There I was, using a custom firmware (CFW) of Android 13 on my Xiaomi Mi 9T Pro. Happy to have brought live back into an otherwise (update-wise) dead phone from 2019 using the Evolution X firmware.

I didn’t have any issues – and just basically forgot that it’s even a modded firmware. However, I occasionally got notifications over new versions being available; in this CFW even OTA updates. Sometimes I’d just update without thinking, but for the past few months I let it slide a little. My Android security update from May 2023 was already much more recent than the official one from Xiaomi, so I didn’t feel like there is any urgency to update. But then, last Wednesday, while being out and having some time at hand, I decided to update. What could go wrong, right?

Unfortunately for me, my phone not fine however after the update. Luckily it still booted and seemed fine, but I didn’t have internet access. I didn’t think too much of it at first, but later it turned out that the phone will never have internet connectivity again without a full data wipe – a bug in the CFW update has locked all my apps out of the internet; even confirmed by the developer himself via XDA.

TL;DR: Starting situation

• Mi 9T Pro phone
• Installed TWRP recovery
• Installed & bootable CFW, which is bugged with no internet access
• No root
• Encrypted storage (intentionally – I don’t mind thieves using my device after wiping it, but I do mind them seeing and abusing my sensitive data)

Additional equipment required

• USB-C data cable to connect to your computer
• Connectable storage via USB-C, e.g.
  • a USB-C Stick (OTG), such as a dual thumb drive from SanDisk I own with USB-A on one end and USB-C on the other end. Quite useful!
  • a USB-C to USB-A adapter should also work. Note that this can also be a multi-adapter with HDMI etc. you might already own primarily for your notebook. While I didn’t try this in the following article, I don’t see a reason why this shouldn’t work as well.

Backing up data

Accepting my fate that I have to reinstall my CFW while wiping all my data, I looked into solutions to back up my phone.

I was lucky to have a current Google cloud backup for my phone uploaded daily, but this doesn’t include all data. I backed up the “regular stuff” via a regular USB connection to my computer:

• Back up photos that were not yet backed up by copying contents of the DCIM directory.
• Back up the Documents directory of my phone, which includes some files I manually put there and want to keep with me on my phone.
• Check other directories visible via the non-rooted file access I had for any files of importance. I ended up copying some save games from emulators and some Instagram pictures, but nothing too critical.

Unfortunately, I was lacking any ability to back up app data that you cannot back up normally, like settings for my mail client, some save games of native apps and bought in-app purchases & much more. Basically all private app data that is inaccessible by non-rooted users.

Rooting the phone without internet access

I thought this step is trivial, but it isn’t. Normally, installing Magisk requires an active internet connection on the phone, which I didn’t have due to the restrictions described above. I was still able to proceed however; the following steps do work for my given starting situation:

1. Download the latest Magisk apk release from the GitHub releases. Do not download the stub – we don’t need it. In the following, I’ll call the file Magisk-v26.1.apk, as this is the current release as of writing.
2. Duplicate/Copy the downloaded Magisk-v26.1.apk file and change the file ending of the duplicate to .zip, leaving you with one Magisk-v26.1.apk and one Magisk-v26.1.zip file.
3. Copy both files to a storage device prepared earlier that is readable by your phone. My thumb drive is formatted in exFAT, which worked just fine.
4. Reboot your phone to recovery
   • If your ROM doesn’t have an option to reboot to recovery directly, check the web for the key combination for your phone.
   • Alternatively, you can also use ADB via adb reboot recovery.
5. Connect the storage device to your Android device.
6. In TWRP, navigate to the install menu, select the storage device (bottom left button – select OTG storage), navigate to the location where you’ve put the Magisk-v26.1.zip file, select it and swipe to install.
   • In case your storage isn’t encrypted, you can also use your internal storage and put both Magisk files directly on there. However, without encrypted storage you could also use different methods to directly save all data from the /data partition…
7. Wait until completion, then reboot without wiping any data or cache.
8. On your rebooted phone you should see a new Magisk app without a logo.
   • If your phone has internet access, you may open this app, agree to the file download and let Magisk finish the setup.
   • If you don’t have internet access like I did due to the CFW issue, you’ll get error messages stating that internet access is needed. This is where the Magisk-v26.1.apk comes into play – install the file from your storage device by navigating to it with a file manager of your choice. Press confirm to install the .apk as an update to the existing “hollow” Magisk app on your phone.
9. Open the Magisk app that now has a logo. It should give you a note that the installation isn’t fully complete yet – but you can ignore this. This is already enough for what we’ll need the root for.

Back up all app data using our newly acquired root privileges

You can basically use any backup app of your choice in this step that can utilize root privileges to back up apps together with their data.

In my case, I’ve used the free version of Swift Backup (not sponsored or affiliated). As I did not have any internet access on the phone, I downloaded the app on my tablet and exported it as an .apk from there, but you can also download the .apk file somewhere from the web I assume – to stay 100% legal, I did it the other way.

Install the Swift Backup app to your phone using the .apk that you can transfer to the phone either using the external storage drive or via the USB cable to your computer.

Open the app and confirm root access to the app. You should get a pop-up for that. In the app, you should see a confirmation of the root status in its summary section.

First, navigate to Account > Settings > Encryption password strategy, select “Advanced” and set up a password. This will be used to encrypt your app backups – make sure to remember it! You’ll have to re-enter it after wiping your phone, else the data will be unrecoverable!

Secondly, also in the settings section, select Storage for your local backups. Select the connected external storage. Make sure the storage has enough free capacity for your app data – they will be compressed, but for me it still used about 30 gigs of storage.

Lastly, return to home and backup all the data you want, by for example selecting “Backup all apps”, making sure everything is selected, select “Backup” and making sure in the “User app parts” everything is selected, including Data, Ext. data and Expansion! Otherwise you won’t be backing up all required files!

Let the backup finish. This process will take a while.

Optionally, once you’re done, close the app, eject the storage and create another backup of the backed up files to your computer – just to be sure no failure of the external storage will decide your fate.

Wiping and re-flashing

Now comes the scary part: Actually re-flashing the bugged CFW. For this, reboot to recovery again (see above) and proceed with how you initially installed your CFW. Greatly cut-down notes I kept of this process:

1. FORMAT /data partition (NEVER wipe System or Persist!)
   • In TWRP: Wipe > Format Data
2. In the TWRP Install menu, select the .zip file of the to be installed ROM and swipe to install.
   • You can provide the .zip file either via an external storage device just like you did with the Magisk installer.
   • Alternatively, you can push the .zip file via ADB as well via
     adb push .\FILENAME.zip /sdcard/.
3. This process will take time! Have patience!
4. Optionally clear Cache and dalvik.
5. Reboot the phone. The initial reboot can take some time!

Set up your new install

Follow the first set up instructions, i.e.

• connect to the internet (optional),
• log in with your Google account (optional),
• restore your Google backup (optional & support depends on your CFW!),
• finish the set up until you are at the home screen.

Only once you are at the home screen, continue with the guide.

Re-Apply the root

Re-Apply the root by installing Magisk just like explained above. The only difference will be that you don’t have to install the .apk afterwards, but you can simply confirm the internet connection if you want to.

Restore the app backup

Install the back up app you’ve chosen earlier again and execute a full restore of your app data.

If you’ve chosen Swift Backup like I did, re-apply the configurations listed above (set password, set storage location), select all apps, choose restore and again make sure to have all the options checked.

This process will take a while, depending on your app count.

Revert the root

Now that you’ve restored your backup, you can safely remove the root again. For this, just open the Magisk app and choose the “uninstall Magisk” option. It’ll ask you for confirmation and inform you that this will permanently remove the root from your device. Confirm the warning and continue.

Your phone should jump to the home screen after some time. Don’t select anything and want for a few seconds – your phone should reboot automatically.

Finally your phone will normally reboot to your home screen, without a root installed, SafetyNet passing & WideVine L1 working (depends on your ROM of course!).

Finishing up

You did it! Your phone is set up again. You can try opening some apps and see if everything is still as it was before.

Note that some apps will likely not work properly afterwards; such as banking apps. At least for me I was forced to clear all app data again via the app information screen and log back in manually, as the app didn’t open properly for me. This required me to re-request my 2FA information via physical letter – but there are surely worse things in life. Most of my apps still work and even some online apps even stayed signed in as if nothing ever happened. Great! 🙂

Finishing touches would be (at least were for me) to copy at least a few of your manually backed up photos back on your phone, as well as restoring the Documents directory and some other directories mentioned above in the respective step.

Conclusion

While I always feared tinkering with my main device and had some respect for rooting your device, I think it’s not that bad at all. Also, now I have the certainty that whenever I need (temporary) root permissions to my phone, I can always come back to this guide here, repeat the steps and gain root access – and can super easily revert it again. This is completely different compared to iOS Jailbreaking which I did when I still had an iPhone (until the iPhone 7 Plus) and very welcoming.

Of course having to set up your phone again is annoying. But at least I learned something from this experience, which made it much less worse of an experience – learning is fun! 😉

I hope that if someone is in a similar niche situation, this guide might have helped you out. I’m sure it will help me refresh my memory again if I ever have to come back to this. If I do, I’ll make sure to update this guide accordingly as well.