The release of Xiaomi HyperOS in the market has created a technology wave in the tech industry. In the recent update, Xiaomi has changed how you can unlock the bootloader on your Xiaomi, Redmi, and POCO devices, and the criteria for unlocking the bootloader on Xiaomi HyperOS has become more complex and challenging. In this article, we will look at how to bypass Xiaomi HyperOS Bootloader.
Recently a user named “NekoYuzu (MlgmXyysd)” on GitHub has provided a way to bypass the Xiaomi HyperOS Bootloader. He suggested A Proof of Concept (PoC) that exploits a vulnerability to bypass Xiaomi HyperOS community restrictions of bootloader-unlocked bindings. This project was developed by using the php-adb library.
After unlocking the bootloader on your Xiaomi HyperOS device, you may encounter the following situations:
- Software or hardware not working properly or even damaged.
- Loss of data stored in the device.
- Credit card theft or other financial loss.
- Warranty lost. Not only the base warranty but some of the extra extended warranties (such as Mi Care or broken-screen warranty) that you have purchased may also be lost according to the exclusions provided by Xiaomi.
- Hardware-level self-destructs like Samsung Knox. TEE-related features will be permanently damaged. There is no way to restore other than by replacing the motherboard.
- Functional anomalies after flashing a third-party system due to closed-source kernel source code.
- Device or account banned by unlocking Bootloader.
In the meantime, please be aware that any issues arising from an unlocked bootloader on HyperOS are the responsibility of the user. So try this at your risk.
Requirements for Unlocking Xiaomi HyperOS Bootloader Bypass
A Valid Device
- You need to have a Xiaomi, Redmi, or POCO device that is not banned.
- Your device should be running the official HyperOS version. Unofficial or modified versions of HyperOS may not be compatible.
- As of November 23, 2023, devices that require Xiaomi account verification to unlock are temporarily unsupported. This is due to a recent change in the policy made by Xiaomi.
A Valid SMS Card
- The SIM Card used for unlocking must be active and able to access the Internet.
- Each Valid SIM card can only be used to unlock a maximum of 2 Xiaomi devices within 3 months. Please be aware of this when trying to submit unlock requests.
A valid Xiaomi account
- You need to have a Xiaomi Account, or you can create one if you don’t have one. But make sure that the Xiaomi Account has not been banned.
- Your Xiaomi Account can only be used to unlock 1 phone in a month and 3 phones in a year.
According to the unlocking instructions provided by Xiaomi, it will prohibit some accounts and devices from using the unlocking tool called “risk control“.
Download the Necessary Files
This method of unlocking the Bootloader may be risky. If anything happens to your Xiaomi Device while performing this, Xaiomi Advices will not be held responsible for any loss you incur the process. So try this at your own risk.
How to Bypass Xiaomi HyperOS Bootloader?
- Download and Install PHP 8.0+ or a later version for your system from the official website.
- Enable OpenSSL and Curl extension in php.ini. (Note: Add/or set extension_dir to your PHP’s ext directory if the script does not work.
- Place adb.php in php-adb to the directory.
- Download platform tools and place them in libraries. (Note: Mac OS needs to rename adb to adb-darwin.)
- Open a terminal and use a PHP interpreter to execute the script.
- Tap repeatedly on the Settings – About Phone – MIUI Version to enable Development Options.
- Enable OEM Unlocking, USB Debugging, and USB Debugging (Security Settings) in Settings – Additional Settings – Development Options.
- Log in to your Xiaomi account.
- Connect your Xiaomi, Redmi, or POCO phone to your PC via a wired interface.
- Check “Always Allow from this computer” and click OK.
- Wait and follow the prompts of the script.
- After successful binding, you can use the official unlock tool to check when you need to wait.
- During the waiting period, please use the device normally, keep the SIM card inserted, do not log out of your account or turn off Find My Phone, and do not re-bind the device until it is successfully unlocked. The device will automatically send HeartBeat packets to the server every once in a while.
Unlocking the bootloader on Xiaomi devices running the HyperOS update does come with some risks, as it allows core changes to the operating system to be made. And Xiaomi has recently introduced more restrictions around unlocking bootloaders. This is likely being done to protect average users from inadvertently making changes that could destabilize their devices.
However, we understand the developer community’s frustration as an open bootloader. Xiaomi has been a hallmark of “Geek’’ spirit and commitment to General Public License (GPL). We hope Xiaomi can find a balanced approach that still allows power users to unlock devices at their own risk while protecting the general user. We expect that Xiaomi will hear the feedback from developers and can find a solution that satisfies all parties.
Why does the unlock tool still remind me to wait 168/360 (or more) hours?
By principle, this PoC only bypasses the restrictions added for HyperOS. You still need to comply with the restrictions for MIUI.
The device shows Couldn’t verify, wait a minute or two and try again.
This is normal. The binding request on the device side has been blocked by our script. The actual binding result is subject to the script prompt.
Binding failed with error code 401.
Your Xiaomi account credentials have expired. You need to log out and log in again on your device.
Binding failed with error code 20086.
Your device credentials have expired. You need to reboot your device.
Binding failed with error code 20090 or 20091.
Device’s Security Device Credential Manager function failure, contact after-sales.
Binding failed with error code 30001.
Your device has been forced to verify the account qualification by Xiaomi. Xiaomi lost its ‘geek’ spirit a long time ago, and there’s nothing we can do about it.
Binding failed with error code 86015.
The server has rejected this binding request. Please try again.
Also Read: How to Unlock HyperOS Bootloader
If you liked our article, please let us know how you feel about it in the comment section.