Related
Wonder if anyone knows how to unlock the bootloader and root the Oppo Find X3 (not Pro)? This is the device that sits just below the Pro-Model - essentially same hardware with a slightly less capable CPU (Snapdragon 870 instead of 888). The device runs a version of ColorOs intended for the Chinese market only (at this stage). Easy to enable developer options, allow OEM unlocking and enable USB debugging. But so far I have not found a way to access fastboot mode and proceed to unlock the bootloader. Any ideas?
Waited 4 yrs to upgrade from a OnePlus5 and these Chinese system apps are such a downer. Glad to see you two on to the right questions.
tigerfelix said:
... The device runs a version of ColorOs intended for the Chinese market only (at this stage). Easy to enable developer options, allow OEM unlocking and enable USB debugging. But so far I have not found a way to access fastboot mode and proceed to unlock the bootloader. Any ideas?
Click to expand...
Click to collapse
remind me of the steps?
tigerfelix said:
Wonder if anyone knows how to unlock the bootloader and root the Oppo Find X3 (not Pro)? This is the device that sits just below the Pro-Model - essentially same hardware with a slightly less capable CPU (Snapdragon 870 instead of 888). The device runs a version of ColorOs intended for the Chinese market only (at this stage). Easy to enable developer options, allow OEM unlocking and enable USB debugging. But so far I have not found a way to access fastboot mode and proceed to unlock the bootloader. Any ideas?
Click to expand...
Click to collapse
I'm facing the same issue. Have activated USB debugging on my X3 Pro, but when I shut down and restart whilst also holding volume up button, it doesn't go in to fast boot. Is there a way of activating fast boot by plugging phone into computer?
p1gnone said:
remind me of the steps?
Click to expand...
Click to collapse
The steps to enable developer mode? Go to About Phone, there you will see a screen with lots of info about the phone, including the OS. Tap on *Baseband & kernel", then you see three infos. There you click multiple times on "Build number", which will unlock developer mode. This you then find under "Additional settings" in the main settings. Then you can enable "OEM unlock" (which doesn't help unless you can access the bootloader and actually unlock it...) and "USB debugging". I'll survive without root for now, hoping some clever XDA devs will figure this device out eventually. It's an amazing phone, and I hope they will release a true international version of the firmware at some point, so I won't see the Chinese core-apps anymore...
Global phones have purposely has the fastboot command blocked, so even if there was a twrp there is no way to flash it, no matter what you do, holding volume down on boot, commands or any other method won't work. Chinese models I believe can have it done but need to download an app, then apply to have permission to unlock.
gaztom78 said:
Global phones have purposely has the fastboot command blocked, so even if there was a twrp there is no way to flash it, no matter what you do, holding volume down on boot, commands or any other method won't work. Chinese models I believe can have it done but need to download an app, then apply to have permission to unlock.
Click to expand...
Click to collapse
My phone IS a Chinese model; the regular FX3 (non-pro). With Oppo (cr)App Store and all sorts of China-centric rubbish. What is the name of the app that might let me access the bootloader?
tigerfelix said:
My phone IS a Chinese model; the regular FX3 (non-pro). With Oppo (cr)App Store and all sorts of China-centric rubbish. What is the name of the app that might let me access the bootloader?
Click to expand...
Click to collapse
Deeptest. Apk or in depth test.apk Google them a new version 1.1 was released three days ago but no info on what model phone it is for
Thanks for the tip. Among other things, I came across this:
OPPO Community
Talk, share, and learn everything about the beautiful possibilities of technology together with other OPPO fans.
community.coloros.com
Sounds like this is for devs only, and not yet for the FX3. So for now, I'll keep my hands off it - don't think I'm at the required skill level yet. But still - a good tip, and it gives me some hope that root access might be possible in the near future.
I have what I'm pretty sure is the global variant and I am able to enter fastbootd
Oh wow. Great! May I ask you to please share how you manged to pull that off? And once you accessed fastboot, did you e.g. manage to root the device? Please, also here, a "how" would be preferred over a "yes"?
Or is there a way to root the phone with apps like KingoRoot etc?
I'm not pro in this area, but i find this:
Spoiler: link
How To Unlock OPPO Find X3 Pro Bootloader - NaldoTech
Follow this guide to learn how to unlock the bootloader on your OPPO Find X3 Pro. Most modern Android phones come with locked bootloaders, which make it
www.naldotech.com
Has anybody managed to root or install magisk on the find x3 pro?
Thinking about buying this phone but only under this premise.
Speaka said:
Has anybody managed to root or install magisk on the find x3 pro?
Thinking about buying this phone but only under this premise.
Click to expand...
Click to collapse
So buy oneplus or xiaomi. Dont buy oppo.
Can someone try it? I do not have experience.
OPPO FindX3/X3Pro深度测试解锁BL刷ROOT首发指导教程-ROM乐园官网
目前OPPO FindX3系列机 型ROOT门槛偏高,不那么友好,本教程为ROM乐园首发,其他网站禁止私自转载发布
www.romleyuan.com
georgiy8428 said:
Can someone try it? I do not have experience.
OPPO FindX3/X3Pro深度测试解锁BL刷ROOT首发指导教程-ROM乐园官网
目前OPPO FindX3系列机 型ROOT门槛偏高,不那么友好,本教程为ROM乐园首发,其他网站禁止私自转载发布
www.romleyuan.com
Click to expand...
Click to collapse
This is what this website tells you when trying to download the app you listed:
1. This service is a one-time payment, the order can be displayed in the personal center after purchase, and it can be used unlimitedly within the validity period
2. The phone comes with a BootLoader model at the factory, please unlock the BL by yourself in advance, and then make a paid purchase
3. The flashing package information belongs to the payment for flashing the data, and not for other services such as paid assistance. Please be aware
4. Relevant introductions and pictures are for reference only, different models may have differences, the address will be automatically obtained after purchase 5. For problems such as resource failure or error, you can contact online customer service QQ or WeChat in the personal center after successful purchase
You have to unlock your bootloader before you can use this app, that is supposed to unlock the bootloader.....
OPPO Phone unlock is not paid service, OPPO Offical release unlook app here: https://www.oppo.cn/thread-397164526-1
Unlock app for find x3 direct download link: https://img-oppo-cn-test.oss-cn-shenzhen.aliyuncs.com/uploads/common/2021/02/10/15554642501.apk
This app only work on ColorOS 11, If you're using Coloros 12, you must downgrade to Coloros11.
If you're using china version, you can download a downgrade rom here (Do not change the zip name): https://561234.xyz/设备/Find X3/C11降级包
Update:
Not china version findx3 please use OplusDowngradeTool to download the downgrade rom.
https://561234.xyz/d/设备/Find X3/C11降级包/OplusDowngradeTool.zip
This tool maybe chinese only, there is a video for how to use it:
https://561234.xyz/设备/Find X3/C11降级包/OplusDowngradeTool-OperationDemo.mp4
exg0zz said:
OPPO Phone unlock is not paid service, OPPO Offical release unlook app here: https://www.oppo.cn/thread-397164526-1
Unlock app for find x3 direct download link: https://img-oppo-cn-test.oss-cn-shenzhen.aliyuncs.com/uploads/common/2021/02/10/15554642501.apk
This app only work on ColorOS 11, If you're using Coloros 12, you must downgrade to Coloros11.
If you're using china version, you can download a downgrade rom here (Do not change the zip name): https://561234.xyz/设备/Find X3/C11降级包
Click to expand...
Click to collapse
Hello. I now have Android 12 c.31. And I can not roll back to A11. What other options?
georgiy8428 said:
Hello. I now have Android 12 c.31. And I can not roll back to A11. What other options?
Click to expand...
Click to collapse
Currently there's no method to unlock oppo phone on android 12.
Hello everyone,
I recently got the Realme 7 5G and I'm looking for a way to root or unlock the bootloader. I've tried the post here:
https://forum.xda-developers.com/t/realme-7-5g-eu-version-guide-for-unlock-bootloader.4272495/
But it doesn't work now.
Phone info:
Realme 7 5g
Realme UI 2.0
Android 11
800U 8GB ram
Model: RMX2111
AUSTRALIAN VARIANT
If there is a way please let me know, im sure tons of people will appreciate it aswell!
Maybe if you would tell us what you mean by "it doesn't work" we can be more helpful.
How far did you get in the process? What error messages do you get?
pochutkova.smotana said:
Maybe if you would tell us what you mean by "it doesn't work" we can be more helpful.
How far did you get in the process? What error messages do you get?
Click to expand...
Click to collapse
I was doing the steps to get the unlocker working, changing mac, running the oppo tool and i tried to change the region but the code just didnt work
. Also is it impossible to get fastboot on the realme 7 5g? I tried 'adb reboot bootloader' and it just didnt work.
andyboi123 said:
I was doing the steps to get the unlocker working, changing mac, running the oppo tool and i tried to change the region but the code just didnt work
. Also is it impossible to get fastboot on the realme 7 5g? I tried 'adb reboot bootloader' and it just didnt work.
Click to expand...
Click to collapse
How old is the guide? Pretty sure I read somewhere that OPPO did some patching that stopped a certain tool from working.
OrthodoxOxygen said:
How old is the guide? Pretty sure I read somewhere that OPPO did some patching that stopped a certain tool from working.
Click to expand...
Click to collapse
I guess they did, I just don't get why realme restricts the unlock tool to india.
andyboi123 said:
I guess they did, I just don't get why realme restricts the unlock tool to india.
Click to expand...
Click to collapse
There is a way around it. I'm a bit busy at the moment, but I'll try and scrape around my history tomorrow to try and find what I'm talking about. Feel free to do some digging of your own, of course. No guarantees that it'll fix the issue, however, so be wary of that.
`
OrthodoxOxygen said:
There is a way around it. I'm a bit busy at the moment, but I'll try and scrape around my history tomorrow to try and find what I'm talking about. Feel free to do some digging of your own, of course. No guarantees that it'll fix the issue, however, so be wary of that.
Click to expand...
Click to collapse
If you do have a method, this will undoubtedly help a lot of people (including me)!
I did it few weeks ago on Android 10 Realme 7 5G and it worked smoothly.
After I got the OK in the right window of Sec5 tool the code worked for me. If I wanted to run the code again though, I had to use Sec5 again.
Maybe retry the Sec5? Are you running Android 10 or 11 on your Realme?
'adb reboot bootloader' doesn't work, the idea of the whole process is to be able to boot into the bootloader (which is enabled by "in-depth testing app") where you can unlock the bootloader and subsequently boot into bootloader any time you want to.
pochutkova.smotana said:
I did it few weeks ago on Android 10 Realme 7 5G and it worked smoothly.
After I got the OK in the right window of Sec5 tool the code worked for me. If I wanted to run the code again though, I had to use Sec5 again.
Maybe retry the Sec5? Are you running Android 10 or 11 on your Realme?
'adb reboot bootloader' doesn't work, the idea of the whole process is to be able to boot into the bootloader (which is enabled by "in-depth testing app") where you can unlock the bootloader and subsequently boot into bootloader any time you want to.
Click to expand...
Click to collapse
Oh, I'm running Realme UI 2.0 (Android 11). Maybe they patched it in the update?
Also, I've run Sec5 multiple times, it says 'ok' and when I put the code in, it just won't do it. Really frustrating how realme locked the in-depth test to India phones only.
Just a quick heads-up.
unlock token - OnePlus (United States)
www.oneplus.com
By the way, to root without readily available stock firmware, first unlock bootloader, then boot a pre-rooted GSI with DSU Sideloader, pull stock boot partition from there, and finally patch/flash it. This applies to the Open variant as well.
AndyYan said:
Just a quick heads-up.
unlock token - OnePlus (United States)
www.oneplus.com
By the way, to root without readily available stock firmware, first unlock bootloader, then boot a pre-rooted GSI with DSU Sideloader, pull stock boot partition from there, and finally patch/flash it. This applies to the Open variant as well.
Click to expand...
Click to collapse
Tried to unlock but apparentpy my device only has 7 digits in the serial number which keeps me from being able to use the website to request the unlock code.
I used the debloat script I found on n200 threads to get oem unlock on option. T-Mobile variant
PsYk0n4uT said:
Tried to unlock but apparentpy my device only has 7 digits in the serial number which keeps me from being able to use the website to request the unlock code.
I used the debloat script I found on n200 threads to get oem unlock on option. T-Mobile variant
Click to expand...
Click to collapse
Try prepending 0s?
Well. I was thinking that doing that would make the unlock token they give me different from what the phone would be expecting
PsYk0n4uT said:
Well. I was thinking that doing that would make the unlock token they give me different from what the phone would be expecting
Click to expand...
Click to collapse
Tried adding zero on front and back of serial it just tells me invalid serial
PsYk0n4uT said:
Tried adding zero on front and back of serial it just tells me invalid serial
Click to expand...
Click to collapse
Chatting with OnePlus hasn't yielded anything so far
Just a tip, because in my infinite forgetfulness I wasted an hour last night trying to figure out why I was getting the error, fastboot could not open target HAL.
Remember that you must request the unlock code from fastboot, not fastbootd. Which is what you will boot into if you issue adb reboot fastboot.
So here's a quick step by step.
1.Enable usb debugging. 2. Connect your device and allow access for the computer. My device asks if I want it to charge or transfer files. Select transfer files/Android auto and then use adb start-server. May have to unplug the USB cable and reconnect. Select "always allow this device/PC".
3. Issue "adb devices" to make sure your connected.it should list your device by it's serial number. If not then try unplugging the device and revoke adb authorizations in dev options and toggle USB debugging off and back on, may even need to reboot the device to get it to connect after doing this.
4. If your device is listed under devices go ahead and issue "adb reboot fastboot"
5. Once rebooted issue "fastboot devices" and make sure the device is listed again.(If not listed make sure you have your driver's installed correctly and fastboot is installed correctly, may need to install Android SDK into same folder as fastboot)
6.You can select English or whatever language if you want but it doesn't seem necessary.You are in fastbootd mode you will see if you DO select a language.
So from here issue"fastboot reboot bootloader" device will reboot and you will have scrollable option at the top beginning with a big green START at the top. This is regular fastboot And where you wanna be to get your unlock code for submitting to Oppo for your unlock token.
7. Issue "fastboot oem get_unlock_code"
8. It should return the info you need, you will also need your IMEI number when submitting so be sure to copy that down.
you can copy and paste the unlock code into notepad or Word and delete out the extra stuff so your left with just the two lines of your unlock code as one single contiguous string of numbers.
8. Go to the link listed by OP and submit the required info. And wait for what seems like forever.
ADB/Fastboot commands-quick recap.
1. adb reboot fastboot
2. fastboot reboot bootloader
3. fastboot oem get_unlock_code
PsYk0n4uT said:
ADB/Fastboot commands-quick recap.
1. adb reboot fastboot
2. fastboot reboot bootloader
3. fastboot oem get_unlock_code
Click to expand...
Click to collapse
Simply "adb reboot bootloader". You won't need fastbootd until GSIs (which I already did ofc).
Thanks, definitely a quicker way to get to fastboot. I guess I wasn't sure if you could reboot directly. Seems maybe I was confusing an older device where you had to reboot to fastboot then "fastboot reboot fastboot" to get to fastbootd for a whole different reason.
This one goes directly to fastbootd when you "adb reboot fastboot"
Nice catch.
with this particular model in scope, what do either of you guys suggest I do if I have gottne the age old bricked message "destroyed boot/recovery image"".. I've tried the MSMTool route and cna't get it to register under Device Manager with the Qualcomm drivers.. It's highly upsetting..
I'm not really sure to be honest, this is my first OnePlus device and just trying to contribute anything I can to get the N20 section up and going as I make progress with the device.
Just a quick search though turns up this and maybe it could be of use if you can still access the bootloader.
the current image(boot/recovery) have been destroyed
I updated my oneplus 8t to KB2005_11.C.11 (OOS 12 ) by first booting to twrp-3.6.1_11-0-kebab.img and then flashed the KB2005_11_C_OTA_1100_all_362b9b_10100001.zip. After the upgrade I had no mobile data on t-mobile and had Volte instead of 5g...
forum.xda-developers.com
Someone mentions extracting the boot.img from stock image and flashing it. I would imagine it should work for you if the stock firmware can be found and circumstances are similar. Maybe at least a start. Wish I could be of more help, maybe someone else can chime in that knows more.
Try Linux, maybe a live dist. if your on a windows machine that won't recognize it just to get it into a state that you can work with it again.
Just an idea, I don't want to steer you wrong as i still have a lot to learn
DrScrad said:
with this particular model in scope, what do either of you guys suggest I do if I have gottne the age old bricked message "destroyed boot/recovery image"".. I've tried the MSMTool route and cna't get it to register under Device Manager with the Qualcomm drivers.. It's highly upsettinghav
Click to expand...
Click to collapse
DrScrad said:
with this particular model in scope, what do either of you guys suggest I do if I have gottne the age old bricked message "destroyed boot/recovery image"".. I've tried the MSMTool route and cna't get it to register under Device Manager with the Qualcomm drivers.. It's highly upsetting..
Click to expand...
Click to collapse
I want to try and help but I'm so new it's sketchy I don't want to say something and get bashed
Please feel free to comment. Don't worry about the trolls. We would love to have you to be part of this conversation. If you have suggestions just post them, and if your unsure about anything just mention that you are. It's a great way to learn. Don't worry about negative feedback, take it as constructive criticism. You may find that the feedback can clear up many questions and/or misconceptions. You never know how your dialogue with other members could help someone else in the future. These forums are here to document all of it just for that purpose. We are all here to learn or help others who want to learn. Though this account is only a year old I have been around these forums on and off for many years and I learn something each and every time I come in search of wisdom. I'm by no means an expert but I find that others benefit from my questions and answer just as much as I have over the years.
Fyi according to a recently made friend who also had the 7 digit serial issue, they were told by OnePlus their dev team is working on an OTA update that will resolve the serial number issues. I'm not sure how that's going to work but I saw the email between them and Oppo support
I guess this must be a widespread issue that they feel is cheaper to invest the amount of money it takes for r&d to come up with a fix than it was to replace a few devices or attempt to do remote repairs.
But this also makes me wonder what avenue they will take to correct the issue.
Also I wonder if someone with the right skillset could gather enough bootloader unlock codes along with the unlock tokens, serial, IMEI, pcba etc.. maybe the algorithm their using to generate the codes could be broken. I'm no crypto expert or math genius either, but if we have the variables to the equation minus one but have the answer, isn't this pretty simple almost pre-algebra?
I mean I guess their not worried about enough people being brave enough to give out sensitive info like that. But maybe Im just ignorant of the complexity of these algorithms.
64 digit key on one end
T-Mobile bought sprint and they have T-Mobile sims no. But I understand that sprint is still a somewhat seperate company (tried to buy a T-Mobile phone and it would not activate on my sprint account. So I bought this from the sprint side of the T-Mobile site so I knew it would work but I assume this is a sprint phone and not a T-Mobile phone so this method would not work.
Can anyone confirm this?
PsYk0n4uT said:
Please feel free to comment. Don't worry about the trolls. We would love to have you to be part of this conversation. If you have suggestions just post them, and if your unsure about anything just mention that you are. It's a great way to learn. Don't worry about negative feedback, take it as constructive criticism. You may find that the feedback can clear up many questions and/or misconceptions. You never know how your dialogue with other members could help someone else in the future. These forums are here to document all of it just for that purpose. We are all here to learn or help others who want to learn. Though this account is only a year old I have been around these forums on and off for many years and I learn something each and every time I come in search of wisdom. I'm by no means an expert but I find that others benefit from my questions and answer just as much as I have over the years.
Click to expand...
Click to collapse
okay peep theres a way i put my oneplus into efu mode, hold both vol up and down then put usb c in continue to hold u should hear PC recognize it
So, before i do it, would deleting the modemst1/modemst2 partitions still let me bypass the t-mobile sim lock and let me unlock the phone like it did on the old oneplus phones?
Flashed a patched boot.img and lost modems. Anyone willing to post the modems? Are they device specific like a device partition?
Sim locked and trying to recover. No radios are working
Ok , lemme cover my bases here... OnePlus 10t, Android 12, T Mobile. .
I have usb debugging on, oem unlock on, and device appears in ADB ... Newest platform tools, updated drivers.... When I run 'adb reboot bootloader', the phone shuts off, then I see 'fastboot mode' for like half a second , and it goes off and boots up normal. I can enter fastbootd .. but regular fastboot causes instant reboot! Can ANYONE help me with what I need to do? You can't unlock bootloader in fastbootd... So I need help figuring out how to make it NOT kick out of fastboot when I enter the command. (Usb 2.0)
OPPO locked the bootloader permanently. They do this on the find series as well.. basically bootloader mode is disabled.
I haven't heard about this before, is it a T-Mobile only thing? That seems really bad for oppo to do that...
Hurt Copain said:
OPPO locked the bootloader permanently. They do this on the find series as well.. basically bootloader mode is disabled.
Click to expand...
Click to collapse
ok , so how then can i either re activate this mode or root this device? because that is a deal breaker for me! I wont keep the ONLY model of this phone that has Fastboot disabled, and therefore is unable to be rooted! I have about 8 days left to package back up and send back to Tmobile for refund! Now i can fully reach EDL mode, so if there is a software that can let me flash the EU Unlocked FW , then please direct me. I saw some success written about here with the new MSM, but it requires some authentication. I am 100% fully committed to any method, no matter how complex, to rectify this travesty! The ONLY reason i jumped from Samsung to OnePlus years ago was because of how Developer friendly they were... Easy unlock of bootloader... yadda yadda! Now the curse of Beatbreaker has struck again, and the impossible has happened in that SAMSUNG bootloaders are now easily unlockable via purchased token... and Oneplus has become part of an asshat dictatorship.
Please advise if there is ANYONE here who can either help me with this situation, or can direct me to instructions/software that can flip this situation around. I mean, the fact that Fastbootd reports my device in "Fastboot" when running 'Fastboot devices' ... AND that even if only for a glimpse of a second i can see FASTBOOT MODE, before it kicks me out and reboots, tells me that there must be some glitch, exploit, or workaround that can re-enable it! I only state this because some phone companies (carriers) like Metropcs were pre-installing FW that made Download mode disabled for quite a few devices, but thru some low level (edl) actions, we were able to reverse that and load a global fw to the phones, restoring all functions!
ok long posts.... ANYONE... I am up for ALL suggestions, because i can fully brick this phone and return it , but my window closes in 7 days!
beatbreakee said:
ok , so how then can i either re activate this mode or root this device? because that is a deal breaker for me! I wont keep the ONLY model of this phone that has Fastboot disabled, and therefore is unable to be rooted! I have about 8 days left to package back up and send back to Tmobile for refund! Now i can fully reach EDL mode, so if there is a software that can let me flash the EU Unlocked FW , then please direct me. I saw some success written about here with the new MSM, but it requires some authentication. I am 100% fully committed to any method, no matter how complex, to rectify this travesty! The ONLY reason i jumped from Samsung to OnePlus years ago was because of how Developer friendly they were... Easy unlock of bootloader... yadda yadda! Now the curse of Beatbreaker has struck again, and the impossible has happened in that SAMSUNG bootloaders are now easily unlockable via purchased token... and Oneplus has become part of an asshat dictatorship.
Please advise if there is ANYONE here who can either help me with this situation, or can direct me to instructions/software that can flip this situation around. I mean, the fact that Fastbootd reports my device in "Fastboot" when running 'Fastboot devices' ... AND that even if only for a glimpse of a second i can see FASTBOOT MODE, before it kicks me out and reboots, tells me that there must be some glitch, exploit, or workaround that can re-enable it! I only state this because some phone companies (carriers) like Metropcs were pre-installing FW that made Download mode disabled for quite a few devices, but thru some low level (edl) actions, we were able to reverse that and load a global fw to the phones, restoring all functions!
ok long posts.... ANYONE... I am up for ALL suggestions, because i can fully brick this phone and return it , but my window closes in 7 days!
Click to expand...
Click to collapse
Dang! This is a messy situation for yah! I contacted support for an MSM tool and they said I have to send it in for them to flash it.
I think trying to have them flash some other variant would take you past your 7 day window and they may not do it anyways.
I would say least send an email to OnePlus support and ask if they would flash to other variant otherwise you will be returning the phone. You should get a response soon. Otherwise I'd lean towards returning it... Sadly.
Then buy straight from oneplus if you still want a 10t. They may have a good blackfriday deal on this phone as well.
maamdroid said:
Dang! This is a messy situation for yah! I contacted support for an MSM tool and they said I have to send it in for them to flash it.
I think trying to have them flash some other variant would take you past your 7 day window and they may not do it anyways.
I would say least send an email to OnePlus support and ask if they would flash to other variant otherwise you will be returning the phone. You should get a response soon. Otherwise I'd lean towards returning it... Sadly.
Then buy straight from oneplus if you still want a 10t. They may have a good blackfriday deal on this phone as well.
Click to expand...
Click to collapse
thank you ... i was waiting for the response from someone who had been in contact with them. I will mail them right away.
Hello Fellows,
I've got a Redmi 9 Pro for Linux purposes, but the phone came with FRP triggered and of course, I couldn't get access to the sellers
account. I spare you the details, because I am sure, every one knows a story like that.
I checked xda and the web about guides for quite some time, and actually found a lot of them, but none of them worked. At the end I could combine
some of these guides to actually make it happened. I've created a little screen recording to show all the steps that worked for my device.
Yes you can actually install and open almost every apk even with a triggered FRP. Almost means, you can even enable the developer options, but
they don't show anything for that user.
Initial situation:
Xiaomi Redmi 9 Pro EEA (joyeuse)
Bootloader Locked
triggered FRP Lock
find my device - OFF
No MI-Account
Software Variant 1:
Firmware: MIUI V12.0.2.0.QJZEUXM Stable Official Update for Redmi Note 9 Pro EEA (joyeuse)
Android 10 - Miui 12
Android Security Patch Date: 2021-01-21
Software Variant 2:
Firmware: MIUI V12.5.8.0.RJZEUXM Stable Official Update for Redmi Note 9 Pro EEA (joyeuse)
Android 11 - Miui 12.5
Android Security Patch Date: 2022-03-01
FRP Bypass start conditions:
Wifi is connected
The basic idea and steps:
Get into System Settings via the Help & Feedback from Gmail to disable and stop certain apps.
Only for this is the wifi needed, if you type delete, the right help topic will show up
2x Android Setup
Carrier Dafault App
Google Play Services (must be disabled at the very last)
enable the Accessibility Suite to re-enable Google Play Services at the right moment
Continue the actually process to setup the phone, the procedure will stuck at "Just a sec..." "Checking for updates..."
now try to re-enable the Google Play Services, once this is done, the FRP Bypass will take place the next step
One important note, after enabling Google Play Services, its Storage and Cache must be deleted!
This is one of the main reasons why it didn't worked for me the first 100 times i tried.
It does go through though, but right at the moment the setup is finished, the FRP Lock gets triggered and
we are back at the beginning.
Enabling the Google Play Services can be annoying, because the screen is flashing/changing so fast, that the touch
will not be accepted right away. But there is plenty of time to try until it hits.
Finish the setup process until you see the home screen
Execute the factory reset over the settings menu and the FRP is gone for good
Optional, you can enable oem unlock before you factory reset the phone
With oem unlock enabled, the phone can't get FRP Lock on.
Spoiler: FRP Bypass and Reset Android 10 - Miui 12
Spoiler: FRP Bypass and Reset Android 11 - Miui 12.5
Regarding Bootloader Unlock, which es mandatory to install Linux (Ubuntu Touch) on this phone.
I couldn't found any free way to either unlock the bootloader without Mi-Account, or reboot the phone into EDL.
They are some Apps I tried so far:
Xiaomi Sideload Tool and ROM2box from Romprovider.com
But they need MIUI Recovery 5.0, and I only have MIUI Recovery 3.0
And don't want to upgrade, because Ubuntu Touch need Android 10
Does anybody have more information about that exploit these Sideload Apps are using?
I don't get how you can read data from and adb sideload connection, where you just can upload zip files
for updates
EDL from the famous Bjoern Kerler "bkerler" (MTK-Client)
For this tool the phone must be in EDL Mode, which I can't get into it
Does anybody know a way how to do that without Test Point? I tried so many ways, but none worked.
I even compiled fastboot and adb from AOSP, but the "old" ways like reboot-edl don't work.
My last hope is a USB-C V2 Cable/Dongle from Team Hydra.
Updates will follow...
[Update 1: 2023-04-25]
The FRP Bypass Procedure also works on Android 11 MIUI 12.5
[Update 2: 2023-04-25]
I've built the EDL Cable/Dongle, but it didn't work. I've bought the official
Hydra EDL Cable V2, exact same result, it also didn't work. Hydra refuses to give me a straight answer to this issue, even as a customer. The shop I've bought it
from, asked Hydra as well, with the feedback, this could be a SPD issue.
But still, they refuse to tell me, which SPD I need to get it working. At this
time I was on SPD 2021-01-21, and they published the EDL Cable Pinouts in Dec. 2022 [Latest Security]. So this was a very false promise from Hydra or rather mobilerdx, not sure who's to blame here, perhaps myself.
[Update 3: 2023-04-25]
I've wrote an ADB and Fastboot Sniffer for Windows. Which worked
pretty well, and I was able to get the ADB commands from the Xiaomi Sideload Tool. So the Exploit is basically, that you can perform ADB PULL and ADB PUSH while your in SIDELOAD Mode, that's it. And that it uses a built-in command to gather the partition structure while you are in the
normal ADB Mode.
With that knowledge now, I've also wrote a Bash pendant from the Xiaomi Sideload Tool -> Xiaomi SideLoad Terminal Tool (xsltt). Which inherits all its functions plus a bit more user comfort.
With this tool, I was able to delete my xloader, and the device now boots
straight into EDL Mode. Which is great, you can call this a Software Testpoint.
But, there is always a but, it seems that there is still no proper firehose file out there, that bypasses this annoying EDL authentication. And no, I will not even try to bypass that myself, this is way over my head.
So I would very much appriciate it, if someone can point me to a working firehose file that bypasses the EDL authentication for the Redmi Note 9 Pro (joyeuse).
I am facing the same problem, can not find the right firehose tool.
And all the apps that claim they have proper firehose file are all paid service.
since you have hydra tool, did they work for the edl? since they said they have the right firehose file.
ccaye said:
I am facing the same problem, can not find the right firehose tool.
And all the apps that claim they have proper firehose file are all paid service.
since you have hydra tool, did they work for the edl? since they said they have the right firehose file.
Click to expand...
Click to collapse
Haha, no they don't. They even recommended me the hydra dongle in their own telegram support channel. Now i have this dongle since a day, they say it is not supported in EDL Mode, only Sideload mode. And now i have to find someone who can fix the phone remotely with a auth service account. Isn't it great?
I'
newbit said:
Hello Fellows,
I've got a Redmi 9 Pro for Linux purposes, but the phone came with FRP triggered and of course, I couldn't get access to the sellers
account. I spare you the details, because I am sure, every one knows a story like that.
I checked xda and the web about guides for quite some time, and actually found a lot of them, but none of them worked. At the end I could combine
some of these guides to actually make it happened. I've created a little screen recording to show all the steps that worked for my device.
Yes you can actually install and open almost every apk even with a triggered FRP. Almost means, you can even enable the developer options, but
they don't show anything for that user.
Initial situation:
Xiaomi Redmi 9 Pro EEA (joyeuse)
Bootloader Locked
triggered FRP Lock
find my device - OFF
No MI-Account
Software Variant 1:
Firmware: MIUI V12.0.2.0.QJZEUXM Stable Official Update for Redmi Note 9 Pro EEA (joyeuse)
Android 10 - Miui 12
Android Security Patch Date: 2021-01-21
Software Variant 2:
Firmware: MIUI V12.5.8.0.RJZEUXM Stable Official Update for Redmi Note 9 Pro EEA (joyeuse)
Android 11 - Miui 12.5
Android Security Patch Date: 2022-03-01
FRP Bypass start conditions:
Wifi is connected
The basic idea and steps:
Get into System Settings via the Help & Feedback from Gmail to disable and stop certain apps.
Only for this is the wifi needed, if you type delete, the right help topic will show up
2x Android Setup
Carrier Dafault App
Google Play Services (must be disabled at the very last)
enable the Accessibility Suite to re-enable Google Play Services at the right moment
Continue the actually process to setup the phone, the procedure will stuck at "Just a sec..." "Checking for updates..."
now try to re-enable the Google Play Services, once this is done, the FRP Bypass will take place the next step
One important note, after enabling Google Play Services, its Storage and Cache must be deleted!
This is one of the main reasons why it didn't worked for me the first 100 times i tried.
It does go through though, but right at the moment the setup is finished, the FRP Lock gets triggered and
we are back at the beginning.
Enabling the Google Play Services can be annoying, because the screen is flashing/changing so fast, that the touch
will not be accepted right away. But there is plenty of time to try until it hits.
Finish the setup process until you see the home screen
Execute the factory reset over the settings menu and the FRP is gone for good
Optional, you can enable oem unlock before you factory reset the phone
With oem unlock enabled, the phone can't get FRP Lock on.
Spoiler: FRP Bypass and Reset Android 10 - Miui 12
Spoiler: FRP Bypass and Reset Android 11 - Miui 12.5
Regarding Bootloader Unlock, which es mandatory to install Linux (Ubuntu Touch) on this phone.
I couldn't found any free way to either unlock the bootloader without Mi-Account, or reboot the phone into EDL.
They are some Apps I tried so far:
Xiaomi Sideload Tool and ROM2box from Romprovider.com
But they need MIUI Recovery 5.0, and I only have MIUI Recovery 3.0
And don't want to upgrade, because Ubuntu Touch need Android 10
Does anybody have more information about that exploit these Sideload Apps are using?
I don't get how you can read data from and adb sideload connection, where you just can upload zip files
for updates
EDL from the famous Bjoern Kerler "bkerler" (MTK-Client)
For this tool the phone must be in EDL Mode, which I can't get into it
Does anybody know a way how to do that without Test Point? I tried so many ways, but none worked.
I even compiled fastboot and adb from AOSP, but the "old" ways like reboot-edl don't work.
My last hope is a USB-C V2 Cable/Dongle from Team Hydra.
Updates will follow...
[Update 1: 2023-04-25]
The FRP Bypass Procedure also works on Android 11 MIUI 12.5
[Update 2: 2023-04-25]
I've built the EDL Cable/Dongle, but it didn't work. I've bought the official
Hydra EDL Cable V2, exact same result, it also didn't work. Hydra refuses to give me a straight answer to this issue, even as a customer. The shop I've bought it
from, asked Hydra as well, with the feedback, this could be a SPD issue.
But still, they refuse to tell me, which SPD I need to get it working. At this
time I was on SPD 2021-01-21, and they published the EDL Cable Pinouts in Dec. 2022 [Latest Security]. So this was a very false promise from Hydra or rather mobilerdx, not sure who's to blame here, perhaps myself.
[Update 3: 2023-04-25]
I've wrote an ADB and Fastboot Sniffer for Windows. Which worked
pretty well, and I was able to get the ADB commands from the Xiaomi Sideload Tool. So the Exploit is basically, that you can perform ADB PULL and ADB PUSH while your in SIDELOAD Mode, that's it. And that it uses a built-in command to gather the partition structure while you are in the
normal ADB Mode.
With that knowledge now, I've also wrote a Bash pendant from the Xiaomi Sideload Tool -> Xiaomi SideLoad Terminal Tool (xsltt). Which inherits all its functions plus a bit more user comfort.
With this tool, I was able to delete my xloader, and the device now boots
straight into EDL Mode. Which is great, you can call this a Software Testpoint.
But, there is always a but, it seems that there is still no proper firehose file out there, that bypasses this annoying EDL authentication. And no, I will not even try to bypass that myself, this is way over my head.
So I would very much appriciate it, if someone can point me to a working firehose file that bypasses the EDL authentication for the Redmi Note 9 Pro (joyeuse).
Click to expand...
Click to collapse
I'm ready to fund for research cause. I will invest in the tool that I know which allows EDL authentication so that we can verify if it works with your device.
Please let me know so that together we can succed in fixing your phone.
mvikrant97 said:
I'
I'm ready to fund for research cause. I will invest in the tool that I know which allows EDL authentication so that we can verify if it works with your device.
Please let me know so that together we can succed in fixing your phone.
Click to expand...
Click to collapse
Thank you for your generous offer, I am not sure If I understand you right, plus I don't have the need
for charity. To be honest, I don't even have a clue, what to believe now. They all promise you honey
flowing in rivers, but can't really deliver.
They are tools called EMT and UAT Pro. Never heard about them before. But they claim they have
auth support for this model in EDL mode. UAT even offers a pure software solution for an affordable price.
If you are willing to fund your self, please try it out, and report back.
newbit said:
Thank you for your generous offer, I am not sure If I understand you right, plus I don't have the need
for charity. To be honest, I don't even have a clue, what to believe now. They all promise you honey
flowing in rivers, but can't really deliver.
They are tools called EMT and UAT Pro. Never heard about them before. But they claim they have
auth support for this model in EDL mode. UAT even offers a pure software solution for an affordable price.
If you are willing to fund your self, please try it out, and report back.
Click to expand...
Click to collapse
I won't be investing in those tools. Both EMT and UAT allow auth flashing however I know a tool called Xiaomi Pro tool which supports auth flashing and it works and the investment is pretty low so I can invest in that tool to help you out with auth flashing.
I cannot discuss any further as XDA does not allow that.
mvikrant97 said:
I won't be investing in those tools. Both EMT and UAT allow auth flashing however I know a tool called Xiaomi Pro tool which supports auth flashing and it works and the investment is pretty low so I can invest in that tool to help you out with auth flashing.
I cannot discuss any further as XDA does not allow that.
Click to expand...
Click to collapse
Yeah that's weird, I've read this a lot, never had any issues with XDA about that.
Anyways, I can't find any manufacture website to the Xiaomi Pro Tool, so I cannot compare.
I think 15 bucks for are 3 Months time period is much cheaper compared to the 110 I've paid
for this Hydra Dongle, which brings me zero yet. So please, write me a PM with a link to a shop.
Just a little Update.
Thank your @mvikrant97, Xiaomi Fire Tool did the trick. They don't unlock bootloader,
but flash firmware with EDL auth. And now my phone is back to life. Support was very good, in fact,
they were the only ones who responded at all. Very patience and polite as well. Plus, very affordable.
Once my phone is fully charged, battery was totally drained since it was in EDL Mode for weeks, I will see
what Hydra has to offer. Btw: They've banned me from their Support Channel, without any explanation.
I guess I asked the wrong questions, pitty.
newbit said:
Just a little Update.
Thank your @mvikrant97, Xiaomi Fire Tool did the trick. They don't unlock bootloader,
but flash firmware with EDL auth. And now my phone is back to life. Support was very good, in fact,
they were the only ones who responded at all. Very patience and polite as well. Plus, very affordable.
Once my phone is fully charged, battery was totally drained since it was in EDL Mode for weeks, I will see
what Hydra has to offer. Btw: They've banned me from their Support Channel, without any explanation.
I guess I asked the wrong questions, pitty.
Click to expand...
Click to collapse
I'm very happy to learn that your phone is fixed.
While the rest we can discuss in PM!