Quick Tips to check for Anti-Rollback Protection

Quick Tips to check for Anti-Rollback Protection 1

Follow the given instruction below to check whether Xiaomi’s anti-rollback protection is enabled or not on your MIUI device. The workaround to find out the status is basically simple. Nevertheless, it is better to first understand what is an anti-rollback protection and why is this activated. We try to keep the explanation simple and as easy-to-understand as possible.

What is MIUI Anti-rollback Protection? It is a protection mechanism adopted from Google’s Android 8.0 and 8.1 Oreo. The protection feature makes use of Android Verified Boot 2.0 (also known as Verified Boot). This prevents the device from booting if it detects that the device has been downgraded to an older, unapproved software build. However, there is a major difference between what Xiaomi and Google have. While Google’s anti-rollback protection can be disabled if you unlock the bootloader, the Xiaomi’s can’t be disabled even if the bootloader has been unlocked.

Why does such a feature have been put in place? The Anti-rollback protection is essential to prevent attackers from loading older software on a device that is susceptible to an exploit. The security measure will stop any unauthorized retailer from taking advantage of exploits in older MIUI versions, thus protecting users from exploitation.

Why must we check whether the feature is enabled or not before downgrading? Flashing the stock MIUI ROM using recovery method will verify the version of MIUI being flashed. Hence, downgrading can be prevented. However, some users prefer to flash the ROM through TWRP Recovery which does not have any checks in place to stop users from installing older MIUI version. This will, unfortunately, lead to a bricked device. Even worst, this type of bricked state is not recoverable using the Fastboot method. The device will stop functioning at all. The only solution is bringing the broken device to a nearest Xiaomi service point since EDL mode has been locked down by default.

What Xiaomi devices are having such protection? Known devices having anti-rollback feature are Mi 8, Mi 8 SE/EE/Pro/Lite, Mi Max 3, Redmi S2, Redmi Note 5 Pro/Global/AI, Redmi 6 Pro, and Mi 6X. However, all currently supported Xiaomi devices will eventually gain anti-rollback protection. Therefore, it is crucial for you to understand the method on how to check for Anti-rollback protection before downgrading. It is also important to understand what you can do if anti-rollback protection is enabled.

How to check

MIUI uses a mechanism called the “rollback index”. The verified boot technology that we have talked about in the above section will check for this rollback index.

Verified Boot has a rollback index that is compared with the rollback index of the images to be installed. Depending on how the rollback indices compare, the following will happen:

  • If the current rollback index of ROM image file is greater than the rollback index of ROM running in the device, then the images will be flashed and the current rollback index will be incremented to match the new rollback index.
  • If the current rollback index of ROM image file is equal to the rollback index of ROM running in the device, then the images will be flashed and the rollback index won’t change.
  • If the current rollback index of ROM image file is lesser than the rollback index of ROM running in the device, then the images will be rejected, if you’re flashing via fastboot or Mi Flash. Unfortunately, TWRP does not check the rollback indices before flashing. Hence, nearly all bricks were the result of downgrading via TWRP.
ALSO READ:  Fail-Proof Steps to Flash Pixel Experience 9.0 on Redmi 5 Plus

Now you can check the rollback index following these steps:

  1. Disable Windows Driver Signature Enforcement on your computer – read here.
  2. Install Mi Flash tool – download here.
  3. Enable Developer Options. Go to Settings > About phone > tap the MIUI version several times until the developer options being enabled.
  4. Also, enable USB Debugging through Settings > Additional Settings > Developer Options > USB Debugging > toggle it on
  5. Turn off your device completely.
  6. Press the Power button and Volume Down (-) buttons simultaneously to enter bootloader mode (fastboot).
  7. Connect your phone to your computer.
  8. Launch Command Prompt window or Windows PowerShell. You can search for it in the Cortana search bar.
  9. Type the following command and hit Enter on your keyboard: fastboot getvar anti
  10. If the output is blank, then anti-rollback has not yet been enabled. If you get a number in the output, then that is your current rollback index.
  11. Download the MIUI fastboot ROM of the version you are going to install.
  12. Extract the .tar.gz file using either WinRAR or 7zip.
  13. Open “flash-all.bat” file in a text editor like Notepad++ or Sublime and look for the following line: set CURRENT_ANTI_VER=#
  14. That number (#) is the rollback index of the MIUI version you want to flash. If that number is equal to or greater than your current rollback index, then it’s safe to flash in TWRP, Mi Flash, etc.
  15. If that number is less than your current rollback index, then DO NOT FLASH THIS ROM VIA TWRP.

This is how the command will look like:

Quick Tips to check for Anti-Rollback Protection 2

Check the rollback index in the flash-all.bat file:

Quick Tips to check for Anti-Rollback Protection 3

A folk at XDA has pointed out several guidelines to stay safe having an MIUI device with anti-rollback protection enabled:

  1. What do I avoid if I don’t want to brick my device?
    • Do not flash an MIUI version with a rollback index less than your device’s current rollback index. See above for instructions.
    • Do not flash an official MIUI Global ROM on Chinese Xiaomi hardware with a locked bootloader.
  2. Can I still install custom AOSP ROMs, kernels, Magisk, Xposed, Substratum, ARISE, and other mods?
    • Yes, of course, you can.
  3. Can I still switch between MIUI Global Stable, MIUI Global Developer, MIUI China Stable, and MIUI China Developer?
    • Yes, but you need to compare the rollback indices before you install an older MIUI version.
  4. Why doesn’t Xiaomi disable anti-rollback protection when you unlock the bootloader?
    • MIUI Developer team has not explained about it yet.
  5. Why does Xiaomi hard brick your phone if anti-rollback protection is triggered, which Google doesn’t do?
    • Either Google or Xiaomi has its own judgment on how should they use such feature.
  6. Why doesn’t Xiaomi display the standard Verified Boot warning to show the user the software has been tampered with?
    • You’re on a roll with these great questions! In all seriousness, this one can be somewhat justified because it’s possible to disable this splash screen – at least on some devices.

Tags:

6 thoughts on “Quick Tips to check for Anti-Rollback Protection”

  1. I’m not sure about this but I think there’s something wrong in this part:

    If the current rollback index of ROM file is greater than the rollback index in the running device, then the images will be rejected if you’re flashing via fastboot or Mi Flash. Unfortunately, TWRP does not check the rollback indices before flashing. Hence, nearly all bricks were the result of downgrading via TWRP.

    I think instead of “greater”, it should be “lesser” since it this would make sense to the next part of the sentence and this part would be the same on the first point since “greater” was also used.

    Please delete this comment after reading this.

    1. Hi Greg, thanks for your kindness.

      I personally edited the words. I will not delete your comment. It is a great one and I like it.

      Thanks

  2. Hi,

    I used 7-zip to extract flash-all.bat from miui v.10.2.5.0 OCGMIXM and miui v.10.2.2.0 OCGMIXM extension file .gz (fastboot). Then using wordpar or note pad open flash-all.bat , but could not find anything like set CURRENR_ANTI_ VER= statement?
    Does CURRENR_ANTI_ VER is mandatory statement in flash-all.bat file??? . this is the way flash-all.bat looks for miui v.10.2.2.0 OCGMIXM:
    echo “cereus fastboot flash tools”

    fastboot %* getvar product 2>&1 | findstr /r /c:”^product: *cereus” || echo Missmatching image and device
    fastboot %* getvar product 2>&1 | findstr /r /c:”^product: *cereus” || exit /B 1

    fastboot %* flash crclist “%~dp0images\crclist.txt” || @echo “Flash crclist error” && goto error

    fastboot %* flash sparsecrclist “%~dp0images\sparsecrclist.txt” || @echo “Flash sparsecrclist error” && goto error

    fastboot %* flash preloader “%~dp0images\preloader_cereus.bin” || @echo “Flash preloader error” && goto error

    fastboot %* flash logo “%~dp0images\logo.bin” || @echo “Flash logo error” && goto error

    fastboot %* flash tee1 “%~dp0images\tee.img” || @echo “Flash tee1 error” && goto error

    fastboot %* flash scp1 “%~dp0images\scp.img” || @echo “Flash scp1 error” && goto error

    fastboot %* flash sspm_1 “%~dp0images\sspm.img” || @echo “Flash sspm_1 error” && goto error

    fastboot %* flash lk “%~dp0images\lk.img” || @echo “Flash lk error” && goto error

    fastboot %* flash tee2 “%~dp0images\tee.img” || @echo “Flash tee2 error” && goto error

    fastboot %* flash scp2 “%~dp0images\scp.img” || @echo “Flash scp2 error” && goto error

    fastboot %* flash sspm_2 “%~dp0images\sspm.img” || @echo “Flash sspm_2 error” && goto error

    fastboot %* flash lk2 “%~dp0images\lk.img” || @echo “Flash lk2 error” && goto error

    fastboot %* flash odmdtbo “%~dp0images\odmdtbo.img” || @echo “Flash odmdtbo error” && goto error

    fastboot %* flash spmfw “%~dp0images\spmfw.img” || @echo “Flash spmfw error” && goto error

    fastboot %* flash md1img “%~dp0images\md1img.img” || @echo “Flash md1img error” && goto error

    fastboot %* flash vendor “%~dp0images\vendor.img” || @echo “Flash vendor error” && goto error

    fastboot %* flash system “%~dp0images\system.img” || @echo “Flash system error” && goto error

    fastboot %* flash cache “%~dp0images\cache.img” || @echo “Flash cache error” && goto error

    fastboot %* flash recovery “%~dp0images\recovery.img” || @echo “Flash recovery error” && goto error

    fastboot %* flash boot “%~dp0images\boot.img” || @echo “Flash boot error” && goto error

    fastboot %* flash cust “%~dp0images\cust.img” || @echo “Flash cust error” && goto error

    fastboot %* flash vbmeta “%~dp0images\vbmeta.img” || @echo “Flash vbmeta error” && goto error

    fastboot %* flash userdata “%~dp0images\userdata.img” || @echo “Flash userdata error” && goto error

    fastboot %* reboot
    pause
    exit 0
    :error
    pause
    exit /B 1

  3. My friend, my mi 6x (converted from mi A2) is with ARB4:

    C: \ adb> getvar anti fastboot
    anti: 4
    finished. total time: 0.001s

    When I try to install twrp it presents the following error:

    C: \ adb> fastboot flash recovery twrp-3.3.1-0-wayne.img
    target reported max download size of 536870912 bytes
    sending ‘recovery’ (37620 KB) …
    FAILED (data transfer failure (Too many links))
    finished. total time: 0.144s

    After this command he no longer accepts any command and just restarting the phone and entering fastboot again to accept the commands.

    I’ve tried applying dummy.img before flash recovery but it doesn’t solve it.

    Dummy.img works well:

    C: \ adb> fastboot flash antirbpass dummy.img
    target reported max download size of 536870912 bytes
    sending ‘antirbpass’ (8 KB) …
    OKAY [0.005s]
    writing ‘antirbpass’ …
    OKAY [0.005s]
    finished. total time: 0.014s

    C: \ adb> fastboot flash recovery twrp-3.3.1-0-wayne.img
    target reported max download size of 536870912 bytes
    sending ‘recovery’ (37620 KB) …
    FAILED (data transfer failure (Too many links))
    finished. total time: 0.055s

    I can’t update MIUI.eu 11 because it updates by recovery, nor does it apply magisk.

    Have a solution to my problem?

  4. i have redmi note 7 pro my anti index is 1 and current ant version of the package i downloaded for my device is also 1. But it still says antirbpass error while fastboot flashing from mi flash tool.

Leave a Reply

Your email address will not be published. Required fields are marked *