WARNING! IF YOU ARE UPDATING TO ANDROID 13 FOR THE FIRST TIME, READ THIS FIRST!
If you are looking for my guide on a different Pixel, find it here:
Pixel 3
Pixel 3XL
Pixel 3a
Pixel 3aXL
Pixel 4
Pixel 4XL
Pixel 4a
Pixel 4a (5G)
Pixel 5
Pixel 5a
Pixel 6 Pro
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Prerequisites:
Latest SDK Platform Tools - if Platform Tools is out of date, you WILL run into problems!
USB Debugging enabled
Google USB Driver installed
I recommend using Command Prompt for these instructions; some users have difficulty with PowerShell.
Make sure the Command Prompt is running from your Platform Tools directory!
Android Source - Setting up a device for development
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub
Spoiler: Unlock Bootloader
Follow these instructions to enable Developer Options and USB Debugging.
Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
Connect your device to your PC, and open a command window in your Platform Tools folder.
Ensure ADB sees your device:
Code:
adb devices
If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
If you see "unauthorized", you need to authorize the connection on your device.
If you see the device without "unauthorized", you're good to go.
Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
Code:
fastboot flashing unlock
Select Continue on the device screen.
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA:
Code:
adb reboot sideload
Once in recovery:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.
Spoiler: Update and Root using PixelFlasher <<RECOMMENDED FOR NOVICES>>
PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.
For instructions, downloads, and support, please refer to the PixelFlasher thread.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet/Play Integrity
SafetyNet has been deprecated for the new Play Integrity API. More information here.
In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.
However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.
Mod available here. Do not use MagiskHide Props Config with this mod.
This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
YASNAC - GitHub
To check Play Integrity status:
Play Integrity Checker - NOTE: MEETS_STRONG_INTEGRITY will ALWAYS fail on an unlocked bootloader.
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.
Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
This is very interesting but maybe a more accurate/calm title would be better
I posted in another tread but I was on November's patch but used .15's vbmeta to root (before images were available for November)
Can I just flash vbmeta with the disable flags, and not worry about a wipe?
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
lackalil said:
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
Click to expand...
Click to collapse
To pass SafetyNet, you have to use Universal SafetyNet Fix 2.2.0, which is currently in beta on Patreon.
V0latyle said:
To pass SafetyNet, you have to use Universal SafetyNet Fix 2.2.0, which is currently in beta on Patreon.
Click to expand...
Click to collapse
Ahh, I see that in the thread now. Not a big deal for me because I don't use any apps that need it—I've just been doing it as a matter of course for a good while. Nonetheless, I'm still passing attestation with USNF 2.1.1 according to Root Checker and YASNAC.
Confirmed root working on Magisk Alpha v23001 (then reverted back to MM 23.0 to keep the old module repository links). Also updated to Nov '21 bootloader and radio at the same time. GPay stopped working for me since the Sept '21 update and all the various requirements to re-enable. I'm not that interested in GPay functionality.
schalacker said:
Confirmed root working on Magisk Alpha v23001 (then reverted back to MM 23.0 to keep the old module repository links). Also updated to Nov '21 bootloader and radio at the same time. GPay stopped working for me since the Sept '21 update and all the various requirements to re-enable. I'm not that interested in GPay functionality.
Click to expand...
Click to collapse
In case anyone is, GPay is working for me on my Pixel 5 with the November build. Magisk 23001 + MagiskHide + Riru + Universal SafetyNet Fix 2.1.1.
V0latyle said:
In case anyone is, GPay is working for me on my Pixel 5 with the November build. Magisk 23001 + MagiskHide + Riru + Universal SafetyNet Fix 2.1.1.
Click to expand...
Click to collapse
where can i get magiskhide, riru universal safety, thanks
when you receive the pixel
I update it with the latest update and then unlock booloader and root.
is this correct?
miss said:
where can i get magiskhide, riru universal safety, thanks
Click to expand...
Click to collapse
Magisk 23001, MagiskHide is in the options
Riru is in the module repo
Universal SafetyNet Fix 2.1.1
miss said:
when you receive the pixel
I update it with the latest update and then unlock booloader and root.
is this correct?
Click to expand...
Click to collapse
This would probably be the best way to do it, yes.
Great write up! Thanks for putting it together.
You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.
Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
sic0048 said:
Great write up! Thanks for putting it together.
You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.
Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
Click to expand...
Click to collapse
Exactly, I was guilty of not removing a Magisk module on my P5 when installing an update. And learned the hard way.
You really never know if there is some sort of residue left from your previous setup.
sic0048 said:
Great write up! Thanks for putting it together.
You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.
Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
Click to expand...
Click to collapse
You don't actually have to flash it. If you boot the patched image and it works, you should be able to use Direct Install in Magisk to patch the image in /boot. Then, next time you reboot, the device loads that image, which should be exactly the same as what you live booted.
But yes, it's very useful to be able to test.
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Release v1.0.0-alpha01 · capntrips/VbmetaPatcher
initial commit
github.com
The process should be considered experimental until a few other people have tested it. Should anyone attempt it, I would suggest backing up any critical data.
I'm also considering making a tool to restore the stock boot backup image, in case anyone fastboot flashed, rather than doing a direct install in the Magisk app. It could also be used to download the newly installed boot image from the inactive slot after an OTA, to avoid having to download the full factory image.
Unfortunately, patching boot in the inactive slot in Magisk was disabled for Pixel devices a while back, since it caused issues with starting back up. When the December OTA comes out, I'll probably take the plunge to see if I can figure out a way to make it work.
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
capntrips said:
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Release v1.0.0-alpha01 · capntrips/VbmetaPatcher
initial commit
github.com
The process should be considered experimental until a few other people have tested it.
I'm also considering making a tool to restore the stock boot backup image, in case anyone fastboot flashed, rather than doing a direct install in the Magisk app. It could also be used to download the newly installed boot image from the inactive slot after an OTA, to avoid having to download the full factory image.
Unfortunately, patching boot in the inactive slot in Magisk was disabled for Pixel devices a while back, since it caused issues with starting back up. When the December OTA comes out, I'll probably take the plunge to see if I can figure out a way to make it work.
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
Click to expand...
Click to collapse
So, if I use this tool after rooting OTA updates will work and I'll still have root?
Edit: And can you explain more clearly the process on how to do this?
KedarWolf said:
So, if I use this tool after rooting OTA updates will work and I'll still have root?
Edit: And can you explain more clearly the process on how to do this?
Click to expand...
Click to collapse
No, the tool does nothing to maintain root. It simply allows you to take the OTA. You will still need to reboot into fastboot and flash or boot from a patched boot image.
The steps would be:
Restore boot in the Magisk app
Restore vbmeta in Vbmeta Patcher
Take the OTA in System Updater
Patch vbmeta in Vbmeta Patcher
Patch the new boot image in the Magisk app and copy it to your computer
Reboot into fastboot
Boot from the new patched boot image
Direct Install Magisk in the Magisk App
As I noted the quote post, this process should be considered experimental until it has been more thoroughly tested. You should consider backing up any critical data before attempting it, in case something goes wrong.
I'm working on another tool to make it a bit easier to acquire the new boot image in step 5, but that will likely be a few days. Hopefully we'll be able to install Magisk to the inactive slot on Pixel devices again in the future, which would consolidate steps 5-8.
capntrips said:
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Click to expand...
Click to collapse
Patch vbmeta how? What does patching the image accomplish?
capntrips said:
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
Click to expand...
Click to collapse
This is good news. Would the same thing be accomplished by flashing the boot image to both slots using --slot=all?
lackalil said:
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
Click to expand...
Click to collapse
did the flash tool make you wipe when disabling verity and verification? I noticed it allows you to uncheck the wipe device option.... just curious thx
dadoc04 said:
did the flash tool make you wipe when disabling verity and verification? I noticed it allows you to uncheck the wipe device option.... just curious thx
Click to expand...
Click to collapse
If the build you're currently on has verity and verification disabled, you don't have to wipe when you update using the flash tool.
I haven't tried it without wiping from unrooted/stock vbmeta. It could well be possible despite a wipe being required when flashing using adb.
Related
This guide shows how to install TWRP and Magisk even starting from firmwares after B19 A2017U firmware (starting B25, ZTE removed Fastboot). As always read the ENTIRE directions before beginning. If you'd like to try a faster method, see instead King1990's Alternate Method posted below steps A, B and C.
Step A involves downgrading your OS to B19. If you are on B25 or higher currently, you must not skip this step. If you are on B19, skip this step.
Step B is upgrading to B32 on an unlocked system, retaining Fastboot and the Recovery by using DrakenFX's method.
Step C is installing Magisk.
STEP A: FLASH TO B19 WITH TWRP USING EDL MODE
NOTE: This assumes you are unlocked. If you need to unlock starting from a firmware later than B19, please follow the EDL Unlock instructions at the EDL Thread, or use the Axon7Toolkit unlock, which is essentially the same but may be easier for some.
1. Install MiFlash using the EDL thread
2. Install the QUALCOMM drivers linked in the same thread.
3. Download "B19-NOUGAT_FULL (Nougat 7.1.1)" from the same thread.
4. Extract the ZIP file.
5. Open MiFlash, select the named sub-folder from the ZIP
6. Connect Axon 7 via a USB cable, and hold VOL-UP/VOL-DOWN/POWER until the screen goes black and the red notification LED blinks very intermittently (~1 time per 4 seconds) to get it in EDL mode.
7. Hit Refresh in MiFlash and confirm device is shown in list.
8. Hit Flash in MiFlash to flash it. (This rolls back your device to B19 stock)
9. Repeat Steps A.3-A.8 for "B19-NOUGAT_TWRP (Nougat 7.1.1)," found in the same EDL thread (to get TWRP).
10. After EDL flashing B19-NOUGAT_TWRP (Nougat 7.1.1), hold Power+VolUp when boot into TWRP. At the first warning screen, slide to allow modifications, but DO NOT BOOT INTO THE ROM until you complete the next step re: no-verity.
11. Tap Mount, and then Mount the phone via MTP in TWRP. Transfer over the latest (5.1 at time of writing) no-verity-opt-encrypt-5.1.zip file from this link (original thread) to your phone via MTP. Flash this file using the "Install" command in the TWRP main menu.
Troubleshooting Notes:
If bootup freezes at the very first screen after the ZTE logo ("Start - Continue to Boot..."), you probably have either (1) not properly flashed the B19 FULL before the TWRP folder, or (2) enabled changes in TWRP without flashing the zip in Step 11. If so, start over from the beginning, reinstall B19 FULL and TWRP via EDL. If you cannot boot into the system, this is likely your only option.
If you are stuck on a bootup screen that says "To start android, enter your password": You have probably mistakenly started a normal boot after flashing the B19 FULL but before flashing TWRP. Do not attempt to enter a password, simply get back into EDL mode to flash the TWRP folder for Step A.9. Do this by either holding VOL+/VOL-/POWER, or by using the ADB command if available, "adb reboot edl" . If you are in-between steps and having trouble finding a part of the boot sequence that ADB receives commands, try opening an ADB console on Windows and entering "adb devices -l" to see if your device is visible to ADB at either the bootloader itself (VOL+/POWER), or the main root TWRP screen. (Worst case, if TWRP is not installed, but if you can access Fastboot, put the TWRP .img file in the same directory on your PC as your ADB/Fastboot .exes, rename to "recover.img" and use the command "fastboot boot recovery.img" to temporarily boot into TWRP.)
If MiFlash cannot flash to your device even when it can see your device: If you can access ADB, try the command "adb reboot edl" . Some Axon 7 phones apparently do not correctly enter EDL mode when holding VOL+/VOL-/POWER, and although visible to MiFlash cannot be flashed unless a software command puts the phone into EDL. Alternatively, Axon 7 Toolkit can do this - select Option 10 when ADB is active.
If you follow this guide and receive a ctsProfile mismatch error when running a SafetyNet check in Magisk, you likely had some remnant of a prior SU installation that is triggering the error. Please follow the steps in this troubleshooting guide: https://android.gadgethacks.com/how-to/magisk-101-fix-safetynet-cts-profile-mismatch-errors-0178047/
STEP B: UPDATE TO B32
Important: You cannot use the update process in Mifavor to update, or you will lose fastboot. Instead, any updates must be flashed via TWRP.
1. Go to DrakenFX's thread and follow the instructions. Relevant portion added below for simplicity.
2. Download and move to your phone (Internal or SD):
- A2017UV1.1.0B32_bootstack_by_DrakenFX.zip
- A2017UV1.1.0B32_StockSystem_by_DrakenFX.zip
3. Boot into TWRP, and Wipe Cache, Dalvik, and Data
4. Flash ("Install" in TWRP) A2017UV1.1.0B32_bootstack_by_DrakenFX.zip, then install A2017UV1.1.0B32_StockSystem_by_DrakenFX.zip.
5. Flash the no-verity-opt-encrypt-5.1.zip file again from this link (you should already have this on your phone from Step 1 above)
STEP C: INSTALL MAGISK ZIP VIA TWRP
NOTE: If you have performed this with the 13.6 Beta per my earlier guide, simply download Magisk 14.0 within the Manager app and then flash 14.0 in TWRP to update. For new installations, flashing directly the 14.0 ZIP file should be fine. Any Magisk before 13.6 Beta will likely no longer work.
1. This guide assumes you have a clean image with NO SU. (If you have used SuperSU or another SU, you will need to either reset/reflash a clean image, or uninstall it sufficiently. If you have a prior Magisk, there is a Magisk Uninstall tool (here You can proceed without flashing a clean image using that tool, included in Step 3b below.)
2. Download the latest Beta Magisk ZIP file ("Magisk-v14.0.zip") in the main Magisk thread. I have also attached it to this thread for convenience. NOTE that this ZIP file also automatically installs Magisk Manager, so you do not need to download or install it separately in Android.
3. Go to TWRP, and install the Magisk-v14.0.zip. Clear Dalvik/Cache after install.
4. Reboot into stock, and open Magisk Manager which should be installed now automatically. Magisk Hide should be auto enabled, MagiskSU 14.0 should be installed, and all checks should pass including SafetyNet. Catch all the Poke-mans and Pay all the Androids.
Please make a TWRP backup before attempting, and be ready to roll back if needed.
Alternate Method (Thanks to King1990)
This method may be quicker, so you may prefer to try this method first, or as an alternate if the above method is too complex or doesn't work for you:
*these steps only if you are already unlocked your bootloader first UNLOCK *
*Note: it does not matter if your on stock B25 or B32 or any custom roms just follow the steps below*
*Backup first*
1- Download & install Axon7toolkit 1.2.1,install drivers & ADB from the tool (option 1).
2- using the tool, choose option 11 & follow the instructions to flash "A2017U_B19-NOUGAT_FULL_EDL" using Miflash (Axon7toolkit will start Miflash)
3- if the flashing was successful reboot your phone
4- now update using OTA to B25 then again update to B32 through OTA .
5- now you have completely stock B32 , you will also lose fastboot command
6- Reboot to EDL
7- Start Miflash directly it should be here "C:\Program Files\Xiaomi\MiPhone" & Click on refresh , a COM port should appear
8- in the target white bar, paste this destination "C:\Axon7Development\Axon7Toolkit\miflash\unlock\FASTBOOT_UNLOCK_EDL_N" & click flash, if succeed reboot & you should now have fastboot commands
9- again use Axon7toolkit & choose option 9 to flash TWRP , follow the instruction and you should have TWRP.
10- start the system then reboot to recovery and flash magisk 14.0 check for safety net if fails just reboot your phone & it will pass.
11- done.
Previous threads and guides
(Previous Thread)
-----------
(Previous Magisk and OTA process - DO NOT USE)
STEP 2: INSTALLING MAGISK 13.2 WITH ROOT AND SAFETYNET PASS
1. This guide assumes you have a clean image with NO SU. (If you have SuperSU or another SU, you will need to either reset/reflash a clean image, or uninstall it sufficiently. If you have a prior Magisk, there is a Magisk Uninstall tool. You can proceed without flashing a clean image using that tool, included in Step 3b below.)
2. Enable Settings->Security->Unknown Sources in stock.
3. Download Magisk Manager 5.0.6 and Magisk 13.2 (here, and attached for convenience), and copy them to your device. (Note that you can also just install Magisk Manager 5.0.6 and download the latest Magisk flashable ZIP from there.)
(3b. If you already have a prior Magisk & Manager installed, also download Magisk Uninstall (here, attached for convenience) and copy it to your device. Boot into TWRP, and "Install" (flash) Magisk Uninstall. Boot into system, and uninstall Magisk Manager. Clear Dalvik/Cache after each step.)
4. Install Magisk Manager v5.0.6 via File Manager direct as an APK.
5. Go to TWRP, and install the Magisk 13.2.
6. Reboot into stock, and open Magisk Manager. You should see both Magisk and Root installed (Root as "Magisksu"). If you try SafetyNet right now, it will fail.
7. Go into Settings in Magisk Manager and enable MagiskHide.
8. Reboot into TWRP, and flash the Magisk 13.2 SafetyNet Fix, attached. Reboot.
9. Now if you check SafetyNet, it should pass.
STEP 3: GET OTAS (EXPERIMENTAL)
There are still issues with B19 to B25 upgrades with Magisk using OTA packages, (such as those by DrakenFX).
Prior to the SafetyNet update (Magisk 13.0 beta), users reported partial success - if they installed Magisk successfully on B19, and gave root permission as needed, they could upgrade to B25 and retain old root permissions but NOT add new permissions for apps. I have not seen it tested whether this is still true after the SafetyNet update (Magisk 13.2).
----------
(Previous Original Guide - DO NOT USE)
If you are only here for Magisk: Despite all the horror trying to get it to work with 12.0 and earlier versions, it should flash fairly easily using versions later than the 20170520 beta and 13.0 beta Magisk Manager.. But since the 20170520 files are the only version I've tested, I can only vouch for those files and they are specifically mentioned in the guide.
NOTE: This assumes you are starting at B25, but the instructions should work for any B version number, since MiFlash is going to force us to B19.including how to install Magisk successfully - only new beta versions will install, and I've only tested the 20170520 build with Magisk 13.0 beta, but it worked entirely as intended. Below are the steps needed, and below that is my old post (hidden) for posterity in case it helps troubleshoot later if something breaks.
STEP 1: FLASHING FROM B25 TO B19 USING EDL MODE:
1. Install MiFlash using the EDL thread
2. Install the QUALCOMM drivers linked in the same thread.
3. Download "B19-NOUGAT_FULL (Nougat 7.1.1)" from the same thread.
4. Extract the ZIP file.
5. Open MiFlash, selected on the named sub-folder from the ZIP
6. Connect Axon 7 via a USB cable, and hold VOL-UP/VOL-DOWN/POWER until the screen goes black and the red notification LED blinks very intermittently (~1 time per 4 seconds) to get it in EDL mode.
7. Hit Refresh in MiFlash and confirm device is shown in list.
8. Hit Flash in MiFlash to flash it. (This rolled back my B25 device to B19 stock)
9. Then do the same process again with "B19-NOUGAT_TWRP (Nougat 7.1.1)," found in the same EDL thread (to get TWRP). ALTERNATIVELY, you can use the Toolkit to install TWRP, or via ADB, or any other method.
Note that first I just downloaded the TWRP version, and TWRP successfully installed and I could boot into TWRP, but it would totally freeze before loading the OS ROM every time. You MUST flash the B19 FULL first to avoid this.
Also, if any of these steps fail, install the Toolkit and use the same operations in the Toolkit. I used v. 1.2.0 for both the EDL flashing and to install TWRP as well, since on a later A2017U, the button restart method appeared to put me in a halfway-EDL mode which was visible from MiFlash, but did not allow flashing. In that case, a software EDL reset ("adb reboot edl" or "reboot edl" in the TWRP console) was the only way to get MiFlash to allow it to flash. The Toolkit does this nicely.
STEP 2: INSTALLING MAGISK 13.0 BETA WITH ROOT AND SAFETYNET PASS
1. Make sure you have a clean image with NO SU (PHH or MagiskSU or otherwise), and NO Magisk/Magisk Manager installed.
2. Enable Settings->Security->Unknown Sources in stock.
3. Download Magisk Manager 20170520 13.0 beta and Magisk 20170520 (here, and attached for convenience) (full beta thread here if needed), and copy them to your device.
4. Install Magisk Manager 20170520 13.0 beta via File Manager direct as an APK.
5. Go to TWRP, and install the Magisk 20170520 beta (here, and attached for convenience)
6. Reboot into stock, and open Magisk Manager 13.0. You should see both Magisk and Root installed (Root as "Magisksu"). If you try SafetyNet right now, it will fail.
7. Go into Settings in Magisk Manager and enable MagiskHide.
8. Now if you check SafetyNet, it should pass.
Note that the temporary beta builds appear to only be available for a short time, so either use the files attached, or go ahead and try the latest beta build. The first build I tried, 20170520, worked. Again, my guess is all beta builds or full builds after 20170520 will work with the instructions above, but feel free to test.
STEP 3: GET UPDATES / GO TO B25: I have not tested yet to ensure Magisk doesn't break, but I believe you should be able to download OTA packages, such as those by DrakenFX and flash them. However, users are reporting some bugs upgrading beyond B19, so OTAs are a work in progress. Please make a TWRP backup before attempting this and be ready to roll back if needed.
6bolt2g reports he had success moving from B19 (rooted) to B25, with the following steps: (a) flash "the DrakenFX B25 flashable zip's and the no-verity zip to keep TWRP"; and (b) follow STEP 2 above. However, 6bolt2g and StickMonster report that after upgrading to B25, you may experience problems with adding apps not previously whitelisted. Again, this is not verified by me but reporting it in the first thread for convenience.
For now, applying OTAs beyond B19 should be considered experimental - please be aware of the risk and have a backup before trying, and share your results here.
Changelog
Edit 5/21/2017: Added additional steps to Magisk to show process after flashing in TWRP.
Edit 5/23/2017: Added 6bolt2g report re: moving from B19 to B25.
Edit 5/24/2017: Added additional updates re: OTAs.
Edit 7/17/2017: Revised based on new ~7/12 Google SafetyNet changes, new Magisk from 5/15, and SafetyNet fix
Edit 9/3/2017: Added additional alternate solutions and troubleshooting advice.
Edit 9/4/2017: Revised process for B32, Magisk 13.6 Beta.
Edit 9/10/2017: Revised process for Magisk 14.0.
Edit 9/17/2017: Added King1990's alternate method.
Just wanted to thank you for the guide. Now I'll be able to get root on B25.
EDIT: I just wanted to know if flashing the B19_full will wipe userdata? I have a feeling it does, but I just want to double check.
Sent from my ZTE A2017U using XDA-Developers Legacy app
troy5890 said:
Just wanted to thank you for the guide. Now I'll be able to get root on B25.
EDIT: I just wanted to know if flashing the B19_full will wipe userdata? I have a feeling it does, but I just want to double check.
Click to expand...
Click to collapse
When I did it, it did NOT wipe userdata. Surprising to me that all my apps and things were still on the screen, but the version did indeed roll back. YMMV.
I've played with Magisk 13 too. I could get root, but not safety net. That's on b25. I can't remember if I tried it on b19.
To get safety net and Magisk 10 working on b25 I have to get it working on b29 and then upgrade to b25. So what you suggest for 13 sounds promising.
I'll have to play some more if you got it working on b19.
Curious, what makes you think OTAs will work? B25 removes fastboot for me and installed stock recovery. I had magisk working on B25 when not updating the bootsect and keeping that at B19.
Second question, with only B19 installed, after rolling back from B25 do you, or anyone for that matter have a problem where the signal constantly cycles on/off?
StickMonster said:
I've played with Magisk 13 too. I could get root, but not safety net. That's on b25. I can't remember if I tried it on b19.
To get safety net and Magisk 10 working on b25 I have to get it working on b29 and then upgrade to b25. So what you suggest for 13 sounds promising.
I'll have to play some more if you got it working on b19.
Click to expand...
Click to collapse
Magisk 10.3-beta2 worked after simply flashing the zip and the superuser and manager apks for me on b19
I was on rooted B19 (super su) and I used the DrakenFX B25 flashable zip's and the no-verity zip to keep TWRP. Then booted into the OS to put the Magisk manager on following 'STEP 2' in the OP then flashed the Magisk zip in TWRP and all seems to be working. I will do a full test drive today and report back if any issues. So far I have root and pass safety net checks and android pay let me open it up and set it up.
6bolt2g said:
I was on rooted B19 (super su) and I used the DrakenFX B25 flashable zip's and the no-verity zip to keep TWRP. Then booted into the OS to put the Magisk manager on following 'STEP 2' in the OP then flashed the Magisk zip in TWRP and all seems to be working. I will do a full test drive today and report back if any issues. So far I have root and pass safety net checks and android pay let me open it up and set it up.
Click to expand...
Click to collapse
Nice. Looking forward to hearing those results.
crashnova said:
Nice. Looking forward to hearing those results.
Click to expand...
Click to collapse
So far the masking function ie. Android Pay worked today when I went to use it. I went to use a few root apps, ES File Explorer and just an emoji switcher this afternoon and it was force closing the Magisk app. I tried to restart the phone to see if that was some of the issue, no difference. I also tried to uninstall and install the app from the Play Store, but it was an older version (v12). So I removed it and put the v13 back on and the force closes have stopped for now. I will have to continue using it to see how it goes. Anyone have any suggestions for root apps they would like me to try? With all the goodies baked into these stock roms there is less and less need for root access, at least for me.
6bolt2g said:
I was on rooted B19 (super su) and I used the DrakenFX B25 flashable zip's and the no-verity zip to keep TWRP. Then booted into the OS to put the Magisk manager on following 'STEP 2' in the OP then flashed the Magisk zip in TWRP and all seems to be working. I will do a full test drive today and report back if any issues. So far I have root and pass safety net checks and android pay let me open it up and set it up.
Click to expand...
Click to collapse
Thanks! I will update the original post with your results.
Edit: Can you confirm exactly which ZIP files you flashed, and where you specified "no-verity"?
Dodgexander said:
Curious, what makes you think OTAs will work? B25 removes fastboot for me and installed stock recovery. I had magisk working on B25 when not updating the bootsect and keeping that at B19.
Click to expand...
Click to collapse
I figure that as long as you can keep TWRP, the fact that Magisk was updated and confirmed to work with one version of Nougat suggested it should work with minor updates. (Nougat seems to be what broke Magisk initially.) I understand DrakenFX allows flashing in a way that preserves TWRP, so infer that it will likely work. I'm trying not to overstate what I know, but it appears to work for at least 6bolt2g. However, upgrading to B25 should be considered experimental at this point.
Dodgexander said:
Second question, with only B19 installed, after rolling back from B25 do you, or anyone for that matter have a problem where the signal constantly cycles on/off?
Click to expand...
Click to collapse
I haven't had that issue rolling back from B25. Maybe clear caches? Try reflashing with MiFlash?
ScaryBugThing said:
Thanks! I will update the original post with your results.
Edit: Can you confirm exactly which ZIP files you flashed, and where you specified "no-verity"?
Click to expand...
Click to collapse
I already was unlocked and had TWRP installed and I was on Stock B19 with root via Super SU, but the root part shouldn't matter.
I flashed the stock Bootstack and B25 Rom from this post: B25 TWRP Flashable
His directions mentioned using the vm-verity zip file if you want to keep TWRP and not flash super SU. He did not link the verity zip that I saw, so I searched XDA for them.
The link to the TWRP post with the download link: TWRP dm-verity Half way down the first post.
And the direct link to the download file list : no-verity download link I just picked the newest version.
Hope that helps.
*Edit*
To add to my issue earlier about the Magisk Manager crashing when approving root access. After re-installing it seems to work fine. I believe its after a reboot, it starts to have the crashing problem. It does seem to maintain previously approved root accesses though. For example, ES File manager is still able to explore system folders during the crash, because I approved it earlier when it was still working. I'm no programmer so I do not have a clue what is going on. I imagine, something is not persisting through the reboot. And to clarify, it is crashing when new programs are asking for root access and the pop-up shows.
Same for me using the 170523 build. Everything works at first, including root for apps already whitelisted from before the b25 upgrade, but once you try to add a new app to your root list you get FCs from then on any time su tries to run, including trying to start superuser from within Magisk manager. If you delete Magisk data, from twrp or Android app settings, the FCs stop but then you have no apps with root granted.
It looks like there is a version from nfound we should try.
Yep tried miflash running back to b19 and it's the same. I can't run b19 stock anymore, but it's off topic here so I'll shut up
Dodgexander said:
Yep tried miflash running back to b19 and it's the same. I can't run b19 stock anymore, but it's off topic here so I'll shut up
Click to expand...
Click to collapse
If you flash back to b19 try erasing Magisk data. I'm pretty sure that worked for me.
StickMonster said:
If you flash back to b19 try erasing Magisk data. I'm pretty sure that worked for me.
Click to expand...
Click to collapse
Magic is no problem on B19, signal is not. Flashing on and off like the phone is detecting a modem one sec and the next not.
Thanks for the updates about moving to B25. Updated first post - if you test anymore, please share.
ScaryBugThing said:
Hi all - this thread originated in the Q&A forum (old thread), but since I mapped out steps in a guide, I am posting it here since it is the more proper place for it.
This is a guide showing how to get TWRP installed, Magisk running, and I plan to update once I confirm OTAs can be flashed.
If you are only here for Magisk: Despite all the horror trying to get it to work with 12.0 and earlier versions, I believe you should be able to flash it fairly easily using versions later than the 20170520 beta and 13.0 beta Magisk Manager, see links below. But since the 20170520 files are the only version I've tested, I can only vouch for those files and they are specifically mentioned in the guide.
NOTE: This assumes you are starting at B25, but the instructions should work for any B version number, since MiFlash is going to force us to B19.including how to install Magisk successfully - only new beta versions will install, and I've only tested the 20170520 build with Magisk 13.0 beta, but it worked entirely as intended. Below are the steps needed, and below that is my old post (hidden) for posterity in case it helps troubleshoot later if something breaks.
STEP 1: FLASHING FROM B25 TO B19 USING EDL MODE:
1. Install MiFlash using the EDL thread
2. Install the QUALCOMM drivers linked in the same thread.
3. Download "B19-NOUGAT_FULL (Nougat 7.1.1)" from the same thread.
4. Extract the ZIP file.
5. Open MiFlash, selected on the named sub-folder from the ZIP
6. Connect Axon 7 via a USB cable, and hold VOL-UP/VOL-DOWN/POWER until the screen goes black and the red notification LED blinks very intermittently (~1 time per 4 seconds) to get it in EDL mode.
7. Hit Refresh in MiFlash and confirm device is shown in list.
8. Hit Flash in MiFlash to flash it. (This rolled back my B25 device to B19 stock)
9. Then do the same process again with "B19-NOUGAT_TWRP (Nougat 7.1.1)," found in the same EDL thread (to get TWRP).
Note that first I just downloaded the TWRP version, and TWRP successfully installed and I could boot into TWRP, but it would totally freeze before loading the OS ROM every time. You MUST flash the B19 FULL first to avoid this.
STEP 2: INSTALLING MAGISK 13.0 BETA WITH ROOT AND SAFETYNET PASS
1. Make sure you have a clean image with NO SU (PHH or MagiskSU or otherwise), and NO Magisk/Magisk Manager installed.
2. Enable Settings->Security->Unknown Sources in stock.
3. Download Magisk Manager 20170520 13.0 beta and Magisk 20170520 (here, and attached for convenience) (full beta thread here if needed), and copy them to your device.
4. Install Magisk Manager 20170520 13.0 beta via File Manager direct as an APK.
5. Go to TWRP, and install the Magisk 20170520 beta (here, and attached for convenience)
6. Reboot into stock, and open Magisk Manager 13.0. You should see both Magisk and Root installed (Root as "Magisksu"). If you try SafetyNet right now, it will fail.
7. Go into Settings in Magisk Manager and enable MagiskHide.
8. Now if you check SafetyNet, it should pass.
Note that the temporary beta builds appear to only be available for a short time, so either use the files attached, or go ahead and try the latest beta build. The first build I tried, 20170520, worked. Again, my guess is all beta builds or full builds after 20170520 will work with the instructions above, but feel free to test.
STEP 3: GET OTAS: I have not tested yet to ensure Magisk doesn't break, but I believe you should be able to download OTA packages, such as those by DrakenFX and flash them. However, users are reporting some bugs upgrading beyond B19, so OTAs are a work in progress. Please make a TWRP backup before attempting this and be ready to roll back if needed.
6bolt2g reports he had success moving from B19 (rooted) to B25, with the following steps: (a) flash "the DrakenFX B25 flashable zip's and the no-verity zip to keep TWRP"; and (b) follow STEP 2 above. However, 6bolt2g and StickMonster report that after upgrading to B25, you may experience problems with adding apps not previously whitelisted. Again, this is not verified by me but reporting it in the first thread for convenience.
For now, applying OTAs beyond B19 should be considered experimental - please be aware of the risk and have a backup before trying, and share your results here.
Edit 5/21/2017: Added additional steps to Magisk to show process after flashing in TWRP.
Edit 5/23/2017: Added 6bolt2g report re: moving from B19 to B25.
Edit 5/24/2017: Added additional updates re: OTAs.
Click to expand...
Click to collapse
I kept having error Object ref not set to an instance of an object. I already have TWRP, i wonder if i need stock recovery for this to work?
Question: On B25, once you have your root apps whitelisted and root access granted, does the Magisk Manager work alright? Other than FC on new apps, does it still do its thing and the phone work normal? My Axon 7 should be arriving today and I want to be on B25 for the wifi-calling fixes. I can probably live with white listing the apps on B19 and then updating to B25 once everything is ironed out.
genbu said:
I kept having error Object ref not set to an instance of an object. I already have TWRP, i wonder if i need stock recovery for this to work?
Click to expand...
Click to collapse
Can you give more details... whats your starting point? and what step are you getting this error?
---------- Post added at 08:35 AM ---------- Previous post was at 08:33 AM ----------
HallOfPromise said:
Question: On B25, once you have your root apps whitelisted and root access granted, does the Magisk Manager work alright? Other than FC on new apps, does it still do its thing and the phone work normal? My Axon 7 should be arriving today and I want to be on B25 for the wifi-calling fixes. I can probably live with white listing the apps on B19 and then updating to B25 once everything is ironed out.
Click to expand...
Click to collapse
I cant answer for stock AXON 7 OS... but im running LineageOs and everyththing is working very well... no Force closes with apps or anything like that.
Update 12/15/21: Magisk 23016 incorporates fixes for vbmeta header patching; disabling verity/verification is no longer necessary. Update and root should work as it always has - simply patch and flash the boot image.
Any update method can be used. If you've already disabled verity/verification, simply don't worry about it at next update; no need to re-enable.
I am closing this thread.
Spoiler: Deprecated
On Android 12, boot verification must be disabled in order to run a patched boot image. Unfortunately, if you have never disabled it before, it will require you to wipe data. To be clear:
***************************************************
PERMANENT ROOT CURRENTLY REQUIRES A DATA WIPE.
***************************************************
However, if you don't want to lose your data, you can "live boot" the patched image as long as /vbmeta and /boot are stock. This will allow you to use temporary root. DO NOT attempt to Direct Install Magisk to the boot image.
For subsequent updates, it is imperative that you do not allow the device to boot into system before you have disabled Verified Boot.
What this means: If you sideload the OTA, IMMEDIATELY reboot to bootloader and reflash /vbmeta with --disable-verity and --disable-verification. If you dirty flash the factory image, make sure you add these two switches to the command.
If you fail to do this, and allow the device to boot into system, you WILL have to wipe data to disable it again.
IF YOU ARE ROOTED, DO NOT USE AUTOMATIC UPDATES AS THIS WILL REFLASH /VBMETA WITHOUT DISABLING BOOT VERIFICATION!
Factory Images
OTA Images
Latest Magisk Canary
Spoiler: To root:
On your device, enable Developer Options (tap build number 8 times), and enable the OEM Unlocking toggle. Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader:
Code:
fastboot flashing unlock
Download the latest factory image and extract it. Inside, you will find the bootloader image, the radio image, and the image-device-buildnumber.zip. Extract boot.img and vbmeta.img from this zip.
Flash vbmeta:
Code:
fastboot flash vbmeta --disable-verity --disable-verification <drag and drop vbmeta.img>
Allow the device to boot into Android. Once you have Magisk installed, copy the boot.img and patch it in Magisk, then copy it back to your PC.
Reboot to bootloader.
Flash patched boot image:
Code:
fastboot flash boot <drag and drop magisk_patched-23xxx_xxxxx.img>
Reboot into system.
Spoiler: For subsequent updates:
Download the latest factory image and extract it. Inside, you will find the bootloader image, the radio image, and the image-device-buildnumber.zip. Extract boot.img from this zip.
Reboot to bootloader.
Update bootloader and radio if they are out of date. BE CAREFUL, A MISTAKE CAN BRICK YOUR DEVICE! If you update the bootloader, remember to reboot back to bootloader so that the update reads the correct bootloader version.
Update system:
Code:
fastboot update --disable-verity --disable-verification <drag and drop image-device-buildnumber.zip here>
Note: If you get an error for bootloader/radio version, this means you need to update bootloader and/or radio; go back to step 3.
Allow the device to boot into Android. Copy the boot.img and patch it in Magisk, then copy it back to your PC.
Reboot to bootloader.
Flash patched boot image:
Code:
fastboot flash boot <drag and drop magisk_patched-23xxx_xxxxx.img>
Reboot into system.
I personally do not recommend updating via OTA Sideload, as you would have to download and extract the factory zip anyway. AUTOMATIC OTA WILL LOSE ROOT AND REQUIRE A WIPE TO ROOT AGAIN.
Spoiler: If you choose to update via OTA Sideload:
Sideload the OTA. When complete, IMMEDIATELY reboot to bootloader.
Reflash vbmeta:
Code:
fastboot flash vbmeta --disable-verity --disable-verification <vbmeta.img>
Boot to system and allow the update to complete.
Patch and flash the boot image.
Note: If you run into a bootloader message
failed to load/verify boot images
this means you forgot to disable verity and verification. Reflash vbmeta with the --disable options.
If you run into this recovery message
View attachment 5455805
This means that verity and verification were not disabled before, and a wipe is required to proceed.
Let the fun begin!
Awesome news! Now that the devices are in peoples hands and this is released, development can begin!
So it looks like if you grabbed the Pixel 6 OTA yesterday, you are on 036, and that binary is not yet posted. Please correct if I am wrong. Cant wait to root this thing, non V4A audio is horrible
Just literally got my pixel 6 20 mins ago, I’m at work but when I get home the first thing I’m doing is rooting it!
For some reason I can not unlock the bootloader on the P6.
I unlocked the bootloader in the developer options.
Tried "fastboot flashing unlock" and the CMD says waiting for device.
I can transfer files from the pc to the P6 with no problems.
Maybe I need to check on an ADB driver!
EDIT: Google ADB driver was needed.
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
Geez, the firmware was just released today. Give the devs some time, there are other devices they need to update their mods on as well.
vandyman said:
Geez, the firmware was just released today. Give the devs some time, there are other devices they need to update their mods on as well.
Click to expand...
Click to collapse
Again, I was just asking what would be the benefit of rooting for a daily driver for most people (not devs), not trying to be impatient or rude. From my fairly limited understanding, Hide is pretty essential for a plethora of apps to work while rooted.
XNine said:
Again, I was just asking what would be the benefit of rooting for a daily driver for most people (not devs), not trying to be impatient or rude. From my fairly limited understanding, Hide is pretty essential for a plethora of apps to work while rooted.
Click to expand...
Click to collapse
Gotha!
When I had my Pixel 5 rooted I did not need to use hide. I use PNC Bank with no issues. I do not us Gpay, to me it is a waste of time.
I use root for AdAway, Appdash, EX Kernel, and SD Maid.
XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
Use Magisk 23001. You don't have to use 23011. I believe 23000 stable will also work as it still has MagiskHide if I'm not mistaken and works with Riru.
V0latyle said:
Use Magisk 23001. You don't have to use 23011. I believe 23000 stable will also work as it still has MagiskHide if I'm not mistaken and works with Riru.
Click to expand...
Click to collapse
You're a beautiful human being. Thank you!
XNine said:
You're a beautiful human being. Thank you!
Click to expand...
Click to collapse
My wife thinks so too, although "beautiful" isn't the word she uses
Been waiting for kernel source. Skimming through it, there's a ton of exynos named files.
XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
I’ve got an old apk of magisk so I’d assume this would work fine, no?
Also, I’ve got build number showing SD1A.210817.019.C2. Just got my 6 today and didn’t do the OTA security update as batteries to low. Will this work or nope?
DefeatedSouls said:
Also, I’ve got build number showing SD1A.210817.019.C2. Just got my 6 today and didn’t do the OTA security update as batteries to low. Will this work or nope?
Click to expand...
Click to collapse
Patch the image from the factory zip, and boot it instead of flashing it. Then, once booted, use Direct Install in Magisk to patch the boot image already on your phone.
V0latyle said:
Patch the image from the factory zip, and boot it instead of flashing it. Then, once booted, use Direct Install in Magisk to patch the boot image already on your phone.
Click to expand...
Click to collapse
Uh.. normally I’m good at this but okay, I’ll try!
XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
For instance, I need root to use Adguard in local Proxy mode and third-party VPN service. Also, I use CapitalOne, Amex, Discover, Tdbank and Chase with NO MagiskHide. There were problems with Chase, but later they probably realized it's a crap - to block rooted phones to access the app to pay your card. Some of these apps don't let you to login by a fingerprint, but it's not a big deal to enter the password (you won't forget one at least, haha)
Getting Installation failed when trying to patch the boot.img from the factory zip with Magisk.
If you are looking for my guide on a different Pixel, find it here:
Pixel 3XL
Pixel 3a
Pixel 3aXL
Pixel 4
Pixel 4XL
Pixel 4a
Pixel 4a (5G)
Pixel 5
Pixel 5a
Pixel 6
Pixel 6 Pro
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Prerequisites:
Latest SDK Platform Tools - if Platform Tools is out of date, you WILL run into problems!
USB Debugging enabled
Google USB Driver installed
I recommend using Command Prompt for these instructions; some users have difficulty with PowerShell.
Make sure the Command Prompt is running from your Platform Tools directory!
Android Source - Setting up a device for development
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub
Spoiler: Unlock Bootloader
Follow these instructions to enable Developer Options and USB Debugging.
Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
Connect your device to your PC, and open a command window in your Platform Tools folder.
Ensure ADB sees your device:
Code:
adb devices
If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
If you see "unauthorized", you need to authorize the connection on your device.
If you see the device without "unauthorized", you're good to go.
Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
Code:
fastboot flashing unlock
Select Continue on the device screen.
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA:
Code:
adb reboot sideload
Once in recovery:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.
Spoiler: Update and Root using PixelFlasher <<RECOMMENDED FOR NOVICES>>
PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.
For instructions, downloads, and support, please refer to the PixelFlasher thread.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet/Play Integrity
SafetyNet has been deprecated for the new Play Integrity API. More information here.
In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.
However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.
Mod available here. Do not use MagiskHide Props Config with this mod.
This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
YASNAC - GitHub
To check Play Integrity status:
Play Integrity Checker - NOTE: MEETS_STRONG_INTEGRITY will ALWAYS fail on an unlocked bootloader.
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.
Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
no good on verizon 3a. however if you can figure out how to exploit DSU, when trying to load a custom ROM image, it corrupts vbmeta.
also if you check out my threads, there's a variety of other things I managed to dig up that could assist in unlocking a verizon variant, like that i mentioned above.
I also have a Verizon Pixel 3 with AT&T service and just want to tether my unlimited data.Is there a way to do it without root and unlocked bootloader.
AtrixHDMan said:
I also have a Verizon Pixel 3 with AT&T service and just want to tether my unlimited data.Is there a way to do it without root and unlocked bootloader.
Click to expand...
Click to collapse
Share a mobile connection by tethering or hotspot on Pixel - Pixel Phone Help
You can use your phone’s mobile data to connect another phone, tablet, or computer to the internet. Sharing a connection this way is called tethering or using a hotspot.
support.google.com
dcarvil said:
Share a mobile connection by tethering or hotspot on Pixel - Pixel Phone Help
You can use your phone’s mobile data to connect another phone, tablet, or computer to the internet. Sharing a connection this way is called tethering or using a hotspot.
support.google.com
Click to expand...
Click to collapse
I mean without them knowing it.I don't have tethering on my plan.
This only works if you're able to unlock your bootloader, obviously. We should all be well aware by now that certain carrier-specific devices prevent doing so, and there is no workaround or fix.
this doesnt work for me my patch file for magisk just makes it so that my touch screen is unresponsive at boot is there any other method for rooting my pixel 3?
thanks for shareing. when i got the last step on root. i had a Failed . (remote: Failed to write to partition Not Found). how can i fix it . sincerely.
hudsonchris12 said:
this doesnt work for me my patch file for magisk just makes it so that my touch screen is unresponsive at boot is there any other method for rooting my pixel 3?
Click to expand...
Click to collapse
Well I figured it out I followed a tutorial on YouTube that I can't actually find now but as far as I can recall the only difference between that one and this one was that the other guy had me use the Android flash tool to reflash a stock rom with the disable verity and disable verification boxes checked. doesn't seem like much but everything worked flawlessly afterwards. Maybe this will help someone else
This works perfect on my Pixel 3a XL as well. Thanks for sharing. Would be great if you can share how we can keep getting the monthly OS update after the phone is rooted.
works for me, thanks!
daviddooyyyyy said:
thanks for shareing. when i got the last step on root. i had a Failed . (remote: Failed to write to partition Not Found). how can i fix it . sincerely.
Click to expand...
Click to collapse
Make sure you're using the latest Platform Tools.
jackhu said:
This works perfect on my Pixel 3a XL as well. Thanks for sharing. Would be great if you can share how we can keep getting the monthly OS update after the phone is rooted.
Click to expand...
Click to collapse
This has nothing to do with root and everything to do with Google's existing strategy of supporting devices for 3 years. The Pixel 3 / 3XL were sunsetted with the last update in October 2021 and will no longer receive updates. The 3a / 3a XL will meet the same fate in May, as will the 4 / 4XL in October of this year.
Hello, I am currently on the January patch (AKA the last patch) (build SP1A.210812.016.A2), and I installed magisk using the latest canary build (23017) of Magisk. However, after doing "fastboot flash boot [path to file]" (without ""), the phone took spent quite a bit in the booting screen (G logo with bar underneath) and I backed out by flashing the stock boot image back (so I'm back in the unrooted state). How long is it considered "normal" when my phone boots after flashing magisk? If my English looks weird, sorry. I'm not native
PS: I've confirmed that I am using the latest version of platform-tools.
adb version
Android Debug Bridge version 1.0.41
Version 31.0.3-7562133
Installed as C:\My_space\adb\platform-tools\adb.exe
the flashing completed without errors:
fastboot flash boot C:\My_space\magiskFLASH\magisk_patched-23017_Jm013.img
Sending 'boot_a' (65536 KB) OKAY [ 1.682s]
Writing 'boot_a' OKAY [ 0.319s]
Finished. Total time: 2.481s
I've also verified the SHA-256 checksum of the download, and it matched without errors.
Thank you!
Question do I still use the factory image provided? Isn't there a more updated version which is the last?
Lomarnut said:
Question do I still use the factory image provided? Isn't there a more updated version which is the last?
Click to expand...
Click to collapse
Yes, I believe that you use updated method tho, or at least an updated TWRP.
rocketrazr1999 said:
Yes, I believe that you use updated method tho, or at least an updated TWRP.
Click to expand...
Click to collapse
do you know where updated method is. I'm very cautious about rooting because i've bricked at least 3 devices years ago
Deleted
Lomarnut said:
do you know where updated method is. I'm very cautious about rooting because i've bricked at least 3 devices years ago
Click to expand...
Click to collapse
Yes, THIS thread
rocketrazr1999 said:
Yes, THIS thread
Click to expand...
Click to collapse
so this method still works if I'm on jan image?
I have posted all the boot.img files for N200 A12 to AFH for DE2117 US OEM firmware and now latest for DE2118 (Tmobile/metro)
I am also posting the OFFICIAL Lineage Magisk patched boot.img but may not always be up to date, so do check the date as you must have same version!
N200 Official LineageOS_2023_06-14-Magisk 26.1 pre-patched
boot.ing for OFFICIAL Lineage
I have posted both the original file as well as pre-patched with Magisk v25.2 for each.
The T-Mobile/Metro image versioning is ONE NUMBER BEHIND the OEM version. As of today the current version with December update is:
DE2117-C_23 (OEM)
DE2118-C_21 (T-Mobile/Metro)
PREREQUISITES: (see other guides)
You must have your bootloader unlocked.
USB debugging enabled and your PC authorized. (ADB commands working)
Latest Android Platform Tools installed on PC
1. Simply allow phone to take OTA updates until your on latest version.
2. Open Settings and click: "About Device" -> "Version" and Build Number must match EXACTLY on your system information screen with the boot.img file you are going to install:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
In this example it is US/OEM (DE2117) at patch level C_17.
You MUST patch the boot.img with EXACT SAME model version AND Patch level!
I wrote a simplified dummies guide to flash US OEM rom with Fastboot Enhance tool and convert T-Mobile/PCS phone to US/OEM wiith only Fastboot Enhance GUI tool along with msmtool backup.
3. Go to my "Boot.img Files" folder on AFH and download the Magisk pre-patched boot.image file for YOUR MATCHING version and place it to the same folder that you installed Android Platform Tools.
DE2117 US OEM - Pre-Patched with Magisk v25.2:
boot.img C_15
boot.img C_16
boot.img C_17
boot.img C_18
boot.img C_19
boot.img C_20
boot.img C_21
DE2117 US OEM - Pre-Patched with Magisk v26.1:
boot.img C_22
boot.img C_23
DE2118 T-Mobile/MetroPCS - Pre-Patched with Magisk v25.2:
boot.img C_5
boot.img C_17
boot.img C_18
boot.img C_19
boot.img C_20
DE2118 T-Mobile/MetroPCS - Pre-Patched with Magisk v26.1:
boot.img C_21
boot.img C_22
With File Explorer in the folder with platform tools and the boot.img file you just downloaded, type "cmd" in the address bar and a dos window will open up in that folder.
4. Then switch the phone to fastboot mode:
C:\>adb reboot bootloader
You should see the phone fastboot screen and the last line MUST say the bootloader is: UNLOCKED.
5. Flash the Magisk Patched boot.img file.
In this example the command would be:
C:\>fastboot flash boot DE2117.boot.C_18.Magisk_Patched.v25.2.img
6. Reboot phone:
C:\>fastboot reboot
7. After phone boot up there will be a green android icon with Magisk v1.0 on your home screen/drawer. Run it and it will upgrade itself to the latest Magisk version.
Your now ROOTED.
8. To KEEP root and avoid an OTA update before I have posted the latest boot.img file you should:
Open settings -> "System Settings" -> "Developer Options" and then turn off "Automatic System Updates"
I should post new boot.img updates within 24 hours to the same folder.
Technical Information:
Before A12 you could use the command: "fastboot boot boot.img" and boot the previous patched Magisk boot image and then let Magisk backup your current image and then patch it as the old one was usually still working enough to get the new boot.img this way and let Magisk store the untouched boot.img file so it could remove the patch in app.
This ability has been removed starting with the first A12 C_15 image.
Also, the OP OTA update is checking for more than just the original boot.img and will fail an OTA update with Magisk installed with the boot.img restored and Magisk loaded in ram.
Hiding the Magisk app, installing safetynet-fix-v2.2. and Shamiko-v0.5.2-120 Magisk Module will allow you to pass Safetynet and get your banking/streaming apps working, but only removing Magisk completely will allow OTA updates now.
There are two ways to get partial OTA update boot.img file if you want to do it on your own at this point.
1. Grab the partial ota update .zip file by looking at syslog when OTA app on phone starts downloading it. Take the last dumped full OTA and patch it with the only payload dumper that will merge partial OTA's with existing full OTA:
https://github.com/vm03/payload_dumper
2. If you don't mind wiping your phone, you can take the newest partial OTA update and then change to inactive slot and install the last full OTA image and then pull the boot.img from the inactive slot that has the newest OTA installed. And then reinstall full ota update again and take latest partial update.
UPDATE: If you flash the last full OTA C_16 and want OTA updates to work, you must flash it TWICE now. Once in fastboot mode and only the MODEM.IMG file will flash and then switch to fastbootd mode and flash it again and every image other than the modem will flash. If the modem does not match the rom, as well as the BOOT.IMG (non modified) then OTA WILL FAIL!!
Un-modified BOOT.IMG files for DE2117 US OEM N200:
boot.img C_15
boot.img C_16
boot.img C_17
boot.img C_18
boot.img C_20
boot.img C_21
boot.img C_22
boot.img C_23
Un-modified BOOT.IMG files for DE2118 Tmobile/MetroPCS N200:
boot.img C_5
boot.img C_7
boot.img C_8
boot.img C_9
boot.img C_11
boot.img C_12
boot.img C_15
boot.img C_16
boot.img C_17
boot.img C_18
boot.img C_19
boot.img C_20
boot.img C_21
boot.img C_22
The C_5 through C_16 DE2118 images are pointing to towardsdawn's AFH section.
I added them here so one post has all the boot.img files in one place to make it easier to find.
waiting for your tmo to us oem conversion guide! thanks
scanman0 said:
I have posted all the boot.img files for A12 to AFH for DE2117 US OEM firmware.
I have posted both the original file as well as pre-patched with Magisk v25.2 for each.
As of now there are three versions. (C_15, C_16, and C_17)
PREREQUISITES: (see other guides)
You must have your bootloader unlocked.
USB debugging enabled and your PC authorized. (ADB commands working)
Latest Android Platform Tools installed on PC
1. Simply allow phone to take OTA updates until your on latest version. (C_17 as of today)
2. Open Settings and click: "About Device" -> "Version" and Build Number must match EXACTLY on your system information screen with the boot.img file you are going to install:
View attachment 5696281
In this example it is C_17.
If it says DE18CB then STOP!
This is the T-Mobile/MetroPCS infected firmware and is NOT the same as the US OEM firmware.
I wrote a simplified dummies guide to flash US OEM rom with Fastboot Enhance tool and convert T-Mobile/PCS phone to US/OEM wiith only Fastboot Enhance GUI tool along with msmtool backup.
3. Go to my "Boot.img Files" folder on AFH and download the Magisk pre-patched boot.image file for YOUR MATCHING version and place it to the same folder that you installed Android Platform Tools.
https://androidfilehost.com/?a=show&w=files&flid=335815
With File Explorer in the folder with platform tools and the boot.img file you just downloaded, type "cmd" in the address bar and a dos window will open up in that folder.
4. Then switch the phone to fastboot mode:
C:\>adb reboot bootloader
You should see the phone fastboot screen and the last line MUST say the bootloader is: UNLOCKED.
5. Flash the Magisk Patched boot.img file.
In this example the command would be:
C:\>fastboot flash boot DE2117.boot.C_17.Magisk_Patched_v25.2.img
6. Reboot phone:
C:\>fastboot reboot
7. After phone boot up there will be a green android icon with Magisk v1.0 on your home screen/drawer. Run it and it will upgrade itself to the latest Magisk version.
Your now ROOTED.
8. To KEEP root and avoid an OTA update before I have posted the latest boot.img file you should:
Open settings -> "System Settings" -> "Developer Options" and then turn off "Automatic System Updates"
I should post new boot.img updates within 24 hours to the same folder.
Technical Information:
Before A12 you could use the command: "fastboot boot boot.img" and boot the previous patched Magisk boot image and then let Magisk backup your current image and then patch it as the old one was usually still working enough to get the new boot.img this way and let Magisk store the untouched boot.img file so it could remove the patch in app.
This ability has been removed starting with the first A12 C_15 image.
Also, the OP OTA update is checking for more than just the original boot.img and will fail an OTA update with Magisk installed with the boot.img restored and Magisk loaded in ram.
Hiding the Magisk app, installing safetynet-fix-v2.2. and Shamiko-v0.5.2-120 Magisk Module will allow you to pass Safetynet and get your banking/streaming apps working, but only removing Magisk completely will allow OTA updates now.
There are two ways to get partial OTA update boot.img file if you want to do it on your own at this point.
1. Grab the partial ota update .zip file by looking at syslog when OTA app on phone starts downloading it. Take the last dumped full OTA and patch it with the only payload dumper that will merge partial OTA's with existing full OTA:
https://github.com/vm03/payload_dumper
2. If you don't mind wiping your phone, you can take the newest partial OTA update and then change to inactive slot and install the last full OTA image and then pull the boot.img from the inactive slot that has the newest OTA installed. And then reinstall full ota update again and take latest partial update.
Click to expand...
Click to collapse
Is there a Bootimg. file for DE_2118_11_C.16 I could not find one?
jayram1408 said:
Is there a Bootimg. file for DE_2118_11_C.16 I could not find one?
Click to expand...
Click to collapse
!!! This is ONLY for Tmobile/MetroPCS A12 running C_16 firmware !!!
boot_11_C.16_DE2118_tmobile_stock.img | by towardsdawn for Nord N200 5G
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
www.androidfilehost.com
What's changed in the update or was it just security updates?
weirdfate said:
What's changed in the update or was it just security updates?
Click to expand...
Click to collapse
It is NOT new and it is for the MetroPCS/T-Mobile infected rom.
I posted it OFF TOPIC and this is why I used all the !!! marks.
I updated the parent thread with the September security patch C_18 boot.img files as promised!
Bump.
Updated guide and added latest DE2118 boot.img files for Tmobile/MetroPCS that do not want to convert to US/OEM firmware
Are you able to get boot image for 11.0.1.12.DE18CB device DE2118? Ty
Angelk3 said:
Are you able to get boot image for 11.0.1.12.DE18CB device DE2118? Ty
Click to expand...
Click to collapse
If someone posts it anyplace I will add it here. The best solution is to convert phone to US OEM. Then you can use the pre-patched boot.img files I post here.
Angelk3 said:
Are you able to get boot image for 11.0.1.12.DE18CB device DE2118? Ty
Click to expand...
Click to collapse
It's hosted here
@scanman0 thanks for making this post! very helpful to have it all in one place
I don't know if you uploaded T-mobile C.18 and forgot to post the link or not, but I uploaded it here. AndroidFileHost still isn't working for me for whatever reason
I have successfully converted my T-Mobile phone to a DE2117 and have it at version C_19 with the boot.img patched with Magisk. Magisk is updated to the latest and I have been looking into the things I should do with Magisk. However what I read online isn't matching with what I'm seeing on my phone. Is Magisk the Magisk manager? I'm also not seeing an option to check the Safety Net? I've also read I can look for Magisk modules in Magisk but I don't see a way of searching for modules to install? Am I missing something? Any insight would truly be appreciated!
Galaxy-Geek#1 said:
I have successfully converted my T-Mobile phone to a DE2117 and have it at version C_19 with the boot.img patched with Magisk. Magisk is updated to the latest and I have been looking into the things I should do with Magisk. However what I read online isn't matching with what I'm seeing on my phone. Is Magisk the Magisk manager? I'm also not seeing an option to check the Safety Net? I've also read I can look for Magisk modules in Magisk but I don't see a way of searching for modules to install? Am I missing something? Any insight would truly be appreciated!
Click to expand...
Click to collapse
The ability to check for Safety Net in Magisk was taken out, as was the ability to search modules through Magisk. Both must be done outside the app now though installing modules can still be performed in through Magisk.
Link575 said:
The ability to check for Safety Net in Magisk was taken out, as was the ability to search modules through Magisk. Both must be done outside the app now though installing modules can still be performed in through Magisk.
Click to expand...
Click to collapse
Thank you! That makes sense then. Is there a post or guide how to check safety net (and what it does tbh last root I used was SuperSu for Android 7) and where I can find some good Magisk modules?
Galaxy-Geek#1 said:
Thank you! That makes sense then. Is there a post or guide how to check safety net (and what it does tbh last root I used was SuperSu for Android 7) and where I can find some good Magisk modules?
Click to expand...
Click to collapse
There is a big list of magisk modules here
I use YASNAC but if you just search for safety net checker in the Google play store there's plenty of them. It fails on my rooted N200. You only need it to pass if you want to use apps that check for it (generally financial apps like Google Pay or games that have anti cheat checks)
Galaxy-Geek#1 said:
Thank you! That makes sense then. Is there a post or guide how to check safety net (and what it does tbh last root I used was SuperSu for Android 7) and where I can find some good Magisk modules?
Click to expand...
Click to collapse
Np and towardsdawn answered that question pretty completely right above. In case you do want or need it to pass safety net you can download magisk module called universal safety net fix here.
Should that not work (it should unless you're on lineage) you can try magiskhide props config found here with instructions. I just use the fingerprint for the de2117 and everything works fine.
towardsdawn said:
There is a big list of magisk modules here
I use YASNAC but if you just search for safety net checker in the Google play store there's plenty of them. It fails on my rooted N200. You only need it to pass if you want to use apps that check for it (generally financial apps like Google Pay or games that have anti cheat checks)
Click to expand...
Click to collapse
Link575 said:
Np and towardsdawn answered that question pretty completely right above. In case you do want or need it to pass safety net you can download magisk module called universal safety net fix here.
Should that not work (it should unless you're on lineage) you can try magiskhide props config found here with instructions. I just use the fingerprint for the de2117 and everything works fine.
Click to expand...
Click to collapse
Thank you both! I'll look into those modules and the safety net stuff (but may not be needed much in my case since it's not my main device). One last question if you don't mind, do I need to install TWRP? From the looks of it, there isn't a good working version for this phone but just wanna confirm before I assume I'm done with any factory reset or things like that.
Galaxy-Geek#1 said:
Thank you both! I'll look into those modules and the safety net stuff (but may not be needed much in my case since it's not my main device). One last question if you don't mind, do I need to install TWRP? From the looks of it, there isn't a good working version for this phone but just wanna confirm before I assume I'm done with any factory reset or things like that.
Click to expand...
Click to collapse
From what I've read in the forums I don't recommend it, seems like it's easy to brick your phone or lose important functionality. You can factory reset by going to fastboot mode or with msm download tool. You can unroot by flashing stock boot image
Does anyone have Pre-Patched with Magisk v25.2 boot.img for the last December update DE2118_11_c.19?
These instructions are for the CPH2459 – Unlocked Nord N20 50
I wanted to give back and distribute an easy to follow step-by-step guide as many were asking for a complete guide and I had a little time to create it today. Hopefully this will help kick off some good dev for the device as we are light currently.
I take no responsibility for any issues with your device and do not have backups in the steps, so use at your own risk as always...
COMPLETE STEPS......
Update your phone to the latest OS/patch level over Internet OTA from 1+ and reboot
Verify you are running OS/patch à CPH2459_11_C_10 (latest at time of this)
Enable developer options by clicking on the build number until activation appears (Under Setting-->About-->Version)
Enable Unlock bootloader in the new Developers Options section now in the Phone menu
Enable USB debugging under the new Developers Options
Plug in your phone with usb connected to pc and select transfer files if prompted
Download and extract install latest ptools-n20.zip (with included patched boot files)
Open a windows command prompt in the folder that you extracted the platform tools into
Run adb devices and be sure the phone shows up as a device that is attached
Accept device fingerprint if asked
Run command to boot to bootloader: adb reboot bootloader
Run command to ensure connection in bootloader to your phone: fastboot devices
Run Command to unlock bootloader: fastboot flashing unlock
Lave command prompt open
Use volume keys to select “unlock bootloader” then press “power” to unlock
The device will reset and will now be unlocked
After phone boots, complete the quick setup
Repeat step #3, #5-6, #9-12
In Command prompt where platform tools are installed run command: fastboot flash boot a.img
Reboot phone and you will be patched
Install Magisk 25.2 App from official repo & Enable Zygisk in settings
Enable Magisk hide and reopen the app
Add your google account if not already added and use Play Store or use Aurora store to install Safetynet Checker by flink apps
Run Safetynet checker and notice the device fails 2 checks
Transfer 2 zip files included to your phone: Shamiko & Safetynet fix. These will help hiding root and will allow your phone to pass Safetynet fixes
Install both zips under module section in Magisk. (you can do 1…don’t reboot when asked, then do other and reboot to activate both)
Run Safetynet Checker again and you should pass all checks.
Viola…you are unlocked/rooted/patched and pass safetynect checks.....ENJOY!
I will update here on how to take future OTAs as more come out and if time allows.
NOTES: Files in platform tools
a.img = boot_a.img magisk patched
b.img = boot_b.img magisk patched (just in case)
boot_a.img = Unpatched a (just in case)
boot_b.img = Unpatched b (just in case)
==============================================
2/3/23 UPDATE: How to take an OTA and preserve root
==============================================
1. First, Under developer options, make sure the option to apply automatic updates on reboot is ENABLED. (If you do not do this, you will loose root)
2. Unroot the device. We wont completely remove Magisk, just restore images. To do this Open Magisk, click uninstall magisk, and only click "restore images". DO NOT REBOOT!
3. Check for software updates. Install OTA update after downloaded. DO NOT REBOOT!
4. Open Magisk again and now reinstall it but select "inactive slot" for the option.
5. REBOOT. Boot will take about 30 seconds to apply.
You are now updated
ScarletWizard said:
Thank you for this I will post this on the telegram channel
Click to expand...
Click to collapse
What is the link to the telegram chan?
mvincent2k said:
What is the link to the telegram chan?
Click to expand...
Click to collapse
My CPH2459 crappped out on me, and I have had little luck since moving from GN2200 to this model and could use a backup if you could lend a hand
mvincent2k said:
What is the link to the telegram chan?
Click to expand...
Click to collapse
OnePlus Nord N20 | Official
You can view and join @oneplusnordn20 right away.
t.me
ScarletWizard said:
Incorrect link
Click to expand...
Click to collapse
Can you share the right channel.
mvincent2k said:
These instructions are for the CPH2459 – Unlocked Nord N20 50
I wanted to give back and distribute an easy to follow step-by-step guide as many were asking for a complete guide and I had a little time to create it today. Hopefully this will help kick off some good dev for the device as we are light currently.
Click to expand...
Click to collapse
Damn son, your attention to detail is admirable! Very thorough and well-documented. Thanks.
Can I use this on the new ota update
mvincent2k said:
a.img = boot_a.img magisk patched
Click to expand...
Click to collapse
killerex said:
Can I use this on the new ota update
Click to expand...
Click to collapse
No you would need an updated img if you are on the latest upgrade. I no longer have an N20 to test with otherwise would create one for the group. Someone else may possibly.
How? I'm not updated yet can guide me how to do it.thank
killerex said:
How
Click to expand...
Click to collapse
Search the other XDA threads here for this device. A few explain how to extract payload and patch.
If you are on the previous update, see the update to my instructions just posted on how to take the OTA and stay rooted with Magisk
I'm getting installation error.. I'm in previous update
mvincent2k said:
These instructions are for the CPH2459 – Unlocked Nord N20 50
I wanted to give back and distribute an easy to follow step-by-step guide as many were asking for a complete guide and I had a little time to create it today. Hopefully this will help kick off some good dev for the device as we are light currently.
I take no responsibility for any issues with your device and do not have backups in the steps, so use at your own risk as always...
COMPLETE STEPS......
Update your phone to the latest OS/patch level over Internet OTA from 1+ and reboot
Verify you are running OS/patch à CPH2459_11_C_10 (latest at time of this)
Enable developer options by clicking on the build number until activation appears (Under Setting-->About-->Version)
Enable Unlock bootloader in the new Developers Options section now in the Phone menu
Enable USB debugging under the new Developers Options
Plug in your phone with usb connected to pc and select transfer files if prompted
Download and extract install latest ptools-n20.zip (with included patched boot files)
Open a windows command prompt in the folder that you extracted the platform tools into
Run adb devices and be sure the phone shows up as a device that is attached
Accept device fingerprint if asked
Run command to boot to bootloader: adb reboot bootloader
Run command to ensure connection in bootloader to your phone: fastboot devices
Run Command to unlock bootloader: fastboot flashing unlock
Lave command prompt open
Use volume keys to select “unlock bootloader” then press “power” to unlock
The device will reset and will now be unlocked
After phone boots, complete the quick setup
Repeat step #3, #5-6, #9-12
In Command prompt where platform tools are installed run command: fastboot flash boot a.img
Reboot phone and you will be patched
Install Magisk 25.2 App from official repo & Enable Zygisk in settings
Enable Magisk hide and reopen the app
Add your google account if not already added and use Play Store or use Aurora store to install Safetynet Checker by flink apps
Run Safetynet checker and notice the device fails 2 checks
Transfer 2 zip files included to your phone: Shamiko & Safetynet fix. These will help hiding root and will allow your phone to pass Safetynet fixes
Install both zips under module section in Magisk. (you can do 1…don’t reboot when asked, then do other and reboot to activate both)
Run Safetynet Checker again and you should pass all checks.
Viola…you are unlocked/rooted/patched and pass safetynect checks.....ENJOY!
I will update here on how to take future OTAs as more come out and if time allows.
NOTES: Files in platform tools
a.img = boot_a.img magisk patched
b.img = boot_b.img magisk patched (just in case)
boot_a.img = Unpatched a (just in case)
boot_b.img = Unpatched b (just in case)
==============================================
2/3/23 UPDATE: How to take an OTA and preserve root
==============================================
1. First, Under developer options, make sure the option to apply automatic updates on reboot is ENABLED. (If you do not do this, you will loose root)
2. Unroot the device. We wont completely remove Magisk, just restore images. To do this Open Magisk, click uninstall magisk, and only click "restore images". DO NOT REBOOT!
3. Check for software updates. Install OTA update after downloaded. DO NOT REBOOT!
4. Open Magisk again and now reinstall it but select "inactive slot" for the option.
5. REBOOT. Boot will take about 30 seconds to apply.
You are now updated
Click to expand...
Click to collapse
Thank you for this! Glad to see people are picking up the slack. I havent updated yet because im worried about having to battle tighter restrictions that newer versions of android inevitably bring. I wont be able to use the images as i have the gn2200 but grateful for the how to guide on updating. Didnt realize it was quite that easy. Im still on May on one device and July on the other tho recently had to downgrade it to restore it in an emergency situation and was thankfully able to do all the flashing from the may device otg
PsYk0n4uT said:
Thank you for this! Glad to see people are picking up the slack. I havent updated yet because im worried about having to battle tighter restrictions that newer versions of android inevitably bring. I wont be able to use the images as i have the gn2200 but grateful for the how to guide on updating. Didnt realize it was quite that easy. Im still on May on one device and July on the other tho recently had to downgrade it to restore it in an emergency situation and was thankfully able to do all the flashing from the may device otg
Click to expand...
Click to collapse
Not a problem. Always glad to help the community out!
Very nice. I'm expecting delivery of one of these phones tomorrow. It already has Android 12 installed on it. So, I'm wondering if it's safe to use the attached image files to root it or should I go through the process of having Magisk patch the phone's existing a and b images?
Raybo58 said:
Very nice. I'm expecting delivery of one of these phones tomorrow. It already has Android 12 installed on it. So, I'm wondering if it's safe to use the attached image files to root it or should I go through the process of having Magisk patch the phone's existing a and b images?
Click to expand...
Click to collapse
Just make sure your using a12 boot image if your trying to use a posted one.balso be sure to use the same security patch boot image as the system you already have installed.
Safest bet is to use the DSU sideloader method to pull your own boot image and then patch it if your unsure of which patched boot image to use. It's a little more complicated but pulling your own boot image will ensure that you have an exact match for your device.
If you have or can locate and obtain an unpatched boot image that matches your system. You should have one on hand just in case the patched boot image doesn't work so that you can simply reflash your stock image in that case.
A mismatching boot image can lead to an unbootable state so you need to be prepared.
You shouldn't have to worry much about anything crazy or unrepairable so long as your flashing boot images made for the device your flashing them to. Just don't flash boot images from a completely different device as that can cause you to end up with any sort 9f crazy weird issues that may not even be fixable.
Raybo58 said:
Very nice. I'm expecting delivery of one of these phones tomorrow. It already has Android 12 installed on it. So, I'm wondering if it's safe to use the attached image files to root it or should I go through the process of having Magisk patch the phone's existing a and b images?
Click to expand...
Click to collapse
By any chance you got the latest boot.img
Will this work on a GN2200?
NO
Followed instructions and it worked. BUT, can't update the firmware. When I try to restore images in Magisk it says they don't exist. So I can't update to the latest firmware. Suggestions?
alipps1 said:
Followed instructions and it worked. BUT, can't update the firmware. When I try to restore images in Magisk it says they don't exist. So I can't update to the latest firmware. Suggestions?
Click to expand...
Click to collapse
I recently ran into this on another device and had to fix so you are in luck. I believe something broke with magisk running on 13 during the last OTA with security, so here are the steps...
1) Unhide and Uninstall magisk app completely and Update to the latest canary version of magisk apk here and restart: https://github.com/topjohnwu/Magisk
2) Verify it sees magisk installed and has latest build.
3) Try restoring images again and it may work.
If that does not work...
1) You will need to do a full unroot...which technically should not work if the images were not present, but it does, so images are present (proving it is a bug)
2) You will need to complete the full procedure of patching the boot image again yourself.
3) Extract payload and patch the boot.img per instructions in this forum, then flash per my instructions above.
FYI. I did this on the current version of the OS and then did the restore images and upgrade to take the OTA and prove the bug and that OTA updates will work as in the instructions above in the future again, which it did.
Alternatively, you could also update the to the latest OTA after unrooting and just do it once, but I wanted to play it safe just in case Google updated something in the latest 13 builds blocking magisk... So your choice, but please post back here how you make out.
Good luck