Nothing Phone 3: Unlock Bootloader | Root via Magisk/APatch/KSU

In this guide, we will show you the steps to unlock the bootloader and root your Nothing Phone 3. Everything was going so great for these devices when, out of the blue, Carl Pie decided to mess things up. For starters, it removed the USP of this device, aka Glyph Interface, and replaced it with Glyph Matrix. Adding insult to injury, it raised its price to flagship level [Rs 80,000/$907] when it could hardly justify the same.

After all, how can one explain its pricing strategy when it comes with the Snapdragon 8S Gen 4 chipset [the Poco F7, which is priced at Rs 32,000/$363, also comes with the same chipset]. Anyways, enough of the bashing, let’s now turn our attention towards the main subject- gaining administrative rights! So without any further ado, let’s show you how to get this job done via Magisk/APatch/KernelSU.

• How to Unlock Bootloader and Root Nothing Phone 3 The Prerequisites Unlock the Bootloader on Nothing Phone 3 Root Nothing Phone 3 via Magisk Root Nothing Phone 3 via APatch Root Nothing Phone 3 via KernelSU

How to Unlock Bootloader and Root Nothing Phone 3

Before starting, please take a complete device backup. Moreover, after rooting, you’ll have to deal with Play Integrity issues [though it can be addressed ]. So if that’s all well and good, then let’s get started. Droidwin and its members wouldn’t be held responsible in case of a thermonuclear war, your alarm doesn’t wake you up, or if anything happens to your device and data by performing the below steps.

The Prerequisites

The steps given here are required for both unlocking as well as rooting your device.

1. Download and extract Android SDK Platform Tools onto your PC.
2. Then, enable USB Debugging and OEM Unlocking on your device.
3. Now open the Command Prompt inside platform-tools and type in adb reboot bootloader
4. Now type in the command below and verify if you’re getting an ID. fastboot devices
5. If you aren’t getting any ID, then please install the Fastboot Drivers .

Unlock the Bootloader on Nothing Phone 3

1. From the Fastboot Mode, type the command given below: fastboot flashing unlock
2. You’ll get a prompt on your device. Use the Volume keys to highlight Unlock the Bootloader and press the Power key to confirm.
3. Your device will undergo a reset, and the bootloader will be unlocked. Congrats! Let’s now move over to the next step i.e., rooting.

NOTE: Given below are three different ways through which you can root your Nothing Phone 3- Magisk, APatch, and KernelSU. Go through each of them once and then try out the one that is in sync with your requirement.

Root Nothing Phone 3 via Magisk

1. Download the boot.7z file from the same version of firmware that is installed on your device. DOWNLOAD LINK
2. Then extract the boot.7z file and get the init_boot.img file.
3. Next, transfer that file to your device. Then, install Magisk on your device.
4. Now launch Magisk, go to Install, select the init_boot.img, and hit Let’s Go.
5. It will now be patched and placed in the Downloads folder.
6. Transfer it to the platform-tools folder and rename it to patched_init_boot.img.
7. Then open Command Prompt inside platform-tools and type in: adb reboot bootloader
8. Then type in the below command to flash the patched init_boot: fastboot flash init_boot patched_init_boot.img
9. Now type the below command to boot to the OS: fastboot reboot
10. Then launch Magisk, and if it asks for additional setup, tap Install next to Magisk.
11. Then select Direct Install [Recommended] and hit Reboot. Your device will now boot to the rooted OS. That’s it.

Root Nothing Phone 3 via APatch

You can refer to our guide below to root your Nothing Phone 3 via APatch. Do note that, as opposed to init_boot in Magisk, you have to use the boot.img file in APatch.

Root Android via APatch: Give SU Access Flash Module Install OTA

Root Nothing Phone 3 via KernelSU

As of now, there’s no custom kernel that will help you root your Nothing 3 via KernelSU. As and when it goes live, we will update this section accordingly.

• Detailed Guide to Pass Play Integrity in New Android 13+ Checks
• Guide to Get Fingerprint PIF.JSON File using Play Integrity Fork
• How to Pass Strong Integrity Using Revoked/Banned Keybox File
• Get an Unrevoked Keybox XML File Here & Pass Strong Integrity

(Cancel Reply)

Δ

How to Get Fingerprint PIF.JSON File using Play Integrity Fork

In this guide, we will show you the steps to get the fingerprint PIF.JSON file using Play Integrity Fork. A week back or so, we got the unfortunate news that the Play Integrity Fix module has been discontinued by the developer chiteroman. We can’t thank him enough for the invaluable work he has done for this community. But going forward, what can be our next course of action?

Well, while this module was up and running, another developer [osm0sis] was also running a fork of this module, which goes by the name Play Integrity Fork. While we wouldn’t say that it was under the shadow of Fix, but it wasn’t being used that much when compared to its counterpart.

However, all that is about to change now, and so there are a few queries that might pop up in your minds. In this regard, one of the most common questions that I have been asked for the past week is how to get the fingerprint PIF.JSON file in the Play Integrity Fork module.

As you might already be aware, the Fix module already has this embedded in its module; you just need to launch it via KSUWebUI, hit the Fetch PIF.JSON option, and you’ll get the file. But that’s not possible via the Fork module via the direct route. Why? Let’s find out, and after that, we will list the plausible steps through which you can get this file using this module. Follow along.

• Why is the PIF JSON Fingerprint File Missing in Play Integrity Fork
• How to Get the Fingerprint PIF.JSON File using Play Integrity Fork
• Direct Download PIF JSON Files

Why is the PIF JSON Fingerprint File Missing in Play Integrity Fork

By default, the module comes with a template of a PIF JSON file that you need to fill in manually. You can get this file from /data/adb/modules/playintegrityfix. Once you fill in the values, simply rename it to custom.pif.json, and your task stands complete. But why hasn’t the dev simply added this file, as was the case with the Fix module? Here’s what he has to say regarding this:

There’s intentionally no pif.json in the module because the goal remains to be futureproof, and including something that may be banned and obsolete within days would be contrary to that goal.

However, finding these files might not be everyone’s cup of tea. Not only are a few of these remains, but finding them is also quite an effort taking task. The developer acknowledges this, and hence, he has added a script to extract the latest Pixel Beta fingerprint along with the module. The script is named autopif2, which generates a random device fingerprint from the latest Pixel Beta. So let’s have a look at the steps to make full use of this file.

How to Get the Fingerprint PIF.JSON File using Play Integrity Fork

Before starting, please take a backup of all the data on your device, just to be on the safe side. Droidwin and its members wouldn’t be held responsible in case of a thermonuclear war, your alarm doesn’t wake you up, or if anything happens to your device, and data by performing the below steps.

NOTE: There are quite a few ways of getting this job done, however, I personally found Termux to be the easiest among all of them. But if you want to try out any other method, then run the generation script from a root manager app that supports the module Action button or from a file explorer app that supports script execution.

1. To begin with, flash the wget2 module via Magisk / KernelSU / APatch .
2. Then, flash the Play Integrity Fork CI module from GitHub Actions .
3. Now, download and install the Termux app from F-Droid.
4. Then launch it and execute the following three commands: su //you’ll get a SU request, hit Grant cd /data/adb/modules/playintegrityfix //to change the directory to the module’s sh autopif2.sh –preview // this will give you the fingerprint file
5. You can also add a few other parameters to the above command, namely: su -c sh /data/adb/modules/playintegrityfix/autopif2.sh -a -m -p -s -a Advanced -m Match -p Preview -s Strong
6. Once done, head over to the below location to access the custom.pif.json /data/adb/modules/playintegrityfix

Direct Download PIF JSON Files

If you don’t want to manually carry out the aforementioned steps, then you may directly get the PIF JSON file from our below guide:

Download PIF JSON File from Here

• How to Pass Strong Integrity Using Revoked/Banned Keybox File!
• How to Pass Play Integrity in New Android 13+ Checks
• Guide to Pass Strong Integrity on Unlocked Bootloader & Root!
• How to Spoof/Fake/Hide Bootloader Unlock Status
• How to Pass Play Integrity Test on any Custom ROM [Video]

• Drw 6 months ago Reply Problem solved. Termux wasn’t prompting me to grant su user access. Found where to enable it in the KSU Next GUI under Superuser.
• Drw 6 months ago Reply I’m getting “su program not found.” Rooted with ksu and susfs. Modules installed are BKI, Play integrity fork, shamiko, susfs for ksu, tricky store, wget2, zygisk lsposed, and zygisk next. Nothing tweaked.
• mario 7 months ago Reply sorry, what do you mean with “Then, flash the Play Integrity Fork CI module from GitHub Actions.” ? i have pif v13 flashed in magisk
• Mohamed 7 months ago Reply Hi, can you please help me with a vaild keybox pleaaase 🙏
• Antonis 7 months ago Reply 1) “Then, flash the Play Integrity Fork CI module from GitHub Actions” https://github.com/osm0sis/PlayIntegrityFork/actions what do i download? 2) and then what do i do with custom.pif.json ?
• Antonis 7 months ago Reply “Then, flash the Play Integrity Fork CI module from GitHub Actions” https://github.com/osm0sis/PlayIntegrityFork/actions what do i download?

(Cancel Reply)

Δ