Hello guys, I'd like to ask if Poco X3 Pro will ever get a Patched (No Auth) Firehose file?
I'm not new to modding however it has been a couple of years since I last installed custom roms on my phone (Way back Android 6.0 days) and based on experience, unbricking has always been easy and accessible.
But with my new Poco X3 Pro, I read that Xiaomi requires Authorized Account when flashing with EDL. I've seen in some forums that some managed to patch the Firehose (Loader) file of other Xiaomi devices. Hence, I'm asking if there would ever be a possibility that someone could patch a Firehose file to bypass Auth.
I also looking for the patched
prog_ufs_firehose_sm7150_ddr.elf
the original (non patched) file is attached
prog_ufs_firehose_sm7150_ddr
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
lyqas said:
I also looking for the patched
prog_ufs_firehose_sm7150_ddr.elf
the original (non patched) file is attached
prog_ufs_firehose_sm7150_ddr
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
Click to expand...
Click to collapse
This kinda confused me a bit after downloading the official firmware. As far as I know (correct me if I'm wrong) our device should be SM8150 (not sure if it is SM8150AC) but I'm confused as to why it ks SM7150 in the firmware of our device.
But regardless, it would be nice if someone is able to modify the firehose file to no longer require authorization when it comes to flashing through edl.
It would be nice to save a lot of bricked Poco X3 Pros in the community without having people be at risk of getting scammed by "people with auth accounts."
Via hex-mode we can see in the elf file:
IMAGE_VARIANT_STRING=SDM855LA
OEM_IMAGE_VERSION_STRING=c5-xm-ota-bd031.bj
QC_IMAGE_VERSION_STRING=BOOT.XF.3.0-00571-SM8150LZB-4
just found our files here
GitHub - Chernobylll/FireHouse_UFS
Contribute to Chernobylll/FireHouse_UFS development by creating an account on GitHub.
github.com
but no success with them yet
and all elfs there are identical
lyqas said:
just found our files here
GitHub - Chernobylll/FireHouse_UFS
Contribute to Chernobylll/FireHouse_UFS development by creating an account on GitHub.
github.com
but no success with them yet
and all elfs there are identical
Click to expand...
Click to collapse
I've been really busy with school lately and can't really focus efforts on understanding the programmer file, let alone patching them. Wish someone would take a dip into patching it (which is difficult as the flash tool checks for the signatures of the programmer file).
jalter1213 said:
Hello guys, I'd like to ask if Poco X3 Pro will ever get a Patched (No Auth) Firehose file?
I'm not new to modding however it has been a couple of years since I last installed custom roms on my phone (Way back Android 6.0 days) and based on experience, unbricking has always been easy and accessible.
But with my new Poco X3 Pro, I read that Xiaomi requires Authorized Account when flashing with EDL. I've seen in some forums that some managed to patch the Firehose (Loader) file of other Xiaomi devices. Hence, I'm asking if there would ever be a possibility that someone could patch a Firehose file to bypass Auth.
Click to expand...
Click to collapse
Hi
You Can Request Bootloader Unlock and after 7 days unlock your phone you can flash everything in fastboot mode.
as alternative i can suggest you Xiaomi Pro tool it cost 5 credits and flash what you want to your phone
I have Unbricked My poco X3 pro From EDL with this tool 3 Days Ago
jalter1213 said:
I've been really busy with school lately and can't really focus efforts on understanding the programmer file, let alone patching them. Wish someone would take a dip into patching it (which is difficult as the flash tool checks for the signatures of the programmer file).
Click to expand...
Click to collapse
This is 64-bit arm ELF static stripped executable with vxworks RTOS signature, maybe it executed in that OS. It will be rather hard to understand how it works. I think firstly you need to get symbols names from vxworks symbol table, which is included in firehose, according to binwalk output
But still there can be firehose verification on the phone side(likely there is, because I cant load edited firehose with one edited byte in one of strings)
dashti.95 said:
Hi
You Can Request Bootloader Unlock and after 7 days unlock your phone you can flash everything in fastboot mode.
as alternative i can suggest you Xiaomi Pro tool it cost 5 credits and flash what you want to your phone
I have Unbricked My poco X3 pro From EDL with this tool 3 Days Ago
Click to expand...
Click to collapse
Where buy credit with PayPal for this tool?
ajanco said:
Where buy credit with PayPal for this tool?
Click to expand...
Click to collapse
Google this *Xiaomi Pro tool credit*
dashti.95 said:
Hi
You Can Request Bootloader Unlock and after 7 days unlock your phone you can flash everything in fastboot mode.
as alternative i can suggest you Xiaomi Pro tool it cost 5 credits and flash what you want to your phone
I have Unbricked My poco X3 pro From EDL with this tool 3 Days Ago
Click to expand...
Click to collapse
it depends on the exact case. For ex. if integrity of low-level systems such as chain loaders is broken, you MUST flash all this things in edl mode and then you will be able to boot to fastboot and flash other components
.
I need patched firehose (without auth account) for x3 nfc.
dashti.95 said:
Hi
You Can Request Bootloader Unlock and after 7 days unlock your phone you can flash everything in fastboot mode.
as alternative i can suggest you Xiaomi Pro tool it cost 5 credits and flash what you want to your phone
I have Unbricked My poco X3 pro From EDL with this tool 3 Days Ago
Click to expand...
Click to collapse
I'm not able to register to xiaomi pro tool
Can I borrow your pro tool.I'll refill the credits please.
I need to unbricked my poco x3 pro.
I also have a bricked poco x3 pro. are you able to find a patched firehose?
Related
Hello All,
I've found a solution for unbrick Redmi Note 5 Pro caused by AntiRoll Back..
Things You Needed !!
1. Open browser and login to the MIUI Forum. Post MI ID there cuz Authorized Mi ID Needed for Flashing. (Use Google Transtlate)
http://en.miui.com/a-234.html
3.Qualcomm HS-USB QDLoader 9008 ( If Already Installed Don't Mind) ...> https://goo.gl/9E3bKq
4. Use This MiFlash Tool ...> http://https://c.mi.com/forum.php?mod=attachment&aid=MjY3MDA2N3xiNDQzMzE2YXwxNTMxNTM2NjQ1fDB8MTIyMDk4OQ%3D%3D
5.Mind..:laugh:
Step 1 :-
Download latest MIUI 10 Fastboot ROM And Extract It. tgz to zip.
Step 2 :-
Download and install Qualcomm Hs-USB QDLoader 9008 Drivers
Step 3 :-
Connect your device to your PC via TestPoint If You don't know
check this thread http://en.miui.com/thread-2171064-1-1.html:good:
Step 4:-
Download and extract MiFlash Tool v2018.5.28.0
Open MiFlash Tool
Browse ROM Folder - OK
Start Flash..:good:
Ster 5 :-
Login to Your Mi Account which is binded with the device. Otherwise couldn't flash your device !
After Login Flash Without Any ERRORS !
--- HAPPY FLASHING --
Don't Say Thanks.. Hit THANKS Button for Supporting Me:laugh::laugh:
did you succeed?
ling mi flash eror
Dimas Aji Prasetyo said:
ling mi flash eror
Click to expand...
Click to collapse
_en.miui.com/forum.php?mod=viewthread&tid=3014918&highlight=MiFlash%2BTool%2Bv2018.5.28.0
Test Point method Voids Warranty AFAIK
So, try only if you don't have access to any Xiaomi Service Center
Official Service Centers unbrick your phones for free within warranty
Instead of this try n see if Deep Flash Cable method works
Redmi note 5 whyred rollback
unauthorized xiaomi acount, wwhy?
Dimas Aji Prasetyo said:
unauthorized xiaomi acount, wwhy?
Click to expand...
Click to collapse
You need to get authorization by applying in the MIUI forum. You can get the link in the other thread.
Bricked
This solution not work for me! My devices was bricked but PC still recognize EDL 9008 Com port. When press flash, Miflash said: "cannot receive hello packet"
Check this thread
http://en.miui.com/thread-2171064-1-1.html
it hasn't worked for anyone i know so far. waiting fro PM or notifictaion from russian forum. will try again. maybe then will send notification when they add th account
UID Authorization
Why do you have permissions to give authorization to the users ID? Youre going to give the instructions to each repply to your post or youre going to wait until July 16?
Thanks for your work, im very depressed because i bricked a brand new phone and i selled the old .
[QUOTE="palarcon, post: 77074185, member: 6643300"]Why do you have permissions to give authorization to the use
uid or mi id?
deleted
Maxxash said:
The instruction provided in the post is useless for the devices bricked with the latest ARB implementation by Xiaomi since these devices would not send a hello packet in EDL mode. The op just reposted the info from the old miui.com thread that has nothing to do with the current situation.
Click to expand...
Click to collapse
It works with the provited miui flash tool, start to flash bu ask for mi credentials and stop the download for "unauthorized user".
palarcon said:
It works with the provited miui flash tool, start to flash bu ask for mi credentials and stop the download for "unauthorized user".
Click to expand...
Click to collapse
Ok, sounds reasonable, at least we'll see. Sorry for the inconvenience to op and everyone. Looks like i better delete my probably misinforming post
i have the same probleme
posted on wrong thread
posted on wrong thread
How come service centre guys unbrick the device. Is there any possibility to modify the miflashtool to bypass edl authentication?
Rishab kaushik said:
How come service centre guys unbrick the device. Is there any possibility to modify the miflashtool to bypass edl authentication?
Click to expand...
Click to collapse
They replace the motherboard. All people that i know of who have visited service center got their motherboard replaced
Sent from my Redmi Note 5 Pro using Tapatalk
LOL, so stupid of Xiaomi to implement ARB protection this way (btw, NOT like google intended to use it...)... hope that they will have to pay for/replace thousands of motherboards so they will notice how badly they screwed up... it´s just ridiculous..
Hello everyone, currently after my bad decision to flash keymaster file form Note 7, my Note 7 Pro is dead and don't have heart beat.
After a while I see only EDL working via testpoint on back cover. Now am stuck between two option to pay 30$ for auth. account or find emmc file.
I know nothing is free but i will try to find emmc firehose mbn file. If anyone have idea where can find be kind to share with me. Thanks in advance!
I think the name of the file will be prog_emmc_firehose_Sdm675_ddr.mbn or prog_emmc_firehose_Sdm6150_ddr.mbn
b0nb0n3v said:
Hello everyone, currently after my bad desiciot to flash keymaster file form Note 7, my Note 7 Pro is dead and don't have heart beat.
After a while I see only EDL woriking via testping on backcover. Now am stuck between two option to pay 30$ for auth. account or find emmc file.
I know nothing is free but i will try to find emmc firehose mbn file. If anyone have idea where can find be kind to share with me. Thanks in advance!
I think the name of the file will be prog_emmc_firehose_Sdm675_ddr.mbn or prog_emmc_firehose_Sdm6150_ddr.mbn
Click to expand...
Click to collapse
It will available in fastboot rom right ? ?
urstrulynaveen said:
It will available in fastboot rom right ? ?
Click to expand...
Click to collapse
No, no light, no vibration - nothing. Only EDL via testpins work, but need auth. account for flash. I think have another way to revive. I will wait some guru to see this thread.
I don't know did available to switch from EDL to fastboot?
b0nb0n3v said:
No, no light, no vibration - nothing. Only EDL via testpins work, but need auth. account for flash. I think have another way to revive. I will wait some guru to see this thread.
I don't know did available to switch from EDL to fastboot?
Click to expand...
Click to collapse
This happend to me also i searched whole internet but sadly their is no firehose file for our violet available to bypass edl auth. I suggest the best way to reach nearest service center they flash it with mi flash via testpoints and its cheap not so coastly. Dont try to flash by your side alone u may trash ur partition tables situations may get worse.
Same here I don’t have any hope for this trash. Never gonna by a Xiaomi again. I remember in old redmi phones you didn’t need auth to flash edl
---------- Post added at 09:20 AM ---------- Previous post was at 09:19 AM ----------
There was a Russian selling me auth account for 10$ but I bet he’s gonna scam so I didn’t try.
Anyway. Let me know if you find the firehose file or anything.
DeveloperOne said:
Same here I don’t have any hope for this trash. Never gonna by a Xiaomi again. I remember in old redmi phones you didn’t need auth to flash edl
---------- Post added at 09:20 AM ---------- Previous post was at 09:19 AM ----------
There was a Russian selling me auth account for 10$ but I bet he’s gonna scam so I didn’t try.
Anyway. Let me know if you find the firehose file or anything.
Click to expand...
Click to collapse
Yes they are scamers and they use TeamViewer which may lead to hack your computer. So better is to rush on service center. Those good old days of redmi phones will never come back they are imposing more and more restrictions to devices.
my violet is dead !
my phones is also dead ....was trying to get back to miui 11 (android 9)from covrvus 6.5(android 10) because no sensors were working in corvus !
i got miui 11 but wifi was not working and sensors too ! tried flaashing many fastboot roms from offical miui sites but non of them fixed senors and wifi ! ...then tried flashing with old miflashtool probably 2014 version ... then flash system error came while flashing fastboot rom violet ....
then phone got switched off automaticaly ! and never started since then !
i looked up everything flashing with edl mode !
in miflashtool
earlier when bootloader it was showing "ceeee0ccc0" device name
now in miflashtool it is showing "COM20" or"COM10"
when i am flashing fastboot rom latest one with latest flashtool
it is showing "packet receive something something..." call paket ...etc
some time it shows "edl auth " then it ask to sign in my account after login ..
"Your Acount is bined to this system " but later ""Your account is not authorised for this operation !"
and hence the flashing stops with error !
if someone is seriously readying this you can reply and ask for screenshots
please ! i have lost all hopes ! i need some guidence and lil help !
I looked a way to bypass edl auth ...
but the video was of Redmi note 7 ! not pro
in there he used
some file "prog_emmc_firehose_Sdm610_ddr.mbn" somehing like that ...
he placed this file in images folder !
it skipped the edl auth ...and flashing continued !
maybe if i can get file
prog_emmc_firehose_Sdm675_ddr.mbn something like that of my phone
violet version for my chipset
maybe i can skip too auth edl ....
dont know ! just help please !
kankurcool said:
my phones is also dead ....was trying to get back to miui 11 (android 9)from covrvus 6.5(android 10) because no sensors were working in corvus !
i got miui 11 but wifi was not working and sensors too ! tried flaashing many fastboot roms from offical miui sites but non of them fixed senors and wifi ! ...then tried flashing with old miflashtool probably 2014 version ... then flash system error came while flashing fastboot rom violet ....
then phone got switched off automaticaly ! and never started since then !
i looked up everything flashing with edl mode !
in miflashtool
earlier when bootloader it was showing "ceeee0ccc0" device name
now in miflashtool it is showing "COM20" or"COM10"
when i am flashing fastboot rom latest one with latest flashtool
it is showing "packet receive something something..." call paket ...etc
some time it shows "edl auth " then it ask to sign in my account after login ..
"Your Acount is bined to this system " but later ""Your account is not authorised for this operation !"
and hence the flashing stops with error !
if someone is seriously readying this you can reply and ask for screenshots
please ! i have lost all hopes ! i need some guidence and lil help !
I looked a way to bypass edl auth ...
but the video was of Redmi note 7 ! not pro
in there he used
some file "prog_emmc_firehose_Sdm610_ddr.mbn" somehing like that ...
he placed this file in images folder !
it skipped the edl auth ...and flashing continued !
maybe if i can get file
prog_emmc_firehose_Sdm675_ddr.mbn something like that of my phone
violet version for my chipset
maybe i can skip too auth edl ....
dont know ! just help please !
Click to expand...
Click to collapse
Bro sadly there is no firehose file for violet. I had same issue earlier only solution is to go service center. They flash in edl takes just 10 mins charge around 180 rupees. U may try flashing via umt dongle or miracle thunder but i never recommendes that.
My RN7pro got also dead, I had to pay 1200rs to revive this phone by local mobile repairer. They flash it with UFI box. I made mistake no to go authorised service center. That technician looted me.
b0nb0n3v said:
No, no light, no vibration - nothing. Only EDL via testpins work, but need auth. account for flash. I think have another way to revive. I will wait some guru to see this thread.
I don't know did available to switch from EDL to fastboot?
Click to expand...
Click to collapse
hey dude can u pls help me? im on the same boat which u were on. i dont find that patched up emmc file of note 7 pro. flashing with the stock rom showing error in quolcomn softwares as well in mi flasher tool. pls help what to do now
Hey Guys, This is Aryan (TechyMinati @An ASP) as We know, These days everyone is keen to install Custom ROMs & Recovery in their Devices, Sometimes the thing goes well and sometimes the devices HardBricks. Here we are basically talking about the Xiaomi Mediatek Devices & Their Fate.
Mediatek Devices have Download Mode or DA Mode, Which allows you to revive your devices even if it is hardbricked, So whats the error now ?
The case with Xiaomi Mediatek devices is entirely different, you cant flash your device without Mi Authorized Account or can be simply called Server Side SLA(Serial Link Authorization)
Lets Take a Deep Insight into working of this Mi Authorized Account
For those unaware, SP Flash Tools, short for SmartPhone Flash Tool is a tool that MediaTek distributes that allows flashing the OEM firmware back onto a MediaTek device, in case something goes wrong. Now, in this “hard-brick” condition, the device is able to enter the BROM “emergency-download” mode (EDL, for short). If you remember, BROM may implement security to prevent unauthorized modification to the device.
Most manufacturers implement very basic security; there are 2 main BROM security implementations:
SLA (Serial Link Authorization)
DAA (Download Agent Authorization)
A MediaTek device can have none, either or both. Usually a slightly modified version of the flash tool which contains a few secrets is enough to let anyone re-flash the device. Let’s quickly understand what these implementations are like and how they differ.
BROM exposes UART to communicate. In both cases, the device will generate a few random bytes which must be “decrypted” or simply processed to create a new string. If BROM validates the string, it’ll allow the host to issue many more instructions without errors, such as jumping to addresses or writing partitions. The difference between the two is, in SLA, BootROM performs the checks and in DAA, Download Agent (DA) performs the check. Download Agent is loaded by SP Flash Tool. On devices that implement SLA, you cannot load a DA file without completing the SLA challenge. On devices that implement DAA, the challenge is done by DA and a modified DA file is enough to bypass security (That is, assuming you manage to reverse things or have the BSP).
Whats Worse Now? Xiaomi Mediatek Devices Have SLA !
Xiaomi has special accounts (called Mi Authorized Accounts) that are given to service centers for repairing devices. These accounts are capable of requesting Authorization tokens to unlock BROM download on MediaTek devices (and other EDL equivalents for Qualcomm devices). Something that can be very easily fixed by a consumer and/or developer, is locked to service centers.
So How This Mi Authorized Account Work? How data exchange takes place to allow BROM to Proceed ?
Well with Mi Auth, The device generates 16 bytes of data and sends it to the server. The server checks if your account has authorization and returns 256 bytes of data. If the data is correct, BROM continues. Else it traps itself in an infinite loop, until it times-out due to no-command and reboots.
Our Beloved Friend @Agent_fabulous created a python script that imitates the same way the Mi Auth Works, But Sadly it doesnt work as of now. Your Can find the script here
A Ray Of Hope : Modified Preloader
Back in March 2020, When I got my Redmi 6A Bricked , I tried alot of ways to revive it , I ended up paying some bucks to shady guys on internet who revived my device via Mi Auth Over Remote Session Using TeamViewer. And More Sad part is most Xiaomi Service Centers don't know a single thing about Mi Auth, All they know is to replace motherboard LOL. Ah Noobs Everywhere.
After I revived my device , I began to think of making Antibrick that begonia already have ( Ah again thanks to @Agent_fabulous for his works) , Meanwhile, I found out the factory firmware for Redmi 6 & 6A., You see, every OEM receives a BSP for their platform of choice from the SoC manufacturer. Usually, the OEM will boot a clean version of this BSP on their hardware to get everything working, before the product team can start porting out the “skin” of Android that they advertise and ship their products with. This clean-version of the BSP build is often referred to as the “final factory firmware”.
We have factory firmware now ! Whats Next ?
After getting the factory rom, The thing you need to do first is boot that ROM safely in your devices (Note : If your phone is already hardbricked than this factory fw doesnt help, its for creating antibricks and other stuffs. ).
-You can boot your device to fastboot and fastboot flash all partitions from factory ROM
-after that turn off the device, attach it to your PC or Linux Machine)
-And Run dmesg on your device
-And Let device automatically power On.
Now if you see it register a cdc_acm device with description as MT65XX Preloader, Man You have Succeeded & Can flash without Mi Auth on that preloader.
After that try installing Any Other ROM, Say MemeUi 11, (Remember Dont Flash MIUI Preloader), Now extract Preloader & You Can Make a Flashable Zip xD. As Long as You are on that preloader, You have no worries , You can flash any ROM via SP Flash tool without any fancy auth.
Hope You Understood that What is Mi Auth & How it works on Mediatek Devices & How you can prepare a AntiBrick.
Press Thanks On this Thread xD
Credits:-
@Agent_fabulous (Mr. Kshitij ) for making me aware about Antibrick and How to prepare it. [He is developer from begonia Who Implemented VoLTE on Mediatek Chipset Based Device Redmi Note 8Pro ; He made antibrick too ; His Article Here (from which I've learned alot about Mi Auth)]
@An ASP (Aryan Sinha ; also known as TechyMinati) Making this article & Gathering info about Mi Auth .
I recommend you to give this XDA article a read, too!
We have factory firmware now ! Whats Next ?
After getting the factory rom, The thing you need to do first is boot that ROM safely in your devices (Note : If your phone is already hardbricked than this factory fw doesnt help, its for creating antibricks and other stuffs. ).
-You can boot your device to fastboot and fastboot flash all partitions from factory ROM
-after that turn off the device, attach it to your PC or Linux Machine)
-And Run dmesg on your device
-And Let device automatically power On.
Now if you see it register a cdc_acm device with description as MT65XX Preloader, Man You have Succeeded & Can flash without Mi Auth on that preloader.
After that try installing Any Other ROM, Say MemeUi 11, (Remember Dont Flash MIUI Preloader), Now extract Preloader & You Can Make a Flashable Zip xD. As Long as You are on that preloader, You have no worries , You can flash any ROM via SP Flash tool without any fancy auth
Click to expand...
Click to collapse
Can you please make an "easy-to-understand" step-by-step guide for noob like me? With download link of course xD, like this one https://forum.xda-developers.com/redmi-note-8-pro/development/rom-crdroid-6-x-t4124805/amp/
Thanks
adi4ntn said:
Can you please make an "easy-to-understand" step-by-step guide for noob like me? With download link of course xD, like this one https://forum.xda-developers.com/redmi-note-8-pro/development/rom-crdroid-6-x-t4124805/amp/
Thanks
Click to expand...
Click to collapse
Hey There, Here I'm talking about all Mediatek Devices, Creating Antibrick for all devices is a tough task. And I cannot do it alone. Show this guide to your respective device related developer. He will understand it for sure. Thanks
TechyMinati said:
Hey Guys, This is Aryan (TechyMinati @An ASP) as We know, These days everyone is keen to install Custom ROMs & Recovery in their Devices, Sometimes the thing goes well and sometimes the devices HardBricks. Here we are basically talking about the Xiaomi Mediatek Devices & Their Fate.
Mediatek Devices have Download Mode or DA Mode, Which allows you to revive your devices even if it is hardbricked, So whats the error now ?
The case with Xiaomi Mediatek devices is entirely different, you cant flash your device without Mi Authorized Account or can be simply called Server Side SLA(Serial Link Authorization)
Lets Take a Deep Insight into working of this Mi Authorized Account
For those unaware, SP Flash Tools, short for SmartPhone Flash Tool is a tool that MediaTek distributes that allows flashing the OEM firmware back onto a MediaTek device, in case something goes wrong. Now, in this “hard-brick” condition, the device is able to enter the BROM “emergency-download” mode (EDL, for short). If you remember, BROM may implement security to prevent unauthorized modification to the device.
Most manufacturers implement very basic security; there are 2 main BROM security implementations:
SLA (Serial Link Authorization)
DAA (Download Agent Authorization)
A MediaTek device can have none, either or both. Usually a slightly modified version of the flash tool which contains a few secrets is enough to let anyone re-flash the device. Let’s quickly understand what these implementations are like and how they differ.
BROM exposes UART to communicate. In both cases, the device will generate a few random bytes which must be “decrypted” or simply processed to create a new string. If BROM validates the string, it’ll allow the host to issue many more instructions without errors, such as jumping to addresses or writing partitions. The difference between the two is, in SLA, BootROM performs the checks and in DAA, Download Agent (DA) performs the check. Download Agent is loaded by SP Flash Tool. On devices that implement SLA, you cannot load a DA file without completing the SLA challenge. On devices that implement DAA, the challenge is done by DA and a modified DA file is enough to bypass security (That is, assuming you manage to reverse things or have the BSP).
Whats Worse Now? Xiaomi Mediatek Devices Have SLA !
Xiaomi has special accounts (called Mi Authorized Accounts) that are given to service centers for repairing devices. These accounts are capable of requesting Authorization tokens to unlock BROM download on MediaTek devices (and other EDL equivalents for Qualcomm devices). Something that can be very easily fixed by a consumer and/or developer, is locked to service centers.
So How This Mi Authorized Account Work? How data exchange takes place to allow BROM to Proceed ?
Well with Mi Auth, The device generates 16 bytes of data and sends it to the server. The server checks if your account has authorization and returns 256 bytes of data. If the data is correct, BROM continues. Else it traps itself in an infinite loop, until it times-out due to no-command and reboots.
Our Beloved Friend @Agent_fabulous created a python script that imitates the same way the Mi Auth Works, But Sadly it doesnt work as of now. Your Can find the script here
A Ray Of Hope : Modified Preloader
Back in March 2020, When I got my Redmi 6A Bricked , I tried alot of ways to revive it , I ended up paying some bucks to shady guys on internet who revived my device via Mi Auth Over Remote Session Using TeamViewer. And More Sad part is most Xiaomi Service Centers don't know a single thing about Mi Auth, All they know is to replace motherboard LOL. Ah Noobs Everywhere.
After I revived my device , I began to think of making Antibrick that begonia already have ( Ah again thanks to @Agent_fabulous for his works) , Meanwhile, I found out the factory firmware for Redmi 6 & 6A., You see, every OEM receives a BSP for their platform of choice from the SoC manufacturer. Usually, the OEM will boot a clean version of this BSP on their hardware to get everything working, before the product team can start porting out the “skin” of Android that they advertise and ship their products with. This clean-version of the BSP build is often referred to as the “final factory firmware”.
We have factory firmware now ! Whats Next ?
After getting the factory rom, The thing you need to do first is boot that ROM safely in your devices (Note : If your phone is already hardbricked than this factory fw doesnt help, its for creating antibricks and other stuffs. ).
-You can boot your device to fastboot and fastboot flash all partitions from factory ROM
-after that turn off the device, attach it to your PC or Linux Machine)
-And Run dmesg on your device
-And Let device automatically power On.
Now if you see it register a cdc_acm device with description as MT65XX Preloader, Man You have Succeeded & Can flash without Mi Auth on that preloader.
After that try installing Any Other ROM, Say MemeUi 11, (Remember Dont Flash MIUI Preloader), Now extract Preloader & You Can Make a Flashable Zip xD. As Long as You are on that preloader, You have no worries , You can flash any ROM via SP Flash tool without any fancy auth.
Hope You Understood that What is Mi Auth & How it works on Mediatek Devices & How you can prepare a AntiBrick.
Press Thanks On this Thread xD
Credits:-
@Agent_fabulous (Mr. Kshitij ) for making me aware about Antibrick and How to prepare it. [He is developer from begonia Who Implemented VoLTE on Mediatek Chipset Based Device Redmi Note 8Pro ; He made antibrick too ; His Article Here (from which I've learned alot about Mi Auth)]
@An ASP (Aryan Sinha ; also known as TechyMinati) Making this article & Gathering info about Mi Auth .
I recommend you to give this XDA article a read, too!
Click to expand...
Click to collapse
Thank you for this information. I have hard bricked my Redmi 6. It requires 'Authorized Mi Account' while flashing. Can you please help me out by providing a solution with steps and links?
sarthak_iitd23 said:
Thank you for this information. I have hard bricked my Redmi 6. It requires 'Authorized Mi Account' while flashing. Can you please help me out by providing a solution with steps and links?
Click to expand...
Click to collapse
Hey since You were on MIUI Preloader , You'll need Mi Authorised Account to flash it , Or Visit Service Center ! Thanks
TechyMinati said:
Hey since You were on MIUI Preloader , You'll need Mi Authorised Account to flash it , Or Visit Service Center ! Thanks
Click to expand...
Click to collapse
where can i find a trusted user?
Thx
UPDATE!
We can disable SLA and DAA with https://github.com/MTK-bypass/bypass_utility
See It’s now easy to bypass MediaTek’s SP Flash Tool authentication
Dev thread is at MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility
https://megafon929.github.io/mtk
A tutorial can be found at [Tutorial] How to flash an MTK secure boot device without a custom DA
and tutorial for Xiaomi Redmi Note 9(merlin) can be found at https://forum.xda-developers.com/t/...d-flash-in-edl-with-no-auth-for-free.4229683/
Thanks
"Quick Filters" let you see all posts of a certain type. This can make finding posts easier, but what if a guide began as a "Question"? This thread aims to bridge that gap. You will find nearly all of the common things new owners are trying to find, collected into a single post.
ALWAYS USE THE SIDE USB PORT WHEN CONNECTING TO COMPUTER
Posts are divided into sections. Click a spoiler to reveal all threads in that category.
BEFORE converting your device, RECORD YOUR IMEI!
There have been a lot of reports by those attempting to convert from CN to WW that they missed a step and wiped their IMEI. Somehow, the same users have no box or stickers that tell them their old IMEI. Write down your IMEI before you flash...
forum.xda-developers.com
WARNING: Read BEFORE Locking Bootloader
DO NOT LOCK THE BOOTLOADER WHILE ROOTED! When locking the bootloader while rooted, the boot image will fail verification and the system will fail to boot. You cannot flash a stock boot image with a locked bootloader. Locking the bootloader will...
forum.xda-developers.com
(Un)lock Bootloader / Root
100% successfully unlock the Bootloader of your ROG Phone5/5s
Success is disgusted by some people, and will not share any files for free in the future.
forum.xda-developers.com
Asus ROG phone 5: unlock bootloader and root guide
Asus rog phone 5 guide note: you follow this guide on your own responsibility. also You should note that unlocking via the official Asus app will void warranty and blacklist the device for future otas. bootloader unlock: ! note that unlocking...
forum.xda-developers.com
Rooting the ROG Phone 5 - my notes
I just received my ROG Phone 5 today and rooted it using Magisk. These are my notes. (I like to keep rooting notes for each device in case I ever need to check how I did it or repeat the process.) If you are already familiar with rooting a device...
forum.xda-developers.com
Boot / DTBO Images [Root / Stock] - 5 / Pro / Ultimate (NOT S)
These images are NOT built from source. These are the stock images from the firmware provided by Asus that are extracted with payload dumper and uploaded without modification. 18.0840.2202.231 18.0840.2201.226 18.0840.2112.211...
forum.xda-developers.com
ROG Phone 5 Ultimate | New Firmware WW-18.0840.2109.188 | WW RAW & ROOT Images
Model - ROG Phone 5 Ultimate (Possibly ROG Phone 5 as well see here ) 2021/11/05 Version Name - WW-18.0840.2109.188 Release Date - 2021/11/05 OTA Download Link - Download RAW Download Link - PENDING Stock Boot Image - Download Magisk Patched...
forum.xda-developers.com
[CN/WW] Magisk Patched Boot images for ROG 5S / pro
I extracted the firmware for 5S / pro, and patched them myself with two different versions of magisk, I'll keep them updated as frequent as I can. Stock images also provided in case someone sh*t themselves. Note: As of Dec 2 2021,_Stable release...
forum.xda-developers.com
Update / Restore
New firmware "keep root" WW-18.0840.2103.26
Okay so I went to the Asus website https://www.asus.com/supportonly/ROG%20Phone%205%20(ZS673KS)/HelpDesk_Download/ Got the latest firmware which is the most recent one for this month with the latest security patch. I remember doing this method...
forum.xda-developers.com
Bypass "System update failed" - Update w/ Fastboot
Update notifications appeared, the update was recognized, but it failed instantly. I have since resolved the error by flashing a raw firmware without a wipe. This post is for archival purposes or simply an alternative installation method...
forum.xda-developers.com
RAW Firmware Collection and Guide
All fastboot / adb commands require using the side USB-C port https://developer.android.com/studio/releases/platform-tools.html#download Make sure you have fastboot installed Add platform tools to PATH (post 2) Make a backup of anything...
forum.xda-developers.com
Convert / Repair
Repair ROG Phone 5 ZS673KS through edl firmware, no need to unlock Bootloader to modify COUNTRY CN to WW
These materials can only be used for ROG Phone 5_ZS673KS, and ROG Phone 5S_ZS676KS cannot be used. ROG Phone 5S ZS676KS Please see...
forum.xda-developers.com
Repair ROG Phone 5S through edl firmware, no need to unlock Bootloader to modify COUNTRY CN to WW
Success is disgusted by some people, and will not share any files for free in the future.
forum.xda-developers.com
100% successfully unlock the Bootloader of your ROG Phone5/5s
Success is disgusted by some people, and will not share any files for free in the future.
forum.xda-developers.com
Repair your ASUS ROG Phone 5 with EDL mode
If your phone can only enter EDL mode (9008 mode) this firmware is glad to help you. It can be flashed in through the miflash tool. The firmware is made through the official package...
forum.xda-developers.com
Asus Resources
ROG Phone 5 | ROG Phone 5 | Gaming Phones|ROG - Republic of Gamers|ROG Global
Play to the max with ROG Phone 5 Ultimate, the gaming smartphone that takes no prisoners!
rog.asus.com
Service Guide and Maintenance
For those without a PDF reader or anyone who doesn't want to go download and extract the file, here is the newly added service guide. The original file can be found at https://rog.asus.com/phones/rog-phone-5-model/helpdesk_download by...
forum.xda-developers.com
Commands / Mods / Apps
Spoiler: Commands / Mods / Apps
ROG5 Fastboot commands
fastboot flashing get_unlock_ability fastbootflashing unlock fastboot flashing lock fastboot flashing unlock_critical fastboot flashing lock_critical fastboot oem enable-charger-screen fastboot oem disable-charger-screen fastboot...
forum.xda-developers.com
ASUS ROG Phone 5 working on Verizon (US)
tl;dr - I was able to get my ROG phone 5 working on Verizon in the US. I thought I'd let people know of my success and give a rough guide, but won't be able to support a lot of follow-up questions. Also, if this doesn't work for you, sorry -...
forum.xda-developers.com
Known working / not working magisk mods
Just wanted to share with y'all my experience I currently have my ROG Phone 5 WW ver setup with Magisk 23000 and BL unlocked, since there's no TWRP & Decryption & Kernel available yet, the amount of mods I can get working is pretty limited Here's...
forum.xda-developers.com
Magisk module YouTube vanced dark.
As you might already know this is no longer available in the magisk app module list. I have been using this for a very long time first thing I flash once I root my devices enjoy. As usual just download the zip file and flash in magisk. Link...
forum.xda-developers.com
Download Google Camera/G-cam for Asus ROG Phone 5
Google Camera 7.4.104 for the Asus ROG Phone 5 is a Modded stock camera application from Pixel Smartphone which has some advance features that are Missing in the stock Asus ROG Phone 5 camera application Like HDR Plus & Night Sight/ Astrography...
forum.xda-developers.com
VOLTE / VOWiFi
Spoiler: VOLTE / VOWiFi
ROG Phone 5 VOLTE AT&T Testing
Just figured in case anyone is curious regarding VOLTE on AT&T in the US. To be clear, I have a "Global" variant of this phone. I believe its still technically a Japanese version? But it is an ROG variant and not a Tencent variant. I am some...
forum.xda-developers.com
Anyone having issues with VoWiFi NA version?
I just got the NA version of the ROG Phone 5 and sadly I cannot get VoWiFi working on TMobile. Sadly I'm in an area where I don't get the best signal and it's extremely important for this feature to work. Especially considering I spent 1k+ for...
forum.xda-developers.com
Problem with Asus volte App
I've been trying to enable VoWifi by default but for whatever reason I cannot permanently enable it. I even unlocked bootloader and installed root but still no luck. I have been trying to enable VoWifi using the AsusVolte app but the app doesn't...
forum.xda-developers.com
Rog Phone 5 EU version voLTE WiFi Calling
Asus EU as of last week have started to sell the EU version of this phone directly on their website (ZS673KS-1A016EU). I know with the non EU versions, WiFi calling and voLTE won't work here with UK networks. Would the EU version have these...
forum.xda-developers.com
Rog Phone 5 VOLTE
Hi I'm trying to use volte on Rog 5 but having no luck. I'm based in the UK on the EE Network. I've activated advanced LTE calling in settings, which is VOLTE, I've restarted the device, taken the SIM out and put back in, but volte still isn't...
forum.xda-developers.com
ROG PHONE 5 VOLTE...Need Help!!!
There is no option to activate VOLTE in my phone.So i asked the Asus about this matter and they said VOLTE does not support to my country. But VOLTE perfectly works on my xiaomi and samsung devices..Any method to activate VOLTE on ROG 5????
forum.xda-developers.com
Request for help to successfully activate VoLTE/VoWiFi in Australia
I've a VoLTE/VoWiFi activated Telstra/Boost SIM that's confirmed to work fine with both stock-standard Moto G 5G Plus & iPhone 11 Pro Max, delivering those features in Australia. Rog Phones in general & Rog phone 5 in particular are known to...
forum.xda-developers.com
[MOD-ish] AsusVoLTE w/ Root Fix
This is a temporary solution to a pending pull request. This thread will be deprecated if or when the official release is updated. I don't have the original signing key, but there is really no reason to attempt reverse engineering an app that's...
forum.xda-developers.com
Questions & Answers
Does ROG Phone 5 came with pre-installed screen protector?
Does ROG Phone 5 came with pre-installed screen protector? Thanks in advance.
forum.xda-developers.com
Sim recognition issue
Owned the phone for about a month now. Phone was working perfectly fine for the majority of this time. I use 2 different sims and they were both working smoothly until recently. A few days ago, I woke up and the phone wouldn't recognize the Sim...
forum.xda-developers.com
Gboard & some apps always revert to default settings
Is anyone know why gboard and a couple of my apps revert back to their settings to default? My ROG Phone 5 is no root, bootloader locked, and every permission on the apps setting is allowed I even uninstall gboard via adb and re-download via...
forum.xda-developers.com
Help - Game Genie interfering with other floating app
Hi, I am new the ROG phones and to game genie. I do like a lot of the features that game genie offers. I noticed that when I turn game genie on, for my particular game, then my floating icon for another app that I use (an autotapping app)...
forum.xda-developers.com
Notification issues with watch gt2
Hello, has anyone had problems with the watch notifications? The problem I have is that the notifications do not appear on the clock screen, nor do they vibrate, nor do they sound; only until I swipe from bottom to top I see that there are...
forum.xda-developers.com
Keep Rog Vision on always even when screen off?
Hi i just got my Rog Ultimate and its a fab phone. The Rog vision display is a great party trick but i dont see an option to keep it always on. It goes off once the screen gos off :( Is there anyway i can keep it always on?
forum.xda-developers.com
twistedumbrella I just want to let you know I appreciate all the work you do in this forum. This post will safe many people quite a bit a time. Now you just need to become a mod so you can sticky.
Thank you!
BILLYB187 said:
twistedumbrella I just want to let you know I appreciate all the work you do in this forum. This post will safe many people quite a bit a time. Now you just need to become a mod so you can sticky.
Thank you!
Click to expand...
Click to collapse
Thanks. I'm sure things will get more organized as the section grows, but the mods have it under control. They're a good group.
May I ask, this phone can unlock bootloader for only one time?
In my country several importers sell Tencent ww flashed.
I think they relocked bootloader after ww flashed, so those phones are unable to unlock bootloader again?
(I read here no free/public edl unbrick available yet.)
ps000000 said:
May I ask, this phone can unlock bootloader for only one time?
In my country several importers sell Tencent ww flashed.
I think they relocked bootloader after ww flashed, so those phones are unable to unlock bootloader again?
(I read here no free/public edl unbrick available yet.)
Click to expand...
Click to collapse
One of the major risks of buying a converted model is the risk that the bootloader cannot be unlocked. Currently, there is no workaround for it.
Added the VO(Data) threads to the QA post, even though results vary. These threads have some of the most traffic for the device.
It will be interesting to see how much actually changes in the 5s.
Until the information is proven to be different, no separate sections will be added. Please remember to double check things are compatible before flashing anything meant for a different generation.
Thank you, Just stumbled upon this amazing thread!
Cheers and Thank you for the hardwork!
This thread should be made sticky @Oswald Boelcke
JazonX said:
This thread should be made sticky @Oswald Boelcke
Click to expand...
Click to collapse
^^This has been accomplished by @jerryhou85
Hi I'm about to purchase a rog 5s tencent model I have a few questions ,
1.how do I convert it into ww ? Does it require unlocking the boot loader ?
2. I would like to convert it to ww version , will I face any issue of fingerprint or any other issue?
3.if I decide not to convert how to remove all the bloatware (Chinese apps/ads and popup)
Thanks in advance cheers
Arevis said:
Hi I'm about to purchase a rog 5s tencent model I have a few questions ,
1.how do I convert it into ww ? Does it require unlocking the boot loader ?
2. I would like to convert it to ww version , will I face any issue of fingerprint or any other issue?
3.if I decide not to convert how to remove all the bloatware (Chinese apps/ads and popup)
Thanks in advance cheers
Click to expand...
Click to collapse
Usually, this is where I would link to this thread. Since you're already here, though, why not take a minute and read through it.
No more booting possible, only the android logo flashes briefly, also no restart bootloader or recovery mode possible! what can I do?? thanks
MG4711 said:
No more booting possible, only the android logo flashes briefly, also no restart bootloader or recovery mode possible! what can I do?? thanks
Click to expand...
Click to collapse
This isn't the place to ask. Try one of the threads in the first / second post.
twistedumbrella said:
This isn't the place to ask. Try one of the threads in the first / second post.
Click to expand...
Click to collapse
SORRY
Im so sorry, but im getting a ROG 5s Tencent edition and i want to install global rom, but i literally have no idea where to start. Is it possible if not too much trouble, if someone could give me a step by step. I know im asking a bit but i would appreciate any help
Look in the first post.
twistedumbrella said:
Look in the first post.
Click to expand...
Click to collapse
I can see all the forums for different things but i dont know where to start. Like if there was something that was like "Step 1 download this file, step 2 run this program" im just new to converting phones, ive hacked switch's and such but i had a guide to help me lol
SirFreshSpawn said:
I can see all the forums for different things but i dont know where to start. Like if there was something that was like "Step 1 download this file, step 2 run this program" im just new to converting phones, ive hacked switch's and such but i had a guide to help me lol
Click to expand...
Click to collapse
Did you join a forum, go to the first pinned thread, and say "post me a guide right here" or did you have to find the guide? This thread is a collection of guides.
twistedumbrella said:
Did you join a forum, go to the first pinned thread, and say "post me a guide right here" or did you have to find the guide? This thread is a collection of guides.
Click to expand...
Click to collapse
I just found this and im kind of confused where to look, im really sorry for the annoyance im just so lost :/
hi, i updated my phone to MIUI 13.0.3 android 12 and i've noticed a bug that made all the apps that are using the camera like instagram and snapchat take blurry pictures like an effect getting applied to the pictures taken by those apps (everything normal in my stock camera app) so i decided to use MiFlash tool to flash the previous android version on my phone but i bricked my phone instead i flashed a global rom while my phone is the chinese market version and accidently checked the ClearData+lock Device check box in MiFlash. the tool flashed the rom successfully but when the phone restarted it showed me a message saying that this rom cannot be installed on this device in recovery mode i couldn't do anything after cuz the bootloader got locked too T i tried everything to unlock it (mtk Client - bootloader unlocker+ adb fastboot + Xiaomi Unlock app ...). please help me is there any way i can fix my phone and what is the righ Rom to flash on my phone (Redmi Note 11 Pro 5G China (21091116C - Pissarro). thnx
friend I'm not a star I tell you how things are 1) you can't go back with another Rom only china 2) anti-roll-back 3) MiCloud you have to disable it you can try MiflashV2 there is also to unlock the bootloader it does everything even the firmware remember if the firmware does not start. important not only china also not china for updates remember first you do the factory reset put google account do not update any app except google drive backup with drive if it has arrived update it is better by setting the time instead of downloading the package the problem is when the update occurs it fails to close all active apps and then there is MiCloud that blocks. Best wishes and good luck and that I have little time for me too much trouble here in Europe.
Braain said:
friend I'm not a star I tell you how things are 1) you can't go back with another Rom only china 2) anti-roll-back 3) MiCloud you have to disable it you can try MiflashV2 there is also to unlock the bootloader it does everything even the firmware remember if the firmware does not start. important not only china also not china for updates remember first you do the factory reset put google account do not update any app except google drive backup with drive if it has arrived update it is better by setting the time instead of downloading the package the problem is when the update occurs it fails to close all active apps and then there is MiCloud that blocks. Best wishes and good luck and that I have little time for me too much trouble here in Europe.
Click to expand...
Click to collapse
currently my phone is stuck at the logo and after seconds it loads Fastboot automatically i cant access the phone os to do anything i used the xiaomi bootloader unlocker app that works online but it didnt work . the local cell phone service shops told that they have to open the phones back case to fix it ... i dont want that i've just bought the phone didnt even use it for a whole month
they don't have to open it they use licensed or dongle software (USB type) currently I use unlocktoll.net but if the phone is under warranty and you haven't removed the bootloader before it is better for you. It is possible that others have the same problem as you. Good luck
-deleted-
Rule number 1 for Xiaomi never flash anything on Mediatek devices, it will fail. If messed up, no way back as Xiaomi locks the devices for autorized service providers or local Xiaomi branches only. If you want to play with Xiaomi custom roms/development/etc. related only buy Snapdragon based devices.
I i.e. learned it the hard way, when this all started with the Redmi Note 8 Pro, I bricked it by flashing twrp in Android 11 and Xiaomi didn't want to repair it, so I had to pay some russian guy to fix it via Teamviewer with a modified unlock tool which was able to answer the unlock requests by pasting the answer manually from a generator. It's not like I messed up at a point, it's just that Mediatek devices easily fall in a unrecoverable state. In my term it was the combination of Android version and twrp. You will note there is no Mediatek support on xda and even when your device is named like a Snapdragon version, your device is offtopic here, because trying anything on it beyond unlocking the bootloader is harakiri
how to unlock my bricked Redmi Note 11 Pro 5g (Chinaissarro) Bootloader
Congratulation. Brick without unlocked BL :/
my opinion: you are done....
Some Xiaomi devices have pins on motherboard to
switch EDL, but i dont know with this device.
Try complaint and say something like: "my phone was upgraded and then i see only logo"
Fedon said:
how to unlock my bricked Redmi Note 11 Pro 5g (Chinaissarro) Bootloader
Congratulation. Brick without unlocked BL :/
my opinion: you are done....
Some Xiaomi devices have pins on motherboard to
switch EDL, but i dont know with this device.
Try complaint and say something like: "my phone was upgraded and then i see only logo"
Click to expand...
Click to collapse
I did the same with my device. You can fix it using the MTK tools guide. Its lengthy but easy.
rakesh.aggarwal said:
I did the same with my device. You can fix it using the MTK tools guide. Its lengthy but easy.
Click to expand...
Click to collapse
rule #1 with Xiaomi - bootloader is unlocked