Guide: Reverse-engineering Xiaomi OTA Updates to Find Unreleased Versions

[duraaraa]

I was able to find the first MIUI 9 Stable (non-developer) global build for Mix 2.
http://bigota.d.miui.com/V9.1.1.0.NDEMIEI/miui_MIMIX2Global_V9.1.1.0.NDEMIEI_232bee13eb_7.1.zip

Caveat is, I think it's actually older than the most recent developer build.

 

[Ulver]

I was able to find the first MIUI 9 Stable (non-developer) global build for Mix 2.
http://bigota.d.miui.com/V9.1.1.0.NDEMIEI/miui_MIMIX2Global_V9.1.1.0.NDEMIEI_232bee13eb_7.1.zip

Caveat is, I think it's actually older than the most recent developer build.

The global dev builds will always be newer and include the most recent bug fixes and security patches, so that's no surprise the stable was built before any of the recent developer ROMs.

Sent from my Mi MIX 2 using Tapatalk

---------- Post added at 08:28 PM ---------- Previous post was at 08:26 PM ----------

Has anyone tried this stable global MIUI 9?

Sent from my Mi MIX 2 using Tapatalk

 

[shalva131]

@duraaraa you can get me link Redmi note 4 QUALCOMM global dev rom daily update? (no weekly)

 

[ni554n]

Can you please look into the Mi 6 (Sagit) version for any upcoming Global Stable release?
Current stable version is: 9.0.1.0(NCAMIEI).

It will be very helpful because there is a critical display / touch response bug fix in Global Beta, but it's not added with the latest stable MIUI9 update.

 

[Dobsgw]

Can you please look into the Mi 6 (Sagit) version for any upcoming Global Stable release?
Current stable version is: 9.0.1.0(NCAMIEI).

It will be very helpful because there is a critical display / touch response bug fix in Global Beta, but it's not added with the latest stable MIUI9 update.

So the touch fix is applied now?

Yes we desperately need those updates haha.

Someone on the Miui forum has shown an update they got by OTA for 9.0.5.0 now. So updates are happening even on stable.

Something like this thread on the Mi 6 forum would be good.

Also a slight issue will be that XDA just posted this on their analysis page so there's a chance Xiaomi sees this and shuts it down before we get anywhere....

 

[felipecassiors]

This would be very nice if works to Xiaomi Mi Box (an forgotten device)

 

[Vihru]

This would be very nice if works to Xiaomi Mi Box (an forgotten device)

yeah like newest beta for mi box 3..

 

[duraaraa]

@duraaraa you can get me link Redmi note 4 QUALCOMM global dev rom daily update? (no weekly)

I only have a Mi Mix 2 so I will only be looking for Mi Mix 2 ROMS.
That being said the first post has all the information you need to go look for other ROMs yourself.

 

[abhishek 9650]

Great work... I am working on a python based script to automate the whole process.... Posting on GitHub soon!

 

[zainifame]

How can i found incremental global dev update with easy version method, i was try but no luck, trying to find incremental global dev 7.10.6, android M, device "land"

 

[badmaan]

This is my first miui device, using miflash, I cant select the .zip file as it's not a fastboot image.
How did you manage to flash the .zip with fastboot flashing ?

You can't flash recovery zip via MiFlash.

 

[j1505243]

@duraaraa
Could you look at unreleased msm8996 "gold" codename and msm8998 "centaur" devices? Found them mentioned in the libs of a few devices.

 

[duraaraa]

@duraaraa
Could you look at unreleased msm8996 "gold" codename and msm8998 "centaur" devices? Found them mentioned in the libs of a few devices.

Please check the first post. I don't have any other tricks. I gave you the best fishing pole I could, so please catch the fish yourself
I wish I had time, but apart from Mix 2, I don't really have the time or interest to look for other devices.

 

[yshalsager]

Here is Mi Max 32GB hydrogen
http://bigota.d.miui.com/7.9.21/miui_MIMAX_7.9.21_eaee37532e_7.0.zip

 

[felipecassiors]

yeah like newest beta for mi box 3..

I'm searching day n night about new nougat beta for mi box... Is this new beta v1035 or v1028?

Sent from my OnePlus 3T using XDA Labs

 

[duraaraa]

Apparently Xiaomi has disable method 1.
Method 2 will still work (and probably can't be disabled without a lot of trouble from Xiaomi).

 

[j1505243]

Apparently Xiaomi has disable method 1.
Method 2 will still work (and probably can't be disabled without a lot of trouble from Xiaomi).

They seem to really fix a bug Never knew Xiaomi is so capable xD /s

 

[punkmonkey1984]

@duraaraa Can you have a look for the new global beta (7.11.23) as it contains the new notification layout. Thank you.

 

[twu2]

I don't know why the pythod code is not working in my environment (can't decrypt the result correctly), so I write the code using php to do this.

<?php

$cipher = 'rijndael-128';
$mode = 'cbc';
$miui_key = 'miuiotavalided11';
$miui_iv = '0102030405060708';

function miui_decrypt($s)
{
    global $cipher, $mode, $miui_key, $miui_iv;

    $td = mcrypt_module_open($cipher, '', $mode, '');
    mcrypt_generic_init($td, $miui_key, $miui_iv);
    $decrypted = mdecrypt_generic($td, base64_decode($s));
    mcrypt_generic_deinit($td);
    mcrypt_module_close($td);
    $pos = strrpos($decrypted, '}');
    if ($pos !== false)
        return substr($decrypted, 0, $pos + 1);
    return $decrypted;
}

function miui_encrypt($s)
{
    global $cipher, $mode, $miui_key, $miui_iv;

    $td = mcrypt_module_open($cipher, '', $mode, '');
    mcrypt_generic_init($td, $miui_key, $miui_iv);
    $bs = mcrypt_get_block_size($cipher, $mode);
    $n = $bs - (strlen($s) % $bs);
    while ($bs - (strlen($s) % $bs) != $bs)
        $s .= chr($n);
    $encrypted = base64_encode(mcrypt_generic($td, $s));
    mcrypt_generic_deinit($td);
    mcrypt_module_close($td);
    return $encrypted;
}

$checkurl = 'http://update.miui.com/updates/miotaV3.php';

$device_data = array(
    "a" => "0", # Don't know what this is.
    "c" => "7.0", # Same as 'c' above, it's the Android version.
    "b" => "F", # Same as above, 'X' for weekly build.
    "d" => "mido_global", # The device name, same as above, chiron for Chinese, chiron_global for global.
    "g" => "00000000000000000000000000000000", # This seems to be the android_id of the device. Maybe encoded somehow.
    "cts" => "0", # I don't know what this is.
    "i" => "0000000000000000000000000000000000000000000000000000000000000000", # This seems to be the imei of the device, obviously encoded somehow.
    "isR" => "0", # I don't know what this is.
    "f" => "1", # I don't know what this is.
    "l" => "en_US", # The locale.
    "n" => "",  # I don't know what this parameter is
    "sys" => "0", # I don't know what this is.
    "p" => "msm8953", # The chipset
    "unlock" => "1",  # 1 means bootloader is unlocked. 0 means locked.
    "r" => "CN", # I don't know what this is, maybe region of device?
    "sn" => "0x00000000", # Probably the serial number of the device, maybe encoded somehow.
    "v" => "MIUI-V9.0.5.0.NCFMIEI", # The version of MIUI installed.
    "bv" => "9", # I don't know what this is.
    "id" => "", # I don't' know what this is.
);

$js = json_encode($device_data);

$postdata = "q=".urlencode(miui_encrypt($js))."&t=&s=1";

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $checkurl);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata);
$data = curl_exec($curl);
if ($data === false) {
    echo "*** curl_exec() failed: ".curl_errno($curl)." => ".curl_error($curl)."\n";
    curl_close($curl);
    exit;
}

$r = miui_decrypt($data);
$result = json_decode($r);
print_r($result);

exit;

the above code is for Redmi Note 4X, get the current stable nightly version V9.0.5.0.NCFMIEI => miui_HMNote4XGlobal_V9.0.5.0.NCFMIEI_d6176de291_7.0.zip

 

[jr313]

@duraaraa were you able to figure this out? Will we be seeing a funkyxiaomi maybe in the near future?

Sent from my [device_name] using XDA-Developers Legacy app