Question [CLOSED] Read this before rooting your Raven ***OBSOLETE***

Status
Not open for further replies.
Search This thread

V0latyle

Forum Moderator
Staff member
Update 12-16-21: As of Magisk 23016, the below is no longer relevant; verity/verification need not be disabled for root.

For instructions on rooting your Pixel 6 Pro, see this guide.


This thread will be closed.



For those of you who are planning on rooting:

Be aware that Android 12 changed the way boot images are loaded, at least on the Pixel 4, 4a, and 5. We have no reason to believe the Pixel 6/Pro will be any different.

Two new Verified Boot features implemented in Android 12 will interfere with attempts to root.

Dm-verity (device-mapper-verity) is a method by which an image on block devices (the underlying storage layer of the file system) can be checked to determine if it matches an expected configuration, using a cryptographic hash tree. If the hash doesn't match, dm-verity prevents the stored code from loading.

Vbmeta verification is the other half of this - it provides a cryptographically signed reference hash which is used to verify the integrity of /boot, /system, and /vendor partitions. The vbmeta image is only used to verify /boot, while vbmeta-system is used to verify /system.

This was implemented to prevent persistent rootkits by means of a hardware level security check, to prevent "potentially harmful applications" such as Magisk from evading detection, as such applications residing within the kernel will have higher privileges than the detection applications.

What this means is that with these two enabled, a modified boot image will cause a verification error when flashed to the device, preventing boot. Interestingly, this check is not performed against "live" boot images loaded via ADB, so with dm-verity and vbmeta verification enabled, a modified image can be booted as long as the image in /boot is intact.


Dm-verity and vbmeta verification will need to be disabled in order to flash a rooted boot image. Unfortunately, this means that you will have to wait for the factory firmware to be released.

fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img

We also discovered that a data wipe is required in order to get permanent root; flashing /vbmeta with the disable flags gets you stuck in recovery with "Unable to load Android system, your data may be corrupted" error if you didn't wipe /data when you upgraded. To be clear, this only happens in a specific circumstance:
* You updated to Android 12 without a wipe, AND
* You reflash vbmeta with the disable flags


Here are some threads in the Pixel 5 forum on the matter:
 
Last edited:

V0latyle

Forum Moderator
Staff member
The loss of "Hide Magisk" in the lastest release means a few of my apps (banking and work expense) are not going to work if I root my Pixel 6 P. So disappointing. I will miss GravityBox the most, but will learn to live without it.
Magisk 23010 has DenyList, which works exactly like MagiskHide. However, getting Safetynet to pass is more complicated, as Riru is not compatible with 23010, so you can't use Universal SafetyNet Fix 2.0.0 or newer. So, I went back to Magisk 23001.
 
Last edited:

diesteldorf

Senior Member
Nov 22, 2010
66
46
Magisk 23010 has DenyList, which works exactly like MagiskHide. However, getting Safetynet to pass is more complicated, as Riru is not compatible with 23010, so you can't use Universal SafetyNet Fix 2.0.0 or newer. So, I went back to Magisk 23001.
Thanks for pointing out that Riru is not compatible. I thought I was doing something wrong.

In order to roll back to an earlier version of Magisk, do I need to uninstall Magisk 23010 and unroot, reflash the original boot.img, install Magisk 23001, use it to patch the original boot.img, and then reflash?
 
  • Like
Reactions: roirraW "edor" ehT

V0latyle

Forum Moderator
Staff member
That was only for Android 12 beta.
Since official build has been released you no longer need to disable DM verify etc.
But still need boot.img to be patched which requires download of factory image which we can't do atm.
Incorrect. DM verity and vbmeta verification MUST be disabled to run a patched boot image. This is true regardless of whether it's the 12 Beta or the public release.

Thanks for pointing out that Riru is not compatible. I thought I was doing something wrong.

In order to roll back to an earlier version of Magisk, do I need to uninstall Magisk 23010 and unroot, reflash the original boot.img, install Magisk 23001, use it to patch the original boot.img, and then reflash?
Remove Magisk via the Uninstall option within the app; first use Restore Images, then use Complete Uninstall. This will restore the boot image, so you don't have to. It will then reboot the phone.

At that point, yes, you would install the older version of Magisk, then root as usual by patching the boot image.
 

roirraW "edor" ehT

Forum Moderator
Staff member
Will we be able to flash the OTA every month without wiping now? Just add the DM verity and vbmeta stuff before flashing the patched boot image?
Had the updates changed at some point? On the Pixel 1 we were able to remove the -w from the update script to flash without wiping.
 
  • Like
Reactions: Lughnasadh

V0latyle

Forum Moderator
Staff member
Will we be able to flash the OTA every month without wiping now? Just add the DM verity and vbmeta stuff before flashing the patched boot image?
One of our users, @HumorBaby was able to upgrade from the 12 Beta via OTA. See his guide here. This should, in theory, work for the monthly updates as well.

What is currently unknown is whether a data wipe will be required prior to root if updated via other methods (factory image or automatic OTA).
 

Ghisy

Senior Member
Mar 27, 2010
1,785
603
One of our users, @HumorBaby was able to upgrade from the 12 Beta via OTA. See his guide here. This should, in theory, work for the monthly updates as well.

What is currently unknown is whether a data wipe will be required prior to root if updated via other methods (factory image or automatic OTA).
Oh good, thanks.

I always sideload the OTA via ADB. So I guess that's fine! 👍
 

Lughnasadh

Senior Member
Mar 23, 2015
3,914
4,195
Google Nexus 5
Huawei Nexus 6P
Had the updates changed at some point? On the Pixel 1 we were able to remove the -w from the update script to flash without wiping.
It sounds like you may update the same way I do. Each month flash the factory image without the -w, patch the boot image and flash the patched boot image?

It sounds like (of course we don't know for sure yet) that we will still be able to do it this way each month except before flashing the patched boot image we'll have to disable DM verity and vbmeta verification first, reboot into bootloader, flash vbmeta.img (or just flash vbmeta with those flags disabled-easier), reboot to bootloader and then flash the patched boot image. Is this the way you're seeing it?
 
Last edited:

roirraW "edor" ehT

Forum Moderator
Staff member
It sounds like you may update the same way I do. Each month flash the factory image without the -w, patch the boot image and flash the patched boot image?

It sounds like (of course we don't know for sure yet) that we will still be able to do it this way each month except before flashing the patched boot image we'll have to disable DM verity and vbmeta verification first, reboot into bootloader and then flash the patched boot image. Is this the way you're seeing it?
Yes, exactly, I use the full image and flash everything else that's necessary afterwards to stay rooted / have my custom kernel (when applicable).

And yes, that sounds right too for what we're likely going to need to do.
 

Nekromantik

Senior Member
Apr 1, 2010
6,746
941
London
Google Pixel 6 Pro
Incorrect. DM verity and vbmeta verification MUST be disabled to run a patched boot image. This is true regardless of whether it's the 12 Beta or the public release.


Remove Magisk via the Uninstall option within the app; first use Restore Images, then use Complete Uninstall. This will restore the boot image, so you don't have to. It will then reboot the phone.

At that point, yes, you would install the older version of Magisk, then root as usual by patching the boot image.
https://forum.xda-developers.com/t/guide-root-pixel-5-android-12.4187609/
Read Index 4, Point 2
Its only for people upgrading to Android 12.
 
  • Wow
Reactions: roirraW "edor" ehT

V0latyle

Forum Moderator
Staff member
That was only for Android 12 beta.
Since official build has been released you no longer need to disable DM verify etc.
But still need boot.img to be patched which requires download of factory image which we can't do atm.
Again, incorrect. This issue is -not- limited to the beta and has been present for users upgrading to the public release.

The Pixel 6 is launching with Android 12, is it not? Disabling Android Verified Boot is not specific to the upgrade; rather, it's required for root on Android 12. If AVB is implemented on the Pixel 6 in any similarity to the Pixel 4 and 5 series - which there is an extremely good chance it is - then disabling it will be REQUIRED to use a patched boot image.

Note who is in the credits for that post.

Yes, exactly, I use the full image and flash everything else that's necessary afterwards to stay rooted / have my custom kernel (when applicable).

And yes, that sounds right too for what we're likely going to need to do.
As I'm sure you're aware, you can either update using the OTA, or you can dirty flash the factory image.

DM-Verity and vbmeta verification will have to be disabled every time /vbmeta is flashed. Thus, the easiest way to update, and disable AVB at the same time, would be to dirty flash the system update:
Code:
fastboot update --disable-verity --disable-verification raven-image.zip
 
Last edited:

Nekromantik

Senior Member
Apr 1, 2010
6,746
941
London
Google Pixel 6 Pro
Again, incorrect. This issue is -not- limited to the beta and has been present for users upgrading to the public release.


The Pixel 6 is launching with Android 12, is it not? Disabling Android Verified Boot is not specific to the upgrade; rather, it's required for root on Android 12. If AVB is implemented on the Pixel 6 in any similarity to the Pixel 4 and 5 series - which there is an extremely good chance it is - then disabling it will be REQUIRED to use a patched boot image.

Note who is in the credits for that post.


As I'm sure you're aware, you can either update using the OTA, or you can dirty flash the factory image.

DM-Verity and vbmeta verification will have to be disabled every time /vbmeta is flashed. Thus, the easiest way to update, and disable AVB at the same time, would be to dirty flash the system update:
Code:
fastboot update --disable-verity --disable-verification raven-image.zip
hmm ok :(
this sucks hope devs aint put off and then we get zero development. My OP8 Pro at least has Havoc and AICP
 
  • Like
Reactions: roirraW "edor" ehT

roirraW "edor" ehT

Forum Moderator
Staff member
hmm ok :(
this sucks hope devs aint put off and then we get zero development. My OP8 Pro at least has Havoc and AICP
I wouldn't worry too much. Getting past roadblocks has always been part of the fun. I've always loved making technology do what it's not supposed to do.
 

V0latyle

Forum Moderator
Staff member
hmm ok :(
this sucks hope devs aint put off and then we get zero development. My OP8 Pro at least has Havoc and AICP

I wouldn't worry too much. Getting past roadblocks has always been part of the fun. I've always loved making technology do what it's not supposed to do.

I don't think this was necessarily intentional; I believe Google is just trying to make Android more secure, and in so doing, may have inadvertently made things harder for us.

The whole point of Android Verified Boot is to prevent malicious code from being loaded at boot time - such as persistent rootkits. Unfortunately, things like Magisk fall into that category.

What's a bit confusing to many of us was that we were under the impression that unlocking the bootloader should have been sufficient to disable AVB, and there shouldn't be extra steps. One would think that there would be a discernable difference between malicious attempts at compromising device and system security, vs deliberate. We all understand that running a rooted device has risk, including a potential attack vector, so why wouldn't Google just let us assume that risk and do whatever we want with the hardware?
 

diesteldorf

Senior Member
Nov 22, 2010
66
46
We all understand that running a rooted device has risk, including a potential attack vector, so why wouldn't Google just let us assume that risk and do whatever we want with the hardware?
You bring up some good points. One of the reasons I buy directly from Google is they don't typically invalidate legitimate warranty issues because the bootloader was unlocked.

However, maybe they are concerned about someone rooting their phone, overclocking the processor. blowing the speakers, and then trying to claim a warranty replacement.

However, most people that root won't be so careless and most warranty issues are completely unrelated to whether the bootloader was unlocked.
 

V0latyle

Forum Moderator
Staff member
@Nekromantik I think I misunderstood the point you may have been trying to make.

Yes, we discovered that a data wipe is required to root after upgrading to Android 12.

We do not yet know if a data wipe will be required to root on a device that had an original CLEAN install of Android 12. It's definitely an excellent question, and something us Pixel 4/5 guys can test while you wait for your firmware drop.
 
Last edited:

Nekromantik

Senior Member
Apr 1, 2010
6,746
941
London
Google Pixel 6 Pro
@Nekromantik I think I misunderstood the point you may have been trying to make.

Yes, we discovered that a data wipe is required to root after upgrading to Android 12.

We do not yet know if a data wipe will be required to root on a device that had an original CLEAN install of Android 12. It's definitely an excellent question, and something us Pixel 4/5 guys can test while you wait for your firmware drop.
Yes thats what I was referring to on first point :)
As long as you dont need to wipe after every update then its all good
 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 18
    Update 12-16-21: As of Magisk 23016, the below is no longer relevant; verity/verification need not be disabled for root.

    For instructions on rooting your Pixel 6 Pro, see this guide.


    This thread will be closed.



    For those of you who are planning on rooting:

    Be aware that Android 12 changed the way boot images are loaded, at least on the Pixel 4, 4a, and 5. We have no reason to believe the Pixel 6/Pro will be any different.

    Two new Verified Boot features implemented in Android 12 will interfere with attempts to root.

    Dm-verity (device-mapper-verity) is a method by which an image on block devices (the underlying storage layer of the file system) can be checked to determine if it matches an expected configuration, using a cryptographic hash tree. If the hash doesn't match, dm-verity prevents the stored code from loading.

    Vbmeta verification is the other half of this - it provides a cryptographically signed reference hash which is used to verify the integrity of /boot, /system, and /vendor partitions. The vbmeta image is only used to verify /boot, while vbmeta-system is used to verify /system.

    This was implemented to prevent persistent rootkits by means of a hardware level security check, to prevent "potentially harmful applications" such as Magisk from evading detection, as such applications residing within the kernel will have higher privileges than the detection applications.

    What this means is that with these two enabled, a modified boot image will cause a verification error when flashed to the device, preventing boot. Interestingly, this check is not performed against "live" boot images loaded via ADB, so with dm-verity and vbmeta verification enabled, a modified image can be booted as long as the image in /boot is intact.


    Dm-verity and vbmeta verification will need to be disabled in order to flash a rooted boot image. Unfortunately, this means that you will have to wait for the factory firmware to be released.

    fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img

    We also discovered that a data wipe is required in order to get permanent root; flashing /vbmeta with the disable flags gets you stuck in recovery with "Unable to load Android system, your data may be corrupted" error if you didn't wipe /data when you upgraded. To be clear, this only happens in a specific circumstance:
    * You updated to Android 12 without a wipe, AND
    * You reflash vbmeta with the disable flags


    Here are some threads in the Pixel 5 forum on the matter:
    12
    Cheers for this, much appreciated. I can confirm (yet again) that you have to do disable-verity to root the P6 Pro. It's early enough since getting the phone (literally today) that wiping data isn't too much of a hassle at this stage IMO.

    Factory images are now up, I've just booted a freshly wiped phone with a magisk patch image, transferring stuff again now :)
    9
    1635445408510.png


    Confirmed.
    8
    Alright, so it's possible. Props to @snovvman for linking the vvb2060 repo, because if you read into the bits in English on the telegram, you'll discover that it has MagiskHide still, as an option.

    So:
    Download the latest alpha build from https://t.me/magiskalpha
    Install it by patching the boot image and flashing in fastboot. You might be able to do a direct install, but I patched it manually and checked it booted with fastboot first first to be safe.
    After it boots, you may need to uninstall a hidden Magisk manager if you didn't already - at this point the alpha build will take over, and tell you it needs to install some files and reboot, allow it.
    After rebooting, go into the Magisk settings and disable Zygisk. A magisk hide option will magically appear. Reboot.
    Install Riru and the latest Universal SafetyNet Fix. There's no repo in the build, so you need to get these from GitHub. I also have MagiskHide Props Config installed, but not with any BASIC spoofing enabled, just installed - not sure if that's required. Doesn't seem to be required.
    Reboot.
    Make sure you have Play Services unstable and snet added to your DenyList (it's still called DenyList, but it's Hide)

    Job done!

    1635533860772.png
    6
    The loss of "Hide Magisk" in the lastest release means a few of my apps (banking and work expense) are not going to work if I root my Pixel 6 P. So disappointing. I will miss GravityBox the most, but will learn to live without it.
    Magisk 23010 has DenyList, which works exactly like MagiskHide. However, getting Safetynet to pass is more complicated, as Riru is not compatible with 23010, so you can't use Universal SafetyNet Fix 2.0.0 or newer. So, I went back to Magisk 23001.