Skip to content

Instantly share code, notes, and snippets.

  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save trietptm/3d789ba61ad767bd4efd9aab36edd982 to your computer and use it in GitHub Desktop.
Xiaomi's locked bootloader is insecure and useless

Xiaomi's locked bootloader is insecure and useless

Your phone should have a locked bootloader, as it ensures the integrity of the software running on the device. This is especially relevant for Xiaomi phones, which are often loaded with all sorts of crapware by shady merchants. These vendor ROM's are a serious security risk. You really don't want to run that shit, so do your research very carefully when importing a Xiaomi device to ensure it hasn't been tampered with.

So, Xiaomi makes these nice phones and those vendors just ruin it all. They do the logical thing and start locking devices. But even today, vendor ROM's are still a thing! Even the brand new edgeless Mi Mix isn't safe.

How is this possible?

Through a wide open back door called EDL mode. To flash anything you want, all you need is a "deep flash cable" from Aliexpress or another Chinese merchant. On some older devices, you can flash in free-for-all EDL by running adb reboot edl. (Really!)

WTF? They screwed up. And to add insult to the injury for people who want to tinker with their phones, unlocking a Xiaomi bootloader officially is a very arduous process. You must sign up for a Mi Account, apply for permission, wait a day or two to be approved (or denied!) and use the proprietary Mi Unlock tool. (Only available for Windows.)

In comparison, what does a secure bootloader look like? Look at the Google Pixel or Nexus devices. You can unlock at any time just by running fastboot flashing unlock. Of course, this will wipe all data on the device for security (so you can't swap the software to bypass the screen lock, etc.), so unlock right away if you intend to flash.

Once the bootloader is unlocked and unofficial software is flashed, the phone displays a clear warning message on boot. But if you're really dedicated, you can even swap in your own signing keys and sign your own builds!

Xiaomi could kill dodgy merchant crapware if it really wanted to. What are they waiting for?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment