MlgmXyysd / Xiaomi-HyperOS-BootLoader-Bypass

A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community restrictions of BootLoader unlocked account bindings.
https://www.neko.ink/
2.83k stars 315 forks source link

Request Error Parameter (1000) | October Update #207

Open Skyunn opened 1 week ago

Skyunn commented 1 week ago

Device: Xiaomi 14 Ultra Global Proof: https://imgur.com/a/ngS4ubX ROM: 1.0.13.0.UNAEUXM ✅ Have a Xiaomi Account over 30 days (47 days)

Tried the fixes from; Installed Settings.apk. Logging in and out of Xiaomi Account. Device and Sim number (recovery number/phone) are verified and binded to account. Disabled second sim to only use main binded sim. Turned on "Synced Messages" and turned off "Find Device".

Dump Report:

[2024-10-23] [17:33:14] [INFO] - ************************************
[2024-10-23] [17:33:14] [INFO] - * Xiaomi HyperOS BootLoader Bypass *
[2024-10-23] [17:33:14] [INFO] - * By NekoYuzu          Version 1.0 *
[2024-10-23] [17:33:14] [INFO] - ************************************
[2024-10-23] [17:33:14] [INFO] - GitHub: https://github.com/MlgmXyysd
[2024-10-23] [17:33:14] [INFO] - XDA: https://xdaforums.com/m/mlgmxyysd.8430637
[2024-10-23] [17:33:14] [INFO] - X (Twitter): https://x.com/realMlgmXyysd
[2024-10-23] [17:33:14] [INFO] - PayPal: https://paypal.me/MlgmXyysd
[2024-10-23] [17:33:14] [INFO] - My Blog: https://www.neko.ink/
[2024-10-23] [17:33:14] [INFO] - ************************************
[2024-10-23] [17:33:14] [INFO] - Starting ADB server...
[2024-10-23] [17:33:14] [INFO] - Processing device fee5bcbe(3)...
[2024-10-23] [17:33:15] [INFO] - Finding BootLoader unlock bind request...
[2024-10-23] [17:33:15] [INFO] * Now you can bind account in the developer options.
[2024-10-23] [17:33:30] [INFO] - Account bind request found! Let's block it.
[2024-10-23] [17:33:30] [INFO] - Refactoring parameters...
string(876) "8/8Mnp7WcRph8sbnR99N7vo9tD3wEerBfTGF/ERYpg5TVr4CrXCpmM50gvENcWQSxrdMtRtSCRQBVl4X+3mlQE09QHxT3BhL4XotAS2ZQCPeJXYM5rRyHa2ZTE6xhB1FRcyRP9bS7Aevq4BXtzCjI2x/eRuM1mzdgK+Gk2MK7dDJpw9zm49jl1wiIN7iHyIxq6u1YWw5g2N7MHHjP3KCDTjZ9gJ/Ro+ehBKt4N4lr35YQk3dCIEIXscjFm9gCstLnZkYRL2u6oa7cvnZkMcapEtQQthRpGxncQKEfq5uftMlir71druCcWH5wBRZeWFKF25djWVkkg7Hm5csLCz5Oz2JO5ZmIE95wPCxPYSqrHBxwG1G/B1DG9OucoC3qgbLA1tfNaGRGs/pIJjcwwc9cZSdvsHxYu7b9l9qsfDV2PsUOZGBWzUG80AtS0WOAkrFHb9nVOeL4R8K+9RSp/IOm1mtzmU8zhSf4EN3QXTwjr4WUPQ5OP5jjN/7Wogt0EALj4PbwpuxXSdoGSIaLztoUlzUnzPw/Mul1vvw65aHgMRxX1WRP3wUtdiZu+sUaJw4H1WFehw90XMvI8rSH+U3bIoMEiitjS/0Geq8taHTEEoLKkd/14Q3AYJR+i8XGczEKfj5skg44EI5LXFJHDV8gFI/+tITK91RtJuoLPn6mfjYQNygGLFE+4hj/bTL4xaJ3/R+aCg2NBftD/FiOVtenm19vkyRTDiBdqr8xa0Pa8+4rlM9tnGqWzMgfyhF4CJTj7UB/KWgZqykJY0wPvVmsNN+Xtzdfflz9TsSOTXr66aMMbSplWIB2fzBh3MDCwUGK0CGt/TSivqEF7DX6YEdp+O0CJCVl53pv9YaUsmBBd8="
[2024-10-23] [17:33:30] [INFO] - Sending POST request...
[2024-10-23] [17:33:32] [INFO] - Request parameter error (10000)

Does this bypass work when in Xiaomi Community App my account has "Account Error Please try again after (mm/dd)"? https://imgur.com/a/tlVISsY

Screen Recorded Video prior to adding dump. https://streamable.com/lf2ssx

I can re-record again with dump code if requested.

oslohes123 commented 5 days ago

+1 got the exact same error