How To Guide [CLOSED] Firmware is out! Get your root on! - Google Pixel 6

Update 12/15/21: Magisk 23016 incorporates fixes for vbmeta header patching; disabling verity/verification is no longer necessary. Update and root should work as it always has - simply patch and flash the boot image.
Any update method can be used. If you've already disabled verity/verification, simply don't worry about it at next update; no need to re-enable.
I am closing this thread.
Spoiler: Deprecated
On Android 12, boot verification must be disabled in order to run a patched boot image. Unfortunately, if you have never disabled it before, it will require you to wipe data. To be clear:
***************************************************
PERMANENT ROOT CURRENTLY REQUIRES A DATA WIPE.
***************************************************
However, if you don't want to lose your data, you can "live boot" the patched image as long as /vbmeta and /boot are stock. This will allow you to use temporary root. DO NOT attempt to Direct Install Magisk to the boot image.
For subsequent updates, it is imperative that you do not allow the device to boot into system before you have disabled Verified Boot.
What this means: If you sideload the OTA, IMMEDIATELY reboot to bootloader and reflash /vbmeta with --disable-verity and --disable-verification. If you dirty flash the factory image, make sure you add these two switches to the command.
If you fail to do this, and allow the device to boot into system, you WILL have to wipe data to disable it again.
IF YOU ARE ROOTED, DO NOT USE AUTOMATIC UPDATES AS THIS WILL REFLASH /VBMETA WITHOUT DISABLING BOOT VERIFICATION!
Factory Images
OTA Images
Latest Magisk Canary
Spoiler: To root:
On your device, enable Developer Options (tap build number 8 times), and enable the OEM Unlocking toggle. Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader:
Code:
fastboot flashing unlock
Download the latest factory image and extract it. Inside, you will find the bootloader image, the radio image, and the image-device-buildnumber.zip. Extract boot.img and vbmeta.img from this zip.
Flash vbmeta:
Code:
fastboot flash vbmeta --disable-verity --disable-verification <drag and drop vbmeta.img>
Allow the device to boot into Android. Once you have Magisk installed, copy the boot.img and patch it in Magisk, then copy it back to your PC.
Reboot to bootloader.
Flash patched boot image:
Code:
fastboot flash boot <drag and drop magisk_patched-23xxx_xxxxx.img>
Reboot into system.
Spoiler: For subsequent updates:
Download the latest factory image and extract it. Inside, you will find the bootloader image, the radio image, and the image-device-buildnumber.zip. Extract boot.img from this zip.
Reboot to bootloader.
Update bootloader and radio if they are out of date. BE CAREFUL, A MISTAKE CAN BRICK YOUR DEVICE! If you update the bootloader, remember to reboot back to bootloader so that the update reads the correct bootloader version.
Update system:
Code:
fastboot update --disable-verity --disable-verification <drag and drop image-device-buildnumber.zip here>
Note: If you get an error for bootloader/radio version, this means you need to update bootloader and/or radio; go back to step 3.
Allow the device to boot into Android. Copy the boot.img and patch it in Magisk, then copy it back to your PC.
Reboot to bootloader.
Flash patched boot image:
Code:
fastboot flash boot <drag and drop magisk_patched-23xxx_xxxxx.img>
Reboot into system.
I personally do not recommend updating via OTA Sideload, as you would have to download and extract the factory zip anyway. AUTOMATIC OTA WILL LOSE ROOT AND REQUIRE A WIPE TO ROOT AGAIN.
Spoiler: If you choose to update via OTA Sideload:
Sideload the OTA. When complete, IMMEDIATELY reboot to bootloader.
Reflash vbmeta:
Code:
fastboot flash vbmeta --disable-verity --disable-verification <vbmeta.img>
Boot to system and allow the update to complete.
Patch and flash the boot image.
Note: If you run into a bootloader message
failed to load/verify boot images
this means you forgot to disable verity and verification. Reflash vbmeta with the --disable options.
If you run into this recovery message
View attachment 5455805
This means that verity and verification were not disabled before, and a wipe is required to proceed.

Let the fun begin!

Awesome news! Now that the devices are in peoples hands and this is released, development can begin!

So it looks like if you grabbed the Pixel 6 OTA yesterday, you are on 036, and that binary is not yet posted. Please correct if I am wrong. Cant wait to root this thing, non V4A audio is horrible

Just literally got my pixel 6 20 mins ago, I’m at work but when I get home the first thing I’m doing is rooting it!

For some reason I can not unlock the bootloader on the P6.
I unlocked the bootloader in the developer options.
Tried "fastboot flashing unlock" and the CMD says waiting for device.
I can transfer files from the pc to the P6 with no problems.
Maybe I need to check on an ADB driver!
EDIT: Google ADB driver was needed.

Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.

XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
Geez, the firmware was just released today. Give the devs some time, there are other devices they need to update their mods on as well.

vandyman said:
Geez, the firmware was just released today. Give the devs some time, there are other devices they need to update their mods on as well.
Click to expand...
Click to collapse
Again, I was just asking what would be the benefit of rooting for a daily driver for most people (not devs), not trying to be impatient or rude. From my fairly limited understanding, Hide is pretty essential for a plethora of apps to work while rooted.

XNine said:
Again, I was just asking what would be the benefit of rooting for a daily driver for most people (not devs), not trying to be impatient or rude. From my fairly limited understanding, Hide is pretty essential for a plethora of apps to work while rooted.
Click to expand...
Click to collapse
Gotha!
When I had my Pixel 5 rooted I did not need to use hide. I use PNC Bank with no issues. I do not us Gpay, to me it is a waste of time.
I use root for AdAway, Appdash, EX Kernel, and SD Maid.

XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
Use Magisk 23001. You don't have to use 23011. I believe 23000 stable will also work as it still has MagiskHide if I'm not mistaken and works with Riru.

V0latyle said:
Use Magisk 23001. You don't have to use 23011. I believe 23000 stable will also work as it still has MagiskHide if I'm not mistaken and works with Riru.
Click to expand...
Click to collapse
You're a beautiful human being. Thank you!

XNine said:
You're a beautiful human being. Thank you!
Click to expand...
Click to collapse
My wife thinks so too, although "beautiful" isn't the word she uses

Been waiting for kernel source. Skimming through it, there's a ton of exynos named files.

XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
I’ve got an old apk of magisk so I’d assume this would work fine, no?

Also, I’ve got build number showing SD1A.210817.019.C2. Just got my 6 today and didn’t do the OTA security update as batteries to low. Will this work or nope?

DefeatedSouls said:
Also, I’ve got build number showing SD1A.210817.019.C2. Just got my 6 today and didn’t do the OTA security update as batteries to low. Will this work or nope?
Click to expand...
Click to collapse
Patch the image from the factory zip, and boot it instead of flashing it. Then, once booted, use Direct Install in Magisk to patch the boot image already on your phone.

V0latyle said:
Patch the image from the factory zip, and boot it instead of flashing it. Then, once booted, use Direct Install in Magisk to patch the boot image already on your phone.
Click to expand...
Click to collapse
Uh.. normally I’m good at this but okay, I’ll try!

XNine said:
Until a Magisk hide alternative is available, what's the point in rooting for those who don't develop? Most banking apps (among others) won't work.
Not to downplay the significance of the importance of this, just asking.
Click to expand...
Click to collapse
For instance, I need root to use Adguard in local Proxy mode and third-party VPN service. Also, I use CapitalOne, Amex, Discover, Tdbank and Chase with NO MagiskHide. There were problems with Chase, but later they probably realized it's a crap - to block rooted phones to access the app to pay your card. Some of these apps don't let you to login by a fingerprint, but it's not a big deal to enter the password (you won't forget one at least, haha)

Getting Installation failed when trying to patch the boot.img from the factory zip with Magisk.

Related

Possibly dense question about OEM unlock and magisk flash

EDIT: On a V30 H930 if that matters.
Coming from an S7 Edge and a Jelly Pro (which was fairly open) so my understanding of how LG does things may be off.
If I just want Magisk - not interested in TWRP/custom roms etc.
Can I:
- enable OEM unlock in developer settings (device is encrypted etc)
- use magisk manager to generate a new boot.img
- use fastboot to flash this e.g. fastboot flash boot patched_boot.img
Or am I missing something? (Probably!)
molotov_sh said:
EDIT: On a V30 H930 if that matters.
Coming from an S7 Edge and a Jelly Pro (which was fairly open) so my understanding of how LG does things may be off.
If I just want Magisk - not interested in TWRP/custom roms etc.
Can I:
- enable OEM unlock in developer settings (device is encrypted etc)
- use magisk manager to generate a new boot.img
- use fastboot to flash this e.g. fastboot flash boot patched_boot.img
Or am I missing something? (Probably!)
Click to expand...
Click to collapse
EDIT:
See post #7 below for root on this phone without TWRP.
For root for this phone WITH TWRP, see this post.
ChazzMatt said:
No, what you said won't work. See this thread below.
You need TWRP to root, by the way.
https://forum.xda-developers.com/lg-v30/how-to/wtf-lg-v30-t3790500
Click to expand...
Click to collapse
You don't need TWRP to root (some) other phones with Magisk, hence my original probing question. Originally when I did some poking around this forum I couldn't tell if some of the hackery being used was specifically for network locked phones or for some custom rom needs.
It looks like the subtlety here is that LG doesn't really unlock when you choose OEM unlock, it just lets you then request unlocking from them (or the trick you've linked). What a right pain in the behind.
Thanks for the pointer.
molotov_sh said:
You don't need TWRP to root (some) other phones with Magisk, hence my original probing question. Originally when I did some poking around this forum I couldn't tell if some of the hackery being used was specifically for network locked phones or for some custom rom needs.
It looks like the subtlety here is that LG doesn't really unlock when you choose OEM unlock, it just lets you then request unlocking from them (or the trick you've linked). What a right pain in the behind.
Thanks for the pointer.
Click to expand...
Click to collapse
In my experience, very few phones actually unlock bootloader with simple "OEM unlock". That setting only works if the OEM or carrier wants it to work.
XIAOMI makes you wait TWO months for bootloader unlock:
https://www.xda-developers.com/xiaomi-2-month-wait-unlock-bootloader/
Note I didn't say no phones, I said very few -- compared to the plethora of brands available.
For instance, Motorola makes you request a bootloader unlock code, but Verizon Motorola phones are not eligible.
Sent via open market LG US998 V30/V30+
I'm confused... 10c didn't need TWRP
So I last rooted when I was running 10c on my open market bootloader unlocked US998 V30 (through the official LG method with an LG-generated unlock.bin) and all I had to do was get a boot.img and let Magisk patch it then flash it using adb/fastboot flash.
I have updated to 20d (many thanks ChazzMatt for the KDZ and instructions) and was going to use westwood24's 20d boot.img with Magisk to systemless-ly root again. Since it seems to be asked a lot, I prefer to leave my /data encrypted and never noticed a slowdown without disabling rctd and prefer to have dm-verity on. If there's a way to do that with TWRP and leave stuff encrypted I'm all for it.
Is it no longer possible to flash back a patched boot.img to have just Magisk root and an otherwise completely stock device?
Kakari said:
So I last rooted when I was running 10c on my open market bootloader unlocked US998 V30 (through the official LG method with an LG-generated unlock.bin) and all I had to do was get a boot.img and let Magisk patch it then flash it using adb/fastboot flash.
I have updated to 20d (many thanks ChazzMatt for the KDZ and instructions) and was going to use westwood24's 20d boot.img with Magisk to systemless-ly root again. Since it seems to be asked a lot, I prefer to leave my /data encrypted and never noticed a slowdown without disabling rctd and prefer to have dm-verity on. If there's a way to do that with TWRP and leave stuff encrypted I'm all for it.
Is it no longer possible to flash back a patched boot.img to have just Magisk root and an otherwise completely stock device?
Click to expand...
Click to collapse
You're doing very advanced stuff, and I don't know the answer to that. A developer could give you answers...
I do know I prefer TWRP custom recovery for purposes of having backups. Like having a nifty time machine where you can erase mistakes you make.
TWRP can also let you flash zipped files to install other elements to your phone.
"Stock" recovery is fairly useless in my opinion.
Magisk systemless root without TWRP
ChazzMatt said:
You're doing very advanced stuff, and I don't know the answer to that. A developer could give you answers...
I do know I prefer TWRP custom recovery for purposes of having backups. Like having a nifty time machine where you can erase mistakes you make.
TWRP can also let you flash zipped files to install other elements to your phone.
"Stock" recovery is fairly useless in my opinion.
Click to expand...
Click to collapse
I decided to just 'go for it' again and it still works with Magisk 16 and 17.1 (I didn't dare try 17 with the possible bootloop problems). In the interest of not making something 'advanced' & possibly dangerous too accessible I'll share what I did in broad strokes so molotov_sh and future me can have a rough guide.
The process was:
0. Have an unlocked bootloader (either you have an open market US998 and used the official method or the WTF method)
1. Download the 20d update (what I'm using a newer one will hopefully also work) and the LGUP dev version.
2. Plug in your V30 using a USB2 cable and switch it to File Transfer mode.
3. Open LGUP
4. 'Upgrade' the phone using the KDZ from (1), let it reboot, finish and check that the phone boots, I like throwing in an extra reboot with the phone unplugged from the computer just to be sure. Do any backups of app data, make sure you have 2FA backup codes etc.
5. Reconnect the phone and open LGUP again and choose 'Dump'
5a. It's probably a good idea to dump the whole of your phone excluding 'userdata' just in case. I had a timeout error after about 30-35 minutes but it seemed to get all portions.
6. Choose the 'boot' checkbox for what you want to dump and choose a folder to save it in. The file it dumps is in .img format but does not have a file extension.
7. When its done, unplug the phone, close LGUP, reboot the phone to the regular OS, and plug it back in in file transfer mode.
8. Copy the boot image you dumped in (6) onto the phone, perhaps under Internal SD/Download (I'd add the .img and possibly a version like boot20d.img)
9. Install MagiskManager.
10. Open it, choose Install, Patch Boot Image file, choose the .img file you copied in (8). When its done (without any errors!) you'll have a patched_boot.img file
11. Copy patched_boot.img onto your computer (I like placing it right next to my fastboot executable); you might have to wait a few minutes or restart since the phone can be slow to show newly created files.
12. Unplug your phone & turn it off. Then hold volume down while your plug in the USB cable.
13. Open a terminal/command prompt and navigate to the patched_boot.img file and then run
Code:
fastboot flash boot patched_boot.img
14. It'll take a few tenths of a second and said 'OK'/'Done'. Then enter
Code:
fastboot reboot
and unplug the phone after it starts rebooting. I had mine go through 2 reboot cycles and then it was fine, Magisk works and SafetyNet checks pass.
Recovery is stock and I can have a working hosts file and TitaniumBackup. I use LGBridge for more significant backups.
molotov_sh said:
EDIT: On a V30 H930 if that matters.
Coming from an S7 Edge and a Jelly Pro (which was fairly open) so my understanding of how LG does things may be off.
If I just want Magisk - not interested in TWRP/custom roms etc.
Can I:
- enable OEM unlock in developer settings (device is encrypted etc)
- use magisk manager to generate a new boot.img
- use fastboot to flash this e.g. fastboot flash boot patched_boot.img
Or am I missing something? (Probably!)
Click to expand...
Click to collapse
See @Kakari's post just above this one for root without TWRP, using a patched boot.img.
@Kakari I actually posted a PM to @ChazzMatt about a day after I originally posted here with roughly your procedure (I think he may have seen this thread before that PM). I debated posting it here as I didn't have a clean experience with FOTA 20r to 20y (potential for others to suffer data wipes) - in the end I had to LGUP to go to 20y, see below.
For anyone interested in following my method it will wipe your data.
Let me quote my PM to him here:
Thanks for the pointer the other day
I've used your detailed guides, roms and the rather impressive group discovery thread to come up with a simpler method if you're just after root only and you want the official ROM - "light" root users.
As an aside, I should note that after downgrading to 20r (H930 European here), unlocking the bootloader and hard resetting the FOTA wouldn't bump me to 20y, it'd go through the motions and just wipe the phone each time it rebooted to apply it. So I used LGUP to flash 20y (what I was on before rooting with no updates available) and it's all good for now.
My steps:
- Downgrade to unlockable ROM version using LGUP. EU H930 20r here.
- Flash new_unlock.bin to unlock bootloader in fastboot.
- Hard reset as suggested.
- Flash "latest" official ROM using LGUP. EU H930 20y for me as I wanted what I had originally.
- Get the matching boot image (I pulled boot_6.bin from the 20y kdz)
- Feed to to Magisk Manager's install.
- Flash it in fastboot (fastboot flash boot <patched_boot_6.bin>)
Now I have an entirely stock ROM except for boot, so in theory FOTA capable. Rare use case possibly, but saves TWRP and the funky recovery flashing - which looked like it might also trip safetynet with the LG anti-root stuff (I guessed that might hit system?).
Not sure how FOTA will work going forwards for me, but my hope is that all I'll have to do is reflash a Magisk'ed boot. That'd (hopefully) be the only downside - needing to wait for a boot image to regain root, or (somehow) extract it from the phone.
In reality given my FOTA wipe experience I imagine full backups in advance (titanium in my case, as no twrp) will probably be necessary, just like one should do before flashing any custom ROM or update I suppose. Also as it's a modified boot, if the FOTA does a delta update/verify on it that could get awkward, and would necessitate another trip to LGUP.
Your work on the LG V30 has been invaluable, I hope the above is useful.
Click to expand...
Click to collapse
So yes, I have root with Magisk but no need for TWRP! Thanks for your input anyway, it may help others especially as it has LGUP backup bits.

[Guide][Root] The easiest way to root without TWRP

Last updated May 2020
Keeping it short. This is a simple way to root your device. You will need a computer and a data cable for this.
Objectives :
Have root using Magisk
Be able to install OTA from the settings without bootloops
Avoid boot loop
Very important :
This will work with ANY Xiaomi phone, and should work with ANY ANDROID phone as well. The difference between phones would be in where you can get your boot image from.
Your phone has to have an unlocked bootloader
Your phone has to have stock recovery. TWRP WILL cause bootloop for root and/or OTA updates from system.
I like to have root with magisk and don't want to install TWRP because I want to be able to install OTA from system without boot loops. This guide will help you achieve this with ease.
Steps:
Download the ROM full zip file. This could be the ROM ALREADY installed on your phone or you are updating your phone to it. Here is a video of one way to get your ROM file.
https://youtu.be/KsxHial1v1U
Open the file and extract "boot.img" on your phone or Computer.
Move the boot.img file to your phone
Download and install the latest Magisk official manager app from here: https://github.com/topjohnwu/Magisk/releases/download/manager-v7.4.0/MagiskManager-v7.4.0.apk
Open Magisk manager and click install then "select and patch a file" like in this video
https://youtu.be/USHcCMYlexM
Copy the Patched image from the download folder to your computer adb/fastboot folder
Reboot your phone into fastboot (press and hold power and vol down) and connect it to the computer
Flash that patches image file using fastboot
fastboot flash boot magisk_patched.img
Click to expand...
Click to collapse
fastboot reboot
Click to expand...
Click to collapse
Open Magisk manager and complete the installation if needed. The app will prompt you for action.
Enjoy
Update May 2020
Hello again,
Sorry for being away for so long. Here are some of the things I have noticed people are confused with and need to make them clear:
This method works for ANY Android phone. As long as you have the Correct boot.img and can unlock the bootloader
MAKE SURE 100% you have the correct boot.img file for your CURRENT ROM
MAKE 100% SURE, the boot.img file you get from the FULL ROM zip file, not an OTA update zip file
Make sure you check the date and time of the "magisk_patched.img" file to make sure that is the one you made
Make sure you use the LATEST magisk manager
Make sure you open magisk after flashing the magisk_patched.img as boot image. Magisk manager will tell you if there is another step needed, just click yes and it will be done in seconds
Make sure to enable "Hide Magisk" to allow you to have your BANK apps working as well as security checks
If any app you use gives you an error "YOU ARE Rooted bla bla bla" Use magisk manager to hide the root for this specific app (in the settings)
That's all I can remember, good luck
Click to expand...
Click to collapse
Click to expand...
Click to collapse
Kiwironic said:
Keeping it short. This is a simple way to root your device. You will need a computer and a data cable for this.
Steps:
Download the ROM full zip file. This could be the ROM ALREADY installed on your phone or you are updating your phone to it. Here is a video of one way to get your ROM file.
Open the file and extract "boot.img" on your phone or Computer.
Move the boot.img file to your phone
Download and install the latest Magisk official manager app from here: https://github.com/topjohnwu/Magisk/releases/download/manager-v7.4.0/MagiskManager-v7.4.0.apk
Open Magisk manager and click install then "select and patch a file" like in this video
Copy the Patched image from the download folder to your computer adb/fastboot folder
Reboot your phone into fastboot (press and hold power and vol down) and connect it to the computer
Flash that patches image file using fastboot
Open Magisk manager and complete the installation if needed. The app will prompt you for action.
Enjoy
Click to expand...
Click to collapse
After fastboot flash, reboot, open magisk manager, tap INSTALL beside "magisk is up to date". Then select direct install; reboot.
Works on MIUI 11.0.2; davinciin. ??
I know that when I unlock the bootloader,the phone is going to reset...but,is it going to happen immediately or after that 168 hours of waiting?
Sent from my Xiaomi Mi 9T using XDA Labs
welder73 said:
I know that when I unlock the bootloader,the phone is going to reset...but,is it going to happen immediately or after that 168 hours of waiting?
Sent from my Xiaomi Mi 9T using XDA Labs
Click to expand...
Click to collapse
People report different amounts of wait time, depends on the mi account I think
welder73 said:
I know that when I unlock the bootloader,the phone is going to reset...but,is it going to happen immediately or after that 168 hours of waiting?
Sent from my Xiaomi Mi 9T using XDA Labs
Click to expand...
Click to collapse
Phone is reset when the bootloader is unlocked, not before/during the waiting time.
Can do with locked bootloader?
Micdu70 said:
Phone is reset when the bootloader is unlocked, not before/during the waiting time.
Click to expand...
Click to collapse
Thank you man :good:
Sent from my Xiaomi Mi 9T using XDA Labs
Cabeção-Flu said:
Can do with locked bootloader?
Click to expand...
Click to collapse
No, bootloader has to be unlocked.
@Kiwironic followed your guide and worked very well, although I had to wipe data through the stock recovery to get the phone to boot, I believe that's just how newer Xiaomi phones work. I do have one question though, now that I'm rooted with stock recovery, would I be able to install OTA updates? I'm assuming I would of course lose root and have to redo the process from scratch if that's the case.
Lazer Bear said:
@Kiwironic followed your guide and worked very well, although I had to wipe data through the stock recovery to get the phone to boot, I believe that's just how newer Xiaomi phones work. I do have one question though, now that I'm rooted with stock recovery, would I be able to install OTA updates? I'm assuming I would of course lose root and have to redo the process from scratch if that's the case.
Click to expand...
Click to collapse
I had root on MIUI10 and updated the ROM to MIUI11 then did my root again the way mentioned and did NOT have to wipe. You can get OTA anyway, it will try the update first, it will fail, then it download and install a full ROM zip automatically. You have to wait for it to do that twice, that's all. The first boot after the update takes some time.
@Kiwironic First, thank you so your simple guide!
Can this cause bootloop on my device? If yes, can I simply flash the original boot.img to boot without any data loss?
Also another question: my device is rootless and bootloader unlocked, so my Google Pay doesn't work. When installing Magisk it goes back to work immediately or I have to do something to work?
kryzeK said:
@Kiwironic First, thank you so your simple guide!
Can this cause bootloop on my device? If yes, can I simply flash the original boot.img to boot without any data loss?
Also another question: my device is rootless and bootloader unlocked, so my Google Pay doesn't work. When installing Magisk it goes back to work immediately or I have to do something to work?
Click to expand...
Click to collapse
If you flash the full rom, chances of bootloop is minimal. And should have stock experience except for being unlocked.
I got bootloop, using indian global V11.0.2.0.
After flashing patched boot, it gets bootloop recovery, only way is to wipe all data and reboot
After booting up and opeing magisk it shows a recommendation to install some ZIP
Accepting the recommendation results in bootloop,
Rejecting the recommendation and trying to Install > Direct Install results in bootloop as well
Posted a thread with this issue here
stone_henge said:
I got bootloop, using indian global V11.0.2.0.
After flashing patched boot, it gets bootloop recovery, only way is to wipe all data and reboot
After booting up and opeing magisk it shows a recommendation to install some ZIP
Accepting the recommendation results in bootloop,
Rejecting the recommendation and trying to Install > Direct Install results in bootloop as well
Posted a thread with this issue here
Click to expand...
Click to collapse
This
I got the exact same issue, every time it asked me to install additional zip files it went into recovery immediately after booting up.
Anyone know why this happened?
oblyvision said:
This
I got the exact same issue, every time it asked me to install additional zip files it went into recovery immediately after booting up.
Anyone know why this happened?
Click to expand...
Click to collapse
Do you have stock recovery or TWRP? Which version of Magisk are you using?
I have patched my boot stock image, installed full ROM, then flashed the patched boot image. Magisk did not show any recommendation installation.
There are a few guides online on how to deal with Magisk Bootloop without the need to wipe data.
Kiwironic said:
Do you have stock recovery or TWRP? Which version of Magisk are you using?
I have patched my boot stock image, installed full ROM, then flashed the patched boot image. Magisk did not show any recommendation installation.
There are a few guides online on how to deal with Magisk Bootloop without the need to wipe data.
Click to expand...
Click to collapse
TWRP 3.3.1-8, magisk 20.1
Patching boot image with magisk wasn't a problem. The Superuser itself works normally, module doesn't. The magisk manager suggested to download additional files for the magisk to be working properly.
I'm on MIUI 11.0.1 Global
Was TWRP the cause in the fist place?
oblyvision said:
TWRP 3.3.1-8, magisk 20.1
Patching boot image with magisk wasn't a problem. The Superuser itself works normally, module doesn't. The magisk manager suggested to download additional files for the magisk to be working properly.
I'm on MIUI 11.0.1 Global
Was TWRP the cause in the fist place?
Click to expand...
Click to collapse
On first installation MM asks to download what it needs e.g. to verify SafetyNet. Allow and there is no problem about. TWRP is generally not needed to install Magisk. Things are documented in Magisk guides
https://topjohnwu.github.io/Magisk/
https://www.didgeridoohan.com/magisk/HomePage
oblyvision said:
TWRP 3.3.1-8, magisk 20.1
Patching boot image with magisk wasn't a problem. The Superuser itself works normally, module doesn't. The magisk manager suggested to download additional files for the magisk to be working properly.
I'm on MIUI 11.0.1 Global
Was TWRP the cause in the fist place?
Click to expand...
Click to collapse
Yes, as the title suggests "without TWRP". The reason is, you cannot install OTA and magisk easily without using the stock recovery. Any attempt to update OTA or use any recovery script on the phone will result in a boot loop.
The solution to get out of the boot loop is simple. Actually a couple of solutions.
One, flash your stock recovery, or
Two, flash a full ROM that includes the stock recovery.
No need to wipe data
That's the only reason I made this post and the other about OTA on root. I don't like to use TWRP because I want OTA install without boot loop. At the same time I want root. Hence the solutions I provided
Kiwironic said:
Yes, as the title suggests "without TWRP". The reason is, you cannot install OTA and magisk easily without using the stock recovery. Any attempt to update OTA or use any recovery script on the phone will result in a boot loop.
The solution to get out of the boot loop is simple. Actually a couple of solutions.
One, flash your stock recovery, or
Two, flash a full ROM that includes the stock recovery.
No need to wipe data
That's the only reason I made this post and the other about OTA on root. I don't like to use TWRP because I want OTA install without boot loop. At the same time I want root. Hence the solutions I provided
Click to expand...
Click to collapse
I've tried flashing magisk via recovery and didn't work, the same bootloop. Here's the thread: https://forum.xda-developers.com/mi-9t/how-to/guide-miui-11-v11-0-1-0-pfjmixm-rooted-t3997299
I thought this might be a working alternative.
Gotta try installing magisk with stock recovery then, and if it still didn't work, well, more research for me..
oblyvision said:
I've tried flashing magisk via recovery and didn't work, the same bootloop. Here's the thread: https://forum.xda-developers.com/mi-9t/how-to/guide-miui-11-v11-0-1-0-pfjmixm-rooted-t3997299
I thought this might be a working alternative.
Gotta try installing magisk with stock recovery then, and if it still didn't work, well, more research for me..
Click to expand...
Click to collapse
You have to understand the requirements :
- stock recovery
- install magisk manager app
- patch the boot image for your stock ROM (same version on your phone)
- flash that Patched boot image.
- reboot
- done, that's magisk installed

How To Guide [GUIDE] Pixel 6 "oriole": Unlock Bootloader, Update, Root, Pass SafetyNet

WARNING! IF YOU ARE UPDATING TO ANDROID 13 FOR THE FIRST TIME, READ THIS FIRST!
If you are looking for my guide on a different Pixel, find it here:
Pixel 3
Pixel 3XL
Pixel 3a
Pixel 3aXL
Pixel 4
Pixel 4XL
Pixel 4a
Pixel 4a (5G)
Pixel 5
Pixel 5a
Pixel 6 Pro
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Prerequisites:
Latest SDK Platform Tools - if Platform Tools is out of date, you WILL run into problems!
USB Debugging enabled
Google USB Driver installed
I recommend using Command Prompt for these instructions; some users have difficulty with PowerShell.
Make sure the Command Prompt is running from your Platform Tools directory!
Android Source - Setting up a device for development
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub
Spoiler: Unlock Bootloader
Follow these instructions to enable Developer Options and USB Debugging.
Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
Connect your device to your PC, and open a command window in your Platform Tools folder.
Ensure ADB sees your device:
Code:
adb devices
If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
If you see "unauthorized", you need to authorize the connection on your device.
If you see the device without "unauthorized", you're good to go.
Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
Code:
fastboot flashing unlock
Select Continue on the device screen.
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA:
Code:
adb reboot sideload
Once in recovery:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.
Spoiler: Update and Root using PixelFlasher <<RECOMMENDED FOR NOVICES>>
PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.
For instructions, downloads, and support, please refer to the PixelFlasher thread.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet/Play Integrity
SafetyNet has been deprecated for the new Play Integrity API. More information here.
In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.
However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.
Mod available here. Do not use MagiskHide Props Config with this mod.
This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
YASNAC - GitHub
To check Play Integrity status:
Play Integrity Checker - NOTE: MEETS_STRONG_INTEGRITY will ALWAYS fail on an unlocked bootloader.
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.
Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
This is very interesting but maybe a more accurate/calm title would be better
I posted in another tread but I was on November's patch but used .15's vbmeta to root (before images were available for November)
Can I just flash vbmeta with the disable flags, and not worry about a wipe?
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
lackalil said:
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
Click to expand...
Click to collapse
To pass SafetyNet, you have to use Universal SafetyNet Fix 2.2.0, which is currently in beta on Patreon.
V0latyle said:
To pass SafetyNet, you have to use Universal SafetyNet Fix 2.2.0, which is currently in beta on Patreon.
Click to expand...
Click to collapse
Ahh, I see that in the thread now. Not a big deal for me because I don't use any apps that need it—I've just been doing it as a matter of course for a good while. Nonetheless, I'm still passing attestation with USNF 2.1.1 according to Root Checker and YASNAC.
Confirmed root working on Magisk Alpha v23001 (then reverted back to MM 23.0 to keep the old module repository links). Also updated to Nov '21 bootloader and radio at the same time. GPay stopped working for me since the Sept '21 update and all the various requirements to re-enable. I'm not that interested in GPay functionality.
schalacker said:
Confirmed root working on Magisk Alpha v23001 (then reverted back to MM 23.0 to keep the old module repository links). Also updated to Nov '21 bootloader and radio at the same time. GPay stopped working for me since the Sept '21 update and all the various requirements to re-enable. I'm not that interested in GPay functionality.
Click to expand...
Click to collapse
In case anyone is, GPay is working for me on my Pixel 5 with the November build. Magisk 23001 + MagiskHide + Riru + Universal SafetyNet Fix 2.1.1.
V0latyle said:
In case anyone is, GPay is working for me on my Pixel 5 with the November build. Magisk 23001 + MagiskHide + Riru + Universal SafetyNet Fix 2.1.1.
Click to expand...
Click to collapse
where can i get magiskhide, riru universal safety, thanks
when you receive the pixel
I update it with the latest update and then unlock booloader and root.
is this correct?
miss said:
where can i get magiskhide, riru universal safety, thanks
Click to expand...
Click to collapse
Magisk 23001, MagiskHide is in the options
Riru is in the module repo
Universal SafetyNet Fix 2.1.1
miss said:
when you receive the pixel
I update it with the latest update and then unlock booloader and root.
is this correct?
Click to expand...
Click to collapse
This would probably be the best way to do it, yes.
Great write up! Thanks for putting it together.
You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.
Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
sic0048 said:
Great write up! Thanks for putting it together.
You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.
Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
Click to expand...
Click to collapse
Exactly, I was guilty of not removing a Magisk module on my P5 when installing an update. And learned the hard way.
You really never know if there is some sort of residue left from your previous setup.
sic0048 said:
Great write up! Thanks for putting it together.
You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.
Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
Click to expand...
Click to collapse
You don't actually have to flash it. If you boot the patched image and it works, you should be able to use Direct Install in Magisk to patch the image in /boot. Then, next time you reboot, the device loads that image, which should be exactly the same as what you live booted.
But yes, it's very useful to be able to test.
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Release v1.0.0-alpha01 · capntrips/VbmetaPatcher
initial commit
github.com
The process should be considered experimental until a few other people have tested it. Should anyone attempt it, I would suggest backing up any critical data.
I'm also considering making a tool to restore the stock boot backup image, in case anyone fastboot flashed, rather than doing a direct install in the Magisk app. It could also be used to download the newly installed boot image from the inactive slot after an OTA, to avoid having to download the full factory image.
Unfortunately, patching boot in the inactive slot in Magisk was disabled for Pixel devices a while back, since it caused issues with starting back up. When the December OTA comes out, I'll probably take the plunge to see if I can figure out a way to make it work.
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
capntrips said:
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Release v1.0.0-alpha01 · capntrips/VbmetaPatcher
initial commit
github.com
The process should be considered experimental until a few other people have tested it.
I'm also considering making a tool to restore the stock boot backup image, in case anyone fastboot flashed, rather than doing a direct install in the Magisk app. It could also be used to download the newly installed boot image from the inactive slot after an OTA, to avoid having to download the full factory image.
Unfortunately, patching boot in the inactive slot in Magisk was disabled for Pixel devices a while back, since it caused issues with starting back up. When the December OTA comes out, I'll probably take the plunge to see if I can figure out a way to make it work.
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
Click to expand...
Click to collapse
So, if I use this tool after rooting OTA updates will work and I'll still have root?
Edit: And can you explain more clearly the process on how to do this?
KedarWolf said:
So, if I use this tool after rooting OTA updates will work and I'll still have root?
Edit: And can you explain more clearly the process on how to do this?
Click to expand...
Click to collapse
No, the tool does nothing to maintain root. It simply allows you to take the OTA. You will still need to reboot into fastboot and flash or boot from a patched boot image.
The steps would be:
Restore boot in the Magisk app
Restore vbmeta in Vbmeta Patcher
Take the OTA in System Updater
Patch vbmeta in Vbmeta Patcher
Patch the new boot image in the Magisk app and copy it to your computer
Reboot into fastboot
Boot from the new patched boot image
Direct Install Magisk in the Magisk App
As I noted the quote post, this process should be considered experimental until it has been more thoroughly tested. You should consider backing up any critical data before attempting it, in case something goes wrong.
I'm working on another tool to make it a bit easier to acquire the new boot image in step 5, but that will likely be a few days. Hopefully we'll be able to install Magisk to the inactive slot on Pixel devices again in the future, which would consolidate steps 5-8.
capntrips said:
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Click to expand...
Click to collapse
Patch vbmeta how? What does patching the image accomplish?
capntrips said:
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
Click to expand...
Click to collapse
This is good news. Would the same thing be accomplished by flashing the boot image to both slots using --slot=all?
lackalil said:
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
Click to expand...
Click to collapse
did the flash tool make you wipe when disabling verity and verification? I noticed it allows you to uncheck the wipe device option.... just curious thx
dadoc04 said:
did the flash tool make you wipe when disabling verity and verification? I noticed it allows you to uncheck the wipe device option.... just curious thx
Click to expand...
Click to collapse
If the build you're currently on has verity and verification disabled, you don't have to wipe when you update using the flash tool.
I haven't tried it without wiping from unrooted/stock vbmeta. It could well be possible despite a wipe being required when flashing using adb.

Question Rooting T-Mobile A12 DE2118_11_C.16 (July 2022 patch)

Long story short, I rooted my N200 T-Mobile variant to A12 DE2118_11_C.15 (Full OTA) not a long time ago with no issues. However to be able to update to DE2118_11_C.16 (Incremental update, w/July 2022 Patch) I had to uninstall Magisk first, then update it to c.16. Now my phone is updated to c.16 but I am very unsure how to root it again to avoid bootloop;
1. Can I use c.15 stock boot image since c.16 was an incremental update? or I need c.16 version?
2. If c.16 boot image is already extracted please share.
3. If none above, how and where I can find the OTA file to extract payload.bin and then boot.img?
I would really appreciate if somebody help me with this, thank you.
HTCore said:
Long story short, I rooted my N200 T-Mobile variant to A12 DE2118_11_C.15 (Full OTA) not a long time ago with no issues. However to be able to update to DE2118_11_C.16 (Incremental update, w/July 2022 Patch) I had to uninstall Magisk first, then update it to c.16. Now my phone is updated to c.16 but I am very unsure how to root it again to avoid bootloop;
1. Can I use c.15 stock boot image since c.16 was an incremental update? or I need c.16 version?
2. If c.16 boot image is already extracted please share.
3. If none above, how and where I can find the OTA file to extract payload.bin and then boot.img?
I would really appreciate if somebody help me with this, thank you.
Click to expand...
Click to collapse
The steps below is what I do since Android 12 update:
**Automatic system updates should be unchecked on Developer options.**
Prerequisites: Rooted with Magisk (v25.2 recommended) / Have stock boot image available.
Preparation:
A. Restore active slot boot img with stock boot on adb shell with root
ex) dd if=/sdcard/boot_a.img of=/dev/block/bootdevice/by-name/boot_a
OR
B. Uninstall Magisk with Restore Image option if available
--------------------------------------------------------------------------------------------------------------
**If you do A first and Direct Install with Magisk, then B option will be available.
1. Update OTA and DO NOT PRESS Restart Button.
2. Backup the new stock boot image. If your current boot is b, then new stock boot is a
ex) dd if=/dev/block/bootdevice/by-name/boot_a of=/sdcard/boot_a.img
3. Patch the newly extracted stock boot with Magisk -> Reboot -> Reboot to fastboot
4. Flash the newly magisk patched image
ex) fastboot flash boot_a new_magisk_boot.img
5. Reboot
OR you can try to install Magisk with in-active slot option at Step #3, then restart with OTA, not with Magisk; however, I've been told that it sometimes makes an issue such as bootloop. Up to you.
follow A1.1 to get your boot.img.
[GUIDE] Root and keeping root options
Update 230526: Correct numbering of "B.1.1 Simple" to "B.1.2 Simple", use "OOS 13+" instead of "OOS 13" as OOS 13.1 is now available A. First time rooting This process is common across all options A.1 Flashing Magisk patched boot image There...
forum.xda-developers.com
After your phone is rooted again, go in developer options and disable automatic system updates so it won't restart without your consent in future OTAs. when it asks for you to restart, go into the magisk app and press install and then "install to inactive slot". Then go back to the system update screen and press restart.
That's it. If you followed the steps correctly, your device should be updated and you should still have root!
Thank you both of you for your help and thorough explanation.
I suppose since I already restarted my device after update I have no chance with @lentm's method.
Now I'm going to follow what @justauserthatusesaphone posted and see what happens.
I will post the result here if somebody else is interested too.
HTCore said:
Thank you both of you for your help and thorough explanation.
I suppose since I already restarted my device after update I have no chance with @lentm's method.
Now I'm going to follow what @justauserthatusesaphone posted and see what happens.
I will post the result here if somebody else is interested too.
Click to expand...
Click to collapse
All you need is the stock boot img file, and here's the latest one:
11_C.16_DE18CB_tmobile_stock.7z is available for download
Click to access the 11_C.16_DE18CB_tmobile_stock.7z (35.3 MB) download with TransferNow
www.transfernow.net
Thank you for posting boot.img @lentm!
I was middle of what @justauserthatusesaphone posted when you attached the boot.img! So thank you very much being mindful of others!
However, just to learn more and be prepared for future updates I tried the other method and it worked perfectly! My device is now rooted with latest update thanks both of you guys!
Next I'm gonna use your method for another N200 which hasn't been updated yet and experience that one as well.
HTCore said:
Thank you for posting boot.img @lentm!
I was middle of what @justauserthatusesaphone posted when you attached the boot.img! So thank you very much being mindful of others!
However, just to learn more and be prepared for future updates I tried the other method and it worked perfectly! My device is now rooted with latest update thanks both of you guys!
Next I'm gonna use your method for another N200 which hasn't been updated yet and experience that one as well.
Click to expand...
Click to collapse
glad to hear you got it!
lentm's link didn't work for me so for anyone else who needs the stock image here is a non-expiring link for stock boot image for Tmobile DE2118 11_C.16:
boot_11_C.16_DE2118_tmobile_stock.img | by towardsdawn for Nord N200 5G
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
www.androidfilehost.com
Could someone please tell me if it's possible to root this device running the latest July 5th update mentioned above without a pc ?
And if so where to find or how to do it ?!
I've been searching everywhere and have only come across a bunch of "one clock root options" that haven't worked .
Brisingrmischief said:
Could someone please tell me if it's possible to root this device running the latest July 5th update mentioned above without a pc ?
And if so where to find or how to do it ?!
I've been searching everywhere and have only come across a bunch of "one clock root options" that haven't worked .
Click to expand...
Click to collapse
One click root APKs don't have access to fastboot to flash a rooted boot.img, which is what you need to do for permanent root for newer Android devices. Also I wouldn't trust those anyway, most are not open source and might contain malware/ads/etc.
You can have a temporary root if your bootloader is unlocked by using a DSU, however if your bootloader has not been unlocked (which you need a PC to do) do NOT attempt to do this. Multiple people have reported bricking their devices attempting to do this so you have been warned.
All files on the DSU will be deleted when you discard the DSU since it is a different system image from the original. If you really know what you're doing you might be able to flash a Magisk rooted boot.img to the original system image from the DSU, I don't know how to do this. You can play around with making the DSU persist through reboots using this guide, I don't know if that works with updates or if all files will have to be discarded if you want to update. I recommend using DSU sideloader with a GSI from phhusson, when it says to run the shell script over ADB you can use a terminal app like Termux instead.
towardsdawn said:
One click root APKs don't have access to fastboot to flash a rooted boot.img, which is what you need to do for permanent root for newer Android devices. Also I wouldn't trust those anyway, most are not open source and might contain malware/ads/etc.
You can have a temporary root if your bootloader is unlocked by using a DSU, however if your bootloader has not been unlocked (which you need a PC to do) do NOT attempt to do this. Multiple people have reported bricking their devices attempting to do this so you have been warned.
All files on the DSU will be deleted when you discard the DSU since it is a different system image from the original. If you really know what you're doing you might be able to flash a Magisk rooted boot.img to the original system image from the DSU, I don't know how to do this. You can play around with making the DSU persist through reboots using this guide, I don't know if that works with updates or if all files will have to be discarded if you want to update. I recommend using DSU sideloader with a GSI from phhusson, when it says to run the shell script over ADB you can use a terminal app like Termux instead.
Click to expand...
Click to collapse
Thank you for your help !
I assume that since my bootloader is not unlocked and I don't have access to a pc I'm pretty much out of luck on rooting this device until I can get access to one .
Guess I'll have find a way to access one .
Much appreciated though !

How To Guide N20 5G [CPH2459] - Unlock/Root/Safetynet (Step-by-Step)

These instructions are for the CPH2459 – Unlocked Nord N20 50
I wanted to give back and distribute an easy to follow step-by-step guide as many were asking for a complete guide and I had a little time to create it today. Hopefully this will help kick off some good dev for the device as we are light currently.
I take no responsibility for any issues with your device and do not have backups in the steps, so use at your own risk as always...
COMPLETE STEPS......
Update your phone to the latest OS/patch level over Internet OTA from 1+ and reboot
Verify you are running OS/patch à CPH2459_11_C_10 (latest at time of this)
Enable developer options by clicking on the build number until activation appears (Under Setting-->About-->Version)
Enable Unlock bootloader in the new Developers Options section now in the Phone menu
Enable USB debugging under the new Developers Options
Plug in your phone with usb connected to pc and select transfer files if prompted
Download and extract install latest ptools-n20.zip (with included patched boot files)
Open a windows command prompt in the folder that you extracted the platform tools into
Run adb devices and be sure the phone shows up as a device that is attached
Accept device fingerprint if asked
Run command to boot to bootloader: adb reboot bootloader
Run command to ensure connection in bootloader to your phone: fastboot devices
Run Command to unlock bootloader: fastboot flashing unlock
Lave command prompt open
Use volume keys to select “unlock bootloader” then press “power” to unlock
The device will reset and will now be unlocked
After phone boots, complete the quick setup
Repeat step #3, #5-6, #9-12
In Command prompt where platform tools are installed run command: fastboot flash boot a.img
Reboot phone and you will be patched
Install Magisk 25.2 App from official repo & Enable Zygisk in settings
Enable Magisk hide and reopen the app
Add your google account if not already added and use Play Store or use Aurora store to install Safetynet Checker by flink apps
Run Safetynet checker and notice the device fails 2 checks
Transfer 2 zip files included to your phone: Shamiko & Safetynet fix. These will help hiding root and will allow your phone to pass Safetynet fixes
Install both zips under module section in Magisk. (you can do 1…don’t reboot when asked, then do other and reboot to activate both)
Run Safetynet Checker again and you should pass all checks.
Viola…you are unlocked/rooted/patched and pass safetynect checks.....ENJOY!
I will update here on how to take future OTAs as more come out and if time allows.
NOTES: Files in platform tools
a.img = boot_a.img magisk patched
b.img = boot_b.img magisk patched (just in case)
boot_a.img = Unpatched a (just in case)
boot_b.img = Unpatched b (just in case)
==============================================
2/3/23 UPDATE: How to take an OTA and preserve root
==============================================
1. First, Under developer options, make sure the option to apply automatic updates on reboot is ENABLED. (If you do not do this, you will loose root)
2. Unroot the device. We wont completely remove Magisk, just restore images. To do this Open Magisk, click uninstall magisk, and only click "restore images". DO NOT REBOOT!
3. Check for software updates. Install OTA update after downloaded. DO NOT REBOOT!
4. Open Magisk again and now reinstall it but select "inactive slot" for the option.
5. REBOOT. Boot will take about 30 seconds to apply.
You are now updated
ScarletWizard said:
Thank you for this I will post this on the telegram channel
Click to expand...
Click to collapse
What is the link to the telegram chan?
mvincent2k said:
What is the link to the telegram chan?
Click to expand...
Click to collapse
My CPH2459 crappped out on me, and I have had little luck since moving from GN2200 to this model and could use a backup if you could lend a hand
mvincent2k said:
What is the link to the telegram chan?
Click to expand...
Click to collapse
OnePlus Nord N20 | Official
You can view and join @oneplusnordn20 right away.
t.me
ScarletWizard said:
Incorrect link
Click to expand...
Click to collapse
Can you share the right channel.
mvincent2k said:
These instructions are for the CPH2459 – Unlocked Nord N20 50
I wanted to give back and distribute an easy to follow step-by-step guide as many were asking for a complete guide and I had a little time to create it today. Hopefully this will help kick off some good dev for the device as we are light currently.
Click to expand...
Click to collapse
Damn son, your attention to detail is admirable! Very thorough and well-documented. Thanks.
Can I use this on the new ota update
mvincent2k said:
a.img = boot_a.img magisk patched
Click to expand...
Click to collapse
killerex said:
Can I use this on the new ota update
Click to expand...
Click to collapse
No you would need an updated img if you are on the latest upgrade. I no longer have an N20 to test with otherwise would create one for the group. Someone else may possibly.
How? I'm not updated yet can guide me how to do it.thank
killerex said:
How
Click to expand...
Click to collapse
Search the other XDA threads here for this device. A few explain how to extract payload and patch.
If you are on the previous update, see the update to my instructions just posted on how to take the OTA and stay rooted with Magisk
I'm getting installation error.. I'm in previous update
mvincent2k said:
These instructions are for the CPH2459 – Unlocked Nord N20 50
I wanted to give back and distribute an easy to follow step-by-step guide as many were asking for a complete guide and I had a little time to create it today. Hopefully this will help kick off some good dev for the device as we are light currently.
I take no responsibility for any issues with your device and do not have backups in the steps, so use at your own risk as always...
COMPLETE STEPS......
Update your phone to the latest OS/patch level over Internet OTA from 1+ and reboot
Verify you are running OS/patch à CPH2459_11_C_10 (latest at time of this)
Enable developer options by clicking on the build number until activation appears (Under Setting-->About-->Version)
Enable Unlock bootloader in the new Developers Options section now in the Phone menu
Enable USB debugging under the new Developers Options
Plug in your phone with usb connected to pc and select transfer files if prompted
Download and extract install latest ptools-n20.zip (with included patched boot files)
Open a windows command prompt in the folder that you extracted the platform tools into
Run adb devices and be sure the phone shows up as a device that is attached
Accept device fingerprint if asked
Run command to boot to bootloader: adb reboot bootloader
Run command to ensure connection in bootloader to your phone: fastboot devices
Run Command to unlock bootloader: fastboot flashing unlock
Lave command prompt open
Use volume keys to select “unlock bootloader” then press “power” to unlock
The device will reset and will now be unlocked
After phone boots, complete the quick setup
Repeat step #3, #5-6, #9-12
In Command prompt where platform tools are installed run command: fastboot flash boot a.img
Reboot phone and you will be patched
Install Magisk 25.2 App from official repo & Enable Zygisk in settings
Enable Magisk hide and reopen the app
Add your google account if not already added and use Play Store or use Aurora store to install Safetynet Checker by flink apps
Run Safetynet checker and notice the device fails 2 checks
Transfer 2 zip files included to your phone: Shamiko & Safetynet fix. These will help hiding root and will allow your phone to pass Safetynet fixes
Install both zips under module section in Magisk. (you can do 1…don’t reboot when asked, then do other and reboot to activate both)
Run Safetynet Checker again and you should pass all checks.
Viola…you are unlocked/rooted/patched and pass safetynect checks.....ENJOY!
I will update here on how to take future OTAs as more come out and if time allows.
NOTES: Files in platform tools
a.img = boot_a.img magisk patched
b.img = boot_b.img magisk patched (just in case)
boot_a.img = Unpatched a (just in case)
boot_b.img = Unpatched b (just in case)
==============================================
2/3/23 UPDATE: How to take an OTA and preserve root
==============================================
1. First, Under developer options, make sure the option to apply automatic updates on reboot is ENABLED. (If you do not do this, you will loose root)
2. Unroot the device. We wont completely remove Magisk, just restore images. To do this Open Magisk, click uninstall magisk, and only click "restore images". DO NOT REBOOT!
3. Check for software updates. Install OTA update after downloaded. DO NOT REBOOT!
4. Open Magisk again and now reinstall it but select "inactive slot" for the option.
5. REBOOT. Boot will take about 30 seconds to apply.
You are now updated
Click to expand...
Click to collapse
Thank you for this! Glad to see people are picking up the slack. I havent updated yet because im worried about having to battle tighter restrictions that newer versions of android inevitably bring. I wont be able to use the images as i have the gn2200 but grateful for the how to guide on updating. Didnt realize it was quite that easy. Im still on May on one device and July on the other tho recently had to downgrade it to restore it in an emergency situation and was thankfully able to do all the flashing from the may device otg
PsYk0n4uT said:
Thank you for this! Glad to see people are picking up the slack. I havent updated yet because im worried about having to battle tighter restrictions that newer versions of android inevitably bring. I wont be able to use the images as i have the gn2200 but grateful for the how to guide on updating. Didnt realize it was quite that easy. Im still on May on one device and July on the other tho recently had to downgrade it to restore it in an emergency situation and was thankfully able to do all the flashing from the may device otg
Click to expand...
Click to collapse
Not a problem. Always glad to help the community out!
Very nice. I'm expecting delivery of one of these phones tomorrow. It already has Android 12 installed on it. So, I'm wondering if it's safe to use the attached image files to root it or should I go through the process of having Magisk patch the phone's existing a and b images?
Raybo58 said:
Very nice. I'm expecting delivery of one of these phones tomorrow. It already has Android 12 installed on it. So, I'm wondering if it's safe to use the attached image files to root it or should I go through the process of having Magisk patch the phone's existing a and b images?
Click to expand...
Click to collapse
Just make sure your using a12 boot image if your trying to use a posted one.balso be sure to use the same security patch boot image as the system you already have installed.
Safest bet is to use the DSU sideloader method to pull your own boot image and then patch it if your unsure of which patched boot image to use. It's a little more complicated but pulling your own boot image will ensure that you have an exact match for your device.
If you have or can locate and obtain an unpatched boot image that matches your system. You should have one on hand just in case the patched boot image doesn't work so that you can simply reflash your stock image in that case.
A mismatching boot image can lead to an unbootable state so you need to be prepared.
You shouldn't have to worry much about anything crazy or unrepairable so long as your flashing boot images made for the device your flashing them to. Just don't flash boot images from a completely different device as that can cause you to end up with any sort 9f crazy weird issues that may not even be fixable.
Raybo58 said:
Very nice. I'm expecting delivery of one of these phones tomorrow. It already has Android 12 installed on it. So, I'm wondering if it's safe to use the attached image files to root it or should I go through the process of having Magisk patch the phone's existing a and b images?
Click to expand...
Click to collapse
By any chance you got the latest boot.img
Will this work on a GN2200?
NO
Followed instructions and it worked. BUT, can't update the firmware. When I try to restore images in Magisk it says they don't exist. So I can't update to the latest firmware. Suggestions?
alipps1 said:
Followed instructions and it worked. BUT, can't update the firmware. When I try to restore images in Magisk it says they don't exist. So I can't update to the latest firmware. Suggestions?
Click to expand...
Click to collapse
I recently ran into this on another device and had to fix so you are in luck. I believe something broke with magisk running on 13 during the last OTA with security, so here are the steps...
1) Unhide and Uninstall magisk app completely and Update to the latest canary version of magisk apk here and restart: https://github.com/topjohnwu/Magisk
2) Verify it sees magisk installed and has latest build.
3) Try restoring images again and it may work.
If that does not work...
1) You will need to do a full unroot...which technically should not work if the images were not present, but it does, so images are present (proving it is a bug)
2) You will need to complete the full procedure of patching the boot image again yourself.
3) Extract payload and patch the boot.img per instructions in this forum, then flash per my instructions above.
FYI. I did this on the current version of the OS and then did the restore images and upgrade to take the OTA and prove the bug and that OTA updates will work as in the instructions above in the future again, which it did.
Alternatively, you could also update the to the latest OTA after unrooting and just do it once, but I wanted to play it safe just in case Google updated something in the latest 13 builds blocking magisk... So your choice, but please post back here how you make out.
Good luck

Categories

Resources