Question Please, could I have your help with vbmeta flags - Google Pixel 6 Pro

Forgive me, If I am asking something that was previously answered.
I have been looking around this community, also did some homework, but I am still confused and need double-check.
It seems that fastboot flashing is getting more and more complicated these days. I always just did a flash-all bat (after removing -w) and flashed the patched img for my previous Pixel 1 and 3.
I have flashed my Pixel 6 to November firmware, January firmware, patched with the latest magisk without disabling any flags for now.
Everything goes well until I happen to flash several third-party kernels using EXKM. I am not very sure whether flashing a kernel or recovering to magisk patched stock kernel via EXKM causes the issue.
Now every time I boot the phone, the annoying corrupted message shows up. I was stupid that when I saw that message, I immediately flashed the stock boot.img, then the full firmware. It turned out that I can move forward by pressing the power button after the corrupted message appeared. You must know, that annoying message is still there.
To cut a long story short,
Now I need your help to confirm before proceeding.
1. If I try to live with this corrupted message, is there any further potential damage to my phone, will it become soft-bricked even bricked?
2. If I am going to disable these flags, will it be a must to disable them every time I monthly flash the google firmware?
3. For now my phone is with the latest January firmware and that annoying corrupted message is rooted. How can I proceed? just
Code:
fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
then, reboot the bootloader and do a flash-all without removing -w
then flash patched boot image.
Will the above operations get rid of the corrupted message and bring my phone back to normal?
Thanks very much in advance for your attention and I appreciate your comments pretty much
Stay safe

OK, I have finally managed to flashed January firmware with flags disabled, skipping reboot, and patched again.
For now, the annoying message disappeared. That is to say question 3 get answered
I do like this
Code:
PATH=%PATH%;"%SYSTEMROOT%\System32"
fastboot flash bootloader bootloader-oriole-slider-1.0-8013568.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot flash radio radio-oriole-g5123b-93368-211225-b-8029609.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot --disable-verity --disable-verification --skip-reboot update image-oriole-sq1d.220105.007.zip
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot flash boot root24001.img
fastboot reboot
echo Press any key to exit...
pause >nul
exit
credit to @guruoop
Answeres to question 1 & 2 still welcomed

Sorry, but I read Oriole... Do you have a P6 or a P6 Pro? P6 Pro is Raven, not Oriole... Oriole is P6.
Could you have the wrong firmware?

bush911 said:
Answeres to question 1 & 2 still welcomed
Click to expand...
Click to collapse
1. That corrupt message means you have a dm verity corruption. Because there is a corruption, you are in eio dm verity mode. A clean flash (or factory reset) without corruption errors will allow the bootloader to see that a new OS has been installed and will switch back to restart mode and remove that warning. Apparently the root hash of the hash tree and the expected root hash aren't matching up, thus triggering this warning. See documentation below.
Also, pressing the power button puts the phone in restart mode and will allow you to boot up in this circumstance. I don't believe "living" with this corruption message will lead to any further damage to your phone, but can't be 100% sure of this.
2. Depends. You no longer have to have them disabled if using Canary 23016 or newer to boot a Magisk-patched boot image. However, some custom kernels may still require them to be disabled, depending on whether they have updated the Magiskboot binary to Magisk 23016 or later. Others that provide a boot image (among other images) you can probably just patch the provided boot image with Magisk 23016 or later without having to disable verity and verification. Best to check with the custom kernel developer beforehand (or check in their OP and threads).
So, depending on whether you are using a custom kernel that may require these 2 flags to be disabled will determine whether you need to keep those flags disabled when updating to a new monthly security build. If just updating, then you don't have to keep these flags disabled. If you decide to keep these flags enabled, and then later decide to disable them you will have to perform a factory reset after disabling them again.
Boot Flow | Android Open Source Project
source.android.com

that's also the issue I run into

Lughnasadh said:
1. That corrupt message means you have a dm verity corruption. Because there is a corruption, you are in eio dm verity mode. A clean flash (or factory reset) without corruption errors will allow the bootloader to see that a new OS has been installed and will switch back to restart mode and remove that warning. Apparently the root hash of the hash tree and the expected root hash aren't matching up, thus triggering this warning. See documentation below.
Also, pressing the power button puts the phone in restart mode and will allow you to boot up in this circumstance. I don't believe "living" with this corruption message will lead to any further damage to your phone, but can't be 100% sure of this.
2. Depends. You no longer have to have them disabled if using Canary 23016 or newer to boot a Magisk-patched boot image. However, some custom kernels may still require them to be disabled, depending on whether they have updated the Magiskboot binary to Magisk 23016 or later. Others that provide a boot image (among other images) you can probably just patch the provided boot image with Magisk 23016 or later without having to disable verity and verification. Best to check with the custom kernel developer beforehand (or check in their OP and threads).
So, depending on whether you are using a custom kernel that may require these 2 flags to be disabled will determine whether you need to keep those flags disabled when updating to a new monthly security build. If just updating, then you don't have to keep these flags disabled. If you decide to keep these flags enabled, and then later decide to disable them you will have to perform a factory reset after disabling them again.
Boot Flow | Android Open Source Project
source.android.com
Click to expand...
Click to collapse
Thank you very much for your detailed explanation, it really helped.
To conclude:
Once these flags are disabled, every time flashing a full image will re-enable them again if I don't add "--disable-verity --disable-verification --skip-reboot" to the flash-all.bat.
Once the flags are enabled again, next time if I disable them again, it will lead to a factory data reset again.
Am I right?

gpvecchi said:
Sorry, but I read Oriole... Do you have a P6 or a P6 Pro? P6 Pro is Raven, not Oriole... Oriole is P6.
Could you have the wrong firmware?
Click to expand...
Click to collapse
Thank you for your attention. I mean to post here as it is more active here

bush911 said:
Thank you very much for your detailed explanation, it really helped.
To conclude:
Once these flags are disabled, every time flashing a full image will re-enable them again if I don't add "--disable-verity --disable-verification --skip-reboot" to the flash-all.bat.
Once the flags are enabled again, next time if I disable them again, it will lead to a factory data reset again.
Am I right?
Click to expand...
Click to collapse
Correct. Although you don't need to add the --skip-reboot unless you are doing something else like flashing the patched boot image during the same flashing session, which it appears you are doing, so yeah, all good

Related

December update not rootable?

Hi Y'all,
I just dirty flashed the December update, and then attempted to patch boot.img with magisk and flash that with fastboot, same as I've always been doing on Android 10 without fail. However, this time, it starts to boot, I get ADB, it bootloops twice, then goes back to fastboot with an error saying something to the effect of "no available slots"
I re-patched and it came out with the same md5sum of b1d09aa00e3376f3d4ceba4e97b99eae
I was able to get an adb logcat on both attempted boots, they're too large for any paste service so I threw them on a VPC I have
http://irc.killingkittens.net/logcat1.txt
http://irc.killingkittens.net/logcat2.txt
Magisk Canary, manager version 7.4.1-72edbfc4 (260)
Magisk 20.2-72edbfc4 (20108)
Happy to provide any other info that would help.
Worked fine for me.
I update ota by magisk method and work fine.
http://www.mediafire.com/view/k1r6pzneqwcrp4d/Screenshot_20191203-112633.png/file
phoe zay said:
I update ota by magisk method and work fine.
http://www.mediafire.com/view/k1r6pzneqwcrp4d/Screenshot_20191203-112633.png/file
Click to expand...
Click to collapse
I see that you're on older versions of both Magisk and Manager than I am. Which update channel are you on?
OK, root worked on my wife's P3. Canary 7.4.1-72edbfc4 (260) Manager an 20.2.72-edbfcr (20108) Magisk after flashing patched. Both show up to date. Install was a hyrbrid of flash-all and OTA. Still nobody seams to have found a reason why the flash-all (no -w) fails in fastbootd at product, but if you then switch to recovery while still on and then ADB sideload the OTA all is fine. 29.0.5 platform tools of course.
Works as normal for me.
I always sideload ota and then patch the boot.img from the full download
sliding_billy said:
OK, root worked on my wife's P3. Canary 7.4.1-72edbfc4 (260) Manager an 20.2.72-edbfcr (20108) Magisk after flashing patched. Both show up to date. Install was a hyrbrid of flash-all and OTA. Still nobody seams to have found a reason why the flash-all (no -w) fails in fastbootd at product, but if you then switch to recovery while still on and then ADB sideload the OTA all is fine. 29.0.5 platform tools of course.
Click to expand...
Click to collapse
Are you saying that if I update by having the phone in fastboot mode and running flash-all with -w removed than the phone update fails or gets wiped?
I had that experience last month where my phone was wiped even with -w removed! I would like to avoid getting wiped this time!
swieder711 said:
Are you saying that if I update by having the phone in fastboot mode and running flash-all with -w removed than the phone update fails or gets wiped?
I had that experience last month where my phone was wiped even with -w removed! I would like to avoid getting wiped this time!
Click to expand...
Click to collapse
Thankfully, no. I can't speak for any possible error when doing a flash-all (without -w), but the one that fails with the "sending product FAILED (Write to device failed (Invalid argument))" just shows a press any failure in command prompt and press any key to continue. The phone remains in fastbootd where you can use the volume keys and power to select recovery he use the keys again to select "sideload OTA from ADB" and while it is waiting use the "adb sideload [OTA path/filename].zip" command in commander and it acts as if you used the sideload in the first place changing slots, not erasing any data/settings/apps. I am not 100% sure yet, but I tend to think that the script is now acting differently if used without the -w but started without flashing stock .boot to both slots to unroot and remove any non-stock kernel. I have been doing it that way for 3+ years now on a Pixal, Piixel XL, Pixel 3 and Pixel 3 XL without issue until last month. I wanted to try it one more time this month after messing with my path and such, but I guess I will have to wait until January to try again. The 3 XL is on Havoc, so I can't test that one. My proposed instructions before doing it are 1)disable all modules, 2)reboot to system, 3)go to BL, 4)Flash previous stock .boot to both slots, 5)boot to system, 6)go to BL, 7)flash-all (without -w), 8)cross your fingers.
Can someone give me the md5 of the patched boot.img from this release? Or, upload a working patched file?
The specific error I got was "no valid slot to boot"
I tried flashing each slot manually, same error. I see that happened a year ago and it related to magisk versions: https://forum.xda-developers.com/pixel-3-xl/how-to/how-to-root-pixel-3-xl-magisk-t3856712/page2
I always update via flash-all with -w option removed.
Did the same this time and no issues.
Not sure how to attach the patched boot as it is too large.
Here is the patched md5:
02536812e6b2e09e4707f98d65e7918f magisk_patched.img
I have the same problem with the same version of Magisk as you and the -w flag in flash-all didn't make a difference.
nomisunrider said:
I always update via flash-all with -w option removed.
Did the same this time and no issues.
Not sure how to attach the patched boot as it is too large.
Here is the patched md5:
02536812e6b2e09e4707f98d65e7918f magisk_patched.img
Click to expand...
Click to collapse
Completely different md5 as me when I try either magisk canary or stable! Can you please upload it to something like https://mega.co.nz/ and generate a share link?
DOMF said:
Completely different md5 as me when I try either magisk canary or stable! Can you please upload it to something like https://mega.co.nz/ and generate a share link?
Click to expand...
Click to collapse
Well, crap, I was able to get the same md5sum by flashing Canary-non-debug, but I still get the crash back to the bootloader with the error "no valid slot to boot"
Anyone have any suggestions before I try a full wipe?
I'm rooted in December but my network connectivity took a serious downgrade with it.
I'm having the same problem on Pixel 3, it just can't boot after patching the boot.img :\
sliding_billy said:
Still nobody seams to have found a reason why the flash-all (no -w) fails in fastbootd at product,...
Click to expand...
Click to collapse
I found the reason:
Bad cable -> Solution: try another cable,
bad USB port -> Solution: try another port or computer,
or old SDK version -> download and update.
Definitely one of these.
Anyway, I also have the problem with bootloop after patch.
Worked just fine here flashing full image (-w) and then applying the patched boot.img from Magisk (20108). Not sure what is going on, but make sure you are on the latest binaries 29.0.5 (October 2019)
v12xke said:
Worked just fine here flashing full image (-w) and then applying the patched boot.img from Magisk (20108). Not sure what is going on, but make sure you are on the latest binaries 29.0.5 (October 2019)
Click to expand...
Click to collapse
Ugh I don't wanna wipe, especially without having taken a TiBu backup first (I know, bad me, it's just worked every time flawlessly so far!)
I'm on 29.0.5.1
Code:
~ fastboot --version
fastboot version 29.0.5-1
Installed as /usr/bin/fastboot
but now that you mention it, I've run into an issue with Arch's implementation of android-tools in the past. Will try from my mac tomorrow.
DOMF said:
Ugh I don't wanna wipe, especially without having taken a TiBu backup first (I know, bad me, it's just worked every time flawlessly so far!) I'm on 29.0.5.1
Click to expand...
Click to collapse
You wouldn't need to wipe... just fastboot flash the original (stock) boot.img and then get it sorted once back into System. Best of luck :good:
v12xke said:
You wouldn't need to wipe... just fastboot flash the original (stock) boot.img and then get it sorted once back into System. Best of luck :good:
Click to expand...
Click to collapse
When I got into the bootloop after applying the Magisk modified boot.img, flashing stock boot.img didn't fix it for me. I had to flash-all again to get it to boot.
I have the latest Canary Magisk Manager 7.4.1-72edbfc4(260) installed, but I also tried the stable channel and still had the same problem. I noticed that my phone faile SafetyNet over ctsProfile: false. Could my problems be related to not un-hiding Magisk? And thinking back, I may not have rebooted after disabling my modules before I started flashing.

[Guide] Root for Redmi Note 9 - Mediatek (Helio G85)

Preamble:
After a bit of research, I've found a simple way to - at least - obtain root privileges on the basic version of Redmi Note 9 (Mediatek - Helio G85).
The procedure has been tested on a Redmi Note 9 Global NFC 4/128 (Model: M2003J15SG) with MIUI Global 11.0.5.
The attached files comprise:
Original Boot Image from MIUI Global 11.0.5 (provided as a courtesy, download your own copy from MIUI Website if you wish)
Patched Boot Image from Magisk on MIUI Global 11.0.5 (again, the file provided as a courtesy; you can generate your own file, on your device.)
VBMETA Patched Image: essential to the process, this file has not been created by me. Courtesy of user Neko-kun from MI.cn Forum. I can only confirm that the file works as expected; please, if you have the required expertise, inspect the file and report your findings.
Warning:
This procedure depends on having previously unlocked the bootloader. Doing so you have read, understood and accepted all the information regarding security and potential stability issues given by XIAOMI before completing the procedure.
Also, this means you have understood and accepted potential warranty issues arising from such procedure, and you understand the risks associated with a rooted device.
I'm not responsible for any damage, loss of personal data, brick or loss of usability arising from following this procedure and/or from any user error committed by doing so.
As a result, your warranty may be void, according to laws in effect in your state.
This procedure is only valid for Redmi Note 9 (not the Pro version, not the 9S version) with MEDIATEK chipset
Note:
Always make a back-up of your data! This procedure will re-initialize the device.
Requirements:
A valid MI Account, associated with the phone, used to certification in the bootloader unlocking procedure. (via official MI UNLOCK)
Unlocked Bootloader (new devices usually have a 7-day waiting period)
A personal computer with FASTBOOT installed, basic knowledge of FASTBOOT commands, drivers correctly installed on your system of choice. (for windows users, a valid solution is "Minimal ABD and Fastboot".)
Resources:
Magisk Manager
Boot Image / Magisk Patched Boot Image / VBMeta Image - link or see attached files
Procedure:
Download the attached files (or generate the first two on your own device, using Magisk Manager).
Copy the prepared files inside the fastboot directory (so you don't have to worry about file path in the following steps)
Reboot the phone into Fastboot Mode (hold Power+Volume Down until fastboot screen)
Connect the phone to the computer, open fastboot terminal and issue the following commands. BE PATIENT AND DOUBLE CHECK EVERYTHING BEFORE CONFIRMING! Text between round brackets are comments, it must not be copied.
Code:
fastboot devices (check your phone is the only device shown)
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img (this disables system changes)
fastboot erase userdata (this will clear user data!)
fastboot erase cache
fastboot flash boot magisk_patched.img
fastboot reboot
The following first reboot will take a while. After completing the initial configuration, install the latest Magisk Manager (at the time of writing, v. 7.5.1) and continue with the configuration following the in-app prompt.
Phone will reboot at the end of the procedure. Launch once again Magisk Manager, select the "Beta Channel" for updates and enable Magisk Hide.
Reload Magisk Manager, check for Safety Net: you should have the green light.
Enjoy your root privileges. (aka, get rid of the bloatware )
Known BUGs / LIMITATIONS:
Can't modify /system partition
Need to temporary set SELinux to permissive in order to remove system apps. Please refer to this post.
Removing "Bloatware"
Probably one the main reasons for obtaining root privileges is to get rid of some default apps which come bundled with the official MIUI.
Given the current situation for this device, using classic methods (such as Titanium Backup / System App Remover / etc.) is not possible and - most probably - attempting in doing so will result in a soft-brick.
Instead, there is a particularly useful Magisk Module that can be used for this scope: Debloater.
You can read more about it here on XDA; the installation procedure will vary just a bit since there is currently no TWRP support for the Helio G85 Redmi Note 9.
Installing Debloater
Launch Magisk Manager and select "Download" from the menu
Use the search function to locate the package "Busybox for Android NDK"
Install the package, and chose to skip the reboot at the end of the procedure.
Use the search function to locate the package "Debloater Terminal Emulator"
Install the package and this time proceed with the reboot
When the reboot is complete, install any terminal emulator app from PlayStore (like Termux)
Open the terminal and issue:
Code:
su
(confirm the request for superuser access) and then
Code:
debloat
Now you can use Debloat to remove all the unwanted applications that come bundled with the ROM.
Please refer to the video included in the post mentioned above to learn more about Debloat and how to use it.
One Question
Can i know this work for Redmi Note 9 global non NFC?
The download link in the first post does not work any longer ... Gives a 404. Please re-upload and don't use XDA's upload space. Thanks!
dfahren said:
The download link in the first post does not work any longer ... Gives a 404. Please re-upload and don't use XDA's upload space. Thanks!
Click to expand...
Click to collapse
Sorry for the inconvenience, there is still the MEGA link from the first post up and working.
Here it is: https://mega.nz/file/ucFDXIaY#FrUllKuUASoStlSvrcMYABsbYv6ie-WHR4zOqJMdP4E
[email protected] said:
Can i know this work for Redmi Note 9 global non NFC?
Click to expand...
Click to collapse
It should work, since there is no significant difference between the two models regarding the rooting procedure. But I have no way of testing it because I don't have that phone version on hand.
N3OMOD said:
It should work, since there is no significant difference between the two models regarding the rooting procedure. But I have no way of testing it because I don't have that phone version on hand.
Click to expand...
Click to collapse
Hi there,
I can confirm the aforementioned procedure to root one's phone does work. I own a Redmi Note 9, Code: merlinnfc, Version: 11.0.5.0 (QJOEUXM). As you can see it's the European variant.
However, I didn't use the Zip archive the OP provided since it is meant for the global variant and (as of now) I don't see any necessity to reflash my phone to the global firmware.
I strongly recommend everybody to have Magisk Manager generate patched boot.img files and NOT use the original author's boot.img file! This holds true especially for those guys like me who own, say, an indian, chinese or european variant or run a different firmware version like, e.g., 11.0.3.0.
What's also important to mention is that there is no special "patched" vbmeta file. That guy "neko-kun" simply used the one contained in the original full firmare downloadable from Xiaomi's servers. Here you also have to make sure you use the one that matches the installed firmware version on your phone. Do not flash any other or you might get a brick!
If anybody of you guys has managed to get AFWall up and running and apply iptable rules without error, please drop me a line.
Thanks and good speed to everybody!
dfahren said:
Hi there,
I can confirm the aforementioned procedure to root one's phone does work. I own a Redmi Note 9, Code: merlinnfc, Version: 11.0.5.0 (QJOEUXM). As you can see it's the European variant.
Click to expand...
Click to collapse
Thank you for the feedback! That is the same version (hardware and ROM) I used to test the procedure before writing the article.
dfahren said:
However, I didn't use the Zip archive the OP provided since it is meant for the global variant and (as of now) I don't see any necessity to reflash my phone to the global firmware.
I strongly recommend everybody to have Magisk Manager generate patched boot.img files and NOT use the original author's boot.img file! This holds true especially for those guys like me who own, say, an indian, chinese or european variant or run a different firmware version like, e.g., 11.0.3.0.
Click to expand...
Click to collapse
Indeed, as I mentioned in the first post, those files are provided only as a courtesy for those who may have the same device with the same firmware: I strongly encourage everyone to make their own using Magisk Manager.
dfahren said:
What's also important to mention is that there is no special "patched" vbmeta file. That guy "neko-kun" simply used the one contained in the original full firmare downloadable from Xiaomi's servers. Here you also have to make sure you use the one that matches the installed firmware version on your phone. Do not flash any other or you might get a brick!
Click to expand...
Click to collapse
Thanks for the clarification about the vbmeta file. I will update the post to clarify this aspect.: good:
The original explanation from the user was a bit difficult to understand, hence the warning about the possibility of a "patched" file. (I didn't want to create any trouble for anyone).
Also, a little comforting for anyone who might incur in a (soft)brick: I have seen some people flashing only the "boot.img" and ending up in an infinite bootloop (black screen with "redmi" logo).
Should that happen, you can always enter the fastboot mode (keeping pressed the power+vol down for a bit longer than usual) and re-flash the original "boot.img" extracted from the official ROM image available on MIUI site.
dfahren said:
If anybody of you guys has managed to get AFWall up and running and apply iptable rules without error, please drop me a line.
Thanks and good speed to everybody!
Click to expand...
Click to collapse
Will let you know as soon as I have some time to test it.
(sidenote for those interested: for now I can confirm that AdAway is working fine)
Followed the steps, worked flawlessly on my Redmi Note 9 (Merlin) 3gb ram 64gb storage purchased in Europe, running Global 11.0.5.
Thank you so very much!
I had successfully done this in the past but messed something up with xposed later, I won't xposed it this time and just enjoy my root-ness.
N3OMOD said:
Thanks for the clarification about the vbmeta file. I will update the post to clarify this aspect.: good:
The original explanation from the user was a bit difficult to understand, hence the warning about the possibility of a "patched" file. (I didn't want to create any trouble for anyone).
...
Also, a little comforting for anyone who might incur in a (soft)brick: I have seen some people flashing only the "boot.img" and ending up in an infinite bootloop (black screen with "redmi" logo).
Should that happen, you can always enter the fastboot mode (keeping pressed the power+vol down for a bit longer than usual) and re-flash the original "boot.img" extracted from the official ROM image available on MIUI site.
...
(sidenote for those interested: for now I can confirm that AdAway is working fine)
Click to expand...
Click to collapse
The original explanation from user "neko-kun" seemed to me an automatic translation hence the rather weird language.
I can testify to the statement that you can reflash the original boot.img file should you enter a bootloop (which I got).
AdAway is also working for me as does AFWall+ (I needed to leave logging of blocked packets as it is -> off)
N3OMOD said:
Thank you for the feedback! That is the same version (hardware and ROM) I used to test the procedure before writing the article.
Indeed, as I mentioned in the first post, those files are provided only as a courtesy for those who may have the same device with the same firmware: I strongly encourage everyone to make their own using Magisk Manager.
Thanks for the clarification about the vbmeta file. I will update the post to clarify this aspect.: good:
The original explanation from the user was a bit difficult to understand, hence the warning about the possibility of a "patched" file. (I didn't want to create any trouble for anyone).
Also, a little comforting for anyone who might incur in a (soft)brick: I have seen some people flashing only the "boot.img" and ending up in an infinite bootloop (black screen with "redmi" logo).
Should that happen, you can always enter the fastboot mode (keeping pressed the power+vol down for a bit longer than usual) and re-flash the original "boot.img" extracted from the official ROM image available on MIUI site.
Will let you know as soon as I have some time to test it.
(sidenote for those interested: for now I can confirm that AdAway is working fine)
Click to expand...
Click to collapse
i'm having an infinite bootloop and keep pressing power + vol down didn't help , what should i do ?
@noodlelicious
That's very unfortunate. I know this situation only too well. First of all what type of Redmi Note 9 do you have. Please post the "Product Model" number you can find on your phone and package. Mine, for example, is M2003J15SG. Which version of MIUI did you run? Is it MIUI 11 or the newer MIUI 12? Do you run some regional flavor of MIUI such as European, Russian, Indonesian, Indian or China?
Second, did you flash the correct vbmeta file? I mean this is an IMG file that must match the flavor? The original poster supplied a vbmeta IMG file for the global variant that might (I'm really not sure) not fit to your specific flavor.
Ok, how do you get rid of the boot loop? I manged to stop the loop by pressing Volume down continuously for about a minute. After that my phone reboots into fastboot mode. Please DO NOT press the power button, this is unnecessary.
When in fastboot mode reflash your original boot.img according to the steps above.
I hope that helps you a bit.
Best wishes,
Didi
dfahren said:
@noodlelicious
That's very unfortunate. I know this situation only too well. First of all what type of Redmi Note 9 do you have. Please post the "Product Model" number you can find on your phone and package. Mine, for example, is M2003J15SG. Which version of MIUI did you run? Is it MIUI 11 or the newer MIUI 12? Do you run some regional flavor of MIUI such as European, Russian, Indonesian, Indian or China?
Second, did you flash the correct vbmeta file? I mean this is an IMG file that must match the flavor? The original poster supplied a vbmeta IMG file for the global variant that might (I'm really not sure) not fit to your specific flavor.
Ok, how do you get rid of the boot loop? I manged to stop the loop by pressing Volume down continuously for about a minute. After that my phone reboots into fastboot mode. Please DO NOT press the power button, this is unnecessary.
When in fastboot mode reflash your original boot.img according to the steps above.
I hope that helps you a bit.
Best wishes,
Didi
Click to expand...
Click to collapse
Thank you so much for replying my problems.
First, i'm using M2003J15SS
I'm running on latest miui 11 indonesian.
I'm flashing the vbmeta on first post , i skip all the comment section and straight install all the things there.
I already put a rubber band on my vol down since 7 hours ago and still got no fastboot.
What else can i do ?
What about entering recovery?
noodlelicious said:
Thank you so much for replying my problems.
First, i'm using M2003J15SS
I'm running on latest miui 11 indonesian.
I'm flashing the vbmeta on first post , i skip all the comment section and straight install all the things there.
I already put a rubber band on my vol down since 7 hours ago and still got no fastboot.
What else can i do ?
Click to expand...
Click to collapse
Try to enter stock recovery, if you can, select mi assitant. After that connect trough adb and run "adb reboot bootloader", that should do the trick.
If phone isnt booting none of main enviroments (system, recovery or fastboot/bootloader) battery drainage may restablish normal boot order. Just remember that if in any case it boots to recovery, use adb command to reboot to bootloader.
Tested on RN9 Global non-NFC (M2003J15SS) with MIUI 12 Global
Hi, just to inform. The following was tested in Redmi Note 9 Global non-NFC (M2003J15SS) with MIUI 12 Global.
- Patched boot image from MIUI12 Global (Android 10) works fine if dm-verity and forced encryption are disable at the time of making the boot image with magisk.
- vbmeta file provided by OP also works (I think any file would work if it's flashed with "--disable-verity --disable-verification" option. This option is essential to avoid bootloop after flashing any non-stock (or patched) image to any partition:
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
The vbmeta file I used was extracted (and possibly) edited from a previous version of MIUI (MIUI11), and applied over MIUI12 ROM, that's why I think any file could be used.
Hi .. Is there a way to write to system / app. I need to be able to pass an application to system. Thank you.
Does netflix still work in HD after having the BL unlocked and further rooted?
How to patch vbmeta
---------- Post added at 05:50 PM ---------- Previous post was at 05:14 PM ----------
N3OMOD said:
Preamble:
After a bit of research, I've found a simple way to - at least - obtain root privileges on the basic version of Redmi Note 9 (Mediatek - Helio G85).
The procedure has been tested on a Redmi Note 9 Global NFC 4/128 (Model: M2003J15SG) with MIUI Global 11.0.5.
The attached files comprise:
Original Boot Image from MIUI Global 11.0.5 (provided as a courtesy, download your own copy from MIUI Website if you wish)
Patched Boot Image from Magisk on MIUI Global 11.0.5 (again, the file provided as a courtesy; you can generate your own file, on your device.)
VBMETA Patched Image: essential to the process, this file has not been created by me. Courtesy of user Neko-kun from MI.cn Forum. I can only confirm that the file works as expected; please, if you have the required expertise, inspect the file and report your findings.
Warning:
This procedure depends on having previously unlocked the bootloader. Doing so you have read, understood and accepted all the information regarding security and potential stability issues given by XIAOMI before completing the procedure.
Also, this means you have understood and accepted potential warranty issues arising from such procedure, and you understand the risks associated with a rooted device.
I'm not responsible for any damage, loss of personal data, brick or loss of usability arising from following this procedure and/or from any user error committed by doing so.
As a result, your warranty may be void, according to laws in effect in your state.
This procedure is only valid for Redmi Note 9 (not the Pro version, not the 9S version) with MEDIATEK chipset
Note:
Always make a back-up of your data! This procedure will re-initialize the device.
Requirements:
A valid MI Account, associated with the phone, used to certification in the bootloader unlocking procedure. (via official MI UNLOCK)
Unlocked Bootloader (new devices usually have a 7-day waiting period)
A personal computer with FASTBOOT installed, basic knowledge of FASTBOOT commands, drivers correctly installed on your system of choice. (for windows users, a valid solution is "Minimal ABD and Fastboot".)
Resources:
Magisk Manager
Boot Image / Magisk Patched Boot Image / VBMeta Image - link or see attached files
Procedure:
Download the attached files (or generate the first two on your own device, using Magisk Manager).
Copy the prepared files inside the fastboot directory (so you don't have to worry about file path in the following steps)
Reboot the phone into Fastboot Mode (hold Power+Volume Down until fastboot screen)
Connect the phone to the computer, open fastboot terminal and issue the following commands. BE PATIENT AND DOUBLE CHECK EVERYTHING BEFORE CONFIRMING! Text between round brackets are comments, it must not be copied.
Code:
fastboot devices (check your phone is the only device shown)
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img (this disables system changes)
fastboot erase userdata (this will clear user data!)
fastboot erase cache
fastboot flash boot magisk_patched.img
fastboot reboot
The following first reboot will take a while. After completing the initial configuration, install the latest Magisk Manager (at the time of writing, v. 7.5.1) and continue with the configuration following the in-app prompt.
Phone will reboot at the end of the procedure. Launch once again Magisk Manager, select the "Beta Channel" for updates and enable Magisk Hide.
Reload Magisk Manager, check for Safety Net: you should have the green light.
Enjoy your root privileges. (aka, get rid of the bloatware )
Known BUGs / LIMITATIONS:
Can't modify /system partition
Need to temporary set SELinux to permissive in order to remove system apps. Please refer to this post.
Click to expand...
Click to collapse
can i use original vbmeta in rom files for this command
"fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img (this disables system changes)"
Because my phone is redmi note 9 (m2003j15ss) updated to 12.03.0(QJOMIXM) miui version
If not with the original, how do I patch this file?
can this be used to root the EU model: MZB9410EU ?
farvehar09 said:
---------- Post added at 05:50 PM ---------- Previous post was at 05:14 PM ----------
can i use original vbmeta in rom files for this command
"fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img (this disables system changes)"
Because my phone is redmi note 9 (m2003j15ss) updated to 12.03.0(QJOMIXM) miui version
If not with the original, how do I patch this file?
Click to expand...
Click to collapse
Yes u can, i use the original vbmeta from miui_MERLINIDGlobal_V12.0.1.0.QJOIDXM_709d727d58_10.0.zip (ID variant)

How To Guide Root achieved! Here's how to root the Red Magic 6 and Red Magic 6 Pro

I've been up 24 hours dealing with bootloops. I finally found a way to root the phone and have it boot up!
Join our Discord Channel
Join the Red Magic 6 & 6 Pro [XDA Developers Forums] Discord Server!
Check out the Red Magic 6 & 6 Pro [XDA Developers Forums] community on Discord - hang out with 1 other members and enjoy free voice and text chat.
discord.gg
Youtube Video Tutorial:
UPDATED VIDEO:
For all those websites that claim the RM6 can be rooted with Kingroot, Kingoroot, iRoot, SuperSU... They are MISLEADING you into downloading their software. In other words, they are full of BS and you should INGORE them at all costs as Magisk is the ONLY proper way to root the RM6.
DO NOT USE KINGROOT, iROOT, KingoROOT, or ANY OTHER THIRD-PARTY ROOTING TOOLS PLEASE!! They steal your DATA and sell it. Magisk does not steal anything.​
This procedure will require a wipe of your data.. TWICE! I'll explain why.
When you unlock the bootloader, it wipes your data. Normally you only have to wipe it once, flash the patched boot.img file with magisk, and be done.
However, it seems that users will need to perform another factory reset after flashing the patched boot image. I have no idea why but it works. Please make a note of this as it will be required or you will be stuck in a bootloop.
Requirments
1. Global ROM file
2. A payload dumper
3. Magisk APK to patch the boot img
4. A computer!
Here are the steps!
​1. Unlock your bootloader. Make sure you enable OEM unlock in developer options. This WILL WIPE YOUR DEVICE! The command to unlock your bootloader is "fastboot flashing unlock"
2. Download the global rom from here: https://rom.download.nubia.com/Europe/NX669J/V312/NX669J-update.zip
3. You will need to download a payload dumper tool. This is due to the firmware being in a .bin file (payload.bin). Follow the link below on how to extract the global firmware:
Extract Android OTA Payload.bin File using Payload Dumper Tool
Learn how to dump and extract Android OTA Payload.bin file to get the boot.img (for rooting with Magisk), vendor.img, and other other partition images.
www.thecustomdroid.com
I ended up Downloading Termux from the playstore and extracting it with python on my phone.
When you get it extracted, just move the boot.img and vbmeta.img files to your Desktop and on your phone Place it somewhere on your internal storage where you will remember!
4. Download Magisk Manager onto your phone and install it. Select install "patch a file" option and select the boot.img you put on your phone.
Let magisk patch it. It will end outputting a file like "Magisk_Patchedxxx.img" Go ahead and copy that file to your Desktop.
5. Go onto your computer and open up command prompt. Change your directory to the Desktop ex. cd c:/Users/Your Name/Desktop
6. Type fastboot flash boot magisk_patched.img
7. Now make sure you have vbmeta.img on your desktop as well. We need to disable verity on the device. Type fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
8. From the bootloader, reboot into your recovery and perform another factory reset!
9. Reboot the phone and voila! You now have root access!
Another thing to mention is that SafteyNet does NOT pass even with MagiskHide enabled. Please keep that in mind!
So far I've installed the Xposed Framework and some Magisk modules. All seems to work really well.
Happy Modding!
​
Do u have rom V3:10
chocolote4444 said:
I've been up 24 hours dealing with bootloops. I finally found a way to root the phone and have it boot up!
This procedure will require a wipe of your data.. TWICE! I'll explain why.
When you unlock the bootloader, it wipes your data. Normally you only have to wipe it once, flash the patched boot.img file with magisk, and be done.
However, it seems that users will need to perform another factory reset after flashing the patched boot image. I have no idea why but it works. Please make a note of this as it will be required or you will be stuck in a bootloop.
Requirments
1. Global ROM file
2. A payload dumper
3. Magisk APK to patch the boot img
4. A computer!
Here are the steps!
​1. Unlock your bootloader. Make sure you enable OEM unlock in developer options. This WILL WIPE YOUR DEVICE! The command to unlock your bootloader is "fastboot flashing unlock"
2. Download the global rom from here: https://rom.download.nubia.com/Europe/NX669J/V312/NX669J-update.zip
3. You will need to download a payload dumper tool. This is due to the firmware being in a .bin file (payload.bin). Follow the link below on how to extract the global firmware:
Extract Android OTA Payload.bin File using Payload Dumper Tool
Learn how to dump and extract Android OTA Payload.bin file to get the boot.img (for rooting with Magisk), vendor.img, and other other partition images.
www.thecustomdroid.com
I ended up Downloading Termux from the playstore and extracting it with python on my phone.
When you get it extracted, just move the boot.img and vbmeta.img files to your Desktop and on your phone Place it somewhere on your internal storage where you will remember!
4. Download Magisk Manager onto your phone and install it. Select install "patch a file" option and select the boot.img you put on your phone.
Let magisk patch it. It will end outputting a file like "Magisk_Patchedxxx.img" Go ahead and copy that file to your Desktop.
5. Go onto your computer and open up command prompt. Change your directory to the Desktop ex. cd c:/Users/Your Name/Desktop
6. Type fastboot flash boot magisk_patched.img
7. Now make sure you have vbmeta.img on your desktop as well. We need to disable verity on the device. Type fastboot --disable-verity --disable-verification vbmeta vbmeta.img
8. From the bootloader, reboot into your recovery and perform another factory reset!
9. Reboot the phone and voila! You now have root access!
Another thing to mention is that SafteyNet does NOT pass even with MagiskHide enabled. Please keep that in mind!
Edit:
Xposed Framework DOES work!
​
Click to expand...
Click to collapse
would be the same process for version V4.12?
Masacr3 said:
would be the same process for version V4.12?
Click to expand...
Click to collapse
Yes. Mine is showing up as still 4.12
Are you SURE it doesn't pass SafetyNet? The Magisk check is broken download SafetyNet Checker from the app store and see what it says...
mslezak said:
Are you SURE it doesn't pass SafetyNet? The Magisk check is broken download SafetyNet Checker from the app store and see what it says...
Click to expand...
Click to collapse
I does not pass safety net. I've tested every testing app on the Play Store. I'll keep looking for a solution though.
chocolote4444 said:
7. Now make sure you have vbmeta.img on your desktop as well. We need to disable verity on the device. Type fastboot --disable-verity --disable-verification vbmeta vbmeta.img
Click to expand...
Click to collapse
You're missing the "flash" command inside, as such:
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
A couple of questions:
1: does the phone retain full functionality? radio (BT/A2DP/different wifi bands/fingerprint scanner/camera)?
2: have you tried using an empty vbmeta?
adwinp said:
You're missing the "flash" command inside, as such:
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
A couple of questions:
1: does the phone retain full functionality? radio (BT/A2DP/different wifi bands/fingerprint scanner/camera)?
2: have you tried using an empty vbmeta?
Click to expand...
Click to collapse
Everything still works except the fingerprint. When the bootloader is unlocked, the fingerprint stops working.
As for flashing empty vbmeta images, I have not tried it. I know some devices you may have to flash an empty vbmeta img at last resort but I was able to boot it up using the stock vbmeta.
chocolote4444 said:
Everything still works except the fingerprint. When the bootloader is unlocked, the fingerprint stops working.
As for flashing empty vbmeta images, I have not tried it. I know some devices you may have to flash an empty vbmeta img at last resort but I was able to boot it up using the stock vbmeta.
Click to expand...
Click to collapse
Thx for responding.
1: Would you be able to test/comfirm if the fingerprint scanner is restored when relocking the bootloader using either the rooted boot.img or the stock one?
2: The same issue with fp calibration is faced by RM 5S/G users; can you check if the calibration fix in these forums works also for the RM6?
3: Lastly, have you tried flashing the latest phh GSI to see if it's working?
Yes usually you just flash stock vbmeta.img via fastboot: fastboot flash vbmeta vbmeta.img --disable-verity --disable-verification should try it out...
adwinp said:
Thx for responding.
1: Would you be able to test/comfirm if the fingerprint scanner is restored when relocking the bootloader using either the rooted boot.img or the stock one?
2: The same issue with fp calibration is faced by RM 5S/G users; can you check if the calibration fix in these forums works also for the RM6?
3: Lastly, have you tried flashing the latest phh GSI to see if it's working?
Click to expand...
Click to collapse
Fingerprint scanner should work after relocking the bootloader. As for flashing a GSI, there's no custom recovery for this device yet so I can't test any GSI roms yet.
chocolote4444 said:
Fingerprint scanner should work after relocking the bootloader. As for flashing a GSI, there's no custom recovery for this device yet so I can't test any GSI roms yet.
Click to expand...
Click to collapse
In this case, would you be able to run the following tests & share findings?
1: reflash stock boot, relock BL - check if fingerprint scanner is fixed
2: flash rooted boot.img (disable vbmeta), relock BL - check if fingerprint is fixed
If that would be the case, we could copy the calibration data from such a device; the data would be in /mnt/vendor/persist/goodix - I checked the stock ROM & it's not in there meaning it probably gets copied over during boot or mount-binded.
The last theory I want to check is the link between BL lock status & the fingerprint scanner - if some people have reported success with fixing the scanner with the builtin tool, there's a chance that the system framework or some other app is checking for the bootloader lock status & disabling the fingerprint if the former is unlocked. I've dumped the stock firmware but couldn't find a goodix dedicated apk, hence my hunch that it's a framework overlay. We would need to identify where the code is stored, decompile, find the security checking routine, disable, recompile & check agian - assuming it's not in any of the native libraries or the binary.
Assuming the access to the fingerprint scanner is indeed baked into the framework, using an AOSP GSIs would mean that the system would get unrestricted access to the fingerprint scanner, thus no blocking issue.
Thus (& addressing the 2nd part of your previous response), I'd suggest a 3rd test:
3: flash phh GSI or LOS GSI. The reason for the latter is because LOS usually has a wider range of hardware supported via hardware overlays.
You don't need a custom recovery to flash GSIs as these are fastboot images, so the following should suffice:
Code:
fastboot flash system gsi.img
fastboot -w
Umm Sir, got some problem with the global rom i patched it from your link. i cannot save any photos even screenshot. its nothing on my gallery. it seems it is not saving any photo. i hope you can teach me to solve it. thanks in advance
whincloud01 said:
Umm Sir, got some problem with the global rom i patched it from your link. i cannot save any photos even screenshot. its nothing on my gallery. it seems it is not saving any photo. i hope you can teach me to solve it. thanks in advance
Click to expand...
Click to collapse
Do a factory reset as you need to properly reinitialize package IDs, SELinux contexts & permissions.
adwinp said:
Do a factory reset as you need to properly reinitialize package IDs, SELinux contexts & permissions.
Click to expand...
Click to collapse
thank you. it is working well now.
I did the root process, but the phone stayed in the redmagic logo and it does not start me, what is the next process? flash the stock boot.img and it won't start
@chocolote4444 please share the solution when it gets stuck on the logo
FFX2 said:
@chocolote4444 please share the solution when it gets stuck on the logo
Click to expand...
Click to collapse
I am currently looking into it
Thanks for the guide
Hi. Will this also work for Android 11 on RM 5s?

[GUIDE] Pixel 4a (5G) "bramble": Unlock Bootloader, Update, Root, Pass SafetyNet

If you are looking for my guide on a different Pixel, find it here:
Pixel 3
Pixel 3XL
Pixel 3a
Pixel 3aXL
Pixel 4
Pixel 4XL
Pixel 4a
Pixel 5
Pixel 5a
Pixel 6
Pixel 6 Pro
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Prerequisites:
Latest SDK Platform Tools - if Platform Tools is out of date, you WILL run into problems!
USB Debugging enabled
Google USB Driver installed
I recommend using Command Prompt for these instructions; some users have difficulty with PowerShell.
Make sure the Command Prompt is running from your Platform Tools directory!
Android Source - Setting up a device for development
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub
Spoiler: Unlock Bootloader
Follow these instructions to enable Developer Options and USB Debugging.
Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
Connect your device to your PC, and open a command window in your Platform Tools folder.
Ensure ADB sees your device:
Code:
adb devices
If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
If you see "unauthorized", you need to authorize the connection on your device.
If you see the device without "unauthorized", you're good to go.
Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
Code:
fastboot flashing unlock
Select Continue on the device screen.
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA:
Code:
adb reboot sideload
Once in recovery:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.
Spoiler: Update and Root using PixelFlasher <<RECOMMENDED FOR NOVICES>>
PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.
For instructions, downloads, and support, please refer to the PixelFlasher thread.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet/Play Integrity
SafetyNet has been deprecated for the new Play Integrity API. More information here.
In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.
However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.
Mod available here. Do not use MagiskHide Props Config with this mod.
This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
YASNAC - GitHub
To check Play Integrity status:
Play Integrity Checker - NOTE: MEETS_STRONG_INTEGRITY will ALWAYS fail on an unlocked bootloader.
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.
Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
V0latyle said:
DO NOT take the automatic OTA if you are rooted.
Click to expand...
Click to collapse
Well, that explains why I haven't been able to update boot with my patched file.
First I've heard of it and not sure I'm ready to wipe everything and start over.
Sucks to be an early adopter.
Thanks for the post.
Hi ! Thanks for the thread .
Just one question ?
Why they had "--slot=all" for flash vmbeta and patch boot.
ggkameleon said:
Hi ! Thanks for the thread .
Just one question ?
Why they had "--slot=all" for flash vmbeta and patch boot.
Click to expand...
Click to collapse
The OTA is an out of band update, meaning it installs to the inactive slot. I like to command a flash to both slots just to be safe. It may not really be necessary, but again, better safe than sorry.
V0latyle said:
The OTA is an out of band update, meaning it installs to the inactive slot. I like to command a flash to both slots just to be safe. It may not really be necessary, but again, better safe than sorry.
Click to expand...
Click to collapse
Ok Thank you I understand... Just I do it now. Have a good day
ggkameleon said:
Ok Thank you I understand... Just I do it now. Have a good day
Click to expand...
Click to collapse
NO U
V0latyle said:
As many of you know by now, in order to run a patched boot image on Android 12 requires disabling Android Boot Verification.
On Android 12, disabling verity and verification will require a data wipe if it hasn't been done before. What seems to "lock" the state of boot verification is booting into system; so, if you perform an update, or flash vbmeta without the disable flags, then reboot into Android, you have essentially enabled boot verification and will require a wipe to disable it again. Confusing, I know.
Click to expand...
Click to collapse
So, for all slow dumb ****s like me:
No permanent root possible on my 4a 5G when updating from A11 to A12 without a wipe?
Or is this tutorial the workaround for that?
Or is this tutorial the workaround for flashing patched boot for the monthly security updates for A12 so I don't have to wipe each month?
Or, I'm just a slow dumb ****?
¯\_(ツ)_/¯
j-a-d-z said:
So, for all slow dumb ****s like me:
No permanent root possible on my 4a 5G when updating from A11 to A12 without a wipe?
Or is this tutorial the workaround for that?
Click to expand...
Click to collapse
As it seems, yes. But I have a theory if you want to be a test subject....
j-a-d-z said:
Or is this tutorial the workaround for flashing patched boot for the monthly security updates for A12 so I don't have to wipe each month?
Or, I'm just a slow dumb ****?
¯\_(ツ)_/¯
Click to expand...
Click to collapse
This is meant for updating but still applies the first time you root on A12.
V0latyle said:
As it seems, yes. But I have a theory if you want to be a test subject....
This is meant for updating but still applies the first time you root on A12.
Click to expand...
Click to collapse
What does your "yes" stands for? Yes, no permanent root without wipe? Or yes, that may be the workaround?
If I wanna be your test subject, what could go wrong in the worst case scenario? (or the "Wurst-Käse-Szenario", as we like to say here in Germany )
Would I still be able to fastboot boot the magisked boot image to gain temp root and backup my in-app data?
j-a-d-z said:
What does your "yes" stands for? Yes, no permanent root without wipe? Or yes, that may be the workaround?
Click to expand...
Click to collapse
I mean yes as in "yes, it appears that wiping /data is required when disabling vbmeta for permanent root".
j-a-d-z said:
If I wanna be your test subject, what could go wrong in the worst case scenario? (or the "Wurst-Käse-Szenario", as we like to say here in Germany )
Click to expand...
Click to collapse
Das ist mir Wurst.
The sausage cheese scenario is that you lose your data and have to wipe anyway. What I have in mind is this: Reflash vbmeta with the disable flags while on Android 11, die Daumen drucken, see if it requires you to wipe /data. If not, proceed to dirty flash factory image with disable flags and see if the upgrade is successful.
j-a-d-z said:
Would I still be able to fastboot boot the magisked boot image to gain temp root and backup my in-app data?
Click to expand...
Click to collapse
Temp root does work on Android 12. And if my idea sorta works but you still get Rescue Party after upgrading to Android 12, then you should just be able to reflash /vbmeta and /boot with the stock images and use temp root.
I would advise, however, that if you're interested in trying my idea, make sure to back up your data first.
V0latyle said:
NO U
Click to expand...
Click to collapse
Thanks for all your search and works The month update after first wipe work fine .
V0latyle said:
The sausage cheese scenario is that you lose your data and have to wipe anyway. What I have in mind is this: Reflash vbmeta with the disable flags while on Android 11, die Daumen drucken, see if it requires you to wipe /data. If not, proceed to dirty flash factory image with disable flags and see if the upgrade is successful.
Click to expand...
Click to collapse
Does this vbmeta reflash warn me that a wipe is required before it does anything?
So can I update A11 to A12 and retain root as long as I don't boot into the system before flashing vbmeta.img and boot.img?
j-a-d-z said:
Does this vbmeta reflash warn me that a wipe is required before it does anything?
Click to expand...
Click to collapse
Reflashing vbmeta doesn't wipe your data. If you disable verity and verification, when they were previously enabled, the system will not boot, and you will instead land in Rescue Party - a screen telling you that your data may be corrupted.
So, when we say that a data wipe is required, it means you must do it yourself.
dneill2006 said:
So can I update A11 to A12 and retain root as long as I don't boot into the system before flashing vbmeta.img and boot.img?
Click to expand...
Click to collapse
As far as we know, no. The problem is, as I stated above, the first time verity and verification are disabled on Android 12 requires a clean system. We have not found a way to be able to keep data and re-root following an upgrade. You can keep your data and either go unrooted or use temporary root, or you can wipe data for permanent root.
Magisk Canary was updated to 23016 last night. This includes a fix for the vbmeta header issue, meaning that disabling verity/verification should no longer be required, and we should be able to root as we did before.
Q: "If verity/verification are disabled, do I need to enable them now?"
A: No. The only thing you have to do is update to Magisk 23016.
Q: "Will enabling verity/verification wipe my data?"
A: No.
I will be updating the OP to reflect this.
V0latyle said:
Magisk Canary was updated to 23016 last night. This includes a fix for the vbmeta header issue, meaning that disabling verity/verification should no longer be required, and we should be able to root as we did before.
Click to expand...
Click to collapse
So I did upgrading from latest 11 to latest 12 some minutes ago. Booted, patched boot.img with magisk 23016 and flashed the patched image to get back root. Worked like a charm just like any update before. So no more wipe needed.
So, it's time for the good old pal Stinky Wizzleteats and his song about being happy. That's right, it's the happy, happy, joy, joy song:
Happy, happy, joy, joy
Happy, happy, joy, joy
Happy, happy, joy, joy
Happy, happy, joy, joy
Happy, happy, joy, joy
Happy, happy, joy, joy
┌(・。・)┘♪
j-a-d-z said:
┌(・。・)┘♪
Click to expand...
Click to collapse
(ノಠ益ಠ)ノ彡/(.□ . \)
V0latyle said:
Update 12/15/21: Magisk 23016 incorporates fixes for vbmeta header patching; disabling verity/verification is no longer necessary. Update and root should work as it always has.
If you have already disabled verity/verification, you do not need to re-enable them; they are enabled by default when the /vbmeta partition is written, unless the "--disable-" options are used. The only thing you have to worry about next update is literally just updating your device.
DO NOT substitute Magisk Stable, as it does not yet include the necessary fixes for this device!
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
"Installed" shows the version of patch in the boot image. If this says N/A, the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
Prerequisites:
Unlocked bootloader
Latest SDK Platform Tools
Spoiler: Deprecated - this is now irrelevant
As many of you know by now, in order to run a patched boot image on Android 12 requires disabling Android Verified Boot.
Verified Boot on Android 12 devices, at least Pixels with the SD765G and Tensor, is tied to device encryption. Therefore, disabling Verified Boot requires a wipe, if it was not previously disabled.
To make this clear:
Verified Boot is disabled by flashing /vbmeta with disable flags:
Code:
fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
Verified Boot is enabled by flashing /vbmeta without flags:
Code:
fastboot flash vbmeta vbmeta.img
Booting the device essentially "locks" the vbmeta state.
I know this is confusing, Bear with me:
If you previously disabled vbmeta, you MUST ensure it is disabled again when you update, BEFORE you boot. If you do not, you will have to wipe to regain root.
Unfortunately, the update process enables Verified Boot by default, because it writes /vbmeta without flags.
This means that the automatic OTA, or any other update process without intervention, WILL enable Verified Boot, which will require a wipe to disable!
****
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Canary
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to complete. Your device will reboot without root as the OTA overwrites the patched boot image.
Reboot your device to bootloader.
Boot the master root image (See note 1)
Code:
fastboot boot <drag and drop master root.img here>
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA: select Apply Update via ADB, then on your PC:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to bootloader".
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Check the "Skip reboot" box.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet
This is my configuration:
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Services
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
MagiskHide Props Config 6.1.2
Universal SafetyNet Fix 2.2.0
Note 1: If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
Note 2: If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Click to expand...
Click to collapse
Already rooted, do I need to uninstall magisk and delete all modules? Then OTA Android 12, and then install 230016.
proac said:
Already rooted, do I need to uninstall magisk and delete all modules? Then OTA Android 12, and then install 230016
Click to expand...
Click to collapse
First, update Magisk to 23016. Do this from within the Magisk app.
Next, follow the instructions under "Initial Root" to patch the boot image. You can then use any method to upgrade to Android 12; after you have upgraded, flash the patched boot image. I recommend using the factory image method seeing as you will have already downloaded the factory image.

Question Help!!!!!! Boot failure / stuck in fastboot

Need help. I used AFT to flash April - good, I rebooted and flashed magisk patched image made with stable 25.2 - good, flashed Kirisakura Raviantha Kernel v1.0.2 - good. Magisk said update to 26.1 so I did. I did direct install to update to 26.1. My P6P rebooted ok. power off and now stuck in fastboot mode showing device state= unlocked, boot slot: a, Enter reason: boot failure. I've tried to flash stock boot.img to both slots and the new april bootloader.img to both slots....the phone won't boot past fastboot screen. It won't go into recovery mode either. Please help!!!!!!!!
PS platform tools v33.0.3
jcp2 said:
Need help. I used AFT to flash April - good, I rebooted and flashed magisk patched image made with stable 25.2 - good, flashed Kirisakura Raviantha Kernel v1.0.2 - good. Magisk said update to 26.1 so I did. I did direct install to update to 26.1. My P6P rebooted ok. power off and now stuck in fastboot mode showing device state= unlocked, boot slot: a, Enter reason: boot failure. I've tried to flash stock boot.img to both slots and the new april bootloader.img to both slots....the phone won't boot past fastboot screen. It won't go into recovery mode either. Please help!!!!!!!!
PS platform tools v33.0.3
Click to expand...
Click to collapse
Try using Android Flash Tool to get back to stock.
I tried. it failed.
Flash Failed​Device failed to boot into userspace fastboot. This usually indicates that the build you are flashing does not boot. Device serial logs can be helpful to determine the root cause of the failure
jcp2 said:
I tried. it failed.
Flash Failed​Device failed to boot into userspace fastboot. This usually indicates that the build you are flashing does not boot. Device serial logs can be helpful to determine the root cause of the failure
Click to expand...
Click to collapse
Then just manually flash ROM files in fastboot
jamescable said:
Then just manually flash ROM files in fastboot
Click to expand...
Click to collapse
is there a write up somewhere with adb commands?
Use PixelFlasher and the latest full update.
AlDollaz said:
Use PixelFlasher and the latest full update.
Click to expand...
Click to collapse
tried that as well
fastboot: error: Failed to boot into userspace fastboot; one or more components might be unbootable.
I'm not sure of the commands. Fastboot flash recovery "recovery.img" , same with the other files inside the zip inside the stock rom zip file
If i ran into this issue I'd try fastboot -w and fastboot update a custom rom.
jcp2 said:
is there a write up somewhere with adb commands?
Click to expand...
Click to collapse
Most need to be flashed in fastbootd I think. So to get there, fastboot reboot fastboot. You can flash recovery( boot, dtbo and vendor boot) in regular fastboot. That should fix everything because it will fully get rid of magisk
I used AFT and forced flashed partitions / wiped (kept bootloader unlock) and it's alive again!
Simply out of curiosity - what made you update magisk? Are there "must have" features in the new release?
StanWiz said:
Simply out of curiosity - what made you update magisk? Are there "must have" features in the new release?
Click to expand...
Click to collapse
Release Magisk v26.1 · topjohnwu/Magisk
Changes from v26.0 [App] Fix crashing when revoking root permissions [MagiskInit] Always prefer ext4 partitions over f2fs when selecting the pre-init partition [General] Restore module files' cont...
github.com
See for yourself, but the sepolicy and Zygisk updates I would consider "must haves". Of course, if you're still running an Android 5 device you won't be happy: Magisk 26.1 dropped Android 5 support.
Strephon Alkhalikoi said:
Release Magisk v26.1 · topjohnwu/Magisk
Changes from v26.0 [App] Fix crashing when revoking root permissions [MagiskInit] Always prefer ext4 partitions over f2fs when selecting the pre-init partition [General] Restore module files' cont...
github.com
See for yourself, but the sepolicy and Zygisk updates I would consider "must haves". Of course, if you're still running an Android 5 device you won't be happy: Magisk 26.1 dropped Android 5 support.
Click to expand...
Click to collapse
I'm all for change but I don't enjoy being a guinea pig .lol
If I have an application ( magisk 25.2) that works flawlessly I will hold off a few days prior to jumping on the band wagon ( unless the new version has something I really need) - more often than not there are issues. I prefer to read about them rather than experiencing on my own skin. Hence my question.
StanWiz said:
I'm all for change but I don't enjoy being a guinea pig .lol
If I have an application ( magisk 25.2) that works flawlessly I will hold off a few days prior to jumping on the band wagon ( unless the new version has something I really need) - more often than not there are issues. I prefer to read about them rather than experiencing on my own skin. Hence my question.
Click to expand...
Click to collapse
Not everyone thinks as you do. I update as soon as a new version is released, but I also know what I'm doing.
Strephon Alkhalikoi said:
Not everyone thinks as you do. I update as soon as a new version is released, but I also know what I'm doing.
Click to expand...
Click to collapse
It's not a question of knowledge but rather the things that are beyond ones control - possibility of bugs in the code. For example look what happened recently with platform tools.
@jcp2 With all the things you flash, you should also know what that is. Then it would be much easier for you to figure it out why your device is in an unbootable state.
Magisk, Kernel, fastbootd... have one thing in common: your boot.img!
It doesn't make sense to let Magisk patch your boot.img and installing a custom kernel without Magisk installed afterwards. In that case Magisk gets overwritten.
Your fastbootd is only a binary and located in the recovery's /sbin folder. Due to the fact that your P6P is an A/B slot device, your recovery is part of the boot.img.
Flash your stock boot.img from the image-raven-BUILD_NO.zip that you'll find inside your firmware download.
I had already tried flashing stock boot image to both slots. I had to use AFT and force flash all partions. I'm up and running/ rooted. I just have to reinstall apps .
Android flash tool is by far the easiest way to go for sure. Happy you got it fixed
{Mod edit: Quoted post has been deleted. Oswald Boelcke}
6. fast boot flash
That ADB Command does nothing.
The correct command is:
fastboot flash boot boot.img if you want to flash the boot.img
{Mod edit: Quoted post has been deleted. Oswald Boelcke}
You should give us the correct command. The syntax is (see fastboot -h):
Code:
flash PARTITION [FILENAME] Flash given partition, using the image from
$ANDROID_PRODUCT_OUT if no filename is given.
you can't use "fast boot" for a binary that's called "fastboot(.exe)".

Categories

Resources