Hey Guys, This is Aryan (TechyMinati @An ASP) as We know, These days everyone is keen to install Custom ROMs & Recovery in their Devices, Sometimes the thing goes well and sometimes the devices HardBricks. Here we are basically talking about the Xiaomi Mediatek Devices & Their Fate.
Mediatek Devices have Download Mode or DA Mode, Which allows you to revive your devices even if it is hardbricked, So whats the error now ?
The case with Xiaomi Mediatek devices is entirely different, you cant flash your device without Mi Authorized Account or can be simply called Server Side SLA(Serial Link Authorization)
Lets Take a Deep Insight into working of this Mi Authorized Account
For those unaware, SP Flash Tools, short for SmartPhone Flash Tool is a tool that MediaTek distributes that allows flashing the OEM firmware back onto a MediaTek device, in case something goes wrong. Now, in this “hard-brick” condition, the device is able to enter the BROM “emergency-download” mode (EDL, for short). If you remember, BROM may implement security to prevent unauthorized modification to the device.
Most manufacturers implement very basic security; there are 2 main BROM security implementations:
SLA (Serial Link Authorization)
DAA (Download Agent Authorization)
A MediaTek device can have none, either or both. Usually a slightly modified version of the flash tool which contains a few secrets is enough to let anyone re-flash the device. Let’s quickly understand what these implementations are like and how they differ.
BROM exposes UART to communicate. In both cases, the device will generate a few random bytes which must be “decrypted” or simply processed to create a new string. If BROM validates the string, it’ll allow the host to issue many more instructions without errors, such as jumping to addresses or writing partitions. The difference between the two is, in SLA, BootROM performs the checks and in DAA, Download Agent (DA) performs the check. Download Agent is loaded by SP Flash Tool. On devices that implement SLA, you cannot load a DA file without completing the SLA challenge. On devices that implement DAA, the challenge is done by DA and a modified DA file is enough to bypass security (That is, assuming you manage to reverse things or have the BSP).
Whats Worse Now? Xiaomi Mediatek Devices Have SLA !
Xiaomi has special accounts (called Mi Authorized Accounts) that are given to service centers for repairing devices. These accounts are capable of requesting Authorization tokens to unlock BROM download on MediaTek devices (and other EDL equivalents for Qualcomm devices). Something that can be very easily fixed by a consumer and/or developer, is locked to service centers.
So How This Mi Authorized Account Work? How data exchange takes place to allow BROM to Proceed ?
Well with Mi Auth, The device generates 16 bytes of data and sends it to the server. The server checks if your account has authorization and returns 256 bytes of data. If the data is correct, BROM continues. Else it traps itself in an infinite loop, until it times-out due to no-command and reboots.
Our Beloved Friend @Agent_fabulous created a python script that imitates the same way the Mi Auth Works, But Sadly it doesnt work as of now. Your Can find the script here
A Ray Of Hope : Modified Preloader
Back in March 2020, When I got my Redmi 6A Bricked , I tried alot of ways to revive it , I ended up paying some bucks to shady guys on internet who revived my device via Mi Auth Over Remote Session Using TeamViewer. And More Sad part is most Xiaomi Service Centers don't know a single thing about Mi Auth, All they know is to replace motherboard LOL. Ah Noobs Everywhere.
After I revived my device , I began to think of making Antibrick that begonia already have ( Ah again thanks to @Agent_fabulous for his works) , Meanwhile, I found out the factory firmware for Redmi 6 & 6A., You see, every OEM receives a BSP for their platform of choice from the SoC manufacturer. Usually, the OEM will boot a clean version of this BSP on their hardware to get everything working, before the product team can start porting out the “skin” of Android that they advertise and ship their products with. This clean-version of the BSP build is often referred to as the “final factory firmware”.
We have factory firmware now ! Whats Next ?
After getting the factory rom, The thing you need to do first is boot that ROM safely in your devices (Note : If your phone is already hardbricked than this factory fw doesnt help, its for creating antibricks and other stuffs. ).
-You can boot your device to fastboot and fastboot flash all partitions from factory ROM
-after that turn off the device, attach it to your PC or Linux Machine)
-And Run dmesg on your device
-And Let device automatically power On.
Now if you see it register a cdc_acm device with description as MT65XX Preloader, Man You have Succeeded & Can flash without Mi Auth on that preloader.
After that try installing Any Other ROM, Say MemeUi 11, (Remember Dont Flash MIUI Preloader), Now extract Preloader & You Can Make a Flashable Zip xD. As Long as You are on that preloader, You have no worries , You can flash any ROM via SP Flash tool without any fancy auth.
Hope You Understood that What is Mi Auth & How it works on Mediatek Devices & How you can prepare a AntiBrick.
Press Thanks On this Thread xD
Credits:-
@Agent_fabulous (Mr. Kshitij ) for making me aware about Antibrick and How to prepare it. [He is developer from begonia Who Implemented VoLTE on Mediatek Chipset Based Device Redmi Note 8Pro ; He made antibrick too ; His Article Here (from which I've learned alot about Mi Auth)]
@An ASP (Aryan Sinha ; also known as TechyMinati) Making this article & Gathering info about Mi Auth .
I recommend you to give this XDA article a read, too!
We have factory firmware now ! Whats Next ?
After getting the factory rom, The thing you need to do first is boot that ROM safely in your devices (Note : If your phone is already hardbricked than this factory fw doesnt help, its for creating antibricks and other stuffs. ).
-You can boot your device to fastboot and fastboot flash all partitions from factory ROM
-after that turn off the device, attach it to your PC or Linux Machine)
-And Run dmesg on your device
-And Let device automatically power On.
Now if you see it register a cdc_acm device with description as MT65XX Preloader, Man You have Succeeded & Can flash without Mi Auth on that preloader.
After that try installing Any Other ROM, Say MemeUi 11, (Remember Dont Flash MIUI Preloader), Now extract Preloader & You Can Make a Flashable Zip xD. As Long as You are on that preloader, You have no worries , You can flash any ROM via SP Flash tool without any fancy auth
Click to expand...
Click to collapse
Can you please make an "easy-to-understand" step-by-step guide for noob like me? With download link of course xD, like this one https://forum.xda-developers.com/redmi-note-8-pro/development/rom-crdroid-6-x-t4124805/amp/
Thanks
adi4ntn said:
Can you please make an "easy-to-understand" step-by-step guide for noob like me? With download link of course xD, like this one https://forum.xda-developers.com/redmi-note-8-pro/development/rom-crdroid-6-x-t4124805/amp/
Thanks
Click to expand...
Click to collapse
Hey There, Here I'm talking about all Mediatek Devices, Creating Antibrick for all devices is a tough task. And I cannot do it alone. Show this guide to your respective device related developer. He will understand it for sure. Thanks
TechyMinati said:
Hey Guys, This is Aryan (TechyMinati @An ASP) as We know, These days everyone is keen to install Custom ROMs & Recovery in their Devices, Sometimes the thing goes well and sometimes the devices HardBricks. Here we are basically talking about the Xiaomi Mediatek Devices & Their Fate.
Mediatek Devices have Download Mode or DA Mode, Which allows you to revive your devices even if it is hardbricked, So whats the error now ?
The case with Xiaomi Mediatek devices is entirely different, you cant flash your device without Mi Authorized Account or can be simply called Server Side SLA(Serial Link Authorization)
Lets Take a Deep Insight into working of this Mi Authorized Account
For those unaware, SP Flash Tools, short for SmartPhone Flash Tool is a tool that MediaTek distributes that allows flashing the OEM firmware back onto a MediaTek device, in case something goes wrong. Now, in this “hard-brick” condition, the device is able to enter the BROM “emergency-download” mode (EDL, for short). If you remember, BROM may implement security to prevent unauthorized modification to the device.
Most manufacturers implement very basic security; there are 2 main BROM security implementations:
SLA (Serial Link Authorization)
DAA (Download Agent Authorization)
A MediaTek device can have none, either or both. Usually a slightly modified version of the flash tool which contains a few secrets is enough to let anyone re-flash the device. Let’s quickly understand what these implementations are like and how they differ.
BROM exposes UART to communicate. In both cases, the device will generate a few random bytes which must be “decrypted” or simply processed to create a new string. If BROM validates the string, it’ll allow the host to issue many more instructions without errors, such as jumping to addresses or writing partitions. The difference between the two is, in SLA, BootROM performs the checks and in DAA, Download Agent (DA) performs the check. Download Agent is loaded by SP Flash Tool. On devices that implement SLA, you cannot load a DA file without completing the SLA challenge. On devices that implement DAA, the challenge is done by DA and a modified DA file is enough to bypass security (That is, assuming you manage to reverse things or have the BSP).
Whats Worse Now? Xiaomi Mediatek Devices Have SLA !
Xiaomi has special accounts (called Mi Authorized Accounts) that are given to service centers for repairing devices. These accounts are capable of requesting Authorization tokens to unlock BROM download on MediaTek devices (and other EDL equivalents for Qualcomm devices). Something that can be very easily fixed by a consumer and/or developer, is locked to service centers.
So How This Mi Authorized Account Work? How data exchange takes place to allow BROM to Proceed ?
Well with Mi Auth, The device generates 16 bytes of data and sends it to the server. The server checks if your account has authorization and returns 256 bytes of data. If the data is correct, BROM continues. Else it traps itself in an infinite loop, until it times-out due to no-command and reboots.
Our Beloved Friend @Agent_fabulous created a python script that imitates the same way the Mi Auth Works, But Sadly it doesnt work as of now. Your Can find the script here
A Ray Of Hope : Modified Preloader
Back in March 2020, When I got my Redmi 6A Bricked , I tried alot of ways to revive it , I ended up paying some bucks to shady guys on internet who revived my device via Mi Auth Over Remote Session Using TeamViewer. And More Sad part is most Xiaomi Service Centers don't know a single thing about Mi Auth, All they know is to replace motherboard LOL. Ah Noobs Everywhere.
After I revived my device , I began to think of making Antibrick that begonia already have ( Ah again thanks to @Agent_fabulous for his works) , Meanwhile, I found out the factory firmware for Redmi 6 & 6A., You see, every OEM receives a BSP for their platform of choice from the SoC manufacturer. Usually, the OEM will boot a clean version of this BSP on their hardware to get everything working, before the product team can start porting out the “skin” of Android that they advertise and ship their products with. This clean-version of the BSP build is often referred to as the “final factory firmware”.
We have factory firmware now ! Whats Next ?
After getting the factory rom, The thing you need to do first is boot that ROM safely in your devices (Note : If your phone is already hardbricked than this factory fw doesnt help, its for creating antibricks and other stuffs. ).
-You can boot your device to fastboot and fastboot flash all partitions from factory ROM
-after that turn off the device, attach it to your PC or Linux Machine)
-And Run dmesg on your device
-And Let device automatically power On.
Now if you see it register a cdc_acm device with description as MT65XX Preloader, Man You have Succeeded & Can flash without Mi Auth on that preloader.
After that try installing Any Other ROM, Say MemeUi 11, (Remember Dont Flash MIUI Preloader), Now extract Preloader & You Can Make a Flashable Zip xD. As Long as You are on that preloader, You have no worries , You can flash any ROM via SP Flash tool without any fancy auth.
Hope You Understood that What is Mi Auth & How it works on Mediatek Devices & How you can prepare a AntiBrick.
Press Thanks On this Thread xD
Credits:-
@Agent_fabulous (Mr. Kshitij ) for making me aware about Antibrick and How to prepare it. [He is developer from begonia Who Implemented VoLTE on Mediatek Chipset Based Device Redmi Note 8Pro ; He made antibrick too ; His Article Here (from which I've learned alot about Mi Auth)]
@An ASP (Aryan Sinha ; also known as TechyMinati) Making this article & Gathering info about Mi Auth .
I recommend you to give this XDA article a read, too!
Click to expand...
Click to collapse
Thank you for this information. I have hard bricked my Redmi 6. It requires 'Authorized Mi Account' while flashing. Can you please help me out by providing a solution with steps and links?
sarthak_iitd23 said:
Thank you for this information. I have hard bricked my Redmi 6. It requires 'Authorized Mi Account' while flashing. Can you please help me out by providing a solution with steps and links?
Click to expand...
Click to collapse
Hey since You were on MIUI Preloader , You'll need Mi Authorised Account to flash it , Or Visit Service Center ! Thanks
TechyMinati said:
Hey since You were on MIUI Preloader , You'll need Mi Authorised Account to flash it , Or Visit Service Center ! Thanks
Click to expand...
Click to collapse
where can i find a trusted user?
Thx
UPDATE!
We can disable SLA and DAA with https://github.com/MTK-bypass/bypass_utility
See It’s now easy to bypass MediaTek’s SP Flash Tool authentication
Dev thread is at MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility
https://megafon929.github.io/mtk
A tutorial can be found at [Tutorial] How to flash an MTK secure boot device without a custom DA
and tutorial for Xiaomi Redmi Note 9(merlin) can be found at https://forum.xda-developers.com/t/...d-flash-in-edl-with-no-auth-for-free.4229683/
Thanks
Related
Hello All,
I've found a solution for unbrick Redmi Note 5 Pro caused by AntiRoll Back..
Things You Needed !!
1. Open browser and login to the MIUI Forum. Post MI ID there cuz Authorized Mi ID Needed for Flashing. (Use Google Transtlate)
http://en.miui.com/a-234.html
3.Qualcomm HS-USB QDLoader 9008 ( If Already Installed Don't Mind) ...> https://goo.gl/9E3bKq
4. Use This MiFlash Tool ...> http://https://c.mi.com/forum.php?mod=attachment&aid=MjY3MDA2N3xiNDQzMzE2YXwxNTMxNTM2NjQ1fDB8MTIyMDk4OQ%3D%3D
5.Mind..:laugh:
Step 1 :-
Download latest MIUI 10 Fastboot ROM And Extract It. tgz to zip.
Step 2 :-
Download and install Qualcomm Hs-USB QDLoader 9008 Drivers
Step 3 :-
Connect your device to your PC via TestPoint If You don't know
check this thread http://en.miui.com/thread-2171064-1-1.html:good:
Step 4:-
Download and extract MiFlash Tool v2018.5.28.0
Open MiFlash Tool
Browse ROM Folder - OK
Start Flash..:good:
Ster 5 :-
Login to Your Mi Account which is binded with the device. Otherwise couldn't flash your device !
After Login Flash Without Any ERRORS !
--- HAPPY FLASHING --
Don't Say Thanks.. Hit THANKS Button for Supporting Me:laugh::laugh:
did you succeed?
ling mi flash eror
Dimas Aji Prasetyo said:
ling mi flash eror
Click to expand...
Click to collapse
_en.miui.com/forum.php?mod=viewthread&tid=3014918&highlight=MiFlash%2BTool%2Bv2018.5.28.0
Test Point method Voids Warranty AFAIK
So, try only if you don't have access to any Xiaomi Service Center
Official Service Centers unbrick your phones for free within warranty
Instead of this try n see if Deep Flash Cable method works
Redmi note 5 whyred rollback
unauthorized xiaomi acount, wwhy?
Dimas Aji Prasetyo said:
unauthorized xiaomi acount, wwhy?
Click to expand...
Click to collapse
You need to get authorization by applying in the MIUI forum. You can get the link in the other thread.
Bricked
This solution not work for me! My devices was bricked but PC still recognize EDL 9008 Com port. When press flash, Miflash said: "cannot receive hello packet"
Check this thread
http://en.miui.com/thread-2171064-1-1.html
it hasn't worked for anyone i know so far. waiting fro PM or notifictaion from russian forum. will try again. maybe then will send notification when they add th account
UID Authorization
Why do you have permissions to give authorization to the users ID? Youre going to give the instructions to each repply to your post or youre going to wait until July 16?
Thanks for your work, im very depressed because i bricked a brand new phone and i selled the old .
[QUOTE="palarcon, post: 77074185, member: 6643300"]Why do you have permissions to give authorization to the use
uid or mi id?
deleted
Maxxash said:
The instruction provided in the post is useless for the devices bricked with the latest ARB implementation by Xiaomi since these devices would not send a hello packet in EDL mode. The op just reposted the info from the old miui.com thread that has nothing to do with the current situation.
Click to expand...
Click to collapse
It works with the provited miui flash tool, start to flash bu ask for mi credentials and stop the download for "unauthorized user".
palarcon said:
It works with the provited miui flash tool, start to flash bu ask for mi credentials and stop the download for "unauthorized user".
Click to expand...
Click to collapse
Ok, sounds reasonable, at least we'll see. Sorry for the inconvenience to op and everyone. Looks like i better delete my probably misinforming post
i have the same probleme
posted on wrong thread
posted on wrong thread
How come service centre guys unbrick the device. Is there any possibility to modify the miflashtool to bypass edl authentication?
Rishab kaushik said:
How come service centre guys unbrick the device. Is there any possibility to modify the miflashtool to bypass edl authentication?
Click to expand...
Click to collapse
They replace the motherboard. All people that i know of who have visited service center got their motherboard replaced
Sent from my Redmi Note 5 Pro using Tapatalk
LOL, so stupid of Xiaomi to implement ARB protection this way (btw, NOT like google intended to use it...)... hope that they will have to pay for/replace thousands of motherboards so they will notice how badly they screwed up... it´s just ridiculous..
Hello everyone, currently after my bad decision to flash keymaster file form Note 7, my Note 7 Pro is dead and don't have heart beat.
After a while I see only EDL working via testpoint on back cover. Now am stuck between two option to pay 30$ for auth. account or find emmc file.
I know nothing is free but i will try to find emmc firehose mbn file. If anyone have idea where can find be kind to share with me. Thanks in advance!
I think the name of the file will be prog_emmc_firehose_Sdm675_ddr.mbn or prog_emmc_firehose_Sdm6150_ddr.mbn
b0nb0n3v said:
Hello everyone, currently after my bad desiciot to flash keymaster file form Note 7, my Note 7 Pro is dead and don't have heart beat.
After a while I see only EDL woriking via testping on backcover. Now am stuck between two option to pay 30$ for auth. account or find emmc file.
I know nothing is free but i will try to find emmc firehose mbn file. If anyone have idea where can find be kind to share with me. Thanks in advance!
I think the name of the file will be prog_emmc_firehose_Sdm675_ddr.mbn or prog_emmc_firehose_Sdm6150_ddr.mbn
Click to expand...
Click to collapse
It will available in fastboot rom right ? ?
urstrulynaveen said:
It will available in fastboot rom right ? ?
Click to expand...
Click to collapse
No, no light, no vibration - nothing. Only EDL via testpins work, but need auth. account for flash. I think have another way to revive. I will wait some guru to see this thread.
I don't know did available to switch from EDL to fastboot?
b0nb0n3v said:
No, no light, no vibration - nothing. Only EDL via testpins work, but need auth. account for flash. I think have another way to revive. I will wait some guru to see this thread.
I don't know did available to switch from EDL to fastboot?
Click to expand...
Click to collapse
This happend to me also i searched whole internet but sadly their is no firehose file for our violet available to bypass edl auth. I suggest the best way to reach nearest service center they flash it with mi flash via testpoints and its cheap not so coastly. Dont try to flash by your side alone u may trash ur partition tables situations may get worse.
Same here I don’t have any hope for this trash. Never gonna by a Xiaomi again. I remember in old redmi phones you didn’t need auth to flash edl
---------- Post added at 09:20 AM ---------- Previous post was at 09:19 AM ----------
There was a Russian selling me auth account for 10$ but I bet he’s gonna scam so I didn’t try.
Anyway. Let me know if you find the firehose file or anything.
DeveloperOne said:
Same here I don’t have any hope for this trash. Never gonna by a Xiaomi again. I remember in old redmi phones you didn’t need auth to flash edl
---------- Post added at 09:20 AM ---------- Previous post was at 09:19 AM ----------
There was a Russian selling me auth account for 10$ but I bet he’s gonna scam so I didn’t try.
Anyway. Let me know if you find the firehose file or anything.
Click to expand...
Click to collapse
Yes they are scamers and they use TeamViewer which may lead to hack your computer. So better is to rush on service center. Those good old days of redmi phones will never come back they are imposing more and more restrictions to devices.
my violet is dead !
my phones is also dead ....was trying to get back to miui 11 (android 9)from covrvus 6.5(android 10) because no sensors were working in corvus !
i got miui 11 but wifi was not working and sensors too ! tried flaashing many fastboot roms from offical miui sites but non of them fixed senors and wifi ! ...then tried flashing with old miflashtool probably 2014 version ... then flash system error came while flashing fastboot rom violet ....
then phone got switched off automaticaly ! and never started since then !
i looked up everything flashing with edl mode !
in miflashtool
earlier when bootloader it was showing "ceeee0ccc0" device name
now in miflashtool it is showing "COM20" or"COM10"
when i am flashing fastboot rom latest one with latest flashtool
it is showing "packet receive something something..." call paket ...etc
some time it shows "edl auth " then it ask to sign in my account after login ..
"Your Acount is bined to this system " but later ""Your account is not authorised for this operation !"
and hence the flashing stops with error !
if someone is seriously readying this you can reply and ask for screenshots
please ! i have lost all hopes ! i need some guidence and lil help !
I looked a way to bypass edl auth ...
but the video was of Redmi note 7 ! not pro
in there he used
some file "prog_emmc_firehose_Sdm610_ddr.mbn" somehing like that ...
he placed this file in images folder !
it skipped the edl auth ...and flashing continued !
maybe if i can get file
prog_emmc_firehose_Sdm675_ddr.mbn something like that of my phone
violet version for my chipset
maybe i can skip too auth edl ....
dont know ! just help please !
kankurcool said:
my phones is also dead ....was trying to get back to miui 11 (android 9)from covrvus 6.5(android 10) because no sensors were working in corvus !
i got miui 11 but wifi was not working and sensors too ! tried flaashing many fastboot roms from offical miui sites but non of them fixed senors and wifi ! ...then tried flashing with old miflashtool probably 2014 version ... then flash system error came while flashing fastboot rom violet ....
then phone got switched off automaticaly ! and never started since then !
i looked up everything flashing with edl mode !
in miflashtool
earlier when bootloader it was showing "ceeee0ccc0" device name
now in miflashtool it is showing "COM20" or"COM10"
when i am flashing fastboot rom latest one with latest flashtool
it is showing "packet receive something something..." call paket ...etc
some time it shows "edl auth " then it ask to sign in my account after login ..
"Your Acount is bined to this system " but later ""Your account is not authorised for this operation !"
and hence the flashing stops with error !
if someone is seriously readying this you can reply and ask for screenshots
please ! i have lost all hopes ! i need some guidence and lil help !
I looked a way to bypass edl auth ...
but the video was of Redmi note 7 ! not pro
in there he used
some file "prog_emmc_firehose_Sdm610_ddr.mbn" somehing like that ...
he placed this file in images folder !
it skipped the edl auth ...and flashing continued !
maybe if i can get file
prog_emmc_firehose_Sdm675_ddr.mbn something like that of my phone
violet version for my chipset
maybe i can skip too auth edl ....
dont know ! just help please !
Click to expand...
Click to collapse
Bro sadly there is no firehose file for violet. I had same issue earlier only solution is to go service center. They flash in edl takes just 10 mins charge around 180 rupees. U may try flashing via umt dongle or miracle thunder but i never recommendes that.
My RN7pro got also dead, I had to pay 1200rs to revive this phone by local mobile repairer. They flash it with UFI box. I made mistake no to go authorised service center. That technician looted me.
b0nb0n3v said:
No, no light, no vibration - nothing. Only EDL via testpins work, but need auth. account for flash. I think have another way to revive. I will wait some guru to see this thread.
I don't know did available to switch from EDL to fastboot?
Click to expand...
Click to collapse
hey dude can u pls help me? im on the same boat which u were on. i dont find that patched up emmc file of note 7 pro. flashing with the stock rom showing error in quolcomn softwares as well in mi flasher tool. pls help what to do now
I have an OPPO A73 CPH2095 6GB RAM, 128GB ROM, Qualcomm SM6115 Snapdragon 662 (11 nm) running Android 10, ColorOS 7.2. I have forgotten the 6 digit PIN.
Please I cannot use google recovery as I do not have any google account logged in on the device. I just bought the device on march was just using it for photo.
I do not mind losing my files, all I want is to gain access back to my device. I have tried unlocking with Miracle box but I keep on getting
CPUID 0xblablahblah
CPU 0xblablahblah
Flash your stock ROM through MSM Tool, you can't recover data form it.
You'll need the correct drivers to do that, and be sure you're flashing your device specific ROM.
XDHx86 said:
Flash your stock ROM through MSM Tool, you can't recover data form it.
You'll need the correct drivers to do that, and be sure you're flashing your device specific ROM.
Click to expand...
Click to collapse
Please how do I find my device specific ROM, I have downloaded MSM tool.
Can you point me to resources to get me started.
Request it from OEM.
Here you go mate => https://support.oppo.com/in/software-update/software-download/?m=A73(CPH2095)
Hello guys, I'd like to ask if Poco X3 Pro will ever get a Patched (No Auth) Firehose file?
I'm not new to modding however it has been a couple of years since I last installed custom roms on my phone (Way back Android 6.0 days) and based on experience, unbricking has always been easy and accessible.
But with my new Poco X3 Pro, I read that Xiaomi requires Authorized Account when flashing with EDL. I've seen in some forums that some managed to patch the Firehose (Loader) file of other Xiaomi devices. Hence, I'm asking if there would ever be a possibility that someone could patch a Firehose file to bypass Auth.
I also looking for the patched
prog_ufs_firehose_sm7150_ddr.elf
the original (non patched) file is attached
prog_ufs_firehose_sm7150_ddr
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
lyqas said:
I also looking for the patched
prog_ufs_firehose_sm7150_ddr.elf
the original (non patched) file is attached
prog_ufs_firehose_sm7150_ddr
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
Click to expand...
Click to collapse
This kinda confused me a bit after downloading the official firmware. As far as I know (correct me if I'm wrong) our device should be SM8150 (not sure if it is SM8150AC) but I'm confused as to why it ks SM7150 in the firmware of our device.
But regardless, it would be nice if someone is able to modify the firehose file to no longer require authorization when it comes to flashing through edl.
It would be nice to save a lot of bricked Poco X3 Pros in the community without having people be at risk of getting scammed by "people with auth accounts."
Via hex-mode we can see in the elf file:
IMAGE_VARIANT_STRING=SDM855LA
OEM_IMAGE_VERSION_STRING=c5-xm-ota-bd031.bj
QC_IMAGE_VERSION_STRING=BOOT.XF.3.0-00571-SM8150LZB-4
just found our files here
GitHub - Chernobylll/FireHouse_UFS
Contribute to Chernobylll/FireHouse_UFS development by creating an account on GitHub.
github.com
but no success with them yet
and all elfs there are identical
lyqas said:
just found our files here
GitHub - Chernobylll/FireHouse_UFS
Contribute to Chernobylll/FireHouse_UFS development by creating an account on GitHub.
github.com
but no success with them yet
and all elfs there are identical
Click to expand...
Click to collapse
I've been really busy with school lately and can't really focus efforts on understanding the programmer file, let alone patching them. Wish someone would take a dip into patching it (which is difficult as the flash tool checks for the signatures of the programmer file).
jalter1213 said:
Hello guys, I'd like to ask if Poco X3 Pro will ever get a Patched (No Auth) Firehose file?
I'm not new to modding however it has been a couple of years since I last installed custom roms on my phone (Way back Android 6.0 days) and based on experience, unbricking has always been easy and accessible.
But with my new Poco X3 Pro, I read that Xiaomi requires Authorized Account when flashing with EDL. I've seen in some forums that some managed to patch the Firehose (Loader) file of other Xiaomi devices. Hence, I'm asking if there would ever be a possibility that someone could patch a Firehose file to bypass Auth.
Click to expand...
Click to collapse
Hi
You Can Request Bootloader Unlock and after 7 days unlock your phone you can flash everything in fastboot mode.
as alternative i can suggest you Xiaomi Pro tool it cost 5 credits and flash what you want to your phone
I have Unbricked My poco X3 pro From EDL with this tool 3 Days Ago
jalter1213 said:
I've been really busy with school lately and can't really focus efforts on understanding the programmer file, let alone patching them. Wish someone would take a dip into patching it (which is difficult as the flash tool checks for the signatures of the programmer file).
Click to expand...
Click to collapse
This is 64-bit arm ELF static stripped executable with vxworks RTOS signature, maybe it executed in that OS. It will be rather hard to understand how it works. I think firstly you need to get symbols names from vxworks symbol table, which is included in firehose, according to binwalk output
But still there can be firehose verification on the phone side(likely there is, because I cant load edited firehose with one edited byte in one of strings)
dashti.95 said:
Hi
You Can Request Bootloader Unlock and after 7 days unlock your phone you can flash everything in fastboot mode.
as alternative i can suggest you Xiaomi Pro tool it cost 5 credits and flash what you want to your phone
I have Unbricked My poco X3 pro From EDL with this tool 3 Days Ago
Click to expand...
Click to collapse
Where buy credit with PayPal for this tool?
ajanco said:
Where buy credit with PayPal for this tool?
Click to expand...
Click to collapse
Google this *Xiaomi Pro tool credit*
dashti.95 said:
Hi
You Can Request Bootloader Unlock and after 7 days unlock your phone you can flash everything in fastboot mode.
as alternative i can suggest you Xiaomi Pro tool it cost 5 credits and flash what you want to your phone
I have Unbricked My poco X3 pro From EDL with this tool 3 Days Ago
Click to expand...
Click to collapse
it depends on the exact case. For ex. if integrity of low-level systems such as chain loaders is broken, you MUST flash all this things in edl mode and then you will be able to boot to fastboot and flash other components
.
I need patched firehose (without auth account) for x3 nfc.
dashti.95 said:
Hi
You Can Request Bootloader Unlock and after 7 days unlock your phone you can flash everything in fastboot mode.
as alternative i can suggest you Xiaomi Pro tool it cost 5 credits and flash what you want to your phone
I have Unbricked My poco X3 pro From EDL with this tool 3 Days Ago
Click to expand...
Click to collapse
I'm not able to register to xiaomi pro tool
Can I borrow your pro tool.I'll refill the credits please.
I need to unbricked my poco x3 pro.
I also have a bricked poco x3 pro. are you able to find a patched firehose?
hi, i updated my phone to MIUI 13.0.3 android 12 and i've noticed a bug that made all the apps that are using the camera like instagram and snapchat take blurry pictures like an effect getting applied to the pictures taken by those apps (everything normal in my stock camera app) so i decided to use MiFlash tool to flash the previous android version on my phone but i bricked my phone instead i flashed a global rom while my phone is the chinese market version and accidently checked the ClearData+lock Device check box in MiFlash. the tool flashed the rom successfully but when the phone restarted it showed me a message saying that this rom cannot be installed on this device in recovery mode i couldn't do anything after cuz the bootloader got locked too T i tried everything to unlock it (mtk Client - bootloader unlocker+ adb fastboot + Xiaomi Unlock app ...). please help me is there any way i can fix my phone and what is the righ Rom to flash on my phone (Redmi Note 11 Pro 5G China (21091116C - Pissarro). thnx
friend I'm not a star I tell you how things are 1) you can't go back with another Rom only china 2) anti-roll-back 3) MiCloud you have to disable it you can try MiflashV2 there is also to unlock the bootloader it does everything even the firmware remember if the firmware does not start. important not only china also not china for updates remember first you do the factory reset put google account do not update any app except google drive backup with drive if it has arrived update it is better by setting the time instead of downloading the package the problem is when the update occurs it fails to close all active apps and then there is MiCloud that blocks. Best wishes and good luck and that I have little time for me too much trouble here in Europe.
Braain said:
friend I'm not a star I tell you how things are 1) you can't go back with another Rom only china 2) anti-roll-back 3) MiCloud you have to disable it you can try MiflashV2 there is also to unlock the bootloader it does everything even the firmware remember if the firmware does not start. important not only china also not china for updates remember first you do the factory reset put google account do not update any app except google drive backup with drive if it has arrived update it is better by setting the time instead of downloading the package the problem is when the update occurs it fails to close all active apps and then there is MiCloud that blocks. Best wishes and good luck and that I have little time for me too much trouble here in Europe.
Click to expand...
Click to collapse
currently my phone is stuck at the logo and after seconds it loads Fastboot automatically i cant access the phone os to do anything i used the xiaomi bootloader unlocker app that works online but it didnt work . the local cell phone service shops told that they have to open the phones back case to fix it ... i dont want that i've just bought the phone didnt even use it for a whole month
they don't have to open it they use licensed or dongle software (USB type) currently I use unlocktoll.net but if the phone is under warranty and you haven't removed the bootloader before it is better for you. It is possible that others have the same problem as you. Good luck
-deleted-
Rule number 1 for Xiaomi never flash anything on Mediatek devices, it will fail. If messed up, no way back as Xiaomi locks the devices for autorized service providers or local Xiaomi branches only. If you want to play with Xiaomi custom roms/development/etc. related only buy Snapdragon based devices.
I i.e. learned it the hard way, when this all started with the Redmi Note 8 Pro, I bricked it by flashing twrp in Android 11 and Xiaomi didn't want to repair it, so I had to pay some russian guy to fix it via Teamviewer with a modified unlock tool which was able to answer the unlock requests by pasting the answer manually from a generator. It's not like I messed up at a point, it's just that Mediatek devices easily fall in a unrecoverable state. In my term it was the combination of Android version and twrp. You will note there is no Mediatek support on xda and even when your device is named like a Snapdragon version, your device is offtopic here, because trying anything on it beyond unlocking the bootloader is harakiri
how to unlock my bricked Redmi Note 11 Pro 5g (Chinaissarro) Bootloader
Congratulation. Brick without unlocked BL :/
my opinion: you are done....
Some Xiaomi devices have pins on motherboard to
switch EDL, but i dont know with this device.
Try complaint and say something like: "my phone was upgraded and then i see only logo"
Fedon said:
how to unlock my bricked Redmi Note 11 Pro 5g (Chinaissarro) Bootloader
Congratulation. Brick without unlocked BL :/
my opinion: you are done....
Some Xiaomi devices have pins on motherboard to
switch EDL, but i dont know with this device.
Try complaint and say something like: "my phone was upgraded and then i see only logo"
Click to expand...
Click to collapse
I did the same with my device. You can fix it using the MTK tools guide. Its lengthy but easy.
rakesh.aggarwal said:
I did the same with my device. You can fix it using the MTK tools guide. Its lengthy but easy.
Click to expand...
Click to collapse
rule #1 with Xiaomi - bootloader is unlocked