HyperSploit icon indicating copy to clipboard operation
HyperSploit copied to clipboard
verified publisher icon TheAirBlow

Error 86015: Invalid device signature

Open JSmaler opened this issue 10 months ago • 6 comments

Hey, i was just trying this tool, and have run into the "Error 86015: Invalid device signature", which appears to be undocumented.

I assume this may be because I am on an older OS version than intended (MIUI 14.0.11), but as the project does nowhere state what version is required, and older versions tend to be more permissive, I still tried.

If my assumption is correct, it would probably be good to note this version requirement directly in the readme.md.

Below is the entire terminal output of the program running under fedora 41. ADB and fastboot work on this system, and the program does appear to interface with the device correctly. I have not yet tried to run the app with sudo, as I do have some reservations about giving apps that don't need it sudo.

jkr@framework-16:~/Documents/dev/hyperSploit$ ./HyperSploit-Linux 
  _   _                                 ____            _           _   _   
 | | | |  _   _   _ __     ___   _ __  / ___|   _ __   | |   ___   (_) | |_ 
 | |_| | | | | | | '_ \   / _ \ | '__| \___ \  | '_ \  | |  / _ \  | | | __|
 |  _  | | |_| | | |_) | |  __/ | |     ___) | | |_) | | | | (_) | | | | |_ 
 |_| |_|  \__, | | .__/   \___| |_|    |____/  | .__/  |_|  \___/  |_|  \__|
          |___/  |_|                           |_|                          
Welcome to HyperSploit v1.0 by TheAirBlow!
You chose 23043RP34G codename pipa!
Is this device from Mainland China? [y/n] (n): n
Open Mi Unlock Status and attempt to bind account
Disabling mobile internet, taking over!
Successfully decrypted arguments and headers!
Sending account bind request impersonating MIUI 14...
Error 86015: Invalid device signature
Would you like to run HyperSploit on another device? [y/n] (n): n

JSmaler avatar Mar 20 '25 20:03 JSmaler

Yeah, that may be the case as another user has reported that updating helped.

Does it work out of the box? Can you dump your settings APK and send it here?

TheAirBlow avatar Mar 21 '25 03:03 TheAirBlow

I don't quite know what you mean with "out of the box". If you mean the function of the program, then yes.

As for the APK, I will try to dump it, but I have little know-how with android, in fact, I do all this to replace it, so this may take some time for me to figure out.

JSmaler avatar Mar 21 '25 17:03 JSmaler

As for the APK, turns out that isn't as hard as I feared, here's the "MISettingsPad.apk".

JSmaler avatar Mar 21 '25 18:03 JSmaler

Sorry, by "out of the box" I meant if it works without the tool.

TheAirBlow avatar Mar 21 '25 19:03 TheAirBlow

Well, no. If Xiaomi's systems worked, I would not have started to look for some way to circumnavigate them.

also, do you know what the "device signature" is actually referring to here? Is this some per-device identification signature, or is this something else altogether?

JSmaler avatar Mar 21 '25 19:03 JSmaler

The request has a ton of xiaomi account stuff and other shenanigans, like the device signature generated by the Security Center (from what I remember when I was reverse-engineering the whole thing locally)

Does it tell you to go to Mi Community or does it result in some other unexpected error?

TheAirBlow avatar Apr 01 '25 21:04 TheAirBlow