On November 21, Xiaomi officially announced changes to bootloader unlocking permissions. The bootloader unlocking permission, available to developers and mobile phone enthusiasts after upgrading to Xiaomi HyperOS, was detailed in the official announcement at the beginning of this month, effective from November 8. A crucial condition for this permission is that the user must attain a “community growth level” of at least 5. However, this alteration stirred dissatisfaction and criticism among many users.
Moreover, unlocking the bootloader lock under the MIUI system poses security concerns, preventing users from receiving updates from HyperOS. To continue receiving updates from HyperOS, users must re-lock the bootloader.
Addressing this, blogger @MlgmXyysd reported that their studio successfully circumvented the community account level limit tied to unlocking the Xiaomi HyperOS Bootloader. They conducted successful tests on Xiaomi 14, and the vulnerability is theoretically applicable to all devices running HyperOS, including those upgraded from MIUI.
While this method enables users to bypass community-level restrictions, it’s important to note that even after a successful crack, a waiting period of 72 or 360 hours, as per regulations, is mandatory before utilizing official tools to unlock the bootloader.
As depicted in the accompanying image, @MlgmXyysd also had to endure a 168-hour waiting period. After successfully unlocking the test machine, we will release the complete PHP vulnerability script and PoC ideas.
Read Also: HyperOS Development Version For Mi 13, Redmi K60, and Others
