Database Info

[GUIDE] Install Magisk with proper support for OTA updates

Code:
* I'm not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed.
* Please do some research if you have any concerns about features included in the products you find here before flashing it!
* YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
* Your warranty could be void if you tamper with any part of your device / software.
* Same statement for XDA.
Here's an alternative method to install Magisk that support OTA updates (copied from the Mi A1 forum and expanded )
You need a PC with Android platform tools (they exist also for MacOS and Linux). When using Windows, you should also install MiFlash tool to get the required drivers to recognize the device.
BOOTLOADER UNLOCK
First thing to do: unlock the bootloader (if you didn't already do this, obviously). Smartphones with Android One are much easier to unlock compared to other Xiaomi phones with MIUI (where you have to ask for authorization and wait for weeks).
CAUTION: when you unlock the bootloader, the phone will reset, erasing all your saved data. Backup your data before unlocking.
1. Go to Settings > System > About phone > and tap many times on "Build number" until you unlock "Developer options" (on Andoird 9 "About phone" is right at the top of the Settings app).​2. Go back to the previous page (i.e. Settings > System), where you can find now "Developer options". Go there and enable the "OEM unlocking" option (and it's better to never disable this).​3. Now you can shutdown your phone, then turn it on while holding the "Volume down" button pressed. Release it when you see the Fastboot screen You can also use the command "adb reboot-bootloader" if you already connected the phone to the PC.​4. Now connect the phone with your PC via USB cable, open an administrative command prompt, move to the directory where the Android platform tools are placed and unlock the bootloader with the following command:
Code:
fastboot oem unlock
The phone will reboot, erasing all the data.​
Now you unlocked your phone's bootloader and can continue to the next section.
MAGISK INSTALLATION
5. Download and install on the smartphone the latest version of Magisk Manager's apk available.
You need the smartphone to be connected to the internet, because Magisk won't install and won't work properly without a connection.​
6. Now you can easily download an already patched boot.img from the following list and jump straight to point 10 of this guide, or you can continue to the next point and learn to patch yourself an original boot.img
If you choose the short way, be sure that you select the patched_boot.img with the same "Build number" currently installed on your phone (see point 1 of this guide), and don't flash the file directly on the phone memory, because Magisk will not work properly (do exactly what this guide says, and you will not find problems, hopefully).
For our convenience, extract the patched_boot.img file in the same directory where Android platform tools are located.
patched_boot 9.6.4.0 (2018 July update) - patched with Magisk 17.1
patched_boot 9.6.6.0 (2018 August update) - patched with Magisk 17.1
patched_boot 9.6.8.0 (2018 September update) - patched with Magisk 17.1
patched_boot 9.6.9.0 (2018 October update) - patched with Magisk 17.1
patched_boot 9.6.10.0 (2018 November 1st update) - patched with Magisk 17.1
patched_boot 9.6.11.0 (2018 November 2nd update) - patched with Magisk 17.1
patched_boot 10.0.2.0 (2018 December upgrade to Android 9.0 Pie) - patched with Magisk 18.0
patched_boot 10.0.3.0 (2019 January update) - patched with Magisk 18.0
In case you erroneously flash those patched files directly on the phone, flash back the original boot.img via fastboot and follow the guide:
original boot.img 9.6.4.0 (2018 July update) - taken from fastboot ROM
original boot.img 9.6.6.0 (2018 August update) - taken from OTA update
original boot.img 9.6.8.0 (2018 September update) - taken from OTA update
original boot.img 9.6.9.0 (2018 October update) - taken from OTA update
original boot.img 9.6.10.0 (2018 November 1st update) - taken from OTA update
original boot.img 9.6.11.0 (2018 November 2nd update) - taken from OTA update
original boot.img 10.0.2.0 (2018 December upgrade to Android 9.0 Pie) - taken from fastboot ROM
original boot.img 10.0.3.0 (2019 January update) - taken from fastboot ROM
7. You need the original boot.img to patch. You can find it inside the official fastboot ROM zip for daisy. Check that the downloaded ROM version is the same as the "Build number" currently installed on your phone (see point 1 of this guide). If the versions are different, update (or downgrade if possible) your phone to that version. You can also download original boot.img elsewhere (for example at the point 6 of this guide), but always pick the same "Build number" of your phone.
After you get the boot.img, copy it to the phone memory (via USB or microSD, or download directly from the phone browser, as you prefer).​
8. Open the Magisk Manager app installed previously, it will ask if you want to install Magisk. Accept by tapping on "Install" > "Patch Boot Image File" and select the boot.img file that you get on the point 7 of this guide.​
9. Wait until the process completes (about 1 minute), then tap on "Close". Now in the phone memory, inside the Download directory, you should have a patched_boot.img file. Copy that file to the PC, inside the same folder where the Android platform tools are located, for our convenience.​
10. Reboot the phone in fastboot mode (as already explained in point 3 of this guide), open an administrative command prompt, move to the Android platform tools directory and then write the following command:
Code:
fastboot boot patched_boot.img
If everything works the phone should boot normally. Open Magisk Manager and it should ask to install Magisk, if not you must tap on the "Install" button. Then choose "Install" > "Direct Install (Recommended)" to install Magisk on the phone, and reboot when finished.​
11. Last step to stay safe when a new OTA update arrives: go to "Settings" > "System" > "Developer options" > and disable "Automatic system updates". From now on, you should check manually if a new OTA update is available.​
Now the installation is finished, you can use Magisk Manager to install modules and manage root permissions.
HOW TO APPLY OTA UPDATES
UPDATE 9 February 2019 It seems that with the latest Magisk (v18.1) and Magisk Manager (v7.0.0) the following procedure is working fine again. I didn't test it personally, but some users gave positive feedback.
WARNING! January 2019 Since the arrival of Android 9 Pie, the OTA update with Magisk as described in the following section, doesn't seem to work anymore. It could work, but you could also get a bootloop with the risk of losing your data.
Before upgrading from Android 8 to 9, or doing an OTA update after Android 9 you should:
- backup your data;
- remove any lockscreen password or fingerprint;
- uninstall totally Magisk and reboot.
If after doing this you get a bootloop, you could try to manually flash the vanilla boot.img via fastboot on the current slot (the same version as the last installed OTA). If you managed to fix the bootloop you can then install Magisk anew, from step 5 of this guide.
If the phone wants your PIN or password to proceed after the OTA update or after fixing the bootloop, and your PINs or passwords doesn't work, then you could have to reset the phone (or erasing the data partition, that should be the same thing), losing all your data.
Last chance if everything fails, you can flash the latest fastboot ROM from the official Xiaomi site and the phone will be working again.
IMPORTANT: OTA updates will work only if all the partitions on the smartphone are untouched. Magisk Manager can restore the original boot.img following this section of the guide, but if you tampered directly with the system partition (e.g. manually editing build.prop) or other partitions, OTA will refuse to install.
You can try to fix OTA updates without the need to flash the whole original fastboot ROM, by flashing only the tampered partitions (usually only "system") with the corresponding img file found inside the fastboot ROM zip. Check the "Troubleshooting" section of this guide for details.
12. When you know that a new OTA update is available and you want to install it, open Magisk Manager, and tap on "Uninstall" > "Restore Images" but very important: absolutely don't reboot the phone now!
Important note: Magisk Manager will restore the boot.img that was found on the phone while installing Magisk. If the boot.img was already non-vanilla (for example you flashed the boot.img with TWRP before installing Magisk), Magisk Manager will backup that modified version of boot.img, and when restored the OTA will not work, as that's not a vanilla boot.img.​
13. Close Magisk Manager and go to "Settings" > "System" > "System update" and install the OTA update. After the update is downloaded, a two-stages update will begin.​
14. When both stages of the update process completed, it will ask to restart: DON'T DO IT!. Open Magisk Manager again and tap on "Install" > "Install" > "Install to Inactive Slot (After OTA)" and after that you can tap on "Reboot".​
After the reboot you will have the updated Android version with Magisk already working.
Thanks to user @jashancheema for the Mi A1 guide and a bigger thanks to @topjohnwu for the OTA part and above all for developing Magisk.

TROUBLESHOOTING
WARNING: before attempting any of the following operations, you must disable any screen lock, PIN or password, because you risk to not get back your data (encryption issues). It is recommended to take a backup, too (as every time a custom modding is involved).
You can get errors when installing OTA updates if you didn't follow meticulously the guide.
Check this list to try to find where the problem lies:
- when a new version is found, the updater will check if all the partitions on the device are untouched. If there is a partition that has been modified, the OTA updater will not proceed with the installation;​- typically, the two partitions commonly modified by user modding are the boot partition (that's where Magisk and TWRP are installed) and the system partition (when you change a config file, add or remove a system app, etc.);​- a system partition modified only by using Magisk modules is effectively untouched, because Magisk register all changes to /system in a file in the /data partition and then trick Android to believe those changes are really applied to /system;​- boot partition instead is really modified, but if you install Magisk following this guide, Magisk will save a copy of the untouched boot partition, and restoring it before applying OTA update will make the update work.​
Now, if you didn't follow this guide to install Magisk and you installed it in other ways, Magisk could alert you that he cannot restore the original boot.img (the boot partition) when you try to apply the OTA update.
To fix this, you can flash directly the vanilla (original, unmodified, untouched) boot.img taken from the point 6 of this guide, using those commands:
Code:
fastboot getvar current-slot
fastboot flash boot_? boot.img
the first command will tell you what is the current slot in use (a or b), the second command will flash the original boot into the phone, but you have to change the "?" in the command with a or b (i.e. the current slot that the first command provided).
Remember that the boot.img file version must correspond to the Android build version currently running in your phone.
If the OTA update will still refuse to apply, probably you changed something directly in the /system partition (for example you changed something in the build.prop without using a Magisk module to do this).
In this case you have to flash the original system.img in the phone with those commands:
Code:
fastboot getvar current-slot
fastboot flash system_? system.img
and as before, the first command will tell you the right slot to use instead of the "?" in the second command.
Here you can find the system.img extracted from the OTA updates zip (along with every other .img file inside that):
9.6.6.0 (August 2018) OTA update dump as .img files
9.6.8.0 (September 2018) OTA update dump as .img files
9.6.9.0 (October 2018) OTA update dump as .img files
9.6.10.0 (November 2018) full fastboot ROM
9.6.11.0 (November 2018) OTA update dump as .img files
If you want to obtain the system.img by yourself, you can find it inside the fastboot images but usually they are not updated monthly like OTA updates. But you can extract the system.img directly from the OTA update zips found in this thread (as I did above with my dumps), using the Python scripts found here.
To make the Python scripts work in Debian/Ubuntu and derivatives, you have to download both "extract_android_ota_payload.py" and "update_metadata_pb2.py", give them execution property and then install the package "python-protobuf". After this you can give this command to unpack the payload.bin file (that you must extract from the OTA update zip):
Code:
./extract_android_ota_payload.py /path/to/payload.bin
This will extract in the current directory all the .img files inside payload.bin, including the system.img
I don't know how to proceed in Windows, probably you only need to install the latest Python2 release and the script will work.​
As the last resort, you can flash directly with MiFlash the latest fastboot image available (even if older than your current version). Use the "flash_all.bat" script but before take a backup of your data, because the phone will be fully reset.
If you don't want to take the risk of not doing a backup, use the script "flash_all_except_storage.bat" when flashing, so you will keep all your data, but be warned that sometimes you will not be able to access the data anymore, because of encryption problems.
Right after the flash, you can start following the guide from point 5 or 6.
It should not be a problem downgrading the build version via fastboot, as long as the Android main version remain the same (Oreo 8.1 at the moment).

Thx, nice work :good:

Thanks to the OP. Great post! Totally noob friendly guide. Nice work.

It should also work on mi a2, thanks!

Lione2 said:
It should also work on mi a2, thanks!
Click to expand...
Click to collapse
Sure, but you can't use the posted patched_boot.img, because they're designed for Mi A2 Lite (daisy) and not for Mi A2 (jasmine).
EDIT: I posted the patched and original boot files for Mi A2 jasmine in the second post. I don't know if I can make a thread in the Mi A2 forum section with an adapted copy of my guide, there are already two guides there (even if not polished like this) and I don't want to create more confusion with a third guide about the same argument...

i've installed magisk from previous guide - what steps should I take to apply OTA update? - 12 to 14?
Now magisk informs me that there is 17.1 version - how to update it?

krzygaj said:
i've installed magisk from previous guide - what steps should I take to apply OTA update? - 12 to 14?
Now magisk informs me that there is 17.1 version - how to update it?
Click to expand...
Click to collapse
If you flashed directly the patched_boot.img via fastboot in both slots A and B as the other guide said previously, you must flash the original boot.img to both slots, then start the guide from point 10.

BubuXP said:
If you flashed directly the patched_boot.img via fastboot in both slots A and B as the other guide said previously, you must flash the original boot.img to both slots, then start the guide from point 10.
Click to expand...
Click to collapse
I did as you wrote but still can't install August update - is there any log?
- extracted boot.img from rom: http://en.miui.com/download-354.html
- did fastboot flash boot_a boot.img and fastboot flash boot_b boot.img and rebooted
- next rebooted and did fastboot boot patched_boot.img with patched_boot 9.6.4.0 (July update) - patched with Magisk 17.1
later did steps in guide - but when i do system update it stops on first stage
Any ideas?

krzygaj said:
I did as you wrote but still can't install August update - is there any log?
- extracted boot.img from rom: http://en.miui.com/download-354.html
- did fastboot flash boot_a boot.img and fastboot flash boot_b boot.img and rebooted
- next rebooted and did fastboot boot patched_boot.img with patched_boot 9.6.4.0 (July update) - patched with Magisk 17.1
later did steps in guide - but when i do system update it stops on first stage
Any ideas?
Click to expand...
Click to collapse
You tampered the system partition? Try flashing also the system.img in that case.
Another case could be that you made an OTA update from the June build to July: in this case the partitions on the other slot (probably only the boot partition) where lost when overwrited with fastboot (and cannot be restored, as we don't have any June build ROM or OTA).
If everything fails, do a full fastboot flash with MiFlash tool, but using the flash_all_except_storage.bat script, that should keep your data intact, restore all partitions (A and B) to stock versions and you can then apply OTA (before or after installing Magisk, but I suggest after installing Magisk so you can test if the guide works fine).

BubuXP said:
If everything fails, do a full fastboot flash with MiFlash tool, but using the flash_all_except_storage.bat script, that should keep your data intact, restore all partitions (A and B) to stock versions and you can then apply OTA (before or after installing Magisk).
Click to expand...
Click to collapse
Thanks above worked :good:
Hope the next update will go smoothly

September?

When booting comes a warning message because of the unlocked boot loader. How can I disable this message?

PC295 said:
When booting comes a warning message because of the unlocked boot loader. How can I disable this message?
Click to expand...
Click to collapse
you can't turn that off with open bootloader

Guys, after i have unlocked bootloader i cannot charge my phone when is off because he go on when I insert the plug, it's normal?

proton242 said:
Guys, after i have unlocked bootloader i cannot charge my phone when is off because he go on when I insert the plug, it's normal?
Click to expand...
Click to collapse
No

ConradB said:
No
Click to expand...
Click to collapse
ConradB you have some suggestion? Thank you

proton242 said:
ConradB you have some suggestion? Thank you
Click to expand...
Click to collapse
Same problem on mine, I don't know if it's a ROM bug or it's caused by unlocked bootloader or Magisk.
The only solution at the moment is charging while the phone is switched on.

BubuXP said:
Same problem on mine, I don't know if it's a ROM bug or it's caused by unlocked bootloader or Magisk.
The only solution at the moment is charging while the phone is switched on.
Click to expand...
Click to collapse
Ciao BubuXP, provando a rimuovere Magisk (lasciando il bootloader sbloccato) tutto torna alla normalità, cosa dici, crea casino quando patcha il boot.img?

[MAGISK][ROOT][BOOT.IMG] How to patch the Oneplus 8, 8T and 8 Pro stock Boot Image (boot.img) from the currently installed Stock ROM

Quick and concise how to for obtaining a Stock Boot Image from your Oneplus 8, 8T or 8 Pro device and patching with Magisk to create a fastboot flashable patched boot.img.
DISCLAIMER:
Code:
#include <std_disclaimer.h>
/*
*
* We are not responsible for bricked, broken or dead devices. This is a high-level
* how to for users with a basic knowledge of ADB and Fastboot. YOU alone are
* choosing to make these modifications, and you are solely responsible for your
* device's fit for use and wellbeing.
*
* Backup your data!
*
*/
PREREQUISITS:
An unpatched Stock Boot.img running on your device
General knowledge and understanding of ADB and Fastboot
Download latest op8, op8p, or op8t Horizon Kernel img from [e.g., op8p_7.img]:
https://dl.akr-developers.com/?dir=oneplus/horizon_kernel/R/images
Download latest Magisk Canary build from Github [e.g., app-debug.apk]:
https://raw.githubusercontent.com/topjohnwu/magisk_files/canary/app-debug.apk
DEVICE/PC OPERATIONS:
→ ADB
Enumerate devices
Code:
adb devices
Boot into Fastboot
Code:
reboot bootloader
→ FASTBOOT
Enumerate devices
Code:
fastboot devices
Determine the current slot (A/B), whichever slot you're on should be the "good" img
Code:
fastboot getvar current-slot
Boot with the custom kernel downloaded from Horizon to use root [NOTE: Include the full path of the img if not in the same directory]
e.g., fastboot boot "C:\Users\User\Downloads\op8p_R7.img"​
Code:
fastboot boot xxxxxxx.img
→ ADB
Copy the boot.img from each slot to the root of the device
Code:
adb shell
su
dd if=/dev/block/sde11 of=/sdcard/boot_a.img
dd if=/dev/block/sde35 of=/sdcard/boot_b.img
→ Android Device [NOTE: Some Android 11 devices experience patching issues on the Beta Channel like bootloop] [NOTE: Some users experience issues on Canary like no SIM detected; if so switch to Beta]
Install Magisk app-debug.apk (Canary)
Go to Settings → Update Channel → Canary
Go to Home → Install → Install → Select and Patch A File
Navigate to internal storage and select the stock boot.img [choose the img from whichever slot you're on]
When it’s done patching copy the file, named magisk_patched.img, from the root → Downloads of your device to PC
→ ADB
Code:
reboot bootloader
→ FASTBOOT
Test to ensure it boots before flashing; if not you'll need to patch the other img
Code:
fastboot boot magisk_patched.img
→ Android Device
If the device boots and you have root in the Magisk Manager app, reboot the device into Fastboot then flash the active slot [NOTE: Both slots do not need to be flashed; just the current active slot]
→ FASTBOOT
Flash the patched image file [NOTE: Include the full path of the img if not in the same directory]
e.g., fastboot flash boot_b "C:\Users\User\Downloads\magisk_patched.img"
Code:
fastboot flash boot magisk_patched.img
fastboot reboot
- OR -​
Code:
fastboot flash boot_a magisk_patched.img
fastboot reboot
- OR -​
Code:
fastboot flash boot_b magisk_patched.img
fastboot reboot
ADDITIONAL RESOURSES:
→ FASTBOOT
If you need to set the other slot to be the active slot use:
Code:
fastboot --set-active=a
- OR -​
Code:
fastboot --set-active=b
→ ADB
ADB Magisk Bootloop Fix
Code:
adb shell
magisk --remove-modules
→ OTA Help
Magisk stock boot.img missing fix [NOTE: Android 11 onwards, the /sbin folder might not exist, so Magisk will randomly create a folder under /dev and use it as the base folder]
Rename to: stock_boot_0.img
Compress with gzip = stock_boot_0.img.gz
Copy stock_boot_0.img.gz file to the root of: /data
Edit the config file: /dev/xxxxxxx/.magisk/config → Change SHA1= to 0
Magisk Manager → Uninstall Magisk → Restore Images
→ ADB
Determine the random folder name generated by Magisk on Android 11+
Code:
ls -laR /dev | grep '.magisk/rootdir'
→ ADB
Determine the Boot Image partition location [NOTE: Will list all partitions; look for boot_a and boot_b]
Code:
ls /dev/block/bootdevice/by-name/ -all

Tried some other way on android 11 but failed, so back to android 10.
maybe i won't get android 11 until TWRP is work.
can't easily backup data without root is very annoying, thanks for the work!

I have followed every step, but root only last until I restart my Oneplus.
What am I doing wrong? Why want the device stay rooted?

mrram said:
I have followed every step, but root only last until I restart my Oneplus.
What am I doing wrong? Why want the device stay rooted?
Click to expand...
Click to collapse
Guessing here, but have a second look at these two commands:
Code:
fastboot boot magisk_patched.img
△ This will NOT flash the rooted image, it will only boot up once so you can test it or use it for temporary root
verses
Code:
fastboot flash boot magisk_patched.img
▲ This will flash the rooted image and is used after you've tested the patched image to be sure it doesn't bootloop and to have persistent root

If I use this Horizon kernel to boot with root on 11.0.4.4, could I use directly Magisk 22.0 to root the device permanently? Thanks in advance.

MagikGab said:
If I use this Horizon kernel to boot with root on 11.0.4.4, could I use directly Magisk 22.0 to root the device permanently? Thanks in advance.
Click to expand...
Click to collapse
I only use the Horizon to boot then grab my kernel to patch with Magisk. You could use the Horizon kernel, but you would have to flash it, not just boot it. So, root device, backup stock dtbo, flash Horizon & dtbo, re-root if lost during flash. I would recommend against that until there's a custom recovery available in case there were any issues. Additionally, you must backup your stock dtbo if you ever want to return to stock. You should visit the Horizon thread for more details, but again if you're not familiar with kennel mods you might not want to start learning on a device without a custom recovery.

CarvedArt said:
I only use the Horizon to boot then grab my kernel to patch with Magisk. You could use the Horizon kernel, but you would have to flash it, not just boot it. So, root device, backup stock dtbo, flash Horizon & dtbo, re-root if lost during flash. I would recommend against that until there's a custom recovery available in case there were any issues. Additionally, you must backup your stock dtbo if you ever want to return to stock. You should visit the Horizon thread for more details, but again if you're not familiar with kennel mods you might not want to start learning on a device without a custom recovery.
Click to expand...
Click to collapse
I'd like only to root my device, remaining as more stock as possible, for now. If I want to avoid using a custom kernel (also for the rooting process), should I extract the boot.img with Python, then patch it with Magisk 22? Thanks in advance for your reply, but I'm coming from a Xiaomi that was quite easier to root

MagikGab said:
I'd like only to root my device, remaining as more stock as possible, for now. If I want to avoid using a custom kernel (also for the rooting process), should I extract the boot.img with Python, then patch it with Magisk 22? Thanks in advance for your reply, but I'm coming from a Xiaomi that was quite easier to root
Click to expand...
Click to collapse
Just follow the steps above -- that'll get you a stock kernel (your current kernel) patched with Magisk and permanently rooted. The above process is only using the Horizon kernel to boot your device with root so that you can extract your kernel and patch it. The final result will be as stock as you can get with root.

Hey everyone. OP8 Pro user here. Just took OTA going from 11.0.9.9 running Magisk Canary 23 to the newest 11.0.10.10. I restored images before taking the OTA and reinstalled magisk to the other slot like I always do to retain root. Ive now lost root and am trying to boot the last two versions of the Horizon kernel. Ive tried the two latest ones (r9.2 and r9.2.1 from February 2021) and while they do boot my phone, I cant get SU access to extract the stock images.
Anything else that anyone things I should try? All i want from Christmas is root.

Isn't there a more easy way to obtain root?
That's strange. I use OnePlus smartphones with LineageOS for years now and cannot remember to execute such a complicated procedure. Just now I got a OnrPlus 8, installed LineageOS and Magisk and restored my apps with Titanium. So, it definitely worked.
Now, after a Lineage system update, root is gone.
Unfortunately I cannot tell exactly how I installed Magisk. I have a very poor memory. Think I just installed the app and said either just "install" or patched the zip with TRWP
But I definitely never downloaded or extracted any boot image manually.
Has anyone an explanation for this?
Even more strange: I just tried to flash magisk.zip again with TRWP. Now it tells me
"Magisk patched boot image detected"
and later:
"Failed to mount '/system_root' (Device or resource busy)"
After reboot the Magisk app now offers me three choices in the install tab:
- choose a file and patch (only this one existed before)
- direct installation (recommended)
- install into inactive slot (after OTA)
I don't understand the last one and tried the recommendet one.
Now, root is there again. Do I have to do this after each update? With my OnePlus5 I didn't.

Unfortunately I have another problem with my OnePlus8 and Lineage:
I'm using AdAway which replaces the hosts file, but on my OP8 it cannot.
"Unable to cppy the hosts file to /System partition. Please check if the Magisk Systemless module is active"
What does it mean? The Magisk app says: "ramdisk yes"

tosho1 said:
Unfortunately I have another problem with my OnePlus8 and Lineage:
I'm using AdAway which replaces the hosts file, but on my OP8 it cannot.
"Unable to cppy the hosts file to /System partition. Please check if the Magisk Systemless module is active"
What does it mean? The Magisk app says: "ramdisk yes"
Click to expand...
Click to collapse
Magisk → Settings (Gear icon) → Systemless hosts ← Click it

tosho1 said:
Isn't there a more easy way to obtain root?
That's strange. I use OnePlus smartphones with LineageOS for years now and cannot remember to execute such a complicated procedure. Just now I got a OnrPlus 8, installed LineageOS and Magisk and restored my apps with Titanium. So, it definitely worked.
Now, after a Lineage system update, root is gone.
Unfortunately I cannot tell exactly how I installed Magisk. I have a very poor memory. Think I just installed the app and said either just "install" or patched the zip with TRWP
But I definitely never downloaded or extracted any boot image manually.
Has anyone an explanation for this?
Even more strange: I just tried to flash magisk.zip again with TRWP. Now it tells me
"Magisk patched boot image detected"
and later:
"Failed to mount '/system_root' (Device or resource busy)"
After reboot the Magisk app now offers me three choices in the install tab:
- choose a file and patch (only this one existed before)
- direct installation (recommended)
- install into inactive slot (after OTA)
I don't understand the last one and tried the recommendet one.
Now, root is there again. Do I have to do this after each update? With my OnePlus5 I didn't.
Click to expand...
Click to collapse
LineageOS is not the stock ROM so it's slightly different and not covered in this thread.

Thank you, CarvedArt. I wasn't aware of this.

Does anyone have the latest stable Android 13 patched boot image for the IN2015 that they can share with me ?

[GUIDE] Pixel 3 XL "crosshatch": Unlock Bootloader, Update, Root, Pass SafetyNet

If you are looking for my guide on a different Pixel, find it here:
Pixel 3
Pixel 3a
Pixel 3aXL
Pixel 4
Pixel 4XL
Pixel 4a
Pixel 4a (5G)
Pixel 5
Pixel 5a
Pixel 6
Pixel 6 Pro
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Prerequisites:
Latest SDK Platform Tools - if Platform Tools is out of date, you WILL run into problems!
USB Debugging enabled
Google USB Driver installed
I recommend using Command Prompt for these instructions; some users have difficulty with PowerShell.
Make sure the Command Prompt is running from your Platform Tools directory!
Android Source - Setting up a device for development
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub
Spoiler: Unlock Bootloader
Follow these instructions to enable Developer Options and USB Debugging.
Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
Connect your device to your PC, and open a command window in your Platform Tools folder.
Ensure ADB sees your device:
Code:
adb devices
If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
If you see "unauthorized", you need to authorize the connection on your device.
If you see the device without "unauthorized", you're good to go.
Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
Code:
fastboot flashing unlock
Select Continue on the device screen.
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA:
Code:
adb reboot sideload
Once in recovery:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.
Spoiler: Update and Root using PixelFlasher <<RECOMMENDED FOR NOVICES>>
PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.
For instructions, downloads, and support, please refer to the PixelFlasher thread.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet/Play Integrity
SafetyNet has been deprecated for the new Play Integrity API. More information here.
In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.
However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.
Mod available here. Do not use MagiskHide Props Config with this mod.
This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
YASNAC - GitHub
To check Play Integrity status:
Play Integrity Checker - NOTE: MEETS_STRONG_INTEGRITY will ALWAYS fail on an unlocked bootloader.
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.
Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!

[GUIDE] Pixel 4 XL "coral": Unlock Bootloader, Update, Root, Pass SafetyNet

If you are looking for my guide on a different Pixel, find it here:
Pixel 3
Pixel 3XL
Pixel 3a
Pixel 3aXL
Pixel 4
Pixel 4a
Pixel 4a (5G)
Pixel 5
Pixel 5a
Pixel 6
Pixel 6 Pro
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Prerequisites:
Latest SDK Platform Tools - if Platform Tools is out of date, you WILL run into problems!
USB Debugging enabled
Google USB Driver installed
I recommend using Command Prompt for these instructions; some users have difficulty with PowerShell.
Make sure the Command Prompt is running from your Platform Tools directory!
Android Source - Setting up a device for development
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub
Spoiler: Unlock Bootloader
Follow these instructions to enable Developer Options and USB Debugging.
Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
Connect your device to your PC, and open a command window in your Platform Tools folder.
Ensure ADB sees your device:
Code:
adb devices
If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
If you see "unauthorized", you need to authorize the connection on your device.
If you see the device without "unauthorized", you're good to go.
Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
Code:
fastboot flashing unlock
Select Continue on the device screen.
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA:
Code:
adb reboot sideload
Once in recovery:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.
Spoiler: Update and Root using PixelFlasher <<RECOMMENDED FOR NOVICES>>
PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.
For instructions, downloads, and support, please refer to the PixelFlasher thread.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet/Play Integrity
SafetyNet has been deprecated for the new Play Integrity API. More information here.
In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.
However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.
Mod available here. Do not use MagiskHide Props Config with this mod.
This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
YASNAC - GitHub
To check Play Integrity status:
Play Integrity Checker - NOTE: MEETS_STRONG_INTEGRITY will ALWAYS fail on an unlocked bootloader.
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.
Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!

Thanks for the guide, im currently on android 12, planing to downfgrade to Android 11, will be ok to follow the Master Root guide to patch, downgrade and root at the same time to Android 11?

kmry said:
Thanks for the guide, im currently on android 12, planing to downfgrade to Android 11, will be ok to follow the Master Root guide to patch, downgrade and root at the same time to Android 11?
Click to expand...
Click to collapse
Yep.

I can pass SafetyNet but GPay does not allow contactless. The only thing unclear is what settings you used from MagiskHide Props Config. Can you please share?

dortok said:
I can pass SafetyNet but GPay does not allow contactless. The only thing unclear is what settings you used from MagiskHide Props Config. Can you please share?
Click to expand...
Click to collapse
I didn't change anything under MHPC or UNSF, and tap to pay works fine on my Pixel 5.

V0latyle said:
I didn't change anything under MHPC or UNSF, and tap to pay works fine on my Pixel 5.
Click to expand...
Click to collapse
I thought the purpose of MHPC is to easily change the prop settings to another device. Does it even do anything by just installing the module?

dortok said:
I thought the purpose of MHPC is to easily change the prop settings to another device. Does it even do anything by just installing the module?
Click to expand...
Click to collapse
I'm not sure, I've never messed with anything under the hood, and honestly I didn't install it myself - I'm not sure how it got installed. Other users have mentioned success using only USNF.

Thank you for well written guides, will this guide work with any android version? I'm willing to follow this rooting process at Android 13

Broken.exe said:
Thank you for well written guides, will this guide work with any android version? I'm willing to follow this rooting process at Android 13
Click to expand...
Click to collapse
Yes

I just wanted to make a comment about the blanket statement of using the latest platform tools.
As of this writing, v34.0.0 is the most current, but it did not work for me and flashing the full images to a Pixel 4 XL.
Code:
{...}
extracting product.img (2440 MB) to disk... took 10.694s
extracting system.img (821 MB) to disk... took 4.031s
extracting system_ext.img (298 MB) to disk... took 1.498s
extracting system_other.img (23 MB) to disk... took 0.121s
extracting vendor.img (823 MB) to disk... took 4.021s
archive does not contain 'vendor_other.img'
Sending sparse 'super' 1/1 (4194303 KB) FAILED (Sparse file is too large or invalid)
fastboot: error: Command failed
Using v33.0.3 of the platform tools worked correctly for the Feb 2023 and Oct 2022 images. v34.0.0 failed for both of those.

jljtgr said:
I just wanted to make a comment about the blanket statement of using the latest platform tools.
As of this writing, v34.0.0 is the most current, but it did not work for me and flashing the full images to a Pixel 4 XL.
Code:
{...}
extracting product.img (2440 MB) to disk... took 10.694s
extracting system.img (821 MB) to disk... took 4.031s
extracting system_ext.img (298 MB) to disk... took 1.498s
extracting system_other.img (23 MB) to disk... took 0.121s
extracting vendor.img (823 MB) to disk... took 4.021s
archive does not contain 'vendor_other.img'
Sending sparse 'super' 1/1 (4194303 KB) FAILED (Sparse file is too large or invalid)
fastboot: error: Command failed
Using v33.0.3 of the platform tools worked correctly for the Feb 2023 and Oct 2022 images. v34.0.0 failed for both of those.
Click to expand...
Click to collapse
v34.0.0 has problems with fastbootd. It basically skips it, so v33.0.3 is the one people should be using right now until they fix it. There has been an issue opened up for it.

[GUIDE] Pixel 4a "sunfish": Unlock Bootloader, Update, Root, Pass SafetyNet

If you are looking for my guide on a different Pixel, find it here:
Pixel 3
Pixel 3XL
Pixel 3a
Pixel 3aXL
Pixel 4
Pixel 4XL
Pixel 4a (5G)
Pixel 5
Pixel 5a
Pixel 6
Pixel 6 Pro
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Prerequisites:
Latest SDK Platform Tools - if Platform Tools is out of date, you WILL run into problems!
USB Debugging enabled
Google USB Driver installed
I recommend using Command Prompt for these instructions; some users have difficulty with PowerShell.
Make sure the Command Prompt is running from your Platform Tools directory!
Android Source - Setting up a device for development
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub
Spoiler: Unlock Bootloader
Follow these instructions to enable Developer Options and USB Debugging.
Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
Connect your device to your PC, and open a command window in your Platform Tools folder.
Ensure ADB sees your device:
Code:
adb devices
If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
If you see "unauthorized", you need to authorize the connection on your device.
If you see the device without "unauthorized", you're good to go.
Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
Code:
fastboot flashing unlock
Select Continue on the device screen.
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA:
Code:
adb reboot sideload
Once in recovery:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.
Spoiler: Update and Root using PixelFlasher <<RECOMMENDED FOR NOVICES>>
PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.
For instructions, downloads, and support, please refer to the PixelFlasher thread.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet/Play Integrity
SafetyNet has been deprecated for the new Play Integrity API. More information here.
In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.
However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.
Mod available here. Do not use MagiskHide Props Config with this mod.
This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
YASNAC - GitHub
To check Play Integrity status:
Play Integrity Checker - NOTE: MEETS_STRONG_INTEGRITY will ALWAYS fail on an unlocked bootloader.
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.
Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!

Just a caveat, this doesn't appear to work with anything other than stock Android (e.g., will not work with Lineage).

roxy1712 said:
Just a caveat, this doesn't appear to work with anything other than stock Android (e.g., will not work with Lineage).
Click to expand...
Click to collapse
Correct, this is only meant for stock ROMs and stock kernels.

@V0latyle and all you other helpful people
A few basic questions please. I intend to use your guide to unlock the bootloader and root a Pixel 4a (non-5g) which is currently on stock rom Android 12 SP2A.220405.003. (Auto system updates are currently off in Developer options).
Should I update to the latest June version of Android 12 before doing anything?
Which versions of Magisk and Magisk Manager should I use to root the device?
Which elements of Magisk do I need to activate and which modules do I need to install to pass all SafetyNet checks so I can use UK banking apps?
I've used older versions of Magisk when the repository was built in but am unfamiliar with more recent versions where apparently there is no repo. How does one install modules now?
Many thanks

largeruk said:
@V0latyle and all you other helpful people
A few basic questions please. I intend to use your guide to unlock the bootloader and root a Pixel 4a (non-5g) which is currently on stock rom Android 12 SP2A.220405.003. (Auto system updates are currently off in Developer options).
Should I update to the latest June version of Android 12 before doing anything?
Click to expand...
Click to collapse
You can, but you don't have to. You'll be downloading the factory image so you can patch the boot image anyway, so you might as well take advantage of the newest security update.
largeruk said:
Which versions of Magisk and Magisk Manager should I use to root the device?
Click to expand...
Click to collapse
The two are the same. First, make sure you are only using the authentic Magisk from John Wu's Github, linked in the OP. Secondly, you can use almost any version of Magisk, but Android 12 support wasn't included until Canary 23010, meaning any version prior, including Stable v23.0 may not work properly. Since Public Beta 25.0 is out, just use that.
largeruk said:
Which elements of Magisk do I need to activate and which modules do I need to install to pass all SafetyNet checks so I can use UK banking apps?
Click to expand...
Click to collapse
Ensure Zygisk and DenyList are enabled. Enable DenyList on the Play Store and the apps you want to hide root from; it will not work on system processes. Install the Universal SafetyNet Fix module, linked in the OP. Installing USNF will likely also install MagiskHide Props Config.
Confirm SafetyNet is passing with YASNAC.
largeruk said:
I've used older versions of Magisk when the repository was built in but am unfamiliar with more recent versions where apparently there is no repo. How does one install modules now?
Click to expand...
Click to collapse
Again, the only legitimate source for Magisk is the Magisk Github. Do not use any other version from any other site. The repository continues to be alive and well. If you're talking about the module library, that is no longer included in Magisk, so you have to install the modules manually through Magisk. For more help with this, please see the Magisk help threads, also linked in the OP

V0latyle said:
Ensure Zygisk and DenyList are enabled. Enable DenyList on the Play Store and the apps you want to hide root from; it will not work on system processes. Install the Universal SafetyNet Fix module, linked in the OP. Installing USNF will likely also install MagiskHide Props Config.
Confirm SafetyNet is passing with YASNAC.
Click to expand...
Click to collapse
@ V0latyle Thanks very much for your incredibly helpful reply - much appreciated. Just some quick follow-ups for clarity please.
Zygisk - I assume that is enabled within Magisk somewhere?
DenyList - how exactly do I enable this 'on the Play Store'?
When you say DenyList will not work on system processes, I assume you mean things like Google Play Store etc? If so, is the mere installation of Magisk through the process you describe in the op now enough to hide Magisk and root from system processes?
Thanks again for your help and patience.

largeruk said:
@ V0latyle Thanks very much for your incredibly helpful reply - much appreciated. Just some quick follow-ups for clarity please.
Zygisk - I assume that is enabled within Magisk somewhere?
DenyList - how exactly do I enable this 'on the Play Store'?
When you say DenyList will not work on system processes, I assume you mean things like Google Play Store etc? If so, is the mere installation of Magisk through the process you describe in the op now enough to hide Magisk and root from system processes?
Thanks again for your help and patience.
Click to expand...
Click to collapse
Not to be rude but these are questions you should be asking in the Magisk support thread. Also, Google is your friend.
Here's how to get to the settings:
Spoiler: Screenshots
Google Play Store is not a system process. Google Play Services on the other hand is, and blocking it in MagiskHide used to be pretty standard for passing SafetyNet attestation.
For further questions please use the Magisk support threads, linked in the OP under "Pass SafetyNet"

Apologies for raising questions that, as you rightly point out, should have been posed in other threads. Lesson learnt.
A quick follow-up to my original set of questions. Given that I will be rooting with the latest (June) Magisk-patched factory image, will I need to update the bootloader and radio prior to flashing the patched stock img?
I've compared the versions between phone screen and those contained in the stock factory zip. Both versions appear to be older the current stock one:-
bootloader version on phone is c2f2-0.4-8048765 vs bootloader-sunfish-s5-0.4-8351029 on stock image
radio version on phone g8150-00123-220122-B-8106568 vs radio-sunfish-g7150-00090-220406-b-8411773.
Thanks again for all your advice. Much appreciated.

largeruk said:
Apologies for raising questions that, as you rightly point out, should have been posed in other threads. Lesson learnt.
A quick follow-up to my original set of questions. Given that I will be rooting with the latest (June) Magisk-patched factory image, will I need to update the bootloader and radio prior to flashing the patched stock img?
I've compared the versions between phone screen and those contained in the stock factory zip. Both versions appear to be older the current stock one:-
bootloader version on phone is c2f2-0.4-8048765 vs bootloader-sunfish-s5-0.4-8351029 on stock image
radio version on phone g8150-00123-220122-B-8106568 vs radio-sunfish-g7150-00090-220406-b-8411773.
Thanks again for all your advice. Much appreciated.
Click to expand...
Click to collapse
If the build numbers are different, you should update them. Don't worry about the numbers appearing "older"; as far as I can tell it doesn't seem like Google uses consecutive numbers for bootloader and radio.

This morning, my rooted Pixel 4a informed me that there was a "Security update available," even though I have Automatic System Updates turned off in Developer Options. And because I changed the device's signature in order to pass SafetyNet, it says it's an update for a Nexus 6P.
Obviously I don't want this update to install — especially since it's for the wrong device! Will it go ahead and download/install the update the next time I restart? (Or did it already download it?!) How can I abort this process?

acspdx said:
This morning, my rooted Pixel 4a informed me that there was a "Security update available," even though I have Automatic System Updates turned off in Developer Options. And because I changed the device's signature in order to pass SafetyNet, it says it's an update for a Nexus 6P.
Obviously I don't want this update to install — especially since it's for the wrong device! Will it go ahead and download/install the update the next time I restart? (Or did it already download it?!) How can I abort this process?
View attachment 5641937
Click to expand...
Click to collapse
I would recommend immediately changing the signature back to the 4a. Changing it should not be necessary to pass SafetyNet. Installing the Nexus software at the very least may fail to boot, and at the very worst may brick your device. The update has already unpacked to the alternate slot, so tapping Restart will attempt to reboot to that slot.

V0latyle said:
I would recommend immediately changing the signature back to the 4a. Changing it should not be necessary to pass SafetyNet.
Click to expand...
Click to collapse
When I first rooted it, I tried passing SafetyNet with an unmodified signature, but it didn't work; that's why I changed it. At any rate, I just reset things in MagiskHide Props Config, but I didn't reboot yet.
What to do about the already-downloaded update? Can I delete it somehow?

acspdx said:
When I first rooted it, I tried passing SafetyNet with an unmodified signature, but it didn't work; that's why I changed it. At any rate, I just reset things in MagiskHide Props Config, but I didn't reboot yet.
What to do about the already-downloaded update? Can I delete it somehow?
Click to expand...
Click to collapse
I don't know of a way to manually wipe the alternate slot. You could dirty flash the current factory image to both slots.
I am passing SafetyNet on my otherwise stock Pixel 5 using USNF + MHPC, no "under the hood" changes, although I have DenyList enabled on banking/DRM apps as well as Play Store.

V0latyle said:
I don't know of a way to manually wipe the alternate slot. You could dirty flash the current factory image to both slots.
Click to expand...
Click to collapse
Is that what you'd recommend I'd do, to prevent installing an inappropriate update? (And do you have a link that explains how to "dirty flash to both slots"?)

acspdx said:
Is that what you'd recommend I'd do, to prevent installing an inappropriate update? (And do you have a link that explains how to "dirty flash to both slots"?)
Click to expand...
Click to collapse
OP of this thread, under Update and root factory image, except you'd want to use the --slot=all argument to overwrite both slots.

V0latyle said:
OP of this thread, under Update and root factory image, except you'd want to use the --slot=all argument to overwrite both slots.
Click to expand...
Click to collapse
That's in the "fastboot update" command?

acspdx said:
That's in the "fastboot update" command?
Click to expand...
Click to collapse
Yes.
Code:
fastboot update --skip-reboot --slot=all image-device-buildnumber.zip

OK, deep breaths... I think I can do this. It's OK that the "master root" file was created on the previous version, right?
Let me make sure I have all the steps correct:
Reboot to bootloader.
% fastboot flash bootloader bootloader-sunfish-s5-0.4-7758095.img
Reboot to bootloader.
% fastboot flash radio radio-sunfish-g7150-00078-211007-b-7801723.img
Reboot to bootloader.
% fastboot update --skip-reboot --slot=all image-sunfish-sq1a.220205.002.zip
[When the update completes, the device will be in fastbootd.]
Reboot to bootloader.
% fastboot boot master_root.img
Does that look right? There's no "fastboot flash boot" step?

acspdx said:
OK, deep breaths... I think I can do this. It's OK that the "master root" file was created on the previous version, right?
Let me make sure I have all the steps correct:
Reboot to bootloader.
% fastboot flash bootloader bootloader-sunfish-s5-0.4-7758095.img
Reboot to bootloader.
% fastboot flash radio radio-sunfish-g7150-00078-211007-b-7801723.img
Reboot to bootloader.
% fastboot update --skip-reboot --slot=all image-sunfish-sq1a.220205.002.zip
[When the update completes, the device will be in fastbootd.]
Reboot to bootloader.
% fastboot boot master_root.img
Does that look right? There's no "fastboot flash boot" step?
Click to expand...
Click to collapse
If you have a newer version of Magisk installed, you can just re-patch the new boot image.
And yes, you can choose to flash the boot image instead:
Code:
fastboot flash boot --slot=all <patched boot image>
However, this will prevent OTA updates as there will be no "original" boot image.
The reason why I suggested booting an older patched image is to save the trouble of re-patching the image every time there's an update. Any version of Magisk can use almost any patched image for root, which it can then use to patch the images that are in /boot.

OK, so doing the Magisk "direct install" or using adb tools to "flash boot" is an either/or thing? It sound like, if I have Magisk 24, that'll be easier.