Rooting the POCO M4 Pro 4G (fleur) turned out to be quite straightforward. Note, I have a 2201117PG (EEA), you may have a different experience, it's not my fault if you brick your phone etc. Backup before you start as this will wipe your phone.
The process can be broken down into 4 steps:
Unlock Bootloader
Source boot.img
Patch boot.img (using Magisk)
Flash patched boot.img (using adb)
1. Unlock BootloaderNote: This step will wipe your phone.
This can be done using the official tool from MIUI, using MediatekBootloaderUnlock (Windows 10/11, which reportedly does not wipe your user data), or using mtkclient (Any OS but requires Python). I will explain the mtkclient option as I'm on Linux and don't trust MIUI with more personal data than I have to.
Step-by-step (adapted from this How to Guide):
Install mtkclient and its dependencies (easier if familiar with installing python packages etc., straightforward for me on Linux)
On your phone activate developer mode and turn on USB debugging and OEM unlocking
Turn off phone and disconnect from computer
In the directory where you installed mtkclient run:
python mtk e metadata,userdata,md_udc
This erases your data
At this point plug your phone in (still turned off)
python mtk da seccfg unlock
This unlocks the bootloader
python mtk reset
This reboots the phone
Disconnect USB cable and reboot phone
When it boots a message is displayed warning that dm-verity is corrupted. Click the power button to dismiss and continue booting.
2. Source boot.img
Find your MIUI version in Settings -> About phone -> MIUI Version and look for the version number (e.g. 13.0.6.0(RKEEUXM))
Visit the MIUI Updates Tracker and download the matching Stable Fastboot update (if you can't find it scroll down to Extracting boot.img from Payload)
Unzip the TGZ and the TAR that it contains then navigate to the images directory and find the boot.img file
3. Patch boot.imgWe need to patch the boot.img to give it root powers. We do this on the phone using Magisk.
Step-by-step (adapted from the Magisk installation instructions):
On your phone, download Magisk and install it
Connect your phone to your computer and put the boot.img you extracted on your phone somewhere
Open Magisk and in "Magisk" section tap "Install"
Choose the "Select and Patch a File" option and select your boot.img in the file browser and let Magisk patch it
Find the patched boot image in Downloads (called magisk_patched_*.img) and copy it to your computer in the same directory as the vbmeta.img we extracted earlier
4. Flash patched boot.imgFinally we need to replace the current boot.img on the phone with our patched one that has root powers. This is called flashing and is done using adb.
Step-by-step:
Install the Android SDK platform tools which contains adb and fastboot
Install a USB driver that supports fastboot mode (you cannot use fastbootd for this or you'll bootloop)
Ensure your phone is connected, USB debugging is enabled and working, and OEM Unlocking is enabled
In the directory you copied the magisk_patched_*.img to run:
adb reboot bootloader
This reboots your phone into fastboot mode. Wait until "FASTBOOT" is displayed on the screen
fastboot flash boot magisk_patched_*.img
This flashes the patched boot.img to give you root
fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
This flashes the vbmeta.img, disabling the dm-verity corruption message at startup
Once it's done reboot your phone by pressing and holding the power button
That's all there is to it! This took me about an hour as I was working out all the steps as I've not rooted in a phone in nearly a decade - I reckon with a fast internet connection you could get it done in about 15 minutes.
Extract boot.img from PayloadIf you can't find a fastboot image (boot.img) for your version then you might be able to extract it from the full firmware package. This will require the use of a third party tool such as payload-dumper (python) or payload-dumper-go. Note that you may be better off just waiting for the fastboot image to be released to the public.
Tidying upYou can delete all the stuff you downloaded onto your computer and the boot.img and magisk_patched_*.img from your phone.
It's a good idea to disable automatic OTA updates (Settings -> Additional settings -> Developer options -> Automatic sytem updates) so that you can update through Magisk.
Some apps will be able to tell that you have rooted your phone, and may stop you from using them. You can check this by downloading YASNAC onto your phone and seeing if it passes. If not (which it won't) the most straightforward solution is to add the Universal SafetyNet Fix module to Magisk, then enable Zygisk in Magisk settings and restart your phone, which will be enough to pass SafetyNet Attestation. If they're clever and still detect the root then in Magisk toggle Enforce DenyList and add the problematic apps to the DenyList.
Updating Magisk
You cannot update Magisk via the Magisk app, as this device does not allow writing to the boot partition at runtime.
Instead, update the Magisk app, then use it to patch your stock boot.img and flash it manually using fastboot, as if you were installing it from scratch (as above). This will not wipe your user data, but be sure to backup first in case something goes wrong.
aricooperdavis said:
Rooting the POCO M4 Pro 4G (fleur) turned out to be quite straightforward. Note, I have a 2201117PG (EEA), you may have a different experience, it's not my fault if you brick your phone etc.
The process can be broken down into 4 steps:
Unlock Bootloader
Source boot.img (using payload_dumper)
Patch boot.img (using Magisk)
Flash patched boot.img (using adb)
1. Unlock BootloaderThis can be done using the official tool from MIUI or using mtkclient. I went for the mtkclient option as I don't want to send more of my personal data to MIUI than I have to.
Step-by-step (adapted from this How to Guide):
Install mtkclient and its dependencies (easier if familiar with installing python packages etc., straightforward for me on Linux)
On your phone activate developer mode and turn on USB debugging and OEM unlocking
Turn off phone and disconnect from computer
In the directory where you installed mtkclient run:
python mtk e metadata,userdata,md_udc
At this point plug your phone in (still turned off)
python mtk da seccfg unlock
python mtk reset
Disconnect USB cable and reboot phone
When it boots a message is displayed saying it is corrupted. Click the power button to dismiss and continue booting.
2. Source boot.imgThe boot.img needs to be extracted from the official MIUI firmware package using payload_dumper.
Step-by-step:
Download the firmware package for your device (you can check what version you need in Settings -> About phone -> MIUI version (For POCO)
Extract the .zip and find the payload.bin file
Download the payload dumper, extract the zip, and place the payload.bin file in the payload_dumper folder
In the payload_dumper directory run:
python payload_dumper.py payload.bin
This will extract lots of files from the firmware package. You only need to keep boot.img and vbmeta.img
3. Patch boot.imgWe need to patch the boot.img to give it root powers. We do this on the phone using Magisk.
Step-by-step (adapted from the Magisk installation instructions):
On your phone, download Magisk and install it
Connect your phone to your computer and put the boot.img you extracted on your phone somewhere
Open Magisk and in "Magisk" section tap "Install"
Choose the "Select and Patch a File" option and select your boot.img in the file browser and let Magisk patch it
Find the patched boot image in Downloads (called magisk_patched_*.img) and copy it to your computer in the same directory as the vbmeta.img we extracted earlier
4. Flash patched boot.imgFinally we need to replace the current boot.img on the phone with our patched one that has root powers. This is called flashing and is done using adb.
Step-by-step:
Install the Android SDK platform tools which contains adb and fastboot
Install a USB driver that supports fastboot mode
Ensure your phone is connected, USB debugging is enabled and working, and OEM Unlocking is enabled
In the directory you copied the magisk_patched_*.img to run:
adb reboot bootloader
This reboots your phone into fastboot mode. Wait until "FASTBOOT" is displayed on the screen
fastboot flash boot magisk_patched_*.img
fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img
Once it's done reboot your phone by pressing and holding the power button
That's all there is to it! This took me about an hour as I was working out all the steps as I've not rooted in a phone in nearly a decade - I reckon with a fast internet connection you could get it done in about 15 minutes.
Tidying upYou can delete all the stuff you downloaded onto your computer and the boot.img and magisk_patched_*.img from your phone.
It's a good idea to disable automatic OTA updates (Settings -> Additional settings -> Developer options -> Automatic sytem updates) so that you can update through Magisk.
Some apps will be able to tell that you have rooted your phone, and may stop you from using them. You can check this by downloading YASNAC onto your phone and seeing if it passes. If not (which it won't) the most straightforward solution is to add the Universal SafetyNet Fix module to Magisk, then enable Zygisk in Magisk settings and restart your phone, which will be enough to pass SafetyNet Attestation. If they're clever and still detect the root then in Magisk toggle Enforce DenyList and add the problematic apps to the DenyList.
Click to expand...
Click to collapse
Wow, Thank you very much!
Very details!
Will try it in my spare time.
MarkLev said:
Wow, Thank you very much!
Very details!
Will try it in my spare time.
Click to expand...
Click to collapse
Good luck, let us know how it goes and what you do with your root! So far I've installed AdAway and De-Bloater
aricooperdavis. hi!I buy phone Poco M4 Pro (4G) (fleur). Please help me get ROOT rights for this phone.
I do not have PYTHON, but I have mtkclient - the bootloader is unlocked, and there is an Android SDK for fastboot firmware.
Global 13.0.7.0 RKEMIXM now. You have 2 file 1.magisk_patched_*.img and 2. vbmeta.img for Global 13.0.7.0 ? Can I save them for download?
After unlocking the bootloader, using the mtkclient method, a new notification appeared
- dm-verity coruption
You device is corrupt/
It can't be trusted and may not work properly
Press power button to contime
Or, device will power off in 5 sec. Always need PRESS POWER for contime again How to fix it?
It sounds like you've done everything right so far.
Lark5 said:
Global 13.0.7.0 RKEMIXM now. You have 2 file 1.magisk_patched_*.img and 2. vbmeta.img for Global 13.0.7.0 ? Can I save them for download?
Click to expand...
Click to collapse
Sorry, I have the EEA firmware; RKEEUXM.
If you want to extract the boot.img and vbmeta.img from your firmware package you will have to install python. This is worth doing as installing updates in the future may require you to do this extraction process again.
Alternatively you may be able to use mtk to dump these images directly from the phone, but I don't have any experience with this. To perform updates this way you would have to completely unroot and relock the bootloader, update the firmware, then re-dump the new boot and vbmeta images and root again. I think just installing python is probably easier...
The error message you're seeing is dm-verity, and we disable this when flashing the vbmeta.img in step 4, which I've edited to clarify. You can see that we disable it in the final fastboot command:
aricooperdavis said:
fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img
This flashes the vbmeta.img, disabling the dm-verity corruption message at startup
Click to expand...
Click to collapse
Good luck with your rooting!
Unlock Bootloade and Root and RECOVERY for Poco M4 Pro (4G) with out Pyton (on Windows 10\11):
Unlock Bootloader:
1.Download the MediatekBootloaderUnlock archive. Unpack the archive ZIP.
2. Open the Driver folder and right-click the cdc-acm.inf file, select "Install"
3.Now go back to the main folder and install the USBDK (x64 for 64-bit OS, x86 for 32-bit OS) on your PC (also right click - install).
4. Reboot the PC.
5.Turn off the phone.
6.Run the UnlockBootloader.bat file to start the bootloader unlock process. We keep it on, it is in a state of response from the phone, if the firewood, the cable is connected, then everything is ok, I’ll tell you right away that it turned out 3 times.
7.Now connect the phone to the computer with a cable by holding down the volume up + down + power button. (If the volume up button doesn't work, try using volume up or volume up + volume down or all three hardware buttons) while the UnlockBootloader.bat file is open.
8.Once the phone is detected, some commands will be run in the UnlockBootloader.bat file. Let the commands finish and as soon as the window closes. Your bootloader will be unlocked.
BY THE WAY! - You can lock the bootloader again by following the same steps without clearing. Just use LockBootloader.bat with the same steps.
Root:
Downloading the official firmware for the phone, I took fleur_global_images_V13.0.7.0.RKEMIXM_20220419.0000.00_11.0_global (approximately 5.6GB in weight)
Unpacked it ZIP, pulled out 2 files from there fleur_global_images_V13.0.7.0.RKEMIXM_20220419.0000.00_11.0_global\images
boot.img and vbmeta.img
Downloaded Magisk STABLE Version: 24.3 - download on telephone, setup APP
Launch Magisk Manager. When a pop-up window appears asking you to install Magisk, select INSTALL and select install again.
Click on "Fix Boot Image File".
Connect your device to PC via USB cable. Make sure USB debugging is enabled.
Download ADB \ fastoot (I took tools_r29.0.6-windows)
Run CMD as Administrator
We write -
adb devices - the phone must be determined (QX ********* device - so all drivers are correct)
adb reboot bootloader - The phone reboots into fastboot mode - an inscription on the screen if dm-verity corruption messages appear - press POWER to continue
fastboot flash boot boot_PATCH.img (file name how to change)
fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img - will remove the inscription dm-verity corruption
OrangeFox-R11 RECOVERY:
Downloads for : -Android- Generic Device/Other | AndroidFileHost.com | Download GApps, Roms, Kernels, Themes, Firmware and more. Free file hosting for all Android developers.
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
androidfilehost.com
Download, and Run CMD as Administrator
We write -
fastboot flash boot XXXXNAMEXXXX.img
Flash !boot! not fastboot flash recovery XXXXNAMEXXXX.img
Well done, glad you've got it sorted!
To clarify, this essentially follows the same 4 steps outlined in my post but using different tools that don't require python:
Unlock Bootloader
- Used MediatekBootloaderUnlock rather than mtkclient
Source boot.img
- Managed to find the images online without having to extract them from a ROM. @Lark5, where?
Patch boot.img (using Magisk)
- Same
Flash patched boot.img (using adb)
- Same
I think there's also a custom recovery install too (OrangeFox [not yet officially supported]) at the end. I tend not to bother with custom recoveries as I stick with the stock MIUI ROM and a custom recovery would complicate applying OTA updates. However, if you wish to install a custom ROM (anything other than a stock MIUI signed boot.img) then a custom recovery would be necessary, and they can also facilitate taking device backups etc.
aricooperdavis said:
Well done, glad you've got it sorted!
To clarify, this essentially follows the same 4 steps outlined in my post but using different tools that don't require python:
Unlock Bootloader
- Used MediatekBootloaderUnlock rather than mtkclient
Source boot.img
- Managed to find the images online without having to extract them from a ROM. @Lark5, where?
Patch boot.img (using Magisk)
- Same
Flash patched boot.img (using adb)
- Same
I think there's also a custom recovery install too (OrangeFox). I tend not to bother, but it can be convenient.
Click to expand...
Click to collapse
2. Find ROM on this link: https://mirom.ezbox.idv.tw/en/phone/fleur/roms-global-stable/
Fastboot Download V13.0.7.0.RKEMIXM
Explanations:
For fastboot (~5.6Gb) - firmware version, just unzip the ZIP, inside there is boot.img and vbmeta
For recovery (-2.5Gb) needed to extract boot.img Through Pyton for example
thanks for the help aricooperdavis
Lark5 said:
Find ROM on this link: https://mirom.ezbox.idv.tw/en/phone/fleur/roms-global-stable/
Click to expand...
Click to collapse
That's a great resource - the files it links to seem to be hosted on MIUIs servers too, so they're verifiably official
The more general link for all regions (not just global) for this phone would be: https://mirom.ezbox.idv.tw/en/phone/fleur/
I've updated the instructions to reflect your experience, thanks @Lark5!
aricooperdavis said:
Rooting the POCO M4 Pro 4G (fleur) turned out to be quite straightforward. Note, I have a 2201117PG (EEA), you may have a different experience, it's not my fault if you brick your phone etc. Backup before you start as this will wipe your phone.
The process can be broken down into 4 steps:
Unlock Bootloader
Source boot.img
Patch boot.img (using Magisk)
Flash patched boot.img (using adb)
1. Unlock BootloaderNote: This step will wipe your phone.
This can be done using the official tool from MIUI, using MediatekBootloaderUnlock (Windows 10/11), or using mtkclient (Any OS but requires Python). I will explain the mtkclient option as I'm on Linux and don't trust MIUI with more personal data than I have to.
Step-by-step (adapted from this How to Guide):
Install mtkclient and its dependencies (easier if familiar with installing python packages etc., straightforward for me on Linux)
On your phone activate developer mode and turn on USB debugging and OEM unlocking
Turn off phone and disconnect from computer
In the directory where you installed mtkclient run:
python mtk e metadata,userdata,md_udc
This erases your data
At this point plug your phone in (still turned off)
python mtk da seccfg unlock
This unlocks the bootloader
python mtk reset
This reboots the phone
Disconnect USB cable and reboot phone
When it boots a message is displayed warning that dm-verity is corrupted. Click the power button to dismiss and continue booting.
2. Source boot.imgNote: if your MIUI version (Available at: Settings -> About phone -> MIUI version) has a "Fastboot" file listed here then you can download that file and unzip it to find the boot.img and vbmeta.img, then skip to step 3.
Otherwise you'll have to extract them from the official MIUI firmware package using payload_dumper as follows.
Step-by-step:
Download the firmware package for your device (you can check what version you need in Settings -> About phone -> MIUI version (For POCO))
Extract the .zip and find the payload.bin file
Download the payload dumper, extract the zip, and place the payload.bin file in the payload_dumper folder
In the payload_dumper directory run:
python payload_dumper.py payload.bin
This will extract lots of files from the firmware package. You only need to keep boot.img and vbmeta.img
3. Patch boot.imgWe need to patch the boot.img to give it root powers. We do this on the phone using Magisk.
Step-by-step (adapted from the Magisk installation instructions):
On your phone, download Magisk and install it
Connect your phone to your computer and put the boot.img you extracted on your phone somewhere
Open Magisk and in "Magisk" section tap "Install"
Choose the "Select and Patch a File" option and select your boot.img in the file browser and let Magisk patch it
Find the patched boot image in Downloads (called magisk_patched_*.img) and copy it to your computer in the same directory as the vbmeta.img we extracted earlier
4. Flash patched boot.imgFinally we need to replace the current boot.img on the phone with our patched one that has root powers. This is called flashing and is done using adb.
Step-by-step:
Install the Android SDK platform tools which contains adb and fastboot
Install a USB driver that supports fastboot mode
Ensure your phone is connected, USB debugging is enabled and working, and OEM Unlocking is enabled
In the directory you copied the magisk_patched_*.img to run:
adb reboot bootloader
This reboots your phone into fastboot mode. Wait until "FASTBOOT" is displayed on the screen
fastboot flash boot magisk_patched_*.img
This flashes the patched boot.img to give you root
fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img
This flashes the vbmeta.img, disabling the dm-verity corruption message at startup
Once it's done reboot your phone by pressing and holding the power button
That's all there is to it! This took me about an hour as I was working out all the steps as I've not rooted in a phone in nearly a decade - I reckon with a fast internet connection you could get it done in about 15 minutes.
Tidying upYou can delete all the stuff you downloaded onto your computer and the boot.img and magisk_patched_*.img from your phone.
It's a good idea to disable automatic OTA updates (Settings -> Additional settings -> Developer options -> Automatic sytem updates) so that you can update through Magisk.
Some apps will be able to tell that you have rooted your phone, and may stop you from using them. You can check this by downloading YASNAC onto your phone and seeing if it passes. If not (which it won't) the most straightforward solution is to add the Universal SafetyNet Fix module to Magisk, then enable Zygisk in Magisk settings and restart your phone, which will be enough to pass SafetyNet Attestation. If they're clever and still detect the root then in Magisk toggle Enforce DenyList and add the problematic apps to the DenyList.
Click to expand...
Click to collapse
When I gave this command fast boot flash dm verify it always unknown option in my cmd any solution ? can anybody help me??
Daafafagsgsgs said:
When I gave this command fast boot flash dm verify it always unknown option in my cmd any solution ? can anybody help me??
Click to expand...
Click to collapse
Make sure you're copying the command exactly - it's fastboot rather than fast boot and verity not verify. Did you install the Android SDK platform tools that contain fastboot? You may need to restart after this install to make the command available in your command prompt/shell.
aricooperdavis said:
Make sure you're copying the command exactly - it's fastboot rather than fast boot and verity not verify. Did you install the Android SDK platform tools that contain fastboot? You may need to restart after this install to make the command available in your command prompt/shell.
Click to expand...
Click to collapse
Yeah i copied the same command but how to install Android sdk tools can you suggest me a video?
Daafafagsgsgs said:
Yeah i copied the same command but how to install Android sdk tools can you suggest me a video?
Click to expand...
Click to collapse
Go to this link, scroll to the downloads section, and select the right download for your OS, then follow the instructions.
This video shows the process, but has very annoying music!
aricooperdavis said:
Make sure you're copying the command exactly - it's fastboot rather than fast boot and verity not verify. Did you install the Android SDK platform tools that contain fastboot? You may need to restart after this install to make the command available in your command prompt/shell.
Click to expand...
Click to collapse
I installed and tried everything this error comes
Interesting, that sounds like you've got an outdated version of fastbook. What does fastboot --version give you?
Can i flash it with my phone ??
Adb otg app??
I don't know, I can't help you with that.
aricooperdavis said:
Interesting, that sounds like you've got an outdated version of fastbook. What does fastboot --version give you?
Click to expand...
Click to collapse
Fastboot version
That's not an official version of fastboot, so it looks like it's missing the command you need. Download the proper Android SDK tools from Android (the same as the original link) and replace your "Minimal" version with it.
aricooperdavis said:
That's not an official version of fastboot, so it looks like it's missing the command you need. Download the proper Android SDK tools from Android (the same as the original link) and replace your "Minimal" version with it.
Click to expand...
Click to collapse
After many tries i found that the command given is wrong
fastboot flash vbmeta --disable-verity --dsable-verification vbmeta.img
This is given
It will be
fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
I is Missing Now i have flashed vb meta and problem is solved with the fastboot version i have
By the way thanks
Related
Maze has finally published the Alpha Stock-Rom.
Download Link: https://goo.gl/9kCJiv :fingers-crossed:
The system.img file is incorrectly downloaded as a system 002.img file. It must be renamed. And then copy it to the folder "3. Maze_Alpha_V05_20170816 Official ROM".
Thanks!
Hope anyone can root this phone.
Hi!
I am in need of a new phone, and this one looks quite good at the price.. But what do you think can i expect from custom ROM scene here for it? I am a Xiaomi Fan, and my Mi4 was and is one of the best supported phones still. Do you think there will be a subforum for this device, custom ROMs (preferreable Lineage OS, or other close to AOSP ROMs? OFC nobody can know now, i understand, but what tells your experience of other new phones from new companys? It has created quite a buzz, so i think there will be a demand for sure..
Just am 2 afraid to get a phone without good custom ROM. Never had an Android in last 5 years with stock ROM. Total nightmare for me now to have to go back.
Root + TWRP 3.2.1
3 Methods to root MAZE Alpha
Note: Method II is the most universal and must works with almost any official ROM
I- Method 1 : flashing modified Magisk boot.img
1. make sure to have already installed the version 20170816
2. reboot the phone in fastboot mode (phone off -> Vol Up + Power or "adb reboot bootloader")
3. unlock the bootloader if not already done : fastboot flashing unlock (if not works, in android development setting set the unlock bootloader and then retry)
4. unzip and then flash the attached boot image : fastboot flash boot new-boot.img
5. reboot your phone: fastboot reboot
6. install the MagiskManager apk v14
7. Voila
I have used this Magisk guide to create it
I used old manual guide :
Code:
adb shell "rm -rf /data/local/tmp/*"
adb push META-INF/com/google/android/update-binary common magisk_inject boot.img /data/local/tmp
adb shell "cd /data/local/tmp/magisk_inject; mv ../common/* .; chmod 755 *; sh ../update-binary indep boot_patch.sh ../boot.img; mv ../bin/busybox busybox"
adb pull /data/local/tmp/magisk_inject/new-boot.img
adb shell "rm -rf /data/local/tmp/*"
II- Method 2 : using TWRP and Magisk.zip (External SDCARD or USB OTG cable needed)
1. reboot int bootloader mode : adb reboot bootloader
2. unzip and flash the the attached TWRP recovery : fastboot flash recovery recovery_maze_alpha_4G_twrp-321.img
3. In TWRP choose first "change language" then press the "cancel" button while asking you for decryption password for data
4. In your PC download the Magisk-v15.3.zip and put it in a USB key, or an SDCARD
5. Use an usb otg cable to connect the USB key to your phone running TWRP and install the Magisk-v14.zip from Usb-otg (or SDCARD)
6. bonus: do a complete backup of your phone : all partitions except cache and data to your Usb-otg (or SDCARD)
7. reboot and install the MagiskManager apk v14
III- Method 3 : using the phhusson modified boot image
1- flash the attached boot image, using fasboot (fastboot flash boot boot-super-bootimg-output-su-eng-r318.img) or SPFlashTools using the attached scatter, if you do not want to unlock your bootloader
2- reboot to Android then install from google play the phhsusson superuser
3- Voila
Important Notes:
1- In all case you can use SPFlashTools to flash boot image without unlocking bootloader.
2- windows SPFlashTools users : phone off, press VOL+ and connect it to your PC (running SPFlashTool and waiting for phone connetion)
3- linux SPFlashTools users : phone off and connected to PC , press VOL+ and POWER while your PC is running SPFlashTool (with sudo) and waiting for phone connetion.
Some useful tips
1- manual install of busybox :
a- root you phone with method II if not already done
b- stay in TWRP (or boot TWRP as in method II) then in advance->sideload slide the slider to confirm and after cancel that (we will not sideloading any thing, just to activate adb)
c- unzip and copy the attached busybox : adb push busybox /external_sd/
d- mount the system partition with the TWRP mount button
e- copy the busybox binary to /system/xbin : adb shell --> cp /external_sd/busybox /system/xbin/
f- make executable busybox and create links (the point at the end is a part of the command) : cd /system/xbin/; chmod 755 busybox; ./busybox --install -s .
g- umount the system partition in TWRP and reboot
2- manually install the OTA update.zip :
a- Google and download those 3 tools BlockImageUpdate, simg2img and img2simg.
b- In a terminal of your Linux PC do :
Code:
simg2img system.img system.raw.img # convert the sparse image to a normal raw (ext4) image
BlockImageUpdate system.raw.img system.transfer.list system.new.dat system.patch.dat # patch the newly created raw image
img2simg system.raw.img system.img # convert the patched raw image to a flashable sparse image
- system.img: you old system image (from 20170816 official rom)
- system.transfer.list, system.new.dat and system.patch.dat : inside the OTA update.zip
c- After that the original system.img will be patched and you will have an updated system.img.
d- Flash this patched system.img and also all .bin and .img files inside the update.zip (just replace old ones in the original 20170816 rom by those) and you will have the new official rom
3- Using supersu as root manager :
The last update at this time of supersu zip (2.82 SR5) works well, even it cannot update the su binary.
Credits to Magisk Devs, Phhusson and Jemmini
dreambo said:
Here how to root this phone.
1. make sure to have already installed the version 20170816
2. reboot the phone in fastboot mode (phone off -> Vol Up + Power or "adb reboot bootloader")
3. unlock the bootloader if not already done : fastboot flashing unlock (if not works, in android development setting set the unlock bootloader and then retry)
4. unzip and then flash the attached boot image : fastboot flash boot new-boot.img
5. reboot your phone: fastboot reboot
6. install the MagiskManager apk v13.6
7. Voila
I have used this Magisk guide to create it
Credits to Magisk Devs.
Click to expand...
Click to collapse
If I root my phone with this method, will I get further OTA Updates from Maze?
Following to see where this goes.
Cheers
CrashCrash123 said:
If I root my phone with this method, will I get further OTA Updates from Maze?
Click to expand...
Click to collapse
Yes.
You will only lost the root.
If the new update have the same kernel, the same methode with the same boot image can be used to root it again, othewise, we can follow the Magisk guide to create a new one.
I have tried this method. But it only works until the reboot. Then the root access is gone again.
SomeOneX said:
I have tried this method. But it only works until the reboot. Then the root access is gone again.
Click to expand...
Click to collapse
The root is permanent.
If you lost it, perhaps the first time we unlock the bootloader, the phone do a reset, and we lost the root (I suppose).
Just re-flash the new boot again, and it will be permanent : fastboot flash boot new-boot.img
Hi . I have locked the OEM lock but I can not install it through fastboot (remote: not allowed in lock state)
can we expect VOLTE on this device ?
and is there any chance of custom rom development for this device?
alfymon22 said:
can we expect VOLTE on this device ?
and is there any chance of custom rom development for this device?
Click to expand...
Click to collapse
It seems (take with a pinch of salt) that VoLTE is supported, but then most sites that announce that also make mistakes on other specs, so...)
As for custom ROMs, so far the square root of bugger all, but the consumer phones are just filtering in, so give it time.
dreambo said:
Here how to root this phone.
1. make sure to have already installed the version 20170816
2. reboot the phone in fastboot mode (phone off -> Vol Up + Power or "adb reboot bootloader")
3. unlock the bootloader if not already done : fastboot flashing unlock (if not works, in android development setting set the unlock bootloader and then retry)
4. unzip and then flash the attached boot image : fastboot flash boot new-boot.img
5. reboot your phone: fastboot reboot
6. install the MagiskManager apk v13.6
7. Voila
I have used this Magisk guide to create it
Credits to Magisk Devs.
Click to expand...
Click to collapse
it worked, but i have cts fail on safetynet check. how you fixed this?
PrimateaEu said:
it worked, but i have cts fail on safetynet check. how you fixed this?
Click to expand...
Click to collapse
install the universal safety net fix
Hey guys, does this root method wipe the data partition?
KilljoyTDA said:
Hey guys, does this root method wipe the data partition?
Click to expand...
Click to collapse
The flash of the boot image does not wipe the data, but unlocking the bootloader reset the phone and wipe the data.
If you phone is already unlocked, you will not loss the data, otherwise do a backup before.
Well, I don't remember unlocking it, unless Kingo's windows app does it without telling even when rooting fails, so I guess I'd better back up.
Thanks for the info
KilljoyTDA said:
Well, I don't remember unlocking it, unless Kingo's windows app does it without telling even when rooting fails, so I guess I'd better back up.
Thanks for the info
Click to expand...
Click to collapse
It is easy to know if your phone is locked or not : enter fastboot mode and then do : "fastboot getvar all".
Read the last lines of the output and you will know.
Thank you @dreambo for this method, but for me "fastboot flashing unlock" not work, "fastboot oem unlock" working for me, all ok
ps:excusez moi pour mon anglais
dreambo said:
It is easy to know if your phone is locked or not : enter fastboot mode and then do : "fastboot getvar all".
Read the last lines of the output and you will know.
Click to expand...
Click to collapse
Well I failed to back up for some reason anyways, so since I had almost nothing vital on the internal memory, I rooted (sucessfully) and now I'm reinstalling/reconfiguring my apps. Thanks anyways
There's a ton of information out there, but finding it can sometimes be a challenge, especially for a newbie. And then there's posts to read through, in case a process has changed and it's only talked about in a single place, buried any number of pages back. So this is my attempt to put all Pixel 3 how-to's into a single thread. Everything below is what worked for me, from start to finish, with a fresh phone directly from Google that was bootloader-locked, unrooted, and running stock Android. Comments are welcome and encouraged: if something doesn't work for you, or you have a better/quicker/more reliable way of doing something, or maybe I made a mistake...let me know!
A few things:
Everything in this guide was tested on a "regular" Pixel 3 (blueline). It should all work exactly the same on a Pixel 3 XL (crosshatch), as long as you download the appropriate files (specifically the factory/OTA images and TWRP). I'm posting this in both blueline and crosshatch forums.
This first post will have links to files and the tools you need, as well as general things (like how to enable debugging and boot into recovery). The second post has how-to's for the big stuff (flashing images, TWRP, unlocking, etc).
I'm not responsible for anything you do. Follow these guides at your own risk. Doing so may also void your warranty.
Files and URLs
Official Android files
Factory (wipes device and requires unlocked bootloader): https://developers.google.com/android/images
Full OTA (leaves data intact, can be done via ADB sideload): https://developers.google.com/android/ota
Preview/beta OTA: https://developer.android.com/preview/download-ota.html
TWRP
XDA thread: https://forum.xda-developers.com/pixel-3/development/twrp-3-2-3-0-pixel-3-t3861622
Download: https://dl.twrp.me/blueline/
Magisk
XDA thread: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
GitHub: https://github.com/topjohnwu/Magisk/releases
ADB and Fastboot
Google USB drivers: https://developer.android.com/studio/run/win-usb
SDK platform tools: https://developer.android.com/studio/releases/platform-tools
Download the ZIP and open (no need to extract the whole thing)
Copy the files below to their own directory (you will use this directory for all ADB/Fastboot commands):
adb.exe
AdbWinApi.dll
AdbWinUsbApi.dll
fastboot.exe
General
Enable USB debugging
Download Google USB drivers (see above)
Download SDK platform tools and copy required files to their own directory (see above)
Enable USB debugging (Settings > About > tap Build 7 times > back > Developer options)
Plug phone into computer and when "Allow USB debugging" box comes up, check the box and allow (may need to have adb daemon running on the computer already, see below)
Fastboot mode (using hardware keys) aka bootloader
Power off
Hold VOL- and press/hold PWR until bootloader (fastboot) comes up
Recovery mode (using hardware keys)
Get into Fastboot mode (see above)
Use VOL buttons to find Recovery in the list, use PWR to select (should boot to broken android image)
Hold PWR and press VOL+ once to get into recovery
Useful ADB and Fastboot commands
Enable USB debugging (see above)
ADB (used while phone is "on" and booted up):
Use "adb devices" to ensure the computer is authorized
Use "adb reboot bootloader" to get into Fastboot
Fastboot mode
Use "fastboot devices" to verify computer can see your phone
Update #1: Items below marked through were removed since they don't really apply to Android 10.
Update #2: Edited to reflect changes in root with Android 11.
A quick note: everything below is assuming you're using Windows 10. When it says "Type...", this assumes you've opened a command window in the location of adb/fastboot and that all files referenced are in the same directory and (in some cases) renamed as I reference them (short names without spaces simplifies things). If you're using Powershell, you will probably need to change "adb" and "fastboot" to read ".\adb" and ".\fastboot" so Powershell will use the local files.
Unlocking the bootloader
THIS WILL WIPE YOUR PHONE, SO MAKE SURE EVERYTHING IS BACKED UP!
In Developer Options, enable OEM unlocking and confirm (it may ask you to input fingerprint or PIN/pattern/password)
Boot into Fastboot mode (see above)
Type to unlock:
Code:
fastboot flashing unlock
Use VOL+ key to get the options on the screen to read "Unlock the bootloader" and use PWR button to select
Type to reboot:
Code:
fastboot reboot
Locking the bootloader
THIS WILL WIPE YOUR PHONE, SO MAKE SURE EVERYTHING IS BACKED UP!
Boot into Fastboot mode (see above)
IMPORTANT: restore stock recovery if you replaced it with TWRP (this should prevent the "Can't find valid operating system" issue)
Type to lock:
Code:
fastboot flashing lock
Use VOL buttons to find "Lock the bootloader" and use PWR to select
Type to reboot:
Code:
fastboot reboot
Factory reset via fastboot (can also do this without wiping data)
THIS COULD WIPE YOUR PHONE, SO MAKE SURE EVERYTHING IS BACKED UP!
Download factory image ZIP and unzip all files into their own folder
Unlock bootloader (see above)
Reboot into Fastboot mode
You have 2 options:
Register the location of fastboot.exe with the PATH system variable and run "flash-all.bat"
Wipe data: just run "flash-all.bat" and call it a day
Do not wipe data: open "flash-all.bat" in a text editor (careful not to double-click and run it!), remove the "-w" from the last line to disable the wiping of data, then save, close, and run
Move the 3 files (bootloader IMG, radio IMG, image ZIP) into the ADB folder, rename for simplicity if you want, launch cmd or Powershell, and run the commands below (which come from "flash-all.bat")
Wipe data: type out commands below, but at last line, add "-w" flag: fastboot -w update image.zip
Do not wipe data: type out commands below as written (no "-w" flag)
The commands:
Code:
fastboot flash bootloader bootloader-blueline-XXXX.img
fastboot reboot bootloader
[wait for reboot]
fastboot flash radio radio-blueline-XXXX.img
fastboot reboot bootloader
[wait for reboot]
fastboot update image-blueline-XXXX.zip
Note: The last command (update image) will launch the red "fastbootd" screen, so don't worry and be patient while the command line tells you what's happening. The phone will reboot on its own into the Android system (not fastboot) afterward.
Root Android 10+ using Magisk (Canary channel)
This must be done after every update, and you cannot use the patched file from a different phone!
Unlock bootloader (see above)
Download factory image (not OTA, see link above)
Download and install Magisk Manager Canary (see link above)
In Magisk Manager settings, set Update Channel to "Canary"
Extract boot.img from image-blueline-XXXX.zip found in the factory image you downloaded
Place boot.img on your phone's internal storage
Open Magisk Manager and do:
tap "Install" button (next to "Magisk" in first block on the main screen)
"Select and Patch a File" option
Find boot.img file you just placed on your phone
tap "Let's Go"
When finished, move the newly-created magisk_patched.img file over to your computer's ADB directory
Reboot into bootloader
Type:
Code:
fastboot flash boot magisk_patched.img
fastboot reboot
Open up Magisk Manager and make sure everything's good!
Note : if you get stuck in fastboot mode or in a boot loop, flash the stock boot.img to both slots and try again
Code:
fastboot flash boot boot.img --slot all
Optional:
for adblocking, tap "Systemless hosts" in Magisk Manager, then install AdAway using F-Droid
install a performance kernel like Kirisakura for Bluecross (R)
Updating Android 10+ while rooted
You can't take an OTA while rooted, so updating Android 10+ (as in monthly updates) can be one of two ways.
Method #1 (faster, but more chance for issues)
Download OTA ZIP and move it to ADB folder (don't unzip it)
This does not require an unlocked bootloader, but does require USB debugging (see above)
Get boot.img from the factory image (see first post on where to download this) and place your ADB directory
Reboot into bootloader / fastboot and type to restore stock boot to both slots:
Code:
fastboot flash boot --slot all boot.img
fastboot reboot bootloader
[wait for reboot]
Use VOL buttons to select "Apply update from ADB"
Type (where filename is the name of the file you want to sideload):
Code:
adb sideload filename.zip
Wait for it to finish, will take you back to Recovery when it's done
Reboot using menu
Method #2 (takes longer, but best bet for minimal issues)
Follow "Factory reset via fastboot" instructions (see above, make sure you don't wipe your data!)
Take the OTA in the official way (through Android)
Follow "Root Android 10+ using Magisk Canary" instructions (see above)
Boot into TWRP (3.3.0-0 or higher)
Download TWRP IMG and place in ADB folder (rename the file to twrp.img)
If not already done, unlock the bootloader (see above)
Reboot into bootloader
Type to boot TWRP (it will restart and should boot into TWRP):
Code:
fastboot boot twrp.img
OPTIONAL: Replace recovery by installing TWRP
Your phone should automatically mount, so move twrp.img from PC to Download folder on phone's internal storage
Advanced > Install Recovery Ramdisk > choose TWRP IMG > Swipe to install
Back > Fix Recovery Bootloop > Reboot System > Do Not Install when asked if TWRP should install app
Root using Magisk (18.1 or higher)
Download Magisk ZIP and move to device
Boot into TWRP (see above)
Enter your PIN/pattern/password to decrypt (unnecessary if you are not using security on your phone)
Swipe to Allow Modifications (to system)
Install > find and select the Magisk ZIP > Slide to install
Wipe cache > Reboot system > Do Not Install when asked if TWRP should install app
Open Magisk Manager to verify latest and to install modules
"Can't find valid operating system" booting issue
Unlock your bootloader again (see above)
Follow steps for "Factory reset via fastboot" (see above) and keep the wipe flag
After it reboots, power off (press PWR and select "Power off" from menu)
Follow steps for "Locking the bootloader" (see above)
After it reboots into Fastboot mode, have it start using the PWR button
Android Recovery / "Cannot load Android system" booting issue
This can happen for a number of reasons, but the fix is the same: "Factory reset via fastboot" (see above). You probably do not need to wipe user data, so you can omit the "-w" flag.
If you still get the error message, select the "Try again" option. If it still doesn't work, try "Factory reset via fastboot" again, as well as "Try again". If it doesn't work this time, you probably have no choice but to do a factory reset (in which you will definitely lose your data).
If it happens after flashing Magisk in TWRP, though, you've got a slightly different issue and the problem will persist no matter how many times you flash the factory images and re-install Magisk. This is probably due to something leftover in the previous Magisk installation that conflicts with the new installation. There are two ways to handle this.
First and easiest: uninstall Magisk Manager app before rebooting into the bootloader and running fastboot commands. Then proceed as usual (sideload OTA or flash factory images via fastboot, boot TWRP, and flash Magisk). All guides for this are above. This method preserves any modules you have installed.
Second and more complete (if the above method still gives you trouble):
download to your phone the Magisk ZIP, Magisk Uninstaller ZIP, and Magisk APK from this XDA thread
uninstall the Magisk Manager app
reboot to bootloader
using fastboot, boot into TWRP using IMG (you don't need to replace boot with TWRP)
flash Magisk Uninstaller ZIP
wipe Dalvik
flash Magisk ZIP
wipe Dalvik
reboot system (do not install TWRP)
install Magisk Manager APK and re-install any modules
Number 3 in "Applying OTA via ADB sideload" should be flash stock boot.img I think.
wangdaning said:
Number 3 in "Applying OTA via ADB sideload" should be flash stock boot.img I think.
Click to expand...
Click to collapse
I wrote it like that because the file isn't actually called "boot.img", but rather "bootloader-blueline-blahblahblah.img" where "blahblahblah" is the release. Since it changes, I figured just calling it the "bootloader IMG" would make more sense.
rczrider said:
I wrote it like that because the file isn't actually called "boot.img", but rather "bootloader-blueline-blahblahblah.img" where "blahblahblah" is the release. Since it changes, I figured just calling it the "bootloader IMG" would make more sense.
Click to expand...
Click to collapse
Was my misunderstanding. I thought you were implying people should go back to stock recovery to flash ota. You are talking about flashing ota in twrp. You might clear that up a little bit in that section.
Great post.
Unfortunately, if you are writing a process, then writing everything out is a requirement. Especially with item numbers or using an outline format. Not everyone understands shortcuts taken or abbreviated words, unless they are spelled out in the beginning. IMO, wrote and read too many processes. Including software requirement documentation.
Hi,
thanks for the thread :good:
wangdaning said:
Number 3 in "Applying OTA via ADB sideload" should be flash stock boot.img I think.
Click to expand...
Click to collapse
Yes, I think so too.
rczrider said:
I wrote it like that because the file isn't actually called "boot.img", but rather "bootloader-blueline-blahblahblah.img" where "blahblahblah" is the release. Since it changes, I figured just calling it the "bootloader IMG" would make more sense.
Click to expand...
Click to collapse
The boot.img is into "image.zip"
Then I suggest to flash into a and b (or both)
Code:
fastboot flash boot_a boot.img
fastboot flash boot_b boot.img
or
fastboot flash boot --slot all boot.img
Edit
be careful here: Factory reset via ADB sideload (can also do this without wiping data)
bootloader is bootloader, boot is boot, bootloader.img isn't boot.img
so, maybe better to write:
fastboot flash bootloader nameofbootloader.img or if simply renamed fastboot flash bootloader bootloader.img
deleted, bug.
trouble flashing files
When I try to flash twrp.img or boot.img this is what I get back " FAILED (Write to device failed in Send Buffer() (Too many links)) fastboot: error: Command failed.
Any thoughts?
fyrmd said:
When I try to flash twrp.img or boot.img this is what I get back " FAILED (Write to device failed in Send Buffer() (Too many links)) fastboot: error: Command failed.
Any thoughts?
Click to expand...
Click to collapse
Please read the instructions carefully. You cannot flash twrp directly. "fastboot boot twrp.img" then when twrp boots you can use it or make it permanent by flashing the install zip or the internal twrp option. I go with the install zip as it seems more stable to me (placebo I suppose).
wangdaning said:
Please read the instructions carefully. You cannot flash twrp directly. "fastboot boot twrp.img" then when twrp boots you can use it or make it permanent by flashing the install zip or the internal twrp option. I go with the install zip as it seems more stable to me (placebo I suppose).
Click to expand...
Click to collapse
Thanks, but still no luck.
fyrmd said:
When I try to flash twrp.img or boot.img this is what I get back " FAILED (Write to device failed in Send Buffer() (Too many links)) fastboot: error: Command failed.
Any thoughts?
Click to expand...
Click to collapse
Turns out it was the cable, it is an expensive one from Amazon so not sure what I should be purchasing for next time.
fyrmd said:
Turns out it was the cable, it is an expensive one from Amazon so not sure what I should be purchasing for next time.
Click to expand...
Click to collapse
I always buy Anker cables and chargers. All have been good so far.
Now,my pixel 3 can not work,the bootload is locked.when I select recovery by fastboot,The phone noticed me can not find vaild operating system,the device will not start.
xiaowei666 said:
Now,my pixel 3 can not work,the bootload is locked.when I select recovery by fastboot,The phone noticed me can not find vaild operating system,the device will not start.
Click to expand...
Click to collapse
Are you able to get into recovery? If so, download the full ota to your pc and side load it with adb.
xiaowei666 said:
Now,my pixel 3 can not work,the bootload is locked.when I select recovery by fastboot,The phone noticed me can not find vaild operating system,the device will not start.
Click to expand...
Click to collapse
i same issue
rczrider said:
[*]Copy the files below to their own directory (you will use this directory for all ADB/Fastboot commands):
adb.exe
AdbWinApi.dll
AdbWinUsbApi.dll
fastboot.exe
Click to expand...
Click to collapse
why not copy all files?
---------- Post added at 11:58 AM ---------- Previous post was at 11:55 AM ----------
fyrmd said:
Thanks, but still no luck.
Click to expand...
Click to collapse
boot to the twrp.img and flash the twrp.zip, unless you are on android 10 you should have no problem unless you are doing it wrong. not exactly hard to do.
How to enable oem unlock in this case?
pedro5148 said:
How to enable oem unlock in this case?
Click to expand...
Click to collapse
There are a few suggestions at https://www.theandroidsoul.com/how-to-fix-oem-unlock-greyed-out-or-oem-unlock-disabled-problem/
However, if the network carrier has locked the bootloader, you cannot unlock it. In the U.S., Verizon and AT&T phones generally cannot be unlocked due to locked bootloaders.
I own Motorola One Action running Android 10 and bootloader unlocked and unrooted. I would like to root this phone so I tried to install TRWP. However, I found TRWP doesn't support Android 10. So I installed Magisk Manager and tried to install Magisk but got an error massage saying "- Unpacking boot image, Unsupported/Unknown image format Installation failed".
Would you please help me what to do?
Thank you very much.
[email protected] said:
I own Motorola One Action running Android 10 and bootloader unlocked and unrooted. I would like to root this phone so I tried to install TRWP. However, I found TRWP doesn't support Android 10. So I installed Magisk Manager and tried to install Magisk but got an error massage saying "- Unpacking boot image, Unsupported/Unknown image format Installation failed".
Would you please help me what to do?
Thank you very much.
Click to expand...
Click to collapse
Download your stock formate, extract the payload.bin with a payload bin extractor. Find the stock boot img. Copy to root of phone storage.
Open magisk manager select install on magisk. Pick patch image make sure the top 2 check boxes are checked on main screen before doing this. After magisk will say the patched image is in download folder on your phone. Copy the patched image to your PC. Open your command prompt in your fastboot tools folder put the patched image in it.
Reboot your phone to bootloader or fastboot mode. In your command prompt type fastboot flash boot (name of patched img).img
Reboot phone.
Before doing this make sure bootloader is unlocked and USB debugging is active
toolhas4degrees said:
Download your stock formate, extract the payload.bin with a payload bin extractor. Find the stock boot img. Copy to root of phone storage.
Open magisk manager select install on magisk. Pick patch image make sure the top 2 check boxes are checked on main screen before doing this. After magisk will say the patched image is in download folder on your phone. Copy the patched image to your PC. Open your command prompt in your fastboot tools folder put the patched image in it.
Reboot your phone to bootloader or fastboot mode. In your command prompt type fastboot flash boot (name of patched img).img
Reboot phone.
Before doing this make sure bootloader is unlocked and USB debugging is active
Click to expand...
Click to collapse
Thank you very much for your reply. However, I am still the beginner for Android and would like to have more explanation concerning the first sentence. I would like to know (1) how can I download my stock formate and where, (2) How can I extract the payload.bin. Thank you for your help.
[email protected] said:
Thank you very much for your reply. However, I am still the beginner for Android and would like to have more explanation concerning the first sentence. I would like to know (1) how can I download my stock formate and where, (2) How can I extract the payload.bin. Thank you for your help.
Click to expand...
Click to collapse
Sorry typo. Was supposed to be firmware. And on Android 10 inside the firmware zip. There is a payload.bin file. Search Google for a payload.bin dumper don't know what is you are on ex Linux mac or PC.
https://www.androidinfotech.com/motorola-one-action-android-10-stock/
Devices that started to be received today have Oxygen OS 10.5 out of the box.
No flashable zip for that software release is publicly available, meaning its stock boot.img cannot be extracted.
You then need to update to a newer build first. You can do so from my OxygenOS builds repo thread.
Once done, enable developers options and enable OEM unlock.
Reboot to fastboot (enable USB debugging in dev options and use adb reboot bootloader)
Type fastboot oem unlock and accept to unlock bootloader (warning: as a safety measure Android will wipe your userdata)
Go through OxygenOS setup
Install Magisk Manager from https://github.com/topjohnwu/Magisk/releases/download/manager-v7.5.1/MagiskManager-v7.5.1.apk
Move stock boot.img to your phone internal storage (please open spoiler)
For your convenience, 10.5.2 stock boot.img for EU and India have been extracted
EU download: https://drive.google.com/file/d/18aPqErEMbRqmN4BpdvHE4OKgizDcEbou/view?usp=sharing
India download: https://drive.google.com/file/d/1ZIEYWH2PYkKyojq_S_i_onBstejHKDTJ/view?usp=sharing
For future builds, you can use payload dumper (Windows) , (Linux ) to extract stock boot.img
Click on Install
Choose "Select and patch a file"
Select your stock boot.img
Wait until Magisk patches your boot.img, and once patched it can be found in the Downloads folder
Copy that patched boot.img (which should be named magisk_patched.img) to your computer
Boot into fastboot again
Type fastboot getvar current-slot into your terminal window and press Enter.
If the output is a , type fastboot flash boot_a magisk_patched.img into your terminal window and press Enter.
If the output is b , type fastboot flash boot_b magisk_patched.img into your terminal window and press Enter.
Reboot to OxygenOS
Open Magisk Manager and your device should now be rooted.
TIPS:
- Ensure you got latest platform tools installed from https://developer.android.com/studio/releases/platform-tools
- Backup your /persist once rooted (dd if=/dev/block/bootdevice/by-name/persist of=/sdcard/persist.img) and save it somewhere on your cloud/computer, this might save you from a broken fingerprint sensor and an RMA in the future if it turns out this device has same issue as 8-series when it comes to crossflash regional builds of OOS.
Credits:
@topjohnwu for making Magisk
/u/Jisifus for testing on his device and for screenshots
Some_Random_Username said:
TIPS:
- Ensure you got latest platform tools installed from https://developer.android.com/studio/releases/platform-tools
- Backup your /persist once rooted (dd if=/dev/block/bootdevice/by-name/persist of=/sdcard/persist.img) and save it somewhere on your cloud/computer, this might save you from a broken fingerprint sensor and an RMA in the future if it turns out this device has same issue as 8-series when it comes to crossflash regional builds of OOS.
Click to expand...
Click to collapse
Great to see it works this way and thanks for the tip.:good:
do u lose all data while rooting?
#edit1
nevermind, cannot read right
OK, will give this a try asap,have the device here now...
I gave it a try, works like a charm! Thanks for this! Small tip, unlock bootload before u copy your files
now my phone is a bit laggy. with magisk on it.. i will test it later if its getting better
Some_Random_Username said:
Type fastboot getvar current-slot into your terminal window and press Enter.
If the output is a , type fastboot flash boot_a magisk_patched.img into your terminal window and press Enter.
If the output is b , type fastboot flash boot_b magisk_patched.img into your terminal window and press Enter.
Click to expand...
Click to collapse
You can simply type "fastboot flash boot magisk_patched.img" - it flash boot to current active slot. Just for note.
Can confirm that it works, just tried it myself
If WiFi/data does not work (usually happens when you flash wrong version, but can also happen if you flash correct one), fastboot boot the image, then do a direct install in Magisk Manager.
Also, big thumbs up for adding tips for persist backup, I see too many people needing to send their device back because they messed it up somehow.
Failed for me
Hi and thanks for the tips.
Running 10.5.2 (latest build) and Bootloader is unlocked.
1: Downloaded EU BootImage File suggested (10.5.2.AC01BA.boot.img - 101MB)
2: Went to Magisk Manager, Advanced Settings, Recovery Mode Ticked, Install Magisk, Install, Select and Patch a File - Browse to 10.5.2.AC01BA.boot.img in Downloads and select.
3: Command Window appears detailing successful patching of ramdisk and also location of the newly created magisk_patched.img (37.52MB???????????????)
4: Size of new boot image looks suspiciously small.
5: Copied magisk_patched.img to PC and rebooted phone into fastboot.
6: Issued the fastboot getvar current-slot command - mine is reported as b
7: Issued the fastboot flash boot_b magisk_patched.img - File flashed OK - Reboot (Start) Phone.
8: 30 seconds of unlocked bootloader warning screen followed by 10 secs black screen followed by Qualcom Crash Dump. Rebooted phone three times - same result.
9: Rebooted phone into fastboot mode, reflashed the stock boot image and all now OK (but obviously not rooted).
Would be grateful if anyone could advise - the magisk_patched.img looks suspiciously small to me at 37.52MB compared to 101MB for the original boot image.
Thanks
10: Double checked the patching process again in Magisk and again, patched bootimage filesize is on 37.52MB.
11: I have saved log from patching process and on reading, all looks OK.
jmwengineering said:
Hi and thanks for the tips.
Running 10.5.2 (latest build) and Bootloader is unlocked.
1: Downloaded EU BootImage File suggested (10.5.2.AC01BA.boot.img - 101MB)
2: Went to Magisk Manager, Advanced Settings, Recovery Mode Ticked, Install Magisk, Install, Select and Patch a File - Browse to 10.5.2.AC01BA.boot.img in Downloads and select.
3: Command Window appears detailing successful patching of ramdisk and also location of the newly created magisk_patched.img (37.52MB???????????????)
4: Size of new boot image looks suspiciously small.
5: Copied magisk_patched.img to PC and rebooted phone into fastboot.
6: Issued the fastboot getvar current-slot command - mine is reported as b
7: Issued the fastboot flash boot_b magisk_patched.img - File flashed OK - Reboot (Start) Phone.
8: 30 seconds of unlocked bootloader warning screen followed by 10 secs black screen followed by Qualcom Crash Dump. Rebooted phone three times - same result.
9: Rebooted phone into fastboot mode, reflashed the stock boot image and all now OK (but obviously not rooted).
Would be grateful if anyone could advise - the magisk_patched.img looks suspiciously small to me at 37.52MB compared to 101MB for the original boot image.
Thanks
10: Double checked the patching process again in Magisk and again, patched bootimage filesize is on 37.52MB.
11: I have saved log from patching process and on reading, all looks OK.
Click to expand...
Click to collapse
The size is normal.
When patching your image you have to select "Preserve Force Encryption" and "Preserve AVB 2.0/dm-verity" under advanced settings in the main screen where you patch the image.
jmwengineering said:
Hi and thanks for the tips.
Running 10.5.2 (latest build) and Bootloader is unlocked.
1: Downloaded EU BootImage File suggested (10.5.2.AC01BA.boot.img - 101MB)
2: Went to Magisk Manager, Advanced Settings, Recovery Mode Ticked, Install Magisk, Install, Select and Patch a File - Browse to 10.5.2.AC01BA.boot.img in Downloads and select.
3: Command Window appears detailing successful patching of ramdisk and also location of the newly created magisk_patched.img (37.52MB???????????????)
4: Size of new boot image looks suspiciously small.
5: Copied magisk_patched.img to PC and rebooted phone into fastboot.
6: Issued the fastboot getvar current-slot command - mine is reported as b
7: Issued the fastboot flash boot_b magisk_patched.img - File flashed OK - Reboot (Start) Phone.
8: 30 seconds of unlocked bootloader warning screen followed by 10 secs black screen followed by Qualcom Crash Dump. Rebooted phone three times - same result.
9: Rebooted phone into fastboot mode, reflashed the stock boot image and all now OK (but obviously not rooted).
Would be grateful if anyone could advise - the magisk_patched.img looks suspiciously small to me at 37.52MB compared to 101MB for the original boot image.
Thanks
10: Double checked the patching process again in Magisk and again, patched bootimage filesize is on 37.52MB.
11: I have saved log from patching process and on reading, all looks OK.
Click to expand...
Click to collapse
And that's why it's recommended to boot the patched image first.
Thanks
Lossyx said:
The size is normal.
When patching your image you have to select "Preserve Force Encryption" and "Preserve AVB 2.0/dm-verity" under advanced settings in the main screen where you patch the image.
Click to expand...
Click to collapse
Thanks for confirming file size - Preserve Force Encryption and Preserve AVB 2.0/dm-verity were ticked during the patching process. Guess I'll have to wait until TWRP is verified as Nord compatible.
---------- Post added at 07:06 PM ---------- Previous post was at 06:59 PM ----------
Kollachi said:
And that's why it's recommended to boot the patched image first.
Click to expand...
Click to collapse
Thanks for the reply. Not sure what you mean by booting the patched image first. You have to create the patched image on the phone first before you can flash and then boot it. Step 7 in my post above details the flashing of the patched image and subsequent attempt to reboot Oxygen OS. I can't boot the patched image until I've created and flashed it!
jmwengineering said:
Thanks for the reply. Not sure what you mean by booting the patched image first. You have to create the patched image on the phone first before you can flash and then boot it. Step 7 in my post above details the flashing of the patched image and subsequent attempt to reboot Oxygen OS. I can't boot the patched image until I've created and flashed it!
Click to expand...
Click to collapse
Nah, instead of flash the patched boot image you can boot it only. Not sure why it's not working for you. But usually it should work.
Command: fastboot boot "patched boot image"
Edit: that's also what lossyx said. Boot image and than install it with magisk manager.
And if you boot the image and something went wrong you aren't bricked or anything. It's a safe way to test something.
Thanks for the advice - will boot the image file on my PC rather than flashing first.
Sent from my AC2003 using Tapatalk
Does unlocking the bootloader break widewine L1 on this device like it did with 7/7T/7P/7TP/8/8P
..
CryllicBuster273 said:
Does unlocking the bootloader break widewine L1 on this device like it did with 7/7T/7P/7TP/8/8P
Click to expand...
Click to collapse
Yeah I guess when you unlock your phone it will break L1 as always.
---------- Post added at 12:17 PM ---------- Previous post was at 12:15 PM ----------
DIR49DNOR0N said:
I will try this unless twrp is cooked on release. Where did you get the OTA zips from actually?
I want to, extract boot.img, save it, patch boot.img, boot it, use some apps that require root and remove some packages, uninstall magisk, power down, use normal image, relock bootloader. Does this work how i expect it to work ?
Click to expand...
Click to collapse
https://forum.xda-developers.com/oneplus-nord/how-to/oneplus-nord-repo-oxygen-os-builds-t4138085
DIR49DNOR0N said:
I will try this unless twrp is cooked on release. Where did you get the OTA zips from actually?
I want to, extract boot.img, save it, patch boot.img, boot it, use some apps that require root and remove some packages, uninstall magisk, power down, use normal image, relock bootloader. Does this work how i expect it to work ?
Click to expand...
Click to collapse
No, keep the bootloader unlocked if your phone is modified, else it can cause some issues.
Btw when you lock/unlock the bootloader, data will be wiped. apps will be reinstated again so that's useless
The guide worked perfectly and I'm up and running with Root!
One thing I have noticed is that the Google Play store is no longer Play Protect Certified.
I've tried registering my device with Google using this XDA guide but I haven't found any change to the Play Store certification.
I should probably wait for a while to see if the registration takes some time. I also couldn't use the adb commands that Google recommends and I had to use the Device ID app to get the Google Service Framework (GSF).
I've read in a few places that it may be because the Bootloader is unlocked and I'm wondering if I should re-lock it now that I have root. Not sure how/if that will affect my ability to keep root when future updates come out though.
Anyone have any thoughts/experience with this?
Possible TWRP without waiting?
Can anyone use this and try? Might be used as an alternate Method for Rooting via TWRP
https://forum.xda-developers.com/an...g/guide-how-to-port-twrp-to-qualcomm-t3420013
[GUIDE][WINDOWS] Bootloader Unlock/Re-Lock, Rooting with Magisk and flashing FirmwaresIntroducing this GuideHello there and welcome to My Guide for Your Xperia Smartphone. This Guide will walk with You thru the whole Process of installing Drivers, getting an unlock Key for Your Bootloader, rooting with Magisk and even flashing GSI Custom ROMs up to re-locking Your Bootloader and re-flashing Stock for the total Factory Reset. This Thread/Guide is not meant as Wiki n'or will it teach You about Android at all. Inform Yourself using Google to enjoy the total Freedom and Customization of Android... If You can't solve Problems Yourself, by communicating and research, don't touch Your Bootloader!
IMPORTANT:
2020+ Xperias are using fastbootd, and equivalent to fastboot which runs in Userspace (Same as Recoveries).
You can access Your Recovery on Your Xperia by holding VolumeDown (-) & the Powerbutton (Your Device needs to be turned off before ofc). Release the Powerbutton after the Display turned on and hold VolumeDown (-) until You see the Recovery Screen. From there, You can enter fastbootd and fastboot. Labled as "Fastboot" for fastbootd and "Bootloader" which is the old fastboot. You can flash Kernels, Recoveries and other stuff from fastboot. Everything else like System Images (GSIs for example), Product Images, System_ext Images and any Userspace stuff has to be flashed from fastbootd. 2019 Xperias are still using fastboot only...
Fastboot and Fastbootd has nothing to do with SONYs Flashmode on Xperias!
INDEX:
Requirements
Installing Drivers
Firmware Flashing
Bootloader Unlocking & Magisk Root
GSI ROM flashing with Fastboot (Optional)
Bootloader Re-Locking (TheWayBack)
Firmware Restoring after Re-Locking
1. Requirements:
Read! Inform Yourself about the Tools You use...
Xperia Basics:
Your Device is turned Off...
Blue LED=Fastboot (Hold VolumeUp (+) & Connect to USB)
Green LED=Flashmode (Hold VoumeDown (-) & Connect to USB)
Windows 10/11 for Firmware flashing & downloading
Xperia Bootloader Unlock Key (From HERE)
Platform Tools alias ADB and Fastboot (From HERE)
Fastboot and Flashmode Drivers (From HERE and HERE)
EMMA for Firmware Updates (From HERE)
XperiFirm for Firmware Downloads (From XDA)
Unsin to extract the Kernel .sin from XperiFirm (From XDA)
Magisk Manager to patch the extracted Kernel .sin (From GitHub)
A working Android System for the Magisk Kernel patching
GSI & vbmeta Image (From Google) (Optional)
A Backup of Your Internal Devices Storage (Optional)
2. Installing Drivers:
Download the Drivers from the Links above and extract them
Install the downloaded and extracted Drivers by right clicking on the ***.inf Files "Install"
3. Flashing Firmwares with EMMA:
Download EMMA and install it
Start EMMA and connect Your Device to USB (Flashmode)
3.1. Downloading Firmwares with XperiFirm:
Download and extract XperiFirm from the link above
Run XperiFirm and Download the right Firmware for Your Device
4. Bootloader Unlocking and Magisk Root:
Note: Since You are going to unlock Your Bootloader, You may surely want to get Root. So let's start with Magisk or it will take more Time afterwards...
Download UnSin from the link above and extract it somewhere
Download the "Platform Tools" from Google and extract it to the root of Your main Windows Drive
Download and install the Magisk Manager on Your Android Device
Extract the File boot_********.sin (60MB+ File) with the Unsin Exe (Drag and drop the Image on the Exe)
You will get a .img File which You can patch now with the Magisk Manager on Your Android Device
Open the Magisk Manager and Install Magisk by selecting the Image File You just got from UnSin
Copy the magisk_patched.img in /download from Your Device to the Platform Tools Folder
Grab Your Device again, go to "About Phone" in the Settings and tap several Times on the build Version
Go now to the Developer Settings under "System" and enable "OEM-Unlock" and "USB-Debugging"
Use now the Platform Tools with this Commands (In Powershell):
Type now (Step by Step):
Code:
cd\
cd platform-tools
Note: To use the Platform Tools Folder as environment for Fastboot and ADB. Or hold Shift and Make a right Click in the Platform Tools Folder to open the Command prompt there...
Type now:
Code:
adb reboot bootloader
You will get a prompt on Your Xperia Device. Your Device will Reboot afterwards...
Now Your Bootloader Unlock Code:
Code:
fastboot oem unlock 0xYOURKEY
Wait for it... And type now:
Code:
fastboot reboot
Wait for Your Device to Wipe and Start. Once in the Android System, turn Your Device off without USB Connected
Press and hold now the VolumeUp (+) Button while connecting to USB to enable the fastboot Mode
Continue with flashing the Images for Root (Step by Step):
Code:
fastboot flash boot_a magisk_patched.img
fastboot flash boot_b magisk_patched.img
Wipe and Reboot:
Code:
fastboot -w
fastboot reboot
Note: Your are unlocked and rooted now! Enjoy Your Unleashed Device
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
5. GSI flashing with Fastboot:
Note: GSI ROMs can be found around the Web. Like here...
Treble-Enabled Device Development A/AB ROMS
Treble-Enabled Device Development A/AB ROMS
forum.xda-developers.com
Not all GSIs require the vbmeta change. You can use all GSIs that are made for ARM64 + A/B Devices. Play around. Systems can't damage Your Device since You keep the Stock Vendor & Kernel! You can use any Android Version! Don't forget to make backups if needed. You are going to Format Your Device!
Download a GSI Zip from Google
Extract the system.img and the vbmeta.img to Your Platform-Tools
Connect Your Device in Fastboot Mode and use Fastboot with:
(On 2020+ Xperias run: "fastboot reboot fastboot" first after You booted into fastboot)
Code:
fastboot flash system_a system.img
fastboot flash system_b system.img
[Optional] fastboot --disable-verity --disable-verification flash vbmeta_a vbmeta.img
[Optional] fastboot --disable-verity --disable-verification flash vbmeta_b vbmeta.img
fastboot -w (This does Format Your Device and is needed everytime You change the GSI!)
fastboot reboot
6. Bootloader Re-Lock:
Flash the latest Firmware for Your Device with EMMA
Erase all Userdata before You continue (like with fastboot -w or via Recovery)
Just go into Fastboot mode and type in the command prompt (like before in this Guide):
Code:
fastboot oem lock
Wait for Your Device and disconnect it from USB
Done... Continue with Step 7.
7. Firmware Restoring after Re-Locking:
Download and Install the "Xperia Companion" from SONY
Open the Xperia Companion and select Software Repair
Select that Your Device can't get recognized (or is a Smartwatch 3 lol)
Go to the next Page and select the Xperia Smartphone Option
Continue and wait for the Initialization
Press and hold Volume DOWN while connecting to USB (You will see the Green Flashmode LED again)
Continue once Your Device gets recognized and let the Xperia Companion do his work...
Done. Your Bootloader is locked again and almost all of Your DRMs are restored.
So I haven't rooted a phone in a long time. I have gotten my Xperia 5 IV, and I really want to get back into it. Your post looks like a great place to start. However, I have a question, do you think a custom recovery is needed? If so, would you recommend any? I don't see anything about installing TWRP on the 5 IV, and my quick search online hasn't yielded better results.
Anyone know what models can be unlocked? Previous thread says you can't unlock CQ62 (US). CQ44 (Japan) apparently can be unlocked going by same thread, but what about CQ54 (Europe) and CQ72 (Asia)?
Thanks, that's a very helpful guide! I'm now running the latest available Android 13 image for my phone, happily rooted
As it's in the Sony Xperia 5 IV section of the forum it's important to note that you must use fastbootd or you won't be able to wipe the phone. As such, to summarise, the rooting steps are:
- Unlock bootloader
- Download and extract boot.img (on PC)
- Download Magisk and patch boot.img (on phone)
- Reboot to bootloader (adb reboot fastboot) then to fastboot (fastboot reboot fastboot)
- Flash patched boot.img, wipe phone, and reboot
Once rooted you probably want to:
- Install Displax's safetynet-fix to get Google Wallet, Netflix etc working
- Remove unwated bloatware using something like De-Bloater
asdf2345 said:
what about CQ54 (Europe)
Click to expand...
Click to collapse
You can definitely unlock CQ54, as I have just done it.
SekiGamer said:
do you think a custom recovery is needed?
Click to expand...
Click to collapse
I never use custom recoveries, personally, as they're another potential point of failure without any real benefit (you can backup and perform updates easily by other means).
aricooperdavis said:
You can definitely unlock CQ54, as I have just done it.
I never use custom recoveries, personally, as they're another potential point of failure without any real benefit (you can backup and perform updates easily by other means).
Click to expand...
Click to collapse
Ah, that's very good to know. What are the other means that you prefer?
Just got my Japanese SO-54C and went to follow this guide only to find out "Bootloader Unlock Allowed: No".
However, I just got that changed to "Bootloader Unlock Allowed: Yes" so I will follow this guide tonight and unlock my SO-54C bootloader! Can't wait.
Bootloader is now unlocked. However, no matter what I try, the device is never actually rooted.
I'm using the Docomo firmware (xperifirm) 64.1.C.0.102 and I use UnSin on boot_X-FLASH-ALL-C220.sin to get .img. Then I instal MAGISK and push the img file to the phone. Then I use magisk to patch the img and retrieve it from the /Download folder on the device.
I use adb pull to my desktop and I do the fastboot flash boot_a and boot_b, wipe and reboot. After going through the new phone setup, I use Root Checker and it says my phone is NOT rooted.
Am I missing something?
Edit: couple reboots later and magisk did something (some kind of update) and it says rooted.
Kevbodian said:
Just got my Japanese SO-54C and went to follow this guide only to find out "Bootloader Unlock Allowed: No".
However, I just got that changed to "Bootloader Unlock Allowed: Yes" so I will follow this guide tonight and unlock my SO-54C bootloader! Can't wait.
Click to expand...
Click to collapse
How did you get it changed? The removed guide only worked up to the III series.
asdf2345 said:
How did you get it changed? The removed guide only worked up to the III series.
Click to expand...
Click to collapse
I paid for credits on Infinity Online Service - qUnlockTool. The software didn't work, I notified Infinity Team and they gave me a new exe that changed from NO to YES. Then I followed the guide to BLU and root.
Hmm interesting, wonder if it can be used on American devices for the American 4G/5G bands.
How much was it?
asdf2345 said:
Hmm interesting, wonder if it can be used on American devices for the American 4G/5G bands.
How much was it?
Click to expand...
Click to collapse
$30 USD. But DM me if you want more info as I believe paid stuff is not welcome.
As far as bands, I have no idea. I quickly soft-bricked my device tonight and just got it back (bootloader unlocked but root is gone).
Well I mean unlock American devices for those 4G/5G bands not in the overseas phones. Otherwise a method to unlock the bands of the 256GB overseas model would be better.
I find it funny that $30 for a $1000 (or $700) phone bad, but for the Motorola Droid Razr M where the unlock costs more than the phone itself it's completely fine to talk about.
Kevbodian said:
Edit: couple reboots later and magisk did something (some kind of update) and it says rooted.
Click to expand...
Click to collapse
This is one of the devices that Magsik has to install some early hooks for, so indeed to finish root you'll need to open Magisk and it'll tell you that 'additional setup required' and to reboot your device. Then it'll be rooted.
SekiGamer said:
Ah, that's very good to know. What are the other means that you prefer?
Click to expand...
Click to collapse
I use titanium backup and update directly through Magisk or using fastboot.
i never got into titanium to backup my system like i used to with TWRP.....i loved TWRP
Why doesn't anyone try reverse engineering these paid bootloader unlock methods?
gram-hours said:
[GUIDE][WINDOWS] Bootloader Unlock/Re-Lock, Rooting with Magisk and flashing FirmwaresIntroducing this GuideHello there and welcome to My Guide for Your Xperia Smartphone. This Guide will walk with You thru the whole Process of installing Drivers, getting an unlock Key for Your Bootloader, rooting with Magisk and even flashing GSI Custom ROMs up to re-locking Your Bootloader and re-flashing Stock for the total Factory Reset. This Thread/Guide is not meant as Wiki n'or will it teach You about Android at all. Inform Yourself using Google to enjoy the total Freedom and Customization of Android... If You can't solve Problems Yourself, by communicating and research, don't touch Your Bootloader!
IMPORTANT:
2020+ Xperias are using fastbootd, and equivalent to fastboot which runs in Userspace (Same as Recoveries).
You can access Your Recovery on Your Xperia by holding VolumeDown (-) & the Powerbutton (Your Device needs to be turned off before ofc). Release the Powerbutton after the Display turned on and hold VolumeDown (-) until You see the Recovery Screen. From there, You can enter fastbootd and fastboot. Labled as "Fastboot" for fastbootd and "Bootloader" which is the old fastboot. You can flash Kernels, Recoveries and other stuff from fastboot. Everything else like System Images (GSIs for example), Product Images, System_ext Images and any Userspace stuff has to be flashed from fastbootd. 2019 Xperias are still using fastboot only...
Fastboot and Fastbootd has nothing to do with SONYs Flashmode on Xperias!
INDEX:
Requirements
Installing Drivers
Firmware Flashing
Bootloader Unlocking & Magisk Root
GSI ROM flashing with Fastboot (Optional)
Bootloader Re-Locking (TheWayBack)
Firmware Restoring after Re-Locking
1. Requirements:
Read! Inform Yourself about the Tools You use...
Xperia Basics:
Your Device is turned Off...
Blue LED=Fastboot (Hold VolumeUp (+) & Connect to USB)
Green LED=Flashmode (Hold VoumeDown (-) & Connect to USB)
Windows 10/11 for Firmware flashing & downloading
Xperia Bootloader Unlock Key (From HERE)
Platform Tools alias ADB and Fastboot (From HERE)
Fastboot and Flashmode Drivers (From HERE and HERE)
EMMA for Firmware Updates (From HERE)
XperiFirm for Firmware Downloads (From XDA)
Unsin to extract the Kernel .sin from XperiFirm (From XDA)
Magisk Manager to patch the extracted Kernel .sin (From GitHub)
A working Android System for the Magisk Kernel patching
GSI & vbmeta Image (From Google) (Optional)
A Backup of Your Internal Devices Storage (Optional)
2. Installing Drivers:
Download the Drivers from the Links above and extract them
Install the downloaded and extracted Drivers by right clicking on the ***.inf Files "Install"
3. Flashing Firmwares with EMMA:
Download EMMA and install it
Start EMMA and connect Your Device to USB (Flashmode)
3.1. Downloading Firmwares with XperiFirm:
Download and extract XperiFirm from the link above
Run XperiFirm and Download the right Firmware for Your Device
4. Bootloader Unlocking and Magisk Root:
Note: Since You are going to unlock Your Bootloader, You may surely want to get Root. So let's start with Magisk or it will take more Time afterwards...
Download UnSin from the link above and extract it somewhere
Download the "Platform Tools" from Google and extract it to the root of Your main Windows Drive
Download and install the Magisk Manager on Your Android Device
Extract the File boot_********.sin (60MB+ File) with the Unsin Exe (Drag and drop the Image on the Exe)
You will get a .img File which You can patch now with the Magisk Manager on Your Android Device
Open the Magisk Manager and Install Magisk by selecting the Image File You just got from UnSin
Copy the magisk_patched.img in /download from Your Device to the Platform Tools Folder
Grab Your Device again, go to "About Phone" in the Settings and tap several Times on the build Version
Go now to the Developer Settings under "System" and enable "OEM-Unlock" and "USB-Debugging"
Use now the Platform Tools with this Commands (In Powershell):
Type now (Step by Step):
Code:
cd\
cd platform-tools
Note: To use the Platform Tools Folder as environment for Fastboot and ADB. Or hold Shift and Make a right Click in the Platform Tools Folder to open the Command prompt there...
Type now:
Code:
adb reboot bootloader
You will get a prompt on Your Xperia Device. Your Device will Reboot afterwards...
Now Your Bootloader Unlock Code:
Code:
fastboot oem unlock 0xYOURKEY
Wait for it... And type now:
Code:
fastboot reboot
Wait for Your Device to Wipe and Start. Once in the Android System, turn Your Device off without USB Connected
Press and hold now the VolumeUp (+) Button while connecting to USB to enable the fastboot Mode
Continue with flashing the Images for Root (Step by Step):
Code:
fastboot flash boot_a magisk_patched.img
fastboot flash boot_b magisk_patched.img
Wipe and Reboot:
Code:
fastboot -w
fastboot reboot
Note: Your are unlocked and rooted now! Enjoy Your Unleashed Device
5. GSI flashing with Fastboot:
Note: GSI ROMs can be found around the Web. Like here...
Treble-Enabled Device Development A/AB ROMS
Treble-Enabled Device Development A/AB ROMS
forum.xda-developers.com
Not all GSIs require the vbmeta change. You can use all GSIs that are made for ARM64 + A/B Devices. Play around. Systems can't damage Your Device since You keep the Stock Vendor & Kernel! You can use any Android Version! Don't forget to make backups if needed. You are going to Format Your Device!
Download a GSI Zip from Google
Extract the system.img and the vbmeta.img to Your Platform-Tools
Connect Your Device in Fastboot Mode and use Fastboot with:
(On 2020+ Xperias run: "fastboot reboot fastboot" first after You booted into fastboot)
Code:
fastboot flash system_a system.img
fastboot flash system_b system.img
[Optional] fastboot --disable-verity --disable-verification flash vbmeta_a vbmeta.img
[Optional] fastboot --disable-verity --disable-verification flash vbmeta_b vbmeta.img
fastboot -w (This does Format Your Device and is needed everytime You change the GSI!)
fastboot reboot
6. Bootloader Re-Lock:
Flash the latest Firmware for Your Device with EMMA
Erase all Userdata before You continue (like with fastboot -w or via Recovery)
Just go into Fastboot mode and type in the command prompt (like before in this Guide):
Code:
fastboot oem lock
Wait for Your Device and disconnect it from USB
Done... Continue with Step 7.
7. Firmware Restoring after Re-Locking:
Download and Install the "Xperia Companion" from SONY
Open the Xperia Companion and select Software Repair
Select that Your Device can't get recognized (or is a Smartwatch 3 lol)
Go to the next Page and select the Xperia Smartphone Option
Continue and wait for the Initialization
Press and hold Volume DOWN while connecting to USB (You will see the Green Flashmode LED again)
Continue once Your Device gets recognized and let the Xperia Companion do his work...
Done. Your Bootloader is locked again and almost all of Your DRMs are restored.
Click to expand...
Click to collapse
Many thanks for your guide. Im just about to receive my phone in 2weeks time.
Is it a good idea to update android to the latest one before unlocking the bootloader and rooting the device or doesn't matter?
Make sure the device is up-to-date before rooting.
Note: the arms race between those rooting their devices and Google/app developers is particularly fierce at the moment. This means that you are likely to face issues hiding your rooted status from apps.
For example there is currently no way to root and still use both Google Pay and the Starling banking app. This is because Google Pay requires you to use Displax's Universal Safety Net Fix Mod to pass Play Integrity, whilst Starling detects any use of Zygisk (by means currently unknown) which UNSF relies on.