The process of flashing alone is conventional, shouldn't even need a thread to detail, but still leaving a thread here for search indexing.
With an unlocked BL, flash an ARM64 AB GSI within fastbootd, reboot to recovery, format userdata, reboot, profit. vbmeta isn't even needed in my case.
EDIT: One thing that's unconventional and I forgot to mention is, for many GSIs, you gotta delete product_a to make room prior to flashing:
Code:
fastboot delete-logical-partition product_a
EDIT2: Magisk doesn't like to see product_a go. Instead, just flash a blank one (from #15) to it:
Code:
fastboot flash product product_gsi.img
Thanks to @Whoareyou for the original finding and @darkghost568 for additional ideas.
Are we getting closer?
Winnower Amber said:
Are we getting closer?
Click to expand...
Click to collapse
To proper custom ROMs? Dunno, I don't do bringups. I'll at least make/refine/submit the device overlay so GSIs would look proper.
Note that Magisk seems incompatible and prevents booting, at least when paired with my GSI - need to restore to stock boot image. Mine comes with PHH-SU so I'm not keen on getting Magisk working anyway.
OK I'll ask since I have no clue. What's a GSI?
alarmdude9 said:
OK I'll ask since I have no clue. What's a GSI?
Click to expand...
Click to collapse
Home
Notes about tinkering with Android Project Treble. Contribute to phhusson/treble_experimentations development by creating an account on GitHub.
github.com
AndyYan said:
Not sure why the GSI front is so quiet even after TMO variant got its unbrick tools...
Click to expand...
Click to collapse
I'm personally waiting until TWRP is more stable for this device before jumping into GSI.
Android 12 boots unsurprisingly as well, not as usable as 11 ofc.
A Generic System Image, is a universal version of android, which is available since project Treble separated the O/S into a "HAL" (Hardware Abstraction Layer) driver layer interface and the core operating system.
boot contains the kernel.
vendor, vendor_dlkm, odm, odm_dlkm are the drivers.
system, system_ext are the O/S core.
product is device specific O/S customizations.
Overview | Android Open Source Project
source.android.com
Project Treble is a good thing, making strides for Android to become a standardized operating system.
GSI install Guide:
Using information from:
Generic system images | Android Open Source Project
source.android.com
We find that we are supposed to flash vbmeta.img with "--disable-verification" because GSIs don't "include a verify boot solution". However, this step is not required on our particular device, due to OnePlus specific changes of verification being automatically disabled upon bootloader unlock.
Prerequisites: unlocked bootloader, up to date fastboot installed on a computer
1. Boot the phone into fastbootd mode by:
booting into recovery mode, by holding power and volume down during boot, then
rebooting into fastboot (only) mode, using touch menus: advanced, reboot into fastboot, then
connecting usb-c to a computer and using the poorly named command:
fastboot reboot fastboot.
Now we can use fastbootd commands.
2. We must erase the system partition:
fastboot erase system
3. next we need to obtain a GSI. I used phhusson's GSI build.
Releases · phhusson/treble_experimentations
Notes about tinkering with Android Project Treble. Contribute to phhusson/treble_experimentations development by creating an account on GitHub.
github.com
Choose arm64-ab for our phone's architechture
floss for open source apps but no GAPPS or vanilla for no GAPPS,
don't choose vndklite (Vendor Native Development Kit Lite) as it is a compatibility version for older versions of android's "HAL" layers.
"system-roar-arm64-ab-floss.img.xz"
decompress it to .img (and rename to GSI.img for brevity)
4. If we attempt to flash our GSI into the system partition:
fastboot flash system GSI.img
It will inevitably fail due to "not enough space to resize partiion"
The tool isn't smart enough to handle this task of resizing a "full" dynamic partition.
So we have to delete virtual partitions out of super to make room.
5. We must remove any present -COW partitions, which are Copy On Write partitions, which seem to be made by an A-Only virtual dyamic upgrade system. Their purpose is to host temporary changes to a partition, so the original partition is preserved for an emergency rollback, using associated interfaces to the original partition and the COW partition for access.
check your "fastboot getvar all" for any COW partitions, and delete them.
fastboot delete-logical-partition system_b-cow
6. In the official documentation, they admit that we have to delete the product partition(s) manually to make room.
fastboot delete-logical-partition product_a
fastboot delete-logical-partition product_b
7. With that done, we can reattempt to flash the GSI.
fastboot flash system GSI.img
8. The official instructions then require a fastboot -w in order to clear user data and "system partitions" data, but this is optional.
Are (A11 based) GSI's daily-drivable on the N200?
Also, do they allow for safetynet for banking apps, etc?
oCAPTCHA said:
Unofficial lineageOS 18.x by AndyYan is a Phhusson GSI derivative that claimed partial Magisk compatibility, but it also would not boot when Magisk patched. microG signature spoofing was not supported.
Click to expand...
Click to collapse
That Magisk compatibility does work on most other devices, even including an OPPO device which N200 is a rebadge of. Not sure why it is. Install PHH's Superuser and you get root for apps at least.
MicroG support is limited to priv-app for safety, as shown here.
BTW, long writeup, might wanna cut it down and/or add some emphasis?
lzgmc said:
Are (A11 based) GSI's daily-drivable on the N200?
Click to expand...
Click to collapse
VoLTE is one major hardware feature I can't verify; basic functionalities should be good. Heck, I daily-drive GSI on a device that has way more bugs than this.
mthous01 said:
Also, do they allow for safetynet for banking apps, etc?
Click to expand...
Click to collapse
PHH's "securize" option might allow you to do so for now (and unroot). I don't use GAPPS at all.
Rooting GSI Android 11
@AndyYan
AndyYan said:
That Magisk compatibility does work on most other devices, even including an OPPO device which N200 is a rebadge of. Not sure why it is. Install PHH's Superuser and you get root for apps at least.
MicroG support is limited to priv-app for safety, as shown here.
BTW, long writeup, might wanna cut it down and/or add some emphasis?
VoLTE is one major hardware feature I can't verify; basic functionalities should be good. Heck, I daily-drive GSI on a device that has way more bugs than this.
PHH's "securize" option might allow you to do so for now (and unroot). I don't use GAPPS at all.
Click to expand...
Click to collapse
Rooting GSI Android 11
Have you tried this yet, to get Magisk to work? I'm still on the bubble on wiping my phone and trying this, as it's my only daily driver right now.
mthous01 said:
Have you tried this yet, to get Magisk to work?
Click to expand...
Click to collapse
The /sbin hack is already integrated, but that doesn't seem enough here.
To root y'all need to do:
fastboot create-partition-primary 512 product
Then flash the attached product.
Then flash your rooted img, it'll boot successfully.
This GSI also works beautifuly, even has 90hz, if only there was an overlay for fingerprint scanning.
http://[STRIKE]https://jmirror.ml/0:/Jarvis-Mirror/Pixel5-Beta5-CB-GSI-Tutorials.7z[/STRIKE]
https://sourceforge.net/projects/gsitutorials-sgsi/files/SGSI/A12Beta/Pixel5-SP1A-A12-SGSI-GSI-Tutorials.7z/download
Whoareyou said:
To root y'all need to do:
fastboot create-partition-primary 512 product
Then flash the attached product.
Click to expand...
Click to collapse
OPlus devices really like to throw files (overlays, fstab, etc.) everywhere... TIL, thanks.
I tried out WhoAreYou's product image using
fastboot create-logical-partition product 512
(His syntax gave an error.)
While It did allow me to boot with a Magisk 23 patched boot.img along with Phhusson's vanilla GSI, Magisk did not work. The Magisk 23 app gave a strange error "Unsupported Magisk Version, This version of the app does not support Magisk version lower than v20.4". I downgraded to Magisk Manager 7.3.2 and the system hung whenever Magisk ran instead. Perhaps it is a conflict with the SU system in the GSI. I tried the "securize" option in the Phh treble menu, which caused a reboot, but did not remove root / su . I do not know how to remove the SU modifications present in the GSI, if that is required.
I attempted to use his product image along with his linked pixel 5 beta Android 12 GSI, but the system would not boot with a Magisk 23 patched boot.img.
I attempted to use his product image along with AndyYan's Unofficial Lineage 18.1, but the system would not boot with a Magisk 23 patched boot.img.
oCAPTCHA said:
I tried out WhoAreYou's product image using
fastboot create-logical-partition product 512
(His syntax gave an error.)
While It did allow me to boot with a Magisk 23 patched boot.img along with Phhusson's vanilla GSI, Magisk did not work. The Magisk 23 app gave a strange error "Unsupported Magisk Version, This version of the app does not support Magisk version lower than v20.4". I downgraded to Magisk Manager 7.3.2 and the system hung whenever Magisk ran instead. Perhaps it is a conflict with the SU system in the GSI. I tried the "securize" option in the Phh treble menu, which caused a reboot, but did not remove root / su . I do not know how to remove the SU modifications present in the GSI, if that is required.
I attempted to use his product image along with his linked pixel 5 beta Android 12 GSI, but the system would not boot with a Magisk 23 patched boot.img.
I attempted to use his product image along with AndyYan's Unofficial Lineage 18.1, but the system would not boot with a Magisk 23 patched boot.img.
Click to expand...
Click to collapse
oCAPTCHA said:
Could you flash a stock kernel on top of a GSI, then reroot with Magisk?
Click to expand...
Click to collapse
Try this updated GSI from the stable release, I just flashed it and it's definitely working:
https://sourceforge.net/projects/gsitutorials-sgsi/files/SGSI/A12Beta/Pixel5-SP1A-A12-SGSI-GSI-Tutorials.7z/download
Am using the same product I linked and magisk canary patched stock boot.img, Literally works perfectly aside from the fingerprint scanner.
oCAPTCHA said:
I tried out WhoAreYou's product image using
fastboot create-logical-partition product 512
(His syntax gave an error.)
While It did allow me to boot with a Magisk 23 patched boot.img along with Phhusson's vanilla GSI, Magisk did not work. The Magisk 23 app gave a strange error "Unsupported Magisk Version, This version of the app does not support Magisk version lower than v20.4". I downgraded to Magisk Manager 7.3.2 and the system hung whenever Magisk ran instead. Perhaps it is a conflict with the SU system in the GSI. I tried the "securize" option in the Phh treble menu, which caused a reboot, but did not remove root / su . I do not know how to remove the SU modifications present in the GSI, if that is required.
I attempted to use his product image along with his linked pixel 5 beta Android 12 GSI, but the system would not boot with a Magisk 23 patched boot.img.
I attempted to use his product image along with AndyYan's Unofficial Lineage 18.1, but the system would not boot with a Magisk 23 patched boot.img.
Click to expand...
Click to collapse
^
Related
Received the tablet in the mail, and now looking to root via Magisk (and ideally a custom recovery like TWRP).
I found this video describing a way to download the stock ROM from Teclast:
Has anyone achieved root on this device? Can anyone confirm Treble ROM compatability for GSI A/B?
On the russian forum 4pda somebody posted the patched boot.img and vbmeta.img files required for rooting.
If anyone is registered on the forum he might try to grab the files, for me it gives 404 error when trying to download, though im not registered..
Teclast T40 Plus - Обсуждение - 4PDA
Teclast T40 Plus - Обсуждение, Планшет, 10,4
4pda.to
NightLord said:
On the russian forum 4pda somebody posted the patched boot.img and vbmeta.img files required for rooting.
If anyone is registered on the forum he might try to grab the files, for me it gives 404 error when trying to download, though im not registered..
Teclast T40 Plus - Обсуждение - 4PDA
Teclast T40 Plus - Обсуждение, Планшет, 10,4
4pda.to
Click to expand...
Click to collapse
Good find, but the link no longer works. It gives me a 404: https://4pda.to/forum/dl/post/24458874/T40_Plus_root.7z
My guess is it would work if we were logged in, its just that i cant create an account since i cannot get past rhe russian captcha
Yeah, I also can't register without knowing the Russian keyboard layout and how to identify the characters. Perhaps someone with this knowledge can register and attach the required images to root here?
Slightly off topic while someone manages to grab the files from 4pda
Do you actually get 50000+ gpu score in antutu with the t40? I have the maxpad i11 which is in theory the same hardware, and I only get 42000. I even flashed the t40 firmware on the device, but gpu score didnt budge.
To be on topic: if you want root, you may also flash phhuson's treble GSI rom-s. I tried his version of android 12, and it works, and has root.
NightLord said:
Slightly off topic while someone manages to grab the files from 4pda
Do you actually get 50000+ gpu score in antutu with the t40? I have the maxpad i11 which is in theory the same hardware, and I only get 42000. I even flashed the t40 firmware on the device, but gpu score didnt budge.
To be on topic: if you want root, you may also flash phhuson's treble GSI rom-s. I tried his version of android 12, and it works, and has root.
Click to expand...
Click to collapse
These ROMs? https://github.com/phhusson/treble_experimentations/releases
ForgottenSolstace said:
These ROMs? https://github.com/phhusson/treble_experimentations/releases
Click to expand...
Click to collapse
Yes.
You can either install them via DSU as dual-boot OS beside your stock rom, or just flash system partition (inside super) via fastbootd (you are going to have to delete product partition to have enough space inside super for the system image) and use them as primary OS.
Gotcha:
Just ordered a T40 Plus, did you manage to get root?
Flashing the boot and vbmeta partitions with the images attached to my previous post will grant you root on the stock t40 plus firmware.
I myself moved on to using android 12 gsi images.
NightLord said:
Flashing the boot and vbmeta partitions with the images attached to my previous post will grant you root on the stock t40 plus firmware.
I myself moved on to using android 12 gsi images.
Click to expand...
Click to collapse
Hi NightLord, can you explain easily the root steps for this device? do we need the software that we see in the video at the beginning or is ADB enough?
Marynboy78 said:
Hi NightLord, can you explain easily the root steps for this device? do we need the software that we see in the video at the beginning or is ADB enough?
Click to expand...
Click to collapse
Hey,
You need to use the spreadtrum research download tool (RDT), not the one seen in tthe video in the first post.
See this guide on how to use the RDT.
The basic concept is that you need to download the official firmware from the teclast homepage, load it into RDT, uncheck all partitions (save for those that are compulsory and cannot be unchecked), select only boot and vbmeta partitions, and as images to be flashed you need to browse the ones found in the archive I posted, instead of those found in the original firmware package.
Begin flashing, your device will perform a hard reset, and then you should boot into rooted firmware.
Theoretically you should be able to flash both partitions (boot and vbmeta) via fastboot too, but when I tried, i got an error message saying boot.img was too large or something. Flashing via RDT went without problem. The only caveat is that flashing via RDT will always hard reset your device.
NightLord said:
Flashing the boot and vbmeta partitions with the images attached to my previous post will grant you root on the stock t40 plus firmware.
I myself moved on to using android 12 gsi images.
Click to expand...
Click to collapse
How to install android 12 gsi on this device?
marinzrncic said:
How to install android 12 gsi on this device?
Click to expand...
Click to collapse
First you need to unlock the bootloader. You need to be patient when you are flashing the unlock, my device took some 10 mins to complete, but in the end it succeeded (on the 2nd try, mind you.)
Here is a guide for unlocking in windows, though it is in russian (Im attaching the required modified fastboot in case you cannot download it from 4pda).
When you're done unlocking the bootloader, you've already done the hard part.
Next, download your preferred GSI image from Google, from phhusson's, or whatever else you find (Pixel Experience for eg.). Mind you, that the image from Google contains the Android 12L version.
Next you will flash your active system partition with the GSI image. To do that, initate ADB connection to your tablet, then enter fastbootd, by issuing the command:
fastboot reboot fastboot
you can check your active system slot by:
fastboot getvar all (but it will be slot "a" unless you have received an OTA update previously)
you need to free up some space by deleting the logical partition product otherwise you wont be able to flash your gsi:
fastboot delete-logical-partition product_a
(in case your active slot is "a")
then you can move forward to actually flashing your GSI:
fastboot flash system_a whateverisyourimagefilename.img
Lastly, you will need to wipe userdata, which can be done on the tablet by switching to recovery from fastbootd, and then selecting wipe userdata, or maybe the fastboot -w command does the same.
Reboot, and enjoy your GSI.
I'm using the Google 12L GSI, and it is perfectly stable for daily usage. For bluetooth audio to work, you will have to disable bluetooth a2dp hardware offload in developer options.
NightLord said:
First you need to unlock the bootloader. You need to be patient when you are flashing the unlock, my device took some 10 mins to complete, but in the end it succeeded (on the 2nd try, mind you.)
Here is a guide for unlocking in windows, though it is in russian (Im attaching the required modified fastboot in case you cannot download it from 4pda).
When you're done unlocking the bootloader, you've already done the hard part.
Next, download your preferred GSI image from Google, from phhusson's, or whatever else you find (Pixel Experience for eg.). Mind you, that the image from Google contains the Android 12L version.
Next you will flash your active system partition with the GSI image. To do that, initate ADB connection to your tablet, then enter fastbootd, by issuing the command:
fastboot reboot fastboot
you can check your active system slot by:
fastboot getvar all (but it will be slot "a" unless you have received an OTA update previously)
you need to free up some space by deleting the logical partition product otherwise you wont be able to flash your gsi:
fastboot delete-logical-partition product_a
(in case your active slot is "a")
then you can move forward to actually flashing your GSI:
fastboot flash system_a whateverisyourimagefilename.img
Lastly, you will need to wipe userdata, which can be done on the tablet by switching to recovery from fastbootd, and then selecting wipe userdata, or maybe the fastboot -w command does the same.
Reboot, and enjoy your GSI.
I'm using the Google 12L GSI, and it is perfectly stable for daily usage. For bluetooth audio to work, you will have to disable bluetooth a2dp hardware offload in developer options.
Click to expand...
Click to collapse
thank you very much
NightLord said:
Hey,
You need to use the spreadtrum research download tool (RDT), not the one seen in tthe video in the first post.
See this guide on how to use the RDT.
The basic concept is that you need to download the official firmware from the teclast homepage, load it into RDT, uncheck all partitions (save for those that are compulsory and cannot be unchecked), select only boot and vbmeta partitions, and as images to be flashed you need to browse the ones found in the archive I posted, instead of those found in the original firmware package.
Begin flashing, your device will perform a hard reset, and then you should boot into rooted firmware.
Click to expand...
Click to collapse
Did we need unlock bootloader first or we can flash root without unlock bootloader?
Thx
ardianz said:
Did we need unlock bootloader first or we can flash root without unlock bootloader?
Thx
Click to expand...
Click to collapse
I have no idea because I havent tried yet. But I would guess it might be possible that you can flash the patched boot.img along with vbmeta.img with RDT, and it might work, if they do pass Android Verified Boot check.
NightLord said:
Gotcha:
Click to expand...
Click to collapse
will these files work on android 10 or android 11? I have a unisoc T618 and unisoc T310. I was hoping to flash both tablets to get root access.
and also do you have a twrp for T40_plus or any unisoc generic twrp?
Update 12/15/21: Magisk 23016 incorporates fixes for vbmeta header patching; disabling verity/verification is no longer necessary. Update and root should work as it always has - simply patch and flash the boot image.
Any update method can be used. If you've already disabled verity/verification, simply don't worry about it at next update; no need to re-enable.
I am closing this thread.
Spoiler: Deprecated
On Android 12, boot verification must be disabled in order to run a patched boot image. Unfortunately, if you have never disabled it before, it will require you to wipe data. To be clear:
***************************************************
PERMANENT ROOT CURRENTLY REQUIRES A DATA WIPE.
***************************************************
However, if you don't want to lose your data, you can "live boot" the patched image as long as /vbmeta and /boot are stock. This will allow you to use temporary root. DO NOT attempt to Direct Install Magisk to the boot image.
For subsequent updates, it is imperative that you do not allow the device to boot into system before you have disabled Verified Boot.
What this means: If you sideload the OTA, IMMEDIATELY reboot to bootloader and reflash /vbmeta with --disable-verity and --disable-verification. If you dirty flash the factory image, make sure you add these two switches to the command.
If you fail to do this, and allow the device to boot into system, you WILL have to wipe data to disable it again.
IF YOU ARE ROOTED, DO NOT USE AUTOMATIC UPDATES AS THIS WILL REFLASH /VBMETA WITHOUT DISABLING BOOT VERIFICATION!
Factory Images
OTA Images
Latest Magisk Canary
Spoiler: To root:
On your device, enable Developer Options (tap build number 8 times), and enable the OEM Unlocking toggle. Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader:
Code:
fastboot flashing unlock
Download the latest factory image and extract it. Inside, you will find the bootloader image, the radio image, and the image-device-buildnumber.zip. Extract boot.img and vbmeta.img from this zip.
Flash vbmeta:
Code:
fastboot flash vbmeta --disable-verity --disable-verification <drag and drop vbmeta.img>
Allow the device to boot into Android. Once you have Magisk installed, copy the boot.img and patch it in Magisk, then copy it back to your PC.
Reboot to bootloader.
Flash patched boot image:
Code:
fastboot flash boot <drag and drop magisk_patched-23xxx_xxxxx.img>
Reboot into system.
Spoiler: For subsequent updates:
Download the latest factory image and extract it. Inside, you will find the bootloader image, the radio image, and the image-device-buildnumber.zip. Extract boot.img from this zip.
Reboot to bootloader.
Update bootloader and radio if they are out of date. BE CAREFUL, A MISTAKE CAN BRICK YOUR DEVICE! If you update the bootloader, remember to reboot back to bootloader so that the update reads the correct bootloader version.
Update system:
Code:
fastboot update --disable-verity --disable-verification <drag and drop image-device-buildnumber.zip here>
Note: If you get an error for bootloader/radio version, this means you need to update bootloader and/or radio; go back to step 3.
Allow the device to boot into Android. Copy the boot.img and patch it in Magisk, then copy it back to your PC.
Reboot to bootloader.
Flash patched boot image:
Code:
fastboot flash boot <drag and drop magisk_patched-23xxx_xxxxx.img>
Reboot into system.
I personally do not recommend updating via OTA Sideload, as you would have to download and extract the factory zip anyway. AUTOMATIC OTA WILL LOSE ROOT AND REQUIRE A WIPE TO ROOT AGAIN.
Spoiler: If you choose to update via OTA Sideload:
Sideload the OTA. When complete, IMMEDIATELY reboot to bootloader.
Reflash vbmeta:
Code:
fastboot flash vbmeta --disable-verity --disable-verification <vbmeta.img>
Boot to system and allow the update to complete.
Patch and flash the boot image.
Note: If you run into a bootloader message
failed to load/verify boot images
this means you forgot to disable verity and verification. Reflash vbmeta with the --disable options.
If you run into this recovery message
View attachment 5455805
This means that verity and verification were not disabled before, and a wipe is required to proceed.
Let the fun begin!
Awesome news! Now that the devices are in peoples hands and this is released, development can begin!
So it looks like if you grabbed the Pixel 6 OTA yesterday, you are on 036, and that binary is not yet posted. Please correct if I am wrong. Cant wait to root this thing, non V4A audio is horrible
Just literally got my pixel 6 20 mins ago, I’m at work but when I get home the first thing I’m doing is rooting it!
For some reason I can not unlock the bootloader on the P6.
I unlocked the bootloader in the developer options.
Tried "fastboot flashing unlock" and the CMD says waiting for device.
I can transfer files from the pc to the P6 with no problems.
Maybe I need to check on an ADB driver!
EDIT: Google ADB driver was needed.
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
Geez, the firmware was just released today. Give the devs some time, there are other devices they need to update their mods on as well.
vandyman said:
Geez, the firmware was just released today. Give the devs some time, there are other devices they need to update their mods on as well.
Click to expand...
Click to collapse
Again, I was just asking what would be the benefit of rooting for a daily driver for most people (not devs), not trying to be impatient or rude. From my fairly limited understanding, Hide is pretty essential for a plethora of apps to work while rooted.
XNine said:
Again, I was just asking what would be the benefit of rooting for a daily driver for most people (not devs), not trying to be impatient or rude. From my fairly limited understanding, Hide is pretty essential for a plethora of apps to work while rooted.
Click to expand...
Click to collapse
Gotha!
When I had my Pixel 5 rooted I did not need to use hide. I use PNC Bank with no issues. I do not us Gpay, to me it is a waste of time.
I use root for AdAway, Appdash, EX Kernel, and SD Maid.
XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
Use Magisk 23001. You don't have to use 23011. I believe 23000 stable will also work as it still has MagiskHide if I'm not mistaken and works with Riru.
V0latyle said:
Use Magisk 23001. You don't have to use 23011. I believe 23000 stable will also work as it still has MagiskHide if I'm not mistaken and works with Riru.
Click to expand...
Click to collapse
You're a beautiful human being. Thank you!
XNine said:
You're a beautiful human being. Thank you!
Click to expand...
Click to collapse
My wife thinks so too, although "beautiful" isn't the word she uses
Been waiting for kernel source. Skimming through it, there's a ton of exynos named files.
XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
I’ve got an old apk of magisk so I’d assume this would work fine, no?
Also, I’ve got build number showing SD1A.210817.019.C2. Just got my 6 today and didn’t do the OTA security update as batteries to low. Will this work or nope?
DefeatedSouls said:
Also, I’ve got build number showing SD1A.210817.019.C2. Just got my 6 today and didn’t do the OTA security update as batteries to low. Will this work or nope?
Click to expand...
Click to collapse
Patch the image from the factory zip, and boot it instead of flashing it. Then, once booted, use Direct Install in Magisk to patch the boot image already on your phone.
V0latyle said:
Patch the image from the factory zip, and boot it instead of flashing it. Then, once booted, use Direct Install in Magisk to patch the boot image already on your phone.
Click to expand...
Click to collapse
Uh.. normally I’m good at this but okay, I’ll try!
XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
For instance, I need root to use Adguard in local Proxy mode and third-party VPN service. Also, I use CapitalOne, Amex, Discover, Tdbank and Chase with NO MagiskHide. There were problems with Chase, but later they probably realized it's a crap - to block rooted phones to access the app to pay your card. Some of these apps don't let you to login by a fingerprint, but it's not a big deal to enter the password (you won't forget one at least, haha)
Getting Installation failed when trying to patch the boot.img from the factory zip with Magisk.
WARNING! IF YOU ARE UPDATING TO ANDROID 13 FOR THE FIRST TIME, READ THIS FIRST!
If you are looking for my guide on a different Pixel, find it here:
Pixel 3
Pixel 3XL
Pixel 3a
Pixel 3aXL
Pixel 4
Pixel 4XL
Pixel 4a
Pixel 4a (5G)
Pixel 5
Pixel 5a
Pixel 6 Pro
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Prerequisites:
Latest SDK Platform Tools - if Platform Tools is out of date, you WILL run into problems!
USB Debugging enabled
Google USB Driver installed
I recommend using Command Prompt for these instructions; some users have difficulty with PowerShell.
Make sure the Command Prompt is running from your Platform Tools directory!
Android Source - Setting up a device for development
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub
Spoiler: Unlock Bootloader
Follow these instructions to enable Developer Options and USB Debugging.
Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
Connect your device to your PC, and open a command window in your Platform Tools folder.
Ensure ADB sees your device:
Code:
adb devices
If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
If you see "unauthorized", you need to authorize the connection on your device.
If you see the device without "unauthorized", you're good to go.
Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
Code:
fastboot flashing unlock
Select Continue on the device screen.
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA:
Code:
adb reboot sideload
Once in recovery:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.
Spoiler: Update and Root using PixelFlasher <<RECOMMENDED FOR NOVICES>>
PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.
For instructions, downloads, and support, please refer to the PixelFlasher thread.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet/Play Integrity
SafetyNet has been deprecated for the new Play Integrity API. More information here.
In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.
However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.
Mod available here. Do not use MagiskHide Props Config with this mod.
This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
YASNAC - GitHub
To check Play Integrity status:
Play Integrity Checker - NOTE: MEETS_STRONG_INTEGRITY will ALWAYS fail on an unlocked bootloader.
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.
Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
This is very interesting but maybe a more accurate/calm title would be better
I posted in another tread but I was on November's patch but used .15's vbmeta to root (before images were available for November)
Can I just flash vbmeta with the disable flags, and not worry about a wipe?
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
lackalil said:
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
Click to expand...
Click to collapse
To pass SafetyNet, you have to use Universal SafetyNet Fix 2.2.0, which is currently in beta on Patreon.
V0latyle said:
To pass SafetyNet, you have to use Universal SafetyNet Fix 2.2.0, which is currently in beta on Patreon.
Click to expand...
Click to collapse
Ahh, I see that in the thread now. Not a big deal for me because I don't use any apps that need it—I've just been doing it as a matter of course for a good while. Nonetheless, I'm still passing attestation with USNF 2.1.1 according to Root Checker and YASNAC.
Confirmed root working on Magisk Alpha v23001 (then reverted back to MM 23.0 to keep the old module repository links). Also updated to Nov '21 bootloader and radio at the same time. GPay stopped working for me since the Sept '21 update and all the various requirements to re-enable. I'm not that interested in GPay functionality.
schalacker said:
Confirmed root working on Magisk Alpha v23001 (then reverted back to MM 23.0 to keep the old module repository links). Also updated to Nov '21 bootloader and radio at the same time. GPay stopped working for me since the Sept '21 update and all the various requirements to re-enable. I'm not that interested in GPay functionality.
Click to expand...
Click to collapse
In case anyone is, GPay is working for me on my Pixel 5 with the November build. Magisk 23001 + MagiskHide + Riru + Universal SafetyNet Fix 2.1.1.
V0latyle said:
In case anyone is, GPay is working for me on my Pixel 5 with the November build. Magisk 23001 + MagiskHide + Riru + Universal SafetyNet Fix 2.1.1.
Click to expand...
Click to collapse
where can i get magiskhide, riru universal safety, thanks
when you receive the pixel
I update it with the latest update and then unlock booloader and root.
is this correct?
miss said:
where can i get magiskhide, riru universal safety, thanks
Click to expand...
Click to collapse
Magisk 23001, MagiskHide is in the options
Riru is in the module repo
Universal SafetyNet Fix 2.1.1
miss said:
when you receive the pixel
I update it with the latest update and then unlock booloader and root.
is this correct?
Click to expand...
Click to collapse
This would probably be the best way to do it, yes.
Great write up! Thanks for putting it together.
You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.
Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
sic0048 said:
Great write up! Thanks for putting it together.
You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.
Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
Click to expand...
Click to collapse
Exactly, I was guilty of not removing a Magisk module on my P5 when installing an update. And learned the hard way.
You really never know if there is some sort of residue left from your previous setup.
sic0048 said:
Great write up! Thanks for putting it together.
You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.
Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
Click to expand...
Click to collapse
You don't actually have to flash it. If you boot the patched image and it works, you should be able to use Direct Install in Magisk to patch the image in /boot. Then, next time you reboot, the device loads that image, which should be exactly the same as what you live booted.
But yes, it's very useful to be able to test.
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Release v1.0.0-alpha01 · capntrips/VbmetaPatcher
initial commit
github.com
The process should be considered experimental until a few other people have tested it. Should anyone attempt it, I would suggest backing up any critical data.
I'm also considering making a tool to restore the stock boot backup image, in case anyone fastboot flashed, rather than doing a direct install in the Magisk app. It could also be used to download the newly installed boot image from the inactive slot after an OTA, to avoid having to download the full factory image.
Unfortunately, patching boot in the inactive slot in Magisk was disabled for Pixel devices a while back, since it caused issues with starting back up. When the December OTA comes out, I'll probably take the plunge to see if I can figure out a way to make it work.
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
capntrips said:
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Release v1.0.0-alpha01 · capntrips/VbmetaPatcher
initial commit
github.com
The process should be considered experimental until a few other people have tested it.
I'm also considering making a tool to restore the stock boot backup image, in case anyone fastboot flashed, rather than doing a direct install in the Magisk app. It could also be used to download the newly installed boot image from the inactive slot after an OTA, to avoid having to download the full factory image.
Unfortunately, patching boot in the inactive slot in Magisk was disabled for Pixel devices a while back, since it caused issues with starting back up. When the December OTA comes out, I'll probably take the plunge to see if I can figure out a way to make it work.
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
Click to expand...
Click to collapse
So, if I use this tool after rooting OTA updates will work and I'll still have root?
Edit: And can you explain more clearly the process on how to do this?
KedarWolf said:
So, if I use this tool after rooting OTA updates will work and I'll still have root?
Edit: And can you explain more clearly the process on how to do this?
Click to expand...
Click to collapse
No, the tool does nothing to maintain root. It simply allows you to take the OTA. You will still need to reboot into fastboot and flash or boot from a patched boot image.
The steps would be:
Restore boot in the Magisk app
Restore vbmeta in Vbmeta Patcher
Take the OTA in System Updater
Patch vbmeta in Vbmeta Patcher
Patch the new boot image in the Magisk app and copy it to your computer
Reboot into fastboot
Boot from the new patched boot image
Direct Install Magisk in the Magisk App
As I noted the quote post, this process should be considered experimental until it has been more thoroughly tested. You should consider backing up any critical data before attempting it, in case something goes wrong.
I'm working on another tool to make it a bit easier to acquire the new boot image in step 5, but that will likely be a few days. Hopefully we'll be able to install Magisk to the inactive slot on Pixel devices again in the future, which would consolidate steps 5-8.
capntrips said:
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Click to expand...
Click to collapse
Patch vbmeta how? What does patching the image accomplish?
capntrips said:
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
Click to expand...
Click to collapse
This is good news. Would the same thing be accomplished by flashing the boot image to both slots using --slot=all?
lackalil said:
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
Click to expand...
Click to collapse
did the flash tool make you wipe when disabling verity and verification? I noticed it allows you to uncheck the wipe device option.... just curious thx
dadoc04 said:
did the flash tool make you wipe when disabling verity and verification? I noticed it allows you to uncheck the wipe device option.... just curious thx
Click to expand...
Click to collapse
If the build you're currently on has verity and verification disabled, you don't have to wipe when you update using the flash tool.
I haven't tried it without wiping from unrooted/stock vbmeta. It could well be possible despite a wipe being required when flashing using adb.
If you are looking for my guide on a different Pixel, find it here:
Pixel 3XL
Pixel 3a
Pixel 3aXL
Pixel 4
Pixel 4XL
Pixel 4a
Pixel 4a (5G)
Pixel 5
Pixel 5a
Pixel 6
Pixel 6 Pro
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Prerequisites:
Latest SDK Platform Tools - if Platform Tools is out of date, you WILL run into problems!
USB Debugging enabled
Google USB Driver installed
I recommend using Command Prompt for these instructions; some users have difficulty with PowerShell.
Make sure the Command Prompt is running from your Platform Tools directory!
Android Source - Setting up a device for development
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub
Spoiler: Unlock Bootloader
Follow these instructions to enable Developer Options and USB Debugging.
Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
Connect your device to your PC, and open a command window in your Platform Tools folder.
Ensure ADB sees your device:
Code:
adb devices
If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
If you see "unauthorized", you need to authorize the connection on your device.
If you see the device without "unauthorized", you're good to go.
Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
Code:
fastboot flashing unlock
Select Continue on the device screen.
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA:
Code:
adb reboot sideload
Once in recovery:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.
Spoiler: Update and Root using PixelFlasher <<RECOMMENDED FOR NOVICES>>
PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.
For instructions, downloads, and support, please refer to the PixelFlasher thread.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet/Play Integrity
SafetyNet has been deprecated for the new Play Integrity API. More information here.
In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.
However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.
Mod available here. Do not use MagiskHide Props Config with this mod.
This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
YASNAC - GitHub
To check Play Integrity status:
Play Integrity Checker - NOTE: MEETS_STRONG_INTEGRITY will ALWAYS fail on an unlocked bootloader.
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.
Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
no good on verizon 3a. however if you can figure out how to exploit DSU, when trying to load a custom ROM image, it corrupts vbmeta.
also if you check out my threads, there's a variety of other things I managed to dig up that could assist in unlocking a verizon variant, like that i mentioned above.
I also have a Verizon Pixel 3 with AT&T service and just want to tether my unlimited data.Is there a way to do it without root and unlocked bootloader.
AtrixHDMan said:
I also have a Verizon Pixel 3 with AT&T service and just want to tether my unlimited data.Is there a way to do it without root and unlocked bootloader.
Click to expand...
Click to collapse
Share a mobile connection by tethering or hotspot on Pixel - Pixel Phone Help
You can use your phone’s mobile data to connect another phone, tablet, or computer to the internet. Sharing a connection this way is called tethering or using a hotspot.
support.google.com
dcarvil said:
Share a mobile connection by tethering or hotspot on Pixel - Pixel Phone Help
You can use your phone’s mobile data to connect another phone, tablet, or computer to the internet. Sharing a connection this way is called tethering or using a hotspot.
support.google.com
Click to expand...
Click to collapse
I mean without them knowing it.I don't have tethering on my plan.
This only works if you're able to unlock your bootloader, obviously. We should all be well aware by now that certain carrier-specific devices prevent doing so, and there is no workaround or fix.
this doesnt work for me my patch file for magisk just makes it so that my touch screen is unresponsive at boot is there any other method for rooting my pixel 3?
thanks for shareing. when i got the last step on root. i had a Failed . (remote: Failed to write to partition Not Found). how can i fix it . sincerely.
hudsonchris12 said:
this doesnt work for me my patch file for magisk just makes it so that my touch screen is unresponsive at boot is there any other method for rooting my pixel 3?
Click to expand...
Click to collapse
Well I figured it out I followed a tutorial on YouTube that I can't actually find now but as far as I can recall the only difference between that one and this one was that the other guy had me use the Android flash tool to reflash a stock rom with the disable verity and disable verification boxes checked. doesn't seem like much but everything worked flawlessly afterwards. Maybe this will help someone else
This works perfect on my Pixel 3a XL as well. Thanks for sharing. Would be great if you can share how we can keep getting the monthly OS update after the phone is rooted.
works for me, thanks!
daviddooyyyyy said:
thanks for shareing. when i got the last step on root. i had a Failed . (remote: Failed to write to partition Not Found). how can i fix it . sincerely.
Click to expand...
Click to collapse
Make sure you're using the latest Platform Tools.
jackhu said:
This works perfect on my Pixel 3a XL as well. Thanks for sharing. Would be great if you can share how we can keep getting the monthly OS update after the phone is rooted.
Click to expand...
Click to collapse
This has nothing to do with root and everything to do with Google's existing strategy of supporting devices for 3 years. The Pixel 3 / 3XL were sunsetted with the last update in October 2021 and will no longer receive updates. The 3a / 3a XL will meet the same fate in May, as will the 4 / 4XL in October of this year.
Hello, I am currently on the January patch (AKA the last patch) (build SP1A.210812.016.A2), and I installed magisk using the latest canary build (23017) of Magisk. However, after doing "fastboot flash boot [path to file]" (without ""), the phone took spent quite a bit in the booting screen (G logo with bar underneath) and I backed out by flashing the stock boot image back (so I'm back in the unrooted state). How long is it considered "normal" when my phone boots after flashing magisk? If my English looks weird, sorry. I'm not native
PS: I've confirmed that I am using the latest version of platform-tools.
adb version
Android Debug Bridge version 1.0.41
Version 31.0.3-7562133
Installed as C:\My_space\adb\platform-tools\adb.exe
the flashing completed without errors:
fastboot flash boot C:\My_space\magiskFLASH\magisk_patched-23017_Jm013.img
Sending 'boot_a' (65536 KB) OKAY [ 1.682s]
Writing 'boot_a' OKAY [ 0.319s]
Finished. Total time: 2.481s
I've also verified the SHA-256 checksum of the download, and it matched without errors.
Thank you!
Question do I still use the factory image provided? Isn't there a more updated version which is the last?
Lomarnut said:
Question do I still use the factory image provided? Isn't there a more updated version which is the last?
Click to expand...
Click to collapse
Yes, I believe that you use updated method tho, or at least an updated TWRP.
rocketrazr1999 said:
Yes, I believe that you use updated method tho, or at least an updated TWRP.
Click to expand...
Click to collapse
do you know where updated method is. I'm very cautious about rooting because i've bricked at least 3 devices years ago
Deleted
Lomarnut said:
do you know where updated method is. I'm very cautious about rooting because i've bricked at least 3 devices years ago
Click to expand...
Click to collapse
Yes, THIS thread
rocketrazr1999 said:
Yes, THIS thread
Click to expand...
Click to collapse
so this method still works if I'm on jan image?
Hello all, I've been trying to install /e/ OS GSI on my Redmi Note 11S, but that didn't go exactly well. Luckily, I managed to fix it. So before I brick this thing again, How should I install a GSI properly without bricking, and which GSI would you recommend? I am looking for something more privacy oriented. Thank you in advance
[TOOL][AUTOINSTALLER][GSI]SMINORI GSI AUTO INSTALLER FOCO M4 PRO
After i'm search many tutorial and thread about installing clean and optimal GSI and take a lot of time. So, i decided to make batch auto installer for GSI ROM for help u guys, this is easy way for installing gsi rom WITH JUST PRESS ENTER:sneaky...
forum.xda-developers.com
nothing other than that. thats it.
when it goes wrong u can easly flash full stock with miflshtool
lurchiii said:
[TOOL][AUTOINSTALLER][GSI]SMINORI GSI AUTO INSTALLER FOCO M4 PRO
After i'm search many tutorial and thread about installing clean and optimal GSI and take a lot of time. So, i decided to make batch auto installer for GSI ROM for help u guys, this is easy way for installing gsi rom WITH JUST PRESS ENTER:sneaky...
forum.xda-developers.com
nothing other than that. thats it.
when it goes wrong u can easly flash full stock with miflshtool
Click to expand...
Click to collapse
Thank you
Is there some sort of Linux alternative?
And which GSI would you recommend?
kritomas said:
Thank you
Is there some sort of Linux alternative?
And which GSI would you recommend?
Click to expand...
Click to collapse
I have tried Evolution X A13 & Pixel Experience Plus A13 & CRDROID A12 and on all of them I had issues with Wifi, bluetooth, thethering - non of them worked so I gave up and went back to miui
1. adb reboot bootloader
2. fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img (take the vbmeta.img file from your current firmware)
3. fastboot reboot fastboot (because gsi must be flashed in fastbootd )
4. fastboot getvar is-userspace
5. fastboot erase system
6. fastboot delete-logical-partition product_a
7. fastboot flash system YOUR_GSI_ROM.img (system.img)
8. fastboot reboot recovery
9. (in recovery) wipe data
10. (in recovery) reboot to system
i flashed yesterday Arrow OS lite A12 it has several fixes for most common problems on board and it worked very well and smooth.
on telegram you can found a magiskmodul fix for auto-variable Hz and a magisk modul for disable hw-overlays consistent. (cauz after reboot it turn back on automaticly)
BUT gaming performance is horrible and good kernel tweaks are over my level
Had someone tried any of these GSI images without having wifi / bluetooth issues?
Generic System Image (GSI) list
Notes about tinkering with Android Project Treble. Contribute to phhusson/treble_experimentations development by creating an account on GitHub.
github.com
..... flash vbmeta vbmeta.img (take the vbmeta.img file from your current firmware)
Click to expand...
Click to collapse
Where should I take the vbmeta.img for my phone?
shady9090 said:
Where should I take the vbmeta.img for my phone?
Click to expand...
Click to collapse
Download the Fastboot Firmware that match the Firmware on your phone from here: https://forum.xda-developers.com/t/...dmi-note-11s-4g-poco-m4-pro-4g-fleur.4428655/
Extract it with the file and in the images folder is the vbmeta.
I have this weird issue on every GSIs where the status bar isn't aligned with the camera. Does anyone know how I can fix that?
Dio Off-Brando said:
I have this weird issue on every GSIs where the status bar isn't aligned with the camera. Does anyone know how I can fix that?
Click to expand...
Click to collapse
In the Developer Options is a fix for that. But idk how the exactly Name was for it.
lurchiii said:
1. adb reboot bootloader
2. fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img (take the vbmeta.img file from your current firmware)
3. fastboot reboot fastboot (because gsi must be flashed in fastbootd )
4. fastboot getvar is-userspace
5. fastboot erase system
6. fastboot delete-logical-partition product_a
7. fastboot flash system YOUR_GSI_ROM.img (system.img)
8. fastboot reboot recovery
9. (in recovery) wipe data
10. (in recovery) reboot to system
i flashed yesterday Arrow OS lite A12 it has several fixes for most common problems on board and it worked very well and smooth.
on telegram you can found a magiskmodul fix for auto-variable Hz and a magisk modul for disable hw-overlays consistent. (cauz after reboot it turn back on automaticly)
BUT gaming performance is horrible and good kernel tweaks are over my level
Click to expand...
Click to collapse
So from Linux with platform-tool installed and by giving the mentioned commands I can flash Gsi rom Pixel Experience right???
fastboot delete-logical-partition product_a??? no b???
yes you can flash it from windows or from linux. they are the same commands..
and yes only a
GitHub - VegaBobo/DSU-Sideloader: A simple app made to help users easily install GSIs via DSU's Android feature.
A simple app made to help users easily install GSIs via DSU's Android feature. - GitHub - VegaBobo/DSU-Sideloader: A simple app made to help users easily install GSIs via DSU's Android feat...
github.com