Overview

This Python script automates the binding of a Xiaomi device to a Mi account, a critical step in unlocking the bootloader using the Mi Unlock tool. It leverages ADB (Android Debug Bridge) to interact with an Android device, capturing and decrypting data from logcat, modifying it to bypass restrictions (e.g., for HyperOS), and sending a signed request to Xiaomi's unlock server. The script is designed to streamline the process, handle region-specific differences (global or China), and provide user-friendly feedback through logging.

Key functionalities include:

• Ensuring necessary tools and dependencies are available (ADB, Python libraries).
• Detecting the device and its region via ADB.
• Capturing encrypted account binding data from logcat and decrypting it.
• Bypassing HyperOS restrictions by altering ROM version data.
• Sending a secure request to Xiaomi’s unlock server to complete the binding. The script is intended for users familiar with basic device management and requires an Android device with USB debugging enabled.

Key Components

Here’s a detailed breakdown of the script’s main components and their roles:

1. Dependencies and Setup
   • Purpose: Ensures the script has all required tools and libraries. Functions:
   • install_dependencies(): Checks for and installs Python libraries (pycryptodomex for AES encryption/decryption and requests for HTTP requests) using pip if they’re missing.
   • download_platform_tools(os_type): Downloads and extracts Android platform-tools (containing ADB) based on the operating system (Windows, Linux, or macOS), storing them locally if not already present.
   • Details: Uses urllib.request for downloading and zipfile for extraction. The ADB path is returned for subsequent use.
2. Device Connection and Region Detection
   • Purpose: Confirms a device is connected and identifies its region (global or China). Functions:
   • check_device_connected(adb_path): Repeatedly checks ADB for a connected device (up to 5 retries) using the get-state command.
   • get_device_region(adb_path): Queries the ro.product.mod_device property via ADB to determine if the device is a global or China variant (e.g., _global in the property indicates a global device).
   • Details: Region detection determines the appropriate unlock server URL (UNLOCK_URLS).
3. ADB Command Execution
   • Purpose: Prepares the device for capturing binding data.
   • Function: execute_adb_commands(adb_path) Actions:
   • Clears logcat (logcat -c).
   • Disables Wi-Fi (svc wifi disable) and enables mobile data (svc data enable).
   • Opens the Developer Options settings screen (am start ...).
   • Details: These commands set up the device for the user to manually bind their Mi account in the "Mi Unlock status" settings.
4. Logcat Capture and Decryption
   • Purpose: Captures and processes encrypted data from the device during account binding. Functions:
   • capture_logcat(adb_path): Monitors logcat for CloudDeviceStatus entries containing encrypted args and headers, polling for up to 5 minutes.
   • decrypt_data(args, headers): Decrypts the captured data using AES-CBC with hardcoded keys (AES_KEY, AES_IV) and extracts a session cookie.
   • Details: Uses Cryptodome.Cipher.AES for decryption. If decryption fails, it suggests downgrading the Settings app and exits.
5. HyperOS Restriction Bypass
   • Purpose: Modifies ROM version data to avoid HyperOS-specific unlocking restrictions.
   • Function: bypass_hyperos_restriction(data)
   • Action: Checks if the rom_version starts with V816 (indicating HyperOS) and replaces it with V14 to bypass potential server-side blocks.
   • Details: Logs the original and modified versions for transparency.
6. Request to Unlock Server
   • Purpose: Sends a signed request to Xiaomi’s server to bind the account. Functions:
   • generate_signature(data): Creates an HMAC-SHA1 signature using a hardcoded key (HMAC_KEY) for request authentication.
   • send_unlock_request(url, data, headers): Sends a POST request to the region-specific unlock server (UNLOCK_URLS) with the decrypted data, signature, and headers.
   • Details: Uses the requests library. Handles responses, interpreting codes like 0 (success), 401 (expired parameters), or 30001 (device verification required).
7. Logging and User Feedback
   • Purpose: Provides consistent feedback and instructions to the user.
   • Implementation: Uses Python’s logging module with an INFO level and a custom format (%(levelname)s: %(message)s). Details: Logs key steps, errors, and success messages. Includes contact info (GitHub, Instagram) for support and waits for user input on Windows before exiting.
8. Main Execution Flow
   • Function: main()
   • Purpose: Orchestrates the entire process.

Steps:

1. Installs dependencies and downloads platform-tools.
2. Verifies device connection and region.
3. Executes ADB commands and captures logcat data.
4. Decrypts data, applies the HyperOS bypass, and sends the unlock request.
5. Interprets and logs the server’s response.

• Details: Exits with an error if no device is detected or data capture fails.

Final Words

This script provides a robust, automated solution for binding a Xiaomi device to a Mi account, addressing common challenges like HyperOS restrictions and region-specific server interactions. It’s user-friendly yet requires careful use due to its reliance on hardcoded cryptographic keys and direct device manipulation.