How To Guide Root POCO M4 Pro 4G (fleur) using Magisk

Search This thread
Rooting the POCO M4 Pro 4G (fleur) turned out to be quite straightforward. Note, I have a 2201117PG (EEA), you may have a different experience, it's not my fault if you brick your phone etc. Backup before you start as this will wipe your phone.

The process can be broken down into 4 steps:
  1. Unlock Bootloader
  2. Source boot.img
  3. Patch boot.img (using Magisk)
  4. Flash patched boot.img (using adb)



1. Unlock Bootloader​

Note: This step will wipe your phone.

This can be done using the official tool from MIUI, using MediatekBootloaderUnlock (Windows 10/11), or using mtkclient (Any OS but requires Python). I will explain the mtkclient option as I'm on Linux and don't trust MIUI with more personal data than I have to.

Step-by-step (adapted from this How to Guide):
  • Install mtkclient and its dependencies (easier if familiar with installing python packages etc., straightforward for me on Linux)
  • On your phone activate developer mode and turn on USB debugging and OEM unlocking
  • Turn off phone and disconnect from computer
  • In the directory where you installed mtkclient run:
    • python mtk e metadata,userdata,md_udc
      • This erases your data
      • At this point plug your phone in (still turned off)
    • python mtk da seccfg unlock
      • This unlocks the bootloader
    • python mtk reset
      • This reboots the phone
  • Disconnect USB cable and reboot phone
    • When it boots a message is displayed warning that dm-verity is corrupted. Click the power button to dismiss and continue booting.

2. Source boot.img​

Note: if your MIUI version (Available at: Settings -> About phone -> MIUI version) has a "Fastboot" file listed here then you can download that file and unzip it to find the boot.img and vbmeta.img, then skip to step 3.

Otherwise you'll have to extract them from the official MIUI firmware package using payload_dumper as follows.

Step-by-step:
  • Download the firmware package for your device (you can check what version you need in Settings -> About phone -> MIUI version (For POCO))
  • Extract the .zip and find the payload.bin file
  • Download the payload dumper, extract the zip, and place the payload.bin file in the payload_dumper folder
  • In the payload_dumper directory run:
    • python payload_dumper.py payload.bin
  • This will extract lots of files from the firmware package. You only need to keep boot.img and vbmeta.img

3. Patch boot.img​

We need to patch the boot.img to give it root powers. We do this on the phone using Magisk.

Step-by-step (adapted from the Magisk installation instructions):
  • On your phone, download Magisk and install it
  • Connect your phone to your computer and put the boot.img you extracted on your phone somewhere
  • Open Magisk and in "Magisk" section tap "Install"
  • Choose the "Select and Patch a File" option and select your boot.img in the file browser and let Magisk patch it
  • Find the patched boot image in Downloads (called magisk_patched_*.img) and copy it to your computer in the same directory as the vbmeta.img we extracted earlier

4. Flash patched boot.img​

Finally we need to replace the current boot.img on the phone with our patched one that has root powers. This is called flashing and is done using adb.

Step-by-step:
  • Install the Android SDK platform tools which contains adb and fastboot
  • Install a USB driver that supports fastboot mode
  • Ensure your phone is connected, USB debugging is enabled and working, and OEM Unlocking is enabled
  • In the directory you copied the magisk_patched_*.img to run:
    • adb reboot bootloader
      • This reboots your phone into fastboot mode. Wait until "FASTBOOT" is displayed on the screen
    • fastboot flash boot magisk_patched_*.img
      • This flashes the patched boot.img to give you root
    • fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
      • This flashes the vbmeta.img, disabling the dm-verity corruption message at startup
  • Once it's done reboot your phone by pressing and holding the power button
That's all there is to it! This took me about an hour as I was working out all the steps as I've not rooted in a phone in nearly a decade - I reckon with a fast internet connection you could get it done in about 15 minutes.



Tidying up​

You can delete all the stuff you downloaded onto your computer and the boot.img and magisk_patched_*.img from your phone.

It's a good idea to disable automatic OTA updates (Settings -> Additional settings -> Developer options -> Automatic sytem updates) so that you can update through Magisk.

Some apps will be able to tell that you have rooted your phone, and may stop you from using them. You can check this by downloading YASNAC onto your phone and seeing if it passes. If not (which it won't) the most straightforward solution is to add the Universal SafetyNet Fix module to Magisk, then enable Zygisk in Magisk settings and restart your phone, which will be enough to pass SafetyNet Attestation. If they're clever and still detect the root then in Magisk toggle Enforce DenyList and add the problematic apps to the DenyList.



Updating Magisk
Note, it appears that updating Magisk (the system) through the Magisk app does not currently work on this device.

Normally you'd update the Magisk APK (in the app) then use it to update the Magisk system (via Direct Install in the app). This appears to work, but on reboot the Magisk system is still the old version and the "Requires Additional Setup. Reboot to continue." alert comes up.

The way to fix this is to uninstall the Magisk APK (not the Magisk system in the app) and reinstall the stable version of the APK, then "update" the Magisk system (in the app). This re-patches the boot.img and downgrades you back to the stable version.
 
Last edited:

MarkLev

Senior Member
Dec 24, 2019
84
80
Rooting the POCO M4 Pro 4G (fleur) turned out to be quite straightforward. Note, I have a 2201117PG (EEA), you may have a different experience, it's not my fault if you brick your phone etc.

The process can be broken down into 4 steps:
  1. Unlock Bootloader
  2. Source boot.img (using payload_dumper)
  3. Patch boot.img (using Magisk)
  4. Flash patched boot.img (using adb)



1. Unlock Bootloader​

This can be done using the official tool from MIUI or using mtkclient. I went for the mtkclient option as I don't want to send more of my personal data to MIUI than I have to.

Step-by-step (adapted from this How to Guide):
  • Install mtkclient and its dependencies (easier if familiar with installing python packages etc., straightforward for me on Linux)
  • On your phone activate developer mode and turn on USB debugging and OEM unlocking
  • Turn off phone and disconnect from computer
  • In the directory where you installed mtkclient run:
    • python mtk e metadata,userdata,md_udc
      • At this point plug your phone in (still turned off)
    • python mtk da seccfg unlock
    • python mtk reset
  • Disconnect USB cable and reboot phone
    • When it boots a message is displayed saying it is corrupted. Click the power button to dismiss and continue booting.

2. Source boot.img​

The boot.img needs to be extracted from the official MIUI firmware package using payload_dumper.

Step-by-step:
  • Download the firmware package for your device (you can check what version you need in Settings -> About phone -> MIUI version (For POCO)
  • Extract the .zip and find the payload.bin file
  • Download the payload dumper, extract the zip, and place the payload.bin file in the payload_dumper folder
  • In the payload_dumper directory run:
    • python payload_dumper.py payload.bin
  • This will extract lots of files from the firmware package. You only need to keep boot.img and vbmeta.img

3. Patch boot.img​

We need to patch the boot.img to give it root powers. We do this on the phone using Magisk.

Step-by-step (adapted from the Magisk installation instructions):
  • On your phone, download Magisk and install it
  • Connect your phone to your computer and put the boot.img you extracted on your phone somewhere
  • Open Magisk and in "Magisk" section tap "Install"
  • Choose the "Select and Patch a File" option and select your boot.img in the file browser and let Magisk patch it
  • Find the patched boot image in Downloads (called magisk_patched_*.img) and copy it to your computer in the same directory as the vbmeta.img we extracted earlier

4. Flash patched boot.img​

Finally we need to replace the current boot.img on the phone with our patched one that has root powers. This is called flashing and is done using adb.

Step-by-step:
  • Install the Android SDK platform tools which contains adb and fastboot
  • Install a USB driver that supports fastboot mode
  • Ensure your phone is connected, USB debugging is enabled and working, and OEM Unlocking is enabled
  • In the directory you copied the magisk_patched_*.img to run:
    • adb reboot bootloader
      • This reboots your phone into fastboot mode. Wait until "FASTBOOT" is displayed on the screen
    • fastboot flash boot magisk_patched_*.img
    • fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img
  • Once it's done reboot your phone by pressing and holding the power button
That's all there is to it! This took me about an hour as I was working out all the steps as I've not rooted in a phone in nearly a decade - I reckon with a fast internet connection you could get it done in about 15 minutes.



Tidying up​

You can delete all the stuff you downloaded onto your computer and the boot.img and magisk_patched_*.img from your phone.

It's a good idea to disable automatic OTA updates (Settings -> Additional settings -> Developer options -> Automatic sytem updates) so that you can update through Magisk.

Some apps will be able to tell that you have rooted your phone, and may stop you from using them. You can check this by downloading YASNAC onto your phone and seeing if it passes. If not (which it won't) the most straightforward solution is to add the Universal SafetyNet Fix module to Magisk, then enable Zygisk in Magisk settings and restart your phone, which will be enough to pass SafetyNet Attestation. If they're clever and still detect the root then in Magisk toggle Enforce DenyList and add the problematic apps to the DenyList.
Wow, Thank you very much!
Very details!
Will try it in my spare time.
 
  • Like
Reactions: aricooperdavis

Lark5

Member
Aug 11, 2015
10
13

aricooperdavis. hi!​

I buy phone Poco M4 Pro (4G) (fleur). Please help me get ROOT rights for this phone.
I do not have PYTHON, but I have mtkclient - the bootloader is unlocked, and there is an Android SDK for fastboot firmware.
Global 13.0.7.0 RKEMIXM now. You have 2 file 1.magisk_patched_*.img and 2. vbmeta.img for Global 13.0.7.0 ? Can I save them for download?

After unlocking the bootloader, using the mtkclient method, a new notification appeared
- dm-verity coruption
You device is corrupt/
It can't be trusted and may not work properly
Press power button to contime
Or, device will power off in 5 sec.
Always need PRESS POWER for contime again :( How to fix it?
 

Attachments

  • photo_2022-05-30_10-45-49.jpg
    photo_2022-05-30_10-45-49.jpg
    123 KB · Views: 44
  • Снимок.JPG
    Снимок.JPG
    18.6 KB · Views: 46
It sounds like you've done everything right so far.

Global 13.0.7.0 RKEMIXM now. You have 2 file 1.magisk_patched_*.img and 2. vbmeta.img for Global 13.0.7.0 ? Can I save them for download?

Sorry, I have the EEA firmware; RKEEUXM.

If you want to extract the boot.img and vbmeta.img from your firmware package you will have to install python. This is worth doing as installing updates in the future may require you to do this extraction process again.

Alternatively you may be able to use mtk to dump these images directly from the phone, but I don't have any experience with this. To perform updates this way you would have to completely unroot and relock the bootloader, update the firmware, then re-dump the new boot and vbmeta images and root again. I think just installing python is probably easier...

The error message you're seeing is dm-verity, and we disable this when flashing the vbmeta.img in step 4, which I've edited to clarify. You can see that we disable it in the final fastboot command:

fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img
  • This flashes the vbmeta.img, disabling the dm-verity corruption message at startup

Good luck with your rooting!
 
Last edited:

Lark5

Member
Aug 11, 2015
10
13
Unlock Bootloade and Root and RECOVERY for Poco M4 Pro (4G) with out Pyton (on Windows 10\11):

Unlock Bootloader:
1.Download the MediatekBootloaderUnlock archive. Unpack the archive ZIP.
2. Open the Driver folder and right-click the cdc-acm.inf file, select "Install"
3.Now go back to the main folder and install the USBDK (x64 for 64-bit OS, x86 for 32-bit OS) on your PC (also right click - install).
4. Reboot the PC.
5.Turn off the phone.
6.Run the UnlockBootloader.bat file to start the bootloader unlock process. We keep it on, it is in a state of response from the phone, if the firewood, the cable is connected, then everything is ok, I’ll tell you right away that it turned out 3 times.
7.Now connect the phone to the computer with a cable by holding down the volume up + down + power button. (If the volume up button doesn't work, try using volume up or volume up + volume down or all three hardware buttons) while the UnlockBootloader.bat file is open.
8.Once the phone is detected, some commands will be run in the UnlockBootloader.bat file. Let the commands finish and as soon as the window closes. Your bootloader will be unlocked.
BY THE WAY! - You can lock the bootloader again by following the same steps without clearing. Just use LockBootloader.bat with the same steps.

Root:
Downloading the official firmware for the phone, I took fleur_global_images_V13.0.7.0.RKEMIXM_20220419.0000.00_11.0_global (approximately 5.6GB in weight)
Unpacked it ZIP, pulled out 2 files from there fleur_global_images_V13.0.7.0.RKEMIXM_20220419.0000.00_11.0_global\images
boot.img and vbmeta.img

Downloaded Magisk STABLE Version: 24.3 - download on telephone, setup APP
Launch Magisk Manager. When a pop-up window appears asking you to install Magisk, select INSTALL and select install again.

Click on "Fix Boot Image File".
Connect your device to PC via USB cable. Make sure USB debugging is enabled.
Download ADB \ fastoot (I took tools_r29.0.6-windows)
Run CMD as Administrator
We write -
adb devices - the phone must be determined (QX ********* device - so all drivers are correct)
adb reboot bootloader - The phone reboots into fastboot mode - an inscription on the screen if dm-verity corruption messages appear - press POWER to continue
fastboot flash boot boot_PATCH.img (file name how to change)
fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img - will remove the inscription dm-verity corruption


OrangeFox-R11 RECOVERY:​

Download, and Run CMD as Administrator
We write -
fastboot flash boot XXXXNAMEXXXX.img
Flash !boot! not fastboot flash recovery XXXXNAMEXXXX.img
 

Attachments

  • 25691038.jpg
    25691038.jpg
    22 KB · Views: 36
  • MediatekBootloaderUnlock.rar
    53.5 MB · Views: 62
  • boot_PATCH.img
    64 MB · Views: 47
  • vbmeta.img
    4 KB · Views: 23
Well done, glad you've got it sorted!

To clarify, this essentially follows the same 4 steps outlined in my post but using different tools that don't require python:
  1. Unlock Bootloader
    - Used MediatekBootloaderUnlock rather than mtkclient
  2. Source boot.img
    - Managed to find the images online without having to extract them from a ROM. @Lark5, where?
  3. Patch boot.img (using Magisk)
    - Same
  4. Flash patched boot.img (using adb)
    - Same
I think there's also a custom recovery install too (OrangeFox [not yet officially supported]) at the end. I tend not to bother with custom recoveries as I stick with the stock MIUI ROM and a custom recovery would complicate applying OTA updates. However, if you wish to install a custom ROM (anything other than a stock MIUI signed boot.img) then a custom recovery would be necessary, and they can also facilitate taking device backups etc.
 
Last edited:
  • Like
Reactions: MarkLev

Lark5

Member
Aug 11, 2015
10
13
Well done, glad you've got it sorted!

To clarify, this essentially follows the same 4 steps outlined in my post but using different tools that don't require python:
  1. Unlock Bootloader
    - Used MediatekBootloaderUnlock rather than mtkclient
  2. Source boot.img
    - Managed to find the images online without having to extract them from a ROM. @Lark5, where?
  3. Patch boot.img (using Magisk)
    - Same
  4. Flash patched boot.img (using adb)
    - Same
I think there's also a custom recovery install too (OrangeFox). I tend not to bother, but it can be convenient.
2. Find ROM on this link: https://mirom.ezbox.idv.tw/en/phone/fleur/roms-global-stable/
Fastboot Download V13.0.7.0.RKEMIXM
Explanations:
For fastboot (~5.6Gb) - firmware version, just unzip the ZIP, inside there is boot.img and vbmeta
For recovery (-2.5Gb) needed to extract boot.img Through Pyton for example

thanks for the help aricooperdavis
 

Attachments

  • Снимок.JPG
    Снимок.JPG
    42.3 KB · Views: 16
Last edited:
  • Like
Reactions: MarkLev

Daafafagsgsgs

Member
Aug 5, 2020
11
1
Rooting the POCO M4 Pro 4G (fleur) turned out to be quite straightforward. Note, I have a 2201117PG (EEA), you may have a different experience, it's not my fault if you brick your phone etc. Backup before you start as this will wipe your phone.

The process can be broken down into 4 steps:
  1. Unlock Bootloader
  2. Source boot.img
  3. Patch boot.img (using Magisk)
  4. Flash patched boot.img (using adb)



1. Unlock Bootloader​

Note: This step will wipe your phone.

This can be done using the official tool from MIUI, using MediatekBootloaderUnlock (Windows 10/11), or using mtkclient (Any OS but requires Python). I will explain the mtkclient option as I'm on Linux and don't trust MIUI with more personal data than I have to.

Step-by-step (adapted from this How to Guide):
  • Install mtkclient and its dependencies (easier if familiar with installing python packages etc., straightforward for me on Linux)
  • On your phone activate developer mode and turn on USB debugging and OEM unlocking
  • Turn off phone and disconnect from computer
  • In the directory where you installed mtkclient run:
    • python mtk e metadata,userdata,md_udc
      • This erases your data
      • At this point plug your phone in (still turned off)
    • python mtk da seccfg unlock
      • This unlocks the bootloader
    • python mtk reset
      • This reboots the phone
  • Disconnect USB cable and reboot phone
    • When it boots a message is displayed warning that dm-verity is corrupted. Click the power button to dismiss and continue booting.

2. Source boot.img​

Note: if your MIUI version (Available at: Settings -> About phone -> MIUI version) has a "Fastboot" file listed here then you can download that file and unzip it to find the boot.img and vbmeta.img, then skip to step 3.

Otherwise you'll have to extract them from the official MIUI firmware package using payload_dumper as follows.

Step-by-step:
  • Download the firmware package for your device (you can check what version you need in Settings -> About phone -> MIUI version (For POCO))
  • Extract the .zip and find the payload.bin file
  • Download the payload dumper, extract the zip, and place the payload.bin file in the payload_dumper folder
  • In the payload_dumper directory run:
    • python payload_dumper.py payload.bin
  • This will extract lots of files from the firmware package. You only need to keep boot.img and vbmeta.img

3. Patch boot.img​

We need to patch the boot.img to give it root powers. We do this on the phone using Magisk.

Step-by-step (adapted from the Magisk installation instructions):
  • On your phone, download Magisk and install it
  • Connect your phone to your computer and put the boot.img you extracted on your phone somewhere
  • Open Magisk and in "Magisk" section tap "Install"
  • Choose the "Select and Patch a File" option and select your boot.img in the file browser and let Magisk patch it
  • Find the patched boot image in Downloads (called magisk_patched_*.img) and copy it to your computer in the same directory as the vbmeta.img we extracted earlier

4. Flash patched boot.img​

Finally we need to replace the current boot.img on the phone with our patched one that has root powers. This is called flashing and is done using adb.

Step-by-step:
  • Install the Android SDK platform tools which contains adb and fastboot
  • Install a USB driver that supports fastboot mode
  • Ensure your phone is connected, USB debugging is enabled and working, and OEM Unlocking is enabled
  • In the directory you copied the magisk_patched_*.img to run:
    • adb reboot bootloader
      • This reboots your phone into fastboot mode. Wait until "FASTBOOT" is displayed on the screen
    • fastboot flash boot magisk_patched_*.img
      • This flashes the patched boot.img to give you root
    • fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img
      • This flashes the vbmeta.img, disabling the dm-verity corruption message at startup
  • Once it's done reboot your phone by pressing and holding the power button
That's all there is to it! This took me about an hour as I was working out all the steps as I've not rooted in a phone in nearly a decade - I reckon with a fast internet connection you could get it done in about 15 minutes.



Tidying up​

You can delete all the stuff you downloaded onto your computer and the boot.img and magisk_patched_*.img from your phone.

It's a good idea to disable automatic OTA updates (Settings -> Additional settings -> Developer options -> Automatic sytem updates) so that you can update through Magisk.

Some apps will be able to tell that you have rooted your phone, and may stop you from using them. You can check this by downloading YASNAC onto your phone and seeing if it passes. If not (which it won't) the most straightforward solution is to add the Universal SafetyNet Fix module to Magisk, then enable Zygisk in Magisk settings and restart your phone, which will be enough to pass SafetyNet Attestation. If they're clever and still detect the root then in Magisk toggle Enforce DenyList and add the problematic apps to the DenyList.
When I gave this command fast boot flash dm verify it always unknown option in my cmd any solution ? can anybody help me??
 
When I gave this command fast boot flash dm verify it always unknown option in my cmd any solution ? can anybody help me??
Make sure you're copying the command exactly - it's fastboot rather than fast boot and verity not verify. Did you install the Android SDK platform tools that contain fastboot? You may need to restart after this install to make the command available in your command prompt/shell.
 

Daafafagsgsgs

Member
Aug 5, 2020
11
1

Attachments

  • IMG-20220610-WA0002.jpg
    IMG-20220610-WA0002.jpg
    131 KB · Views: 16

Daafafagsgsgs

Member
Aug 5, 2020
11
1
That's not an official version of fastboot, so it looks like it's missing the command you need. Download the proper Android SDK tools from Android (the same as the original link) and replace your "Minimal" version with it.
After many tries i found that the command given is wrong

fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img
This is given


It will be
fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img

I is Missing Now i have flashed vb meta and problem is solved with the fastboot version i have

By the way thanks
 
  • Like
Reactions: aricooperdavis

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    That's not an official version of fastboot, so it looks like it's missing the command you need. Download the proper Android SDK tools from Android (the same as the original link) and replace your "Minimal" version with it.
    After many tries i found that the command given is wrong

    fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img
    This is given


    It will be
    fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img

    I is Missing Now i have flashed vb meta and problem is solved with the fastboot version i have

    By the way thanks
  • 3
    Rooting the POCO M4 Pro 4G (fleur) turned out to be quite straightforward. Note, I have a 2201117PG (EEA), you may have a different experience, it's not my fault if you brick your phone etc. Backup before you start as this will wipe your phone.

    The process can be broken down into 4 steps:
    1. Unlock Bootloader
    2. Source boot.img
    3. Patch boot.img (using Magisk)
    4. Flash patched boot.img (using adb)



    1. Unlock Bootloader​

    Note: This step will wipe your phone.

    This can be done using the official tool from MIUI, using MediatekBootloaderUnlock (Windows 10/11), or using mtkclient (Any OS but requires Python). I will explain the mtkclient option as I'm on Linux and don't trust MIUI with more personal data than I have to.

    Step-by-step (adapted from this How to Guide):
    • Install mtkclient and its dependencies (easier if familiar with installing python packages etc., straightforward for me on Linux)
    • On your phone activate developer mode and turn on USB debugging and OEM unlocking
    • Turn off phone and disconnect from computer
    • In the directory where you installed mtkclient run:
      • python mtk e metadata,userdata,md_udc
        • This erases your data
        • At this point plug your phone in (still turned off)
      • python mtk da seccfg unlock
        • This unlocks the bootloader
      • python mtk reset
        • This reboots the phone
    • Disconnect USB cable and reboot phone
      • When it boots a message is displayed warning that dm-verity is corrupted. Click the power button to dismiss and continue booting.

    2. Source boot.img​

    Note: if your MIUI version (Available at: Settings -> About phone -> MIUI version) has a "Fastboot" file listed here then you can download that file and unzip it to find the boot.img and vbmeta.img, then skip to step 3.

    Otherwise you'll have to extract them from the official MIUI firmware package using payload_dumper as follows.

    Step-by-step:
    • Download the firmware package for your device (you can check what version you need in Settings -> About phone -> MIUI version (For POCO))
    • Extract the .zip and find the payload.bin file
    • Download the payload dumper, extract the zip, and place the payload.bin file in the payload_dumper folder
    • In the payload_dumper directory run:
      • python payload_dumper.py payload.bin
    • This will extract lots of files from the firmware package. You only need to keep boot.img and vbmeta.img

    3. Patch boot.img​

    We need to patch the boot.img to give it root powers. We do this on the phone using Magisk.

    Step-by-step (adapted from the Magisk installation instructions):
    • On your phone, download Magisk and install it
    • Connect your phone to your computer and put the boot.img you extracted on your phone somewhere
    • Open Magisk and in "Magisk" section tap "Install"
    • Choose the "Select and Patch a File" option and select your boot.img in the file browser and let Magisk patch it
    • Find the patched boot image in Downloads (called magisk_patched_*.img) and copy it to your computer in the same directory as the vbmeta.img we extracted earlier

    4. Flash patched boot.img​

    Finally we need to replace the current boot.img on the phone with our patched one that has root powers. This is called flashing and is done using adb.

    Step-by-step:
    • Install the Android SDK platform tools which contains adb and fastboot
    • Install a USB driver that supports fastboot mode
    • Ensure your phone is connected, USB debugging is enabled and working, and OEM Unlocking is enabled
    • In the directory you copied the magisk_patched_*.img to run:
      • adb reboot bootloader
        • This reboots your phone into fastboot mode. Wait until "FASTBOOT" is displayed on the screen
      • fastboot flash boot magisk_patched_*.img
        • This flashes the patched boot.img to give you root
      • fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
        • This flashes the vbmeta.img, disabling the dm-verity corruption message at startup
    • Once it's done reboot your phone by pressing and holding the power button
    That's all there is to it! This took me about an hour as I was working out all the steps as I've not rooted in a phone in nearly a decade - I reckon with a fast internet connection you could get it done in about 15 minutes.



    Tidying up​

    You can delete all the stuff you downloaded onto your computer and the boot.img and magisk_patched_*.img from your phone.

    It's a good idea to disable automatic OTA updates (Settings -> Additional settings -> Developer options -> Automatic sytem updates) so that you can update through Magisk.

    Some apps will be able to tell that you have rooted your phone, and may stop you from using them. You can check this by downloading YASNAC onto your phone and seeing if it passes. If not (which it won't) the most straightforward solution is to add the Universal SafetyNet Fix module to Magisk, then enable Zygisk in Magisk settings and restart your phone, which will be enough to pass SafetyNet Attestation. If they're clever and still detect the root then in Magisk toggle Enforce DenyList and add the problematic apps to the DenyList.



    Updating Magisk
    Note, it appears that updating Magisk (the system) through the Magisk app does not currently work on this device.

    Normally you'd update the Magisk APK (in the app) then use it to update the Magisk system (via Direct Install in the app). This appears to work, but on reboot the Magisk system is still the old version and the "Requires Additional Setup. Reboot to continue." alert comes up.

    The way to fix this is to uninstall the Magisk APK (not the Magisk system in the app) and reinstall the stable version of the APK, then "update" the Magisk system (in the app). This re-patches the boot.img and downgrades you back to the stable version.
    3
    Unlock Bootloade and Root and RECOVERY for Poco M4 Pro (4G) with out Pyton (on Windows 10\11):

    Unlock Bootloader:
    1.Download the MediatekBootloaderUnlock archive. Unpack the archive ZIP.
    2. Open the Driver folder and right-click the cdc-acm.inf file, select "Install"
    3.Now go back to the main folder and install the USBDK (x64 for 64-bit OS, x86 for 32-bit OS) on your PC (also right click - install).
    4. Reboot the PC.
    5.Turn off the phone.
    6.Run the UnlockBootloader.bat file to start the bootloader unlock process. We keep it on, it is in a state of response from the phone, if the firewood, the cable is connected, then everything is ok, I’ll tell you right away that it turned out 3 times.
    7.Now connect the phone to the computer with a cable by holding down the volume up + down + power button. (If the volume up button doesn't work, try using volume up or volume up + volume down or all three hardware buttons) while the UnlockBootloader.bat file is open.
    8.Once the phone is detected, some commands will be run in the UnlockBootloader.bat file. Let the commands finish and as soon as the window closes. Your bootloader will be unlocked.
    BY THE WAY! - You can lock the bootloader again by following the same steps without clearing. Just use LockBootloader.bat with the same steps.

    Root:
    Downloading the official firmware for the phone, I took fleur_global_images_V13.0.7.0.RKEMIXM_20220419.0000.00_11.0_global (approximately 5.6GB in weight)
    Unpacked it ZIP, pulled out 2 files from there fleur_global_images_V13.0.7.0.RKEMIXM_20220419.0000.00_11.0_global\images
    boot.img and vbmeta.img

    Downloaded Magisk STABLE Version: 24.3 - download on telephone, setup APP
    Launch Magisk Manager. When a pop-up window appears asking you to install Magisk, select INSTALL and select install again.

    Click on "Fix Boot Image File".
    Connect your device to PC via USB cable. Make sure USB debugging is enabled.
    Download ADB \ fastoot (I took tools_r29.0.6-windows)
    Run CMD as Administrator
    We write -
    adb devices - the phone must be determined (QX ********* device - so all drivers are correct)
    adb reboot bootloader - The phone reboots into fastboot mode - an inscription on the screen if dm-verity corruption messages appear - press POWER to continue
    fastboot flash boot boot_PATCH.img (file name how to change)
    fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img - will remove the inscription dm-verity corruption


    OrangeFox-R11 RECOVERY:​

    Download, and Run CMD as Administrator
    We write -
    fastboot flash boot XXXXNAMEXXXX.img
    Flash !boot! not fastboot flash recovery XXXXNAMEXXXX.img
    2
    Well done, glad you've got it sorted!

    To clarify, this essentially follows the same 4 steps outlined in my post but using different tools that don't require python:
    1. Unlock Bootloader
      - Used MediatekBootloaderUnlock rather than mtkclient
    2. Source boot.img
      - Managed to find the images online without having to extract them from a ROM. @Lark5, where?
    3. Patch boot.img (using Magisk)
      - Same
    4. Flash patched boot.img (using adb)
      - Same
    I think there's also a custom recovery install too (OrangeFox). I tend not to bother, but it can be convenient.
    2. Find ROM on this link: https://mirom.ezbox.idv.tw/en/phone/fleur/roms-global-stable/
    Fastboot Download V13.0.7.0.RKEMIXM
    Explanations:
    For fastboot (~5.6Gb) - firmware version, just unzip the ZIP, inside there is boot.img and vbmeta
    For recovery (-2.5Gb) needed to extract boot.img Through Pyton for example

    thanks for the help aricooperdavis
    1
    Rooting the POCO M4 Pro 4G (fleur) turned out to be quite straightforward. Note, I have a 2201117PG (EEA), you may have a different experience, it's not my fault if you brick your phone etc.

    The process can be broken down into 4 steps:
    1. Unlock Bootloader
    2. Source boot.img (using payload_dumper)
    3. Patch boot.img (using Magisk)
    4. Flash patched boot.img (using adb)



    1. Unlock Bootloader​

    This can be done using the official tool from MIUI or using mtkclient. I went for the mtkclient option as I don't want to send more of my personal data to MIUI than I have to.

    Step-by-step (adapted from this How to Guide):
    • Install mtkclient and its dependencies (easier if familiar with installing python packages etc., straightforward for me on Linux)
    • On your phone activate developer mode and turn on USB debugging and OEM unlocking
    • Turn off phone and disconnect from computer
    • In the directory where you installed mtkclient run:
      • python mtk e metadata,userdata,md_udc
        • At this point plug your phone in (still turned off)
      • python mtk da seccfg unlock
      • python mtk reset
    • Disconnect USB cable and reboot phone
      • When it boots a message is displayed saying it is corrupted. Click the power button to dismiss and continue booting.

    2. Source boot.img​

    The boot.img needs to be extracted from the official MIUI firmware package using payload_dumper.

    Step-by-step:
    • Download the firmware package for your device (you can check what version you need in Settings -> About phone -> MIUI version (For POCO)
    • Extract the .zip and find the payload.bin file
    • Download the payload dumper, extract the zip, and place the payload.bin file in the payload_dumper folder
    • In the payload_dumper directory run:
      • python payload_dumper.py payload.bin
    • This will extract lots of files from the firmware package. You only need to keep boot.img and vbmeta.img

    3. Patch boot.img​

    We need to patch the boot.img to give it root powers. We do this on the phone using Magisk.

    Step-by-step (adapted from the Magisk installation instructions):
    • On your phone, download Magisk and install it
    • Connect your phone to your computer and put the boot.img you extracted on your phone somewhere
    • Open Magisk and in "Magisk" section tap "Install"
    • Choose the "Select and Patch a File" option and select your boot.img in the file browser and let Magisk patch it
    • Find the patched boot image in Downloads (called magisk_patched_*.img) and copy it to your computer in the same directory as the vbmeta.img we extracted earlier

    4. Flash patched boot.img​

    Finally we need to replace the current boot.img on the phone with our patched one that has root powers. This is called flashing and is done using adb.

    Step-by-step:
    • Install the Android SDK platform tools which contains adb and fastboot
    • Install a USB driver that supports fastboot mode
    • Ensure your phone is connected, USB debugging is enabled and working, and OEM Unlocking is enabled
    • In the directory you copied the magisk_patched_*.img to run:
      • adb reboot bootloader
        • This reboots your phone into fastboot mode. Wait until "FASTBOOT" is displayed on the screen
      • fastboot flash boot magisk_patched_*.img
      • fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img
    • Once it's done reboot your phone by pressing and holding the power button
    That's all there is to it! This took me about an hour as I was working out all the steps as I've not rooted in a phone in nearly a decade - I reckon with a fast internet connection you could get it done in about 15 minutes.



    Tidying up​

    You can delete all the stuff you downloaded onto your computer and the boot.img and magisk_patched_*.img from your phone.

    It's a good idea to disable automatic OTA updates (Settings -> Additional settings -> Developer options -> Automatic sytem updates) so that you can update through Magisk.

    Some apps will be able to tell that you have rooted your phone, and may stop you from using them. You can check this by downloading YASNAC onto your phone and seeing if it passes. If not (which it won't) the most straightforward solution is to add the Universal SafetyNet Fix module to Magisk, then enable Zygisk in Magisk settings and restart your phone, which will be enough to pass SafetyNet Attestation. If they're clever and still detect the root then in Magisk toggle Enforce DenyList and add the problematic apps to the DenyList.
    Wow, Thank you very much!
    Very details!
    Will try it in my spare time.
    1
    Wow, Thank you very much!
    Very details!
    Will try it in my spare time.
    Good luck, let us know how it goes and what you do with your root! So far I've installed AdAway and De-Bloater :)