Development [DEV][EOL] Vbmeta Patcher, Devinfo Patcher, and Boot Image Tool

Search This thread

capntrips

Senior Member
Aug 29, 2020
212
401
OnePlus 6T
Google Pixel 6
The original purpose of these three apps was to help deal with the changes in Android 12 when taking an OTA. Most of the functionality has been superseded by the newest builds of Magisk.

Vbmeta Patcher is still useful when migrating from Magisk builds before 23016, and Boot Image Tool can still be used for downloading backups of newly installed boot images or restoring missing backups for Magisk.

I'll leave the links and descriptions below, but future development of these apps is unlikely.

Vbmeta Patcher screenshot
Devinfo Patcher screenshot
Boot Image Tool screenshot


Vbmeta Patcher is an Android app that toggles the disable flags of the vbmeta partitions.

Devinfo Patcher is an Android app that marks the inactive slot as successful on devices with a valid devinfo partition.

Boot Image Tool is an Android app that helps juggle boot images for OTAs.
  1. Uninstall -> Restore Images in the Magisk app.
  2. Take the OTA in System Update. Do NOT reboot.
  3. Install -> Install to Inactive Slot in the Magisk app.
  4. Reboot (NOT in System Update).

Latest Updates

2022-05-01 Boot Image Tool v1.0.0-alpha03
2021-11-19 Devinfo Patcher v1.0.0-alpha02
2021-11-19 Vbmeta Patcher v1.0.0-alpha04
 
Last edited:

Hecke92

Senior Member
Dec 27, 2011
334
111
Amazing bro, thank you! So excited to see development starting off for this nice phone.
Any address to donate to?
 

capntrips

Senior Member
Aug 29, 2020
212
401
OnePlus 6T
Google Pixel 6
Why dont you flash the factory image to both slots directly?

The downside to flashing to both slots is you lose the fallback, if something goes wrong.

Whats the advantage to do it via OTA?

As long as we need another device to fastboot boot the patched image, there isn't a huge advantage to doing it this way. For me, it's just more convenient to do everything on the phone, then I can reboot to fastboot and boot the patched image the next time I'm at the computer.

If we can get flashing to the inactive slot working, then that would completely eliminate the need for another device, which is the ultimate goal here.
 
  • Like
Reactions: pa.pn2

capntrips

Senior Member
Aug 29, 2020
212
401
OnePlus 6T
Google Pixel 6
When Magisk installs to the inactive slot, it downloads a nearly 3 year old bootctl binary to set the inactive slot as active then to mark boot successful on the next reboot. I can't find any documentation on the source used for that binary, but I suspect that it doesn't know about the devinfo partition.

During the update process, update_engine sets various flags (including the active slot flag and the successful boot flag) via the boot control interface. The Pixel 6 has two implementations of that interface, 1.0, which sets the flags directly on the boot partitions, and 1.2, which sets the flags on the devinfo partition, with a fallback to the 1.0 method in the absence of a valid devinfo partition.

I wonder if simply replacing the bootctl binary with one built against a newer version of Android would be enough to resolve the problem.
 
Last edited:
  • Like
  • Love
Reactions: pa.pn2 and bzz11g

capntrips

Senior Member
Aug 29, 2020
212
401
OnePlus 6T
Google Pixel 6
This sounds to me like Virtual A/B devices were the reason for the removal of patching the inactive slot:


Pixel 6 is Full A/B, unless I'm missing something. I wonder if the old method with a new bootctl binary would work on Pixel 6. I managed to build bootctl against the aosp_oriole-userdebug (android-12.0.0_r12) source. It at least prints the right values. I have not attempted to use it to make changes.
 
Last edited:

capntrips

Senior Member
Aug 29, 2020
212
401
OnePlus 6T
Google Pixel 6
I made a build of the latest Magisk with bootctl built against the Pixel 5a source, enabled installing Magisk to the inactive slot on a Pixel 5a, and was able to take the November OTA on a Pixel 5a without a computer and without losing root.

The steps were
  1. Restore boot in the Magisk app.
  2. Restore vbmeta in Vbmeta Patcher.
  3. Take the OTA in System Update. Do NOT reboot.
  4. Patch vbmeta in Vbmeta Patcher.
  5. Install Magisk to the Inactive Slot in the Magisk App.
Until a few other people have tested it, this process should be considered experimental. Should anyone attempt it, I would suggest backing up any critical data.

I did not test the process with the old bootctl, but that one wouldn't work for Pixel 6, anyway. I'm not yet sure if the Pixel 5a build will work for Pixel 6, either. If not, I also have a version of it built against the Pixel 6 source.

Note: Since 23016, there's no longer a need to patch the vbmeta partition.
 
Last edited:

bzz11g

Senior Member
Oct 17, 2010
134
64
OnePlus 5
Google Pixel 6
The Pixel 6 build of Magisk using the Pixel 5a version of bootctl did not work, so I pulled the download. It got stuck in a bootloop, so I had to set my slot back to B in fastboot.

I'll make another build using the Pixel 6 verson of bootctl, shortly, and try again.

Edit: As with the previous build, it got stuck in a bootloop. Unfortunately, it takes forever to run tests, since the optimizing apps step takes about an hour, but I'll continue working on it over the next few days.
Google released an extraordinary firmware .037
there is a good opportunity to test your program. Unfortunately, my phone is still on the way.
Снимок.PNG
 

capntrips

Senior Member
Aug 29, 2020
212
401
OnePlus 6T
Google Pixel 6
Google released an extraordinary firmware .037
there is a good opportunity to test your program. Unfortunately, my phone is still on the way.
The post you quoted are the results of testing the upgrade from .036 to .037. The steps from the OP should work fine, but the ultimate goal is to be able to take the OTA and remain rooted without the need for a computer to fastboot boot the first time.
 

shoey63

Recognized Contributor
Would this work?
- restore boot with magisk
- restore vbmeta with Vbmeta patcher
- take ota update
- use Boot Image Tool to pull boot.img from opposite slot
- patch it with magisk
- use dd command to flash back to opposite slot
- patch vbmeta on opposite slot with Vbmeta patcher
- reboot
- profit?
 
Last edited:

capntrips

Senior Member
Aug 29, 2020
212
401
OnePlus 6T
Google Pixel 6
Would this work?
- restore boot with magisk
- restore vbmeta with Vbmeta patcher
- take ota update
- use Boot Image Tool to pull boot.img from opposite slot
- patch it with magisk
- use dd command to flash back to opposite slot
- patch vbmeta on opposite slot with Vbmeta patcher
- reboot
- profit?
This is effectively the same thing that Magisk does, just without the bootctl bits. I tried it anyway, just in case, and it bootlooped.

On a related note, if you let it bootloop more than 3 times, turns out it will automatically switch back to the old slot. Doesn't really save time if you're already plugged into a computer, but handy if you have something else you can be doing for those few minutes.
 
  • Like
Reactions: shoey63

capntrips

Senior Member
Aug 29, 2020
212
401
OnePlus 6T
Google Pixel 6
I manually toggled the successful bit for the inactive slot in devinfo and it booted right up.

I'll make a Devinfo Patcher to go along with Vbmeta Patcher and release it in the next few days.

Depending on what we can get the Magisk devs to support, I may make an all in one tool. I would rather not have to maintain ongoing Magisk builds, so hopefully we can at least get the option to enable flashing to the inactive slot.

Edit: I submitted my findings to the Magisk devs. We'll see what they'll be willing to support.
 
Last edited:

capntrips

Senior Member
Aug 29, 2020
212
401
OnePlus 6T
Google Pixel 6
Are these tools only for the pixel 6 or could it work on other A/B devices?
I made an effort to make them relatively device agnostic, but no testing has been done on anything but a Pixel 6 and to a much lesser extent, a Pixel 5a.

The only value that immediately comes to mind that may be somewhat specific to Pixel 6 is the 8192 byte vbmeta image size used to calculate the SHA1 hash, but it shouldn't affect its ability to read and patch the flags. I should probably try to figure out how to calculate the size, at some point.

All of the code for reading the data is in the DeviceState and SlotState files in each app, and I made an effort to link to the relevant code in the Android source for each function, if you want to check it against the sources for your own device.

If you try them out, let me know how it goes.

Edit: It looks like the size should be easy enough to calculate (fixed header size of 256 bytes + authentication_data_block_size + auxiliary_data_block_size). I'll make an effort to get that fixed after I release Devinfo Patcher.

Edit 2: This is done and is included in v1.0.0-alpha04.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    Have you tried updating your phone over the air with the new Magisk v25?
    Yes, I installed the June update OTA via System Update after updating to 25001, and it worked without an issue. I have rebooted a few times since, and I never lost root.
  • 29
    The original purpose of these three apps was to help deal with the changes in Android 12 when taking an OTA. Most of the functionality has been superseded by the newest builds of Magisk.

    Vbmeta Patcher is still useful when migrating from Magisk builds before 23016, and Boot Image Tool can still be used for downloading backups of newly installed boot images or restoring missing backups for Magisk.

    I'll leave the links and descriptions below, but future development of these apps is unlikely.

    Vbmeta Patcher screenshot
    Devinfo Patcher screenshot
    Boot Image Tool screenshot


    Vbmeta Patcher is an Android app that toggles the disable flags of the vbmeta partitions.

    Devinfo Patcher is an Android app that marks the inactive slot as successful on devices with a valid devinfo partition.

    Boot Image Tool is an Android app that helps juggle boot images for OTAs.
    1. Uninstall -> Restore Images in the Magisk app.
    2. Take the OTA in System Update. Do NOT reboot.
    3. Install -> Install to Inactive Slot in the Magisk app.
    4. Reboot (NOT in System Update).

    Latest Updates

    2022-05-01 Boot Image Tool v1.0.0-alpha03
    2021-11-19 Devinfo Patcher v1.0.0-alpha02
    2021-11-19 Vbmeta Patcher v1.0.0-alpha04
    10
    I made a new build of Magisk that will detect the vbmeta partition, set KEEPVBMETAFLAGS, and AVBv2 sign the boot image after patching. This allows you to root without patching vbmeta or wiping data.

    It also has the updated bootctl binary, so you can flash to the inactive slot after an OTA.

    I updated the related pull request, but it will remain in draft status until it is compatible with all of the possible algorithm types.

    The steps to take an OTA with this will be:
    1. Restore Images in the Magisk app.
    2. Take the OTA in System Update. Do NOT reboot.
    3. Install Magisk to the Inactive Slot in the Magisk app.
    4. Reboot (NOT in System Update).
    If you're taking the OTA on with vbmeta patched with disable flags, you'll have to restore vbmeta in Vbmeta Patcher, first. After that, vbmeta will remain stock.

    Edit: I pulled the build, patching vbmeta is not required since 23016.
    8
    Devinfo Patcher has been released. See the OP for usage details.

    Until there is movement on the Magisk end, you'll have to use my builds of Magisk to enable flashing to the inactive slot.

    As I noted previously, I would rather not maintain ongoing builds of Magisk, so depending on what, if anything, ends up in Magisk in the near future, I may make an all-in-one tool. In that case, I imagine I'll stop developing the individual apps, but I'll leave up the final builds of each, if that happens.
    8
    I made a new build of Magisk that will patch and restore the vbmeta partition on Magisk install and uninstall. It also includes the bootctl binary from the previous release. I made a draft pull request (closed in favor of #5018) to start the process of getting this into mainline.

    Once all of the backups are in place, the steps to take an OTA with this will be:
    1. Restore Images in the Magisk app (which will also restore the stock vbmeta partition from backup).
    2. Take the OTA in System Update. Do NOT reboot.
    3. (optional, but recommended) Direct Install Magisk in the Magisk App (which will also patch and backup the vbmeta partition in the active slot).
    4. Install Magisk to the Inactive Slot in the Magisk App (which will also patch and backup the vbmeta partition in the inactive slot, mark the inactive slot as active, and mark it as successful during the first boot).
    5. Reboot (NOT in System Update).
    The first time you restore images, you'll have to restore vbmeta in Vbmeta Patcher. After that, Magisk will keep backups of the stock images.

    Note: This is now obsolete. Recent builds no longer a need to patch the vbmeta partition.
    6
    Any address to donate to?
    I look at it as my contribution back to the community. If you really want to make a monetary contribution, I suggest Code.org or EFF.