How To Guide Unlocking and Rooting Xiaomi 12S Ultra (Twrp/Magisk)

Search This thread

Nabicook

Member
Jul 26, 2022
35
11
South Korea
A very well known disclaimer : your warranty is void after doing this. And I am not responsible for any damage caused on your device. It's all on you.

Make sure to have your google play store apk downloaded somewhere.
Unlocking the bootloader will wipe all data AND your play store.

but you don't have to use xiaomi google play service installer or such.
This phone has built in google service, and just the play store goes away by factory reset.

1.Mi Unlock - link​

Download the tool on pc, enable developer options on your phone
(My device - All specs - tap miui version 7 times).

Go to dev options(Additional Settings) and enable OEM unlocking.
Right below, there is Mi Unlock Status.
Link the device to your Mi account.

From this moment, you have to wait 168 hours
WITHOUT logging out Mi account on your phone
or adding another device on your Mi account.

Else, the counter will reset.
The counter is server-sided.
No need to worry about restarting or turning off the device during this period.

Goto Mi account and add your PHONE NUMBER to the account.
Else, you will face loading loop on Mi unlock tool after typing in the verification code.
Once that is done, boot to fastboot
(turn off device, then hold power and volume down, or use 'adb reboot fastboot')

and use Mi unlock tool to make sure you see
"try again after 168 hours" message.

That's it. Come back after 168 hours(1 week) and unlock your phone using the tool.
Your bootloader will be unlocked now.

ADB/Fastboot - just in case you don't have it
go setup fastboot for later steps.


2.Rooting​

There are two ways of rooting now that we have a twrp.

/

Method A : (TWRP Root) way easier.​

TWRP - please refer to my post

download twrp, and use fastboot.
fastboot boot twrp-3.6.2_A12-thor-unofficial.img
(or your img name)

Once you boot into twrp,
go to "Advanced" and "flash this twrp."
when it's done, do not reboot,
go back and in the same Advanced menu, install magisk(not alpha). That's it!

Now reboot to the system,
you will see brown magisk app that basically does nothing but infinite download,
ignore the app and get yourself a magisk app below,
once installed and opened it, magisk will tell you to reboot once more.

Now you are fully rooted!

Magisk - link​

/

Method B : (Magisk root)​

if you are going to use twrp, just follow method A else you have to go back to the bootloader again and do all that stuff. Twrp method does all at once.

Magisk patched boot img - 13.0.7 Latest (Magisk original 25.2)
or the same file attached below.

Magisk Patched boot.img - 13.0.5(Magisk canary)

Basically download the ROM, get boot.img out of it, and use Magisk to patch it.

Now put your device to fastboot mode, place boot.img to your ADB folder (C:/adb) and type these one by one.
fastboot flash boot_ab boot.img
fastboot reboot

now you have a rooted device!


3. Safetynet Fix -link updated.​

Apply this patch via Magisk
Enable Zygisk, enforce DenyList,
and then toggle these options in cofiguration.

Screenshot_2022-08-06-08-55-49-571_oujxqlqyxkbbg.b.c.y.jpg


Now you should be able to pass the Safetynet test.
Also add you banking apps or anything it shouldn't detect root and Magisk.

Feel free to leave any questions below.

For advanced Users, I am testing out Konabess since they added SD 8+ gen 1 support. Let me know your thoughts! I can confirm that the tool works, but havent tested enough to verify if it acutally works.
Go use KonaBess if you are into serious tweaking! It works
 

Attachments

  • magisk_patched-25200_FYG3U.zip
    20.8 MB · Views: 146
Last edited:
Wondering why in your ADB commands guy flashed 2 boot images. Can you expand on why? Shouldn't it be fine just flashing the patched boot?
The 2 commands are there to ensure that the patched image is flashed on both the A and B slots of the device. Mismatched boot images on the 2 partitions often cause bootloops or related issues.
 
  • Like
Reactions: Kydaix

lukemo

Senior Member
Feb 17, 2008
613
90
Milan
Thanks for sharing but without safetynetfix I don't pass safetynet test...others can confirm or not? Thanks.
 

GodKingKnight

Senior Member
May 7, 2012
179
34
Xiaomi 12S Ultra
A very well known disclaimer : your warranty is void after doing this. And I am not responsible for any damage caused on your device. It's all on you sir.

Unlock bootloader - patch boot.img - fastboot flash.
These are the steps.

Make sure to have your google play store apk downloaded somewhere. Unlocking the bootloader will wipe all data AND your play store.

1.Mi Unlock - link
Download the tool on pc, enable developer options on your phone(My device - All specs - tap miui version 7 times).
Go to dev options(Additional Settings) and enable OEM unlocking.
Right below, there is Mi Unlock Status.
Link the device to your Mi account.
From this moment, you have to wait 168 hours WITHOUT logging out Mi account on your phone or adding another device on your Mi account. Else, the counter will reset. The counter is server-sided so you dont have to worry about restarting or turning off the device during this period.

Goto Mi account and add your PHONE NUMBER to the account. Else, you will face loading loop on Mi unlock tool after typing in the verification code. Once that is done, boot to fastboot(turn off device, then hold power and volume down, or use 'adb reboot fastboot') and use Mi unlock tool to make sure you see "try again after 168 hours" message.

That's it. Come back after 168 hours(1 week) and unlock your phone. Your bootloader will be unlocked now.

ADB/Fastboot - just in case you don't have it,
go setup fastboot for later steps.

2. Magisk - link

Magisk patched boot img - 13.0.7 Latest (original 25.2)
or the same file attached below.


Magisk Patched boot.img - 13.0.5(canary)

Basically download the ROM, get boot.img out of it, and use Magisk to patch it.

Now put your device to fastboot mode, place boot.img to your ADB folder (C:/adb) and type these one by one.

fastboot flash boot_a boot.img
fastboot flash boot_b boot.img


after you see success each time,

fastboot reboot

now you have a rooted device!


3. Safetynet Fix -link
Apply this patch via Magisk
Enable Zygisk, enforce DenyList,
and then toggle these options in cofiguration.

View attachment 5678797

Now you should be able to pass the Safetynet test.

Feel free to leave any questions below.

For advanced Users, I am testing out Konabess since they added SD 8+ gen 1 support. Let me know your thoughts! I can confirm that the tool works, but havent tested enough to verify if it acutally works.
I have to login to download you patched file
 

linamus

Senior Member
Dec 7, 2012
65
21
Brown-Magisk does infinite download because it is being blocked by MIUI Optimizations, which can be disabled in dev settings.
 

joiliko

Member
Aug 17, 2022
8
0
Guys, I *probably* screwed up and need advice:
After update to latest MIUI stable I've lost root and decided to regain it.
(1. but, I've messed up with cmd prompt and flashed twrp image for recovery while in fastboot
2. Later on I've flashed correct fastboot image of twrp)

After twrp loads, it requires me to enter password to mount data. I fogot/never set it (used graphics lock all way long).

When I press cancel and reboot - I get constant bootloop
Default passwords don't work, deciphering graphic password into numbers also
TWRP doesn't offer me to use graphic password
Flashing stock boot.img and recovery doesn't help, I just get boot to stock recovery.

Pls help me get out of this constant bootloop
Obviously, I don't want to wipe data and do clean reflash
 
Last edited:

joiliko

Member
Aug 17, 2022
8
0
Thanks, but if I use that command I get
FAILED (remote: 'Failed to load/authenticate boot image: Bad Buffer Size')
Oh, and when I use MiFlash to flash recovery rom latest v.11, it gets stuck at 4.99% and then reboots

So I guess there's only fastboot flash option left?
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    A very well known disclaimer : your warranty is void after doing this. And I am not responsible for any damage caused on your device. It's all on you.

    Make sure to have your google play store apk downloaded somewhere.
    Unlocking the bootloader will wipe all data AND your play store.

    but you don't have to use xiaomi google play service installer or such.
    This phone has built in google service, and just the play store goes away by factory reset.

    1.Mi Unlock - link​

    Download the tool on pc, enable developer options on your phone
    (My device - All specs - tap miui version 7 times).

    Go to dev options(Additional Settings) and enable OEM unlocking.
    Right below, there is Mi Unlock Status.
    Link the device to your Mi account.

    From this moment, you have to wait 168 hours
    WITHOUT logging out Mi account on your phone
    or adding another device on your Mi account.

    Else, the counter will reset.
    The counter is server-sided.
    No need to worry about restarting or turning off the device during this period.

    Goto Mi account and add your PHONE NUMBER to the account.
    Else, you will face loading loop on Mi unlock tool after typing in the verification code.
    Once that is done, boot to fastboot
    (turn off device, then hold power and volume down, or use 'adb reboot fastboot')

    and use Mi unlock tool to make sure you see
    "try again after 168 hours" message.

    That's it. Come back after 168 hours(1 week) and unlock your phone using the tool.
    Your bootloader will be unlocked now.

    ADB/Fastboot - just in case you don't have it
    go setup fastboot for later steps.


    2.Rooting​

    There are two ways of rooting now that we have a twrp.

    /

    Method A : (TWRP Root) way easier.​

    TWRP - please refer to my post

    download twrp, and use fastboot.
    fastboot boot twrp-3.6.2_A12-thor-unofficial.img
    (or your img name)

    Once you boot into twrp,
    go to "Advanced" and "flash this twrp."
    when it's done, do not reboot,
    go back and in the same Advanced menu, install magisk(not alpha). That's it!

    Now reboot to the system,
    you will see brown magisk app that basically does nothing but infinite download,
    ignore the app and get yourself a magisk app below,
    once installed and opened it, magisk will tell you to reboot once more.

    Now you are fully rooted!

    Magisk - link​

    /

    Method B : (Magisk root)​

    if you are going to use twrp, just follow method A else you have to go back to the bootloader again and do all that stuff. Twrp method does all at once.

    Magisk patched boot img - 13.0.7 Latest (Magisk original 25.2)
    or the same file attached below.

    Magisk Patched boot.img - 13.0.5(Magisk canary)

    Basically download the ROM, get boot.img out of it, and use Magisk to patch it.

    Now put your device to fastboot mode, place boot.img to your ADB folder (C:/adb) and type these one by one.
    fastboot flash boot_ab boot.img
    fastboot reboot

    now you have a rooted device!


    3. Safetynet Fix -link updated.​

    Apply this patch via Magisk
    Enable Zygisk, enforce DenyList,
    and then toggle these options in cofiguration.

    Screenshot_2022-08-06-08-55-49-571_oujxqlqyxkbbg.b.c.y.jpg


    Now you should be able to pass the Safetynet test.
    Also add you banking apps or anything it shouldn't detect root and Magisk.

    Feel free to leave any questions below.

    For advanced Users, I am testing out Konabess since they added SD 8+ gen 1 support. Let me know your thoughts! I can confirm that the tool works, but havent tested enough to verify if it acutally works.
    Go use KonaBess if you are into serious tweaking! It works
    1
    Wondering why in your ADB commands guy flashed 2 boot images. Can you expand on why? Shouldn't it be fine just flashing the patched boot?
    The 2 commands are there to ensure that the patched image is flashed on both the A and B slots of the device. Mismatched boot images on the 2 partitions often cause bootloops or related issues.
    1
    Much appreciate the clarification. Thanks again!
    The 2 commands are there to ensure that the patched image is flashed on both the A and B slots of the device. Mismatched boot images on the 2 partitions often cause bootloops or related issues.
    1
    did you fix netflix l1 after root ?
    not yet, miui seems to be difficult to edit build prop or at least there are other ways to do.
    simply editing build prop with root permission won't work btw