How To Guide Root POCO M4 Pro 4G (fleur) using Magisk

Search This thread
By:
Advanced…
N

ncc1977d

Senior Member
Feb 15, 2015
78
16
45
Redmi Note 11S 4G / POCO M4 Pro 4G (fleur)
  • Like
Reactions: bonlui
losvatoslocos

losvatoslocos

New member
Feb 22, 2023
2
1
Just successfully rooted my new Poco M4, version code V13.0.7.0.RKEMIXM. Noted a couple of points that could've saved me ~1 hour extra, had I known them.

1. Mtkclient should be really of recent version. I first took what was available in ArchLinux's AUR, but it didn't support the da command. Then I grabbed it from the github and it worked fine.

2. Unlike the author's device, my was A/B-partitioned. So instead of fastboot flash boot ... , I used boot_a and boot_b. Same for vbmeta.

3. From the fresh stock device (before any modifications), I backed up all partitions. Then I downloaded the official archive. Finally I compared byte-to-byte a couple of images: from the device and from the archive. Noted that for the case of vbmeta image it differ in 1 byte. Anyhow, I reflashed the one from the device supplying these skip verity flags etc. Everything worked fine.

4. During the backup using Mtkclient, I could backed up all partitions except the 'super' which was the biggest. It just broke somewhere around 70%.

Hope my information helped someone...

PS

Debloating followed the rooting. Removed >20 of garbage and near-spy software.
 
  • Like
Reactions: aricooperdavis
uzumakiiy

uzumakiiy

Member
Dec 4, 2020
6
0
losvatoslocos said:
Just successfully rooted my new Poco M4, version code V13.0.7.0.RKEMIXM. Noted a couple of points that could've saved me ~1 hour extra, had I known them.

1. Mtkclient should be really of recent version. I first took what was available in ArchLinux's AUR, but it didn't support the da command. Then I grabbed it from the github and it worked fine.

2. Unlike the author's device, my was A/B-partitioned. So instead of fastboot flash boot ... , I used boot_a and boot_b. Same for vbmeta.

3. From the fresh stock device (before any modifications), I backed up all partitions. Then I downloaded the official archive. Finally I compared byte-to-byte a couple of images: from the device and from the archive. Noted that for the case of vbmeta image it differ in 1 byte. Anyhow, I reflashed the one from the device supplying these skip verity flags etc. Everything worked fine.

4. During the backup using Mtkclient, I could backed up all partitions except the 'super' which was the biggest. It just broke somewhere around 70%.

Hope my information helped someone...

PS

Debloating followed the rooting. Removed >20 of garbage and near-spy software.
Click to expand...
Click to collapse
Can't i get debloat list of that apps?
 
aricooperdavis

aricooperdavis

Senior Member
Feb 27, 2019
161
87
United Kingdom
cooper-davis.net
Samsung Galaxy Tab S6 Lite
Redmi Note 11S 4G / POCO M4 Pro 4G (fleur)
  • Like
Reactions: uzumakiiy
You must log in or register to reply here.

Similar threads

yshalsager
General [MIUI Updates Tracker] Redmi Note 11S 4G / POCO M4 Pro 4G (fleur)
Replies
74
Views
13K
yshalsager
yshalsager
yshalsager
Development [Firmware] Redmi Note 11S 4G / POCO M4 Pro 4G [fleur] [Auto updated!]
Replies
25
Views
8K
yshalsager
yshalsager
MikeChannon
  • Locked
  • Sticky
General [Info] Redmi Note 11S 4G / POCO M4 Pro 4G (fleur)
Replies
0
Views
5K
MikeChannon
MikeChannon
Y
  • Poll
Question Does your Poco m4 pro 4g have the following problems?
Replies
14
Views
7K
J
Jedi3815
aricooperdavis
How To Guide Fix Google Wallet "security requirements" by spoofing fingerprint (rooted)
Replies
46
Views
11K
H
hemfreitas11

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 1
    aricooperdavis
    aricooperdavis
    uzumakiiy said:
    Can't i get debloat list of that apps?
    Click to expand...
    Click to collapse

    List of APKs safe to debloat

    Xiaomi ships a load of bloat with this phone...
    forum.xda-developers.com forum.xda-developers.com
    View
  • 9
    aricooperdavis
    aricooperdavis
    Rooting the POCO M4 Pro 4G (fleur) turned out to be quite straightforward. Note, I have a 2201117PG (EEA), you may have a different experience, it's not my fault if you brick your phone etc. Backup before you start as this will wipe your phone.

    The process can be broken down into 4 steps:
    1. Unlock Bootloader
    2. Source boot.img
    3. Patch boot.img (using Magisk)
    4. Flash patched boot.img (using adb)


    1. Unlock Bootloader​

    Note: This step will wipe your phone.

    This can be done using the official tool from MIUI, using MediatekBootloaderUnlock (Windows 10/11, which reportedly does not wipe your user data), or using mtkclient (Any OS but requires Python). I will explain the mtkclient option as I'm on Linux and don't trust MIUI with more personal data than I have to.

    Step-by-step (adapted from this How to Guide):
    • Install mtkclient and its dependencies (easier if familiar with installing python packages etc., straightforward for me on Linux)
    • On your phone activate developer mode and turn on USB debugging and OEM unlocking
    • Turn off phone and disconnect from computer
    • In the directory where you installed mtkclient run:
      • python mtk e metadata,userdata,md_udc
        • This erases your data
        • At this point plug your phone in (still turned off)
      • python mtk da seccfg unlock
        • This unlocks the bootloader
      • python mtk reset
        • This reboots the phone
    • Disconnect USB cable and reboot phone
      • When it boots a message is displayed warning that dm-verity is corrupted. Click the power button to dismiss and continue booting.

    2. Source boot.img​

    • Find your MIUI version in Settings -> About phone -> MIUI Version and look for the version number (e.g. 13.0.6.0(RKEEUXM))
    • Visit the MIUI Updates Tracker and download the matching Stable Fastboot update (if you can't find it scroll down to Extracting boot.img from Payload)
    • Unzip the TGZ and the TAR that it contains then navigate to the images directory and find the boot.img file

    3. Patch boot.img​

    We need to patch the boot.img to give it root powers. We do this on the phone using Magisk.

    Step-by-step (adapted from the Magisk installation instructions):
    • On your phone, download Magisk and install it
    • Connect your phone to your computer and put the boot.img you extracted on your phone somewhere
    • Open Magisk and in "Magisk" section tap "Install"
    • Choose the "Select and Patch a File" option and select your boot.img in the file browser and let Magisk patch it
    • Find the patched boot image in Downloads (called magisk_patched_*.img) and copy it to your computer in the same directory as the vbmeta.img we extracted earlier

    4. Flash patched boot.img​

    Finally we need to replace the current boot.img on the phone with our patched one that has root powers. This is called flashing and is done using adb.

    Step-by-step:
    • Install the Android SDK platform tools which contains adb and fastboot
    • Install a USB driver that supports fastboot mode (you cannot use fastbootd for this or you'll bootloop)
    • Ensure your phone is connected, USB debugging is enabled and working, and OEM Unlocking is enabled
    • In the directory you copied the magisk_patched_*.img to run:
      • adb reboot bootloader
        • This reboots your phone into fastboot mode. Wait until "FASTBOOT" is displayed on the screen
      • fastboot flash boot magisk_patched_*.img
        • This flashes the patched boot.img to give you root
      • fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
        • This flashes the vbmeta.img, disabling the dm-verity corruption message at startup
    • Once it's done reboot your phone by pressing and holding the power button
    That's all there is to it! This took me about an hour as I was working out all the steps as I've not rooted in a phone in nearly a decade - I reckon with a fast internet connection you could get it done in about 15 minutes.



    Extract boot.img from Payload​

    If you can't find a fastboot image (boot.img) for your version then you might be able to extract it from the full firmware package. This will require the use of a third party tool such as payload-dumper (python) or payload-dumper-go. Note that you may be better off just waiting for the fastboot image to be released to the public.



    Tidying up​

    You can delete all the stuff you downloaded onto your computer and the boot.img and magisk_patched_*.img from your phone.

    It's a good idea to disable automatic OTA updates (Settings -> Additional settings -> Developer options -> Automatic sytem updates) so that you can update through Magisk.

    Some apps will be able to tell that you have rooted your phone, and may stop you from using them. You can check this by downloading YASNAC onto your phone and seeing if it passes. If not (which it won't) the most straightforward solution is to add the Universal SafetyNet Fix module to Magisk, then enable Zygisk in Magisk settings and restart your phone, which will be enough to pass SafetyNet Attestation. If they're clever and still detect the root then in Magisk toggle Enforce DenyList and add the problematic apps to the DenyList.



    Updating Magisk
    You cannot update Magisk via the Magisk app, as this device does not allow writing to the boot partition at runtime.

    Instead, update the Magisk app, then use it to patch your stock boot.img and flash it manually using fastboot, as if you were installing it from scratch (as above). This will not wipe your user data, but be sure to backup first in case something goes wrong.
    View
    4
    L
    Lark5
    Unlock Bootloade and Root and RECOVERY for Poco M4 Pro (4G) with out Pyton (on Windows 10\11):

    Unlock Bootloader:
    1.Download the MediatekBootloaderUnlock archive. Unpack the archive ZIP.
    2. Open the Driver folder and right-click the cdc-acm.inf file, select "Install"
    3.Now go back to the main folder and install the USBDK (x64 for 64-bit OS, x86 for 32-bit OS) on your PC (also right click - install).
    4. Reboot the PC.
    5.Turn off the phone.
    6.Run the UnlockBootloader.bat file to start the bootloader unlock process. We keep it on, it is in a state of response from the phone, if the firewood, the cable is connected, then everything is ok, I’ll tell you right away that it turned out 3 times.
    7.Now connect the phone to the computer with a cable by holding down the volume up + down + power button. (If the volume up button doesn't work, try using volume up or volume up + volume down or all three hardware buttons) while the UnlockBootloader.bat file is open.
    8.Once the phone is detected, some commands will be run in the UnlockBootloader.bat file. Let the commands finish and as soon as the window closes. Your bootloader will be unlocked.
    BY THE WAY! - You can lock the bootloader again by following the same steps without clearing. Just use LockBootloader.bat with the same steps.

    Root:
    Downloading the official firmware for the phone, I took fleur_global_images_V13.0.7.0.RKEMIXM_20220419.0000.00_11.0_global (approximately 5.6GB in weight)
    Unpacked it ZIP, pulled out 2 files from there fleur_global_images_V13.0.7.0.RKEMIXM_20220419.0000.00_11.0_global\images
    boot.img and vbmeta.img

    Downloaded Magisk STABLE Version: 24.3 - download on telephone, setup APP
    Launch Magisk Manager. When a pop-up window appears asking you to install Magisk, select INSTALL and select install again.

    Click on "Fix Boot Image File".
    Connect your device to PC via USB cable. Make sure USB debugging is enabled.
    Download ADB \ fastoot (I took tools_r29.0.6-windows)
    Run CMD as Administrator
    We write -
    adb devices - the phone must be determined (QX ********* device - so all drivers are correct)
    adb reboot bootloader - The phone reboots into fastboot mode - an inscription on the screen if dm-verity corruption messages appear - press POWER to continue
    fastboot flash boot boot_PATCH.img (file name how to change)
    fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img - will remove the inscription dm-verity corruption


    OrangeFox-R11 RECOVERY:​

    Downloads for : -Android- Generic Device/Other | AndroidFileHost.com | Download GApps, Roms, Kernels, Themes, Firmware and more. Free file hosting for all Android developers.

    Download GApps, Roms, Kernels, Themes...
    androidfilehost.com androidfilehost.com

    Download, and Run CMD as Administrator
    We write -
    fastboot flash boot XXXXNAMEXXXX.img
    Flash !boot! not fastboot flash recovery XXXXNAMEXXXX.img
    View
    2
    W
    Witteb
    ******Update******
    i fixed that problem by pushing both volume buttons before connecting the phone to the computer.
    ********************

    Hi i hope you guys can help me out..

    I am using a Imac on mx linux.
    I have a Xiaomi Redmi note 11s on miui version 13.0.8.0 (RKEEUXM), i have both oem-unlocking and usb debugging on in developers mode.

    When i connect my phone to my pc and use the "adb devices" command it shows my device, when i boot my phone to fastboot and use the "./fastboot devices" command it shows my device so i know there is a good connection between it. even when i boot my phone in "recovery mode" and use the adb command it shows my phone as "sideload"

    When i use/run python3 mtk_gui it starts but i never can get a connection between my phone and mtkclient.
    When i run the command line only by using "python3 mtk e metadata,userdata,md_udc" it shows me this :


    [email protected]:~/mtkclient
    $ python3 mtk e metadata,userdata,md_udc
    MTK Flash/Exploit Client V1.5.9 (c) B.Kerler 2018-2022

    Preloader - Status: Waiting for PreLoader VCOM, please connect mobile

    Port - Hint:

    Power off the phone before connecting.
    For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
    For preloader mode, don't press any hw button and connect usb.


    ...........

    Port - Hint:

    Power off the phone before connecting.
    For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
    For preloader mode, don't press any hw button and connect usb.

    Now i follow the exact steps you described but it doesnt recognise my phone.

    Does someone know what the problem could be ?

    thanks.

    ******Update******
    i fixed that problem by pushing both volume buttons before connecting the phone to the computer.
    ********************
    View
    2
    aricooperdavis
    aricooperdavis
    Here you go!

    Update OS by flashing via fastboot (stock recovery)

    So you have a notification telling you that...
    forum.xda-developers.com forum.xda-developers.com

    List of APKs safe to debloat

    Xiaomi ships a load of bloat with this phone...
    forum.xda-developers.com forum.xda-developers.com
    View
    2
    L
    Lark5
    aricooperdavis said:
    Well done, glad you've got it sorted!

    To clarify, this essentially follows the same 4 steps outlined in my post but using different tools that don't require python:
    1. Unlock Bootloader
      - Used MediatekBootloaderUnlock rather than mtkclient
    2. Source boot.img
      - Managed to find the images online without having to extract them from a ROM. @Lark5, where?
    3. Patch boot.img (using Magisk)
      - Same
    4. Flash patched boot.img (using adb)
      - Same
    I think there's also a custom recovery install too (OrangeFox). I tend not to bother, but it can be convenient.
    Click to expand...
    Click to collapse
    2. Find ROM on this link: https://mirom.ezbox.idv.tw/en/phone/fleur/roms-global-stable/
    Fastboot Download V13.0.7.0.RKEMIXM
    Explanations:
    For fastboot (~5.6Gb) - firmware version, just unzip the ZIP, inside there is boot.img and vbmeta
    For recovery (-2.5Gb) needed to extract boot.img Through Pyton for example

    thanks for the help aricooperdavis
    View

New posts