Pardon my ignorance but is 'sq3a.220605.009.b1-factory-157e2284' for the beta program? I'm on May 12L stable (rooted/ custom kernel) and don't want to be enrolled in the betas.
How To Guide Android 13 is OUT! (August 15, 2022 - TP1A.220624.021) - Unlocking the Pixel 6 Pro bootloader & central repository of relevant links
- Thread starter roirraW "edor" ehT
- Start date
Is this the stable release update for the QPR ?
I'm asking because I want to opt out of the qpr beta program without a data wipe.
I'm asking because I want to opt out of the qpr beta program without a data wipe.
Yes, today's June release is the stable release of QPR3.
I just updated to June. I have unlocked phone from google, used the verizon build this time as I have been having a lot of network issues. Updated magisk to 24310, did update using factory image. All good!
Just so there's no confusion...
9to5google.com
Android 12 Beta Program ends with QPR3, Pixel phones will automatically be unenrolled
With the launch of QPR3 today, the Android 12 Beta Program is ending with Google Pixel users not needing to take any further action...
Also looks like the QPR betas will continue with Android 13...
"Android 13 beta program ends in June 2023 with the public release of the Android June QPR and Pixel Feature Drop."--Google
www.google.com
"Android 13 beta program ends in June 2023 with the public release of the Android June QPR and Pixel Feature Drop."--Google
Android Beta Program
Android Beta Program allows you to enroll your Android device for beta releases.
I'm guessing that yes, that's the Beta. See the top of the first post in this thread for the links to the Verizon and Global Stable June factory images.
Also, see the following:
Just so there's no confusion...
Android 12 Beta Program ends with QPR3, Pixel phones will automatically be unenrolled
With the launch of QPR3 today, the Android 12 Beta Program is ending with Google Pixel users not needing to take any further action...
Magisk Beta v25 is out. BEWARE if you're going to flash a custom kernel on the June stock firmware without Verity and Verification disabled, and use Magisk v25, you may have to jump through hoops to get the custom kernel working. So either stick with Stable v24.3 for now, or look out for info from your favorite custom kernel developer for a modification to their custom kernel package to make it work with Magisk v25.
github.com
Releases · topjohnwu/Magisk
The Magic Mask for Android. Contribute to topjohnwu/Magisk development by creating an account on GitHub.
github.com
Last edited:
Kiri has made the adjustments with his new release today (incorporating catntrips hashtree patcher work) and "should" work but hasn't been tested on Magisk 25. He still recommends using Stable 24.3 or Canary pre-24303 at this time to avoid potential conflicts.Magisk v25 is out. BEWARE if you're going to flash a custom kernel on the June stock firmware without Verity and Verification disabled, and use Magisk v25, you may have to jump through hoops to get the custom kernel working. So either stick with Stable v24.3 for now, or look out for info from your favorite custom kernel developer for a modification to their custom kernel package to make it work with Magisk v25.
Releases · topjohnwu/Magisk
The Magic Mask for Android. Contribute to topjohnwu/Magisk development by creating an account on GitHub.
not sure what happened
flashed the factory image with the -w removed
now it boot loops.
flashed the factory image with the -w removed
now it boot loops.
Did you disable all Magisk Modules? Search the OP of this thread for the word "safe" for how to boot into safe mode, which will disable all Magisk Modules, then you can reboot as normal and make sure it works, and the modules will remain disabled until you re-enable them.
i thought flashing stock gets rid of the modules?
regardless, i cant enter safemode...
If you don't wipe, it doesn't get rid of anything except root. Did you re-root the new boot.img with Magisk Stable v24.3 and flash the rooted new boot.img? If you didn't re-root, then ignore that part. The modules would still exist but shouldn't do anything at all if the kernel isn't rooted.
If you did re-root you could always reflash the factory image (with -w removed again) and don't re-root if you have to, or just flash the stock boot.img if you hadn't flashed a custom kernel.
It's not easy to get into safe mode, but it can take multiple tries to get used to how to do it.
If all else fails you can search the OP for the link to the official Android Flash Tool (Google's website). This has fixed things that flashing the full factory image didn't fix for many, many users. You can even check/uncheck the option to wipe to try a dirty flash using the flash site first.
tried both patched boot image and unpatched.
neither work... will try the android flash tool.. really hope i dont need to wipe.
re-flashed may, and it boots... ill re-download the june zip incase it was corrupt.
edit: the flash tool worked, now im on june, rooted.
not sure why it didnt work with the flash all zip...
Last edited:
Argh. I disabled Magisk Modules, I'm still on Magisk v24.3, and just like every month I tried the flash-all with the -w removed, and this is what I got (check the bottom of the log):
I can get Android Flash Tool to see my device, but I don't see a way of selecting the June 2022 Stable Build. Only either the March build or a Beta/Developer Preview. I'll try flashing the May 2022 Stable build with flash-all now. I had previously checked the hash of the full firmware zip and it had matched.
Edit: I get the same with the May full firmware. Probably going to have to do a full wipe.
I can get Android Flash Tool to see my device, but I don't see a way of selecting the June 2022 Stable Build. Only either the March build or a Beta/Developer Preview. I'll try flashing the May 2022 Stable build with flash-all now. I had previously checked the hash of the full firmware zip and it had matched.
Edit: I get the same with the May full firmware. Probably going to have to do a full wipe.
Edit 2: Solved.
- I uninstalled Samsung's driver (which I use for my tablet) even though it worked fine for the April and May Pixel updates. I haven't checked to see if there's an updated Samsung driver yet, but I'll likely just swap back and forth between official Google and Samsung drivers depending on which device I'm flashing, from now on. There definitely isn't an updated Google driver.
- I then turned the phone off and back on into Fastboot mode manually.
- Then I used one of my other USB-C connections although the one I was trying and failing with earlier I had used at least last month just fine.
None of these things individually would solve the issue. All is good and June just now flashed and booted fine.
Note to everyone (and for myself to remember). The first time launching my hidden Magisk it said I needed to restore the app, but by clicking Cancel and then launching it again, Magisk loaded fine.
I decided to wait to see if Magisk v25 or higher goes Stable, so I'm still on Stable v24.3.
Last edited:
Just wanted to say, used Android flash tool (kept verity enabled / kept data / kept bootloader unlocked) rebooted, let phone finish android update, rebooted to fastboot (platform tools 33.0.2) and flashed patched boot.img (slot all) supplied here (big thank you to @Lycidias ) all went smooooth! Easy peasy, light and breazy 
Rooted Magsik 24.3 stable with new custom kernel. Thanks @Freak07 kirisakura kernel 3.0.0.
Rooted Magsik 24.3 stable with new custom kernel. Thanks @Freak07 kirisakura kernel 3.0.0.
Last edited:
I'm surprised (but glad) it works fine with the old Platform Tools (v33.0.1 is the latest, but is also a few months old).Just wanted to say, used Android flash tool (kept verity enabled / kept data / kept bootloader unlocked) rebooted, let phone finish android update, rebooted to fastboot (platform tools 30.0.2) and flashed patched boot.img (slot all) supplied here (big thank you to @Lycidias ) all went smooooth! Easy peasy, light and breazy
Last edited:
Oops. Typo fixed. platform-tools - link for windows (downloads v33.0.2.zip v33.0.2
I clicked on the windows download link, and it came up to save the file as 33.0.2*33.0.1
Maybe I'm just lucky Try it direct link . hover over the hyperlink and you can see the address.
Top Liked Posts
-
8
I don't know why, but it could be because of this: https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html
The time frame lines up, antirollback commit was implemented in the days after Google told the researcher they are developing a fix.
And it's pretty big, allowing the ex-filtration of the secret keys inside the Titan and doing arbitrary code execution right on the Titan, a complete permanent compromise of the device. This is probably why Google is trying to stop people from downgrading to Android 12. Understandable why this is the first time Google is doing this, someone can resell this permanently compromised device to anyone, or do this to someone's phone. It's too late though, any Tensor device not updated to Android 13 could be forever compromised, so really the security theater of Pixel devices has just been torn down. We'll see if the Pixel 7 or Titan M3 fares better. Previous Pixel phones do not implement these OTP bit checks inside their bootloaders so I believe they are never going to have to worry about being stopped from downgraded, although they are susceptible to compromise.
The average person should never brick their phone from this, the GrapheneOS tester only had this happen because they were testing GrapheneOS on Android 13 and were capable of flashing a borked ROM.
But yes if you're updating to Android 13 manually via fastboot just run
fastboot --slot all flash bootloader bootloader.imgfastboot --slot all flash radio radio.imgfastboot reboot bootloaderfastboot --slot all update image.zip- If using Magisk then use
fastboot --slot all --skip-reboot update image.zipand select reboot to bootloader in fastbootd once fastboot is done flashing to flash your patched Magisk boot image.
- If using Magisk then use
3
Yes, absolutely. In that case, I would also choose the Android Flash Tool's option to force flash all partitions, too.
Ha! I was writing before I finished reading. Yes.
Is there supposed to be another word in there, such as "safe"?
Like:is the upgrade safe from coming from custom os???
If that was your intended question, I have no idea from personal experience on the Pixel 6 Pro. Presumptively, yes, it's as safe as flashing stock from any custom OS I've ever used in the last 12 years has been. I don't definitively answer Yes to a scenario I haven't actually experienced myself unless it's brought up so often in the forum threads I visit that I know the answer without a doubt.
For what it's worth, I don't think the Android 13 bootloader not being able to be downgraded will have any effect on your process, since that's not what you're doing.
Hope that helps.3
Interesting. It sounds like this could potentially backdoor the new Play Integrity API as well because that relies on TEE and HKA.
Why not update both slots at the same time?fastboot update --skip-reboot --slot=all image-device-buildnumber.zip
I always get the messageWarning: slot set to 'all'. Secondary slots will not be flashed.however it does flash both slots...
3I've been following the android 13 upgrade postings and I'm surprised not more people know this.
If you add --force to fastboot update "fastboot --force update image-*" you can downgrade back to Android 12 as long as you wipe data.
I tried this as soon as I upgraded to 13 and yes you can downgrade down to Android 12 after upgrading with no noticable issues. The radio and every other image but the bootloader can be downgraded. But I only tried 003, 004 July images for oriole so I don't know about anything lower personally.3
If you have an unlocked bootloader, or at least have OEM unlocking enabled (in the second case, the site will unlock the bootloader for you). And you make sure the "Wipe" option gets unchecked.
Some people like me like to have a little more hands-on approach. -
9
You are correct.
I did:
Code:adb reboot bootloader fastboot flash bootloader bootloader-raven-slider-1.2-8739948.img fastboot reboot
And I'm booted into Android 12 still just fine. Below is the command prompt output:
Note to anyone, if after upgrading to 13 you want to downgrade to 12 using a full factory image's flash-all.bat, you'll at minimum have to either remove Android 12's bootloader flash line from the file, or replace it withfastboot flash bootloader bootloader-raven-slider-1.2-8739948.img(and have the right bootloader file in the same folder). Either should work fine.8
I don't know why, but it could be because of this: https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html
The time frame lines up, antirollback commit was implemented in the days after Google told the researcher they are developing a fix.
And it's pretty big, allowing the ex-filtration of the secret keys inside the Titan and doing arbitrary code execution right on the Titan, a complete permanent compromise of the device. This is probably why Google is trying to stop people from downgrading to Android 12. Understandable why this is the first time Google is doing this, someone can resell this permanently compromised device to anyone, or do this to someone's phone. It's too late though, any Tensor device not updated to Android 13 could be forever compromised, so really the security theater of Pixel devices has just been torn down. We'll see if the Pixel 7 or Titan M3 fares better. Previous Pixel phones do not implement these OTP bit checks inside their bootloaders so I believe they are never going to have to worry about being stopped from downgraded, although they are susceptible to compromise.
The average person should never brick their phone from this, the GrapheneOS tester only had this happen because they were testing GrapheneOS on Android 13 and were capable of flashing a borked ROM.
But yes if you're updating to Android 13 manually via fastboot just run
fastboot --slot all flash bootloader bootloader.imgfastboot --slot all flash radio radio.imgfastboot reboot bootloaderfastboot --slot all update image.zip- If using Magisk then use
fastboot --slot all --skip-reboot update image.zipand select reboot to bootloader in fastbootd once fastboot is done flashing to flash your patched Magisk boot image.
- If using Magisk then use
6
There actually is a physical object being destroyed. Yes, there isn't a typical fuse being blown, as a typical fuse blows and opens the circuit. Instead what is implemented is an antifuse. These are the opposite of fuses ("anti") and are normally open. When enough voltage is passed they blow closed, and they actually do blow, they use oxide-breakdown cells that physically break down when the voltage threshold is met. This is more favorable for integrated circuits as blocking flow is a 0 and flowing is a 1. Old terminology hangs around and still refers to these as a fuse, from IBM's technology they named "eFuses" even though they perform opposite of a fuse. The modern terminology is to call them One-Time Programmable memory, or OTP memory. Modern processors have plenty of these. I don't know how many OTP bits are included on Tensor, but another ARM SoC the Rockchip RK3399 has 2 kibibits worth of OTP.
You can read more about them in this PDF, page 31 chapter 6 section 3.
There are OTP cells being blown, inside boot_control it is invoking a system monitor call with what I think are called contexts or secure applications,SMC_CM_OTP_CONTROL (0xC2001014UL).
OTP_CONTROL being One-Time Programmable Control.
The other things being passed areCMD_W_ANTIRBK_NS_AP (0x7UL)andCMD_W_ANTIRBK_S_AP (0x9UL), which are the bits (7 and 9) being blown. I can only infer that the NS and S are for the normal world (NS) and secure world (S).
As for when/sys/kernel/boot_control/blow_aris being blown, it is blown insideBootControl::markBootSuccessful, which is what is setting both the fuse and writing to devinfo that the slot had booted successfully. I don't know when exactly a boot is successful, but it is being ran by a service after Android boots up enough to be considered a success.
What does it change and how does the bootloader use this? Well, we'll never know. We're not privileged enough to know this. The source code for the many (there's something like four) bootloaders are kept closed source. Anything below the kernel and device tree we just don't know. Given that there is a bricked Pixel 6 out there due to the bits being blown on A13 and the slot switched back to A12, it isn't just the Android bootloader checking this, it's below that in either the BL1 or BL2 boot firmware. This I assume lines up with the bits being blown for normal world and secure world, as BL1 operates in the secure world while the Android bootloader operates in the normal world.
What can we do about this? Really, nothing.6Android 13 looks to be OUT!
Factory Images for Nexus and Pixel Devices | Google Play services | Google Developers
developers.google.com
6Woah! Not August but two new July images here. (not saying that @spotmark isn't getting the August OTA)
-
58Android 13 is OUT!
My tiny, early, very mini-review of Android 13 is here.
NOTE that if you use the full factory image to flash, to be safe, you'll want to flash to your current slot, change slots, and then flash again to the new slot.
Thanks to @Lughnasadh for sharing the news about this, starting here.
Also see here for the reason this was done:
How to flash both slots using the full factory image BOTH SLOTS at the same time:
How to flash both slots using the full factory image ONE SLOT at a time:
Factory Images for Nexus and Pixel Devices | Google Play services | Google Developers
developers.google.com
Here there be dragons.
I am not responsible for anything at all. 
Check warranty status - *may* reveal if a phone is refurbished, only if the phone was refurbished through Google - thanks to @Alekos for making me aware of the site.
Official Google Pixel Update and Software Repair(reported as of January 23, 2022 to still not be updated for the Pixel 6/Pro yet)
Google's Help Page for Find problem apps by rebooting to safe mode - this can be a lifesaver and keep you from having to do a restore to 100% complete stock or even from having to do a factory reset. This will deactivate all Magisk modules, and they'll remain deactivated even after you boot normally after briefly booting to safe mode. You can reenable the Magisk modules as you wish to try to narrow down the problem if it was caused by a Magisk module. This can even get things working again after a Magisk Module wasn't finished installing and potentially causing a bootloop.
Official Google Pixel Install fingerprint calibration software (also available at the bottom of the Update and Software Repair page above) - I believe this is only helpful if you've replaced the screen
Official Google Android Flash Tool (OEM Unlocking needs to be toggled on - you may not have to manually unlock the bootloader - the "site" will do that on its own)
ADB/Fastboot, Windows Drivers, and unlocking the bootloader (thanks @sidhaarthm for confirming unlocking the bootloader works as intended, be sure to thank him in his post)
Rooting-related
No longer applies -Things that make rooting more complicated on Android 12
A list of the other important guides - be sure to thank the respective OPs
For all relevant guide threads just click the yellow "How To Guide" quick filter above the list of threads in the Pixel 6 Pro section.
- Here's the Magisk section of XDA's forums, for rooting. Magisk on GitHub. The most recent Magisk Stable is what's recommended these days.
- @sean222's thread Restore WiFi and Cellular Data in Quick Settings (Root Required)
- @rickysidhu_'s thread HBM (High Brightness Mode)
- @gururoop's thread Probable method to upgrade every month, without wiping data and retaining root
- @rickysidhu_'s thread Limit Charge
- @Typhus_' thread [MOD][MAGISK][ANDROID 12] Addon Features for Pixel Devices - Pixel 6 Pro Thread
- @siavash79's thread [MOD][Xposed+Magisk][Pre-Release] AOSP Mods - System modifications for AOSP-based Android 12+ - a mod that compliments @Typhus_' mod above, and may eventually completely replace it.
- @TotallyAnxious' thread [MOD] Collection of "Anxious" Modules for Pixel 6/Pro Series
- Every single one of @foobar66's posts.
TWRP (not made for the Pixel 6 Pro yet - will update when it has)
Custom kernels for stock ROM(s)
Factory Images (requires an unlocked bootloader)
Full OTA Images (doesn't require an unlocked bootloader)
The usefulness of having Verity and Verification enabled (now that it's not needed for root) - post #2 below.
Regarding P6P 5G model numbers and capabilities - post #3 below.
List of all Pixel monthly security bulletins and Play System Updates - post #4 below.
How I root and update (which is identical whether rooting the first time or updating):
15The unlock process works like this;
1) Take brand new fresh phone out of box. Do NOT put sim card in it, just power it on.
2) When it starts harassing you to join google, hit "skip" and "remind me tomorrow" as applicable until you reach home screen. YOU DO NOT need to plug in a google account.
3) Settings --> About --> Build number. Tap it until it says you're a developer.
4) Back --> Network --> Wifi and connect it.
5) Back --> System --> Developer --> OEM unlocking (check), USB debugging (check), plug in USB, authorize when requested.
6) # adb reboot-bootloader
7) # fastboot flashing unlock
Now that you've unlocked it, it has been wiped, so repeat 1-4, then disable all the google spyware, and go ahead and start using it while waiting for aosp and root.1513Just to let everyone know, updating to .037 and re-rooting (without wiping anything) worked with no problems. My method is to just replace -w with --disable-verity --disable-verification in the flash-all.bat file and run the flash-all command. I then let it reboot, patch the boot image, return to bootloader and flash the patched boot image.
Canary 23014
EDIT: Thank you @ipdev for confirming my inquiry that this method would work back on Nov. 4
11SDK Platform Tools have been updated to v32.0.0 (January 2022). Update now before you forget and flashing the February update on the 7th gives you hassles.
Direct download for Windows: https://dl.google.com/android/repository/platform-tools-latest-windows.zip
