージョンを実行している
|
||||
- (2023/11/23 に追記) デバイスは Xiaomi によってアカウントの資格確認を強制されない
|
||||
- 有効な SIM カード:
|
||||
- SIM カードが使用できないタブレットを除く(※)
|
||||
- SIM カードのサービスが使用不能になっていない
|
||||
- SIM カードはモバイルネットワークにアクセスできる
|
||||
- 有効な SIM カード毎に、3か月以内に 2台のデバイスのロックを解除できます。
|
||||
- 有効な Xiaomi アカウント
|
||||
- BAN されていない(※) Xiaomi アカウント
|
||||
- 各アカウントでロックを解除できるのは、1ヶ月で1台、1年で3台のみです。
|
||||
- 上記の [警告](#%EF%B8%8F-警告) を読み、理解したものとします。
|
||||
|
||||
- ※ Xiaomi が提供するロック解除手順によると、特定のアカウントとデバイスはロック解除ツールの使用を禁止されます。これは「リスク管理」と呼ばれています。
|
||||
|
||||
## ⚙️ 使用方法
|
||||
1. [公式サイト](https://www.php.net/downloads) からシステムに PHP 8.0+ をダウンロードしてインストールします。
|
||||
2. `php.ini` で OpenSSL と Curl 拡張機能を有効にします。
|
||||
3. [php-adb](https://github.com/MlgmXyysd/php-adb) の `adb.php` をディレクトリに配置します。
|
||||
4. [platform-tools](https://developer.android.com/studio/releases/platform-tools?hl=ja#downloads) をダウンロードして`libraries` に展開します。
|
||||
※注意: Mac OS では、`adb` の名前を `adb-darwin` に変更する必要があります。
|
||||
5. ターミナルを開き、PHP インタープリターを使用して[スクリプト](../bypass.php)を実行します。
|
||||
|
||||
- P.S. [Releases](https://github.com/MlgmXyysd/Xiaomi-HyperOS-BootLoader-Bypass/releases/latest) には、必要なファイルとクイック実行スクリプトが同梱されています。
|
||||
|
||||
6. `設定`→`デバイス情報`→`MIUIバージョン`を7回以上連続でタッチして`開発者向けオプション`を有効にします。
|
||||
7. `設定`→`追加設定`→`開発者向けオプション`で、`OEMロック解除`、`USBデバッグ`、`USBデバッグ (セキュリティ設定)` を有効にします。
|
||||
8. **有効な**(※) Xiaomi アカウントでログインします。
|
||||
9. デバイスを優先でPCに接続します。
|
||||
10. `このPCからのUSBデバイスを常に許可する` にチェックを入れてから `>OK` を押します。
|
||||
|
||||
- ※ 上記の["アンロック要件"](#-アンロック要件)を確認して下さい。
|
||||
|
||||
11. スクリプトの指示に従い待機します。
|
||||
12. バインドが成功したら、[公式のロック解除ツール](https://www.miui.com/unlock/index.html)を使用して、解除が可能になるまでの待機時間を確認できます。
|
||||
13. 待機時間中は、デバイスを通常どおり使用し、SIM カードを挿入したままにし、Xiaomi アカウントからログアウトしたり、`デバイスを探す`をオフにしたりせず、ロックが正常に解除されるまでデバイスを再バインドしないでください。
|
||||
デバイスは定期的に`HeartBeat`パケットをサーバーに自動的に送信します。
|
||||
|
||||
## 📖 回避策
|
||||
|
||||
- 準備中...
|
||||
|
||||
## 🔖 FAQ
|
||||
|
||||
- Q: ロック解除ツールが依然として 168/360 (またはそれ以上) 時間待つように要求するのはなぜですか?
|
||||
- A: 原則として、この PoC は、Xiaomi が HyperOS に対して追加した追加の制限を回避するだけです。
|
||||
MIUI の制限に従う必要があります。
|
||||
|
||||
- Q: デバイスに `Couldn't verify, wait a minute or two and try again` と表示される。
|
||||
- A: これは正常であり、デバイス側のバインド要求はスクリプトによってブロックされます。
|
||||
実際のバインド結果は、スクリプトプロンプトの影響を受けます。
|
||||
|
||||
- Q: エラーコード `401` でバインドに失敗しました。
|
||||
- A: Xiaomi アカウントの認証情報の有効期限が切れているため、デバイスからログアウトして再度ログインする必要があります。
|
||||
|
||||
- Q: エラーコード `20086` でバインドに失敗しました。
|
||||
- A: デバイスの認証情報の有効期限が切れているため、デバイスを再起動する必要があります。
|
||||
|
||||
- Q: エラーコード `20090` または `20091` でバインドに失敗しました。
|
||||
- A: デバイスの `Security Device Credential Manager` 機能が破損しています。
|
||||
サポートについてはアフターサービスにお問い合わせください。
|
||||
|
||||
- Q: エラーコード `30001` でバインドに失敗しました。
|
||||
- A: デバイスは、Xiaomi によってアカウントの資格確認を強制されました。
|
||||
Xiaomi はずっと前に「オタク」の精神を失っており、それについて私たちにできることは何もありません。
|
||||
|
||||
- Q: エラーコード `86015` でバインドに失敗しました。
|
||||
- A: サーバーがバインド要求を拒否しました。もう一度試してください。
|
||||
|
||||
## ⚖️ ライセンス
|
||||
|
||||
ライセンスがない場合、このプロジェクトの使用のみが許可されます。
|
||||
このソフトウェア(およびリンクなど)のすべての著作権を許可なく削除または変更することはできません。
|
||||
このプロジェクトのすべての権利は、[MeowCat Studio](https://github.com/MeowCat-Studio)、[Meow Mobile](https://github.com/Meow-Mobile)、[NekoYuzu](https://github.com/MlgmXyysd) に帰属します。
|
||||
@ -1,107 +1,107 @@
|
||||
# Xiaomi HyperOS BootLoader Bypass
|
||||
|
||||
 [](README-zh.md)
|
||||
|
||||
A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community restrictions of BootLoader unlocked account bindings.
|
||||
|
||||
Feel free pull request if you want :)
|
||||
|
||||
## 💘 php-adb
|
||||
|
||||
The project proudly uses the [php-adb](https://github.com/MlgmXyysd/php-adb) library.
|
||||
|
||||
## ☕ Buy me a Coffee
|
||||
|
||||
✨ If you like my projects, you can buy me a coffee at:
|
||||
|
||||
- [爱发电](https://afdian.net/@MlgmXyysd)
|
||||
- [PayPal](https://paypal.me/MlgmXyysd)
|
||||
- [Patreon](https://www.patreon.com/MlgmXyysd)
|
||||
|
||||
## ⚠️ Warning
|
||||
|
||||
After unlocking the BootLoader, you may encounter the following situations:
|
||||
|
||||
- Software or hardware not working properly or even damaged.
|
||||
- Loss of data stored in the device.
|
||||
- Credit card theft, or other financial loss.
|
||||
|
||||
If you're experiencing any of the above, you should take all the responsibility yourself as this is the risk you may encounter when unlocking BootLoader. This obviously does not cover all risks. You've been warned.
|
||||
|
||||
- Warranty lost. Not only the base warranty, but some of the extra extended warranties (such as Mi Care or broken-screen warranty) that you have purchased may also be lost according to the exclusions provided by Xiaomi.
|
||||
- Hardware level self-destruct like Samsung Knox. TEE-related features will be permanently damaged. There is no way to restore other than by replacing the motherboard.
|
||||
- Functional anomalies after flashing a third-party system due to closed-source kernel source code.
|
||||
- Device or account banned by unlocking BootLoader.
|
||||
|
||||
If you're experiencing any of the above, consider yourself damned. Ever since Xiaomi restricted unlocking BootLoader, it has been against Xiaomi's 'geek' spirit and even the GPL. Xiaomi's restrictions on BootLoader unlocking are endless, and there's nothing we as developers can do about it.
|
||||
|
||||
## 📲 Unlocking requirements
|
||||
|
||||
- An valid device:
|
||||
- A unbanned\* Xiaomi, Redmi or POCO device.
|
||||
- Your device is running the official version of HyperOS.
|
||||
- (Update 2023/11/23) Your device is not forced to verify account qualification by Xiaomi.
|
||||
- An valid SIM card:
|
||||
- \* Except for tablets that cannot use SIM cards.
|
||||
- SIM card must not be out of service.
|
||||
- SIM card needs to be able to access the internet.
|
||||
- Only 2 devices per valid SIM card are allowed to be unlock to a valid SIM card within a three-month period.
|
||||
- An valid Xiaomi account:
|
||||
- A unbanned\* Xiaomi account.
|
||||
- Each account can only unlock 1 phone in a month and 3 phones in a year period.
|
||||
- You have read and understood the [Warning](#%EF%B8%8F-warning) above.
|
||||
|
||||
- \* According to the unlocking instructions provided by Xiaomi, it will prohibit some accounts and devices from using the unlocking tool, which is called "risk control".
|
||||
|
||||
## ⚙️ How to use
|
||||
|
||||
1. Download and install PHP 8.0+ for your system from the [official website](https://www.php.net/downloads).
|
||||
2. Enable OpenSSL and Curl extension in `php.ini`.
|
||||
3. Place `adb.php` in [php-adb](https://github.com/MlgmXyysd/php-adb) to the directory.
|
||||
4. Download [platform-tools](https://developer.android.com/studio/releases/platform-tools) and place them in `libraries`. *Note: Mac OS needs to rename `adb` to `adb-darwin`.*
|
||||
5. Open a terminal and use PHP interpreter to execute the [script](bypass.php).
|
||||
|
||||
- p.s. Releases has packaged the required files and click-to-run scripts.
|
||||
|
||||
6. Tap repeatedly on the `Settings - About Phone - MIUI Version` to enable `Development Options`.
|
||||
7. Enable `OEM Unlocking`, `USB Debugging` and `USB Debugging (Security Settings)` in `Settings - Additional Settings - Development Options`.
|
||||
8. Log in an _valid_\* Xiaomi account.
|
||||
9. Connect phone to PC via wired interface.
|
||||
10. Check `Always allow from this computer` and click `OK`.
|
||||
|
||||
- \* See "[Unlocking Requirements](#-Unlocking-requirements)" above.
|
||||
|
||||
11. Wait and follow the prompts of script.
|
||||
12. After successful binding, you can use the [official unlock tool](https://en.miui.com/unlock/index.html) to check the time you need to wait.
|
||||
13. During the waiting period, please use the device normally, keep the SIM card inserted, do not log out of your account or turn off `Find My Phone`, and do not re-bind the device until it is successfully unlocked. The device will automatically send `HeartBeat` packets to the server every once in a while.
|
||||
|
||||
## 📖 Workaround
|
||||
|
||||
- Undergoing maintenance...
|
||||
|
||||
## 🔖 FAQs
|
||||
|
||||
- Q: Why does the unlock tool still remind me to wait 168/360 (or more) hours?
|
||||
- A: By principle, this PoC only bypasses the restrictions added for HyperOS. You still need to comply with the restrictions for MIUI.
|
||||
|
||||
- Q: The device shows `Couldn't verify, wait a minute or two and try again`.
|
||||
- A: This is normal, the binding request on the device side has been blocked by our script. The actual binding result is subject to the script prompt.
|
||||
|
||||
- Q: Binding failed with error code `401`.
|
||||
- A: Your Xiaomi account credentials have expired, you need to log out and log in again in your device.
|
||||
|
||||
- Q: Binding failed with error code `20086`.
|
||||
- A: Your device credentials have expired, you need to reboot your device.
|
||||
|
||||
- Q: Binding failed with error code `20090` or `20091`.
|
||||
- A: Device's Security Device Credential Manager function failure, contact after-sales.
|
||||
|
||||
- Q: Binding failed with error code `30001`.
|
||||
- A: Your device has been forced to verify the account qualification by Xiaomi. Xiaomi lost its 'geek' spirit a long time ago, and there's nothing we can do about it.
|
||||
|
||||
- Q: Binding failed with error code `86015`.
|
||||
- A: The server has rejected this bind request, please try again.
|
||||
|
||||
## ⚖️ License
|
||||
|
||||
No license, you are only allowed to use this project. All copyright (and link, etc.) in this software is not allowed to be deleted or changed without permission. All rights are reserved by [MeowCat Studio](https://github.com/MeowCat-Studio), [Meow Mobile](https://github.com/Meow-Mobile) and [NekoYuzu](https://github.com/MlgmXyysd).
|
||||
# Xiaomi HyperOS BootLoader Bypass
|
||||
|
||||
 [](README-zh.md) [](README-ja.md)
|
||||
|
||||
A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community restrictions of BootLoader unlocked account bindings.
|
||||
|
||||
Feel free pull request if you want :)
|
||||
|
||||
## 💘 php-adb
|
||||
|
||||
The project proudly uses the [php-adb](https://github.com/MlgmXyysd/php-adb) library.
|
||||
|
||||
## ☕ Buy me a Coffee
|
||||
|
||||
✨ If you like my projects, you can buy me a coffee at:
|
||||
|
||||
- [爱发电](https://afdian.net/@MlgmXyysd)
|
||||
- [PayPal](https://paypal.me/MlgmXyysd)
|
||||
- [Patreon](https://www.patreon.com/MlgmXyysd)
|
||||
|
||||
## ⚠️ Warning
|
||||
|
||||
After unlocking the BootLoader, you may encounter the following situations:
|
||||
|
||||
- Software or hardware not working properly or even damaged.
|
||||
- Loss of data stored in the device.
|
||||
- Credit card theft, or other financial loss.
|
||||
|
||||
If you're experiencing any of the above, you should take all the responsibility yourself as this is the risk you may encounter when unlocking BootLoader. This obviously does not cover all risks. You've been warned.
|
||||
|
||||
- Warranty lost. Not only the base warranty, but some of the extra extended warranties (such as Mi Care or broken-screen warranty) that you have purchased may also be lost according to the exclusions provided by Xiaomi.
|
||||
- Hardware level self-destruct like Samsung Knox. TEE-related features will be permanently damaged. There is no way to restore other than by replacing the motherboard.
|
||||
- Functional anomalies after flashing a third-party system due to closed-source kernel source code.
|
||||
- Device or account banned by unlocking BootLoader.
|
||||
|
||||
If you're experiencing any of the above, consider yourself damned. Ever since Xiaomi restricted unlocking BootLoader, it has been against Xiaomi's 'geek' spirit and even the GPL. Xiaomi's restrictions on BootLoader unlocking are endless, and there's nothing we as developers can do about it.
|
||||
|
||||
## 📲 Unlocking requirements
|
||||
|
||||
- An valid device:
|
||||
- A unbanned\* Xiaomi, Redmi or POCO device.
|
||||
- Your device is running the official version of HyperOS.
|
||||
- (Update 2023/11/23) Your device is not forced to verify account qualification by Xiaomi.
|
||||
- An valid SIM card:
|
||||
- \* Except for tablets that cannot use SIM cards.
|
||||
- SIM card must not be out of service.
|
||||
- SIM card needs to be able to access the internet.
|
||||
- Only 2 devices per valid SIM card are allowed to be unlock to a valid SIM card within a three-month period.
|
||||
- An valid Xiaomi account:
|
||||
- A unbanned\* Xiaomi account.
|
||||
- Each account can only unlock 1 phone in a month and 3 phones in a year period.
|
||||
- You have read and understood the [Warning](#%EF%B8%8F-warning) above.
|
||||
|
||||
- \* According to the unlocking instructions provided by Xiaomi, it will prohibit some accounts and devices from using the unlocking tool, which is called "risk control".
|
||||
|
||||
## ⚙️ How to use
|
||||
|
||||
1. Download and install PHP 8.0+ for your system from the [official website](https://www.php.net/downloads).
|
||||
2. Enable OpenSSL and Curl extension in `php.ini`.
|
||||
3. Place `adb.php` in [php-adb](https://github.com/MlgmXyysd/php-adb) to the directory.
|
||||
4. Download [platform-tools](https://developer.android.com/studio/releases/platform-tools) and place them in `libraries`. *Note: Mac OS needs to rename `adb` to `adb-darwin`.*
|
||||
5. Open a terminal and use PHP interpreter to execute the [script](../bypass.php).
|
||||
|
||||
- p.s. Releases has packaged the required files and click-to-run scripts.
|
||||
|
||||
6. Tap repeatedly on the `Settings - About Phone - MIUI Version` to enable `Development Options`.
|
||||
7. Enable `OEM Unlocking`, `USB Debugging` and `USB Debugging (Security Settings)` in `Settings - Additional Settings - Development Options`.
|
||||
8. Log in an _valid_\* Xiaomi account.
|
||||
9. Connect phone to PC via wired interface.
|
||||
10. Check `Always allow from this computer` and click `OK`.
|
||||
|
||||
- \* See "[Unlocking Requirements](#-Unlocking-requirements)" above.
|
||||
|
||||
11. Wait and follow the prompts of script.
|
||||
12. After successful binding, you can use the [official unlock tool](https://en.miui.com/unlock/index.html) to check the time you need to wait.
|
||||
13. During the waiting period, please use the device normally, keep the SIM card inserted, do not log out of your account or turn off `Find My Phone`, and do not re-bind the device until it is successfully unlocked. The device will automatically send `HeartBeat` packets to the server every once in a while.
|
||||
|
||||
## 📖 Workaround
|
||||
|
||||
- Undergoing maintenance...
|
||||
|
||||
## 🔖 FAQs
|
||||
|
||||
- Q: Why does the unlock tool still remind me to wait 168/360 (or more) hours?
|
||||
- A: By principle, this PoC only bypasses the restrictions added for HyperOS. You still need to comply with the restrictions for MIUI.
|
||||
|
||||
- Q: The device shows `Couldn't verify, wait a minute or two and try again`.
|
||||
- A: This is normal, the binding request on the device side has been blocked by our script. The actual binding result is subject to the script prompt.
|
||||
|
||||
- Q: Binding failed with error code `401`.
|
||||
- A: Your Xiaomi account credentials have expired, you need to log out and log in again in your device.
|
||||
|
||||
- Q: Binding failed with error code `20086`.
|
||||
- A: Your device credentials have expired, you need to reboot your device.
|
||||
|
||||
- Q: Binding failed with error code `20090` or `20091`.
|
||||
- A: Device's Security Device Credential Manager function failure, contact after-sales.
|
||||
|
||||
- Q: Binding failed with error code `30001`.
|
||||
- A: Your device has been forced to verify the account qualification by Xiaomi. Xiaomi lost its 'geek' spirit a long time ago, and there's nothing we can do about it.
|
||||
|
||||
- Q: Binding failed with error code `86015`.
|
||||
- A: The server has rejected this bind request, please try again.
|
||||
|
||||
## ⚖️ License
|
||||
|
||||
No license, you are only allowed to use this project. All copyright (and link, etc.) in this software is not allowed to be deleted or changed without permission. All rights are reserved by [MeowCat Studio](https://github.com/MeowCat-Studio), [Meow Mobile](https://github.com/Meow-Mobile) and [NekoYuzu](https://github.com/MlgmXyysd).
|
||||
Loading…
Reference in New Issue