GSM-Forum - View Single Post

KrzychuG · 08-19-2021, 17:40

Are you sure? At some point, i was analyzing the behavior of Find My Phone app on Qualcomm Xiaomi devices, and noticed that they do read some stuff from RPMB, right before it disabled ADB and locked the phone. I assumed it was a serial number or something that is used to identify the phone on Xiaomi servers, then apply the lock if server says so.

Blocking find my phone specific hosts prevented this from happening. It was possible to wipe the whole device, then restore if from firmware file, and it would still lock so the information required to identify the device has to be stored in some place that you can't access with EDL (for Qualcomm device) mode, and it has to be unique for each device.

08-19-2021, 17:40	#64 (permalink)
KrzychuG No Life Poster Join Date: Apr 2003 Location: Torun, Poland Age: 40 Posts: 1,195 Member: 25996 Status: Offline Thanks Meter: 253	Are you sure? At some point, i was analyzing the behavior of Find My Phone app on Qualcomm Xiaomi devices, and noticed that they do read some stuff from RPMB, right before it disabled ADB and locked the phone. I assumed it was a serial number or something that is used to identify the phone on Xiaomi servers, then apply the lock if server says so. Blocking find my phone specific hosts prevented this from happening. It was possible to wipe the whole device, then restore if from firmware file, and it would still lock so the information required to identify the device has to be stored in some place that you can't access with EDL (for Qualcomm device) mode, and it has to be unique for each device.