Related
Hi, I'm going to unlock my bootloader. Install Xiaomi EU Rom and Root with Magisk.
After unlocking bootloader, i know my device will vulnerable. Anyone can flash a custom recovery and install a backdoor or whatever. So, I have two Idea to eliminate this threat.
1) Is there any way to sign the image manually with custom key and lock the bootloader again? and then i can unlock it from PC whenever I want with my own key.
I don't know if such thing is possible, there is a post related to it.
How to create a custom signed vbmeta.img for Unisoc using AVBtool
2) If first option is not possible, is there any way to generate the hash of /system partition, keep the key inside phone (/data maybe? as it will be encrypted), and then every time system boot up, it will generate a new hash and check with original one, to confirm system integrity. (someone mentioned such thing in this forum, but he didn't tell the procedure). I know it will take a long time to check, but I don't mind.
Another way could be, check it manually inside OS or from PC (adb maybe?) whenever I give my phone to someone and suspect something.
I know my post is messed up. I would appreciate any help.
OSX.Nobody said:
1) Is there any way to sign the image manually with custom key and lock the bootloader again? and then i can unlock it from PC whenever I want with my own key.
I don't know if such thing is possible, there is a post related to it.
How to create a custom signed vbmeta.img for Unisoc using AVBtool
Click to expand...
Click to collapse
Only Android 8.0 and higher ROMs with AVB implemented have 1 or more VerifiedBoot image(s) - read: vbmeta.img .
How to sign an image with a custom key is explained here.
jwoegerbauer said:
Only Android 8.0 and higher ROMs with AVB implemented have 1 or more VerifiedBoot image(s) - read: vbmeta.img .
How to sign an image with a custom key is explained here.
Click to expand...
Click to collapse
I have read that post, but it's 3 years old. Also he mentioned about Pixel Phone.
My ROM is Android 10 (MIUI 12 EU Rom), Redmi K30i 5G device. Will it work for me? Also what about 2nd option, any Idea?
Thanks.
@OSX.Nobody
The vbmeta.img on Android ROMs with AVB implemented is nothing else than a database. It actually contains the hashes/keys for the boot, system, and vendor partitions, that does mean that every such ROM build will need a unique vbmeta.img used by AVB to verify successfully.
A vbmeta.img is ROM related, it's completely independent of Android device's hardware.
jwoegerbauer said:
@OSX.Nobody
The vbmeta.img on Android ROMs with AVB implemented is nothing else than a database. It actually contains the hashes/keys for the boot, system, and vendor partitions, that does mean that every such ROM build will need a unique vbmeta.img used by AVB to verify successfully.
A vbmeta.img is ROM related, it's completely independent of Android device's hardware.
Click to expand...
Click to collapse
Thanks for your help, I will follow that post.
The process of flashing alone is conventional, shouldn't even need a thread to detail, but still leaving a thread here for search indexing.
With an unlocked BL, flash an ARM64 AB GSI within fastbootd, reboot to recovery, format userdata, reboot, profit. vbmeta isn't even needed in my case.
EDIT: One thing that's unconventional and I forgot to mention is, for many GSIs, you gotta delete product_a to make room prior to flashing:
Code:
fastboot delete-logical-partition product_a
EDIT2: Magisk doesn't like to see product_a go. Instead, just flash a blank one (from #15) to it:
Code:
fastboot flash product product_gsi.img
Thanks to @Whoareyou for the original finding and @darkghost568 for additional ideas.
Are we getting closer?
Winnower Amber said:
Are we getting closer?
Click to expand...
Click to collapse
To proper custom ROMs? Dunno, I don't do bringups. I'll at least make/refine/submit the device overlay so GSIs would look proper.
Note that Magisk seems incompatible and prevents booting, at least when paired with my GSI - need to restore to stock boot image. Mine comes with PHH-SU so I'm not keen on getting Magisk working anyway.
OK I'll ask since I have no clue. What's a GSI?
alarmdude9 said:
OK I'll ask since I have no clue. What's a GSI?
Click to expand...
Click to collapse
Home
Notes about tinkering with Android Project Treble. Contribute to phhusson/treble_experimentations development by creating an account on GitHub.
github.com
AndyYan said:
Not sure why the GSI front is so quiet even after TMO variant got its unbrick tools...
Click to expand...
Click to collapse
I'm personally waiting until TWRP is more stable for this device before jumping into GSI.
Android 12 boots unsurprisingly as well, not as usable as 11 ofc.
A Generic System Image, is a universal version of android, which is available since project Treble separated the O/S into a "HAL" (Hardware Abstraction Layer) driver layer interface and the core operating system.
boot contains the kernel.
vendor, vendor_dlkm, odm, odm_dlkm are the drivers.
system, system_ext are the O/S core.
product is device specific O/S customizations.
Overview | Android Open Source Project
source.android.com
Project Treble is a good thing, making strides for Android to become a standardized operating system.
GSI install Guide:
Using information from:
Generic system images | Android Open Source Project
source.android.com
We find that we are supposed to flash vbmeta.img with "--disable-verification" because GSIs don't "include a verify boot solution". However, this step is not required on our particular device, due to OnePlus specific changes of verification being automatically disabled upon bootloader unlock.
Prerequisites: unlocked bootloader, up to date fastboot installed on a computer
1. Boot the phone into fastbootd mode by:
booting into recovery mode, by holding power and volume down during boot, then
rebooting into fastboot (only) mode, using touch menus: advanced, reboot into fastboot, then
connecting usb-c to a computer and using the poorly named command:
fastboot reboot fastboot.
Now we can use fastbootd commands.
2. We must erase the system partition:
fastboot erase system
3. next we need to obtain a GSI. I used phhusson's GSI build.
Releases · phhusson/treble_experimentations
Notes about tinkering with Android Project Treble. Contribute to phhusson/treble_experimentations development by creating an account on GitHub.
github.com
Choose arm64-ab for our phone's architechture
floss for open source apps but no GAPPS or vanilla for no GAPPS,
don't choose vndklite (Vendor Native Development Kit Lite) as it is a compatibility version for older versions of android's "HAL" layers.
"system-roar-arm64-ab-floss.img.xz"
decompress it to .img (and rename to GSI.img for brevity)
4. If we attempt to flash our GSI into the system partition:
fastboot flash system GSI.img
It will inevitably fail due to "not enough space to resize partiion"
The tool isn't smart enough to handle this task of resizing a "full" dynamic partition.
So we have to delete virtual partitions out of super to make room.
5. We must remove any present -COW partitions, which are Copy On Write partitions, which seem to be made by an A-Only virtual dyamic upgrade system. Their purpose is to host temporary changes to a partition, so the original partition is preserved for an emergency rollback, using associated interfaces to the original partition and the COW partition for access.
check your "fastboot getvar all" for any COW partitions, and delete them.
fastboot delete-logical-partition system_b-cow
6. In the official documentation, they admit that we have to delete the product partition(s) manually to make room.
fastboot delete-logical-partition product_a
fastboot delete-logical-partition product_b
7. With that done, we can reattempt to flash the GSI.
fastboot flash system GSI.img
8. The official instructions then require a fastboot -w in order to clear user data and "system partitions" data, but this is optional.
Are (A11 based) GSI's daily-drivable on the N200?
Also, do they allow for safetynet for banking apps, etc?
oCAPTCHA said:
Unofficial lineageOS 18.x by AndyYan is a Phhusson GSI derivative that claimed partial Magisk compatibility, but it also would not boot when Magisk patched. microG signature spoofing was not supported.
Click to expand...
Click to collapse
That Magisk compatibility does work on most other devices, even including an OPPO device which N200 is a rebadge of. Not sure why it is. Install PHH's Superuser and you get root for apps at least.
MicroG support is limited to priv-app for safety, as shown here.
BTW, long writeup, might wanna cut it down and/or add some emphasis?
lzgmc said:
Are (A11 based) GSI's daily-drivable on the N200?
Click to expand...
Click to collapse
VoLTE is one major hardware feature I can't verify; basic functionalities should be good. Heck, I daily-drive GSI on a device that has way more bugs than this.
mthous01 said:
Also, do they allow for safetynet for banking apps, etc?
Click to expand...
Click to collapse
PHH's "securize" option might allow you to do so for now (and unroot). I don't use GAPPS at all.
Rooting GSI Android 11
@AndyYan
AndyYan said:
That Magisk compatibility does work on most other devices, even including an OPPO device which N200 is a rebadge of. Not sure why it is. Install PHH's Superuser and you get root for apps at least.
MicroG support is limited to priv-app for safety, as shown here.
BTW, long writeup, might wanna cut it down and/or add some emphasis?
VoLTE is one major hardware feature I can't verify; basic functionalities should be good. Heck, I daily-drive GSI on a device that has way more bugs than this.
PHH's "securize" option might allow you to do so for now (and unroot). I don't use GAPPS at all.
Click to expand...
Click to collapse
Rooting GSI Android 11
Have you tried this yet, to get Magisk to work? I'm still on the bubble on wiping my phone and trying this, as it's my only daily driver right now.
mthous01 said:
Have you tried this yet, to get Magisk to work?
Click to expand...
Click to collapse
The /sbin hack is already integrated, but that doesn't seem enough here.
To root y'all need to do:
fastboot create-partition-primary 512 product
Then flash the attached product.
Then flash your rooted img, it'll boot successfully.
This GSI also works beautifuly, even has 90hz, if only there was an overlay for fingerprint scanning.
http://[STRIKE]https://jmirror.ml/0:/Jarvis-Mirror/Pixel5-Beta5-CB-GSI-Tutorials.7z[/STRIKE]
https://sourceforge.net/projects/gsitutorials-sgsi/files/SGSI/A12Beta/Pixel5-SP1A-A12-SGSI-GSI-Tutorials.7z/download
Whoareyou said:
To root y'all need to do:
fastboot create-partition-primary 512 product
Then flash the attached product.
Click to expand...
Click to collapse
OPlus devices really like to throw files (overlays, fstab, etc.) everywhere... TIL, thanks.
I tried out WhoAreYou's product image using
fastboot create-logical-partition product 512
(His syntax gave an error.)
While It did allow me to boot with a Magisk 23 patched boot.img along with Phhusson's vanilla GSI, Magisk did not work. The Magisk 23 app gave a strange error "Unsupported Magisk Version, This version of the app does not support Magisk version lower than v20.4". I downgraded to Magisk Manager 7.3.2 and the system hung whenever Magisk ran instead. Perhaps it is a conflict with the SU system in the GSI. I tried the "securize" option in the Phh treble menu, which caused a reboot, but did not remove root / su . I do not know how to remove the SU modifications present in the GSI, if that is required.
I attempted to use his product image along with his linked pixel 5 beta Android 12 GSI, but the system would not boot with a Magisk 23 patched boot.img.
I attempted to use his product image along with AndyYan's Unofficial Lineage 18.1, but the system would not boot with a Magisk 23 patched boot.img.
oCAPTCHA said:
I tried out WhoAreYou's product image using
fastboot create-logical-partition product 512
(His syntax gave an error.)
While It did allow me to boot with a Magisk 23 patched boot.img along with Phhusson's vanilla GSI, Magisk did not work. The Magisk 23 app gave a strange error "Unsupported Magisk Version, This version of the app does not support Magisk version lower than v20.4". I downgraded to Magisk Manager 7.3.2 and the system hung whenever Magisk ran instead. Perhaps it is a conflict with the SU system in the GSI. I tried the "securize" option in the Phh treble menu, which caused a reboot, but did not remove root / su . I do not know how to remove the SU modifications present in the GSI, if that is required.
I attempted to use his product image along with his linked pixel 5 beta Android 12 GSI, but the system would not boot with a Magisk 23 patched boot.img.
I attempted to use his product image along with AndyYan's Unofficial Lineage 18.1, but the system would not boot with a Magisk 23 patched boot.img.
Click to expand...
Click to collapse
oCAPTCHA said:
Could you flash a stock kernel on top of a GSI, then reroot with Magisk?
Click to expand...
Click to collapse
Try this updated GSI from the stable release, I just flashed it and it's definitely working:
https://sourceforge.net/projects/gsitutorials-sgsi/files/SGSI/A12Beta/Pixel5-SP1A-A12-SGSI-GSI-Tutorials.7z/download
Am using the same product I linked and magisk canary patched stock boot.img, Literally works perfectly aside from the fingerprint scanner.
oCAPTCHA said:
I tried out WhoAreYou's product image using
fastboot create-logical-partition product 512
(His syntax gave an error.)
While It did allow me to boot with a Magisk 23 patched boot.img along with Phhusson's vanilla GSI, Magisk did not work. The Magisk 23 app gave a strange error "Unsupported Magisk Version, This version of the app does not support Magisk version lower than v20.4". I downgraded to Magisk Manager 7.3.2 and the system hung whenever Magisk ran instead. Perhaps it is a conflict with the SU system in the GSI. I tried the "securize" option in the Phh treble menu, which caused a reboot, but did not remove root / su . I do not know how to remove the SU modifications present in the GSI, if that is required.
I attempted to use his product image along with his linked pixel 5 beta Android 12 GSI, but the system would not boot with a Magisk 23 patched boot.img.
I attempted to use his product image along with AndyYan's Unofficial Lineage 18.1, but the system would not boot with a Magisk 23 patched boot.img.
Click to expand...
Click to collapse
^
WARNING! IF YOU ARE UPDATING TO ANDROID 13 FOR THE FIRST TIME, READ THIS FIRST!
If you are looking for my guide on a different Pixel, find it here:
Pixel 3
Pixel 3XL
Pixel 3a
Pixel 3aXL
Pixel 4
Pixel 4XL
Pixel 4a
Pixel 4a (5G)
Pixel 5
Pixel 5a
Pixel 6 Pro
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Prerequisites:
Latest SDK Platform Tools - if Platform Tools is out of date, you WILL run into problems!
USB Debugging enabled
Google USB Driver installed
I recommend using Command Prompt for these instructions; some users have difficulty with PowerShell.
Make sure the Command Prompt is running from your Platform Tools directory!
Android Source - Setting up a device for development
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub
Spoiler: Unlock Bootloader
Follow these instructions to enable Developer Options and USB Debugging.
Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
Connect your device to your PC, and open a command window in your Platform Tools folder.
Ensure ADB sees your device:
Code:
adb devices
If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
If you see "unauthorized", you need to authorize the connection on your device.
If you see the device without "unauthorized", you're good to go.
Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
Code:
fastboot flashing unlock
Select Continue on the device screen.
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA:
Code:
adb reboot sideload
Once in recovery:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.
Spoiler: Update and Root using PixelFlasher <<RECOMMENDED FOR NOVICES>>
PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.
For instructions, downloads, and support, please refer to the PixelFlasher thread.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet/Play Integrity
SafetyNet has been deprecated for the new Play Integrity API. More information here.
In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.
However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.
Mod available here. Do not use MagiskHide Props Config with this mod.
This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
YASNAC - GitHub
To check Play Integrity status:
Play Integrity Checker - NOTE: MEETS_STRONG_INTEGRITY will ALWAYS fail on an unlocked bootloader.
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.
Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
This is very interesting but maybe a more accurate/calm title would be better
I posted in another tread but I was on November's patch but used .15's vbmeta to root (before images were available for November)
Can I just flash vbmeta with the disable flags, and not worry about a wipe?
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
lackalil said:
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
Click to expand...
Click to collapse
To pass SafetyNet, you have to use Universal SafetyNet Fix 2.2.0, which is currently in beta on Patreon.
V0latyle said:
To pass SafetyNet, you have to use Universal SafetyNet Fix 2.2.0, which is currently in beta on Patreon.
Click to expand...
Click to collapse
Ahh, I see that in the thread now. Not a big deal for me because I don't use any apps that need it—I've just been doing it as a matter of course for a good while. Nonetheless, I'm still passing attestation with USNF 2.1.1 according to Root Checker and YASNAC.
Confirmed root working on Magisk Alpha v23001 (then reverted back to MM 23.0 to keep the old module repository links). Also updated to Nov '21 bootloader and radio at the same time. GPay stopped working for me since the Sept '21 update and all the various requirements to re-enable. I'm not that interested in GPay functionality.
schalacker said:
Confirmed root working on Magisk Alpha v23001 (then reverted back to MM 23.0 to keep the old module repository links). Also updated to Nov '21 bootloader and radio at the same time. GPay stopped working for me since the Sept '21 update and all the various requirements to re-enable. I'm not that interested in GPay functionality.
Click to expand...
Click to collapse
In case anyone is, GPay is working for me on my Pixel 5 with the November build. Magisk 23001 + MagiskHide + Riru + Universal SafetyNet Fix 2.1.1.
V0latyle said:
In case anyone is, GPay is working for me on my Pixel 5 with the November build. Magisk 23001 + MagiskHide + Riru + Universal SafetyNet Fix 2.1.1.
Click to expand...
Click to collapse
where can i get magiskhide, riru universal safety, thanks
when you receive the pixel
I update it with the latest update and then unlock booloader and root.
is this correct?
miss said:
where can i get magiskhide, riru universal safety, thanks
Click to expand...
Click to collapse
Magisk 23001, MagiskHide is in the options
Riru is in the module repo
Universal SafetyNet Fix 2.1.1
miss said:
when you receive the pixel
I update it with the latest update and then unlock booloader and root.
is this correct?
Click to expand...
Click to collapse
This would probably be the best way to do it, yes.
Great write up! Thanks for putting it together.
You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.
Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
sic0048 said:
Great write up! Thanks for putting it together.
You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.
Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
Click to expand...
Click to collapse
Exactly, I was guilty of not removing a Magisk module on my P5 when installing an update. And learned the hard way.
You really never know if there is some sort of residue left from your previous setup.
sic0048 said:
Great write up! Thanks for putting it together.
You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.
Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
Click to expand...
Click to collapse
You don't actually have to flash it. If you boot the patched image and it works, you should be able to use Direct Install in Magisk to patch the image in /boot. Then, next time you reboot, the device loads that image, which should be exactly the same as what you live booted.
But yes, it's very useful to be able to test.
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Release v1.0.0-alpha01 · capntrips/VbmetaPatcher
initial commit
github.com
The process should be considered experimental until a few other people have tested it. Should anyone attempt it, I would suggest backing up any critical data.
I'm also considering making a tool to restore the stock boot backup image, in case anyone fastboot flashed, rather than doing a direct install in the Magisk app. It could also be used to download the newly installed boot image from the inactive slot after an OTA, to avoid having to download the full factory image.
Unfortunately, patching boot in the inactive slot in Magisk was disabled for Pixel devices a while back, since it caused issues with starting back up. When the December OTA comes out, I'll probably take the plunge to see if I can figure out a way to make it work.
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
capntrips said:
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Release v1.0.0-alpha01 · capntrips/VbmetaPatcher
initial commit
github.com
The process should be considered experimental until a few other people have tested it.
I'm also considering making a tool to restore the stock boot backup image, in case anyone fastboot flashed, rather than doing a direct install in the Magisk app. It could also be used to download the newly installed boot image from the inactive slot after an OTA, to avoid having to download the full factory image.
Unfortunately, patching boot in the inactive slot in Magisk was disabled for Pixel devices a while back, since it caused issues with starting back up. When the December OTA comes out, I'll probably take the plunge to see if I can figure out a way to make it work.
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
Click to expand...
Click to collapse
So, if I use this tool after rooting OTA updates will work and I'll still have root?
Edit: And can you explain more clearly the process on how to do this?
KedarWolf said:
So, if I use this tool after rooting OTA updates will work and I'll still have root?
Edit: And can you explain more clearly the process on how to do this?
Click to expand...
Click to collapse
No, the tool does nothing to maintain root. It simply allows you to take the OTA. You will still need to reboot into fastboot and flash or boot from a patched boot image.
The steps would be:
Restore boot in the Magisk app
Restore vbmeta in Vbmeta Patcher
Take the OTA in System Updater
Patch vbmeta in Vbmeta Patcher
Patch the new boot image in the Magisk app and copy it to your computer
Reboot into fastboot
Boot from the new patched boot image
Direct Install Magisk in the Magisk App
As I noted the quote post, this process should be considered experimental until it has been more thoroughly tested. You should consider backing up any critical data before attempting it, in case something goes wrong.
I'm working on another tool to make it a bit easier to acquire the new boot image in step 5, but that will likely be a few days. Hopefully we'll be able to install Magisk to the inactive slot on Pixel devices again in the future, which would consolidate steps 5-8.
capntrips said:
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Click to expand...
Click to collapse
Patch vbmeta how? What does patching the image accomplish?
capntrips said:
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
Click to expand...
Click to collapse
This is good news. Would the same thing be accomplished by flashing the boot image to both slots using --slot=all?
lackalil said:
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
Click to expand...
Click to collapse
did the flash tool make you wipe when disabling verity and verification? I noticed it allows you to uncheck the wipe device option.... just curious thx
dadoc04 said:
did the flash tool make you wipe when disabling verity and verification? I noticed it allows you to uncheck the wipe device option.... just curious thx
Click to expand...
Click to collapse
If the build you're currently on has verity and verification disabled, you don't have to wipe when you update using the flash tool.
I haven't tried it without wiping from unrooted/stock vbmeta. It could well be possible despite a wipe being required when flashing using adb.
If you are looking for my guide on a different Pixel, find it here:
Pixel 3XL
Pixel 3a
Pixel 3aXL
Pixel 4
Pixel 4XL
Pixel 4a
Pixel 4a (5G)
Pixel 5
Pixel 5a
Pixel 6
Pixel 6 Pro
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Prerequisites:
Latest SDK Platform Tools - if Platform Tools is out of date, you WILL run into problems!
USB Debugging enabled
Google USB Driver installed
I recommend using Command Prompt for these instructions; some users have difficulty with PowerShell.
Make sure the Command Prompt is running from your Platform Tools directory!
Android Source - Setting up a device for development
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub
Spoiler: Unlock Bootloader
Follow these instructions to enable Developer Options and USB Debugging.
Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
Connect your device to your PC, and open a command window in your Platform Tools folder.
Ensure ADB sees your device:
Code:
adb devices
If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
If you see "unauthorized", you need to authorize the connection on your device.
If you see the device without "unauthorized", you're good to go.
Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
Code:
fastboot flashing unlock
Select Continue on the device screen.
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA:
Code:
adb reboot sideload
Once in recovery:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.
Spoiler: Update and Root using PixelFlasher <<RECOMMENDED FOR NOVICES>>
PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.
For instructions, downloads, and support, please refer to the PixelFlasher thread.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet/Play Integrity
SafetyNet has been deprecated for the new Play Integrity API. More information here.
In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.
However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.
Mod available here. Do not use MagiskHide Props Config with this mod.
This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
YASNAC - GitHub
To check Play Integrity status:
Play Integrity Checker - NOTE: MEETS_STRONG_INTEGRITY will ALWAYS fail on an unlocked bootloader.
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.
Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
no good on verizon 3a. however if you can figure out how to exploit DSU, when trying to load a custom ROM image, it corrupts vbmeta.
also if you check out my threads, there's a variety of other things I managed to dig up that could assist in unlocking a verizon variant, like that i mentioned above.
I also have a Verizon Pixel 3 with AT&T service and just want to tether my unlimited data.Is there a way to do it without root and unlocked bootloader.
AtrixHDMan said:
I also have a Verizon Pixel 3 with AT&T service and just want to tether my unlimited data.Is there a way to do it without root and unlocked bootloader.
Click to expand...
Click to collapse
Share a mobile connection by tethering or hotspot on Pixel - Pixel Phone Help
You can use your phone’s mobile data to connect another phone, tablet, or computer to the internet. Sharing a connection this way is called tethering or using a hotspot.
support.google.com
dcarvil said:
Share a mobile connection by tethering or hotspot on Pixel - Pixel Phone Help
You can use your phone’s mobile data to connect another phone, tablet, or computer to the internet. Sharing a connection this way is called tethering or using a hotspot.
support.google.com
Click to expand...
Click to collapse
I mean without them knowing it.I don't have tethering on my plan.
This only works if you're able to unlock your bootloader, obviously. We should all be well aware by now that certain carrier-specific devices prevent doing so, and there is no workaround or fix.
this doesnt work for me my patch file for magisk just makes it so that my touch screen is unresponsive at boot is there any other method for rooting my pixel 3?
thanks for shareing. when i got the last step on root. i had a Failed . (remote: Failed to write to partition Not Found). how can i fix it . sincerely.
hudsonchris12 said:
this doesnt work for me my patch file for magisk just makes it so that my touch screen is unresponsive at boot is there any other method for rooting my pixel 3?
Click to expand...
Click to collapse
Well I figured it out I followed a tutorial on YouTube that I can't actually find now but as far as I can recall the only difference between that one and this one was that the other guy had me use the Android flash tool to reflash a stock rom with the disable verity and disable verification boxes checked. doesn't seem like much but everything worked flawlessly afterwards. Maybe this will help someone else
This works perfect on my Pixel 3a XL as well. Thanks for sharing. Would be great if you can share how we can keep getting the monthly OS update after the phone is rooted.
works for me, thanks!
daviddooyyyyy said:
thanks for shareing. when i got the last step on root. i had a Failed . (remote: Failed to write to partition Not Found). how can i fix it . sincerely.
Click to expand...
Click to collapse
Make sure you're using the latest Platform Tools.
jackhu said:
This works perfect on my Pixel 3a XL as well. Thanks for sharing. Would be great if you can share how we can keep getting the monthly OS update after the phone is rooted.
Click to expand...
Click to collapse
This has nothing to do with root and everything to do with Google's existing strategy of supporting devices for 3 years. The Pixel 3 / 3XL were sunsetted with the last update in October 2021 and will no longer receive updates. The 3a / 3a XL will meet the same fate in May, as will the 4 / 4XL in October of this year.
Hello, I am currently on the January patch (AKA the last patch) (build SP1A.210812.016.A2), and I installed magisk using the latest canary build (23017) of Magisk. However, after doing "fastboot flash boot [path to file]" (without ""), the phone took spent quite a bit in the booting screen (G logo with bar underneath) and I backed out by flashing the stock boot image back (so I'm back in the unrooted state). How long is it considered "normal" when my phone boots after flashing magisk? If my English looks weird, sorry. I'm not native
PS: I've confirmed that I am using the latest version of platform-tools.
adb version
Android Debug Bridge version 1.0.41
Version 31.0.3-7562133
Installed as C:\My_space\adb\platform-tools\adb.exe
the flashing completed without errors:
fastboot flash boot C:\My_space\magiskFLASH\magisk_patched-23017_Jm013.img
Sending 'boot_a' (65536 KB) OKAY [ 1.682s]
Writing 'boot_a' OKAY [ 0.319s]
Finished. Total time: 2.481s
I've also verified the SHA-256 checksum of the download, and it matched without errors.
Thank you!
Question do I still use the factory image provided? Isn't there a more updated version which is the last?
Lomarnut said:
Question do I still use the factory image provided? Isn't there a more updated version which is the last?
Click to expand...
Click to collapse
Yes, I believe that you use updated method tho, or at least an updated TWRP.
rocketrazr1999 said:
Yes, I believe that you use updated method tho, or at least an updated TWRP.
Click to expand...
Click to collapse
do you know where updated method is. I'm very cautious about rooting because i've bricked at least 3 devices years ago
Deleted
Lomarnut said:
do you know where updated method is. I'm very cautious about rooting because i've bricked at least 3 devices years ago
Click to expand...
Click to collapse
Yes, THIS thread
rocketrazr1999 said:
Yes, THIS thread
Click to expand...
Click to collapse
so this method still works if I'm on jan image?
I've been trying to root my device for a few days. I patch the AP file with the magisk application in the software I downloaded from the sammobile site with magisk. I installed it on my phone with odin. but above the samsung text, under the exclamation mark, the red color ''this phone is not running samsungs official software. you may have problems with features or security, and wont be able to install seoftware updates'' remains. The phone turns off after a certain period of time, it seems to turn on, but the same screen appears again and so on. Also, I enter the recovery mode, I do a wipedata/factory reset and it says something like this.
Wiping data...
Formatting /data...
[PDP] lstat /c___/pdp_b___ :0 - no Pdp scenario
formatting /cache...
formating /metadata
data wipe complete
[libfs__mgr]eariError updating for slot select
nothing?
Rooting a device's Android is adding a suitable su cmdlet to Android's filesystem and make it executable, nothing else. This can get achieved by means od ADB.
same issue here - bootloop after patching boot.img with Magic. B
ut new version - 24 is relased today to open beta channel. Maybe?
Succesfully patched boot.img from M526BPUU1AUI5 with latest Magisk Manager, flashed with ODIN and after wipe got rooted M52 (m-m52b/ds). You must patch exactly your firmware version boot. Also, flashing empty vbmeta disables verity protection - needed for custom recovery flashing. My goal now is to make TWRP working, but no success so far.
See here for root
GALAXY M52 5G - UNLOCK AND ROOT
Unlock and Root Galaxy M52 5G I just share my experience. Do it at your own risk Tested on M526BRXXU1AUK2 firmware I. Unlock bootloader 1. Enable developer options by tapping build number 7 times 2. Go to Developer options, turn on OEM...
forum.xda-developers.com