包含 Keritial。如果你看到了不符合你印象中的 Keritial 的有关 Keritial 的内容,那么这个有关 Keritial 内容与 Keritial 无关。
众所周知,不在小米强制验证账号 Bootloader 解锁权限的名单中(即 设备出产系统非 HyperOS),而且运行 HyperOS,无法直接的设备,可以通过劫持绑定请求来绕过验证。在较早期的 HyperOS 的版本中,这是可行的。
后来,小米修改了设置应用的绑定设备的加密算法,使得无法通过 logcat 劫持绑定请求。但是可以通过覆盖安装早期版本设置(早期 HyperOS 的设置,非 MIUI 的;升级到 Android 15 后此办法可能失效,毕竟 API level 更高了)。
Redmi Note 11T Pro (代号: xaga) 在 OS1.0.1.0.ULOCNXM 时是可以这样绑定的。而在我升级 OS1.0.2.0.ULOCNXM 后,覆盖安装旧版设置(来自 Redmi Note 12 Turbo (代号: marble),版本号 OS1.0.5.0.UMRCNXM)后开发者选项无法进入。
我暂时没找到原因,我降级到了 OS1.0.1.0 试了下,能够绑定的。
这是个不好的迹象,虽然以你米在这件事上的上心程度,这不意外。
更新1:HMA 在这个版本上导致 bootloop。
更新2:关闭蓝牙后,开发者设置就不闪退了,原因未知。
It is well-known that Xiaomi devices not on the list for enforced Bootloader unlock permission validation (i.e., devices not shipped with HyperOS) and running HyperOS, which cannot directly bind devices, can bypass validation by hijacking the binding request. This was feasible in earlier versions of HyperOS.
Later, Xiaomi modified the encryption algorithm for device binding in the Settings app, making it impossible to hijack the binding request through logcat. However, it was still possible by overriding the Settings app with an earlier version(from early HyperOS, not MIUI; this method may not work on Android 15, as the API level is changed).
The Redmi Note 11T Pro (codename: xaga) could be bound successfully in this way during OS1.0.1.0.ULOCNXM. However, after upgrading to OS1.0.2.0.ULOCNXM, it failed. By overriding the Settings app with an old version (in this case, from the Redmi Note 12 Turbo, codename: marble, version OS1.0.5.0.UMRCNXM), I could no longer enter the Developer Options.
I haven’t determine the cause yet. I tried to downgrade to OS1.0.1.0, and I was still able to bind on that version.
This is a indication of something bad, although it’s not surprising considering Xiaomi’s level of concern regarding Bootloader unlocking.
Update 1: Hide My Applist led to bootloop on this verison too.
Update 2: Turning off Bluetooth before overriding the Settings app would prevent the Developer Options from crashing. Wondering why.
#Xiaomi #Bootloader
后来,小米修改了设置应用的绑定设备的加密算法,使得无法通过 logcat 劫持绑定请求。但是可以通过覆盖安装早期版本设置(早期 HyperOS 的设置,非 MIUI 的;升级到 Android 15 后此办法可能失效,毕竟 API level 更高了)。
Redmi Note 11T Pro (代号: xaga) 在 OS1.0.1.0.ULOCNXM 时是可以这样绑定的。而在我升级 OS1.0.2.0.ULOCNXM 后,覆盖安装旧版设置(来自 Redmi Note 12 Turbo (代号: marble),版本号 OS1.0.5.0.UMRCNXM)后开发者选项无法进入。
我暂时没找到原因,我降级到了 OS1.0.1.0 试了下,能够绑定的。
这是个不好的迹象,虽然以你米在这件事上的上心程度,这不意外。
更新1:HMA 在这个版本上导致 bootloop。
更新2:关闭蓝牙后,开发者设置就不闪退了,原因未知。
It is well-known that Xiaomi devices not on the list for enforced Bootloader unlock permission validation (i.e., devices not shipped with HyperOS) and running HyperOS, which cannot directly bind devices, can bypass validation by hijacking the binding request. This was feasible in earlier versions of HyperOS.
Later, Xiaomi modified the encryption algorithm for device binding in the Settings app, making it impossible to hijack the binding request through logcat. However, it was still possible by overriding the Settings app with an earlier version(from early HyperOS, not MIUI; this method may not work on Android 15, as the API level is changed).
The Redmi Note 11T Pro (codename: xaga) could be bound successfully in this way during OS1.0.1.0.ULOCNXM. However, after upgrading to OS1.0.2.0.ULOCNXM, it failed. By overriding the Settings app with an old version (in this case, from the Redmi Note 12 Turbo, codename: marble, version OS1.0.5.0.UMRCNXM), I could no longer enter the Developer Options.
I haven’t determine the cause yet. I tried to downgrade to OS1.0.1.0, and I was still able to bind on that version.
This is a indication of something bad, although it’s not surprising considering Xiaomi’s level of concern regarding Bootloader unlocking.
Update 1: Hide My Applist led to bootloop on this verison too.
Update 2: Turning off Bluetooth before overriding the Settings app would prevent the Developer Options from crashing. Wondering why.
#Xiaomi #Bootloader
老師讓同學回家後寫一篇有關「中國」的作文。
小明不理解這詞的含義,就去問爸爸。
小明問爸爸:「老師要我們交一篇『中國』的作文,什麼叫中國啊?」
爸爸推推眼鏡說:「不如來個比喻吧一」
「媽媽管的是家裡大家事,這就是『政府』。」
「爸爸出去賺錢回家,這就是『財團』。」
「家裡的外籍家庭女傭是替我們做事,這就是『勞工』。」
「你來自大陸的爺爺退休後在家無事可做時便幫幫媽媽,這就是『共產黨』。」
「你姊姊對你好,這就是『好人』。」
「你姊姊的男朋友保護你姊姊,這就是『公安』。」
「你呢,靠我們養你、保護你,你就是『人民』。」
「弟弟比你年紀更小,這就是大家的『未來』。」
「這一切加起來便是『中國』。」
小明認為懂了便去睡覺。。。
那晚,小明被弟弟的哭聲吵醒,去看他時,發現弟弟便便在尿布裡。小明不知道如何換尿布便到父母房間到,但小明媽媽忙碌了一整天正在熟睡,叫也叫不醒。他就到女傭的房間,看到爸爸壓在女傭身上,不理他的敲門;而爺爺正在偷看;他轉身去找他姊姊,發現姊姊被她的男朋友弄得嗯嗯叫,也不理他的敲門;小明求助無門只好回房睡覺了....
第二天小明的作文寫道:
「『中國』是這樣子的:人民在尋求幫助時,政府在熟睡,財團欺壓勞工,黨只在看,公安欺負好人,這個時候,我們的未來只有一褲子大便,繼續哭泣...」
From the comment user https://www.youtube.com/@eq2noko posted under https://www.youtube.com/watch?v=R7pIhuw6-DY
小明不理解這詞的含義,就去問爸爸。
小明問爸爸:「老師要我們交一篇『中國』的作文,什麼叫中國啊?」
爸爸推推眼鏡說:「不如來個比喻吧一」
「媽媽管的是家裡大家事,這就是『政府』。」
「爸爸出去賺錢回家,這就是『財團』。」
「家裡的外籍家庭女傭是替我們做事,這就是『勞工』。」
「你來自大陸的爺爺退休後在家無事可做時便幫幫媽媽,這就是『共產黨』。」
「你姊姊對你好,這就是『好人』。」
「你姊姊的男朋友保護你姊姊,這就是『公安』。」
「你呢,靠我們養你、保護你,你就是『人民』。」
「弟弟比你年紀更小,這就是大家的『未來』。」
「這一切加起來便是『中國』。」
小明認為懂了便去睡覺。。。
那晚,小明被弟弟的哭聲吵醒,去看他時,發現弟弟便便在尿布裡。小明不知道如何換尿布便到父母房間到,但小明媽媽忙碌了一整天正在熟睡,叫也叫不醒。他就到女傭的房間,看到爸爸壓在女傭身上,不理他的敲門;而爺爺正在偷看;他轉身去找他姊姊,發現姊姊被她的男朋友弄得嗯嗯叫,也不理他的敲門;小明求助無門只好回房睡覺了....
第二天小明的作文寫道:
「『中國』是這樣子的:人民在尋求幫助時,政府在熟睡,財團欺壓勞工,黨只在看,公安欺負好人,這個時候,我們的未來只有一褲子大便,繼續哭泣...」
From the comment user https://www.youtube.com/@eq2noko posted under https://www.youtube.com/watch?v=R7pIhuw6-DY
关于我把手机字库整没了,因为在保,小米直接保修帮我换了主板这档事
I erased the phone’s firmware, but since it was under warranty, Xiaomi replaced the motherboard for me for free
我不小心给我的 Redmi Note 11T Pro (联发科 Dimensity 8100)刷入了错误的 preloader,砖了(表现为反复重启,进不去 recovery 与 fastboot)。
I accidentally flashed a wrong preloader to my Redmi Note 11T Pro (with a Mediatek Dimensity 8100 SoC), which bricked my phone. I kept rebooting and couldn't enter Fastboot or Recovery.
好在这个 preloader 是 engineering preloader,它在启动时会暴露一个不需要授权的 VCOM 端口,可以用来救砖什么的。我打开了 SP Flash Tool 准备救砖,
Fortunately, the preloader I flashed was a engineering preloader, which exposes a unauthenticated VCOM port, thus SP Flash Tools is available for the recovery process.
我傻逼的地方来了,之前更新系统之后到了 B 槽忘记切换或 A 槽了。这时就算用完整线刷包刷一遍也大概率没用的,必须得抹掉闪存再刷。问题是抹掉之前没有备份字库...
Here comes the part where it was really stupid of me, I have forgotten to switch back to B slot after performing an OTA. At this point, even reflashing with the complete fastboot package would likely be ineffective; a full flash erase was necessary. The issue was that I didn’t back up the firmware before erasing…
然后手机成功地启动失败了。因为 seccfg 也被抹掉了,此时 Bootloader 已重新锁定。再次重启进入 Recovery,显示「NV 数据已损坏」。寄。
Then, the phone failed to boot. Since the seccfg partition was also erased, the bootloader relocked itself. Upon restarting, it entered Recovery mode, displaying “NV data is corrupted.”
有趣的是,这个时候重启到 Fastboot 模式下,可以用小米解锁工具直接解锁。
Interestingly, I was able to unlock the Bootloader directly using Mi Unlock Tool under Fastboot.
最后我把手机送修,小米打了个电话告诉我要换主板,会丢数据。然后因为保修还剩3个月,免费。
I sent my phone to after sales for repairing. Xiaomi contacted me to inform that they have to replace a motherboard which will result in data loss. I argeed. However, since there were still three months left on my warranty, the service was free of charge.
感谢小米(
#Xiaomi #Bootloader #Warranty
I erased the phone’s firmware, but since it was under warranty, Xiaomi replaced the motherboard for me for free
我不小心给我的 Redmi Note 11T Pro (联发科 Dimensity 8100)刷入了错误的 preloader,砖了(表现为反复重启,进不去 recovery 与 fastboot)。
I accidentally flashed a wrong preloader to my Redmi Note 11T Pro (with a Mediatek Dimensity 8100 SoC), which bricked my phone. I kept rebooting and couldn't enter Fastboot or Recovery.
好在这个 preloader 是 engineering preloader,它在启动时会暴露一个不需要授权的 VCOM 端口,可以用来救砖什么的。我打开了 SP Flash Tool 准备救砖,
Fortunately, the preloader I flashed was a engineering preloader, which exposes a unauthenticated VCOM port, thus SP Flash Tools is available for the recovery process.
我傻逼的地方来了,之前更新系统之后到了 B 槽忘记切换或 A 槽了。这时就算用完整线刷包刷一遍也大概率没用的,必须得抹掉闪存再刷。问题是抹掉之前没有备份字库...
Here comes the part where it was really stupid of me, I have forgotten to switch back to B slot after performing an OTA. At this point, even reflashing with the complete fastboot package would likely be ineffective; a full flash erase was necessary. The issue was that I didn’t back up the firmware before erasing…
然后手机成功地启动失败了。因为 seccfg 也被抹掉了,此时 Bootloader 已重新锁定。再次重启进入 Recovery,显示「NV 数据已损坏」。寄。
Then, the phone failed to boot. Since the seccfg partition was also erased, the bootloader relocked itself. Upon restarting, it entered Recovery mode, displaying “NV data is corrupted.”
有趣的是,这个时候重启到 Fastboot 模式下,可以用小米解锁工具直接解锁。
Interestingly, I was able to unlock the Bootloader directly using Mi Unlock Tool under Fastboot.
最后我把手机送修,小米打了个电话告诉我要换主板,会丢数据。然后因为保修还剩3个月,免费。
I sent my phone to after sales for repairing. Xiaomi contacted me to inform that they have to replace a motherboard which will result in data loss. I argeed. However, since there were still three months left on my warranty, the service was free of charge.
感谢小米(
#Xiaomi #Bootloader #Warranty
thorHyperOS (based on Android 14) ported for Xiaomi 10 (umi) from Xiaomi 12S Ultra (thor)
OS1.0.5.0 (EROFS): Building
如需 Root,可考虑自行使用 Magisk 或 APatch 或自行编译 KernelSU 内核(或者用 Voyager Kernel 等)。
For root, consider Magisk or APatch, or build the kernel with KernelSU yourself (or custom kernels like Voyager Kernel).
