How to Unlock Bootloader on Pocophone F1

Unlock Bootloader Root with Stock Recovery on Poco F1

This is a complete guide for rooting Xiaomi Pocophone and keeping the stock recovery on it. That means you will still able to receive OTA updates on your device.

Tools you Need

How to Unlock Bootloader on Pocophone F1

Before starting the procedure, we highly recommend you to back up all the files on your device.

  1. First, go to Settings and tap on About phone.
  2. Locate the MIUI version and tap on it 6-8 times.
  3. Go to Additional Settings and open the section Developer Options.
  4. Make sure you turn on USB Debugging and OEM Unlocking.
  5. Now go to Settings and open Developer Options.
  6. Tap on Mi Unlock Status and select Add Account & Device. Then log in with your MI account. (Your Mi account should be verified)
  7. Now go to MIUI Unlock site and login with your MI account.
  8. Once you logged in, you should be able to download Unlock bootloader and MI Unlock without any further steps (this was the case when I was performing the procedure).
  9. If you aren’t able to download the tools right away, apply and wait for confirmation.
  10. Install Xiaomi USB Drivers (from the link provided above). You can also install it by MI Unlock app settings option.
  11. Launch MI Unlock app and turn off your phone manually.
  12. Now press and hold Volume down button and Power button. Your device should enter into Fastboot Mode.
  13. Connect your Xiaomi device to your PC using a USB cable and click on Unlock.

Boot into TWRP

  1. Launch Minimal ADB Fastboot terminal as Administrator on your PC.
  2. Turn off your Xiaomi device.
  3. Connect the phone to your PC.
  4. Press and hold Power and Volume down buttons until Fastboot screen shows up.
  5. Type the following command in your Minimal ADB Fastboot terminal:
    fastboot devices
    Now your phone should show up. (something like this “9e00a7e3 fastboot”)

Method #1

  1. Type the following command:
    fastboot boot <path to your TWRP .img recovery file>
    Your phone should boot up into TWRP recovery.
  2. If it requires a password, click Cancel.
  3. If it is asking for keeping/system read only, swipe to allow the modifications.

Method #2

  1. Type the following command:
    adb shell

Now you have access to Super User shell via ADB.

  1. While in TWRP, go to Advanced and tap on File Manager.
  2. Now go to “dev/block/platform/” then open the “soc” folder if it is there.
  3. Here you can see folders and files. You will need to open the folders and search for the one called “by-name.” (it should be in one of the folders) In my case it was located in /dev/block/platform/soc/1d94000.ufshc.
  4. Now we need the name of the folder that contains “by-name”
    example: /dev/block/platform/soc/FOLDER NAME/by-name

soc – you should also have this folder if present.
FOLDER NAME – the folder which “by-name” is located in.

  1. Into the terminal type the following command (replace soc and FOLDER NAME respectively):
    ls -al /dev/block/platform/soc/FOLDER NAME/by-name
  2. Now you will see the partitions of your phone. You will need to locate your boot partition.
    example:
    lpwxrwxrwx 1 root root 25 Feb 15 1970 boot -> /dev/block/sde45

Pulling your Stock Boot.img

  1. Launch ADB Shell terminal and type the following command (replace sde45 with your partition – see the step above):

dd if=/dev/block/sde45 of=/sdcard/boot.img

  1. Now type:
    exit
  2. Then type the following:
    adb pull /sdcard/boot.img

Your stock boot.img should be downloaded into your Minimal ADB Fastboot folder.

  1. Type:
    adb reboot

And you are done.

OTA Updates

To install OTA Updates you will need to do one of the following methods.

Method #1

  1. Uninstall Magisk using Magisk Manager.
  2. Install the OTA update.

Method #2

  1. Pull boot.img and patch it again
  2. Now flash the newly patched boot.img or try with the last one you had before the OTA update.

Keep in mind that with this tutorial we are not flashing TWRP. We are just booting the device into TWRP without flashing it. That way we are accessing to Super User via ADB.