Better Mobile App

Omnius error

When I try to flash using Omnisu i get the following error, could any one tell me the cause?
Code:
Action journal
02:58:45 Flash
02:58:45 Allows to change languages supported by the phone and upgrade its firmware.
02:58:45 Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
02:58:45 Application version: 0.07.2279 (beta)
02:58:45 . The action name is 'Flash'
02:58:45 Selected phone type: Xperia™ X10
02:58:45 i Instructions
02:58:45 i 1. Make sure the phone battery is charged to at least 50%.
02:58:45 i 2. Switch off the phone!
02:58:45 i 3. Remove the phone battery and wait at least 5 seconds before reinserting it!
02:58:45 i 4. Press and hold the return back button, then connect the cable to the phone!
02:58:45 . The action started waiting for the user
02:58:51 . The action finished waiting for the user
02:58:51 Connecting via SEMC USB Flash Device (USB2)...
02:58:51 Device driver version: 2.2.0.5
02:58:51 Detected chipset: QSD8250
02:58:51 Boot mode: EROM
02:58:51 Sending loader...
02:58:53 Establishing connection to the server...
02:59:00 Receiving news...
02:59:03 i No news
02:59:04 Actual credit: 0.00
02:59:12 Writing file R11A_R1FB001_FSP_X10a_CLARO_BR_NAM1_1233_6927_S1_SW_LIVE_AC12_0001_S1_PARTITION_WITH_SPARE.zip...
03:01:39 e Failed!
03:01:39 . The action entered shutdown phase
03:01:39 . The action reported failure
Error code
# E39CDD9F86C3082E
Error details
---
5B 6C 15 92 8B 89 69 F2 B9 6A 0B C9 F3 41 3F 1C
94 D4 9D 1F F5 38 19 88 BE 63 0E C8 8D BD 71 CA
F1 34 B4 45 90 DA C9 12 59 2E EE F8 FF 3F 8C 1F
97 81 7F AB C1 B1 44 7C 64 75 B1 A9 2F 52 EA 53
C3 86 82 ED D7 B9 7A 9D C4 06 F8 CF FE CF 2D 23
3E 5F C1 83 98 5B FB 05 72 46 C9 59 B0 24 70 A2
78 4F FE 10 B3 A9 DA 1A C6 AA AE 38 CF 9B A4 34
53 5B A9 07 9B 99 74 57 D4 C9 E7 60 22 39 FD B3
4B 34 E9 81 85 AE 7B 13 B4 8C 55 D4 E1 2F DC 2D
80 06 76 82 DB A9 67 FE F7 DE 54 8E 62 4D A1 77
8F 34 03 FC 45 5B 49 6F 27 E3 9A 49 7D 01 A1 DA
41 B6 8E 6D 35 26 57 3F 57 4C 85 6C 7B 5F 5D 3F
BF B5 A3 2E 1B 72 03 F5 07 84 65 CB 33 00 01 F4
E1 64 0D 42 4B 88 A7 BE E7 39 1B 7A 9D FE 4F 8B
B1 74 BD 4E 73 8F 59 82 E7 84 95 18 93 20 9F E2
49 2F 00 F1
---

matin_sb said:
When I try to flash using Omnisu i get the following error, could any one tell me the cause?
Code:
Action journal
02:58:45 Flash
02:58:45 Allows to change languages supported by the phone and upgrade its firmware.
02:58:45 Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
02:58:45 Application version: 0.07.2279 (beta)
02:58:45 . The action name is 'Flash'
02:58:45 Selected phone type: Xperia™ X10
02:58:45 i Instructions
02:58:45 i 1. Make sure the phone battery is charged to at least 50%.
02:58:45 i 2. Switch off the phone!
02:58:45 i 3. Remove the phone battery and wait at least 5 seconds before reinserting it!
02:58:45 i 4. Press and hold the return back button, then connect the cable to the phone!
02:58:45 . The action started waiting for the user
02:58:51 . The action finished waiting for the user
02:58:51 Connecting via SEMC USB Flash Device (USB2)...
02:58:51 Device driver version: 2.2.0.5
02:58:51 Detected chipset: QSD8250
02:58:51 Boot mode: EROM
02:58:51 Sending loader...
02:58:53 Establishing connection to the server...
02:59:00 Receiving news...
02:59:03 i No news
02:59:04 Actual credit: 0.00
02:59:12 Writing file R11A_R1FB001_FSP_X10a_CLARO_BR_NAM1_1233_6927_S1_SW_LIVE_AC12_0001_S1_PARTITION_WITH_SPARE.zip...
03:01:39 e Failed!
03:01:39 . The action entered shutdown phase
03:01:39 . The action reported failure
Error code
# E39CDD9F86C3082E
Error details
---
5B 6C 15 92 8B 89 69 F2 B9 6A 0B C9 F3 41 3F 1C
94 D4 9D 1F F5 38 19 88 BE 63 0E C8 8D BD 71 CA
F1 34 B4 45 90 DA C9 12 59 2E EE F8 FF 3F 8C 1F
97 81 7F AB C1 B1 44 7C 64 75 B1 A9 2F 52 EA 53
C3 86 82 ED D7 B9 7A 9D C4 06 F8 CF FE CF 2D 23
3E 5F C1 83 98 5B FB 05 72 46 C9 59 B0 24 70 A2
78 4F FE 10 B3 A9 DA 1A C6 AA AE 38 CF 9B A4 34
53 5B A9 07 9B 99 74 57 D4 C9 E7 60 22 39 FD B3
4B 34 E9 81 85 AE 7B 13 B4 8C 55 D4 E1 2F DC 2D
80 06 76 82 DB A9 67 FE F7 DE 54 8E 62 4D A1 77
8F 34 03 FC 45 5B 49 6F 27 E3 9A 49 7D 01 A1 DA
41 B6 8E 6D 35 26 57 3F 57 4C 85 6C 7B 5F 5D 3F
BF B5 A3 2E 1B 72 03 F5 07 84 65 CB 33 00 01 F4
E1 64 0D 42 4B 88 A7 BE E7 39 1B 7A 9D FE 4F 8B
B1 74 BD 4E 73 8F 59 82 E7 84 95 18 93 20 9F E2
49 2F 00 F1
---
Click to expand...
Click to collapse
Have you definitly downloaded the correct files for flashing on Ominus?

yes i have, i tried 3,4 different ROMs... why are u saying thaat?

Becasue i got a similar message when i tried to flash a .zip file for one of the latest firmwares and it turned out it was compatable with Ominus, so i tried one of the older ones that where specifically made for flashing with Ominus.
Try: http://hotfile.com/dl/47479718/71300fd/i_WWE_R1FB001_DEK.rar.html
or
http://hotfile.com/dl/48677045/e33b2a3/UPDATE_ZIP_R1FB001.rar.html
Instructions: http://forum.xda-developers.com/showpost.php?p=6789689&postcount=324
Thats all i can suggest, or use the Flashing Tool provided by Bin4ry.
Hope this helps

[Q] unlocking T959 by decrypt SHA1 hashes (see "Odia")

I have locked T-Mobile phone: SGH-T959ZKATMB
with firmware: T959UVJI6, BUILD TIME 2010.09.28 21:06:20 KST
I found good theme about this unlocking method, but I not enough rights for writing to this theme: http://forum.xda-developers.com/showthread.php?t=1064978
So, I create new theme. Sorry.
I found and decrypt hashes of passwords, but any of these codes don't unlock phone:
Code:
18154B 203BF1566BB0B79A76C78ADB5CCEE7AD171A20BC = '61620862'
18155F 7D3E17CFCD816CACD4E025FAA65004FDD17D51F8 = '00000000'
181573 7D3E17CFCD816CACD4E025FAA65004FDD17D51F8 = '00000000'
181587 7D3E17CFCD816CACD4E025FAA65004FDD17D51F8 = '00000000'
18159B F8F9B9602D0A106032FAB96000000000F0FCE260 = Error
1815CF 389EA0ABE51DC24224CD9DA8146AD5E843134F7B = '51725250'
Same passwords placed as plain text there:
Code:
008870 00 00 00 00 5B 50 45 52 53 4F 5D 73 74 61 74 65 ....[PERSO]state
008880 5F 69 6E 73 28 73 69 6D 29 20 3D 20 30 00 AA AA _ins(sim) = 0...
...
008900 AA AA AA AA AA AA AA AA AA AA AA AA 35 31 37 32 ............5172
008910 35 32 35 30 35 31 37 32 35 32 35 30 00 36 31 36 525051725250.616
008920 32 30 38 36 32 00 30 30 30 30 30 30 FF FF FF FF 20862.000000....
What problem? Exist other codes, or I incorrect type it? (insert alien sim card and type codes).
(File of my phone attached to this message)
If this is codes is good, then I can create half-automatic programm for finding and decritinig all hashes in the nv_data.bin

Go to the market
Search "galaxy s unlock"
Done
Sent from my SGH-T959 using XDA Premium App

usb ethernet driver truncate data?

I am trying to connect my phone to a device with the phone acting as the host (using the OTG USB cable).
Once connected, I have new entry "usb0" when I do ifconfig.
I assigned 192.168.3.100 to the phone and 192.168.3.99 to the device.
When I do a tcpdump, I saw that the arp request from the phone got to the device correctly, the device answered corrected but by the time it gets to the phone, it is no longer correct. I suspect that this is the problem within the u_ether driver/gadget.
When the device reply to the ARP request, tcpdump on the device gives:
2 0.000091 5a:65:6b:1b:de:37 62:18:d4:57:77:6c ARP 42 192.168.3.99 is at 5a:65:6b:1b:de:37
Frame 2: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)
Ethernet II, Src: 5a:65:6b:1b:de:37 (5a:65:6b:1b:de:37), Dst: 62:18:d4:57:77:6c (62:18:d4:57:77:6c)
0000 62 18 d4 57 77 6c 5a 65 6b 1b de 37 08 06 00 01 b..WwlZe k..7....
0010 08 00 06 04 00 02 5a 65 6b 1b de 37 c0 a8 03 63 ......Ze k..7...c
0020 62 18 d4 57 77 6c c0 a8 03 64 b..Wwl.. .d
Which is correct. However, tcpdump on the phone gives:
2 0.000030 CatenaNe_65:6b:1b AvlabTec_00:06:04 0xde37 28 Ethernet II
Frame 2: 28 bytes on wire (224 bits), 28 bytes captured (224 bits)
Ethernet II, Src: CatenaNe_65:6b:1b (00:02:5a:65:6b:1b), Dst: AvlabTec_00:06:04 (00:01:08:00:06:04)
0000 00 01 08 00 06 04 00 02 5a 65 6b 1b de 37 c0 a8 ........ Zek..7..
0010 03 63 62 18 d4 57 77 6c c0 a8 03 64 .cb..Wwl ...d
From the look of it, the section "62 18 d4 57 77 6c 5a 65 6b 1b de 37 08 06" is missing from the frame.
I suspected that I have to make changes to "drivers/usb/gadget/u_ether.c" and/or "drivers/net/usb/cdc_ether.c" but I am not so sure. Do you know where is the good place to start tackling this problem? I tried to put printk statements everywhere in those files but it proved fruitless.
I have tried to do "ethernet over usb" with a Windows machine (RNDIS) and that worked properly.
Thank you.

bug in usbnet driver
The problem I found out was that there were two consecutive calls to "remove header" in the driver.

[Q] Strange bytes in the end of SM-G313HN boot images..

I discovered 256 mysterious bytes in the end of the SM-G313HN boot images. Any idea what those are? Checksums? They are always located 1341 bytes after the end of secondary bootloader and the last 128 bytes seem to be the same between different images and regions. The phone boots without them, but a red exclamation mark appears in the top left corner of the screen while booting. I tried to compare different checksums to see if I could find a match, but I did not find any. (MD5, SHA1, SHA256, SHA512) Tested the kernel, secondary bootloader and some variables from the images.
Hex views:
Scandinavian boot.img:
Code:
Offset(d) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
05869568 CB C0 86 A6 EB A8 42 EE 63 27 D1 3E B0 EA D6 97 ËÀ†¦ë¨Bîc'Ñ>°êÖ—
05869584 71 BE AE 9C FA 74 47 7B 8B 0D 84 55 CC FA 1C D8 q¾®œútG{‹.„UÌú.Ø
05869600 AB D4 25 C6 93 8D 37 66 0A EB 3F 69 3C 94 2D 18 «Ô%Æ“.7f.ë?i<”-.
05869616 51 83 74 C0 BD 5B E7 A7 E4 F9 C4 A7 3B 03 C1 82 QƒtÀ½[ç§äùħ;.Á‚
05869632 3E 19 6C 9F 2B E0 A1 31 06 2B 34 90 9C A2 6D 88 >.lŸ+à¡1.+4.œ¢mˆ
05869648 53 AA C4 8D 2A BB DA 8D 5F 9B 51 1E E0 A1 00 4D SªÄ.*»Ú._›Q.à¡.M
05869664 43 C2 8C 28 6B 6A D6 DC D7 BB A7 81 0C 52 A0 16 CÂŒ(kjÖÜ×»§..R*.
05869680 59 83 3F 98 8F 0F 93 28 67 0E 64 63 44 F8 99 08 Yƒ?˜..“(g.dcDø™.
05869696 CF 44 1D 5B 0C 1D 30 8D 8C C8 02 D4 43 CB CE 5D ÏD.[..0.ŒÈ.ÔCËÎ]
05869712 D2 B8 04 12 6F 04 FF 35 3B 42 55 F3 EF 3E A8 F8 Ò¸..o.ÿ5;BUóï>¨ø
05869728 8E 1F AB 11 11 59 7C BB 38 E9 13 FB 0F 7D CD 84 Ž.«..Y|»8é.û.}Í„
05869744 1A FC D7 F9 65 DB 5D D0 6E B1 66 C4 19 1E 4E 5A .ü×ùeÛ]Ðn±fÄ..NZ
05869760 F5 00 0F D7 2B C3 27 38 D4 A0 DA 47 2B 0E 23 46 õ..×+Ã'8Ô*ÚG+.#F
05869776 2D 89 3F 64 72 36 16 DB 50 4E C3 E4 88 67 31 22 -‰?dr6.ÛPNÃäˆg1"
05869792 C6 C9 AF 05 34 92 1C E6 96 9F F8 8B 34 AD 33 DB Æɯ.4’.æ–Ÿø‹4.3Û
05869808 5B 66 8A 9F 9D 21 53 C9 1A A4 70 C6 9B 0E AA E9 [fŠŸ.!SÉ.¤pÆ›.ªé
Scandinavian recovery.img:
Code:
Offset(d) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
07094272 56 68 66 CF 0D 52 6B 8C 2F F7 6C 0F 63 32 1B 9D VhfÏ.RkŒ/÷l.c2..
07094288 A6 46 B9 FC 07 E1 09 66 D3 CB 6D D4 BF A2 B0 81 ¦F¹ü.á.fÓËmÔ¿¢°.
07094304 24 6C 4D E3 97 79 6C 64 CE 27 31 AD 0F CD 5E 33 $lMã—yldÎ'1..Í^3
07094320 0A 0A 38 E8 58 27 5A 04 05 0B 48 99 00 5A A4 B8 ..8èX'Z...H™.Z¤¸
07094336 AC 53 11 E8 16 A9 55 81 A4 0F B6 F3 DF 21 F1 78 ¬S.è.©U.¤.¶óß!ñx
07094352 C5 E0 DF 38 7F ED B5 7B C5 0B D7 27 50 85 9E 26 Åàß8.íµ{Å.×'P…ž&
07094368 4C 45 8F FA 4C 74 38 F2 76 0F 47 73 8E A8 66 85 LE.úLt8òv.GsŽ¨f…
07094384 65 D3 B6 07 CA 8B E3 B8 D6 90 6D 36 D5 AB 1F D4 eÓ¶.Ê‹ã¸Ö.m6Õ«.Ô
07094400 CF 44 1D 5B 0C 1D 30 8D 8C C8 02 D4 43 CB CE 5D ÏD.[..0.ŒÈ.ÔCËÎ]
07094416 D2 B8 04 12 6F 04 FF 35 3B 42 55 F3 EF 3E A8 F8 Ò¸..o.ÿ5;BUóï>¨ø
07094432 8E 1F AB 11 11 59 7C BB 38 E9 13 FB 0F 7D CD 84 Ž.«..Y|»8é.û.}Í„
07094448 1A FC D7 F9 65 DB 5D D0 6E B1 66 C4 19 1E 4E 5A .ü×ùeÛ]Ðn±fÄ..NZ
07094464 F5 00 0F D7 2B C3 27 38 D4 A0 DA 47 2B 0E 23 46 õ..×+Ã'8Ô*ÚG+.#F
07094480 2D 89 3F 64 72 36 16 DB 50 4E C3 E4 88 67 31 22 -‰?dr6.ÛPNÃäˆg1"
07094496 C6 C9 AF 05 34 92 1C E6 96 9F F8 8B 34 AD 33 DB Æɯ.4’.æ–Ÿø‹4.3Û
07094512 5B 66 8A 9F 9D 21 53 C9 1A A4 70 C6 9B 0E AA E9 [fŠŸ.!SÉ.¤pÆ›.ªé
German boot.img:
Code:
Offset(d) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
05865472 CA BE C5 61 D0 D3 C4 02 BE D7 99 02 63 DD 0D C3 ʾÅaÐÓÄ.¾×™.cÝ.Ã
05865488 CB 89 28 40 B1 68 E5 54 F5 A3 98 42 47 79 88 4C ˉ(@±håTõ£˜BGyˆL
05865504 1F 90 FC 48 5A 17 63 AB 1F D9 62 0A C4 70 31 6D ..üHZ.c«.Ùb.Äp1m
05865520 EF 07 F1 60 E2 CD 64 AC 15 92 41 3F 60 AB CC EA ï.ñ`âÍd¬.’A?`«Ìê
05865536 58 AF 08 ED DC 1E 25 04 94 19 FF 33 94 29 34 0A X¯.íÜ.%.”.ÿ3”)4.
05865552 A3 DF E6 8A 6D 6A 29 A5 0A 3A 55 10 12 52 45 8C £ßæŠmj)¥.:U..REŒ
05865568 36 C4 DB EE 21 F5 84 E1 31 83 C7 14 7C 92 1A 4F 6ÄÛî!õ„á1ƒÇ.|’.O
05865584 D2 99 FF 06 38 8B 8E 46 E4 EB DA 17 75 5E C4 65 Ò™ÿ.8‹ŽFäëÚ.u^Äe
05865600 CF 44 1D 5B 0C 1D 30 8D 8C C8 02 D4 43 CB CE 5D ÏD.[..0.ŒÈ.ÔCËÎ]
05865616 D2 B8 04 12 6F 04 FF 35 3B 42 55 F3 EF 3E A8 F8 Ò¸..o.ÿ5;BUóï>¨ø
05865632 8E 1F AB 11 11 59 7C BB 38 E9 13 FB 0F 7D CD 84 Ž.«..Y|»8é.û.}Í„
05865648 1A FC D7 F9 65 DB 5D D0 6E B1 66 C4 19 1E 4E 5A .ü×ùeÛ]Ðn±fÄ..NZ
05865664 F5 00 0F D7 2B C3 27 38 D4 A0 DA 47 2B 0E 23 46 õ..×+Ã'8Ô*ÚG+.#F
05865680 2D 89 3F 64 72 36 16 DB 50 4E C3 E4 88 67 31 22 -‰?dr6.ÛPNÃäˆg1"
05865696 C6 C9 AF 05 34 92 1C E6 96 9F F8 8B 34 AD 33 DB Æɯ.4’.æ–Ÿø‹4.3Û
05865712 5B 66 8A 9F 9D 21 53 C9 1A A4 70 C6 9B 0E AA E9 [fŠŸ.!SÉ.¤pÆ›.ªé
German recovery.img:
Code:
Offset(d) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
07090176 2A E6 B5 86 C2 95 C2 AA 6F C1 0A 8F 1A BD 19 3C *浆•ªoÁ...½.<
07090192 90 6F 6C 47 16 30 F4 F1 02 C7 20 1E 30 36 16 75 .olG.0ôñ.Ç .06.u
07090208 22 F3 DE 00 75 B3 57 F4 B1 36 2D 7E 32 30 CD 83 "óÞ.u³Wô±6-~20̓
07090224 1F B2 57 DB 42 76 C4 7F 2A E5 62 74 0A 22 63 F5 .²WÛBvÄ.*åbt."cõ
07090240 A5 87 4E AC EF A9 CC D0 60 64 49 0B 29 D7 66 6C ¥‡N¬ï©ÌÐ`dI.)×fl
07090256 D1 C0 F4 36 18 7F DC C3 28 A5 B1 84 F9 C0 B1 B9 ÑÀô6..ÜÃ(¥±„ùÀ±¹
07090272 3D C1 F0 77 57 38 F3 23 12 F0 DF 43 F5 59 2D 52 =ÁðwW8ó#.ðßCõY-R
07090288 CF B4 75 69 70 22 E9 E6 6F 3E DE 78 60 2B A0 84 Ï´uip"éæo>Þx`+*„
07090304 CF 44 1D 5B 0C 1D 30 8D 8C C8 02 D4 43 CB CE 5D ÏD.[..0.ŒÈ.ÔCËÎ]
07090320 D2 B8 04 12 6F 04 FF 35 3B 42 55 F3 EF 3E A8 F8 Ò¸..o.ÿ5;BUóï>¨ø
07090336 8E 1F AB 11 11 59 7C BB 38 E9 13 FB 0F 7D CD 84 Ž.«..Y|»8é.û.}Í„
07090352 1A FC D7 F9 65 DB 5D D0 6E B1 66 C4 19 1E 4E 5A .ü×ùeÛ]Ðn±fÄ..NZ
07090368 F5 00 0F D7 2B C3 27 38 D4 A0 DA 47 2B 0E 23 46 õ..×+Ã'8Ô*ÚG+.#F
07090384 2D 89 3F 64 72 36 16 DB 50 4E C3 E4 88 67 31 22 -‰?dr6.ÛPNÃäˆg1"
07090400 C6 C9 AF 05 34 92 1C E6 96 9F F8 8B 34 AD 33 DB Æɯ.4’.æ–Ÿø‹4.3Û
07090416 5B 66 8A 9F 9D 21 53 C9 1A A4 70 C6 9B 0E AA E9 [fŠŸ.!SÉ.¤pÆ›.ªé

Possible new way of unlocking the bootloader

Hello there, this is my first post here
I bought this phone like 10 days ago and waited 168 hours to unlock the bootloader
Everything went fine and now I have the bootloader unlocked
During the process of unlocking I sniffed the usb and internet connection and I found some very interesting things
I have had lg, motorola and nexus phones before so I'm used to multiple methods of unlocking the bootloader and I wish every phone was like the nexus in this regard(fastboot oem unlock), but as this is not the case this is what I found:
miflash obtains a code from the device with:
Code:
fastboot getvar token
the device responds with (in my case):
Code:
token: VQEBIQEQ69vxY17MOJnHQZD5Z0e9EwMHY2VwaGV1cwIEWgN-kQ
Finished. Total time: 0.000s
miflash uses this code in their api:
https:// unlock update intl miui com(ip: 161.117.108.114)
their api responds with(in my case):
Code:
sign result:{
"code" : 0,
"description" : "私钥签名成功", //Private key signature succeeded
"encryptData" : "5934D848743BECCFE6C895C128D62E66F9B5300617D53CC89C601E325153898CBA09D9D8849A5E62BB5EBFDF9788D958F307E676D84AACB2236F979FC9286FC91B1135D4E4AE40F8B7DD2FF3365D7D9B648B8D9556D0B1A4CBB1DDF459CD8109253F2E6131BD358A74D2159145BE18BD1CEB7D58B7236083D22BD865DB4EBBE64585F7E31656A5F807294B807981CF20C2E3D4E22E3543B9E24CA91C5F82E948636FE66A32B8E17ACF4B4828CBB67971A8B743D973A2B075505CC252F66E1DA62FCB4298483906597C926A337D5EB14EC061EB6D38A629869B6CBB572D6BAE5AE5D6C7306766870037A224E322866BFF4766A06C7CB73982152C10374976F5FD",
"uid" : "<mi account ID>"
}
This is the last application data that miflash receives:
Code:
0000 88 ae 1d 6f 3c 9f 98 97 d1 32 14 8b 08 00 45 20 ...o<....2....E
0010 05 3a 4d 70 40 00 30 06 e0 39 a1 75 6c 72 0a 00 .:[email protected]
0020 00 0d 01 bb d9 72 89 6a 29 fb 1b 57 73 a5 50 18 .....r.j)..Ws.P.
0030 00 45 74 0d 00 00 17 03 03 05 0d 20 9c 9b c9 5f .Et........ ..._
0040 63 ad 2a 3f c6 77 d7 ae 1b ff 14 82 bf 28 a4 a4 c.*?.w.......(..
0050 24 ed 83 f8 fc 0a fa 74 dd 8a b5 be 34 ca 71 ca $......t....4.q.
0060 91 5d 67 85 bf 90 9c 7e 05 b0 86 f3 b0 5a de cb .]g....~.....Z..
0070 7d 38 39 26 da 8a 81 f7 ac 92 de e1 bb c9 a6 c9 }89&............
0080 10 42 4c 0d 30 3f 01 97 c4 45 ae 83 5a 84 75 35 .BL.0?...E..Z.u5
0090 0a 1e 98 19 0a a1 53 56 d4 f8 b4 b4 bb c6 c3 84 ......SV........
00a0 9e 00 2e 6a 2d d8 47 af 79 cc 6d de 97 a4 81 bd ...j-.G.y.m.....
00b0 89 b6 94 05 cf e9 75 18 a7 2d 2d dc 5c a0 5a d6 ......u..--.\.Z.
00c0 02 0e ee dd 49 36 3c b2 af 63 28 5e 99 a3 56 cd ....I6<..c(^..V.
00d0 94 c9 e0 49 52 39 b2 ac 30 7c 31 6f bb 57 cd da ...IR9..0|1o.W..
00e0 7f bb 10 8f a1 6d b7 d7 7f 5c 0e 9f 88 e4 22 21 .....m...\...."!
00f0 9c 52 05 35 83 1a a2 c1 0b c2 f9 1f 03 dd ac f8 .R.5............
0100 4b e8 32 ae 31 5d a2 9d 60 ed e9 00 c6 18 82 a5 K.2.1]..`.......
0110 2a 84 d5 44 d9 88 a9 27 4b c0 12 79 3b 87 a2 2a *..D...'K..y;..*
0120 1c 4c 0e 70 48 ee 60 97 6e 77 46 a0 c4 38 3c ad .L.pH.`.nwF..8<.
0130 79 fe de d3 0c 4d 36 ca 2b 7a d6 4c 9a 42 36 9f y....M6.+z.L.B6.
0140 85 ab 17 12 9b 4a e9 74 17 e7 30 08 8d fc fa c2 .....J.t..0.....
0150 90 50 ed 3d 28 c1 b6 c7 ca e6 1d 5c 88 e1 bb fc .P.=(......\....
0160 0a d5 ee f3 82 b0 0f da 22 85 40 db 2a 71 fb 27 ........"[email protected]*q.'
0170 82 6a 56 e6 e4 1c 7e d0 ce f8 67 4f 61 d9 7b d5 .jV...~...gOa.{.
0180 ca 59 ac bf 30 2f 23 eb ed 7a 31 54 80 69 26 9c .Y..0/#..z1T.i&.
0190 f7 7d 14 57 51 3d f8 cc 5f 43 23 9e 3e 2e d7 bc .}.WQ=.._C#.>...
01a0 f3 6e 47 b8 11 7a 60 a8 19 e1 a3 77 c6 59 8e 3b .nG..z`....w.Y.;
01b0 17 e4 ad 51 e1 75 78 fb af fe 72 63 b8 fd a2 20 ...Q.ux...rc...
01c0 8c d9 7c 87 f8 1c 29 74 cb 8c 62 c9 e3 22 0e 4c ..|...)t..b..".L
01d0 f6 5a bf fc 9f 2f a3 b5 3f 1f 9a 06 1b 80 78 40 .Z.../[email protected]
01e0 c5 e8 bf 49 23 87 22 cd 60 29 2d 8f 2d 1f d6 ae ...I#.".`)-.-...
01f0 66 08 e1 3d 59 9c e6 65 70 56 16 26 bd 05 ca 55 f..=Y..epV.&...U
0200 9c 45 84 fe 3c 5b 8b 68 39 c5 4c ca ee 1d 2e 4c .E..<[.h9.L....L
0210 d1 14 9a 6a b4 57 78 1c c3 72 2a 5e 28 ab 8b c3 ...j.Wx..r*^(...
0220 4a 26 9c 2d 23 af a5 ed 66 6e 56 e5 07 10 4d ce J&.-#...fnV...M.
0230 f2 27 91 ef 6d f0 2a 36 8c ad 9a 81 d2 83 21 7c .'..m.*6......!|
0240 b9 28 b1 bc 18 87 75 c7 af 35 99 2e bd b9 b6 fe .(....u..5......
0250 e7 83 04 96 52 c7 6a f1 89 de 95 06 2e 4c 55 93 ....R.j......LU.
0260 f8 e0 16 2b f7 5b cd f1 bf 7b d5 ac d3 42 24 6d ...+.[...{...B$m
0270 f5 51 4b 90 d2 3e d9 70 e9 0e 83 a0 9f 69 8e dd .QK..>.p.....i..
0280 ee 23 a1 29 82 94 94 1a a1 c8 0a 0c 55 42 dd 40 .#.)[email protected]
0290 d3 b6 7d 46 95 d6 74 e6 18 9d 6b 62 50 7d 47 d6 ..}F..t...kbP}G.
02a0 c1 48 d8 f5 40 3a 6e a1 9c ab 23 83 1f 9d 71 a5 [email protected]:n...#...q.
02b0 c8 60 27 62 74 25 2c d9 f7 95 77 d3 d0 e1 f5 8d .`'bt%,...w.....
02c0 73 d1 ec 49 26 e4 39 44 f2 2f 9a b5 17 f0 f8 f9 s..I&.9D./......
02d0 9c 25 ff 8b 2c ee bf 24 f8 3a ac 06 68 24 9c b6 .%..,..$.:..h$..
02e0 8b be b2 53 7d 49 ee 0c bb 6b 1a 4c 4a 9d 13 a9 ...S}I...k.LJ...
02f0 a3 1c c2 cf 46 69 f2 7b 43 b9 0a 3c 63 be a0 67 ....Fi.{C..<c..g
0300 00 43 60 77 16 f1 f1 72 e9 1c 3e b6 0b e8 d9 cd .C`w...r..>.....
0310 6a 4f f0 40 f6 cb bd 9b 99 ee ef b5 6b 9e 77 1d [email protected]
0320 47 51 da 22 57 81 be 39 b4 b9 8a f0 e0 5a d7 37 GQ."W..9.....Z.7
0330 7c aa 06 0d 29 83 9a 97 57 76 9f 72 87 aa d7 e4 |...)...Wv.r....
0340 1a 3e e7 e6 ad 97 9d 91 ce b3 64 96 b8 7e e3 86 .>........d..~..
0350 52 f1 21 1b 45 c6 47 45 28 bc 12 e3 91 2e 03 44 R.!.E.GE(......D
0360 91 1a 75 09 0a 6f 98 ad 38 30 e2 29 b6 07 00 dd ..u..o..80.)....
0370 a4 60 b2 65 dd 09 df 2b 3d 45 a8 21 06 e2 47 bf .`.e...+=E.!..G.
0380 34 c7 2f 36 67 03 40 05 26 75 ef 21 b2 25 ba 35 4./[email protected]&u.!.%.5
0390 04 22 2a e4 7c d2 a9 cf 93 eb a7 3b 26 26 bf 1b ."*.|......;&&..
03a0 6b b7 53 f4 24 66 56 43 86 1b f7 b1 7d 2b 58 db k.S.$fVC....}+X.
03b0 da 3c 67 9d ba b1 fd dc c7 b3 50 10 e3 e3 6f aa .<g.......P...o.
03c0 40 0f 96 fa a4 d0 05 3e 5d d0 e0 6e 80 50 f7 e1 @......>]..n.P..
03d0 ce 8d 25 11 d3 57 20 29 ef 1b a0 82 6c d2 03 cc ..%..W )....l...
03e0 59 19 48 91 13 f5 53 fc e1 b7 4e 3a 16 35 ed 57 Y.H...S...N:.5.W
03f0 25 cf 4e d1 69 13 b5 3b e2 ec 6c 2c b4 ab 0e 97 %.N.i..;..l,....
0400 26 50 2c a8 f7 23 63 85 1c 5c e5 67 17 b8 c5 f4 &P,..#c..\.g....
0410 08 93 3e 3e 5d ef 76 f3 e3 5f fb 9e b7 75 b9 3a ..>>].v.._...u.:
0420 7f 4a fd ee 37 f4 0c 8d 0f ed 93 76 91 d4 67 6a .J..7......v..gj
0430 a4 9d 9b bf ef c9 f5 78 dd ba 21 5c b8 05 8f 25 .......x..!\...%
0440 56 b1 95 48 9e 0d 6d e4 fb ee 7d 3a 98 7d 06 c8 V..H..m...}:.}..
0450 bd a1 20 41 56 30 f9 a1 75 f6 6b 0a 46 3a 5b 33 .. AV0..u.k.F:[3
0460 e2 14 52 c5 45 0c ab 30 c3 08 13 c1 d2 d2 1f 0e ..R.E..0........
0470 76 92 fd 95 5d 33 68 bc 30 23 85 ca 62 95 37 77 v...]3h.0#..b.7w
0480 aa 30 09 18 20 7b ea a4 89 d1 d6 f4 c0 93 04 7c .0.. {.........|
0490 4e 81 63 fc 4c 14 c4 c8 b5 bf ea fe 31 9f b1 10 N.c.L.......1...
04a0 72 70 28 2b d6 9c 0c 67 38 c2 06 be 68 6d 2f 3a rp(+...g8...hm/:
04b0 20 70 d1 2b 12 a6 db 4f 68 e7 84 5f 93 d6 2d c0 p.+...Oh.._..-.
04c0 b4 61 cf 4e fb 81 d2 10 be f9 0a f9 4d 9e 27 a7 .a.N........M.'.
04d0 f9 85 e1 76 c8 6b e4 70 2a 2d 22 d8 43 7b 67 35 ...v.k.p*-".C{g5
04e0 13 a3 2f 62 0b 55 b7 15 7c 1e 83 58 ed 04 17 49 ../b.U..|..X...I
04f0 f8 e2 c5 92 f5 c9 1c 73 0c a4 19 89 bc 84 ff 23 .......s.......#
0500 75 37 bf 4e 51 8a 9e 62 9e 22 92 b8 a7 fa 01 ec u7.NQ..b."......
0510 10 7c 21 c9 e8 b8 a6 23 61 7d 75 c8 30 66 b9 67 .|!....#a}u.0f.g
0520 6f d6 51 4d f4 cd 81 49 50 70 e4 80 97 a1 02 11 o.QM...IPp......
0530 49 44 1d e6 f6 24 55 b8 16 df b2 c6 84 05 da 7f ID...$U.........
0540 c7 54 af cb 6b 9a 35 63 .T..k.5c
With "encryptData", miflash executes the following:
Code:
fastboot oem unlock "1f2ebb62_sig.data"
something similar to LG approach with unlock.bin
I suspect that this file is temporarily created inside the miflash folder then deleted once the command is executed
So I think if we can save this file or the code inside it, it will be possible to unlock the bootloader without miflash the next time we want to unlock the bootloader.
I searched "1f2ebb62_sig" in google and didn't found any results, so I hope that we can found something.
All this information is present inside of the file "C:\Users\%USERNAME%\AppData\Roaming\Xiaomi\miflash_unlock\Log\miflash_unlock.log"
[EDIT] As pointed out by @natinusala the 1f2ebb62_sig file contains the serial number in the name
[EDIT] Token var changes every reboot
[EDIT] Progress has been made, check this github repos:
https://github.com/penn5/miunlock
https://github.com/GiorgioUghini/miunlock

I would assume 1f2ebb62 to be your serial number? If so, that file is unique to each device

natinusala said:
I would assume 1f2ebb62 to be your serial number? If so, that file is unique to each device
Click to expand...
Click to collapse
Yes it is, great observation

If you are interested, visit this repository bus also read ISSUES COMMENTS. You can find very useful information about your idea.
https://github.com/mc-17/xiaomi-bootloader/blob/master/README.md

mucha.k1994 said:
If you are interested, visit this repository bus also read ISSUES COMMENTS. You can find very useful information about your idea.
https://github.com/mc-17/xiaomi-bootloader/blob/master/README.md
Click to expand...
Click to collapse
Very interesting
It seems to be far more things besides the 'sig.data' file

I'm thinking about study a little of this for re-open that thread on github. Sadly, owner of repo type last comment more than year ago but in comments (I mean issues) last comment was from few weeks ago. Idea is not fully dead. If you have any skill in spoofing and encrypting/decrypting - join into github conversation.
BTW - as I read somewhere, token probably has one of part allways the same (after reboots I mean) and then, someone try replace token with multiple 0 but keep untouched repeated part and still pass server-side "magic". That's interesting too.
Actually, I think, the final trick is to get somehow data from server - side: script, private-keys or similar. Then, you can exactly know how they generate a key for unlocking.
Seems to be easy. ?

mucha.k1994 said:
I'm thinking about study a little of this for re-open that thread on github. Sadly, owner of repo type last comment more than year ago but in comments (I mean issues) last comment was from few weeks ago. Idea is not fully dead. If you have any skill in spoofing and encrypting/decrypting - join into github conversation.
BTW - as I read somewhere, token probably has one of part allways the same (after reboots I mean) and then, someone try replace token with multiple 0 but keep untouched repeated part and still pass server-side "magic". That's interesting too.
Actually, I think, the final trick is to get somehow data from server - side: script, private-keys or similar. Then, you can exactly know how they generate a key for unlocking.
Seems to be easy.
Click to expand...
Click to collapse
I hope that we can find something, as you said the problem is that the "magic" happens on server side and even if we can create some program to handle the process like https://github.com/penn5 and https://github.com/GiorgioUghini did, Xiaomi can always update their side without anyone able to do anything

eseub said:
Hello there, this is my first post here
I bought this phone like 10 days ago and waited 168 hours to unlock the bootloader
Everything went fine and now I have the bootloader unlocked
During the process of unlocking I sniffed the usb and internet connection and I found some very interesting things
I have had lg, motorola and nexus phones before so I'm used to multiple methods of unlocking the bootloader and I wish every phone was like the nexus in this regard(fastboot oem unlock), but as this is not the case this is what I found:
miflash obtains a code from the device with:
Code:
fastboot getvar token
the device responds with (in my case):
Code:
token: VQEBIQEQ69vxY17MOJnHQZD5Z0e9EwMHY2VwaGV1cwIEWgN-kQ
Finished. Total time: 0.000s
miflash uses this code in their api:
https:// unlock update intl miui com(ip: 161.117.108.114)
their api responds with(in my case):
Code:
sign result:{
"code" : 0,
"description" : "私钥签名成功", //Private key signature succeeded
"encryptData" : "5934D848743BECCFE6C895C128D62E66F9B5300617D53CC89C601E325153898CBA09D9D8849A5E62BB5EBFDF9788D958F307E676D84AACB2236F979FC9286FC91B1135D4E4AE40F8B7DD2FF3365D7D9B648B8D9556D0B1A4CBB1DDF459CD8109253F2E6131BD358A74D2159145BE18BD1CEB7D58B7236083D22BD865DB4EBBE64585F7E31656A5F807294B807981CF20C2E3D4E22E3543B9E24CA91C5F82E948636FE66A32B8E17ACF4B4828CBB67971A8B743D973A2B075505CC252F66E1DA62FCB4298483906597C926A337D5EB14EC061EB6D38A629869B6CBB572D6BAE5AE5D6C7306766870037A224E322866BFF4766A06C7CB73982152C10374976F5FD",
"uid" : "<mi account ID>"
}
This is the last application data that miflash receives:
Code:
0000 88 ae 1d 6f 3c 9f 98 97 d1 32 14 8b 08 00 45 20 ...o<....2....E
0010 05 3a 4d 70 40 00 30 06 e0 39 a1 75 6c 72 0a 00 .:[email protected]
0020 00 0d 01 bb d9 72 89 6a 29 fb 1b 57 73 a5 50 18 .....r.j)..Ws.P.
0030 00 45 74 0d 00 00 17 03 03 05 0d 20 9c 9b c9 5f .Et........ ..._
0040 63 ad 2a 3f c6 77 d7 ae 1b ff 14 82 bf 28 a4 a4 c.*?.w.......(..
0050 24 ed 83 f8 fc 0a fa 74 dd 8a b5 be 34 ca 71 ca $......t....4.q.
0060 91 5d 67 85 bf 90 9c 7e 05 b0 86 f3 b0 5a de cb .]g....~.....Z..
0070 7d 38 39 26 da 8a 81 f7 ac 92 de e1 bb c9 a6 c9 }89&............
0080 10 42 4c 0d 30 3f 01 97 c4 45 ae 83 5a 84 75 35 .BL.0?...E..Z.u5
0090 0a 1e 98 19 0a a1 53 56 d4 f8 b4 b4 bb c6 c3 84 ......SV........
00a0 9e 00 2e 6a 2d d8 47 af 79 cc 6d de 97 a4 81 bd ...j-.G.y.m.....
00b0 89 b6 94 05 cf e9 75 18 a7 2d 2d dc 5c a0 5a d6 ......u..--.\.Z.
00c0 02 0e ee dd 49 36 3c b2 af 63 28 5e 99 a3 56 cd ....I6<..c(^..V.
00d0 94 c9 e0 49 52 39 b2 ac 30 7c 31 6f bb 57 cd da ...IR9..0|1o.W..
00e0 7f bb 10 8f a1 6d b7 d7 7f 5c 0e 9f 88 e4 22 21 .....m...\...."!
00f0 9c 52 05 35 83 1a a2 c1 0b c2 f9 1f 03 dd ac f8 .R.5............
0100 4b e8 32 ae 31 5d a2 9d 60 ed e9 00 c6 18 82 a5 K.2.1]..`.......
0110 2a 84 d5 44 d9 88 a9 27 4b c0 12 79 3b 87 a2 2a *..D...'K..y;..*
0120 1c 4c 0e 70 48 ee 60 97 6e 77 46 a0 c4 38 3c ad .L.pH.`.nwF..8<.
0130 79 fe de d3 0c 4d 36 ca 2b 7a d6 4c 9a 42 36 9f y....M6.+z.L.B6.
0140 85 ab 17 12 9b 4a e9 74 17 e7 30 08 8d fc fa c2 .....J.t..0.....
0150 90 50 ed 3d 28 c1 b6 c7 ca e6 1d 5c 88 e1 bb fc .P.=(......\....
0160 0a d5 ee f3 82 b0 0f da 22 85 40 db 2a 71 fb 27 ........"[email protected]*q.'
0170 82 6a 56 e6 e4 1c 7e d0 ce f8 67 4f 61 d9 7b d5 .jV...~...gOa.{.
0180 ca 59 ac bf 30 2f 23 eb ed 7a 31 54 80 69 26 9c .Y..0/#..z1T.i&.
0190 f7 7d 14 57 51 3d f8 cc 5f 43 23 9e 3e 2e d7 bc .}.WQ=.._C#.>...
01a0 f3 6e 47 b8 11 7a 60 a8 19 e1 a3 77 c6 59 8e 3b .nG..z`....w.Y.;
01b0 17 e4 ad 51 e1 75 78 fb af fe 72 63 b8 fd a2 20 ...Q.ux...rc...
01c0 8c d9 7c 87 f8 1c 29 74 cb 8c 62 c9 e3 22 0e 4c ..|...)t..b..".L
01d0 f6 5a bf fc 9f 2f a3 b5 3f 1f 9a 06 1b 80 78 40 .Z.../[email protected]
01e0 c5 e8 bf 49 23 87 22 cd 60 29 2d 8f 2d 1f d6 ae ...I#.".`)-.-...
01f0 66 08 e1 3d 59 9c e6 65 70 56 16 26 bd 05 ca 55 f..=Y..epV.&...U
0200 9c 45 84 fe 3c 5b 8b 68 39 c5 4c ca ee 1d 2e 4c .E..<[.h9.L....L
0210 d1 14 9a 6a b4 57 78 1c c3 72 2a 5e 28 ab 8b c3 ...j.Wx..r*^(...
0220 4a 26 9c 2d 23 af a5 ed 66 6e 56 e5 07 10 4d ce J&.-#...fnV...M.
0230 f2 27 91 ef 6d f0 2a 36 8c ad 9a 81 d2 83 21 7c .'..m.*6......!|
0240 b9 28 b1 bc 18 87 75 c7 af 35 99 2e bd b9 b6 fe .(....u..5......
0250 e7 83 04 96 52 c7 6a f1 89 de 95 06 2e 4c 55 93 ....R.j......LU.
0260 f8 e0 16 2b f7 5b cd f1 bf 7b d5 ac d3 42 24 6d ...+.[...{...B$m
0270 f5 51 4b 90 d2 3e d9 70 e9 0e 83 a0 9f 69 8e dd .QK..>.p.....i..
0280 ee 23 a1 29 82 94 94 1a a1 c8 0a 0c 55 42 dd 40 .#.)[email protected]
0290 d3 b6 7d 46 95 d6 74 e6 18 9d 6b 62 50 7d 47 d6 ..}F..t...kbP}G.
02a0 c1 48 d8 f5 40 3a 6e a1 9c ab 23 83 1f 9d 71 a5 [email protected]:n...#...q.
02b0 c8 60 27 62 74 25 2c d9 f7 95 77 d3 d0 e1 f5 8d .`'bt%,...w.....
02c0 73 d1 ec 49 26 e4 39 44 f2 2f 9a b5 17 f0 f8 f9 s..I&.9D./......
02d0 9c 25 ff 8b 2c ee bf 24 f8 3a ac 06 68 24 9c b6 .%..,..$.:..h$..
02e0 8b be b2 53 7d 49 ee 0c bb 6b 1a 4c 4a 9d 13 a9 ...S}I...k.LJ...
02f0 a3 1c c2 cf 46 69 f2 7b 43 b9 0a 3c 63 be a0 67 ....Fi.{C..<c..g
0300 00 43 60 77 16 f1 f1 72 e9 1c 3e b6 0b e8 d9 cd .C`w...r..>.....
0310 6a 4f f0 40 f6 cb bd 9b 99 ee ef b5 6b 9e 77 1d [email protected]
0320 47 51 da 22 57 81 be 39 b4 b9 8a f0 e0 5a d7 37 GQ."W..9.....Z.7
0330 7c aa 06 0d 29 83 9a 97 57 76 9f 72 87 aa d7 e4 |...)...Wv.r....
0340 1a 3e e7 e6 ad 97 9d 91 ce b3 64 96 b8 7e e3 86 .>........d..~..
0350 52 f1 21 1b 45 c6 47 45 28 bc 12 e3 91 2e 03 44 R.!.E.GE(......D
0360 91 1a 75 09 0a 6f 98 ad 38 30 e2 29 b6 07 00 dd ..u..o..80.)....
0370 a4 60 b2 65 dd 09 df 2b 3d 45 a8 21 06 e2 47 bf .`.e...+=E.!..G.
0380 34 c7 2f 36 67 03 40 05 26 75 ef 21 b2 25 ba 35 4./[email protected]&u.!.%.5
0390 04 22 2a e4 7c d2 a9 cf 93 eb a7 3b 26 26 bf 1b ."*.|......;&&..
03a0 6b b7 53 f4 24 66 56 43 86 1b f7 b1 7d 2b 58 db k.S.$fVC....}+X.
03b0 da 3c 67 9d ba b1 fd dc c7 b3 50 10 e3 e3 6f aa .<g.......P...o.
03c0 40 0f 96 fa a4 d0 05 3e 5d d0 e0 6e 80 50 f7 e1 @......>]..n.P..
03d0 ce 8d 25 11 d3 57 20 29 ef 1b a0 82 6c d2 03 cc ..%..W )....l...
03e0 59 19 48 91 13 f5 53 fc e1 b7 4e 3a 16 35 ed 57 Y.H...S...N:.5.W
03f0 25 cf 4e d1 69 13 b5 3b e2 ec 6c 2c b4 ab 0e 97 %.N.i..;..l,....
0400 26 50 2c a8 f7 23 63 85 1c 5c e5 67 17 b8 c5 f4 &P,..#c..\.g....
0410 08 93 3e 3e 5d ef 76 f3 e3 5f fb 9e b7 75 b9 3a ..>>].v.._...u.:
0420 7f 4a fd ee 37 f4 0c 8d 0f ed 93 76 91 d4 67 6a .J..7......v..gj
0430 a4 9d 9b bf ef c9 f5 78 dd ba 21 5c b8 05 8f 25 .......x..!\...%
0440 56 b1 95 48 9e 0d 6d e4 fb ee 7d 3a 98 7d 06 c8 V..H..m...}:.}..
0450 bd a1 20 41 56 30 f9 a1 75 f6 6b 0a 46 3a 5b 33 .. AV0..u.k.F:[3
0460 e2 14 52 c5 45 0c ab 30 c3 08 13 c1 d2 d2 1f 0e ..R.E..0........
0470 76 92 fd 95 5d 33 68 bc 30 23 85 ca 62 95 37 77 v...]3h.0#..b.7w
0480 aa 30 09 18 20 7b ea a4 89 d1 d6 f4 c0 93 04 7c .0.. {.........|
0490 4e 81 63 fc 4c 14 c4 c8 b5 bf ea fe 31 9f b1 10 N.c.L.......1...
04a0 72 70 28 2b d6 9c 0c 67 38 c2 06 be 68 6d 2f 3a rp(+...g8...hm/:
04b0 20 70 d1 2b 12 a6 db 4f 68 e7 84 5f 93 d6 2d c0 p.+...Oh.._..-.
04c0 b4 61 cf 4e fb 81 d2 10 be f9 0a f9 4d 9e 27 a7 .a.N........M.'.
04d0 f9 85 e1 76 c8 6b e4 70 2a 2d 22 d8 43 7b 67 35 ...v.k.p*-".C{g5
04e0 13 a3 2f 62 0b 55 b7 15 7c 1e 83 58 ed 04 17 49 ../b.U..|..X...I
04f0 f8 e2 c5 92 f5 c9 1c 73 0c a4 19 89 bc 84 ff 23 .......s.......#
0500 75 37 bf 4e 51 8a 9e 62 9e 22 92 b8 a7 fa 01 ec u7.NQ..b."......
0510 10 7c 21 c9 e8 b8 a6 23 61 7d 75 c8 30 66 b9 67 .|!....#a}u.0f.g
0520 6f d6 51 4d f4 cd 81 49 50 70 e4 80 97 a1 02 11 o.QM...IPp......
0530 49 44 1d e6 f6 24 55 b8 16 df b2 c6 84 05 da 7f ID...$U.........
0540 c7 54 af cb 6b 9a 35 63 .T..k.5c
With "encryptData", miflash executes the following:
Code:
fastboot oem unlock "1f2ebb62_sig.data"
something similar to LG approach with unlock.bin
I suspect that this file is temporarily created inside the miflash folder then deleted once the command is executed
So I think if we can save this file or the code inside it, it will be possible to unlock the bootloader without miflash the next time we want to unlock the bootloader.
I searched "1f2ebb62_sig" in google and didn't found any results, so I hope that we can found something.
All this information is present inside of the file "C:\Users\%USERNAME%\AppData\Roaming\Xiaomi\miflash_unlock\Log\miflash_unlock.log"
[EDIT] As pointed out by @natinusala the 1f2ebb62_sig file contains the serial number in the name
[EDIT] Token var changes every reboot
[EDIT] Progress has been made, check this github repos:
https://github.com/penn5/miunlock
https://github.com/GiorgioUghini/miunlock
Click to expand...
Click to collapse
Can it skip the waiting period?

kouseralamin said:
Can it skip the waiting period?
Click to expand...
Click to collapse
My guess is no. You see, it must hit an API behind Xiaomi's server and returns some encrypted data. It's simple for the API to respond with 4XX and number of waiting hours, i.e. the wait mechanism is protected on the server side.

leledumbo said:
My guess is no. You see, it must hit an API behind Xiaomi's server and returns some encrypted data. It's simple for the API to respond with 4XX and number of waiting hours, i.e. the wait mechanism is protected on the server side.
Click to expand...
Click to collapse
This is still interesting to me. I will keep my eye on this project.

kouseralamin said:
This is still interesting to me. I will keep my eye on this project.
Click to expand...
Click to collapse
We could try a direct firehouse method

Hi. This is a wonderful discovery. Has there been any updates to this project recently?

if crack fastboot????
if error token then flash unlock oem

Here,a working version of the tool.
GitHub - Canny1913/miunlock: A program that can be used to retrieve the bootloader unlock token for Xiaomi devices. (and unlock the bootloader)
A program that can be used to retrieve the bootloader unlock token for Xiaomi devices. (and unlock the bootloader) - GitHub - Canny1913/miunlock: A program that can be used to retrieve the bootload...
github.com
Binding time limit cannot be bypassed since it happens on the server-side.

To get the xxxxxx_sig.data file is quite easy....
The problem is that if you relock the bootloader the TOKEN changes so the xxxxxx_sig.data file becomes useless.

Zibri said:
To get the xxxxxx_sig.data file is quite easy....
The problem is that if you relock the bootloader the TOKEN changes so the xxxxxx_sig.data file becomes useless.
Click to expand...
Click to collapse
How exactly do I get it?

Zibri said:
To get the xxxxxx_sig.data file is quite easy....
The problem is that if you relock the bootloader the TOKEN changes so the xxxxxx_sig.data file becomes useless.
Click to expand...
Click to collapse
how to do it ? can you explain ?

can i unlockit without adding mi account to the phone?