How To Guide [CLOSED] Firmware is out! Get your root on!

Not open for further replies.
Search This thread


Senior Member
Aug 29, 2020
OnePlus 6T
Google Pixel 6
A lot of people don't know what vbmeta is, or why it is an important factor.

vbmeta is a partition on your device that contains metadata used by Android Verified Boot. On Pixel 6, even if you have your bootloader unlocked, you have to flash vbmeta with the disable flags, or it won't boot with a patched boot partition.

For more info on verified boot, see here and here.

The guide you linked to pretty soon comes up with some obscure looking commands for the average eye.

Most of commands you run come directly from Google's own Flashing Instructions or from within the flash-all script referenced within them.

The high level steps of the initial root process and the reasons for those steps are:

1. Enable bootloader unlocking in developer options, so you can unlock your bootloader.
2. Unlock your bootloader by running the fastboot command for it for your device, so you can flash your own images. Doing so will wipe your data.
3a. Patch the boot image for your version in the Magisk app, then flash it to your device, which is what actually gives you root.
3b. Flash the vbmeta image for your version with disable flags, for the reasons noted above. Doing so will wipe your data, but only the first time (unless you forget the disable flags in future flashes).

Note: I have zero experience using Android Flash Tool, so I have no idea if using that affects any of the above.

For upgrades, you'll perform the upgrade itself and a repeat of both parts of step 3.

If you're missing a specific piece of information, just ask. Someone will likely answer, and V0latyle may even update the guide, if they think something needs clarification. I've see it done several times already.

P.S. I missed the first time through that you were looking for initial root instructions, in addition to the upgrade instruction. I'm sure you saw them, since you were replying to this thread, but the OP has sections for both initially rooting and later upgrading.

Since magisk 23013 is merged, do we still need to use the canary version or stable build will do the task?
Can you elaborate what you mean by "magisk 23013 is merged"?
Last edited:


Dec 28, 2012
I'm getting a "fastboot: unknown option -- disable-verity" when trying to disable verity, any ideas why? bootloader is unlocked

edit: i put vbmeta and opened CMD from platform tools and it works :)
edit2: somehow even though it said finished, i cant load into android, weirddd
Last edited:


Senior Member
Last edited:
  • Like
Reactions: sic0048


Senior Member
Jul 30, 2012
Google Pixel 5
Google Pixel 6
It would be cool to point me to the latest drivers because it seems to me to have done it but it still does not work It would be cool to point me to the latest drivers because it seems to me to have done it but it still does not work
A simple search,,, and here it is,,
  • Like
Reactions: sic0048


Dec 28, 2012
So I did the command "fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img" and i get this:

Rewriting vbmeta struct at offset: 0
Sending 'vbmeta_b' (8 KB) OKAY [ 0.000s]
Writing 'vbmeta_b' OKAY [ 0.031s]
Finished. Total time: 0.031s

But it's not asking me to factory wipe at this point? And doesn't seem like anything happened on the phone

edit: i also tried a different command at same time: "fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img" and booted into device, i think it's working?

edit: finally got root working, i think the hardest part was finding a cable that worked, both my oneplus phone red cables barely worked, switched to a xiaomi cable and worked fine on fastboot
Last edited:


Senior Member
Oct 29, 2013
safetynet-fix v2.2.0, which supports Zygisk, has been released
Thanks a lot !
I followed the steps in this thread :
now the phone is shown as "certified" by play store.
I still can't find the Revolut application in play store.
I don't know what is the reason for that.
Edit: after some time (without additional operations), I tried sarching again Revolut and it's been displayed in the play store. I've been able to install it, select it in the deny list and it is working fine.
Last edited:
  • Like
Reactions: IdroogI


Senior Member
A simple search,,, and here it is,,
Well, i did that it just creates a broken driver with a question mark and it still doesn't work.. maybe it's because I'm on Windows
Try to manually install the driver in device settings, install as a legacy driver.
Windows 10,11, it does not matter.
Okay after tried everything on Linux, Windows, Mac and several usb-c cables from Sony, Huawei & OnePlus etc... Guess what ? The only cable that allowed me to run fastboot successfully was with a 10 centimeter cable supplied with a cheap SSD from China, can someone explain that ? 😐😐😐
Last edited:
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 24
    Update 12/15/21: Magisk 23016 incorporates fixes for vbmeta header patching; disabling verity/verification is no longer necessary. Update and root should work as it always has - simply patch and flash the boot image.

    Any update method can be used. If you've already disabled verity/verification, simply don't worry about it at next update; no need to re-enable.

    I am closing this thread.

    On Android 12, boot verification must be disabled in order to run a patched boot image. Unfortunately, if you have never disabled it before, it will require you to wipe data. To be clear:
    However, if you don't want to lose your data, you can "live boot" the patched image as long as /vbmeta and /boot are stock. This will allow you to use temporary root. DO NOT attempt to Direct Install Magisk to the boot image.

    For subsequent updates, it is imperative that you do not allow the device to boot into system before you have disabled Verified Boot.

    What this means: If you sideload the OTA, IMMEDIATELY reboot to bootloader and reflash /vbmeta with --disable-verity and --disable-verification. If you dirty flash the factory image, make sure you add these two switches to the command.

    If you fail to do this, and allow the device to boot into system, you WILL have to wipe data to disable it again.


    Factory Images

    OTA Images

    Latest Magisk Canary

    1. On your device, enable Developer Options (tap build number 8 times), and enable the OEM Unlocking toggle. Reboot to bootloader:
    2. Code:
      adb reboot bootloader
    3. Unlock bootloader:
      fastboot flashing unlock
    4. Download the latest factory image and extract it. Inside, you will find the bootloader image, the radio image, and the Extract boot.img and vbmeta.img from this zip.
    5. Flash vbmeta:
      fastboot flash vbmeta --disable-verity --disable-verification <drag and drop vbmeta.img>
    6. Allow the device to boot into Android. Once you have Magisk installed, copy the boot.img and patch it in Magisk, then copy it back to your PC.
    7. Reboot to bootloader.
    8. Flash patched boot image:
      fastboot flash boot <drag and drop magisk_patched-23xxx_xxxxx.img>
    9. Reboot into system.

    1. Download the latest factory image and extract it. Inside, you will find the bootloader image, the radio image, and the Extract boot.img from this zip.
    2. Reboot to bootloader.
    3. Update bootloader and radio if they are out of date. BE CAREFUL, A MISTAKE CAN BRICK YOUR DEVICE! If you update the bootloader, remember to reboot back to bootloader so that the update reads the correct bootloader version.
    4. Update system:
      fastboot update --disable-verity --disable-verification <drag and drop here>
      Note: If you get an error for bootloader/radio version, this means you need to update bootloader and/or radio; go back to step 3.
    5. Allow the device to boot into Android. Copy the boot.img and patch it in Magisk, then copy it back to your PC.
    6. Reboot to bootloader.
    7. Flash patched boot image:
      fastboot flash boot <drag and drop magisk_patched-23xxx_xxxxx.img>
    8. Reboot into system.

    I personally do not recommend updating via OTA Sideload, as you would have to download and extract the factory zip anyway. AUTOMATIC OTA WILL LOSE ROOT AND REQUIRE A WIPE TO ROOT AGAIN.
    1. Sideload the OTA. When complete, IMMEDIATELY reboot to bootloader.
    2. Reflash vbmeta:
      fastboot flash vbmeta --disable-verity --disable-verification <vbmeta.img>
    3. Boot to system and allow the update to complete.
    4. Patch and flash the boot image.

    Note: If you run into a bootloader message
    failed to load/verify boot images
    this means you forgot to disable verity and verification. Reflash vbmeta with the --disable options.

    If you run into this recovery message
    View attachment 5455805

    This means that verity and verification were not disabled before, and a wipe is required to proceed.
    I managed to get the 64mb incremental OTA to install via System Update without having to rewipe data. The basic gist was I restored the stock boot.img in the Magisk app, then used dd to reset the disable flag bits in vbmeta, took the OTA from System Update, then used dd to restore the disable flags before rebooting.

    The downside is that switched me to slot B, which seems to come with compatibility issues with with Magisk on the Pixel 6. I immediately experienced the loss of root that others have described on reboot. It turns out that the Magisk app doesn't detect the change in slot and defaults to slot A.

    The solution to losing root on reboot was to fastboot flash boot_b magisk_patched-23011_xxxxx.img.

    Edit: A solution for the slot detection issue has been merged with mainline Magisk. It should be included in canary build 23014.
    You're a beautiful human being. Thank you!
    My wife thinks so too, although "beautiful" isn't the word she uses
    A new Magisk canary build (23013) was released 13 hours ago (release notes).

    Also, the PR that fixes slot detection on Pixel 6 has been merged, but it unfortunately didn't make it into 23013. Hopefully the wait for 23014 won't be too long.