• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Question [CLOSED] Read this before rooting your Raven ***OBSOLETE***

Status
Not open for further replies.
Search This thread

gururoop

Senior Member
Dec 24, 2011
565
254
Google Pixel 4 XL
Google Pixel 6 Pro
Just to offer my 2 cents. I have been on Pixel 4XL since Android 11 and participated in each of the Android 12 betas including the developer previews. The way I usually upgrade is by downloading the factory images, extracting boot.img and patching it through magisk. Then I reboot to bootloader, remove -w flag from flash-all.bat and add --skip-reboot flag, before flashing the factory image. After the image has been flashed, I reboot the bootloader and flash the patched boot image using the command: fastboot flash boot magisk_patched-xxxxxx.img.

Now my point is that I don't ever remember flashing vbmeta with --disable-verity and --disable-verification flags and have never lost data in the process. However, when I got Pixel 6 Pro, I took the OTA, extracted and patched boot.img from the available factory image and tried to flash it in fastboot mode using the above command, when I tried to reboot, it landed me in the recovery due to corrupt data error and even after erasing the data, it got stuck in the bootloader screen until I flashed vbmeta with --disable-verity and --disable-verification flags (again from the only available factory image). The phone booted fine and was rooted properly.

I guess, I will have to wait until the next factory image to see how this process could be done every month without loosing data.
 
  • Like
Reactions: roirraW "edor" ehT

V0latyle

Forum Moderator
Staff member
Just to offer my 2 cents. I have been on Pixel 4XL since Android 11 and participated in each of the Android 12 betas including the developer previews. The way I usually upgrade is by downloading the factory images, extracting boot.img and patching it through magisk. Then I reboot to bootloader, remove -w flag from flash-all.bat and add --skip-reboot flag, before flashing the factory image. After the image has been flashed, I reboot the bootloader and flash the patched boot image using the command: fastboot flash boot magisk_patched-xxxxxx.img.

Now my point is that I don't ever remember flashing vbmeta with --disable-verity and --disable-verification flags and have never lost data in the process. However, when I got Pixel 6 Pro, I took the OTA, extracted and patched boot.img from the available factory image and tried to flash it in fastboot mode using the above command, when I tried to reboot, it landed me in the recovery due to corrupt data error and even after erasing the data, it got stuck in the bootloader screen until I flashed vbmeta with --disable-verity and --disable-verification flags (again from the only available factory image). The phone booted fine and was rooted properly.

I guess, I will have to wait until the next factory image to see how this process could be done every month without loosing data.
This doesn't apply to the Pixel 4 / 4XL / 4a. Only the 4a 5g, Pixel 5, and up.
 
  • Like
Reactions: gururoop
On the P6P, with 23011, hidden, successfully rooted, running zygisk (so no riru) with MHPC 136 and the USNF 2.0.0 beta (non-riru), I can get both basic integrity and response signature verification to successfully pass in SN, but CTS profile continues to fail.

In props I tried changing my fingerprint from basic to pixel 3a, then re-did basic attestation to pixel 3a, and I notice in the SN checker it's still knowing I'm "raven" (P6P); shouldn't MHPC be passing that I'm "sargo?"

I feel like this is a step that shouldn't be as difficult as the other two, but there's something I'm missing.
 

Pekempy

Senior Member
Aug 22, 2011
654
295
UK
Google Pixel 6 Pro
On the P6P, with 23011, hidden, successfully rooted, running zygisk (so no riru) with MHPC 136 and the USNF 2.0.0 beta (non-riru), I can get both basic integrity and response signature verification to successfully pass in SN, but CTS profile continues to fail.

In props I tried changing my fingerprint from basic to pixel 3a, then re-did basic attestation to pixel 3a, and I notice in the SN checker it's still knowing I'm "raven" (P6P); shouldn't MHPC be passing that I'm "sargo?"

I feel like this is a step that shouldn't be as difficult as the other two, but there's something I'm missing.

I think we need to wait for USNF non-riru to be released again, the beta doesn't seem to work with the CTS profile as I'm in the same place as you
 

V0latyle

Forum Moderator
Staff member
I've said it several times...Just use Magisk 23001 + Riru + USNF 2.1.1 + MHPC 6.1.1. This is what I'm using on my Pixel 5 (build SP1A.210812.015) and have no issues...except the Play Store thinks Hulu isn't compatible with my device for some odd reason. Make sure MagiskHide is enabled on the Google Play Store, too.

Newer isn't always better, and if SafetyNet passing is important to you, you should use the last known configuration that works.

I know there's always a desire to run the latest and greatest, but remember that with Magisk we are dealing with a lot of experimental stuff, and when something changes that breaks the "old" way that works...don't be surprised if things don't work right anymore.
 
Last edited:

Lughnasadh

Senior Member
Mar 23, 2015
2,717
2,368
Google Nexus 5
Huawei Nexus 6P
Just curious, has anyone here been able to root WITHOUT having to factory reset or wipe data? I think the answer is no but just want to make sure nothing has slipped through the cracks.

If Google releases their security updates for this phone on Monday (not sure if the release will be higher than .036 though), may give us another chance to see if factory resetting/wiping data is needed on a previously rooted (or previously wiped vbmeta) device while updating.
 
Last edited:
  • Like
Reactions: roirraW "edor" ehT

Zilla0617

Senior Member
Something is off with my installation of Magisk, I am unable to check for Safetynet. Any suggestions on how to fix?
 

Attachments

  • Screenshot_20211029-095710.png
    Screenshot_20211029-095710.png
    191.4 KB · Views: 37

V0latyle

Forum Moderator
Staff member
Just curious, has anyone here been able to root WITHOUT having to factory reset or wipe data? I think the answer is no but just want to make sure nothing has slipped through the cracks.

If Google releases their security updates for this phone on Monday (not sure if the release will be higher than .036 though), may give us another chance to see if factory resetting/wiping data is needed on a previously rooted (or previously wiped vbmeta) device while updating.
This problem began with the 12 Beta on the 4a 5g, 5, and 5a. We didn't have to wipe data, however.

According to @ipdev , it may be because Android 12 uses Boot Header v4; Android 11 used Boot Header v3. That may be the issue we are dealing with; it's entirely possible that Magisk does not properly patch the v4 boot images. That's just an educated guess, we don't know for sure what is causing the problem.

Thus far, we have only found one way that seems to allow update and root without wipe, but even then, it's not completely reliable. Basically, you sideload the OTA in recovery, then WITHOUT REBOOTING, you then enter fastboot, and reflash /vbmeta and /boot from there.

If you take the automatic OTA, or you dirty flash the factory image, then reflash vbmeta, you'll get dumped into Rescue Party until you wipe.
Something is off with my installation of Magisk, I am unable to check for Safetynet. Any suggestions on how to fix?
It's not off. Magisk 23010 removed that function; you'll have to use a separate app.

I STRONGLY recommend that if you need SafetyNet to pass, use Magisk 23001.
 

Lughnasadh

Senior Member
Mar 23, 2015
2,717
2,368
Google Nexus 5
Huawei Nexus 6P
This problem began with the 12 Beta on the 4a 5g, 5, and 5a. We didn't have to wipe data, however.

According to @ipdev , it may be because Android 12 uses Boot Header v4; Android 11 used Boot Header v3. That may be the issue we are dealing with; it's entirely possible that Magisk does not properly patch the v4 boot images. That's just an educated guess, we don't know for sure what is causing the problem.

Thus far, we have only found one way that seems to allow update and root without wipe, but even then, it's not completely reliable. Basically, you sideload the OTA in recovery, then WITHOUT REBOOTING, you then enter fastboot, and reflash /vbmeta and /boot from there.

If you take the automatic OTA, or you dirty flash the factory image, then reflash vbmeta, you'll get dumped into Rescue Party until you wipe.

It's not off. Magisk 23010 removed that function; you'll have to use a separate app.

I STRONGLY recommend that if you need SafetyNet to pass, use Magisk 23001.
Yep. Been following all this. Read through the links about the new boot headers that ipdev posted. If it is indeed caused by these, would hope tweaks in Magisk might be able to work around this. I think he mentioned he might open an issue in GitHub. Hopefully John can take a look.

I just wanted to make sure everyone has to wipe data and we didn't miss someone doing something that didn't require wiping.

Hopefully Monday we'll be able to see if the manual OTA method you have mentioned that works on the other devices works on the Pixel 6 Pro.
 

V0latyle

Forum Moderator
Staff member
where you able to pass safety net
So far, it seems no one has been able to pass SafetyNet using Magisk 23010 or 23011.

I would recommend using 23011 ONLY to manually patch the boot image, then remove Magisk and install 23001. I'm passing SafetyNet using that version + MagiskHide + Riru + Universal SafetyNet Fix.
 

switchy85

Senior Member
Jul 7, 2007
125
26
So far, it seems no one has been able to pass SafetyNet using Magisk 23010 or 23011.

I would recommend using 23011 ONLY to manually patch the boot image, then remove Magisk and install 23001. I'm passing SafetyNet using that version + MagiskHide + Riru + Universal SafetyNet Fix.
So I tried this on my P6P and both magiskhide and hide magisk options don't do anything in 23001. I'm rooted just fine, but magiskhide immediately disables itself when you leave the settings screen and hide magisk just locks the app up, doesn't hide it, and goes back to the magisk main page.
Currently still not passing cts or root check.
 
  • Like
Reactions: Pekempy

Pekempy

Senior Member
Aug 22, 2011
654
295
UK
Google Pixel 6 Pro
Yeah 23001 doesn't work on P6P for hiding root + passing SN. MagiskHide isn't functional - you can toggle it on but it turns itself off. there might be some difference with the Pixel 5 and 6 that makes it not work, but as far as I know nobody has SafetyNet passing with any version of Magisk on P6P
 

Nekromantik

Senior Member
Apr 1, 2010
6,668
889
London
Google Pixel 6 Pro
Yeah 23001 doesn't work on P6P for hiding root + passing SN. MagiskHide isn't functional - you can toggle it on but it turns itself off. there might be some difference with the Pixel 5 and 6 that makes it not work, but as far as I know nobody has SafetyNet passing with any version of Magisk on P6P
yup
I hope this is not the end of SaftyNet and Rooting together. Might sell my phone if it is haha
 

plasticarmyman

Senior Member
Apr 13, 2011
628
174
Long Beach
So I tried this on my P6P and both magiskhide and hide magisk options don't do anything in 23001. I'm rooted just fine, but magiskhide immediately disables itself when you leave the settings screen and hide magisk just locks the app up, doesn't hide it, and goes back to the magisk main page.
Currently still not passing cts or root check.

are you using Riru too?
 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 18
    Update 12-16-21: As of Magisk 23016, the below is no longer relevant; verity/verification need not be disabled for root.

    For instructions on rooting your Pixel 6 Pro, see this guide.


    This thread will be closed.



    For those of you who are planning on rooting:

    Be aware that Android 12 changed the way boot images are loaded, at least on the Pixel 4, 4a, and 5. We have no reason to believe the Pixel 6/Pro will be any different.

    Two new Verified Boot features implemented in Android 12 will interfere with attempts to root.

    Dm-verity (device-mapper-verity) is a method by which an image on block devices (the underlying storage layer of the file system) can be checked to determine if it matches an expected configuration, using a cryptographic hash tree. If the hash doesn't match, dm-verity prevents the stored code from loading.

    Vbmeta verification is the other half of this - it provides a cryptographically signed reference hash which is used to verify the integrity of /boot, /system, and /vendor partitions. The vbmeta image is only used to verify /boot, while vbmeta-system is used to verify /system.

    This was implemented to prevent persistent rootkits by means of a hardware level security check, to prevent "potentially harmful applications" such as Magisk from evading detection, as such applications residing within the kernel will have higher privileges than the detection applications.

    What this means is that with these two enabled, a modified boot image will cause a verification error when flashed to the device, preventing boot. Interestingly, this check is not performed against "live" boot images loaded via ADB, so with dm-verity and vbmeta verification enabled, a modified image can be booted as long as the image in /boot is intact.


    Dm-verity and vbmeta verification will need to be disabled in order to flash a rooted boot image. Unfortunately, this means that you will have to wait for the factory firmware to be released.

    fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img

    We also discovered that a data wipe is required in order to get permanent root; flashing /vbmeta with the disable flags gets you stuck in recovery with "Unable to load Android system, your data may be corrupted" error if you didn't wipe /data when you upgraded. To be clear, this only happens in a specific circumstance:
    * You updated to Android 12 without a wipe, AND
    * You reflash vbmeta with the disable flags


    Here are some threads in the Pixel 5 forum on the matter:
    12
    Cheers for this, much appreciated. I can confirm (yet again) that you have to do disable-verity to root the P6 Pro. It's early enough since getting the phone (literally today) that wiping data isn't too much of a hassle at this stage IMO.

    Factory images are now up, I've just booted a freshly wiped phone with a magisk patch image, transferring stuff again now :)
    8
    Alright, so it's possible. Props to @snovvman for linking the vvb2060 repo, because if you read into the bits in English on the telegram, you'll discover that it has MagiskHide still, as an option.

    So:
    Download the latest alpha build from https://t.me/magiskalpha
    Install it by patching the boot image and flashing in fastboot. You might be able to do a direct install, but I patched it manually and checked it booted with fastboot first first to be safe.
    After it boots, you may need to uninstall a hidden Magisk manager if you didn't already - at this point the alpha build will take over, and tell you it needs to install some files and reboot, allow it.
    After rebooting, go into the Magisk settings and disable Zygisk. A magisk hide option will magically appear. Reboot.
    Install Riru and the latest Universal SafetyNet Fix. There's no repo in the build, so you need to get these from GitHub. I also have MagiskHide Props Config installed, but not with any BASIC spoofing enabled, just installed - not sure if that's required. Doesn't seem to be required.
    Reboot.
    Make sure you have Play Services unstable and snet added to your DenyList (it's still called DenyList, but it's Hide)

    Job done!

    1635533860772.png
    6
    The loss of "Hide Magisk" in the lastest release means a few of my apps (banking and work expense) are not going to work if I root my Pixel 6 P. So disappointing. I will miss GravityBox the most, but will learn to live without it.
    Magisk 23010 has DenyList, which works exactly like MagiskHide. However, getting Safetynet to pass is more complicated, as Riru is not compatible with 23010, so you can't use Universal SafetyNet Fix 2.0.0 or newer. So, I went back to Magisk 23001.