IDK how many places are really going to bring this up, but essentially thiri is a large bug in Xiaomi and Nokia devices that lets you take anything from the bootloader to the os and do whatever you want with it with a combination of Fastboot and a deep flash cable. This is kinda cool and might allow for some fun stuff with these phones. If any of them are like the ASUS phones based on X86 we might end up with an HTC HD2 again.
And now to cap this off, this exploit is now going to be partially used in the root process for ALL V20’s except the H918. Thats why this is huge news.
From the V20 root XDA Thread:
I am going to go through this with a fine tooth comb before I risk my device, but after decompiling it, and giving it a quick cursory glance, it doesn’t look like ANY calls are made to the fusing functions on init.
If anyone was curious (I was) as to whether you could use a firehose to just write anything you wanted – nope. It checks the signature of the image being written, and if it doesn’t pass – no flash. Well, again, our engineering aboot is signed, or our phone wouldn’t boot
So it looks like the full root procedure will be:
Have a FULLY charged phone
Dump TZ (just to make sure that you have a copy on hand) - tool will be provided
Wipe TZ to get into EDL mode (yes - this is the scary 9008 - doesn’t look like the phone even powers on mode) - tool will be provided
Use QFIL to flash TZ that you dumped, and engineering ABOOT
You will now have full fastboot so you can fastboot flash recovery twrp.img
Profit!
This will work on any model V20 except the H918. You guys can thank T-Mobile for deciding to use their own cert.
I will try to contact the person that provided me this firehose and see if they are willing to provide one for the H918.
Lastly, I will be testing this later tonight once I chew through this decompiled code a bit more…
– Brian
Its not a matter of “Oh superior technology this and that” because thats not a thing.
@wendell Thoughts on what all has happened with the Xiaomi phones?