How to unlock & root MiUI12.5 with Google Pay

I had been enjoying my Xiaomi Mi 11 (review) for some time now, but I delayed rooting the phone due to a pending MiUI12.5 update. Now that the update is here and the fastboot version of the ROM is available, I can root the phone without losing access to Google Pay. I will show you step by step how to unlock & root MiUI12.5 with Google Pay. I will do so on Xiaomi Mi 11, but I’d imagine the process to work on any phone using this ROM.

How to unlock MiUI12.5

You will need a valid Xiaomi account to proceed. You have most likely created one when setting up the account, but to be sure, check your Xiaomi options, note your account details and make sure you can log in to your Xiaomi account. Otherwise, you will lock your phone.

I hope you have a week to spend sitting on your ass. Xiaomi phones come with an arbitrary unlock timer, and the first attempt to unlock the phone will ask you to sit down and revisit your life choices 7 days later. It’s a great moment to bookmark my page and return when you are ready.

To unlock Xiaomi phone with MiUI12.5 you will need the following:

• Xiaomi unlock tool

To unlock your phone, download the software on the computer and follow these steps on the phone. Make sure you backed up all the information before you continue.

1. Settings— About phone— MIUI Version (Keep tapping it to enable developer option).
2. Settings— Additional settings— Developer option and bind your approved Mi account under Mi Unlock Status. Enable Unlocking. 
3. Log into the Mi account which has acquired unlocking permission on your device.
4. Download Android ADB drivers and install them on your computer, you can also use Windows Device Driver update to get it. Plug USB cable in – you should see a USB debugging prompt, which confirms it.
5. Turn off your device, press the Power button and Volume – down button at the same time to enter bootloader mode.
6. Log into the unlocking tool on a PC with the same Mi account as on your phone. Connect the device to the PC using a USB cable
7. Press ‘Unlock‘ and follow the timer/ waiting period shown in Mi Unlock Tool to unlock successfully.

This process should take no more than a minute. Your first boot will take longer and the device will guide you through the setup process. Don’t set up anything on that run. Just click through enough to enable Developer Options again.

You will notice that the phone status in the dev option will say “Unlocked”, MiUnlock tool should also confirm that your device is unlocked (if the cable is still attached at this point).

How to root MiUI12.5

Now that you are unlocked, it’s time for root. To get the root, you will need a fastboot version of your ROM and flash tools. There are many tools you could use but I used these:

• download the fastboot version of the MiUI12.5 for your phone
• download Xiaomi Flash tool
• download Magisk Manager APK

Extract the zipped ROM to a folder. It’s important that your folders have no spaces in the names, the flash tool still have this weird quirk. Unpack the Flash Tool, open it, if you see a weird error pointing you to a lof file, create a new folder inside the Flash Tool filter named “log” to fix it.

Put the phone into Fastboot mode (reboot, hold volume down when powering it up) and connect it to a PC. Select the ROM folder containing flash_all.sh file and start flash. Don’t forget to select clean all or save user data at the bottom of the window. By default, the tool will flash and lock your bootloader.

Rollback protection – be wise!

Rollback protection can brick your phone, so please read the following. Pay attention to the version of the current ROM vs the one you are about to flash The new ROM should have the same or newer version of the ROM to flash it safely. Don’t try to cross-region flash your ROM without reading this article.

Open the folder with your ROM, you should see flash scripts. To flash a clean ROM, we will use flash_all.sh. You can bypass the check, by editing the flash_all.sh script. You need to edit this file first. Open it with Notepad++ or similar and remove the following:

#check anti_version 
if [ -e $(dirname $0)/images/anti_version.txt ]; then
 CURRENT_ANTI_VER=cat $(dirname $0)/images/anti_version.txt
 fi
 if [ -z "$CURRENT_ANTI_VER" ]; then CURRENT_ANTI_VER=0; fi
 ver=fastboot $* getvar anti 2>&1 | grep -oP "anti: \K[0-9]+"
 if [ -z "$ver" ]; then ver=0; fi
 if [ $ver -gt $CURRENT_ANTI_VER ]; then echo "Current device antirollback version is greater than this pakcage"; exit 1; fi

This removes the check, and blindly flashes the ROM. Just bear in mind, this removes the prompt, the check will still be performed by the firmware.

Once the .sh file is edited, you can flash the phone again. It will take approx. 550 seconds. Your phone will reboot automatically. Midway through (around 300sec mark) the tool will show “finished” – this will refer to one of the bigger files, not the overall process, so be patient and wait for the process to complete. The tool also failed to catch the end of the flash once (I went through the procedure multiple times) and displayed an error, but the flash was performed without errors. If your phone reboots after the process, you are just fine.

Rooting MiUI12.5

Go through the setup process. You can now set up your phone properly as rooting procedure won’t wipe your progress. When done, go enable developer options, USB debugging and drop Magisk Manager apk and boot.img from your ROM-> images folder onto the phone.

Use a file manager to install the apk then select the Install option to patch your boot image. It will create a patched boot file and save it in the Download folder on your phone. Move this file back to your computer and use ADB to flash the boot image.

Once the path for ADB is set, you can open PowerShell in the same as patched boot image (right click +Shift) and put your phone into Fastboot mode (reboot, power on holding the volume down button).

Flash the boot image with

fastboot flash boot <image name>

and reboot the phone with

fastboot reboot

Congratulations, you are rooted. you can verify the state of the root with the Root Checker app.

How to fix Google Play on rooted MiUI12.5

Now, the exciting part. Even though my rooted Xiaomi Mi 11 fails safety net, I was able to get Google Pay to work without any issues. It’s the same exploit that I used for Xiaomi Mi 9. You will need the following:

• Terminal Emulator for Android
• SQL Database Editor

Close the Google Pay app and remove it from the recent apps. Open Magisk Manager and in options enable Magisk Hide. Head to Magisk Hide options and hide the root from Goolge Play services and Google Pay.

Grant root to SQL Database editor (it will prompt you on start) and use the side menu to navigate to data/data/com.google.android.gms/databases

Select the dg.db file and look through all the entries for those containing “attest” words. Long click to edit each line replacing the C column (usually with the number 10) with 0. Save each edit and once you checked all lines, exit the app.

• 

• 

• 

• 

Open Terminal Emulator and grant root with:

su

Then change permissions in dg.db file

cd /data/data/com.google.android.gms/databases
chmod 440 sg.db

And close the app. Now you should be able to add cards to Google Pay. Don’t worry if the card shows as not available for payment at first. A restart of the Google Pay app fixes that and the card can be used for contactless and Google Pay payments.

Final thoughts

The process isn’t complex, and despite Xiaomi Mi 11 failing safety net, I was able to keep the root and use Google Pay services without any issues. MiUI13 is around the corner, and I will probably revisit this tutorial too and let you know if this all works for the next version of the Xiaomi ROM. Until then enjoy your device with all the rights. Let me know what phone worked for you in this Reddit thread.