search

MlgmXyysd / Xiaomi-HyperOS-BootLoader-Bypass

A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community restrictions of BootLoader unlocked account bindings.
https://www.neko.ink/
2.57k stars 295 forks source link

This tools still working, but need more error handler #161

Open lexavey opened 1 month ago

lexavey commented 1 month ago

Maybe using function_exists() can help user to understand what to do.

C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>bypass.cmd
PHP Warning:  PHP Startup: Unable to load dynamic library 'curl' (tried: C:\php\ext\curl (The specified module could not be found), C:\php\ext\php_curl.dll (The specified module could not be found)) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'curl' (tried: C:\php\ext\curl (The specified module could not be found), C:\php\ext\php_curl.dll (The specified module could not be found)) in Unknown on line 0
PHP Warning:  PHP Startup: Unable to load dynamic library 'openssl' (tried: C:\php\ext\openssl (The specified module could not be found), C:\php\ext\php_openssl.dll (The specified module could not be found)) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'openssl' (tried: C:\php\ext\openssl (The specified module could not be found), C:\php\ext\php_openssl.dll (The specified module could not be found)) in Unknown on line 0
[2024-08-12] [09:11:46] [INFO] - ************************************
[2024-08-12] [09:11:46] [INFO] - * Xiaomi HyperOS BootLoader Bypass *
[2024-08-12] [09:11:46] [INFO] - * By NekoYuzu          Version 1.0 *
[2024-08-12] [09:11:46] [INFO] - ************************************
[2024-08-12] [09:11:46] [INFO] - GitHub: https://github.com/MlgmXyysd
[2024-08-12] [09:11:46] [INFO] - XDA: https://xdaforums.com/m/mlgmxyysd.8430637
[2024-08-12] [09:11:46] [INFO] - X (Twitter): https://x.com/realMlgmXyysd
[2024-08-12] [09:11:46] [INFO] - PayPal: https://paypal.me/MlgmXyysd
[2024-08-12] [09:11:46] [INFO] - My Blog: https://www.neko.ink/
[2024-08-12] [09:11:46] [INFO] - ************************************
[2024-08-12] [09:11:46] [INFO] - Starting ADB server...
[2024-08-12] [09:11:47] [INFO] - Processing device 6af6eb65(3)...
[2024-08-12] [09:11:48] [INFO] - Finding BootLoader unlock bind request...
[2024-08-12] [09:11:48] [INFO] * Now you can bind account in the developer options.
[2024-08-12] [09:12:26] [INFO] - Account bind request found! Let's block it.
[2024-08-12] [09:12:26] [INFO] - Refactoring parameters...
PHP Fatal error:  Uncaught Error: Call to undefined function openssl_decrypt() in C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal\bypass.php:230
Stack trace:
#0 C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal\bypass.php(330): decryptData('#&^rFyMBx0Vb+Is...')
#1 {main}
  thrown in C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal\bypass.php on line 230

Fatal error: Uncaught Error: Call to undefined function openssl_decrypt() in C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal\bypass.php:230
Stack trace:
#0 C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal\bypass.php(330): decryptData('#&^rFyMBx0Vb+Is...')
#1 {main}
  thrown in C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal\bypass.php on line 230

C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>choco install openssl
^C
C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>openssl
help:

Standard commands
asn1parse         ca                ciphers           cmp
cms               crl               crl2pkcs7         dgst
dhparam           dsa               dsaparam          ec
ecparam           enc               engine            errstr
fipsinstall       gendsa            genpkey           genrsa
help              info              kdf               list
mac               nseq              ocsp              passwd
pkcs12            pkcs7             pkcs8             pkey
pkeyparam         pkeyutl           prime             rand
rehash            req               rsa               rsautl
s_client          s_server          s_time            sess_id
smime             speed             spkac             srp
storeutl          ts                verify            version
x509

Message Digest commands (see the `dgst' command for more details)
blake2b512        blake2s256        md4               md5
mdc2              rmd160            sha1              sha224
sha256            sha3-224          sha3-256          sha3-384
sha3-512          sha384            sha512            sha512-224
sha512-256        shake128          shake256          sm3

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb
aes-256-cbc       aes-256-ecb       aria-128-cbc      aria-128-cfb
aria-128-cfb1     aria-128-cfb8     aria-128-ctr      aria-128-ecb
aria-128-ofb      aria-192-cbc      aria-192-cfb      aria-192-cfb1
aria-192-cfb8     aria-192-ctr      aria-192-ecb      aria-192-ofb
aria-256-cbc      aria-256-cfb      aria-256-cfb1     aria-256-cfb8
aria-256-ctr      aria-256-ecb      aria-256-ofb      base64
bf                bf-cbc            bf-cfb            bf-ecb
bf-ofb            camellia-128-cbc  camellia-128-ecb  camellia-192-cbc
camellia-192-ecb  camellia-256-cbc  camellia-256-ecb  cast
cast-cbc          cast5-cbc         cast5-cfb         cast5-ecb
cast5-ofb         des               des-cbc           des-cfb
des-ecb           des-ede           des-ede-cbc       des-ede-cfb
des-ede-ofb       des-ede3          des-ede3-cbc      des-ede3-cfb
des-ede3-ofb      des-ofb           des3              desx
idea              idea-cbc          idea-cfb          idea-ecb
idea-ofb          rc2               rc2-40-cbc        rc2-64-cbc
rc2-cbc           rc2-cfb           rc2-ecb           rc2-ofb
rc4               rc4-40            seed              seed-cbc
seed-cfb          seed-ecb          seed-ofb          sm4-cbc
sm4-cfb           sm4-ctr           sm4-ecb           sm4-ofb

C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>choco install openssl

C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>php
^C
C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>php --help
Usage: php [options] [-f] <file> [--] [args...]
   php [options] -r <code> [--] [args...]
   php [options] [-B <begin_code>] -R <code> [-E <end_code>] [--] [args...]
   php [options] [-B <begin_code>] -F <file> [-E <end_code>] [--] [args...]
   php [options] -S <addr>:<port> [-t docroot] [router]
   php [options] -- [args...]
   php [options] -a

  -a               Run as interactive shell (requires readline extension)
  -c <path>|<file> Look for php.ini file in this directory
  -n               No configuration (ini) files will be used
  -d foo[=bar]     Define INI entry foo with value 'bar'
  -e               Generate extended information for debugger/profiler
  -f <file>        Parse and execute <file>.
  -h               This help
  -i               PHP information
  -l               Syntax check only (lint)
  -m               Show compiled in modules
  -r <code>        Run PHP <code> without using script tags <?..?>
  -B <begin_code>  Run PHP <begin_code> before processing input lines
  -R <code>        Run PHP <code> for every input line
  -F <file>        Parse and execute <file> for every input line
  -E <end_code>    Run PHP <end_code> after processing all input lines
  -H               Hide any passed arguments from external tools.
  -S <addr>:<port> Run with built-in web server.
  -t <docroot>     Specify document root <docroot> for built-in web server.
  -s               Output HTML syntax highlighted source.
  -v               Version number
  -w               Output source with stripped comments and whitespace.
  -z <file>        Load Zend extension <file>.

  args...          Arguments passed to script. Use -- args when first argument
                   starts with - or script is read from stdin

  --ini            Show configuration file names

  --rf <name>      Show information about function <name>.
  --rc <name>      Show information about class <name>.
  --re <name>      Show information about extension <name>.
  --rz <name>      Show information about Zend extension <name>.
  --ri <name>      Show configuration for extension <name>.

C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>php -r echo 'a';
PHP Parse error:  syntax error, unexpected end of file in Command line code on line 1

C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>php -r "echo 'a';"
a
C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>php -r "openssl_decrypt();"
PHP Fatal error:  Uncaught ArgumentCountError: openssl_decrypt() expects at least 3 arguments, 0 given in Command line code:1
Stack trace:
#0 Command line code(1): openssl_decrypt()
#1 {main}
  thrown in Command line code on line 1

C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>php -r "curl();"
PHP Fatal error:  Uncaught Error: Call to undefined function curl() in Command line code:1
Stack trace:
#0 {main}
  thrown in Command line code on line 1

C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>php -r "curl_init();"
PHP Fatal error:  Uncaught Error: Call to undefined function curl_init() in Command line code:1
Stack trace:
#0 {main}
  thrown in Command line code on line 1

C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>php -r "curl_init();"

C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>php bypass.php
[2024-08-12] [09:17:19] [INFO] - ************************************
[2024-08-12] [09:17:19] [INFO] - * Xiaomi HyperOS BootLoader Bypass *
[2024-08-12] [09:17:19] [INFO] - * By NekoYuzu          Version 1.0 *
[2024-08-12] [09:17:19] [INFO] - ************************************
[2024-08-12] [09:17:19] [INFO] - GitHub: https://github.com/MlgmXyysd
[2024-08-12] [09:17:19] [INFO] - XDA: https://xdaforums.com/m/mlgmxyysd.8430637
[2024-08-12] [09:17:19] [INFO] - X (Twitter): https://x.com/realMlgmXyysd
[2024-08-12] [09:17:19] [INFO] - PayPal: https://paypal.me/MlgmXyysd
[2024-08-12] [09:17:19] [INFO] - My Blog: https://www.neko.ink/
[2024-08-12] [09:17:19] [INFO] - ************************************
[2024-08-12] [09:17:19] [INFO] - Starting ADB server...
[2024-08-12] [09:17:20] [INFO] - Processing device 6af6eb65(3)...
[2024-08-12] [09:17:20] [INFO] - Finding BootLoader unlock bind request...
[2024-08-12] [09:17:20] [INFO] * Now you can bind account in the developer options.
[2024-08-12] [09:17:28] [INFO] - Account bind request found! Let's block it.
[2024-08-12] [09:17:28] [INFO] - Refactoring parameters...
PHP Warning:  Trying to access array offset on null in C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal\bypass.php on line 333
[2024-08-12] [09:17:28] [INFO] - Sending POST request...
[2024-08-12] [09:17:31] [INFO] ! Fail to send request, check your internet connection.

C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>php bypass.php
[2024-08-12] [09:18:21] [INFO] - ************************************
[2024-08-12] [09:18:21] [INFO] - * Xiaomi HyperOS BootLoader Bypass *
[2024-08-12] [09:18:21] [INFO] - * By NekoYuzu          Version 1.0 *
[2024-08-12] [09:18:21] [INFO] - ************************************
[2024-08-12] [09:18:21] [INFO] - GitHub: https://github.com/MlgmXyysd
[2024-08-12] [09:18:21] [INFO] - XDA: https://xdaforums.com/m/mlgmxyysd.8430637
[2024-08-12] [09:18:21] [INFO] - X (Twitter): https://x.com/realMlgmXyysd
[2024-08-12] [09:18:21] [INFO] - PayPal: https://paypal.me/MlgmXyysd
[2024-08-12] [09:18:21] [INFO] - My Blog: https://www.neko.ink/
[2024-08-12] [09:18:21] [INFO] - ************************************
[2024-08-12] [09:18:21] [INFO] - Starting ADB server...
[2024-08-12] [09:18:22] [INFO] - Processing device 6af6eb65(3)...
[2024-08-12] [09:18:22] [INFO] - Finding BootLoader unlock bind request...
[2024-08-12] [09:18:22] [INFO] * Now you can bind account in the developer options.
[2024-08-12] [09:18:24] [INFO] - Account bind request found! Let's block it.
[2024-08-12] [09:18:24] [INFO] - Refactoring parameters...
PHP Warning:  Trying to access array offset on null in C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal\bypass.php on line 333
[2024-08-12] [09:18:24] [INFO] - Sending POST request...
[2024-08-12] [09:18:26] [INFO] - Request parameter error (10000)

C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>php bypass.php
[2024-08-12] [09:25:50] [INFO] - ************************************
[2024-08-12] [09:25:50] [INFO] - * Xiaomi HyperOS BootLoader Bypass *
[2024-08-12] [09:25:50] [INFO] - * By NekoYuzu          Version 1.0 *
[2024-08-12] [09:25:50] [INFO] - ************************************
[2024-08-12] [09:25:50] [INFO] - GitHub: https://github.com/MlgmXyysd
[2024-08-12] [09:25:50] [INFO] - XDA: https://xdaforums.com/m/mlgmxyysd.8430637
[2024-08-12] [09:25:50] [INFO] - X (Twitter): https://x.com/realMlgmXyysd
[2024-08-12] [09:25:50] [INFO] - PayPal: https://paypal.me/MlgmXyysd
[2024-08-12] [09:25:50] [INFO] - My Blog: https://www.neko.ink/
[2024-08-12] [09:25:50] [INFO] - ************************************
[2024-08-12] [09:25:50] [INFO] - Starting ADB server...
[2024-08-12] [09:25:51] [INFO] - Processing device 6af6eb65(3)...
[2024-08-12] [09:25:52] [INFO] - Finding BootLoader unlock bind request...
[2024-08-12] [09:25:52] [INFO] * Now you can bind account in the developer options.
[2024-08-12] [09:25:55] [INFO] - Account bind request found! Let's block it.
[2024-08-12] [09:25:55] [INFO] - Refactoring parameters...
[2024-08-12] [09:25:55] [INFO] - Sending POST request...
[2024-08-12] [09:25:58] [INFO] - Target account: 6354144***
[2024-08-12] [09:25:58] [INFO] - Account bound successfully, wait time can be viewed in the unlock tool.

C:\Users\cpanel\Downloads\Bypass-1.0-fix-universal>adb reboot bootloader
lexavey commented 3 weeks ago

image Yea

sturdy-cactus commented 10 hours ago

image Yea

Dear lexavey, how did you manage to solve the Request parameter error (10000)?

lexavey commented 5 hours ago

Dear lexavey, how did you manage to solve the Request parameter error (10000)?

Your device has been updated to newer version, you need to update settings apk for your device, see this issue https://github.com/MlgmXyysd/Xiaomi-HyperOS-BootLoader-Bypass/issues/160

Download your apk from this reference https://github.com/MlgmXyysd/Xiaomi-HyperOS-BootLoader-Bypass/pull/78#issuecomment-2106104350

I hope your device listed.

image