This page looks best with JavaScript enabled

【Android】OnePlus13 unlock/root via KernelSU

 ·  ☕ 3 min read · 👀... views

Nowadays, more and more phone brands are imposing stricter limitations on bootloader unlocking, adding to the difficulty of root to enhance mobile devices security. I have always used OnePlus because it has fewer restrictions. In this post, I will introduce several approaches to root OnePlus devices. My device version is PJZ110_15.0.0.502.

Unlock

OnePlus devices can be unlocked via fastboot easily, unlike some brands that require users to submit applications.

Preparation:

  1. Install Android SDK Platform-Tools
  2. Install USB driver: right click .inf to install the USB driver

Open Developer Options : tap repeatedly About Device -> Version -> Version number
Open options : System & update -> Developer Options -> OEM unlocking and USB debugging

Boot into Bootloader Mode

1

adb reboot bootloader

In the bootloader menu, be sure your [DEVICE STATE] is locked, and unlock your bootloader using the following

1

fastboot flashing unlock

If your command shows waiting for device, you can refer https://blog.isteed.cc/post/oneplus-13-root-guide/ to manually specify the device driver.

Press the Volume Down key on your device, highlight UNLOCK THE BOOTLOADER, and press the Power Button to confirm unlocking. After that, your device will be restored to factory settings and restart.

KernelSU

KernelSU is the most advanced and stealthy root solution for Android devices. There are two different ways to install the KernelSU on your device —— GKI and LKM. The common way is to use a fastboot GKI img to enter GKI Mode, after that, install LKM via the KernelSU application. However, if booting into GKI Mode fails, you may need to extract boot img and patch it manually.

GKI

  1. Download KernelSU img corresponding to your device version. For example, my device runs PJZ110_15.0.0.502, so I downloaded android15-6.6.30_xxxx-xx-boot.img.gz.
  2. Enter Fastboot Mode : adb reboot bootloader
  3. Boot GKI Mode : fastboot boot /path/to/boot.img
  4. Install the KernelSU application
  5. Install LKM Mode through KernelSU application

Manual Patch

Unfortunately, through the above approach, I can not enter GKI mode via fastboot img. After researching online, I discovered others faced the same issue with version 502, suggesting the manufacturer might have modified this specific version. Thus, manual patching is necessary.

  1. Identify your device version, and donwload its corresponding firmware package, such as me is ColorOS PJZ110_15.0.0.502(CN01) A.47
  2. Extract init_boot.img by [payload-dumper-go]https://github.com/ssut/payload-dumper-go/releases
  3. Install the KernelSU application
  4. Patch init_boot.img via the KernelSU application, patched img will be save to ~/Download
  5. Copy the patched img to your computer and flash it

We should flash img to init_boot partition

adb reboot bootloader
fastboot flash init_boot .\kernelsu_patched_20250313_061233.img
<reboot device>

If your KernelSU isn’t working after the above steps, you may need to flash the patched img to the init_boot partition of your active slot (e.g. init_boot_a or init_boot_b). You can query which slot is active and flash to the active slot only, or flash both slots for compatibility.

adb reboot bootloader
fastboot getvar current-slot
fastboot flash init_boot_a .\kernelsu_patched_20250313_061233.img
fastboot flash init_boot_b .\kernelsu_patched_20250313_061233.img

If the KernelSU application shows running in LKM Mode, you succeeded.

Good luck.

Reference

  1. https://kernelsu.org/zh_CN/guide/installation.html
  2. https://blog.isteed.cc/post/oneplus-13-root-guide/
  3. https://zhuanlan.zhihu.com/p/5997534807
  4. https://shouduo.netlify.app/android_flash_system/
Share on
Qfrost
WRITTEN BY
Qfrost
CTFer, Anti-Cheater, LLVM Committer