And now to cap this off, this exploit is now going to be partially used in the root process for ALL V20’s except the H918. Thats why this is huge news.
From the V20 root XDA Thread:
I am going to go through this with a fine tooth comb before I risk my device, but after decompiling it, and giving it a quick cursory glance, it doesn’t look like ANY calls are made to the fusing functions on init.
If anyone was curious (I was) as to whether you could use a firehose to just write anything you wanted – nope. It checks the signature of the image being written, and if it doesn’t pass – no flash. Well, again, our engineering aboot is signed, or our phone wouldn’t boot
So it looks like the full root procedure will be:
- Have a FULLY charged phone
- Dump TZ (just to make sure that you have a copy on hand) - tool will be provided
- Wipe TZ to get into EDL mode (yes - this is the scary 9008 - doesn’t look like the phone even powers on mode) - tool will be provided
- Use QFIL to flash TZ that you dumped, and engineering ABOOT
- You will now have full fastboot so you can fastboot flash recovery twrp.img
This will work on any model V20 except the H918. You guys can thank T-Mobile for deciding to use their own cert.
I will try to contact the person that provided me this firehose and see if they are willing to provide one for the H918.
Lastly, I will be testing this later tonight once I chew through this decompiled code a bit more…
Its not a matter of “Oh superior technology this and that” because thats not a thing.
@wendell Thoughts on what all has happened with the Xiaomi phones?