Unlocking bootloader, rooting, hiding root, Play Integrity, and hiding unlocked bootloader status for Xiaomi devices (this guide should work for most of the newer Xiaomi devices with HyperOS/HyperOS 2.0)

Unlocking the bootloader (HyperOS)

Warning

• BACK UP ANY DATA YOU MAY HAVE ON YOUR PHONE; THIS WILL FACTORY RESET YOUR PHONE.

Requirements

• Your Xiaomi account must be over 30 days old.
• Enable Find device in Xiaomi Cloud in the Settings app (this may not be necessary, but you should do it to be sure).

Step 1: Enable OEM Unlocking

• In the Settings app, go to About phone, and then tap the OS version 5 times.
• Enable OEM Unlocking from Developer Options.

Step 2: Reinstall Xiaomi Community

• Uninstall Xiaomi Community, reboot, and then install the latest version of Xiaomi Community via the Play Store.

Step 3: Change account's region

• Sign in to your Xiaomi account through the Xiaomi Community app.
• Go to the Me tab, scroll down and select Set up.
• Select Change region and choose Global.

Step 4: Apply for unlocking

• At exactly 12:00 AM GMT+8, press "Apply for unlocking" (If you do this too late, you may encounter an "application quota limit reached" error, so ensure you act precisely at 12:00 AM GMT+8, you can use this site to check the time).
• It might display an "Account Error" window. If that happens, you'll need to retry after 10 days.
• Tip: If you cannot apply for unlocking or encounter quota limit with this guide, you can follow another method using this Python automation script to automate the button press and run multiple instances simultaneously to improve your chances.

Step 5: Preparing for bootloader unlock

• Logout of your Xiaomi account within your phone's settings.
• Reboot your phone.
• Log back into your Xiaomi account in the settings.

Step 6: Add your account to Mi Unlock

• Turn off your Wi-Fi and ensure you have a working mobile data connection.
• In Developer Options, scroll down until you see Mi Unlock status, select it, and press Add account and device.

Step 7: Download the Mi Unlock tool

• Download the latest version of the tool from here.

Step 8: Sign in to your Xiaomi account in the Mi Unlock tool

• After downloading the tool, extract it, navigate to the extracted folder, and open miflash_unlock.exe.
• It will prompt you to sign in.
• After signing in, agree to the disclaimer.

Step 9: Download ADB and Fastboot tools

• Go to this site and select the one for Windows.
• Download it and extract it. You should now see a folder named platform-tools.
• Navigate to the extracted folder, click on the address bar, and replace everything in the address bar with cmd, and then press enter and a CMD window should show up.

Step 10: Enable USB Debugging

• Enable USB Debugging from Developer Options.

Step 11: Unlocking the bootloader

• Plug your phone in and press allow computer when prompted on the phone.
• In the CMD window that you opened in step 8, type adb.exe reboot fastboot and press enter.
• Your phone should reboot and show the text FASTBOOT.
• In the Mi Unlock app, it should say phone connected. Now press unlock, and then press unlock anyway.
• It might say couldn't unlock; you have to wait for the amount of hours that is displayed (During this waiting time, DO NOT log out of your Xiaomi account on the phone or the Xiaomi Community app).
• After waiting for the specified amount of hours, do the same unlocking process and this time your phone should be unlocked.

---

Rooting

Disclaimer: init_boot is for newer devices. If your device does not have init_boot, replace init_boot with boot instead.

Tip: Disable auto-update in the update settings if you don't want to root again every time.

Step 1: Obtain ROM Files

1. Navigate to About phone -> OS Version on your device.
2. Download the firmware (Fastboot ROM) from miuirom.org corresponding to your device and OS Version.

Step 2: Extract Firmware

• Use tools like 7-Zip to extract the firmware.

Step 3: Locate the images Folder

• Navigate to the images folder within the extracted firmware files.

Step 4: Backup init_boot.img

1. Copy init_boot.img to the platform-tools folder that you extracted in Step 8 of unlocking the bootloader.
2. Rename it to init_boot_stock.img (DO NOT DELETE THIS FILE IN CASE OF A BRICK).

Step 5: Transfer to Phone

• Transfer the init_boot_stock.img file to your phone.

Step 6: Install Magisk Alpha

• Download and install the lastest version of Magisk Alpha from their Telegram Channel.

Step 7: Patch the init_boot_stock.img

1. Open the Magisk Alpha app.
2. Tap Install -> Select and Patch a File.
3. Choose init_boot_stock.img.
4. The patched file will appear as something like magisk_patched-28001_p5r8c.img in your phone's Download folder.

Step 8: Transfer Patched File to PC

• Move the patched file (magisk_patched-28001_xxxxx.img) to the platform-tools folder on your computer.

Step 9: Reboot to Fastboot

1. Connect your phone to the computer.
2. Navigate to the platform-tools folder, click on the address bar, and replace everything in the address bar with cmd, and then press enter and a CMD window should show up.
3. Run the following command in CMD:

   adb.exe reboot fastboot
   

Step 10: Flash Patched init_boot

1. In the same CMD window, execute the following commands:

   fastboot.exe flash init_boot_a magisk_patched-28001_xxxxx.img (e.g., fastboot.exe flash init_boot_a magisk_patched-28001_p5r8c.img)
   fastboot.exe flash init_boot_b magisk_patched-28001_xxxxx.img (e.g., fastboot.exe flash init_boot_b magisk_patched-28001_p5r8c.img)
   fastboot.exe reboot
   

   For OLD DEVICES without init_boot (DO NOT FOLLOW THESE COMMANDS IF YOUR DEVICE ALREADY HAVE init_boot !!!!!!!!!!!!!!!!!!!!!):

   fastboot.exe flash boot_a magisk_patched-28001_xxxxx.img (e.g., fastboot.exe flash boot_a magisk_patched-28001_p5r8c.img)
   fastboot.exe flash boot_b magisk_patched-28001_xxxxx.img (e.g., fastboot.exe flash boot_b magisk_patched-28001_p5r8c.img)
   fastboot.exe reboot
   

   For OLD DEVICES without init_boot, if there's an error, try running this command (DO NOT FOLLOW THESE COMMANDS IF YOUR DEVICE ALREADY HAVE init_boot !!!!!!!!!!!!!!!!!!!!!)::

   fastboot.exe --disable-verity --disable-verification flash vbmeta vbmeta.img (vbmeta.img is from the firmware you downloaded)
   

Your device should be rebooted to the system and have root access.

---

Hiding Root (You SHOULD be able to use this hiding root section with most Android devices like Xiaomi, Samsung, etc.)

Step 1: Hide Magisk App

1. Open the Magisk Alpha app.
2. Go to Settings -> Hide Magisk App (You can name it anything, e.g., Settings).
3. Disable Zygisk.
4. Turn Enforce Denylist OFF.

Step 2: Configure DenyList

1. Navigate to Configure DenyList.
2. Select the apps you want to hide root from (tap the app, and then tap on the checkbox).

Step 3: Install Required Magisk Modules

Install the following modules in this order:

• Zygisk Next
• Tricky Store
• Zygisk Assistant
• LSPosed
• Shamiko

Step 4: Reboot

Step 5: Install Hide My Applist

1. Install the Hide My Applist module.
2. Enable it via LSPosed manager.

Step 6: Configure "Template manage"

1. On the home screen of "Hide My Applist", go to Template manage and create a blacklist template.
2. Name it anything, and add the following to Apps Invisible:
   • Hide My Applist
   • Settings (Hidden Magisk App) (If you unhide the Magisk Alpha app, you have to add it back when you hide it again)
   • Any LSPosed modules you will install in the future

Step 7: Configure "App Manage"

1. On the home screen of "Hide My Applist", go to App Manage and select the apps that are detecting root.
2. Select "Enable Hide" -> Set "Work Mode" to Blacklist (default option) -> Select "Using 0 templates" and choose the template you named.

---

Play Integrity Fix (MAY 2025)

As of May 2025, Google has rolled out major changes to the Play Integrity API, follow these steps to fix it:

Step 1: Install Required Magisk Modules

Make sure you already have the Tricky Store module from Step 3 of Hiding Root installed, then install the following modules:

• PlayIntegrityFix (download the newest inject-s version)
• Tricky Store Addon
• Busybox
• Yuri Keybox Manager

Step 2: Reboot

Step 3: Install KsuWebUI

• Download and install the lastest version of KsuWebUI from here.

Step 3: Configure PlayIntegrityFix

1. Open the KsuWebUI app.
2. Click on the PlayIntegrityFix module.
3. Click on the Advanced button, and make sure Spoof Build, Spoof Build (Play Store), Spoof Props, Spoof Provider, and Spoof Signature are toggled on.
4. Click on the Fetch pif.json button, and wait for it to be done

Step 4: Configure Yuri Keybox Manager

1. Open the KsuWebUI app.
2. Click on the Yuri Keybox Manager module.
3. Go to the Menu tab
4. Click Set Up Yuri Keybox, Set Up Security Patch, Set Up Verified Boothash, Set up Target.txt, and Force Stop & Clear Data Play Store

Step 5: Reboot

Step 6: Check the Integrity

• Use this app

Note: Do not change keybox too frequently, or preferably, not at all. If you check too frequently, Google will get suspicious.

Reminder: If you suddenly fail to pass Play Integrity, do Step 3 & 4 again.

Some custom ROMS spoof old fingerprints (PIF's) by default, you'd need to disable that functionality if your rom has it built in, I can't help much for this part.

---

Hiding Bootloader Status

Step 1: Install Required Magisk Modules

Make sure the Tricky Store and Tricky Store Addon modules are installed.

Step 2: Adding Apps

1. Open the KsuWebUI
2. Click on the Tricky Store module.
3. You can search for the apps you'd like to hide bootloader status from, then check the box for it.
4. Hit the blue Save button at the center bottom of the screen, scroll to top if you don't see the button.

---

Tested and found to be working on the following devices (I'd appreciate it if you guys could report it back to me your device if in Issues if it works for you)

• Xiaomi 14T (HyperOS)
• Xiaomi Redmi K60 Ultra 5G (HyperOS/HyperOS 2.0)
• Xiaomi Mi 11 Ultra (HyperOS)
• Xiaomi 12 (Lineage OS 22.2)
• Xiaomi 13 Ultra (HyperOS 2.0)
• Xiaomi Redmi Note 15 5G (HyperOS 2.0)

---

Images