• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[GUIDE] Android 12 Update and Root **READ THE NOTES**

Search This thread

Homeboy76

Senior Member
Aug 24, 2012
2,796
1,412
I backed up the P5 with Google1 and wiped it and re-did everything which was a major PITA.
Root does work again so I am sure the owner will be happy.
I just got a notification just now a new beta version of Magisk just dropped about an hour after I finished.
Maybe that will make some sort of change, it does show A12 is now better supported in the release notes.
If this fixes the problem, well good for everyone but danggit I just wasted 3 hours of my time.
I'm sure your friend would say, it was not a waste of time, just your good deed for the day. :)
 
Last edited:
  • Like
Reactions: Rumsfield

ipdev

Recognized Contributor
Feb 14, 2016
1,614
1
2,160
Google Nexus 10
Nexus 7 (2013)
Can someone link the new Magisk beta please?
Magisk Beta is still 23.0 (23000).

A new Magisk Canary was just released.
d7e7df3b (23010).

Magisk Files - GitHub - canary - Link
This is the official repo.​

A lot has changed.
Magisk Files - GitHub - canary [Notes] - Link

You will need to enable Zygisk and DenyList in Magisk's setting menu.
Riru is not compatible with Zygisk so, Magisk blocks Riru from running if Zygisk is enabled.

See my last post in the Magisk General thread.
Magisk General Support / Discussion - xdaThread - Post 48,643

Cheers. :cowboy:
 

ipdev

Recognized Contributor
Feb 14, 2016
1,614
1
2,160
Google Nexus 10
Nexus 7 (2013)
Seems to match the current Magisk canary build. ;)

sha256sum
Code:
ff3f1e5269614a4154621aabb1dab656a9b5bc8ba1b7f09c402c947d6e1356c4
Code:
package: name='com.topjohnwu.magisk' versionCode='23010' versionName='d7e7df3b' compileSdkVersion='31' compileSdkVersionCodename='12'
sdkVersion:'21'
targetSdkVersion:'31'

Cheers. :cowboy:
 
  • Like
Reactions: elong7681

killchain

Senior Member
Oct 6, 2012
326
71
30
Google Pixel 4a 5G

rester555

Senior Member
Oct 27, 2010
365
88
This is what happened to me: https://forum.xda-developers.com/t/...2-read-the-notes.4345627/page-7#post-85824449
It was the other error (failed to load/verify boot images, not the one with the corrupted image), but still doesn't work. I currently have flashed stock boot.img and have booted a patched image to get root.
So it this is true for a majority of people, seems every time you try to patch the boot with magisk, The flash has to be preceded with vbmeta being flashed again.
 

rester555

Senior Member
Oct 27, 2010
365
88

killchain

Senior Member
Oct 6, 2012
326
71
30
Google Pixel 4a 5G
So it this is true for a majority of people, seems every time you try to patch the boot with magisk, The flash has to be preceded with vbmeta being flashed again.

I was confused about this at first, but I now kind of understand it.

Flashing vbmeta with the disable flags is what allows a modified image to be flashed afterwards. Flashing vbmeta without any flags is what seems to be necessary to recover from system corruption and to then flash a stock, non-modified image (not sure if it's actually required for the latter, but it saved me from having to wipe when I got system corruption). At this point it seems to be not known what exactly requires the wipe and how to avoid the need to do it.

So just to verify, you are now rooted with latest magisk after recovering with those commands?
Yes, but that's temporary root, i.e. if the phone reboots, it will go back to the stock, non-rooted boot.img that's flashed.

It's fine for me since I don't reboot often; I'll probably stay that way either until a permanent solution is found without the need to wipe or until I decide to wipe.
 
Last edited:

rester555

Senior Member
Oct 27, 2010
365
88
Interesting. When I reboot with pixel 5 I still maintain root with AdAway and gpay. How is this temporary? This is with magisk 23001.
 

killchain

Senior Member
Oct 6, 2012
326
71
30
Google Pixel 4a 5G
Interesting. When I reboot with pixel 5 I still maintain root with AdAway and gpay. How is this temporary? This is with magisk 23001.

If you managed to direct install Magisk, it seems root has stuck for you. For me (and for some other people as it seems) it results in the failed to load/verify boot images error, necessitating re-flashing vbmeta and unmodified boot again.
 

rester555

Senior Member
Oct 27, 2010
365
88
So I didn't direct install. I had to patch my boot with magisk 23001 (not latest update) and flash manually after I set to disable vbmeta. I have yet to direct install a magisk update since manually patching magisk boot.
 
Last edited:

rester555

Senior Member
Oct 27, 2010
365
88
@killchain This is a good point, thanks for the info...

Flashing vbmeta with the disable flags is what allows a modified image to be flashed afterwards. Flashing vbmeta without any flags is what seems to be necessary to recover from system corruption and to then flash a stock, non-modified image (not sure if it's actually required for the latter, but it saved me from having to wipe when I got system corruption). At this point it seems to be not known what exactly requires the wipe and how to avoid the need to do it.

I am hoping a dirty flash and a full wipe flash can be defined. Until now, I am going to be very careful updating magisk unless absolutely necessary.

It seems like worst case is every month you have to wipe your data when wanting to update to latest A12 and maintain root. I can only imagine how that would suck.

@killchain Is the boot image the only modified image that can be flashed after vbmeta or does that include other images as well?
 

andybones

Forum Moderator
Staff member
May 18, 2010
14,729
15,001
Google Pixel 5
I would guess an OTA so quickly is for bugs that were found. But 1.88gb is quite large. Maybe they rushed the update out?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    On that note, has anyone on A11 October tried either:

    - Flashing just vbmeta from A11 Oct full system image, using the disable flags, then tried a dirty flash of A12 Nov FSI, also with disable flags

    -or-

    - Dirty flash A11 Oct FSI over the same installed A11 Oct using the disabled flags, then dirty flash A12 Nov FSI

    Wondering if either would avoid the necessity of the system wipe with the first install of A12 FSI in order to be able to then flash modified boot images with success.

    If nobody's done it yet or knows for certain it wouldn't work I may go guinea pig and try it. *May not be for a bit yet, but as soon as I have a day of life buffer to deal with possible issues and restores, there's really nothing to lose as currently I have to wipe anyhow.*
    3
    I'm not clear on why there is a focus on the OTA update.

    Since I've been rooting Pixels, I flash the factory image via adb. One has to use adb anyway to root after the update.

    Based on the recent discussion, it seems like the most straight-forward path is to flash the factory image and add the disable verity and disable verification lines to the flash-all script.

    After update, then root.

    What an I missing?
    Nothing, you're exactly correct.
    Code:
    fastboot update --disable-verity --disable-verification image-redfin-buildnumber.zip
    Allow update to complete including a reboot. Patch boot.img after the update, then reboot to bootloader and flash.
    3
    Universal SafetyNet Fix 2.2.0 is out for public access; this version has been ported to Zygisk.
    3
    Then I'm confused about the need to wipe.

    If I uninstall magisk, restore the original boot image to A11, then flash A12 factory image, remove -w but add the disable flags, I'm then on A12 unrooted.

    Install magisk, patch boot image, flash patched image.

    I'm then rooted on A12 without wiping, yes?

    Again, what am I missing?

    I don't understand the need to wipe in this scenario.
    Read the OP, please. It's been explained thoroughly. If you try flash a patched boot image on stock A12, on the 765G and Tensor devices, bootloader will reject your boot image:
    failed to load/verify boot images
    To fix this, you have to reflash vbmeta:
    Code:
    fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
    If you have not wiped, and AVB was not already disabled, this will result in booting into recovery (Rescue Party) telling you your data is corrupted with the option to try again or factory reset.

    Meaning: A wipe is required when you upgrade from Android 11. A wipe is required when you root the first time on Android 12. A wipe will also be required if you let the phone boot after forgetting to disable verity and verification.

    I have an untested idea that one could try and disable vbmeta while still on A11, then dirty flash the A12 image also disabling vbmeta...but as far as I know this will require a data wipe as well.
    2
    Is there a post that describes exactly what is the correct way to "dirty flash" A12 (which was wiped) to the latest Nov patch without losing root or soft bricking the Pixel 5?

    I dirty flashed from 12.0.0 (SP1A.210812.016.A1, Oct 2021, Verizon) to 12.0.0 (SP1A.211105.002.A1, Nov 2021, Verizon, Verizon MVNOs) and it once again soft bricked the phone after I flashed the magisk patched boot.img. I couldnt get out of it and had to -w and start again on this months firmware.
    What exactly are the commands for ADB when upgrading to the monthly security patches now? This would be a wiped pixel 5 currently on latest firmware with root. :edit and I think this should be stickied for everyone on the latest build and wiped already and just want to move onto the latest months firmware going forward.

    However,
    Before flashing to update your already rooted and previously wiped userdata with boot verification off, remove the -w from the flash-all script while retaining --disable-verity --disable-verification (step #10 and #15).

    Disregard the backup pieces since you are not wiping (again); only updating while maintaining boot verification off.
  • 18
    WARNING: PERMANENT ROOT WHEN UPGRADING FROM ANDROID 11 REQUIRES A DATA WIPE! THERE IS CURRENTLY NO WAY AROUND THIS.


    WARNING: MANUALLY INSTALLING FACTORY UPDATES OR IMAGES REQUIRES AN UNLOCKED BOOTLOADER. If your bootloader is locked, DO NOT ATTEMPT THIS.

    WARNING: MODIFY YOUR DEVICE AT YOUR OWN RISK. YOU ALONE WILL BE RESPONSIBLE FOR MALFUNCTION, DAMAGE, OR LOSS OF ANY KIND IF SOMETHING GOES WRONG.

    Root will be done via Magisk. If you aren't already using it, download and install to your phone.

    Warning: For the sake of simplicity, I frequently will use generalizations when referring to files ("[patched boot image]" instead of "magisk_patched-23001_xxxxx.img" for example). It is YOUR RESPONSIBILITY to ensure you are flashing the correct file. The easiest way to do this is type the command in the command line without the file itself, then drag and drop the file you want to flash into the command line window.



    For those of you with a locked bootloader:

    Simply install the update as usual via OTA, whether automatically through Android Update, or manually via adb sideload.

    First, a bit of information on why you need to follow this guide (See this post)

    Two new Verified Boot features implemented in Android 12 will interfere with attempts to root. A more detailed explanation is below if you would like.

    Dm-verity (device-mapper-verity) is a method by which an image on block devices (the underlying storage layer of the file system) can be checked to determine if it matches an expected configuration, using a cryptographic hash tree. If the hash doesn't match, dm-verity prevents the stored code from loading.

    Vbmeta verification is the other half of this - it provides a cryptographically signed reference hash which is used to verify the integrity of /boot, /system, and /vendor partitions. The vbmeta image is only used to verify /boot, while vbmeta-system is used to verify /system.

    This was implemented to prevent persistent rootkits by means of a hardware level security check, to prevent "potentially harmful applications" such as Magisk from evading detection, as such applications residing within the kernel will have higher privileges than the detection applications.

    What this means is that with these two enabled, a modified boot image will cause a verification error when flashed to the device, preventing boot. Interestingly, this check is not performed against "live" boot images loaded via ADB, so with dm-verity and vbmeta verification enabled, a modified image can be booted as long as the image in /boot is intact.

    The good news is, disabling these features is as easy as using a command switch.
    The bad news, however, is that /data must be clean the first time this is done.


    If you update via automatic OTA: THIS WILL REQUIRE A WIPE EVERY TIME!
    1. Download the factory image (Yes, this is required) to your computer. Connect your device via USB.
    2. Extract the contents of the factory image, then extract both boot.img and vbmeta.img from the image-[device].zip (where [device] is the codename for your device, such as Redfin for Pixel 5
    2. Reboot to bootloader: With device connected via USB, Developer Options enabled and USB Debugging enabled, reboot to bootloader using ADB:
    Code:
    adb reboot bootloader
    3. Continue to Reflash vbmeta below

    To manually install the OTA:
    1. Download the OTA for your device, as well as the factory image (Yes, you need both) to your computer.
    2. Install the OTA
    3. Extract the contents of the factory image, then extract both boot.img and vbmeta.img from the image-[device].zip (where [device] is the codename for your device, such as Redfin for Pixel 5
    4. Let the update complete, and IMMEDIATELY reboot to bootloader.
    5. Continue to Reflash vbmeta below

    Reflash VBmeta
    1. Reflash vbmeta with dm-verity and boot verification disabled:
    Code:
    fastboot --disable-verity --disable-verification flash --slot=all vbmeta vbmeta.img
    2. If this is the first time you are rooting Android 12, you will end up in Recovery with this message: "Can't load Android system. Your data may be corrupt." You will have to perform the factory reset to continue. Once complete, let the device boot Android.
    3. If you have previously wiped and are updating, let the device boot Android.
    Continue to Patch Boot Image below.

    1. Open this link in Google Chrome (DO NOT USE MICROSOFT EDGE OR MOZILLA FIREFOX) Here is the link for beta
    2. Connect your device via USB (make sure USB Debugging is enabled)
    3. Enable ADB access in the browser
    4. Select your device
    5. Select the Android 12 build
    6. IMPORTANT: Click the pencil icon next to the selected build
    7. Ensure Wipe Device, Disable Verification, and Disable Verity are checked. DATA WIPE IS REQUIRED when updating from an older version of Android. Don't lock your bootloader if you want root. Force flash all partitions should not be necessary (but use this if you've run into problems and are starting over). Skip Secondary and Force Debuggable should be unchecked, unless you want to use ADB for root access on the stock kernel for some reason.
    8. Click Install Build.
    9. Wait until the update finishes, including a reboot to Android.
    10. Continue to Patch Boot Image below.

    1. Download the factory image to your computer and connect your device via USB, with USB debugging enabled.
    2. Extract the contents of the factory ZIP
    3. Reboot to bootloader:
    Code:
    adb reboot bootloader
    4. If necessary, update the bootloader: WARNING: IF DONE INCORRECTLY THIS WILL BRICK YOUR DEVICE!
    Code:
    fastboot flash bootloader [bootloader image]
    Reboot back to bootloader.
    5. If necessary, update the radio:
    Code:
    fastboot flash radio [radio image]
    Reboot to bootloader.
    6. Install the update:
    Code:
    fastboot --disable-verity --disable-verification -w update [factory image zip]
    DATA WIPE IS REQUIRED when updating from an older version of Android.
    7. Let the update complete, including a reboot to Android
    8. Continue to Patch Boot Image below

    1. Extract boot.img from the factory image ZIP if you haven't done so already
    2. Install Magisk on your phone
    3. Move the boot image to your phone via USB, and patch it using "Select and Patch a File" in Magisk
    4. Move the patched boot image back to your PC
    5. Reboot to bootloader
    6. Flash the patched boot image:
    Code:
    fastboot flash boot [patched boot image]
    7. Reboot to system.

    For subsequent updates to Android 12:
    DO NOT USE AUTOMATIC UPDATE! DO NOT LET THE DEVICE BOOT BEFORE YOU DISABLE VERITY AND VERIFICATION!

    Follow the same directions as above, except you don't have to wipe.

    Key reminders:
    * The OTA does not have a way to set the disable flags for vbmeta, so if you update via OTA, you will have to reflash vbmeta with the disable flags every time you update.
    * The most critical thing to remember is that once you have disabled verified boot and gained permanent root, YOU MUST NOT let the device boot into Android if /vbmeta is flashed without disabling verity and verification.
    * If you forget to do this and let the device boot into Android, you will end up in Rescue Party: Recovery Mode screen with the message "Can't load Android system. Your data may be corrupt." YOU WILL HAVE TO WIPE TO GET ROOT BACK.



    If you run into problems, or just want to share your results, please feel free to post your method and results in this thread.
    6
    Who is calling you stupid?!?! It's an American expression: for example, your costume is ruined by rain, so, you say: it's the weather stupid.

    Anyway, I am trying to help, so, there is no reason to seek insults where there isn't one.
    It's just the way you worded it is all. I am born in America, and actually thought the same thing when I read it.
    It's confusing to me though..

    I would say, not "it's the weather, stupid"
    but rather
    "it's the stupid weather"

    so reading "It's the bootloader stupid"
    I feel should be,
    "it the stupid bootloader"

    but thank you for clearing up that you aren't passing insults.
    And it's hard to tell through text whose being argumentative, and whose being helpful.
    Glad you're the latter.
    5
    Or he/you could add this to it when flashing factory image via ADB only. Why? Because it works on the pixel 4a 5(G) and may work on the Pixel 5. It would not confuse anyone, just provide another less complicated option for upgrading/updating those phones. Seems pretty black and white to me.
    Agreed.

    The confusion arises from this:
    PS :
    Pixel 4a 5(G) phone owners need to know for the initial upgrade (Android 11 to Android 12), they do not need the fastboot flash --disable-verity --disable-verification --slot-all vbmeta vbmeta.img step in this case
    This implies that verity and verification need not be disabled when upgrading from Android 11...which if you want permanent root, is not true. This can be omitted if one flashes the factory image, as they can incorporate the flags into the command:
    Code:
    fastboot update -w --disable-verity --disable-verification image-device-buildnumber.zip
    However, if the update is performed via the OTA, then vbmeta must be specifically disabled.

    If you understand what he is saying, why not add the Pixel 4a 5(G) note to the Reminders?
    This is true across ALL affected devices - Pixels on the SD765G and Tensor. It is not specific to one device.

    Still, I will update the notes for the sake of clarity.
    4
    For those of you who have not yet wiped data and are using unrooted Android 12:

    As long as your system boots, you should be able to live boot a patched boot image and use that for temporary root:

    fastboot boot patched_boot.img

    If you are currently stuck at the "corrupted data" message in recovery, try sideloading the OTA or dirty flashing the factory image (with NO FLAGS). If that doesn't work, the only fix that I know of that works is to perform a factory reset...but if you get to that point, you might as well clean flash the factory image with both --disable flags:

    fastboot --disable-verity --disable-verification -w update redfin_image.zip

    at which point you should be able to flash and boot the patched boot image.
    4
    Who is calling you stupid?!?! It's an American expression: for example, your costume is ruined by rain, so, you say: it's the weather stupid.

    Anyway, I am trying to help, so, there is no reason to seek insults where there isn't one.
    I didn't seek one, I guess I misunderstood. I have never heard of that expression before, at least not in that context. I'm American too, and I've generally heard it like this:

    "Hey, what's making that howling noise?"
    "It's the wind, stupid!"

    I digress.

    I'll have to pick this up later; it's late, my wife is demanding....attention, and I want to enjoy the weekend.