Related
I been trying to flash some system images I find on the treble forum and nothing is flashing.
My bootloader is unlocked and I'm rooted with magisk
Whenever I run "fastboot erase system" I get a permission denied error and doing "fastboot format system" I get an error about a raw filesystem
Trying to flash an image without wiping I get an error about resizing the system partition.
Am I doing something wrong? It's been years since I've tinkered with Android so I'm out of the loop on Android's dynamic partitioning etc etc
Edit: Figured it out
https://forum.xda-developers.com/mo...de-how-to-flash-generic-image-moto-g-t4131199
for anyone wondering, i just figured it out, the moto g stylus has 2 fastboot modes? one is the bootloader (adb reboot bootloader) and the other is fastbootd (adb reboot fastboot)
booting into fastbootd solved my flashing and wiping issues
Yes. The Android 10 has a new fastbootd mode.
You can enter it with a command
Code:
adb reboot fastboot
You can try to install the Treble image through it. Because in Android 10 there is a new physical partition super.img, which contains three logical partitions - vendor.img, system.img and product.img.
ilia3367 said:
Yes. The Android 10 has a new fastbootd mode.
You can enter it with a command
You can try to install the Treble image through it. Because in Android 10 there is a new physical partition super.img, which contains three logical partitions - vendor.img, system.img and product.img.
Click to expand...
Click to collapse
Yeah I just figured this out although I'm still having issues flashing any gsi ROM, nothing boots after a factory reset, even if I just flash a boot.img patched by magisk with dm verity and encryption disabled
DMedina559 said:
Yeah I just figured this out although I'm still having issues flashing any gsi ROM, nothing boots after a factory reset, even if I just flash a boot.img patched by magisk with dm verity and encryption disabled
Click to expand...
Click to collapse
Same boat. Bootloop if I try to get it to start unencrypted. Booting at least once into a clean boot, then flashing without formatting first let me patch magisk. Have a suspicion the phone isn't too happy about being unecrypted.
Any guides available for this latest OTA security update to preserve or restore root after applying?
Haven't yet done this on a 4a. Last did something similar on a Pixel 3a, but don't want to risk assuming the steps are the same, or even similar.
Anyone succesfully applied the security update yet and been able to restore Magisk?
This is what i did:
1. download both the full OTA file and the factory image file.
2. extract the boot.img from the factory image
3. in magisk patch the extracted boot image, copy back to PC
4. apply update in recovery - adb sideload ota_file.zip
5. reboot to bootloader
6. flash your rooted boot image from step 3
7. reboot phone.
8. i failed safety net and had to install this module through magisk - https://github.com/kdrag0n/safetynet-fix
I downloaded and installed the Jan OTA before realizing the Magisk inactive slot trick was broken :-(
Instead of restarting (and losing root) I patched the latest booot.img, restarted to fastboot, flashed the patched boot... Now when I try to restart it's the black google screen for a while, then back to fastboot with "no valid slot to boot" massage. Any advice on how to fix this? Or if it can't be fixed, best way to start fresh with rooted factory rom? Thanks!
Just try to flash both slots:
fastboot flash boot_a boot.root.sunfish-rq1a.210105.002.img
fastboot flash boot_b boot.root.sunfish-rq1a.210105.002.img
mrpeters said:
Any guides available for this latest OTA security update to preserve or restore root after applying?
Haven't yet done this on a 4a. Last did something similar on a Pixel 3a, but don't want to risk assuming the steps are the same, or even similar.
Anyone succesfully applied the security update yet and been able to restore Magisk?
Click to expand...
Click to collapse
Yea its all basically the same procedure on all A/B devices today and Magisk!
Meth0d said:
Just try to flash both slots:
fastboot flash boot_a boot.root.sunfish-rq1a.210105.002.img
fastboot flash boot_b boot.root.sunfish-rq1a.210105.002.img
Click to expand...
Click to collapse
Thanks so much for the suggestion. Unfortunately that didn't work, still was getting to the black google screen for a couple min and then back to fastboot.
So I used google's flash link to install the newest version of stock ROM via chrome browser, and it worked, my data was preserved as well! Root was lost.
In case anyone else had this problem, when I went to re-root using fastboot flash boot (patched img) I was getting:
FAILED (remote: Failed to write to partition Not Found)
So I flashed as you described above to boot_a and boot_b and IT WORKED! THANK YOU!!
Update 12-16: I am closing this thread as it is no longer relevant. Please refer to this guide.
@V0latyle Can you help me out I installed a magisk module that caused a bootloop and I tried the adb wait-for-device shell magisk --remove-modules and it doesn't work for me I'm on the P5 a12 beta 5 I have since flashed the stock boot.img. What can I do to remove this module?
elong7681 said:
@V0latyle Can you help me out I installed a magisk module that caused a bootloop and I tried the adb wait-for-device shell magisk --remove-modules and it doesn't work for me I'm on the P5 a12 beta 5 I have since flashed the stock boot.img. What can I do to remove this module?
Click to expand...
Click to collapse
I'm honestly not that familiar with Magisk, sorry. I suggest you ask in the Magisk thread, they'll be of more help to you over there. Magisk modules live in /data, not /boot, so a data wipe would get rid of the module...and all your user data too.
V0latyle said:
I'm honestly not that familiar with Magisk, sorry. I suggest you ask in the Magisk thread, they'll be of more help to you over there. Magisk modules live in /data, not /boot, so a data wipe would get rid of the module...and all your user data too.
Click to expand...
Click to collapse
Ok thanks for your help I appreciate it
elong7681 said:
@V0latyle Can you help me out I installed a magisk module that caused a bootloop and I tried the adb wait-for-device shell magisk --remove-modules and it doesn't work for me I'm on the P5 a12 beta 5 I have since flashed the stock boot.img. What can I do to remove this module?
Click to expand...
Click to collapse
Wiki:
Module Issues:Magisk and MagiskHide Installation and Troubleshooting guide
www.didgeridoohan.com
Scroll down to read how to disable modules through Safe Mode
There is also a section how to manage modules from custom Recovery (if TWRP applies to your phone)
You seem to understand the issue with vmeta (and the associated data wipe). So I went from android 11 to android 12 beta without a wipe and although on andorid 11 i could flash my kernels, on android 12 i cannot without vmeta/wipe. I thought I read that it was because 12 was in beta. I plan to flash the factory image of 12 today, withotu doing a wipe of course. Will i be able to flash my custom kernles again?
How do we get in the download mode to install the OTA?
I do use adb reboot recovery
but every time, I got this.
E:\platform-tools>adb sideload E:\platform-tools\blueline-ota-sp1a.210812.015-cee465f5.zip
adb: sideload connection failed: device unauthorized.
This adb server's $ADB_VENDOR_KEYS is not set
Try 'adb kill-server' if that seems wrong.
Otherwise check for a confirmation dialog on your device.
adb: trying pre-KitKat sideload method...
adb: pre-KitKat sideload connection failed: device unauthorized.
This adb server's $ADB_VENDOR_KEYS is not set
Try 'adb kill-server' if that seems wrong.
Otherwise check for a confirmation dialog on your device.
E:\platform-tools>adb sideload E:\platform-tools\blueline-ota-sp1a.210812.015-cee465f5.zip
adb: sideload connection failed: no devices/emulators found
adb: trying pre-KitKat sideload method...
adb: pre-KitKat sideload connection failed: no devices/emulators found
ShadowJP88 said:
How do we get in the download mode to install the OTA?
I do use adb reboot recovery
but every time, I got this.
.....
Click to expand...
Click to collapse
Once you're in recovery, are you going into ADB sideload (hold the power button, then press the volume up key, then choose "Apply update from ADB")?
kfhughes said:
Once you're in recovery, are you going into ADB sideload (hold the power button, then press the volume up key, then choose "Apply update from ADB")?
Click to expand...
Click to collapse
I can't find out how... I only have the droid page with "no command" text
sorry i cant understand this:
* If, after flashing a patched boot image, you get the "unable to load/verify boot image", you probably didn't get the flags quite right. Just reflash vbmeta with the disable flags and that should fix the problem.
pixel 5 here, unlocked bootloader, did a clean flash, booted magisk , after direct install and restart i was stuck at booloader menu with that message, i don't understand what i have to do reading your post
where can i do this and how? Just reflash vbmeta with the disable flags
i had to clean flash again to use the phone
For re-flashing the vbmeta.img, my command has always been a little different than yours.
I use: fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img
It's only a little different and your way might work, but if anyone has issues you could try this different command instead.
ShadowJP88 said:
I can't find out how... I only have the droid page with "no command" text
Click to expand...
Click to collapse
Hold down the power button and tap volume up to bring up the recovery menu.
V0latyle said:
With the Android 12 stable release just around the corner, I would like to make sure we have clear instructions on how to update with root.
These instructions work with the beta as well. This may seem redundant compared to other threads, but I wanted to consolidate the relevant information to one place.
WARNING: MANUALLY INSTALLING FACTORY UPDATES OR IMAGES REQUIRES AN UNLOCKED BOOTLOADER. If your bootloader is locked, DO NOT ATTEMPT THIS. You can, however, update using the OTA via ADB Sideload on a locked bootloader. DO NOT INSTALL THE BETA OTA WITH A LOCKED BOOTLOADER. BETA SOFTWARE IS EXPERIMENTAL AND MAY BE UNSTABLE, AND YOU MAY BE UNABLE TO RECOVER YOUR DEVICE IF SOMETHING GOES WRONG.
WARNING: MODIFY YOUR DEVICE AT YOUR OWN RISK. YOU ALONE WILL BE RESPONSIBLE FOR MALFUNCTION, DAMAGE, OR LOSS OF ANY KIND IF SOMETHING GOES WRONG.
Root will be done via Magisk. If you aren't already using it, download and install to your phone.
Warning: For the sake of simplicity, I frequently will use generalizations when referring to files ("[patched boot image]" instead of "magisk_patched-23001_xxxxx.img" for example). It is YOUR RESPONSIBILITY to ensure you are flashing the correct file. The easiest way to do this is type the command in the command line without the file itself, then drag and drop the file you want to flash into the command line window.
For those of you with a locked bootloader:
Simply install the update as usual via OTA, whether automatically through Android Update, or manually via adb sideload.
First, a bit of information on why you need to follow this guide (See this post)
Two new Verified Boot features implemented in Android 12 will interfere with attempts to root. A more detailed explanation is below if you would like.
Spoiler
Dm-verity (device-mapper-verity) is a method by which an image on block devices (the underlying storage layer of the file system) can be checked to determine if it matches an expected configuration, using a cryptographic hash tree. If the hash doesn't match, dm-verity prevents the stored code from loading.
Vbmeta verification is the other half of this - it provides a cryptographically signed reference hash which is used to verify the integrity of /boot, /system, and /vendor partitions. The vbmeta image is only used to verify /boot, while vbmeta-system is used to verify /system.
This was implemented to prevent persistent rootkits by means of a hardware level security check, to prevent "potentially harmful applications" such as Magisk from evading detection, as such applications residing within the kernel will have higher privileges than the detection applications.
What this means is that with these two enabled, a modified boot image will cause a verification error when flashed to the device, preventing boot. Interestingly, this check is not performed against "live" boot images loaded via ADB, so with dm-verity and vbmeta verification enabled, a modified image can be booted as long as the image in /boot is intact.
To update to Android 12 with data intact and reroot:
WARNING: Per Google, an Android 12 OTA should only be installed on a device running 12 DP or 12 Beta. However, other users were able to manually install the OTA via ADB without losing data, so DO THIS AT YOUR OWN RISK! It is currently unknown what Google's official instructions will be for installing the update, so the "best" current method is wait for automatic OTA.
Spoiler
If you update via automatic OTA:
1. Download the factory image (Yes, this is required) to your computer. Connect your device via USB.
2. Extract the contents of the factory image, then extract both boot.img and vbmeta.img from the image-[device].zip (where [device] is the codename for your device, such as Redfin for Pixel 5
3. Continue to Reflash vbmeta below
To manually install the OTA:
1. Download the OTA for your device, as well as the factory image (Yes, you need both) to your computer.
2. Install the OTA
3. Extract the contents of the factory image, then extract both boot.img and vbmeta.img from the image-[device].zip (where [device] is the codename for your device, such as Redfin for Pixel 5
4. Let the update complete, including reboot. Wait until you are in /system with the update process finished (no update notification)
5. Continue to Reflash vbmeta below
Reflash VBmeta
1. With device connected via USB, Developer Options enabled and USB Debugging enabled, reboot to bootloader using ADB:
Code:
adb reboot bootloader
2. Reflash vbmeta with dm-verity and boot verification disabled:
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
3. Reboot to bootloader:
Code:
fastboot reboot bootloader
Continue to Patch Boot Image below.
To update to Android 12 using Android Flash Tool:
Spoiler
1. Open this link in Google Chrome (DO NOT USE MICROSOFT EDGE OR MOZILLA FIREFOX) Here is the link for beta
2. Connect your device via USB (make sure USB Debugging is enabled)
3. Enable ADB access in the browser
4. Select your device
5. Select the Android 12 build
6. IMPORTANT: Click the pencil icon next to the selected build
7. Ensure Wipe Device, Disable Verification, and Disable Verity are checked. DATA WIPE IS REQUIRED when updating from an older version of Android. Don't lock your bootloader if you want root. Force flash all partitions should not be necessary (but use this if you've run into problems and are starting over). Skip Secondary and Force Debuggable should be unchecked, unless you want to use ADB for root access on the stock kernel for some reason.
8. Click Install Build.
9. Wait until the update finishes.
10. Continue to Patch Boot Image below.
To update to Android 12 via ADB using the factory image:
Spoiler
1. Download the factory image to your computer and connect your device via USB, with USB debugging enabled.
2. Extract the contents of the factory ZIP
3. Reboot to bootloader:
Code:
adb reboot bootloader
4. If necessary, update the bootloader: WARNING: IF DONE INCORRECTLY THIS WILL BRICK YOUR DEVICE!
Code:
fastboot flash bootloader [bootloader image]
Reboot back to bootloader.
5. If necessary, update the radio:
Code:
fastboot flash radio [radio image]
Reboot to bootloader.
6. Install the update:
Code:
fastboot --disable-verity --disable-verification -w update [factory image zip]
DATA WIPE IS REQUIRED when updating from an older version of Android.
7. Let the update complete
8. Continue to Patch Boot Image below
Patch Boot Image:
Spoiler
1. Extract boot.img from the factory image ZIP if you haven't done so already
2. Install Magisk on your phone
3. Move the boot image to your phone via USB, and patch it using "Select and Patch a File" in Magisk
4. Move the patched boot image back to your PC
5. Reboot to bootloader
6. Flash the patched boot image:
Code:
fastboot flash boot [patched boot image]
7. Reboot to system.
For subsequent updates to Android 12:
Either install the update via OTA Sideload, then reflash vbmeta with disable flags set, or dirty flash the factory image with disable flags set.
Live boot your patched boot image from bootloader (as long as you're still on Android 12, the old kernel should work fine):
Code:
fastboot boot [patched boot image]
In system, launch Magisk then select "Direct Install" to patch the stock image in /boot.
Key reminders:
* The OTA does not have a way to set the disable flags for vbmeta, so if you update via OTA, you will have to reflash vbmeta with the disable flags every time you update.
* If you forget to do this and have a patched boot image, bootloader will return an error: "failed to load/verify boot image"
* The fastest and easiest way to update is via OTA, but remember you will lose root until you're able to reflash vbmeta and repatch the boot image.
* Manually patching the new boot image in Magisk via "Select and Patch a File" should be unnecessary every time you update. You can, instead, just keep the image you originally patched, boot it every time you update, and flash the stock image in /boot using Magisk.
* If, after flashing a patched boot image, you get the "unable to load/verify boot image", you probably didn't get the flags quite right. Just reflash vbmeta with the disable flags and that should fix the problem.
Click to expand...
Click to collapse
@V0latyle I think I know why some people are having issues with obtaining root or maintaining root on Android 12 official release... When you use the following command,
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
I think after this command and then flashing the patched magisk boot image their might be a check on both slots. Would I be wrong suggesting for the disable vbmeta command be this instead?
Code:
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img
I was having the same issue where it was saying that the system was corrupt and having to do a factory wipe after doing the command without --slot=all for the vbmeta disable flag command.
rester555 said:
@V0latyle I think I know why some people are having issues with obtaining root or maintaining root on Android 12 official release... When you use the following command,
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
I think after this command and then flashing the patched magisk boot image their might be a check on both slots. Would I be wrong suggesting for the disable vbmeta command be this instead?
Code:
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img
I was having the same issue where it was saying that the system was corrupt and having to do a factory wipe after doing the command without --slot=all for the vbmeta disable flag command.
Click to expand...
Click to collapse
I haven't read his full instructions hidden behind the spoiler tags, but in my experience after flashing the vbmeta.img the first time, I needed to follow it with "fastboot -w" and wipe my phone, then flash the patched boot.img.
On subsequent updates as long as I booted to bootloader immediately after flashing the OTA.zip to flash vbmeta, I didn't have to wipe. If I boot to system by mistake, I'll need to fastboot -w again
rester555 said:
@V0latyle I think I know why some people are having issues with obtaining root or maintaining root on Android 12 official release... When you use the following command,
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
I think after this command and then flashing the patched magisk boot image their might be a check on both slots. Would I be wrong suggesting for the disable vbmeta command be this instead?
Code:
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img
Click to expand...
Click to collapse
xunholyx said:
I haven't read his full instructions hidden behind the spoiler tags, but in my experience after flashing the vbmeta.img the first time, I needed to follow it with "fastboot -w" and wipe my phone, then flash the patched boot.img.
On subsequent updates as long as I booted to bootloader immediately after flashing the OTA.zip to flash vbmeta, I didn't have to wipe. If I boot to system by mistake, I'll need to fastboot -w again
Click to expand...
Click to collapse
@xunholyx I did what you suggested, flashing the vbmeta.img and then patching the magisk boot image and I got the corrupt system message in recovery. So I ended up reflashing stock image with wipe through adb.. did minimal initial setup, then reflashed the vbmeta.img to all slots and then immediately flashed the patched magisk image. That seemed to work for me to gain root on A12.
Did as you showed , and it works well .Thank!
4a 5G here (sorry, I know that this is the section for Pixel 5, but I assume most or all things are the same). I rushed and installed the OTA the normal way, thinking I'll be able to patch and flash boot.img afterwards (like normally). Update went fine (upgrading from 11, haven't used any of the DPs/betas), but after I flash the patched boot.img, I get "failed to load/verify boot images" in fastboot. Am I out of luck?
rester555 said:
@V0latyle I think I know why some people are having issues with obtaining root or maintaining root on Android 12 official release... When you use the following command,
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
I think after this command and then flashing the patched magisk boot image their might be a check on both slots. Would I be wrong suggesting for the disable vbmeta command be this instead?
Code:
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img
I was having the same issue where it was saying that the system was corrupt and having to do a factory wipe after doing the command without --slot=all for the vbmeta disable flag command.
Click to expand...
Click to collapse
So are you saying that using the slot all flag fixed your problem?
killchain said:
4a 5G here (sorry, I know that this is the section for Pixel 5, but I assume most or all things are the same). I rushed and installed the OTA the normal way, thinking I'll be able to patch and flash boot.img afterwards (like normally). Update went fine (upgrading from 11, haven't used any of the DPs/betas), but after I flash the patched boot.img, I get "failed to load/verify boot images" in fastboot. Am I out of luck?
Click to expand...
Click to collapse
Did you follow the instructions on flashing vbmeta with the disable flags set?
Another 4a 5G owner here. I installed the OTA via recovery yesterday and tried to flash a patched boot.img, but got "failed to load/verify boot images". Reanimated the phone using a factory image, then tried to flash vbmeta.img with verification disabled (but no wipe) and patched boot.img. The phone couldn't boot into the system and offered to perform factory reset. I didn't want to wipe anything so I didn't go with it, but it seems like there is no way to root 4a 5G and keep your data (at least for now).
But I will be happy to be proven wrong!
I am closing this thread as it is no longer relevant. For rooting instructions or further discussion, please go here.
Spoiler: Deprecated
Current status as of October 21: Data wipe required for permanent root. Patched boot image can be live booted after upgrade for temporary root.
Update 10-29: I have posted a thread over in the Android Development forum so that developers can hopefully take a look at what might be causing our boot issues. Please don't post there but feel free to check for updates.
Since some of us are running into issues with root after upgrading to Android 12, I'd like to invite everyone to share their results here.
Please be as descriptive as possible, and include at the very least the following information:
* What software you were running before the update
* What method you used to update:
- Automatic OTA
- Manual OTA
- Android Flash Tool
- Manual factory image
* Whether or not you wiped /data or did a factory reset
* Any issues you ran into during the process
* Your current state (bootloop, bootloader error, recovery error, system with or without root)
Hopefully this will help us narrow down on exactly what is causing some of the problems.
I have a pixel 5, was running Android 11 with oct. 5 security update.
I flashed the non verizon factory image from the google factory image repository.
then patched my boot image
then tried to flash magisk patched boot
it kept going to bootloader saying error from @V0latyle where the boot image did not match because I didn't disable the flag.
I reflashed the non verizon factory image for pixel 5.
I went through the initial google setup and then adb back into bootloader.
I tried using the disable flags command in the flash-all.bat file from the factory image. It failed and went to recovery and said I had a corrupt system image in recovery mode.
I factory reset and reflashed factory image without flags in the flash-all.bat file
Went through google initial setup
adb back into fastboot.
pushed the disable flag commaned with --slot=all
patched magisk image
booted into A12 with root.
So far root has taken for everything and no issues.
yes i did wipe, i was on protonaosp 11.60 - Pixel 4a5g
So basically I copied 4 files into my platform-tools folder (flash-all.bat, bootloader, image, radio)
Then edited the flash-all.bat a little bit (highlighted blue below) based on your guide
PATH=%PATH%;"%SYSTEMROOT%\System32"
fastboot flash bootloader bootloader-bramble-b5-0.4-7617461.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot flash radio radio-bramble-g7250-00147-210811-b-7631450.img
fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot --disable-verity --disable-verification -w update image-bramble-sp1a.210812.015.zip
echo Press any key to exit...
pause >nul
exit
Then
adb reboot bootloader
flash-all
Wait, done. Follow the usual magisk patched setup. So far no issue. Just sharing my experience here.
rester555 said:
I have a pixel 5, was running Android 11 with oct. 5 security update.
I flashed the non verizon factory image from the google factory image repository.
then patched my boot image
then tried to flash magisk patched boot
it kept going to bootloader saying error from @V0latyle where the boot image did not match because I didn't disable the flag.
I reflashed the non verizon factory image for pixel 5.
I went through the initial google setup and then adb back into bootloader.
I tried using the disable flags command in the flash-all.bat file from the factory image. It failed and went to recovery and said I had a corrupt system image in recovery mode.
I factory reset and reflashed factory image without flags in the flash-all.bat file
Went through google initial setup
adb back into fastboot.
pushed the disable flag commaned with --slot=all
patched magisk image
booted into A12 with root.
So far root has taken for everything and no issues.
Click to expand...
Click to collapse
To be clear, you initially tried to dirty flash the factory image without a data wipe?
Pixel 4a 5G. Was running rooted A11 before the update, never installed any betas.
1. Dirty flashed the non-Verizon OTA image via recovery sideload, didn't wipe anything
2. Patched boot.img from the latest factory image with Magisk, flashed it
3. Got into a bootloop with "Failed to load/verify boot images"
4. Reverted everything by flashing the full factory image (without -w), booted into the system
5. Went back to fastboot, flashed vbmeta.img with --disable- flags but no --slot=all
6. Flashed the patched boot.img again, tried to boot
7. Saw the corrupt system screen, decided not to format data
8. Repeated step 4
So now I have a working system and no root.
V0latyle said:
To be clear, you initially tried to dirty flash the factory image without a data wipe?
Click to expand...
Click to collapse
sorry I didn't try dirty flashing from A11 to A12... I did a -w on the initial install.
esta0 said:
Pixel 4a 5G. Was running rooted A11 before the update, never installed any betas.
1. Dirty flashed the non-Verizon OTA image via recovery sideload, didn't wipe anything
2. Patched boot.img from the latest factory image with Magisk, flashed it
3. Got into a bootloop with "Failed to load/verify boot images"
4. Reverted everything by flashing the full factory image (without -w), booted into the system
5. Went back to fastboot, flashed vbmeta.img with --disable- flags but no --slot=all
6. Flashed the patched boot.img again, tried to boot
7. Saw the corrupt system screen, decided not to format data
8. Repeated step 4
So now I have a working system and no root.
Click to expand...
Click to collapse
Try reflashing vbmeta with the disable flags and --slot=all, then try booting your patched boot image.
rester555 said:
sorry I didn't try dirty flashing from A11 to A12... I did a -w on the initial install.
Click to expand...
Click to collapse
Odd. Sounds like it should have worked the first time. You actually did it right, wiping data when upgrading using the factory image.
V0latyle said:
Try reflashing vbmeta with the disable flags and --slot=all, then try booting your patched boot image.
Odd. Sounds like it should have worked the first time. You actually did it right, wiping data when upgrading using the factory image.
Click to expand...
Click to collapse
Yeah, I wonder if my patched image became corrupt or something... transferring boot images from windows to android devices always freak me out. I should do a hash check on them.
In the future I might just download the image directly to my phone extract the boot images for magisk patching... then bringing them over to my windows environment.
Pixel 4a 5G, coming from the June/July patch of stock Android 11 (for some reason I did not get the October patch even though I started regularly checking for updates - hoping for A12 - about 10 days ago) - it was rooted and I didn't disable anything (regarding Magisk) in advance.
Dirty flashed A12 OTA through the UI and rebooted - went fine (with the exception that when I hit reboot from settings, phone turned off instead of rebooting; upon turning on again, update went normally, and IIRC Magisk Manager asked by itself to reinstall the app).
I patched boot.img extracted from the latest FI (non-Verizon) and attempted to flash it; flash went fine, but afterwards I got to "failed to load/verify boot images" in fastboot.
As per suggestions from @V0latyle I ran "fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img" which got me to recovery and a corrupt system state.
Ran "fastboot flash vbmeta vbmeta.img" after which I could boot normally and there was no data loss (but no root)
Tried "fastboot --disable-verity --disable-verification flash vbmeta vbmeta-beta5.img" (where "vbmeta-beta5.img" is vbmeta from Beta 5), IIRC it got me again to "failed to load/verify boot images" again.
Ran step 4 which got me to boot normally.
Sometime at this point I patched boot.img in Magisk again and managed to boot from it ("fastboot boot magisk_patched-xxxxx_yyyyy"), and system booted up with root; from then on tried direct install of Magisk - it went fine, but upon reboot I was back at "failed to load/verify boot images".
Ran 4 again, in addition to that I flashed unmodified boot.img and here I am - running system, no data loss, no root.
I haven't used the --slot flag anywhere, and I think fastboot always reported only touching slot a.
killchain said:
Pixel 4a 5G, coming from the June/July patch of stock Android 11 (for some reason I did not get the October patch even though I started regularly checking for updates - hoping for A12 - about 10 days ago) - it was rooted and I didn't disable anything (regarding Magisk) in advance.
Dirty flashed A12 OTA through the UI and rebooted - went fine (with the exception that when I hit reboot from settings, phone turned off instead of rebooting; upon turning on again, update went normally, and IIRC Magisk Manager asked by itself to reinstall the app).
I patched boot.img extracted from the latest FI (non-Verizon) and attempted to flash it; flash went fine, but afterwards I got to "failed to load/verify boot images" in fastboot.
As per suggestions from @V0latyle I ran "fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img" which got me to recovery and a corrupt system state.
Ran "fastboot flash vbmeta vbmeta.img" after which I could boot normally and there was no data loss (but no root)
Tried "fastboot --disable-verity --disable-verification flash vbmeta vbmeta-beta5.img" (where "vbmeta-beta5.img" is vbmeta from Beta 5), IIRC it got me again to "failed to load/verify boot images" again.
Ran step 4 which got me to boot normally.
Sometime at this point I patched boot.img in Magisk again and managed to boot from it ("fastboot boot magisk_patched-xxxxx_yyyyy"), and system booted up with root; from then on tried direct install of Magisk - it went fine, but upon reboot I was back at "failed to load/verify boot images".
Ran 4 again, in addition to that I flashed unmodified boot.img and here I am - running system, no data loss, no root.
I haven't used the --slot flag anywhere, and I think fastboot always reported only touching slot a.
Click to expand...
Click to collapse
Guess what I would recommend you try next? Lol.
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img
fastboot reboot bootloader
fastboot flash boot magisk_patched.img
fastboot reboot
V0latyle said:
Guess what I would recommend you try next? Lol.
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img
fastboot reboot bootloader
fastboot flash boot magisk_patched.img
fastboot reboot
Click to expand...
Click to collapse
You can also try this if that doesn't work..
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img
fastboot reboot bootloader
fastboot flash boot --slot=all magisk_patched.img
fastboot reboot
rester555 said:
You can also try this if that doesn't work..
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img
fastboot reboot bootloader
fastboot flash boot --slot=all magisk_patched.img
fastboot reboot
Click to expand...
Click to collapse
Good point actually, if it's giving us issues with the a/b slots on vbmeta, we should make sure that both /boot slots match too.
rester555 said:
You can also try this if that doesn't work..
fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img
fastboot reboot bootloader
fastboot flash boot --slot=all magisk_patched.img
fastboot reboot
Click to expand...
Click to collapse
Did you do the --slot=all for flashing the magisk patched image in your steps above (your first post where you said you finally got it work)?
pappy97 said:
Did you do the --slot=all for flashing the magisk patched image in your steps above (your first post where you said you finally got it work)?
Click to expand...
Click to collapse
This is what I am wondering as well, has flashing both boot slots actually fixed a problem for anyone?
What was the idea of the two slots? Wasn't it something dealing with seamless updates? Does it make sense to want to check what's in the other slot and whether it is what's causing trouble?
V0latyle said:
This is what I am wondering as well, has flashing both boot slots actually fixed a problem for anyone?
Click to expand...
Click to collapse
Well I tried those steps including flash magisk patched image to both slots, I still had the same issue. Gonna wait to see if others are able to do it successfully with a dirty flash before trying again. Thanks for your help!
Well, it looks like I'm definitely not immune.
Started from 12b5 (clean flash coming from Android 11), rooted.
Took the OTA today, rebooted, no root as expected.
Got home, flashed vbmeta to both slots with boot verification disabled.
Attempted to live boot my patched boot image from the 12 Beta, got boot.img missing cmdline or OS version
Bootlooped twice, got the "data may be corrupt" error in recovery
Reflashed vbmeta to both slots without disable flags, same result.
Dirty flashed factory image via ADB without disable flags, same result.
Dirty flashed factory image via Android Flash Tool without disable flags, same result.
Dirty flashed Beta 5 factory image via ADB, same result.
Tried to reflash vbmeta, vbmeta_system, and boot. Same result.
Now doing a CLEAN flash of the 210812.015 factory image with disable flags set. Booted and going through setup.
Patched boot image. Able to live boot patched image. Performed Magisk "direct install", about to reboot.
It worked! Now rooted on 12 Final, but had to wipe data.
Working on Safetynet now.
So to recap:
Nothing worked until I clean flashed the factory image with verity and verification disabled. I was then able to successfully root, and did not have to reflash anything. Unfortunately, it did require a data wipe.
pappy97 said:
Did you do the --slot=all for flashing the magisk patched image in your steps above (your first post where you said you finally got it work)?
Click to expand...
Click to collapse
yes
Can't get my device to pass attestation now. Installed the latest universal fix 2.1.1. There are currently no Android 12 fingerprints for props config. It's failing both basicIntegrity and ctsProfile, does say eval type is basic. Magisk is hidden. gPay and Play Services are 'hidden', cache and storage were cleared. Phone was rebooted. Funnily enough the banking apps work, but gPay does not.
ZeoFateX said:
Can't get my device to pass attestation now. Installed the latest universal fix 2.1.1. There are currently no Android 12 fingerprints for props config. It's failing both basicIntegrity and ctsProfile, does say eval type is basic. Magisk is hidden. gPay and Play Services are 'hidden', cache and storage were cleared. Phone was rebooted. Funnily enough the banking apps work, but gPay does not.
Click to expand...
Click to collapse
Weird. I haven't tried GPay yet but I think I'm passing...
Update: GPay works, I had no trouble adding cards. The only thing I've noticed is the NFC icon has a line through it and it says "Not set up". Not sure why.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I've created a patched boot.img with Magisk and flashed that with Fastboot but after rebooting Magisk still shows that it's not rooted. So I tried flashing the boot.img in Recovery but again after rebooting it's not rooted.
What am I doing wrong?
doveman said:
I've created a patched boot.img with Magisk and flashed that with Fastboot but after rebooting Magisk still shows that it's not rooted. So I tried flashing the boot.img in Recovery but again after rebooting it's not rooted.
What am I doing wrong?
Click to expand...
Click to collapse
The boot.img to patch must be the same as the rom you are using.
Try renaming magisk.apk and magisk.zip and flashing it with Twrp. (You may need to flash vbmeta and use "fastboot flash --disable-verity --disable-verification vbmeta images\vbmeta.img").
NOSS8 said:
The boot.img to patch must be the same as the rom you are using.
Try renaming magisk.apk and magisk.zip and flashing it with Twrp. (You may need to flash vbmeta and use "fastboot flash --disable-verity --disable-verification vbmeta images\vbmeta.img").
Click to expand...
Click to collapse
Yeah, I downloaded the correct ROM (miui_SURYAEEAGlobal_V12.5.4.0.RJGEUXM_0deb1eaf6f_11.0.zip) and extracted the boot.img from that.
Renaming magisk.apk to magisk.zip and flashing it just installs the app doesn't it, it doesn't root the phone as far as I'm aware.
I followed the instructions here, which say that you should only tick the "Patch vbmeta in boot image” option when patching the boot.img in Magisk if the device does NOT have a separate vbmeta partition. The Poco X3 does have a separate vbmeta partition,, so I didn't tick that option.
Installation
The Magic Mask for Android
topjohnwu.github.io
I've tried the "fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img" command with four different versions of fastboot that I've got, dating from 2016 to 2020, and they all reject the "--disable" switches as an "unknown option".
I tried it without those options, so I flashed the patched boot.img and then did "fastboot flash vbmeta vbmeta.img" but after rebooting Magisk still shows that root is not installed.
https://xiaomifirmwareupdater.com/miui/surya/stable/V12.5.4.0.RJGEUXM/
Type: Fastboot
Size: 5.3 GB
Release Date: 2021-11-09
Package Name: surya_eea_global_images_V12.5.4.0.RJGEUXM_20211109.0000.00_11.0_eea_e9805977c3.tgz
NOSS8 said:
https://xiaomifirmwareupdater.com/miui/surya/stable/V12.5.4.0.RJGEUXM/
Type: Fastboot
Size: 5.3 GB
Release Date: 2021-11-09
Package Name: surya_eea_global_images_V12.5.4.0.RJGEUXM_20211109.0000.00_11.0_eea_e9805977c3.tgz
Click to expand...
Click to collapse
OK, I see that the one I downloaded was the 2.7GB recovery version rather than the 5.3GB fastboot version, but isn't the boot.img the same in both?
doveman said:
OK, I see that the one I downloaded was the 2.7GB recovery version rather than the 5.3GB fastboot version, but isn't the boot.img the same in both?
Click to expand...
Click to collapse
Yep, normally, in the current recovery there is only a "payload.bin" file but maybe on old phones the boot.img is present (I don't remember).
Maybe download it and check the imgs in the img folder.
Have you tried with an older or beta version of Magisk?
In case the cmd posted above is generic, the real cmd is:
fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
fastboot flash vbmeta vbmeta.img
Check:
https://forum.xda-developers.com/t/...n-vendor-dynamic-partition-enable-rw.4238807/
https://forum.xda-developers.com/t/q-h-safety-way-to-unlock-bootloader-flash-recovery-root.4198719/
NOSS8 said:
Yep, normally, in the current recovery there is only a "payload.bin" file but maybe on old phones the boot.img is present (I don't remember).
Maybe download it and check the imgs in the img folder.
Have you tried with an older or beta version of Magisk?
In case the cmd posted above is generic, the real cmd is:
fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
fastboot flash vbmeta vbmeta.img
Click to expand...
Click to collapse
Yeah, in the "miui_SURYAEEAGlobal_V12.5.4.0.RJGEUXM_0deb1eaf6f_11.0.zip" recovery version, there's a boot.img in the root folder and vbmeta.img (and vbmeta_system.img) in the firmware-update folder.
In the fastboot version, the boot.img is in the images folder but it's the same size (134,217,728) as is vbmeta.img (4,096).
I realised I made a stupid mistake as I was trying to do it in Powershell and it was saying "unknown option -- disable-verity" so it was adding a phantom space between -- and disable-verity. I reflashed the patched boot.img and vbmeta.img using those switches from a command prompt and it flashed them OK, but after rebooting Magisk still says it's not rooted!
doveman said:
Yeah, in the "miui_SURYAEEAGlobal_V12.5.4.0.RJGEUXM_0deb1eaf6f_11.0.zip" recovery version, there's a boot.img in the root folder and vbmeta.img (and vbmeta_system.img) in the firmware-update folder.
In the fastboot version, the boot.img is in the images folder but it's the same size (134,217,728) as is vbmeta.img (4,096).
I realised I made a stupid mistake as I was trying to do it in Powershell and it was saying "unknown option -- disable-verity" so it was adding a phantom space between -- and disable-verity. I reflashed the patched boot.img and vbmeta.img using those switches from a command prompt and it flashed them OK, but after rebooting Magisk still says it's not rooted!
Click to expand...
Click to collapse
What happens if you try to root from the Magisk app?
NOSS8 said:
What happens if you try to root from the Magisk app?
Click to expand...
Click to collapse
The only option in the Magisk app is to root by patching the boot.img, which you then have to flash in fastboot.
I know it used to have an option to root in situ but I think that was removed some time ago.
doveman said:
The only option in the Magisk app is to root by patching the boot.img, which you then have to flash in fastboot.
I know it used to have an option to root in situ but I think that was removed some time ago.
Click to expand...
Click to collapse
No functional TWRP for this device.?
NOSS8 said:
No functional TWRP for this device.?
Click to expand...
Click to collapse
Yeah, I've got TWRP installed. I tried booting into that after flashing in fastboot, as I recall there was an issue once (probably on a different device) where the root wouldn't "stick" if you didn't do that, but it didn't help.
doveman said:
Yeah, I've got TWRP installed. I tried booting into that after flashing in fastboot, as I recall there was an issue once (probably on a different device) where the root wouldn't "stick" if you didn't do that, but it didn't help.
Click to expand...
Click to collapse
Strange case as strange as the number of threads has this subject for this device.
NOSS8 said:
Strange case as strange as the number of threads has this subject for this device.
Click to expand...
Click to collapse
I tried flashing the patched boot.img in TWRP, followed by the vbmeta.img, then I went to Advanced and did the "Fix AVB (vbmeta)". Now the System can't boot at all and it just boots into TWRP every time, so I guess that "Fix AVB (vbmeta)" has screwed something up.
doveman said:
I tried flashing the patched boot.img in TWRP, followed by the vbmeta.img, then I went to Advanced and did the "Fix AVB (vbmeta)". Now the System can't boot at all and it just boots into TWRP every time, so I guess that "Fix AVB (vbmeta)" has screwed something up.
Click to expand...
Click to collapse
This phone is rootable, surely an oversight or an error somewhere.
NOSS8 said:
This phone is rootable, surely an oversight or an error somewhere.
Click to expand...
Click to collapse
I've tried reflashing the patched and the original boot.img and vbmeta.img but it still says "System is destroyed" if I try to boot to System. I don't know what the "Fix AVB" did but it's not good!
doveman said:
I've tried reflashing the patched and the original boot.img and vbmeta.img but it still says "System is destroyed" if I try to boot to System. I don't know what the "Fix AVB" did but it's not good!
Click to expand...
Click to collapse
In case you can always flash a recovery or use Miflash to recover the phone.
To see:
https://www.gizmochina.com/2020/10/13/how-to-unlock-bootloader-and-root-poco-x3-nfc/
NOSS8 said:
In case you can always flash a recovery or use Miflash to recover the phone.
To see:
https://www.gizmochina.com/2020/10/13/how-to-unlock-bootloader-and-root-poco-x3-nfc/
Click to expand...
Click to collapse
I've already got TWRP recovery flashed. I guess I'll have to flash the ROM again and start from scratch.
I tried flashing super.img but that didn't fix it. In the end, going into ADB Sideload mode in TWRP and flashing the 2.7GB recovery version of the ROM with
"adb sideload miui_SURYAEEAGlobal_V12.5.4.0.RJGEUXM_0deb1eaf6f_11.0.zip" fixed it without losing any data.
I still can't root it though. I've tried the "install Magisk (root)" option in TWRP and renaming magisk.apk to magisk.zip and installing that in TWRP, but it still shows "Installed N/A" in Magisk and Root Verifier says "Root permission not granted or Superuser App Missing" but then it says "Superuser App: 25.25:MAGISKSU", so it's the root permission that isn't granted.
Surely that is the problem.
https://techshift.net/what-is-disable-verity/
NOSS8 said:
Surely that is the problem.
https://techshift.net/what-is-disable-verity/
Click to expand...
Click to collapse
I thought so but I've reflashed the patched boot.img and done
"fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img"
and
"fastboot --disable-verity --disable-verification flash vbmeta_system vbmeta_system.img"
in case it needed that too, but Magisk still shiows "Installed N/A"
I tried installed SR5-SuperSU-2.82 zip from TWRP to see if that would get it rooted,, but it couldn't even install that, it just gave some error.