---
---
---
---
---
For owners of Xiaomi Air 12 or 13 that are facing static sound in Audio cause of Windows 10 please update your Realtek driver from their own website and not use windows update or general update. You need to download the latest 64bit driver dated ' 14-Jun-17 - 6.0.1.8186 '
@Wootever, sorry for my unrelated question. But, I have a Xiaomi Air 13 2016 and I've set a supervisor password when I changed to Linux. I then removed the password when I changed back to Windows 10, but it's still asking me for one...
Do you happen to know a way on how to remove the BIOS password on this laptop? I've extracted the executable from Insyde H20 A06 updater and changed the platform.ini, so it does a force flash of the password area (Password=1), however, it's still asking for one.. Any help would be greatly appreciated! Thanks in advance
@r00tPT
Try to set the password again and then set it to blank.
Wootever said:
@r00tPT
Try to set the password again and then set it to blank.
Click to expand...
Click to collapse
Thanks, but I cannot set the a new password, as when I try to access the BIOS, it asks me for a password..
I wanted to reset this password altogether, so I can access my BIOS and set a new one =/
@r00tPT
You can try to flash this default BIOS A06 Package, it will overwrite all device specific data (Serial, Windows Key, NVstore).
All settings should be set to default (including the password), but i haven't tested this (no guarantee and at your own risk).
Edit:
Don't forget to create a backup using the Backup.cmd file, it should be possible to restore the Serial number on the "empty" default BIOS.
Wootever said:
@r00tPT
You can try to flash this default BIOS A06 Package, it will overwrite all device specific data (Serial, Windows Key, NVstore).
All settings should be set to default (including the password), but i haven't tested this (no guarantee and at your own risk).
Edit:
Don't forget to create a backup using the Backup.cmd file, it should be possible to restore the Serial number on the "empty" default BIOS.
Click to expand...
Click to collapse
Thank you, Wootever! I think it's worth a try.
Would it make sense to create the backup, flash the default package, confirm if there's no password and then flash back the original Xiaomi BIOS to restore the Serial number?
Sorry, as I have near to none experience related to bios. thanks once again
@r00tPT
The backup includes all current settings (including the password), restoring it would also re-enable the password protection.
I made a little script to restore the device serial from the backup.bin file.
This is necessary because the Windows Activation seems linked with the device serial number.
Edit:
Updated the script.
Wootever said:
@r00tPT
The backup includes all current settings (including the password), restoring it would also re-enable the password protection.
I made a little script to restore the device serial from the backup.bin file.
This is necessary because the Windows Activation seems linked with the device serial number.
Edit:
Updated the script.
Click to expand...
Click to collapse
Wouldn't it be best to make a backup of the current bios with a flash programmer? I still haven't done this, as I'm trying to figure out what password I put.. (I basically set a supervisor password when I disabled secure boot, but then when I tried to set a new blank password it didn't change it back)
I have a friend who has the exact same laptop. Would it be fine if I made a backup of his bios and restore it into mine?
Could there be an issue or some missing information? Probably only the device serial number, which I could write again using your script? Would that be feasible?
By the way, sorry for asking these questions here/to you, but it's hard to find some guidance regarding this topic. Thanks once again
@Wootever, it worked!! You're the greatest man! I'm now able to access my BIOS again!
Is there any way to re-enable the flash protected range register again, just in case?
Wootever said:
I just got my hands on a Xiaomi Air 13 (2016 version) and wanted to share my findings.
The BIOS version of this device is A07, which is not yet made available by Xiaomi and originally, BIOS updates can only be flashed with the Insyde tools.
However, those require a valid certificate to correctly sign the binary file, thus a provided backup of version A07 won't be applicable as a update.
Intel Flash Programming tool is another alternative which allows to flash unsigned/customized versions, but in practice FPT can't access the BIOS region due to the protected range register which prohibits write access.
Code:
Error 316: Protected Range Registers are currently set by BIOS, preventing flash access.
Please contact the target system BIOS vendor for an option to disable Protected Range Registers.
Fortunately there is an undocumented variable switch that i found by coincidence which deactivates the flash protected range register.
For this i made a little tool which automatically patches the variable to allow BIOS update via FPT.
Note: modifying your BIOS is at your own discretion, i am not responsible for any damage caused by this procedure.
Download my variable patcher, extract it and execute Patcher.cmd
Reboot your device.
Download BIOS A07 for the Xiaomi Air 13 (2016)
Execute Backup.cmd to create a backup of your current BIOS.
Then execute Update.cmd to install version A07.
Use Serial.cmd to restore the device serial number from the backup BIOS.
Reboot your device.
I also made a few changes for this BIOS:
Updated microcode to 0xBA
Increased PWM frequency to 5000 Hz
Click to expand...
Click to collapse
I tried but I have this problem with patcher, any suggestion?
@Wootever
1) after upgrading the bios, how do i re-activate the flash protected range register?
2) do you have the default clean A07 bios (without the microcode and PWM changes)?
thank you!
May I ask if there is an easy way to unlock BIOS totally on Xiaomi Air 13? Because previously I opened a topic about it in biosmods.com , someone reached to me and told that due to write protection it needs quoting from him: "Bios mod can be flashed using SPI-programmer+SOIC8 clip only". That requires opening laptop up and connecting clip on chip physically. I love to tinker things in my laptop but that is a bit scary for me. So is there another way to do it, anyone knows??
THANK YOU!! This is pure gold! By the way, does the flag you found also unlock the ME region?
Update: nevermind. The answer is no unfortunately
bigorbi said:
May I ask if there is an easy way to unlock BIOS totally on Xiaomi Air 13? Because previously I opened a topic about it in biosmods.com , someone reached to me and told that due to write protection it needs quoting from him: "Bios mod can be flashed using SPI-programmer+SOIC8 clip only". That requires opening laptop up and connecting clip on chip physically. I love to tinker things in my laptop but that is a bit scary for me. So is there another way to do it, anyone knows??
Click to expand...
Click to collapse
No, you can flash any bios mod with the flag found by @Wootever. However, you may want to get a programmer (Altera USB blaster has cheap Chinese clones supported by flashrom) and a SOIC8 clip anyway just in case. They're dirt cheap and allow for recovery when things go wrong.
As a bonus, an external programmer enables you to get rid of the management engine.
CARLiCiOUS said:
THANK YOU!! This is pure gold! By the way, does the flag you found also unlock the ME region?
Update: nevermind. The answer is no unfortunately
Click to expand...
Click to collapse
It might be possible if the variable for ME Image Re-Flash is set:
Code:
Me FW Image Re-Flash, Variable: 0xD08
Disabled, Value: 0x0 (default)
Enabled, Value: 0x1
Variable to unlock protected range register:
Code:
BIOS SPI Lock:, Variable: 0x258
Enabled, Value: 0x1 (default)
Disabled, Value: 0x0
Edit:
Here is another variable patcher that also enables the ME Re-Flash variable.
(Note: not tested, use with caution)
Related
Is there a way via registry editing or otherwise to set up a device to ignore the requirement to have certified dll's and executables.
This would be temporary just for trying out programs extracted from other roms without having to worry about certifying everything just to see if it works.
Thanks
the policies that control this can be viewed here:
http://msdn.microsoft.com/library/d.../wce51conwindowsmobiledevicesecuritymodel.asp
the "unsigned applications policy" should already be 1.
change the "Unsigned Prompt Policy" to 1 also. I.e. change the following registry entry to 1.
HKLM\Security\Policies\Policies\101a
Note that the web page says that this policy is 4122, but 4122 is 101a in hex.
You may also want to set "unsigned cabs" to 16
(HKLM\Security\Policies\Policies\1005 to 16)
Also, this will not work for drivers that are loaded during booting. I'm pretty sure they must be signed. It's not that difficult to create a certificate, install it on your device, then sign the driver dll so it will work.
you can also change this using the "SecurityPolicy Configuration Service" see
http://msdn.microsoft.com/library/d...lesdk5/html/wce51samsettingsecuritypolicy.asp
Thanks a bunch! good info.
Howdy all. Do you flash your phone a lot? Don’t you hate it having to put in your WIFI and Exchange settings all the time? Well now you don’t have to with the Settings Creator. I started off creating a XML for just myself but then I decided to give back to the community that has helped me so much with my flashing and cooking needs.
To run the program all that is required is the .NET framework 2.0 (See below for link). After you input the information that is required a nice CAB file will be created, just pop that on your phone and viola settings are all done. In the words of my Cousin Vinny "Make once, use a bunch".
Known Issues:
1. WEP 128bit does not work (I think this is a limitation of the Hermes because even manually I cannot get it to work)
2. E-mail is for Exchange Direct Push Only
Help requested:
1. I don’t have access to a AP/Router that does WPA2 therefore I have no idea if this works with that level on authentication works (Also try manually to see if it is a limitation of the device)
2. I don’t have access to a AP/Router that does WPA with AES Encryption therefore I have no idea if this works with that level on authentication works (Also try manually to see if it is a limitation of the device)
Please provide any feedback you may have. Thanks guys.
-UllSang
Program requires .NET 2.0 Framework. (Download at http://www.microsoft.com/downloads/...CB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en
Also required is Visual J#)
Attachment 1: The binary release
Attachment 2: Source code.
Licensed under: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
Change log:
---0.1
-----First Release
Running this on the desktop complained at first - you need to install the Visual J# Redistributable to make it work, as it doesn't seem to be part of the .NET framework by default.
Hope that helps.
Ah thanks for the heads up, I had no idea that it wasn't a part of the .NET framework by default. Did you instal the J# package and try the program? Thanks.
UllSang said:
Known Issues:
1. WEP 128bit does not work (I think this is a limitation of the Hermes because even manually I cannot get it to work)
Click to expand...
Click to collapse
A humble suggestion - this may be worth looking at again as I use wep 128bit and do not find any problem when entered as hex key.
Mike
Hmm.. intresting... I can not get it to work. I am inputting it as an ASCII though and it only works for 64 bit. After i saw your post i tried it entering as hex and it still does not work, it could be my cheap piece of crap router. Any chance you tried it out with the program? Thanks
Hi, I have a Huawei Y625-U51 (Dual-SIM) running stock Android 4.4.2/EMUI 2.3 Lite and I would like to encrypt the device, but there are no Encryption options in "Settings > Personal > Security". Is there a way to make these options available or otherwise carry out a system encryption (i.e. using adb)?
Here's the about info to the device:
Model: HUAWEI Y625-U51
Android: 4.4.2
Secpatch-Lvl: 2015-11-01
EMUI: EMUI 2.3 Lite
Kernel: 3.4.0
Build-Number: Y625-U51V100R001C577B108
I already tried carrying out a factory reset but that didn't bring up the encryption options.
I'm well-versed with Windows/Linux system hacks but new to Android, so please bear with me. Any help would be greatly appreciated. Thx.
Encrypt Huawei Y625 via rooting and shell commands
After reading up a few articles on different ways to start encryption from the command line in various Android versions, I decided to experiment and got lucky. Here's what I did (if you want to repeat these steps I suggest you attach your phone to the charging cable first. Also remember that this will likely void your warranty bla bla ) :
rooted the Huawei Y625 using kingoRoot
installed Android Terminal Emulator and ran it
Once inside the terminal I entered
Code:
su
setenforce 0
vdc cryptfs enablecrypto inplace <YourPasswordInCleartext>
(I'm not sure whether the 'setenforce' command that sets SELinux to permissive mode is actually necessary. However, this will only change runtime mode, so you needn't worry that it may persist over reboots).
The screen then immediately went blank. I had forgotten to attach the phone to the charging cable so I scrambled to find it and finally got the phone attached. But it looked pretty much dead now.
After nothing happened for another while, I pressed the start button. The screen remained blank but I got to hear the familiar boot melody. After a while (maybe 2 or 3 minutes) I pressed start again. This time, a message appeared "Wait while your phone is being encrypted" plus a slowly increasing percentage.
* When the encryption had finished, the phone booted up as usual, only this time the familiar melody and splash screen was interrupted by the message "Type password to decrypt storage"
Minor drawbacks:
The boot process is interrupted somewhat uglily in the middle of the melody and splash screen to ask for the encryption password
TouchPal's data transfer agreement pops up every time you start to enter the decryption password (presumably because the answer is written to the /data partition which is still and encrypted and therefore not available yet at this point)
Bigger drawback:
There is no way to change the encryption password using the GUI. You have to run 'vdc cryptfs changepw <YourPasswordInCleartext>' from a shell (Result should be "200 0 0"). That's a bummer if you want to enable encryption for someone reliant on GUI apps.
One last note: this being Android 4.4.2 there is no way to encrypt the whole system. The method described above will encrypt the userdata partition (mounted as /data) only.
P.S.: Sorry for not sharing article and app links, but xda anti-spam settings prevented me as a new user from posting links. So sorry for the missing convenience, but I'm sure you'll be able to find the apps mentioned yourself and as for the articles - they were interesting but relating to wildly different Android versions with different command syntax, so you're propably better off just following the steps above anyway
Hello,
I remember when i set up A1 in firstboot, it asked if i want to be prompted with a password before booting android, to which i said no.
So this in effect, must have encrypted with the default password on first boot. This lets the system boot, and core services started, if the device gets rebooted
without my knowledge(so that i recieve calls and sms) VS, if it asks password before booting(uses my pin as password instead of default password), the core services arent available untill i put my pin in.
This issue was supposed to get solved through Nougat's FBE.
So my question is that, does Mi A1 uses FBE, so that even if i had opted for my pin as password before booting, i would not be blocked of using core services like phone and sms, with OS waiting at pin prompt?
Thanks.
as i have researched more, A1 does not support FBE.
read this excellent writup
In the above article, it shows how to convert to file based encryption. This option in the developer settings is missing from A1.
this is the first major disappointment with A1. Was shocked on system setup to see this. Didn't expect this from a phone expected to receive updates upto P.
ashjas said:
as i have researched more, A1 does not support FBE.
read this excellent writup
In the above article, it shows how to convert to file based encryption. This option in the developer settings is missing from A1.
Click to expand...
Click to collapse
Why do you think ? What encryption does it use ?
It uses FDE. This can be seen when you reboot the device - the black background and basic keyboard. This is FDE.
FBE would boot the device in an intermediary state with wallpaper, full keyboard.
Now if you ask me FDE seems a bit more secure - you can be sure that everything on the device's data partition is encrypted and the only available function is emergency call.
FBE encrypts certain folders but more code is running at startup so you can in theory receive notifications and stuff for certain apps. I certainly don't need stuff running before i authenticate.
gradinaruvasile said:
It uses FDE. This can be seen when you reboot the device - the black background and basic keyboard. This is FDE.
FBE would boot the device in an intermediary state with wallpaper, full keyboard.
Now if you ask me FDE seems a bit more secure - you can be sure that everything on the device's data partition is encrypted and the only available function is emergency call.
FBE encrypts certain folders but more code is running at startup so you can in theory receive notifications and stuff for certain apps. I certainly don't need stuff running before i authenticate.
Click to expand...
Click to collapse
So when the phone was set up in a way, where there was no password asked during (in the middle of) the boot process, how easy would it be for thiefes to access data stored on a A1 ? And how much would it help them if bootlocker was unlocked ?
When you reboot the phone, and you do not have a FDE password set up, the phone still asks for a PIN aftrer booting, with the text "Unlock for all features and data". This sounds like FBE to me.
- PIN is probably from the SIM card. My A1 never asked anything until i set up a password. But mine came with Android 7.1.1 so it is a possibility that some to come with later versions (that have FBE?)?
- FDE is usually enabled anyway on Android 7.1+ but it has a default password set ("default_password" AFAIR). So if you run TWRP for example, even without installing it,it will acces your data because it knows this default password. If you specify a custom password the disk will not be unlocked without it.
- A locked bootloader brings additional security. The idea behind it is to have a verified boot chain - if someone gets hold of your phone to not be able to flash custom system apps on it.
The partitions are checksummed and verified via dm-verity. So at boot time any unauthorized alterations (done, say, with booted TWRP, installed Magist and root then re-locked bootloader afterwards) will trigger a "System Destroyed" message.
The above will be all disabled if you unlock the bootloader and install TWRP. As for now TWRP (or any other loader) cannot ensure system consistency. It is possible to flash stuff on your device by restarting it and launching TWRP. If you have a strong encryption password set up your data partition will still be inaccesible to them but if you get your phone back and start it up the malware will start and do nasty stuff like siphoning all your data, passwords etc (because you can flash system apps that can see everything on the device).
After restart, it asked me for a PIN and then for SIM PIN, (even when draw pattern was my configured way for unlock). It never again asked me for PIN, only right after reboot. Why else would I be asked for a PIN only after reboot, if not because of FBE?
As you may noticed since last week google wants us, the custom rom users to manually register our android_id to the link https://www.google.com/android/uncertified/
It looks simple isn't it?
But there's a catch. Each google account can register up to 100 ids. So if you keep registering new ids after every clean install you'll more likely to hit that 100 ids limit soon. That's even worse for fhe rom developers as they may flash up to 20-30 roms a day.
I'm figuring out that in a different way though. The procedure I'm following is:
A. BEFORE ANYTHING
If you're doing this first time:
1) Copy this database from /data/data/com.google.android.gsf/databases/gservices.db
2.1) Open the database with a sql editor or from adb shell or a terminal emulator in sqlite3, see android_id with this sql command:
SELECT *
FROM main
WHERE name="android_id";
2.2) OR from adb shell:
$ adb root
$ adb shell 'sqlite3 /data/data/com.google.android.gsf/databases/gservices.db "SELECT * FROM main WHERE name = \"android_id\";"'
3) Then save the value you're seeing to somewhere else, and register to your account at https://www.google.com/android/uncertified/
B. THEN FOR EVERY CLEAN INSTALL
1) Backups and wipes.
2) Flash rom (pt roms with vendors have the firmware included).
3) Flash gapps.
4) Optionally flash a custom kernel.
5) Reboot and configure your device.
6) Flash magisk, reboot.
THEN THIS PART IS IMPORTANT:
7.1) Again copy this database /data/data/com.google.android.gsf/databases/gservices.db and open in a sql editor (or with sqlite3 in terminal emulator, or adb shell) and execute this sql command:
UPDATE main
SET value=XXXXXXXXXXXXXXXXXXX
WHERE name="android_id";
7.2) OR from adb shell:
$ adb root
$ adb shell 'sqlite3 /data/data/com.google.android.gsf/databases/gservices.db "UPDATE main SET value=XXXXXXXXXXXXXXXXXXX WHERE name = \"android_id\";"'
Note: XXXXXXXXXXXXXXXXXXX is your android_id as you've learned and registered to your account before (You can see the android_id s you've registered at the same google link).
I just registered my IMEI, that one stays the same across factory resets.
Also, Titanium backup has an option to restore a previously used android ID.
Deleted
Deleted
muff99 said:
I just registered my IMEI, that one stays the same across factory resets.
Also, Titanium backup has an option to restore a previously used android ID.
Click to expand...
Click to collapse
Yes that works too but this is the manual method for the gsf android_id. Wifi only devices doesn't have IMEI for example.
https://www.xda-developers.com/google-removes-100-device-registration-limit-uncertified-device-page/
G4B33 said:
https://www.xda-developers.com/google-removes-100-device-registration-limit-uncertified-device-page/
Click to expand...
Click to collapse
Yes so now we don't have to do that much of hacky-wacky stuff just to get gsf certified status anymore. #YayGoogle? ?
What if you don't do that?
seems not working. After rebooting, it went back to previous id
You know I've just realized that doing exactly what's written on Google's page (that I've shared link of it) doesn't change my status too. My id is exactly what I've registered on the id registration page but no it stays uncertified so you can ignore this post too... I hope we can find a solution soon :/
ccelik97 said:
You know I've just realized that doing exactly what's written on Google's page (that I've shared link of it) doesn't change my status too. My id is exactly what I've registered on the id registration page but no it stays uncertified so you can ignore this post too... I hope we can find a solution soon :/
Click to expand...
Click to collapse
I think the display will always stay on "not certified", but you are atill able to use the Google services (which unregistered custom ROM users are not any more, if I understood correctly).
This is just a guess on my side, I have not tested this (and I can't since I added all kinds of IDs to that registration page ...).
All in all the information flow from Google on this topic has been spectacularly bad, imho.
When I register my GSF id, its not saved or a different number is display, see my correct I'd in the enter field vs ones registered.
image45 said:
When I register my GSF id, its not saved or a different number is display, see my correct I'd in the enter field vs ones registered.
Click to expand...
Click to collapse
That's because you entered it in hex format, it gets converted into decimal.
Also, don't post your id here ... Not sure what happens if other people register your id with their Google account.
muff99 said:
That's because you entered it in hex format, it gets converted into decimal.
Also, don't post your id here ... Not sure what happens if other people register your id with their Google account.
Click to expand...
Click to collapse
Do I need to convert it or is that an accepted way to submit the information please?
If I try to resubmit it advises already registered.