Not getting ssecurity
yohihoy opened this issue · comments
request.py", line 38, in login
self.ssecurity = data["ssecurity"]
And the same for nonce, which is part of url
request.py", line 43, in login
self.nonce = data["nonce"]
KeyError: 'nonce'
confirmed
And the same for nonce, which is part of url
request.py", line 43, in login
self.nonce = data["nonce"]
KeyError: 'nonce'
Sir, You Find "nonce" in the "auth" section can you refer to this here the main problem was we can't find "ssecurity" can anyone show how to solve this error.
confirmed. PRs welcome.
Also nonce is now a base64 whereas it was a long
Okay, it seems that the issue is partially a form of rate limiting designed to stop people like me, and partially a real API change
After a successful interactive authentication, the official client visits: _json=true&callback=https%3A%2F%2Faccount.xiaomi.com&sid=passport&qs=%253Fsid%253Dpassport%2526json%253Dfalse%2526passive%253Dtrue%2526hidden%253Dfalse%2526_snsDefault%253Dfacebook%2526_locale%253Den&_sign=2%26V1_passport%26O3CI2mWi6BiCSNAR7hRK9CatpIw%3D&serviceParam=%7B%22checkSafePhone%22%3Afalse%7D&user=%2B4915902868822&hash=AC91FB26425A26BD1C70EECC040F53F9&cc=%2B49&log=%7B%22title%22%3A%22dataCenterZone%22%2C%22message%22%3A%22Singapore%22%7D%7B%22title%22%3A%22locale%22%2C%22message%22%3A%22en%22%7D%7B%22title%22%3A%22env%22%2C%22message%22%3A%22release%22%7D%7B%22title%22%3A%22browser%22%2C%22message%22%3A%7B%22name%22%3A%22miNative%2F1.0%22%2C%22version%22%3A0%7D%7D%7B%22title%22%3A%22search%22%2C%22message%22%3A%22%3Fsid%3Dpassport%26json%3Dfalse%26passive%3Dtrue%26hidden%3Dfalse%26_snsDefault%3Dfacebook%26_locale%3Den%22%7D%7B%22title%22%3A%22DefaultRegion%22%2C%22message%22%3A%7B%22B%22%3A%22DE%22%2C%22C%22%3A%22Germany%22%2C%22N%22%3A%22%2B49%22%7D%7D%7B%22title%22%3A%22outerlinkDone%22%2C%22message%22%3A%22done%22%7D%7B%22title%22%3A%22addInputChange%22%2C%22message%22%3A%22userName%22%7D
This responds with: &&&START&&&{"notificationUrl":"","qs":"%3Fsid%3Dpassport%26json%3Dfalse%26passive%3Dtrue%26hidden%3Dfalse%26_snsDefault%3Dfacebook%26_locale%3Den","code":0,"ssecurity":"hT3JWCaguqZ9KuvnYcQ5tA==","passToken":"V1:CKrAhWNpiBsvOsUotVDOnKC/Kie+SgQo3W0P+7P1XSXEFV7xLofHUWZDgUDSDyCIT/cdvgt74h7OWg0qraJPECxG3To4V0m8L+hrt+u6LLcJiAjje40Guw0dUshA/rlHNc3y7hx92l3/zs63OVY6aSptGusEbrxQ3st8I0XSwZwbY0z82Sp9jGXXiB2CLsR49lDd5NXw0pTObuFXs6Dnvi66/VFsOTQntSK9bSflTFbiwTyJ7TTFF1TNSDOW98cy9MUIFoD8UeZVJSc0RB+iIg==","securityStatus":0,"nonce":2554497135227156480,"userId":6244464082,"cUserId":"xL5h-AlikMAFl34C8XVpDEJmsFA","psecurity":"M9gcUnysKR6cMIys3GWX/A==","captchaUrl":null,"location":"https://account.xiaomi.com/?pwd=1&d=wb_e36ebddf-d2cd-4fb2-a832-b68d8b0720e5&p_ts=1569065324000&p_lm=1&auth=2%26V1_passport%26QOIvtjbDKwTbz6M0P6p2lLRDZk59U2qXl8ZluhuAXc5i3j0z6IyXWqAFHiDx9bjGSnDgipQTdwDX7W5PbKUVJw62%2BuMuc6TPaKqOpZ10aHNvZuJrX42hTKtTh39%2ByMbDOQkWqdFNR8Lumqje6RYN7j6%2Bw%2Fy0srOtEqaewByERNI%3D&m=1&nonce=Ju%2BwqYY4LcIBjwiw&_ssign=2%26V1_passport%26ICaII%2FzcOzK4BO2xgBUlrGqTCxE%3D","pwd":1,"desc":"成功"}, which contains an ssecurity. Attempting to reproduce this in my browser, I was able to get an ssecurity token. I pasted it into my tool, but got an error due to some change somewhere (not the point). However, when attempting to get a new token, the ssecurity field was gone! Now, I cannot get an ssecurity from any sid.
In my tests, I got: &&&START&&&{"notificationUrl":"","qs":"%3Fsid%3Dpassport%26_json%3Dtrue%26passive%3Dtrue%26hidden%3Dfalse","code":0,"ssecurity":"Nju1LxC2HDpL78dKV4jU/w==","passToken":"V1:CKrAhWNpiBsvOsUotVDOnKP7SiewttiyVXuGAZcqfJsBVxuL8BRVTX7ZJ9nc5HBoo5ViE0VlGF8wwzmEBq30MiTMMpAys9PFwwHpVc8byIhM0ivk4X2vEF/WIPnWY2lsa29e8Utwf1UlmfAAW7V8IGP05cxGbPmYZhof0BjWBs6ZD1RD9PGOnSMZlc9CFc8JHYHOl5rGVbC9y4KV4GkRMX2ISHStTx3Rg2VnmIsbtimJJalY4h3QoiL7n+zz7UurBOLTfkFacq45m6cqUN+Sew==","securityStatus":0,"nonce":3058936929604300800,"userId":6205053152,"cUserId":"tA29A8Sa1Sw-o-P18V1VrzFLs3w","psecurity":"npUkKCzXyODpBEouDSdroA==","captchaUrl":null,"location":"https://account.xiaomi.com/?pwd=0&d=wb_727f505e-317a-4f79-bc69-97e3761cca71&tsl=0&p_ts=1560884313000&p_lm=1&auth=2%26V1_passport%26HP%2BLNYrXfJfZxA3g%2F9v8MTeQj0ihQmmy3GBfLl6zWjzRIs1eqTUMSQGvfSXSnkOU1lC5RiuF%2BkxzJzT888LLlFYFaZPm3LKikSz1i8Io%2Fv6wr%2FGoHOUto6LYXV11zsHh4iGgNFGu0RKl%2BhnTtdne0h23xOIoY4oE05BoWcNByNc%3D&m=1&nonce=279NLwovnoMBjwlW&_ssign=2%26V1_passport%26eulES7vhU9WaMiE0HAYIXFjnqYI%3D","pwd":1,"desc":"成功"}
Are you still working on this @penn5? I'm looking forward to see your works man! Thank you so much for doing this bro.
No I'm waiting for someone to PR a fix, or tell me exactly what changed and how to fix it
Hello PEnn! how run main?)) pls hm
You could review my PR
OK, I have a totally bricked Redmi K20 Pro (no EDL points as they are scratched, no recovery as it says "System has been destroyed" and my phone wasn't added to my account before I bricked it, stupid me).
I tried a million methods, even asked Xiaomi to add my phone to my account manually and they refused.
I tried this script and it failed with the known "ssecurity" issue.
Then I tried again, but instead of copying the address to the browser I ran MiUnlock, and copied the "&&&START&&& part from MiUnlock log file as soon as I got an error from MiUnlock.
The result was the same with MiUnlock (device not added to Mi Account), but it went through the ssecurity part successully.
So, what I'm trying to say is, the code works as long as the device is bound to the account, but the &&&START&&& part should be copied from the log file of MiUnlock instead (seconds after it is ran in the MiUnlock app, as the login session should have time out).
So, what I'm trying to say is, the code works as long as the device is bound to the account, but the &&&START&&& part should be copied from the log file of MiUnlock instead (seconds after it is ran in the MiUnlock app, as the login session should have time out).
It is surely a valid solution, but I think that this script could be particularly useful to people that could not run MiUnlock to unlock their BL (and so they can't access the token from there).
Indees, in my case, I've no windows PC, just an Ubuntu one.
Last year I proposed a PR that fixed this issue but I don't know if it still works by now.
yes, I tried that one too. Due to the changes in their unlock system it still gets the ssecurity message. The only way I could get past that was to copy the code from the log file. I just wish there was a way to add my device to the account somehow...
I'm received token from sever.
How to unlock device using fastboot binary?
I'm tried fastboot oem unlock <encrypted data>
But it does not work.
It's written somewhere in this repo.
…
On Wed, 25 May 2022, 11:01 Rohit Verma, @.> wrote: I'm received token from sever. How to unlock device using fastboot binary? I'm tried fastboot oem unlock But it does not work. — Reply to this email directly, view it on GitHub <#3 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABKXNQUGQJEXLNV4CTSIAPLVLX27ZANCNFSM4ILC5Q4Q . You are receiving this because you are subscribed to this thread.Message ID: @.>
where?
fastboot oem unlock 2A865DB4D4C10C57ED5006E7178B7B7B22EE67F13922D5229F5E6F9549FF84FCAA2205041E99E046691F771BF86D5924C38EC6D5E970412185418EF622B2D6BC8BF4E184915FD97A42E569B62441CC4609D96FBDB47581CEF483A81502ED3E455351AA692F8C85F86F58209775118CDE7DDFD0A60FDE00BC110022C5F17AA665275F968B89C6C90E6E39D642A31B6BB35FAB89FFFA4B82D4BE21A2D2FB6B0C464CF0E9C8CB305226F8E8DBAF467494E675BCE6A85C0EE13911059D8B927123BE3F5566DC4BD152DB45694DDBE94C79215E92D5ADAA8C4CEB2CC51837F4BCF23EE79FB7D06BBBA591BCECF7BE56C706886............XXXXX
It gives me error:
FAILED (Command length to RawCommand() is too long) fastboot: error: Command failed
That isn't the unlock token.
…
On Wed, 25 May 2022, 12:45 Rohit Verma, @.> wrote: fastboot oem unlock 2A865DB4D4C10C57ED5006E7178B7B7B22EE67F13922D5229F5E6F9549FF84FCAA2205041E99E046691F771BF86D5924C38EC6D5E970412185418EF622B2D6BC8BF4E184915FD97A42E569B62441CC4609D96FBDB47581CEF483A81502ED3E455351AA692F8C85F86F58209775118CDE7DDFD0A60FDE00BC110022C5F17AA665275F968B89C6C90E6E39D642A31B6BB35FAB89FFFA4B82D4BE21A2D2FB6B0C464CF0E9C8CB305226F8E8DBAF467494E675BCE6A85C0EE13911059D8B927123BE3F5566DC4BD152DB45694DDBE94C79215E92D5ADAA8C4CEB2CC51837F4BCF23EE79FB7D06BBBA591BCECF7BE56C706886............XXXXX It gives me error FAILED (Command length to RawCommand() is too long) fastboot: error: Command failed — Reply to this email directly, view it on GitHub <#3 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABKXNQTOTVIFYT233SJG5DLVLYHE5ANCNFSM4ILC5Q4Q . You are receiving this because you are subscribed to this thread.Message ID: @.>
Received this from server!
That isn't the unlock token.
…
On Wed, 25 May 2022, 12:45 Rohit Verma, @.> wrote: fastboot oem unlock 2A865DB4D4C10C57ED5006E7178B7B7B22EE67F13922D5229F5E6F9549FF84FCAA2205041E99E046691F771BF86D5924C38EC6D5E970412185418EF622B2D6BC8BF4E184915FD97A42E569B62441CC4609D96FBDB47581CEF483A81502ED3E455351AA692F8C85F86F58209775118CDE7DDFD0A60FDE00BC110022C5F17AA665275F968B89C6C90E6E39D642A31B6BB35FAB89FFFA4B82D4BE21A2D2FB6B0C464CF0E9C8CB305226F8E8DBAF467494E675BCE6A85C0EE13911059D8B927123BE3F5566DC4BD152DB45694DDBE94C79215E92D5ADAA8C4CEB2CC51837F4BCF23EE79FB7D06BBBA591BCECF7BE56C706886............XXXXX It gives me error FAILED (Command length to RawCommand() is too long) fastboot: error: Command failed — Reply to this email directly, view it on GitHub <#3 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABKXNQTOTVIFYT233SJG5DLVLYHE5ANCNFSM4ILC5Q4Q . You are receiving this because you are subscribed to this thread.Message ID: _@**.**_>
echo "2A865DB4D4C10C57ED5006E7178B7B7B2...." | xxd -r -p >signed_token
fastboot oem unlock signed_token