How To Guide Android 13 is OUT! (August 15, 2022 - TP1A.220624.021) - Unlocking the Pixel 6 Pro bootloader & central repository of relevant links

Search This thread

elknetld2kil

Member
Nov 26, 2012
27
12
Hi, I'm having an issue, I did the update like I always do (the sideloading method) but when I went to flash the new patched image I made from the factory zip it bootloops. I ran the OTA update again and that time tried just booting the patched img file but it goes to boot but then reboots and goes back to the original unrooted image.

Am I missing something here? trying to see if I can do something else before I accidentally brick this device.
 

Nergal di Cuthah

Senior Member
Sep 20, 2013
1,794
870
Google Pixel 6 Pro
Hi, I'm having an issue, I did the update like I always do (the sideloading method) but when I went to flash the new patched image I made from the factory zip it bootloops. I ran the OTA update again and that time tried just booting the patched img file but it goes to boot but then reboots and goes back to the original unrooted image.

Am I missing something here? trying to see if I can do something else before I accidentally brick this device.
I had trouble with sideloading ota this update. Used the flasher tool, booted to system, patched the boot.img and fastboot flashed patched boot. Success. I wonder if something is off with the ota (i used the vzw one as i'm on vzw network)
 

hpower1

Senior Member
Jan 24, 2012
190
73
Not sure if this is new to July update, I didn't notice it in June or on Beta 3.3 but you now have the choice to keep the vibrate icon up all the time if you want it. I keep on vibrate and like to see it, so this is a welcome option to have.
 
  • Like
Reactions: roirraW "edor" ehT

Forsh

Senior Member
Jan 7, 2010
130
33
Hi everyone. I was wondering, does anyone know - does the A13 beta update roughly around the same time as the A12 stable? I.e. at the beginning on each month, and then throughout the month as necessary. While I'm here - I've found A13 to be very buggy and drain a lot of battery + have poor signal and dropped calls, for a couple months. It wasn't like this at first. I'm thinking of doing a factory reset on A13. Is there a guide for me to get my phone back to how it was before the reset as fast as possible? Anything I should do before the reset?

Thank you
 

roirraW "edor" ehT

Forum Moderator
Staff member
Hi everyone. I was wondering, does anyone know - does the A13 beta update roughly around the same time as the A12 stable? I.e. at the beginning on each month, and then throughout the month as necessary.

The first Beta 3 of Android 13 came out June 8th, which was a Wednesday. I don't really know if there is necessarily any typical release date of the Betas. 3.1 June 10th, 3.2 June 16th , and 3.3 on June 27th. Another source for this info.

Beta 4 is supposed to come out this month, and maybe someone knows when more precisely, but not me. :)

While I'm here - I've found A13 to be very buggy and drain a lot of battery + have poor signal and dropped calls, for a couple months. It wasn't like this at first. I'm thinking of doing a factory reset on A13. Is there a guide for me to get my phone back to how it was before the reset as fast as possible? Anything I should do before the reset?

Thank you

Mmmmm...no, I don't think there's really a guide for how to get it back as fast as possible.

My personal advice for it:
  1. I use Nova Launcher Prime, so I do backups anytime I change my home screen or app drawer/tabs setup, so widgets and app icons and other Nova-specific configurations are easier to restore.
  2. Go to Android Settings and use Settings' search box for Backup. Make sure that your Google account is set up to backup your apps (and app data for the apps that developers have configured to use Google's Backup API). Make sure things are backed up. Note, this doesn't backup the apps themselves, only the list of apps, so only applies to apps installed from the Play Store. As I said in parentheses, developers have to choose to integrate Google's Backup API into their app, and those apps only will get their app data backed up into Google's cloud.
  3. If you're rooted also, then you could use something like Swift Backup to backup to the cloud. I do so, although I still restore as much as possible through Google's backup, and I only restore through Swift on a case-by-case basis, as needed when I discover an app that's tough to set back up doesn't have it's data restored by Google.
  4. If you've used Google Photos to backup your photos to Google's cloud, then hit the button in Google Photos to free up space. This will automatically and only delete your local copies of photos and videos that it's already backed up.
  5. Once that ^ is done, look at your internal storage with your favorite File Manger and see if there's anything left that you want to back up manually, since a factory reset will wipe everything. Copy them to your computer or a flash drive.
  6. When you're just starting the out of the box setup after the reset, when it asks you if you want to use a cable to restore things from an old phone, choose No, and that will lead you to Google's cloud backup where you can choose to restore everything, or you can select what you want to restore.
  7. I think you can figure out the rest.
I've now added this to my guide thread since I went to the trouble of typing it out. :D
 
  • Like
Reactions: kkjb and Forsh

Forsh

Senior Member
Jan 7, 2010
130
33
The first Beta 3 of Android 13 came out June 8th, which was a Wednesday. I don't really know if there is necessarily any typical release date of the Betas. 3.1 June 10th, 3.2 June 16th , and 3.3 on June 27th. Another source for this info.

Beta 4 is supposed to come out this month, and maybe someone knows when more precisely, but not me. :)



Mmmmm...no, I don't think there's really a guide for how to get it back as fast as possible.

My personal advice for it:
  1. I use Nova Launcher Prime, so I do backups anytime I change my home screen or app drawer/tabs setup, so widgets and app icons and other Nova-specific configurations are easier to restore.
  2. Go to Android Settings and use Settings' search box for Backup. Make sure that your Google account is set up to backup your apps (and app data for the apps that developers have configured to use Google's Backup API). Make sure things are backed up. Note, this doesn't backup the apps themselves, only the list of apps, so only applies to apps installed from the Play Store. As I said in parentheses, developers have to choose to integrate Google's Backup API into their app, and those apps only will get their app data backed up into Google's cloud.
  3. If you're rooted also, then you could use something like Swift Backup to backup to the cloud. I do so, although I still restore as much as possible through Google's backup, and I only restore through Swift on a case-by-case basis, as needed when I discover an app that's tough to set back up doesn't have it's data restored by Google.
  4. If you've used Google Photos to backup your photos to Google's cloud, then hit the button in Google Photos to free up space. This will automatically and only delete your local copies of photos and videos that it's already backed up.
  5. Once that ^ is done, look at your internal storage with your favorite File Manger and see if there's anything left that you want to back up manually, since a factory reset will wipe everything. Copy them to your computer or a flash drive.
  6. When you're just starting the out of the box setup after the reset, when it asks you if you want to use a cable to restore things from an old phone, choose No, and that will lead you to Google's cloud backup where you can choose to restore everything, or you can select what you want to restore.
  7. I think you can figure out the rest.
I've now added this to my guide thread since I went to the trouble of typing it out. :D
You're the best!
 
  • Like
Reactions: roirraW "edor" ehT

stryver

Senior Member
Jun 28, 2012
548
507
OnePlus 9 Pro
Google Pixel 6 Pro
I don't understand why it's suddenly a problem, I always update and restore root no problem. This update somehow failed and lost my root access.

Screenshot_20220715-192208.png
 

roirraW "edor" ehT

Forum Moderator
Staff member
I don't understand why it's suddenly a problem, I always update and restore root no problem. This update somehow failed and lost my root access.

View attachment 5660355
We would need to know what method you use. An OTA method? It seems a third or a quarter of the time, OTA methods have problems.

I always flash the full factory image, then go back and flash the Magisk'd boot.img once everything non-root is working 100% after the update.
 
  • Like
Reactions: Nergal di Cuthah

roirraW "edor" ehT

Forum Moderator
Staff member
This may be posted elsewhere too but it's important enough. Time to deep-freeze archive Nova Launcher version 7 (and the Prime activator, and even the Nova Google Companion) APKs just in case!

I had talked to Kevin (at)teslacoil / developer of Nova possibly even before Nova was released - I don't remember. At the time I was using his WidgetLocker back on Android 2.1.


Nova Launcher joins Branch​

And Sesame Search too!​

July 19, 2022

NovaSesameBranch


Hello Nova Community, I’m Kevin Barry, the creator of Nova Launcher. I’ve made, make and will continue to make Nova Launcher. Today I’m announcing that Branch has acquired Nova Launcher, and hired myself and Cliff Wade (Nova Community Manager). Branch has also acquired Sesame Search and hired the Sesame Crew (Steve Blackwell and Phil Wall). I’ll continue to control the direction and development of Nova Launcher, and that direction is unchanged. Nova focuses on power users and customization. I will be adding some features powered by Branch, they’ll be optional like most features in Nova.

Who is Branch?​

Branch is a big name in app development circles, but it’s mostly behind the scenes for consumers. Branch’s primary business is providing a platform for app developers to manage and measure deep-links into their apps. For example when you click on a link in an email or on social media that opens into an app, it’s probably a Branch link. Branch has a huge database of over 300 billion deep links into apps.

Branch also sees the problems with app discovery and navigation and is setting out to solve these problems. They saw a lot they like in Nova (and Sesame) and want to leverage that to build even bigger products without disrupting what makes these apps great.

What is Sesame Search?​

Sesame Search is a shortcut and contacts search engine for Android. A few years ago Nova Launcher and Sesame cooperated to integrate Sesame results into Nova Search. Steve and Phil will continue to control the direction and development of Sesame.

What does Branch want with Nova?​

Not to mess it up, don’t worry! Research, development, expertise and feedback.

Research Branch is setting out to fix the mobile app discovery and navigation problem which is no easy task. It will take experimentation and testing to get there. Branch needs a test-bed where we can try things out and see if they work and how to improve them.

Development Branch builds, and excels at, platforms. But it’s hard to build a platform without building, or working closely with, a client of the platform. Similar to how Google needed the Nexus, or now Pixel, products to be able to build Android.

Expertise I’ve been building Nova Launcher for over a decade and know a lot about Android. But while I will be sharing my expertise and contributing to other areas at Branch, this isn’t a talent acquisition. My primary responsibility continues to be to Nova Launcher, in the same manner I’ve worked on it in the past.

Feedback We need to keep hearing from you! The Nova community is incredibly vocal and has provided tons of feedback over the years, more feedback than I’ve been able to act on. Branch is very eager to hear that feedback in the area of navigation and discovery and to get that kind of feedback on future ideas and implementations. Notice that monetization isn’t mentioned here. While Nova’s monetization ability played a role in the acquisition deal and Nova Launcher Prime won’t be going away, monetization of Nova Launcher is not something Branch is interested in changing. Nova stays Nova. There’s no desire from anyone to transform it into a mass market app with obnoxious IAP, subscriptions and ads.

What changes will we see?​

We’ve all read acquisition announcements saying nothing will change but they inevitably do. Though I don’t feel too much will materially change for Nova users, I want to make sure to cover what will. Nova Launcher has historically been just a one-time sale consumer product. I’ve tried over the years other things such as licensing to OEMs or rev-share for links, but those have just been small pieces. Now Nova Launcher is also a Research and Development project which means trading some of the burden of monetization for the burden of experimentation. I’ve always been very careful about how I release new features. By monetizing with a one time purchase, I heavily relied on press coverage of new features to attract new users. But this meant that the new features need to be stable and attractive enough for users to purchase Prime for. It also meant that I couldn’t release something pretty experimental, attract users to purchase it, and then completely overhaul it without upsetting them. Now things are flipped a bit. I don’t want to harm the stability of Nova Launcher, even its betas, but I’ll have more reason to release smaller things more frequently and make more changes in public releases rather than having a feature more completely designed before public release. Likewise, in the past I haven’t found the right balance of managing additional developers to work on Nova with me. This still doesn’t need to change, I can continue to be the sole developer of Nova itself. But I have been working with Steve Blackwell, of Sesame, on the new Branch search features in Nova Launcher and I’m hoping this is the right environment for Nova to benefit from development help. I’ve also generally avoided A/B testing, where some users see design A and others design B and analytics determine which design is adopted for all users. I likely will start doing some of this, but I’ll try to avoid making it distracting and continue to be respectful of users' customizations.

Finally, bigger scope in the area of search, discovery and navigation. I love Nova Search, it’s fast and attractive, the microresults save me a ton of time, and with Sesame it can navigate virtually your whole device. But it’s hard for indie apps to push this even further. It needs buy-in and relationships with other apps and bigger companies. Branch has and does that kind of thing.

We'll be releasing a Nova 8.0.2 beta APK soon with a peek at on-device shortcut and contact search powered by Branch. All searching and indexing takes place locally and does not leave your device.

BranchSearchCliff


What about analytics?​

Branch will want to measure usage of the Branch-inspired features in Nova. Nova Launcher already has basic analytics, with an opt-out. This will continue. There is a different priority in what to measure now and so we'll make some changes in that regard, but I’ve had a lot of internal discussions about privacy and analytics with various people at Branch and they are both responsive and respectful of user privacy and my concerns about doing the right thing for Nova Launcher users.

How did this come about?​

The beginning of this was really in 2018. I was working with Phil and Steve on the Nova+Sesame integration, but we hadn’t released or announced anything yet. Then while I was in town for Google I/O, I met Alex Austin, CEO of Branch. Alex explained his vision, including having app search show shortcut results. I amusedly expressed that I was essentially working on this idea with Sesame. We discussed a bit further by email and Alex also connected with Sesame. I didn’t end up going any further with Branch in 2018 but more recently Alex reached out again. They’ve had some success and were looking to grow it further. We discussed ways to work together a bit and Alex made an attractive acquisition offer. He did the same with Sesame. I’ve had a number of acquisition offers over the years. Generally it’s been easy enough to see why they would be bad fits. I’d sometimes look for reasons it could be okay, but the reasons would never be strong enough to be compelling. If a company like Google or Facebook bought Nova Launcher, Nova would ultimately cease to exist. If an OEM bought Nova, it’d get bogged down with boring OEM needs. If a small app startup bought or merged with Nova, they’d likely take it down with them. Branch is different. They respect Nova as it is and want to maintain that. They’re not a big company like a Google. They’re not a slow moving company like an OEM. Branch is quite successful in their area and has specific needs for a consumer launcher app that matches what Nova is. Alex continued to say the right things, he doesn’t want to change the branding, he doesn’t want to change the monetization. He wants me to continue to be in charge of the direction and decisions for Nova Launcher. I met with more of the team, I was impressed with them and it was clear that Alex had made it clear to them that I’d maintain control and direction. Also, it wasn’t just that they knew I’d continue to be protective and respectful of Nova users, it’s that they want that too. Naturally it was a very big decision and I still had a lot to think about. I was having an unrelated conversation with the Sesame devs when Branch came up. We spoke a bit subtly trying to respect our NDAs, but managed to work out that we could be working together again and take our initial work on app shortcut search and discovery to the next level. It all started to come together and look really positive. After more meetings, lots of back and forth between lawyers, and a last minute trip to Palo Alto, the acquisition closed and Nova Launcher, myself, and Cliff are officially part of Branch.

-Kevin Barry Creator of Nova Launcher

P.S.​

Cliff, Phil and I will be in Nova's Discord answering questions about the Branch acquisitions, Nova 8.0.2, or whatever. Other Branchsters may drop by as well. Branch is fielding formal press inquires at [email protected]

I also un-opted out of their Beta program and deselected both apps from auto-updating.
 
Last edited:
  • Like
Reactions: Lughnasadh

roirraW "edor" ehT

Forum Moderator
Staff member
I expressed my concerns on their Discord and they are being reassuring about it. I just hope they're being honest.

Thanks for sharing the information. I'll withhold judgment, but I'll also likely keep Nova from being updated give or take a year unless there's some overriding need to update due to new behavior or bugs when using it with future Android versions. It's a little paranoid, but I've never yet seen good come out of this. Sure, it makes me feel better Kevin and the other one are still in charge and involved, but in the end, they are now not their own bosses, so it may look good initially but we'll see how it does in practice.

I'm sure no one is lying. I'm sure Chainfire wasn't lying about what was expected from the company that bought SuperSU, and I know it was a different situation but we'll just see. I hope for the best but expect the worst.
 
That's good to hear. Thanks!
The pro version remains a video player only. Though in India, my understanding is the free version of mx player is now a streaming service. Idk if the Indian market gets access to the ad supported free app or pro app.

 
  • Like
Reactions: roirraW "edor" ehT

Top Liked Posts

  • 4
    Finally updated the OP with:
    How to flash both slots using the full factory image BOTH SLOTS at the same time
    I don't know why, but it could be because of this: https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html

    The time frame lines up, antirollback commit was implemented in the days after Google told the researcher they are developing a fix.

    And it's pretty big, allowing the ex-filtration of the secret keys inside the Titan and doing arbitrary code execution right on the Titan, a complete permanent compromise of the device. This is probably why Google is trying to stop people from downgrading to Android 12. Understandable why this is the first time Google is doing this, someone can resell this permanently compromised device to anyone, or do this to someone's phone. It's too late though, any Tensor device not updated to Android 13 could be forever compromised, so really the security theater of Pixel devices has just been torn down. We'll see if the Pixel 7 or Titan M3 fares better. Previous Pixel phones do not implement these OTP bit checks inside their bootloaders so I believe they are never going to have to worry about being stopped from downgraded, although they are susceptible to compromise.

    The average person should never brick their phone from this, the GrapheneOS tester only had this happen because they were testing GrapheneOS on Android 13 and were capable of flashing a borked ROM.
    But yes if you're updating to Android 13 manually via fastboot just run

    1. fastboot --slot all flash bootloader bootloader.img
    2. fastboot --slot all flash radio radio.img
    3. Reboot the phone
    4. fastboot --skip-reboot update image.zip
    5. Select reboot to bootloader from inside fastbootd
    6. fastboot --set-active=other
    7. fastboot update image.zip
    8. If using Magisk then add a --skip-reboot to then boot back into the bootloader to flash your patched image.

    It's either/or, you can do one slot at a time or both slots. There's nothing wrong with either way. You *may* be safer at least flashing the bootloader to both slots at the same time, at least. I did one slot at a time with no problems. The first slot Monday, then the second slot Tuesday.
    4
    For those who are wondering if we should or should not be worried, or how worried we should or should not be, here's a response from the Graphene dev who first tweeted about his colleague bricking his device due to the new ARB, for what it's worth...

    So yes, at the minimum flash the A13 bootloader to both slots. May even want to flash all of A13 to both slots since we still are not certain what the outcome would be if the device reverted to a slot with the A13 bootloader and A12 everything else, since to my knowledge no one has tested that yet (being on A13 and flashing back to A12 with the A13 bootloader).

    Follow up, again, for what it's worth...

    4
    Did you try just flashing the patched image to 1 slot instead of both at the same time?
    I crossed my fingers, Knocked on wood, rubbed my lucky rabbits foot and fired up my computer
    - Booted the bootloader
    - Connected the computer and phone
    - Opened a command prompt
    - fastboot flash boot magisk_patched...img
    - Pressed the enter key
    - Took a deep breath, wiped the sweat from my forehead and pressed the pwr button on my phone.
    - After, a few seconds had passed, I noticed there was no smoke coming from it, I looked at the screen.
    - It had booted up and was rooted. :) :) :)
    - I put the Flash Tool on hold untill the next crisis.

    To all the XDA members and Staff that helped
    get my problem resolved. (y)(y)(y)

    Thank you!
    4
    I've been following the android 13 upgrade postings and I'm surprised not more people know this.
    If you add --force to fastboot update "fastboot --force update image-*" you can downgrade back to Android 12 as long as you wipe data.
    I tried this as soon as I upgraded to 13 and yes you can downgrade down to Android 12 after upgrading with no noticable issues. The radio and every other image but the bootloader can be downgraded. But I only tried 003, 004 July images for oriole so I don't know about anything lower personally.
    3
    Hmm. Get a screenshot of the Magisk log when you patch the boot image and post it here, the Magisk gurus such as @pndwal and @ipdev can probably be more help
  • 9
    I think this just means you won't be able to downgrade the bootloader itself. Don't take my word for it but I suspect that one could still run older versions on the new bootloader.

    To test this, just download the factory zip and update the bootloader only.
    You are correct.

    I did:

    Code:
    adb reboot bootloader
    fastboot flash bootloader bootloader-raven-slider-1.2-8739948.img
    fastboot reboot

    And I'm booted into Android 12 still just fine. Below is the command prompt output:
    S:\platform-tools>adb reboot bootloader
    * daemon not running; starting now at tcp:5037
    * daemon started successfully

    S:\platform-tools>fastboot flash bootloader bootloader-raven-slider-1.2-8739948.img
    Sending 'bootloader_b' (11554 KB) OKAY [ 0.047s]
    Writing 'bootloader_b' (bootloader) Flashing pack version slider-1.2-8739948
    (bootloader) flashing platform gs101
    (bootloader) Validating partition ufs
    (bootloader) Validating partition ufs
    (bootloader) Validating partition partition:0
    (bootloader) Validating partition partition:1
    (bootloader) Validating partition partition:2
    (bootloader) Validating partition partition:3
    (bootloader) Validating partition bl1_b
    (bootloader) Validating partition pbl_b
    (bootloader) Validating partition bl2_b
    (bootloader) Validating partition abl_b
    (bootloader) Validating partition bl31_b
    (bootloader) Validating partition tzsw_b
    (bootloader) Validating partition gsa_b
    (bootloader) Validating partition ldfw_b
    (bootloader) Flashing partition ufs
    (bootloader) Flashing partition ufs
    (bootloader) Flashing partition partition:0
    (bootloader) Flashing partition partition:1
    (bootloader) Flashing partition partition:2
    (bootloader) Flashing partition partition:3
    (bootloader) Flashing partition bl1_b
    (bootloader) Flashing partition pbl_b
    (bootloader) Flashing partition bl2_b
    (bootloader) Flashing partition abl_b
    (bootloader) Flashing partition bl31_b
    (bootloader) Flashing partition tzsw_b
    (bootloader) Flashing partition gsa_b
    (bootloader) Flashing partition ldfw_b
    (bootloader) Loading sideload ufsfwupdate
    OKAY [ 2.766s]
    Finished. Total time: 2.825s

    S:\platform-tools>fastboot reboot
    Rebooting OKAY [ 0.001s]
    Finished. Total time: 0.002s

    S:\platform-tools>

    Note to anyone, if after upgrading to 13 you want to downgrade to 12 using a full factory image's flash-all.bat, you'll at minimum have to either remove Android 12's bootloader flash line from the file, or replace it with fastboot flash bootloader bootloader-raven-slider-1.2-8739948.img (and have the right bootloader file in the same folder). Either should work fine.
    8
    Thanks for the detailed explanation. I wonder why this is the first time we are hearing of the e-fuse? It also makes one wonder why Google is taking such permanent measures, given their generally open attitude towards developers on Pixel/Nexus devices...like, who cares if someone was able to downgrade?

    As far as what it does and what it changes, it sounds like this is something we'll have to find out for ourselves unfortunately. But for the time being I would think it's safe to say that everyone updating should flash the A13 bootloader to both slots just to be safe in case of a alternate slot bootloop.
    I don't know why, but it could be because of this: https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html

    The time frame lines up, antirollback commit was implemented in the days after Google told the researcher they are developing a fix.

    And it's pretty big, allowing the ex-filtration of the secret keys inside the Titan and doing arbitrary code execution right on the Titan, a complete permanent compromise of the device. This is probably why Google is trying to stop people from downgrading to Android 12. Understandable why this is the first time Google is doing this, someone can resell this permanently compromised device to anyone, or do this to someone's phone. It's too late though, any Tensor device not updated to Android 13 could be forever compromised, so really the security theater of Pixel devices has just been torn down. We'll see if the Pixel 7 or Titan M3 fares better. Previous Pixel phones do not implement these OTP bit checks inside their bootloaders so I believe they are never going to have to worry about being stopped from downgraded, although they are susceptible to compromise.

    The average person should never brick their phone from this, the GrapheneOS tester only had this happen because they were testing GrapheneOS on Android 13 and were capable of flashing a borked ROM.
    But yes if you're updating to Android 13 manually via fastboot just run

    1. fastboot --slot all flash bootloader bootloader.img
    2. fastboot --slot all flash radio radio.img
    3. fastboot reboot bootloader
    4. fastboot --slot all update image.zip
      1. If using Magisk then use fastboot --slot all --skip-reboot update image.zip and select reboot to bootloader in fastbootd once fastboot is done flashing to flash your patched Magisk boot image.
    If you are already on Android 13 then just perform steps 1-2-3.
    6
    I guess I'm splitting hairs then, because there's still no physical fuse that gets physically destroyed...but what you described has the same effect, permanently writing a 1.

    Question is, when exactly is blow_ar called? What does this change/how is it used? Does this simply mean the bootloader will reject older bootloader images, or that it will reject all images older than the bootloader date?
    There actually is a physical object being destroyed. Yes, there isn't a typical fuse being blown, as a typical fuse blows and opens the circuit. Instead what is implemented is an antifuse. These are the opposite of fuses ("anti") and are normally open. When enough voltage is passed they blow closed, and they actually do blow, they use oxide-breakdown cells that physically break down when the voltage threshold is met. This is more favorable for integrated circuits as blocking flow is a 0 and flowing is a 1. Old terminology hangs around and still refers to these as a fuse, from IBM's technology they named "eFuses" even though they perform opposite of a fuse. The modern terminology is to call them One-Time Programmable memory, or OTP memory. Modern processors have plenty of these. I don't know how many OTP bits are included on Tensor, but another ARM SoC the Rockchip RK3399 has 2 kibibits worth of OTP.

    You can read more about them in this PDF, page 31 chapter 6 section 3.

    There are OTP cells being blown, inside boot_control it is invoking a system monitor call with what I think are called contexts or secure applications, SMC_CM_OTP_CONTROL (0xC2001014UL).
    OTP_CONTROL being One-Time Programmable Control.
    The other things being passed are CMD_W_ANTIRBK_NS_AP (0x7UL) and CMD_W_ANTIRBK_S_AP (0x9UL), which are the bits (7 and 9) being blown. I can only infer that the NS and S are for the normal world (NS) and secure world (S).

    As for when /sys/kernel/boot_control/blow_ar is being blown, it is blown inside BootControl::markBootSuccessful, which is what is setting both the fuse and writing to devinfo that the slot had booted successfully. I don't know when exactly a boot is successful, but it is being ran by a service after Android boots up enough to be considered a success.

    What does it change and how does the bootloader use this? Well, we'll never know. We're not privileged enough to know this. The source code for the many (there's something like four) bootloaders are kept closed source. Anything below the kernel and device tree we just don't know. Given that there is a bricked Pixel 6 out there due to the bits being blown on A13 and the slot switched back to A12, it isn't just the Android bootloader checking this, it's below that in either the BL1 or BL2 boot firmware. This I assume lines up with the bits being blown for normal world and secure world, as BL1 operates in the secure world while the Android bootloader operates in the normal world.

    What can we do about this? Really, nothing.
    6
    Android 13 looks to be OUT!

    13.0.0 (TP1A.220624.021, Aug 2022)FlashLinkd8ddfdca3af0b97b3b99460afdab3cf95a741f988dccd5122564c855a64baa36
    6
    Woah! Not August but two new July images here. (not saying that @spotmark isn't getting the August OTA)

    12.1.0 (SQ3A.220705.003.A3, Jul 2022, Verizon, Verizon MVNOs)FlashLink5651ee94a61222e2c03ca55b76f4aa452c5eed9e43ad8aabb7060739177e1689
    12.1.0 (SQ3A.220705.004.A1, Jul 2022, Softbank)FlashLink6b60f5a6401b35c635408494b54323825a8bcf5c85384a7cc2c241849a2d7413
  • 58
    Android 13 is OUT!

    My tiny, early, very mini-review of Android 13 is here.

    NOTE that if you use the full factory image to flash, to be safe, you'll want to flash to your current slot, change slots, and then flash again to the new slot.
    Thanks to @Lughnasadh for sharing the news about this, starting here.

    Also see here for the reason this was done:



    I've been following the android 13 upgrade postings and I'm surprised not more people know this.
    If you add --force to fastboot update "fastboot --force update image-*" you can downgrade back to Android 12 as long as you wipe data.
    I tried this as soon as I upgraded to 13 and yes you can downgrade down to Android 12 after upgrading with no noticable issues. The radio and every other image but the bootloader can be downgraded. But I only tried 003, 004 July images for oriole so I don't know about anything lower personally.

    How to flash both slots using the full factory image BOTH SLOTS at the same time:
    I don't know why, but it could be because of this: https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html

    The time frame lines up, antirollback commit was implemented in the days after Google told the researcher they are developing a fix.

    And it's pretty big, allowing the ex-filtration of the secret keys inside the Titan and doing arbitrary code execution right on the Titan, a complete permanent compromise of the device. This is probably why Google is trying to stop people from downgrading to Android 12. Understandable why this is the first time Google is doing this, someone can resell this permanently compromised device to anyone, or do this to someone's phone. It's too late though, any Tensor device not updated to Android 13 could be forever compromised, so really the security theater of Pixel devices has just been torn down. We'll see if the Pixel 7 or Titan M3 fares better. Previous Pixel phones do not implement these OTP bit checks inside their bootloaders so I believe they are never going to have to worry about being stopped from downgraded, although they are susceptible to compromise.

    The average person should never brick their phone from this, the GrapheneOS tester only had this happen because they were testing GrapheneOS on Android 13 and were capable of flashing a borked ROM.
    But yes if you're updating to Android 13 manually via fastboot just run

    1. fastboot --slot all flash bootloader bootloader.img
    2. fastboot --slot all flash radio radio.img
    3. fastboot reboot bootloader
    4. fastboot --slot all update image.zip
      1. If using Magisk then use fastboot --slot all --skip-reboot update image.zip and select reboot to bootloader in fastbootd once fastboot is done flashing to flash your patched Magisk boot image.
    If you are already on Android 13 then just perform steps 1-2-3.

    How to flash both slots using the full factory image ONE SLOT at a time:
    I use the full Pixel 6 Pro Factory Image to update each month. Use the same official latest ADB/Fastboot (SDK Platform Tools) you normally use. Edit the flash-all.bat (if on Windows - if on something else, edit the appropriate flash-all script file) and remove the "-w" and re-save it. If you want to keep the flash-all.bat from rebooting automatically after the update so that you can change slots and flash again, add fastboot --skip-reboot in the flash-all.bat after the fastboot update image-raven-xyNz.YYMMDD.BBB.zip line. Thanks, @Homeboy76 and @Lughnasadh!

    Re-open the script file and confirm that you saved it with the "-w" removed, so it doesn't wipe your device.

    From running Android:
    Code:
    adb reboot bootloader
    (Let it reboot into Fastboot mode.  Make note of which active slot is listed on the Fastboot screen, third item from the bottom.)
    
    flash-all.bat
    (WITH "-w" removed.  Let it flash everything, will take several minutes.)
    
    Let it boot up (and check the notifications for the update process to finish while Android is running)
    
    adb reboot bootloader
    
    On the Fastboot screen, change to the opposite slot with either:
    
    fastboot --set-active=a
    (If you're on slot b)
    
    OR
    
    fastboot --set-active=b
    (If you're on slot a)
    
    OR
    
    [QUOTE="Homeboy76, post: 87298957, member: 4810220"]
    I think you may want to use
    [ICODE] fastboot --set-active=other[/ICODE]
    it lowers the mistake threshold.
    [/QUOTE]
    
    flash-all.bat
    (again)

    13.0.0 (TP1A.220624.021, Aug 2022)FlashLinkd8ddfdca3af0b97b3b99460afdab3cf95a741f988dccd5122564c855a64baa36

    Note that this is mainly for the officially listed "Unlocked" Pixel 6 Pro, available directly from the Google Store. All of this will also apply to any other (carrier-specific) variant of the Pixel 6 Pro which you can achieve an unlocked bootloader on. This includes T-Mobile and AT&T variants. It's likely Verizon variants will never be able to unlock their bootloader, or if so it will require paying the right person to do so.

    Feel free to ask about general questions, but for anything that's specific to your variant, you should use one of the other already existing threads. You'll find Verizon, AT&T, and T-Mobile-related threads in those respective search results.

    Here there be dragons. 🐉 I am not responsible for anything at all. 😹

    Unlocking or locking the bootloader will wipe the device every single time, so be sure to have your data backed up before doing so, or better yet, just unlock it as soon as you get the device.


    Keep in mind that unlocking the bootloader or rooting might affect your phone's capability to use banking apps such as Google Pay, your local bank's app, or even the ability to install some apps like NetFlix. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12

    If you're going to re-lock the bootloader, make sure the ROM you have on your phone is completely stock (by flashing the latest official firmware) BEFORE re-locking it.

    There are no negative consequences if you unlock or re-lock the bootloader other than it will wipe your phone, and while unlocked you get a brief screen when you boot the phone telling you (and anyone who sees your phone at the time) that the bootloader is unlocked. You will also continue to receive updates (if you've merely unlocked the bootloader, you can take updates as normal) unlike Samsung, Sony, et cetera, which have permanent major consequences with reduced functionality even if you un-root and re-lock your bootloader. If you're actually rooted (not just bootloader unlocked), you'll have to perform extra steps to manually update each month, and to keep root/re-root.


    All posts about Google Pay or banking will be reported to be deleted. Please keep this thread on-topic. There are at least one or two other How To Guide threads in this section in which folks discuss how to get around banking app restrictions when you're rooted or just have an unlocked bootloader. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12
    If users persist in discussing banking apps in this thread, I will have this thread locked and only update this first post when there is new and updated information regarding the subjects of the title of the thread: Unlocking the Pixel 6 Pro bootloader, rooting, and TWRP. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12

    Honorable mention to @Jawomo's aodNotify - Notification Light / LED for Pixel 6 Pro! (XDA link) / Notification light / LED for Pixel - aodNotify (Play Store link), which in my opinion restores useful functionality missing in most phones these days. It also solves some subjective issues some folks have with AOD (Always On Display), and/or solves/works around the problem where AOD is required for the optical fingerprint reader to work without the screen being on.​


    Check warranty status - *may* reveal if a phone is refurbished, only if the phone was refurbished through Google - thanks to @Alekos for making me aware of the site.
    Official Google Pixel Update and Software Repair (reported as of January 23, 2022 to still not be updated for the Pixel 6/Pro yet)

    Google's Help Page for Find problem apps by rebooting to safe mode - this can be a lifesaver and keep you from having to do a restore to 100% complete stock or even from having to do a factory reset. This will deactivate all Magisk modules, and they'll remain deactivated even after you boot normally after briefly booting to safe mode. You can reenable the Magisk modules as you wish to try to narrow down the problem if it was caused by a Magisk module. This can even get things working again after a Magisk Module wasn't finished installing and potentially causing a bootloop.

    Official Google Pixel Install fingerprint calibration software (also available at the bottom of the Update and Software Repair page above) - I believe this is only helpful if you've replaced the screen
    Official Google Android Flash Tool (OEM Unlocking needs to be toggled on - you may not have to manually unlock the bootloader - the "site" will do that on its own)
    OEM unlocking in developer options needs to be toggled on. I don't "believe" you have to actually do the "fastboot flashing unlock" command.

    ADB/Fastboot, Windows Drivers, and unlocking the bootloader (thanks @sidhaarthm for confirming unlocking the bootloader works as intended, be sure to thank him in his post)
    • You'll need this if you're going to unlock the bootloader on your Pixel 6 Pro: SDK Platform Tools (download links for Windows, Mac, and Linux). Note that you can find links to download the tools elsewhere, but I wouldn't trust them - you never know if they've been modified. Even if the person providing the link didn't do anything intentionally, the tools could be modified without them being aware. Why take a chance of putting your phone security further at risk?
    • For Windows, get Google's drivers here Get the Google USB Driver (ADB will likely work while the phone is fully booted, but if you're like me, you'll need these drivers for after you "adb reboot-bootloader", to be able to use ADB and Fastboot.
    • Thanks to @96carboard for posting the details of unlocking the bootloader, be sure to thank him in his post. Unlocking or locking the bootloader will wipe the device every single time, so be sure to have your data backed up before doing so, or better yet, just unlock it as soon as you get the device. Keep in mind that unlocking the bootloader or rooting might affect your phone's capability to use banking apps such as Google Pay, or your local bank's app. If you're going to re-lock the bootloader, make sure the ROM you have on your phone is completely stock (by flashing the latest official firmware) BEFORE re-locking it. My experience on my Pixel 1 was that there were no negative consequences if you unlock or re-lock the bootloader other than it will wipe your phone, and while unlocked you get a brief screen when you boot the phone telling you (and anyone who sees your phone at the time) that the bootloader is unlocked. All of this should still be the case. You will also continue to receive updates. Unlike Samsung, Sony, et cetera, which have major consequences with reduced functionality even if you un-root and re-lock your bootloader. If you're actually rooted (not just bootloader unlocked), you'll have to perform extra steps to keep root/re-root.:


      The unlock process works like this:

      1) Take brand new fresh phone out of box. Do NOT put sim card in it, just power it on (you can put a SIM card if you want, you just don't have to).
      2) When it starts harassing you to join Google, hit "skip" and "remind me tomorrow" as applicable until you reach home screen. YOU DO NOT need to plug in a google account.
      3) Settings --> About --> Build number. Repeatedly tap it until it says you're a developer.
      4) Back --> Network --> WiFi and connect it.
      5) Back --> System --> Developer --> OEM unlocking (check), USB debugging (check), plug in USB, authorize on the phone when requested.

      Using the Platform Tools previously mentioned in command line/terminal:
      6) #
      Code:
      adb reboot-bootloader
      7) #
      Code:
      fastboot flashing unlock

      Now that you've unlocked it, it has been wiped, so repeat 1-4, then disable all the google spyware, and go ahead and start using it while waiting for aosp and root.

      Official Instructions for Locking/Unlocking the Bootloader
    Personally, I would always use the official drivers Google provides unless they just don't work for whatever reason: Get the Google USB Driver (this is for Windows). They work for me. They are rarely updated, but they are every once in a great while, sometimes years in-between.
    I agree with this. be careful using drivers or adb/fastboot tools. Some are fine, but there's no need for it really anymore. Google has made it very easy to install drivers and Platform-Tools (adb/fastboot tool).

    Google provides the Fastboot/ADB tool (Platform-Tools) and Google USB Drivers (adb/fastboot interface). This will allow any Pixel to interface with Windows using the fastboot/adb protocol. Official Google USB Driver includes support for both the Fastboot and ADB driver interface. There are 3 main drivers (Fastboot, ADB and MTP/Portable File Transfer). The MTP/Portable File Transfer driver is built-in to Windows 7-11.

    Fastboot/ADB Driver Interface - Official Download Link:
    When flashing a full image or unlocking your bootloader, the fastboot interface is being used.

    First Download official Google USB Drivers (it's a zip file). Extract the zip (important!). Right-click on the android_winusb.inf file and hit install. You can then restart your phone to the Bootloader Screen (hold vol-down while it restarts or turns on). When you plug in your phone, Windows Device Manager will show a new device at the top: Android Device: Android Bootloader Interface.

    Using the ADB interface: It's the same driver. Enable USB Debugging on your phone, then plug it in to your computer. A prompt will appear on your phone (to allow USB Debugging). The driver in Device Manager will appear as Android Device: Android Composite ADB interface.

    Now you can download and use Platform-Tools to flash an Android Image, OTA or run adb/fastboot commands.
    Official Download Page
    "Android SDK Platform-Tools is a component for the Android SDK. It includes tools that interface with the Android platform, such as adb, fastboot, and systrace"

    It's best to make Platform-Tools available system-wide. Download Platform-Tools from the above link and extract it to your C:\ drive - that way you will have a folder to add to the PATH Environment under Window System Properties Menu, Advanced, Environment Variables, System Variables, PATH (google how to do this, very easy). What this does is allow adb/fastboot commands to be run from anywhere in the system, so you don't have to be in the platform-tools folder to run adb/fastboot commands and flash an Android Image (Official or Android Fork such as ProtonAOSP).

    Rooting-related


    No longer applies - Things that make rooting more complicated on Android 12
    @V0latyle posted a new thread with some very important and fascinating information about the increased difficulty to root Android 12: Read this before rooting. Be sure to thank him there.

    A list of the other important guides - be sure to thank the respective OPs
    For all relevant guide threads just click the yellow "How To Guide" quick filter above the list of threads in the Pixel 6 Pro section.


    TWRP (not made for the Pixel 6 Pro yet - will update when it has)
    I would guess that this should be the appropriate URL for official TWRP custom recovery for the Pixel 6 Pro, but who knows when/if that will actually be made available, and it may become available unofficially in these forum sections before being made official. I'll adjust this URL as needed. https://twrp.me/google/googlepixel6pro.html.

    Custom kernels for stock ROM(s)

    Factory Images (requires an unlocked bootloader)
    It's also handy to have to the full official firmware available, whether it's to recovery from accidents or for actual development. Note the official link to the general Factory Images for Nexus and Pixel Devices page. The following link goes directly to the Pixel 6 Pro (Raven) section: Pixel 6 Pro Factory Images. I prefer to actually bookmark a link to the device listed immediately below the device I want the firmware for, because Google dumbly (in my opinion) puts the latest firmware at the bottom of the list for each particular device, and that ends up making you scroll a lot after a year or two of monthly updates.

    Note: You can still get the December 2021 Factory Images and OTA from this thread, if you need them for any reason: Alternate links to December - all full factory images and OTAs available

    Full OTA Images (doesn't require an unlocked bootloader)

    The usefulness of having Verity and Verification enabled (now that it's not needed for root) - post #2 below.

    Regarding P6P 5G model numbers and capabilities - post #3 below.

    List of all Pixel monthly security bulletins and Play System Updates - post #4 below.

    How I root and update (which is identical whether rooting the first time or updating):
    • Use the latest Magisk Stable (in my case, I keep the app "hidden" / renamed)
    • Used the full firmware zip, extracted to the same folder as the latest Platform Tools (S:\platform-tools)
    • Extracted the new boot.img
    • Copied new boot.img to the phone
    • Patched the new boot.img with Magisk Stable
    • Renamed Magisk'd boot.img so I know what version of firmware it's for
    • Copied the Magisk'd boot.img back to the computer
    • Disabled all my Magisk Modules
    • Removed the "-w " from the flash-all.bat
    • Re-edited the flash-all.bat to verify I saved it with the "-w " taken out
    • Open a Command Prompt, navigated to S:\platform-tools
    • adb reboot bootloader
    • flash-all.bat
    • Let phone boot, unlock it, check that it's working, allow the update process to finish (gave it five minutes or so)
    • adb reboot bootloader
    • fastboot flash boot kernel.img (renamed Magisk'd boot.img)
    • fastboot reboot
    • Unlock, check everything's working
    • Re-enabled the most basic Magisk Modules which I was sure wouldn't cause a critical issue
    • Reboot, unlock, made sure everything's working
    Back to modding!

    I may append these first four posts with further useful information or links as needed.
    15
    The unlock process works like this;

    1) Take brand new fresh phone out of box. Do NOT put sim card in it, just power it on.
    2) When it starts harassing you to join google, hit "skip" and "remind me tomorrow" as applicable until you reach home screen. YOU DO NOT need to plug in a google account.
    3) Settings --> About --> Build number. Tap it until it says you're a developer.
    4) Back --> Network --> Wifi and connect it.
    5) Back --> System --> Developer --> OEM unlocking (check), USB debugging (check), plug in USB, authorize when requested.
    6) # adb reboot-bootloader
    7) # fastboot flashing unlock

    Now that you've unlocked it, it has been wiped, so repeat 1-4, then disable all the google spyware, and go ahead and start using it while waiting for aosp and root.
    15
    SDK Platform Tools updated to v33.0.1 (March 2022):

    33.0.1 (March 2022)​

    • adb
      • Fixes Windows mdns crashes.
      • Fixes enable-verity/disable-verity on old devices.
      • Fixes "install multiple" on old devices
      • Improves the help output to include all supported compression methods.
    13
    Just to let everyone know, updating to .037 and re-rooting (without wiping anything) worked with no problems. My method is to just replace -w with --disable-verity --disable-verification in the flash-all.bat file and run the flash-all command. I then let it reboot, patch the boot image, return to bootloader and flash the patched boot image.

    Canary 23014

    EDIT: Thank you @ipdev for confirming my inquiry that this method would work back on Nov. 4 👍
    11
    SDK Platform Tools have been updated to v32.0.0 (January 2022). Update now before you forget and flashing the February update on the 7th gives you hassles. :)

    Direct download for Windows: https://dl.google.com/android/repository/platform-tools-latest-windows.zip

    Revisions​

    32.0.0 (January 2022)​

    • adb
      • Fixed adb w/o args SEGV regression.
    • fastboot
      • Reinstated recovery execution from b/158156979 (removal of preprocessor guards for root/secure).