Hello Fellows,
I've got a Redmi 9 Pro for Linux purposes, but the phone came with FRP triggered and of course, I couldn't get access to the sellers
account. I spare you the details, because I am sure, every one knows a story like that.
I checked xda and the web about guides for quite some time, and actually found a lot of them, but none of them worked. At the end I could combine
some of these guides to actually make it happened. I've created a little screen recording to show all the steps that worked for my device.
Yes you can actually install and open almost every apk even with a triggered FRP. Almost means, you can even enable the developer options, but
they don't show anything for that user.
Initial situation:
Xiaomi Redmi 9 Pro EEA (joyeuse)
Bootloader Locked
triggered FRP Lock
find my device - OFF
No MI-Account
Software Variant 1:
Firmware: MIUI V12.0.2.0.QJZEUXM Stable Official Update for Redmi Note 9 Pro EEA (joyeuse)
Android 10 - Miui 12
Android Security Patch Date: 2021-01-21
Software Variant 2:
Firmware: MIUI V12.5.8.0.RJZEUXM Stable Official Update for Redmi Note 9 Pro EEA (joyeuse)
Android 11 - Miui 12.5
Android Security Patch Date: 2022-03-01
FRP Bypass start conditions:
Wifi is connected
The basic idea and steps:
Get into System Settings via the Help & Feedback from Gmail to disable and stop certain apps.
Only for this is the wifi needed, if you type delete, the right help topic will show up
2x Android Setup
Carrier Dafault App
Google Play Services (must be disabled at the very last)
enable the Accessibility Suite to re-enable Google Play Services at the right moment
Continue the actually process to setup the phone, the procedure will stuck at "Just a sec..." "Checking for updates..."
now try to re-enable the Google Play Services, once this is done, the FRP Bypass will take place the next step
One important note, after enabling Google Play Services, its Storage and Cache must be deleted!
This is one of the main reasons why it didn't worked for me the first 100 times i tried.
It does go through though, but right at the moment the setup is finished, the FRP Lock gets triggered and
we are back at the beginning.
Enabling the Google Play Services can be annoying, because the screen is flashing/changing so fast, that the touch
will not be accepted right away. But there is plenty of time to try until it hits.
Finish the setup process until you see the home screen
Execute the factory reset over the settings menu and the FRP is gone for good
Optional, you can enable oem unlock before you factory reset the phone
With oem unlock enabled, the phone can't get FRP Lock on.
Spoiler: FRP Bypass and Reset Android 10 - Miui 12
Spoiler: FRP Bypass and Reset Android 11 - Miui 12.5
Regarding Bootloader Unlock, which es mandatory to install Linux (Ubuntu Touch) on this phone.
I couldn't found any free way to either unlock the bootloader without Mi-Account, or reboot the phone into EDL.
They are some Apps I tried so far:
Xiaomi Sideload Tool and ROM2box from Romprovider.com
But they need MIUI Recovery 5.0, and I only have MIUI Recovery 3.0
And don't want to upgrade, because Ubuntu Touch need Android 10
Does anybody have more information about that exploit these Sideload Apps are using?
I don't get how you can read data from and adb sideload connection, where you just can upload zip files
for updates
EDL from the famous Bjoern Kerler "bkerler" (MTK-Client)
For this tool the phone must be in EDL Mode, which I can't get into it
Does anybody know a way how to do that without Test Point? I tried so many ways, but none worked.
I even compiled fastboot and adb from AOSP, but the "old" ways like reboot-edl don't work.
My last hope is a USB-C V2 Cable/Dongle from Team Hydra.
Updates will follow...
[Update 1: 2023-04-25]
The FRP Bypass Procedure also works on Android 11 MIUI 12.5
[Update 2: 2023-04-25]
I've built the EDL Cable/Dongle, but it didn't work. I've bought the official
Hydra EDL Cable V2, exact same result, it also didn't work. Hydra refuses to give me a straight answer to this issue, even as a customer. The shop I've bought it
from, asked Hydra as well, with the feedback, this could be a SPD issue.
But still, they refuse to tell me, which SPD I need to get it working. At this
time I was on SPD 2021-01-21, and they published the EDL Cable Pinouts in Dec. 2022 [Latest Security]. So this was a very false promise from Hydra or rather mobilerdx, not sure who's to blame here, perhaps myself.
[Update 3: 2023-04-25]
I've wrote an ADB and Fastboot Sniffer for Windows. Which worked
pretty well, and I was able to get the ADB commands from the Xiaomi Sideload Tool. So the Exploit is basically, that you can perform ADB PULL and ADB PUSH while your in SIDELOAD Mode, that's it. And that it uses a built-in command to gather the partition structure while you are in the
normal ADB Mode.
With that knowledge now, I've also wrote a Bash pendant from the Xiaomi Sideload Tool -> Xiaomi SideLoad Terminal Tool (xsltt). Which inherits all its functions plus a bit more user comfort.
With this tool, I was able to delete my xloader, and the device now boots
straight into EDL Mode. Which is great, you can call this a Software Testpoint.
But, there is always a but, it seems that there is still no proper firehose file out there, that bypasses this annoying EDL authentication. And no, I will not even try to bypass that myself, this is way over my head.
So I would very much appriciate it, if someone can point me to a working firehose file that bypasses the EDL authentication for the Redmi Note 9 Pro (joyeuse).
I am facing the same problem, can not find the right firehose tool.
And all the apps that claim they have proper firehose file are all paid service.
since you have hydra tool, did they work for the edl? since they said they have the right firehose file.
ccaye said:
I am facing the same problem, can not find the right firehose tool.
And all the apps that claim they have proper firehose file are all paid service.
since you have hydra tool, did they work for the edl? since they said they have the right firehose file.
Click to expand...
Click to collapse
Haha, no they don't. They even recommended me the hydra dongle in their own telegram support channel. Now i have this dongle since a day, they say it is not supported in EDL Mode, only Sideload mode. And now i have to find someone who can fix the phone remotely with a auth service account. Isn't it great?
I'
newbit said:
Hello Fellows,
I've got a Redmi 9 Pro for Linux purposes, but the phone came with FRP triggered and of course, I couldn't get access to the sellers
account. I spare you the details, because I am sure, every one knows a story like that.
I checked xda and the web about guides for quite some time, and actually found a lot of them, but none of them worked. At the end I could combine
some of these guides to actually make it happened. I've created a little screen recording to show all the steps that worked for my device.
Yes you can actually install and open almost every apk even with a triggered FRP. Almost means, you can even enable the developer options, but
they don't show anything for that user.
Initial situation:
Xiaomi Redmi 9 Pro EEA (joyeuse)
Bootloader Locked
triggered FRP Lock
find my device - OFF
No MI-Account
Software Variant 1:
Firmware: MIUI V12.0.2.0.QJZEUXM Stable Official Update for Redmi Note 9 Pro EEA (joyeuse)
Android 10 - Miui 12
Android Security Patch Date: 2021-01-21
Software Variant 2:
Firmware: MIUI V12.5.8.0.RJZEUXM Stable Official Update for Redmi Note 9 Pro EEA (joyeuse)
Android 11 - Miui 12.5
Android Security Patch Date: 2022-03-01
FRP Bypass start conditions:
Wifi is connected
The basic idea and steps:
Get into System Settings via the Help & Feedback from Gmail to disable and stop certain apps.
Only for this is the wifi needed, if you type delete, the right help topic will show up
2x Android Setup
Carrier Dafault App
Google Play Services (must be disabled at the very last)
enable the Accessibility Suite to re-enable Google Play Services at the right moment
Continue the actually process to setup the phone, the procedure will stuck at "Just a sec..." "Checking for updates..."
now try to re-enable the Google Play Services, once this is done, the FRP Bypass will take place the next step
One important note, after enabling Google Play Services, its Storage and Cache must be deleted!
This is one of the main reasons why it didn't worked for me the first 100 times i tried.
It does go through though, but right at the moment the setup is finished, the FRP Lock gets triggered and
we are back at the beginning.
Enabling the Google Play Services can be annoying, because the screen is flashing/changing so fast, that the touch
will not be accepted right away. But there is plenty of time to try until it hits.
Finish the setup process until you see the home screen
Execute the factory reset over the settings menu and the FRP is gone for good
Optional, you can enable oem unlock before you factory reset the phone
With oem unlock enabled, the phone can't get FRP Lock on.
Spoiler: FRP Bypass and Reset Android 10 - Miui 12
Spoiler: FRP Bypass and Reset Android 11 - Miui 12.5
Regarding Bootloader Unlock, which es mandatory to install Linux (Ubuntu Touch) on this phone.
I couldn't found any free way to either unlock the bootloader without Mi-Account, or reboot the phone into EDL.
They are some Apps I tried so far:
Xiaomi Sideload Tool and ROM2box from Romprovider.com
But they need MIUI Recovery 5.0, and I only have MIUI Recovery 3.0
And don't want to upgrade, because Ubuntu Touch need Android 10
Does anybody have more information about that exploit these Sideload Apps are using?
I don't get how you can read data from and adb sideload connection, where you just can upload zip files
for updates
EDL from the famous Bjoern Kerler "bkerler" (MTK-Client)
For this tool the phone must be in EDL Mode, which I can't get into it
Does anybody know a way how to do that without Test Point? I tried so many ways, but none worked.
I even compiled fastboot and adb from AOSP, but the "old" ways like reboot-edl don't work.
My last hope is a USB-C V2 Cable/Dongle from Team Hydra.
Updates will follow...
[Update 1: 2023-04-25]
The FRP Bypass Procedure also works on Android 11 MIUI 12.5
[Update 2: 2023-04-25]
I've built the EDL Cable/Dongle, but it didn't work. I've bought the official
Hydra EDL Cable V2, exact same result, it also didn't work. Hydra refuses to give me a straight answer to this issue, even as a customer. The shop I've bought it
from, asked Hydra as well, with the feedback, this could be a SPD issue.
But still, they refuse to tell me, which SPD I need to get it working. At this
time I was on SPD 2021-01-21, and they published the EDL Cable Pinouts in Dec. 2022 [Latest Security]. So this was a very false promise from Hydra or rather mobilerdx, not sure who's to blame here, perhaps myself.
[Update 3: 2023-04-25]
I've wrote an ADB and Fastboot Sniffer for Windows. Which worked
pretty well, and I was able to get the ADB commands from the Xiaomi Sideload Tool. So the Exploit is basically, that you can perform ADB PULL and ADB PUSH while your in SIDELOAD Mode, that's it. And that it uses a built-in command to gather the partition structure while you are in the
normal ADB Mode.
With that knowledge now, I've also wrote a Bash pendant from the Xiaomi Sideload Tool -> Xiaomi SideLoad Terminal Tool (xsltt). Which inherits all its functions plus a bit more user comfort.
With this tool, I was able to delete my xloader, and the device now boots
straight into EDL Mode. Which is great, you can call this a Software Testpoint.
But, there is always a but, it seems that there is still no proper firehose file out there, that bypasses this annoying EDL authentication. And no, I will not even try to bypass that myself, this is way over my head.
So I would very much appriciate it, if someone can point me to a working firehose file that bypasses the EDL authentication for the Redmi Note 9 Pro (joyeuse).
Click to expand...
Click to collapse
I'm ready to fund for research cause. I will invest in the tool that I know which allows EDL authentication so that we can verify if it works with your device.
Please let me know so that together we can succed in fixing your phone.
mvikrant97 said:
I'
I'm ready to fund for research cause. I will invest in the tool that I know which allows EDL authentication so that we can verify if it works with your device.
Please let me know so that together we can succed in fixing your phone.
Click to expand...
Click to collapse
Thank you for your generous offer, I am not sure If I understand you right, plus I don't have the need
for charity. To be honest, I don't even have a clue, what to believe now. They all promise you honey
flowing in rivers, but can't really deliver.
They are tools called EMT and UAT Pro. Never heard about them before. But they claim they have
auth support for this model in EDL mode. UAT even offers a pure software solution for an affordable price.
If you are willing to fund your self, please try it out, and report back.
newbit said:
Thank you for your generous offer, I am not sure If I understand you right, plus I don't have the need
for charity. To be honest, I don't even have a clue, what to believe now. They all promise you honey
flowing in rivers, but can't really deliver.
They are tools called EMT and UAT Pro. Never heard about them before. But they claim they have
auth support for this model in EDL mode. UAT even offers a pure software solution for an affordable price.
If you are willing to fund your self, please try it out, and report back.
Click to expand...
Click to collapse
I won't be investing in those tools. Both EMT and UAT allow auth flashing however I know a tool called Xiaomi Pro tool which supports auth flashing and it works and the investment is pretty low so I can invest in that tool to help you out with auth flashing.
I cannot discuss any further as XDA does not allow that.
mvikrant97 said:
I won't be investing in those tools. Both EMT and UAT allow auth flashing however I know a tool called Xiaomi Pro tool which supports auth flashing and it works and the investment is pretty low so I can invest in that tool to help you out with auth flashing.
I cannot discuss any further as XDA does not allow that.
Click to expand...
Click to collapse
Yeah that's weird, I've read this a lot, never had any issues with XDA about that.
Anyways, I can't find any manufacture website to the Xiaomi Pro Tool, so I cannot compare.
I think 15 bucks for are 3 Months time period is much cheaper compared to the 110 I've paid
for this Hydra Dongle, which brings me zero yet. So please, write me a PM with a link to a shop.
Just a little Update.
Thank your @mvikrant97, Xiaomi Fire Tool did the trick. They don't unlock bootloader,
but flash firmware with EDL auth. And now my phone is back to life. Support was very good, in fact,
they were the only ones who responded at all. Very patience and polite as well. Plus, very affordable.
Once my phone is fully charged, battery was totally drained since it was in EDL Mode for weeks, I will see
what Hydra has to offer. Btw: They've banned me from their Support Channel, without any explanation.
I guess I asked the wrong questions, pitty.
newbit said:
Just a little Update.
Thank your @mvikrant97, Xiaomi Fire Tool did the trick. They don't unlock bootloader,
but flash firmware with EDL auth. And now my phone is back to life. Support was very good, in fact,
they were the only ones who responded at all. Very patience and polite as well. Plus, very affordable.
Once my phone is fully charged, battery was totally drained since it was in EDL Mode for weeks, I will see
what Hydra has to offer. Btw: They've banned me from their Support Channel, without any explanation.
I guess I asked the wrong questions, pitty.
Click to expand...
Click to collapse
I'm very happy to learn that your phone is fixed.
While the rest we can discuss in PM!