Related
This is the official FunkyHuawei support thread.
FunkyHuawei is a (mostly) paid service which allows you to do the following:
1. Install the latest system software, even before it's released by OTA.
2. Install beta/prerelease system software, without needing to be a beta tester.
3. Recover a bricked phone.
4. Rebranding / Change the region of your phone (China -> Europe, for example, to get Google and so on.)
5. Root your EMUI 8 phone, even with stock recovery (This feature is free)
Except for rooting, all of these features are supported even if you cannot unlock your phone's bootloader.
To find FunkyHuawei, please Google it. Or you can find a link to the service within the following XDA Portal article.
https://www.xda-developers.com/android-oreo-emui-6-huawei-mate-9/
We are pleased to announce FHUnbrickFlashTool -- You can now repair any recent Huawei phone via fastboot, even if you cannot access eRecovery or boot the phone! Even if it doesn't show the Huawei logo, as long as you can get a fastboot connection to your computer, you can recover the phone! Google FHUnbrickFlashTool or check FunkyHuawei's reddit for details.
In cooperation with XDA, FunkyHuawei is offering a free credit to Recognized Developers and Recognized Contributers on XDA.
Please PM me for more details.
We will continue posting in this thread with updates regarding new software versions and releases regarding this device.
We will also be monitoring it so we can help anyone who has issues.
For device-specific information, please see the next post.
P10 Device-Specific Information
The P10 now has a relatively mature community with many methods to do many things.
However, there are still some things only possible with FunkyHuawei, so it would be most useful for:
1. Installing updates on bootloader-locked devices, even if the update is not approved by Huawei for your device.
2. Rebranding bootloader-locked devices, or rebranding to obscure carrier brandings.
3. Restoring bricked devices.
Note that even though the Mate 10 Root tool is designed for the Mate 10, it works perfectly on the P10 running Android O betas.
This tool is FREE, and might be easier than installing TWRP and rooting that way.
Frequently Asked Questions
Q: How much does FunkyHuawei cost?
A: You need to buy credits on the FunkyHuawei website. The price per credit varies depending on the number of credits you buy. Different operations cost different amounts of credits. However, the Root feature of the Mate 10 tool is free, and as mentioned above, Recognized Developers/Contributors of XDA can ask for a free credit.
Q: My phone is bootloader locked, and FRP locked. My bootloader unlock code dosen't work. It won't boot. eRecovery doesn't work. Can you help?
A: Yes. With the Mate 10 this is now a common situation. Contact FunkyHuawei for help in this situation. We'll need to access your computer remotely and the procedure is a little bit complicated, but the phone can be unbricked.
Q: I can't get my bootloader unlock code/don't want to unlock my bootloader, but I want to change my phone to something other than Chinese. Can you help?
A: Yes. Our new FunkyHuawei Rebrand Tool works on ALL recent Huawei phones, to rebrand them to another region even when the bootloader is locked.
Q: I'm not seeing the latest version listed on FunkyHuawei or elsewhere as an OTA. Why not?
A: Huawei has a very odd and unpredictable way of rolling out OTA updates. You can use FunkyHuawei to install the new version immediately, or can wait for the update to be rolled out. It might be a month or more after release until the update reaches your device from Huawei directly. We have no idea why.
Q: Why isn't FunkyHuawei free?
A: Because many of FunkyHuawei's features cost FunkyHuawei money to provide. Features that don't cost FunkyHuawei money to provide, like rooting the Mate 10 or our TWRP build for Mate 9/Oreo, for example, are generally made available for free. There are also bills to pay, kids to put through school, and so on.
Q: I noticed FunkyHuawei in an XDA Portal article!
A: FunkyHuawei loves XDA, and is cooperating with them as much as possible. Recognized Developers and Contributors on the XDA forums are welcome to claim a free credit from FunkyHuawei as well.
Q: I have a different question.
A: This is what this thread is for! Post away!
duraaraa said:
P10 Device-Specific Information
The P10 now has a relatively mature community with many methods to do many things.
However, there are still some things only possible with FunkyHuawei, so it would be most useful for:
1. Installing updates on bootloader-locked devices, even if the update is not approved by Huawei for your device.
2. Rebranding bootloader-locked devices, or rebranding to obscure carrier brandings.
3. Restoring bricked devices..
Click to expand...
Click to collapse
Luckilly the P10 community here is mature enough that there is no longer a need for Funky's services. However effective Funky may be, we can save ourselves the 30bucks and do it ourselves
We are pleased to announce FHUnbrickFlashTool -- You can now repair any recent Huawei phone via fastboot, even if you cannot access eRecovery or boot the phone! Even if it doesn't show the Huawei logo, as long as you can get a fastboot connection to your computer, you can recover the phone! Google FHUnbrickFlashTool or check FunkyHuawei's reddit for details.
We have added a brand new Android O build for the Chinese P10.
You will need to rebrand your phone to VTR-AL00 (all/cn) to install it.
Best to use HiSuite to install it -- check out Mate 10 rebranding information to find the correct version of HiSuite and instructions.
We now have Android O for International P10 and P10 Plus.
Check FunkyHuawei reddit for install instructions, or google for "Android O Builds for International P10 and P10 Plus now available! Instructions inside"
This is great news!!
If I only got some $:crying: but nice news
Does this include Treble?
tiktok1 said:
Does this include Treble?
Click to expand...
Click to collapse
Yes, of course.
Hey all, I'm having a problems to which i've been pulling my hair out and not sure what to do. Essentially, I had my phone rooted, although later decided I wanted to unroot. To unroot I used an app called "simply unroot" however it did not fully unroot my device, just made it worse, my phone does not pass the safety net, however "root checker apps" suggest my phone is not rooted, although some apps recognise my phone as being rooted. My phone bootloader is unlocked, but the OEM toggle in the developer options is not set as enabled, and is NOW greyed out so i cant click it, meaning i do not have access to any fastboot commands and thus cannot flash a recovery.img. Although, believe after having trying to unroot it had automatically disable OEM. I have tried to lock the bootloader in the hopes that OEM toggle would no longer be greyed out, but cannot do this as i dont have access to fastboot commands. Even with TWRP i cannot flash anything just promps me with Error 9. I have tried storing the UPDATE.app within the dload folder, but that doesnt work either. I have no idea how i can recover this device. Fell like i've tried everything. Please help.
rustymole said:
Hey all, I'm having a problems to which i've been pulling my hair out and not sure what to do. Essentially, I had my phone rooted, although later decided I wanted to unroot. To unroot I used an app called "simply unroot" however it did not fully unroot my device, just made it worse, my phone does not pass the safety net, however "root checker apps" suggest my phone is not rooted, although some apps recognise my phone as being rooted. My phone bootloader is unlocked, but the OEM toggle in the developer options is not set as enabled, and is NOW greyed out so i cant click it, meaning i do not have access to any fastboot commands and thus cannot flash a recovery.img. Although, believe after having trying to unroot it had automatically disable OEM. I have tried to lock the bootloader in the hopes that OEM toggle would no longer be greyed out, but cannot do this as i dont have access to fastboot commands. Even with TWRP i cannot flash anything just promps me with Error 9. I have tried storing the UPDATE.app within the dload folder, but that doesnt work either. I have no idea how i can recover this device. Fell like i've tried everything. Please help.
Click to expand...
Click to collapse
Why you pose this question in the "official funkyhuawei support" thread is beyond me....
Only thing that comes to mind is: do you have USB debugging enabled in the developers options? It should be enabled if you want to use ADB or Fastboot.
rustymole said:
Hey all, I'm having a problems to which i've been pulling my hair out and not sure what to do. Essentially, I had my phone rooted, although later decided I wanted to unroot. To unroot I used an app called "simply unroot" however it did not fully unroot my device, just made it worse, my phone does not pass the safety net, however "root checker apps" suggest my phone is not rooted, although some apps recognise my phone as being rooted. My phone bootloader is unlocked, but the OEM toggle in the developer options is not set as enabled, and is NOW greyed out so i cant click it, meaning i do not have access to any fastboot commands and thus cannot flash a recovery.img. Although, believe after having trying to unroot it had automatically disable OEM. I have tried to lock the bootloader in the hopes that OEM toggle would no longer be greyed out, but cannot do this as i dont have access to fastboot commands. Even with TWRP i cannot flash anything just promps me with Error 9. I have tried storing the UPDATE.app within the dload folder, but that doesnt work either. I have no idea how i can recover this device. Fell like i've tried everything. Please help.
Click to expand...
Click to collapse
You can use FunkyHuawei eRecovery method to return it to stock.
I recently updated my P10 VTR L29 C432 from nougat to Oreo B360 via oreoupgrade script method as posted in forum but after update my bootloader seems to be locked again i wanted to root my phone via installing TWRP but it's not allowed by fastboot
Any solution or any solution to unlock bootloader or root the phone without losing data !? I have too much files and apps on phone that i won't lose
Hi all,
Wishing you all a happy New Year in arrears and the very best for the next 12 months.
I've got a problem with my device, its a STF-AL10 model with international rom bought during the November Sales.
It came with STF-L09C432B150 installed, I got the bootloader unlocked, TWRP installed and rooted with Magisk and was working fine except the capacitive buttons.
I thought I could live without capacitive buttons but I didn't work out and I had the urge to find a solution. After some intensive reseach (48hrs on a weekend in my 'lab') it seems the B120 firmware had no issues with the capacitive buttons, so I tried to downgrade to that and thats when the problems started.
Coming from an ancient Sony Z2, I never had issues flashing ROMS, Kernels and the sort as it was almost always easily done in TWRP or CWM (I had a Multi boot thing going, so I chose which recovery I fancied!). Anyway this are my issues now:
- Obviously, my phone was rebranded at origin as I know for sure AL-10 is not for EU market
- I tried restoring the same STF-L09C432B150 (rollback package found on XDA) with DC-Unlocker (wasted 19 Euro) but did not work. Always stops at 5% near end of flashing.
- Tried B130. same error.
- Tried Chinese STF-AL10C00B110. Same error.
- Tried full board flash for STF-AL10 with all DC Phoenix files. Same error.
- Tried forced method with files on a Sandisk SDcard (64GB) formatted to exFAT. Fails, wrong files.
- I noticed that in ADB, it said my bootloader was unlocked but FRP locked.
- After board flash, ADB said Bootloader unlocked (nothing about FRP) but in Muli-tool it says LOCKED.
- Now all ADB commands the write to the phone give errors.
DC-unlocker support keep on saying I should use the correct firmware for my phone, ok but the phone was rebranded at source...do use a Chinese firmware first then update ?
in desperation I did another full board flash but this time I think I wiped oeminfo and Vendor partions. ( I think this is what caused the HARD-BRICK!). Now no Honor logo, no Recovery, No eRecovery, nothing but a blank black screen. ADB still works but no status about bootloader or FRP.
IMEI has changed to 0123456789ABCDEF
You can all laugh and shake your heads which I will take as my punishment but is there a solution to all this, I'm willing to pay another 19 EUR for DC-Phoenix if it helps to fix my phone and if possible get it rooted with all buttons and functions working. That was my intension all along (I'm not really interested in custom Roms, just root access!).
HCU tool for some reason does not install on my computer, and besides, the phone does not boot into an OS to be able to change OEM and VENDOR data.
I even tried the HOTA.zip in the ReBRAND HONOR 9 thread but the file is missing (link down).
And to top it all there is no UK service center.
Please advise...
I think DC unlock is not supported for thì this model. Did Did you try Huawei Funky???
Apparently all versions of Honor 9 are supported by DC-unlocker and DC-Pheonix....
ums1405 said:
Hi all,
Wishing you all a happy New Year in arrears and the very best for the next 12 months.
I've got a problem with my device, its a STF-AL10 model with international rom bought during the November Sales.
It came with STF-L09C432B150 installed, I got the bootloader unlocked, TWRP installed and rooted with Magisk and was working fine except the capacitive buttons.
I thought I could live without capacitive buttons but I didn't work out and I had the urge to find a solution. After some intensive reseach (48hrs on a weekend in my 'lab') it seems the B120 firmware had no issues with the capacitive buttons, so I tried to downgrade to that and thats when the problems started.
Coming from an ancient Sony Z2, I never had issues flashing ROMS, Kernels and the sort as it was almost always easily done in TWRP or CWM (I had a Multi boot thing going, so I chose which recovery I fancied!). Anyway this are my issues now:
- Obviously, my phone was rebranded at origin as I know for sure AL-10 is not for EU market
- I tried restoring the same STF-L09C432B150 (rollback package found on XDA) with DC-Unlocker (wasted 19 Euro) but did not work. Always stops at 5% near end of flashing.
- Tried B130. same error.
- Tried Chinese STF-AL10C00B110. Same error.
- Tried full board flash for STF-AL10 with all DC Phoenix files. Same error.
- Tried forced method with files on a Sandisk SDcard (64GB) formatted to exFAT. Fails, wrong files.
- I noticed that in ADB, it said my bootloader was unlocked but FRP locked.
- After board flash, ADB said Bootloader unlocked (nothing about FRP) but in Muli-tool it says LOCKED.
- Now all ADB commands the write to the phone give errors.
DC-unlocker support keep on saying I should use the correct firmware for my phone, ok but the phone was rebranded at source...do use a Chinese firmware first then update ?
in desperation I did another full board flash but this time I think I wiped oeminfo and Vendor partions. ( I think this is what caused the HARD-BRICK!). Now no Honor logo, no Recovery, No eRecovery, nothing but a blank black screen. ADB still works but no status about bootloader or FRP.
IMEI has changed to 0123456789ABCDEF
You can all laugh and shake your heads which I will take as my punishment but is there a solution to all this, I'm willing to pay another 19 EUR for DC-Phoenix if it helps to fix my phone and if possible get it rooted with all buttons and functions working. That was my intension all along (I'm not really interested in custom Roms, just root access!).
HCU tool for some reason does not install on my computer, and besides, the phone does not boot into an OS to be able to change OEM and VENDOR data.
I even tried the HOTA.zip in the ReBRAND HONOR 9 thread but the file is missing (link down).
And to top it all there is no UK service center.
Please advise...
Click to expand...
Click to collapse
Try stock service B130 firmware:
https://forum.xda-developers.com/honor-9/how-to/stf-l09c432b130-capacitive-buttons-100-t3729106
Instead of step 4 do forced upload: VOLUME UP + VOLUME DOWN + POWER
Hi,
I've managed to re flash b150. In doing so I got back recovery and erecovery but when you reach that final stage of the process the phone stops at 5%. When I reboot to recovery, factory reset stops at 35%
Any ideas
?
Sent from my [device_name] using XDA-Developers Legacy app
ADB now showing BOOTLOAD UNLOCKED but there is no FRP status.
Sent from my [device_name] using XDA-Developers Legacy app
ums1405 said:
ADB now showing BOOTLOAD UNLOCKED but there is no FRP status.
Sent from my [device_name] using XDA-Developers Legacy app
Click to expand...
Click to collapse
FRP status is not only on Chinese phones
you need to sew firmware for al10
The phone was rebounded by the shop I bought it from.
It said STF-L09B150 indexical info when the phone was working.
So if I'm going to repair this brick what update files should I use?
Original Chinese or the b150 used when rebranded?
Sent from my [device_name] using XDA-Developers Legacy app
Hi all,
FYI, I've sent the phone back to the shop I bought it from.
I'll take my chances, better than paying money for something that may not work.
Thanks everyone for showing interest in my situation, I let you all know how I get along with this issue.
Ps.: As a community, lets push Huawei/Honor to release Kernel Sources for this model and others like the P10 Plus.
Ps: Huawei/Honor have to realise that a strong developer community adds value and desirability to a product. That's how a product becomes 'Cool' translating into more revenue/customers/profit - eg OnePlus.
.
Hi all, a quick update .....
Sent the phone back and from what I gather the phone actually had an issue with the main board.
Now enjoying a brand new MATE 10 (Non-pro with 6/128gb) in beautiful Obsidian black.
Wonderful.
Back in december/january some users reported a glitch while rebranding STF-AL10 to STF-L09 with the old nougat hwota (at oem bin flashing step).
After editing hwota script, then rebranded : they ended with a FRP locked status.
Their only way to unlock frp was with dcunlocker or funkyhuawei I don't remember.
After frp unlocked, their bootloader wasn't seen through fastboot.
I think this could be solved by regedit a value in registry.
To my knowledge the only public firmware files working with the dload way (3 buttons + usb connected) are the one titled "service repair", the others one won't work dload as they are. They are for hwota or forcing "official" ota.
So I've been stuck waiting (probably forever) for my carrier (AT&T México) to push out EMUI 9. Been asking in their forums on a release date and they said they don't have one but it's coming "soon" (never).
I'm looking into changing the firmware into stock EMUI (no carrier firmware) so I can get EMUI 9 and future updates (like EMUI 9.1) as soon as they come out.
Thing is, I'm gonna need some really detailed help since this is my first phone and I've never done any of that advanced flashing stuff and whatever on it.
Would really appreciate the help guys
Phone info:
Mate 10 ALP-L09
8.0.0.137 C212
CUSTC212D001
AT&T México (bought through the carrier. Has carrier firmware, not sure if it matters)
Phone also displays this whenever it boots up (I think it means the bootloader is unlocked? Even though I've never tinkered with the phone):
Your device has failed verification and may not work properly.
To learn more, visit:
(forum won't let me post)
----------------------------------------------------------------------------------------------------------
(1) Press Power key to continue.
(2) Press Volume Up key up to 3 seconds to enter erecovery to restore your device.
(3) Your device will stop start, if there is no operation.
----------------------------------------------------------------------------------------------------------
Hey there! First post.
Before Huawei stopped giving unlock codes in 2018 I got mine but I never unlocked because of warranty. Now I really want to unlock but from EMUI 9 onwards (I have 10.0.0.202(C432E9R1P3) installed) they removed the possibility of unlocking via the
Bash:
fastboot flashing unlock
command. I spoke today with Huawei technical support and they confirmed that, without rolling back to EMUI 8, I will not be able to unlock even with the code.
This leads us to the second issue: I cannot rollback via HiSuite, it does not show me the "other versions" button that could roll me back. Huawei support told me that button is the only official way and as it is now it is impossible for me to do a rollback due to security concerns of old EMUI versions. He also told me that the unofficial way is to install the system myself in someway he could not help me with.
I tried everything I could find online and everything I could think of but nothing worked: How do I rollback to EMUI 8 to get the unlock work?
Thanks in advance
Hello Fellows,
I've got a Redmi 9 Pro for Linux purposes, but the phone came with FRP triggered and of course, I couldn't get access to the sellers
account. I spare you the details, because I am sure, every one knows a story like that.
I checked xda and the web about guides for quite some time, and actually found a lot of them, but none of them worked. At the end I could combine
some of these guides to actually make it happened. I've created a little screen recording to show all the steps that worked for my device.
Yes you can actually install and open almost every apk even with a triggered FRP. Almost means, you can even enable the developer options, but
they don't show anything for that user.
Initial situation:
Xiaomi Redmi 9 Pro EEA (joyeuse)
Bootloader Locked
triggered FRP Lock
find my device - OFF
No MI-Account
Software Variant 1:
Firmware: MIUI V12.0.2.0.QJZEUXM Stable Official Update for Redmi Note 9 Pro EEA (joyeuse)
Android 10 - Miui 12
Android Security Patch Date: 2021-01-21
Software Variant 2:
Firmware: MIUI V12.5.8.0.RJZEUXM Stable Official Update for Redmi Note 9 Pro EEA (joyeuse)
Android 11 - Miui 12.5
Android Security Patch Date: 2022-03-01
FRP Bypass start conditions:
Wifi is connected
The basic idea and steps:
Get into System Settings via the Help & Feedback from Gmail to disable and stop certain apps.
Only for this is the wifi needed, if you type delete, the right help topic will show up
2x Android Setup
Carrier Dafault App
Google Play Services (must be disabled at the very last)
enable the Accessibility Suite to re-enable Google Play Services at the right moment
Continue the actually process to setup the phone, the procedure will stuck at "Just a sec..." "Checking for updates..."
now try to re-enable the Google Play Services, once this is done, the FRP Bypass will take place the next step
One important note, after enabling Google Play Services, its Storage and Cache must be deleted!
This is one of the main reasons why it didn't worked for me the first 100 times i tried.
It does go through though, but right at the moment the setup is finished, the FRP Lock gets triggered and
we are back at the beginning.
Enabling the Google Play Services can be annoying, because the screen is flashing/changing so fast, that the touch
will not be accepted right away. But there is plenty of time to try until it hits.
Finish the setup process until you see the home screen
Execute the factory reset over the settings menu and the FRP is gone for good
Optional, you can enable oem unlock before you factory reset the phone
With oem unlock enabled, the phone can't get FRP Lock on.
Spoiler: FRP Bypass and Reset Android 10 - Miui 12
Spoiler: FRP Bypass and Reset Android 11 - Miui 12.5
Regarding Bootloader Unlock, which es mandatory to install Linux (Ubuntu Touch) on this phone.
I couldn't found any free way to either unlock the bootloader without Mi-Account, or reboot the phone into EDL.
They are some Apps I tried so far:
Xiaomi Sideload Tool and ROM2box from Romprovider.com
But they need MIUI Recovery 5.0, and I only have MIUI Recovery 3.0
And don't want to upgrade, because Ubuntu Touch need Android 10
Does anybody have more information about that exploit these Sideload Apps are using?
I don't get how you can read data from and adb sideload connection, where you just can upload zip files
for updates
EDL from the famous Bjoern Kerler "bkerler" (MTK-Client)
For this tool the phone must be in EDL Mode, which I can't get into it
Does anybody know a way how to do that without Test Point? I tried so many ways, but none worked.
I even compiled fastboot and adb from AOSP, but the "old" ways like reboot-edl don't work.
My last hope is a USB-C V2 Cable/Dongle from Team Hydra.
Updates will follow...
[Update 1: 2023-04-25]
The FRP Bypass Procedure also works on Android 11 MIUI 12.5
[Update 2: 2023-04-25]
I've built the EDL Cable/Dongle, but it didn't work. I've bought the official
Hydra EDL Cable V2, exact same result, it also didn't work. Hydra refuses to give me a straight answer to this issue, even as a customer. The shop I've bought it
from, asked Hydra as well, with the feedback, this could be a SPD issue.
But still, they refuse to tell me, which SPD I need to get it working. At this
time I was on SPD 2021-01-21, and they published the EDL Cable Pinouts in Dec. 2022 [Latest Security]. So this was a very false promise from Hydra or rather mobilerdx, not sure who's to blame here, perhaps myself.
[Update 3: 2023-04-25]
I've wrote an ADB and Fastboot Sniffer for Windows. Which worked
pretty well, and I was able to get the ADB commands from the Xiaomi Sideload Tool. So the Exploit is basically, that you can perform ADB PULL and ADB PUSH while your in SIDELOAD Mode, that's it. And that it uses a built-in command to gather the partition structure while you are in the
normal ADB Mode.
With that knowledge now, I've also wrote a Bash pendant from the Xiaomi Sideload Tool -> Xiaomi SideLoad Terminal Tool (xsltt). Which inherits all its functions plus a bit more user comfort.
With this tool, I was able to delete my xloader, and the device now boots
straight into EDL Mode. Which is great, you can call this a Software Testpoint.
But, there is always a but, it seems that there is still no proper firehose file out there, that bypasses this annoying EDL authentication. And no, I will not even try to bypass that myself, this is way over my head.
So I would very much appriciate it, if someone can point me to a working firehose file that bypasses the EDL authentication for the Redmi Note 9 Pro (joyeuse).
I am facing the same problem, can not find the right firehose tool.
And all the apps that claim they have proper firehose file are all paid service.
since you have hydra tool, did they work for the edl? since they said they have the right firehose file.
ccaye said:
I am facing the same problem, can not find the right firehose tool.
And all the apps that claim they have proper firehose file are all paid service.
since you have hydra tool, did they work for the edl? since they said they have the right firehose file.
Click to expand...
Click to collapse
Haha, no they don't. They even recommended me the hydra dongle in their own telegram support channel. Now i have this dongle since a day, they say it is not supported in EDL Mode, only Sideload mode. And now i have to find someone who can fix the phone remotely with a auth service account. Isn't it great?
I'
newbit said:
Hello Fellows,
I've got a Redmi 9 Pro for Linux purposes, but the phone came with FRP triggered and of course, I couldn't get access to the sellers
account. I spare you the details, because I am sure, every one knows a story like that.
I checked xda and the web about guides for quite some time, and actually found a lot of them, but none of them worked. At the end I could combine
some of these guides to actually make it happened. I've created a little screen recording to show all the steps that worked for my device.
Yes you can actually install and open almost every apk even with a triggered FRP. Almost means, you can even enable the developer options, but
they don't show anything for that user.
Initial situation:
Xiaomi Redmi 9 Pro EEA (joyeuse)
Bootloader Locked
triggered FRP Lock
find my device - OFF
No MI-Account
Software Variant 1:
Firmware: MIUI V12.0.2.0.QJZEUXM Stable Official Update for Redmi Note 9 Pro EEA (joyeuse)
Android 10 - Miui 12
Android Security Patch Date: 2021-01-21
Software Variant 2:
Firmware: MIUI V12.5.8.0.RJZEUXM Stable Official Update for Redmi Note 9 Pro EEA (joyeuse)
Android 11 - Miui 12.5
Android Security Patch Date: 2022-03-01
FRP Bypass start conditions:
Wifi is connected
The basic idea and steps:
Get into System Settings via the Help & Feedback from Gmail to disable and stop certain apps.
Only for this is the wifi needed, if you type delete, the right help topic will show up
2x Android Setup
Carrier Dafault App
Google Play Services (must be disabled at the very last)
enable the Accessibility Suite to re-enable Google Play Services at the right moment
Continue the actually process to setup the phone, the procedure will stuck at "Just a sec..." "Checking for updates..."
now try to re-enable the Google Play Services, once this is done, the FRP Bypass will take place the next step
One important note, after enabling Google Play Services, its Storage and Cache must be deleted!
This is one of the main reasons why it didn't worked for me the first 100 times i tried.
It does go through though, but right at the moment the setup is finished, the FRP Lock gets triggered and
we are back at the beginning.
Enabling the Google Play Services can be annoying, because the screen is flashing/changing so fast, that the touch
will not be accepted right away. But there is plenty of time to try until it hits.
Finish the setup process until you see the home screen
Execute the factory reset over the settings menu and the FRP is gone for good
Optional, you can enable oem unlock before you factory reset the phone
With oem unlock enabled, the phone can't get FRP Lock on.
Spoiler: FRP Bypass and Reset Android 10 - Miui 12
Spoiler: FRP Bypass and Reset Android 11 - Miui 12.5
Regarding Bootloader Unlock, which es mandatory to install Linux (Ubuntu Touch) on this phone.
I couldn't found any free way to either unlock the bootloader without Mi-Account, or reboot the phone into EDL.
They are some Apps I tried so far:
Xiaomi Sideload Tool and ROM2box from Romprovider.com
But they need MIUI Recovery 5.0, and I only have MIUI Recovery 3.0
And don't want to upgrade, because Ubuntu Touch need Android 10
Does anybody have more information about that exploit these Sideload Apps are using?
I don't get how you can read data from and adb sideload connection, where you just can upload zip files
for updates
EDL from the famous Bjoern Kerler "bkerler" (MTK-Client)
For this tool the phone must be in EDL Mode, which I can't get into it
Does anybody know a way how to do that without Test Point? I tried so many ways, but none worked.
I even compiled fastboot and adb from AOSP, but the "old" ways like reboot-edl don't work.
My last hope is a USB-C V2 Cable/Dongle from Team Hydra.
Updates will follow...
[Update 1: 2023-04-25]
The FRP Bypass Procedure also works on Android 11 MIUI 12.5
[Update 2: 2023-04-25]
I've built the EDL Cable/Dongle, but it didn't work. I've bought the official
Hydra EDL Cable V2, exact same result, it also didn't work. Hydra refuses to give me a straight answer to this issue, even as a customer. The shop I've bought it
from, asked Hydra as well, with the feedback, this could be a SPD issue.
But still, they refuse to tell me, which SPD I need to get it working. At this
time I was on SPD 2021-01-21, and they published the EDL Cable Pinouts in Dec. 2022 [Latest Security]. So this was a very false promise from Hydra or rather mobilerdx, not sure who's to blame here, perhaps myself.
[Update 3: 2023-04-25]
I've wrote an ADB and Fastboot Sniffer for Windows. Which worked
pretty well, and I was able to get the ADB commands from the Xiaomi Sideload Tool. So the Exploit is basically, that you can perform ADB PULL and ADB PUSH while your in SIDELOAD Mode, that's it. And that it uses a built-in command to gather the partition structure while you are in the
normal ADB Mode.
With that knowledge now, I've also wrote a Bash pendant from the Xiaomi Sideload Tool -> Xiaomi SideLoad Terminal Tool (xsltt). Which inherits all its functions plus a bit more user comfort.
With this tool, I was able to delete my xloader, and the device now boots
straight into EDL Mode. Which is great, you can call this a Software Testpoint.
But, there is always a but, it seems that there is still no proper firehose file out there, that bypasses this annoying EDL authentication. And no, I will not even try to bypass that myself, this is way over my head.
So I would very much appriciate it, if someone can point me to a working firehose file that bypasses the EDL authentication for the Redmi Note 9 Pro (joyeuse).
Click to expand...
Click to collapse
I'm ready to fund for research cause. I will invest in the tool that I know which allows EDL authentication so that we can verify if it works with your device.
Please let me know so that together we can succed in fixing your phone.
mvikrant97 said:
I'
I'm ready to fund for research cause. I will invest in the tool that I know which allows EDL authentication so that we can verify if it works with your device.
Please let me know so that together we can succed in fixing your phone.
Click to expand...
Click to collapse
Thank you for your generous offer, I am not sure If I understand you right, plus I don't have the need
for charity. To be honest, I don't even have a clue, what to believe now. They all promise you honey
flowing in rivers, but can't really deliver.
They are tools called EMT and UAT Pro. Never heard about them before. But they claim they have
auth support for this model in EDL mode. UAT even offers a pure software solution for an affordable price.
If you are willing to fund your self, please try it out, and report back.
newbit said:
Thank you for your generous offer, I am not sure If I understand you right, plus I don't have the need
for charity. To be honest, I don't even have a clue, what to believe now. They all promise you honey
flowing in rivers, but can't really deliver.
They are tools called EMT and UAT Pro. Never heard about them before. But they claim they have
auth support for this model in EDL mode. UAT even offers a pure software solution for an affordable price.
If you are willing to fund your self, please try it out, and report back.
Click to expand...
Click to collapse
I won't be investing in those tools. Both EMT and UAT allow auth flashing however I know a tool called Xiaomi Pro tool which supports auth flashing and it works and the investment is pretty low so I can invest in that tool to help you out with auth flashing.
I cannot discuss any further as XDA does not allow that.
mvikrant97 said:
I won't be investing in those tools. Both EMT and UAT allow auth flashing however I know a tool called Xiaomi Pro tool which supports auth flashing and it works and the investment is pretty low so I can invest in that tool to help you out with auth flashing.
I cannot discuss any further as XDA does not allow that.
Click to expand...
Click to collapse
Yeah that's weird, I've read this a lot, never had any issues with XDA about that.
Anyways, I can't find any manufacture website to the Xiaomi Pro Tool, so I cannot compare.
I think 15 bucks for are 3 Months time period is much cheaper compared to the 110 I've paid
for this Hydra Dongle, which brings me zero yet. So please, write me a PM with a link to a shop.
Just a little Update.
Thank your @mvikrant97, Xiaomi Fire Tool did the trick. They don't unlock bootloader,
but flash firmware with EDL auth. And now my phone is back to life. Support was very good, in fact,
they were the only ones who responded at all. Very patience and polite as well. Plus, very affordable.
Once my phone is fully charged, battery was totally drained since it was in EDL Mode for weeks, I will see
what Hydra has to offer. Btw: They've banned me from their Support Channel, without any explanation.
I guess I asked the wrong questions, pitty.
newbit said:
Just a little Update.
Thank your @mvikrant97, Xiaomi Fire Tool did the trick. They don't unlock bootloader,
but flash firmware with EDL auth. And now my phone is back to life. Support was very good, in fact,
they were the only ones who responded at all. Very patience and polite as well. Plus, very affordable.
Once my phone is fully charged, battery was totally drained since it was in EDL Mode for weeks, I will see
what Hydra has to offer. Btw: They've banned me from their Support Channel, without any explanation.
I guess I asked the wrong questions, pitty.
Click to expand...
Click to collapse
I'm very happy to learn that your phone is fixed.
While the rest we can discuss in PM!