• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[Guide] Flash Magisk on Android 12

Search This thread

Fun_GKC

Senior Member
Oct 28, 2012
75
10
I receive the A12 OTA on my rooted Pixel 4a 5G. I guess the best way is to uninstall Magisk and update using the OTA?
 

warrencoakley

Senior Member
May 1, 2014
915
164
45
Dublin
Yes same for me here. I've installed Magisk Canary in the final stable release of Android 12 via ADB and patched the boot img but it just reboots right back to fastboot after flashing.

Has anyone gotten around this yet?
 

Rumsfield

Senior Member
Apr 3, 2015
142
49
Yes same for me here. I've installed Magisk Canary in the final stable release of Android 12 via ADB and patched the boot img but it just reboots right back to fastboot after flashing.

Has anyone gotten around this yet?
Dirty flashed A11-to-A12 on my Pixel 5 and apparently we were not supposed to do that. Fastboot menu stuck with the patch boot.img method on this Pixel 5 but a reflash at least gets it working (less root). I dirty flashed two Pixel 3's this afternoon and had 0 issues so I guess the method for the 5 is going to be different. If anyone knows how to stay on A12 and get magisk working without a factory reset, let me (us) know. I tried to go back to A11 and the phone loops.
 

warrencoakley

Senior Member
May 1, 2014
915
164
45
Dublin
Dirty flashed A11-to-A12 on my Pixel 5 and apparently we were not supposed to do that. Fastboot menu stuck with the patch boot.img method on this Pixel 5 but a reflash at least gets it working (less root). I dirty flashed two Pixel 3's this afternoon and had 0 issues so I guess the method for the 5 is going to be different. If anyone knows how to stay on A12 and get magisk working without a factory reset, let me (us) know. I tried to go back to A11 and the phone loops.
Yeah I don't fancy doing a wipe to achieve root. Only as a last resort. I'm on a Pixel 5 4 G and can't get it working.
 
  • Like
Reactions: Rumsfield

warrencoakley

Senior Member
May 1, 2014
915
164
45
Dublin
Dirty flashed A11-to-A12 on my Pixel 5 and apparently we were not supposed to do that. Fastboot menu stuck with the patch boot.img method on this Pixel 5 but a reflash at least gets it working (less root). I dirty flashed two Pixel 3's this afternoon and had 0 issues so I guess the method for the 5 is going to be different. If anyone knows how to stay on A12 and get magisk working without a factory reset, let me (us) know. I tried to go back to A11 and the phone loops.
How does wiping your phone obtain root though?
 

Rumsfield

Senior Member
Apr 3, 2015
142
49
How does wiping your phone obtain root though?
In another thread a guy explained there is some sort of security measure in place (I guess with this pixel 5+ because it didnt happen with my 3's) That if the boot.img doesnt match quite right it flags the phone from starting (I am speaking in my own laymans terms here and I am not privy to that). I guess its a counter-magisk effort if you will. Anyway apparently if you side-load the OTA on A11 you can get around it with a few fastboot/adb commands but flashing the the full A12 stock image it will cause the old magisk root method to fail. The problem is I already flashed 12 because I did not know about this, well since I have been dirty flashing this phone for a year and going back to 11 loops the phone so I am stuck on A12 with no root.
 
  • Like
Reactions: V0latyle

warrencoakley

Senior Member
May 1, 2014
915
164
45
Dublin
In another thread a guy explained there is some sort of security measure in place (I guess with this pixel 5+ because it didnt happen with my 3's) That if the boot.img doesnt match quite right it flags the phone from starting (I am speaking in my own laymans terms here and I am not privy to that). I guess its a counter-magisk effort if you will. Anyway apparently if you side-load the OTA on A11 you can get around it with a few fastboot/adb commands but flashing the the full A12 stock image it will cause the old magisk root method to fail. The problem is I already flashed 12 because I did not know about this, well since I have been dirty flashing this phone for a year and going back to 11 loops the phone so I am stuck on A12 with no root.
Nightmare, I'm sure a fix will come 👍
 
  • Like
Reactions: Rumsfield

Rumsfield

Senior Member
Apr 3, 2015
142
49
Nightmare, I'm sure a fix will come 👍
Hopefully! I always run into problems screwing around with updates "the-day-of" but just cant help myself lol.

-from the other post-
Dm-verity (device-mapper-verity) is a method by which an image on block devices (the underlying storage layer of the file system) can be checked to determine if it matches an expected configuration, using a cryptographic hash tree. If the hash doesn't match, dm-verity prevents the stored code from loading.

Vbmeta verification is the other half of this - it provides a cryptographically signed reference hash which is used to verify the integrity of /boot, /system, and /vendor partitions. The vbmeta image is only used to verify /boot, while vbmeta-system is used to verify /system.

This was implemented to prevent persistent rootkits by means of a hardware level security check, to prevent "potentially harmful applications" such as Magisk from evading detection, as such applications residing within the kernel will have higher privileges than the detection applications.

What this means is that with these two enabled, a modified boot image will cause a verification error when flashed to the device, preventing boot. Interestingly, this check is not performed against "live" boot images loaded via ADB, so with dm-verity and vbmeta verification enabled, a modified image can be booted as long as the image in /boot is intact.
 
This is not a Magisk issue; this is the new Verified Boot 2.0 that has been introduced with Android 12. If you read back through this thread, you'll see how this was discovered on the beta and how we had to circumvent it.

Please read my guide on rooting Android 12 here.

If you tried rooting after updating to Android 12 and are stuck in a boot loop, just reflash the factory boot image.

Please note that some users are experiencing a data corruption error with the official 12 release, after following the same instructions that worked on the 12 Beta. If you run into this problem, just reflash the factory vbmeta and boot images (without the disable flags), and you'll be able to use your phone while we look for a solution.

I believe you can still live boot the patched image, so if you absolutely MUST have root, just boot the patched boot image from fastboot (do not flash it). Be aware that if you reboot, the phone will load the stock boot image and you won't have root anymore.
 
I think this is peculiar to pixel 5 considering that @Rumsfield and @snovvman have used the same method on pixel 3 and could root without wiping data and can still have permanent root.
Yes, I discovered that over on Reddit as well. Verified Boot has not been introduced on all devices, so far only the 4a 5G, 5, and 5a have been the Google devices on which this was implemented with the update. Not sure about other devices.
 
Last edited:

warrencoakley

Senior Member
May 1, 2014
915
164
45
Dublin
Hopefully! I always run into problems screwing around with updates "the-day-of" but just cant help myself lol.

-from the other post-
Dm-verity (device-mapper-verity) is a method by which an image on block devices (the underlying storage layer of the file system) can be checked to determine if it matches an expected configuration, using a cryptographic hash tree. If the hash doesn't match, dm-verity prevents the stored code from loading.

Vbmeta verification is the other half of this - it provides a cryptographically signed reference hash which is used to verify the integrity of /boot, /system, and /vendor partitions. The vbmeta image is only used to verify /boot, while vbmeta-system is used to verify /system.

This was implemented to prevent persistent rootkits by means of a hardware level security check, to prevent "potentially harmful applications" such as Magisk from evading detection, as such applications residing within the kernel will have higher privileges than the detection applications.

What this means is that with these two enabled, a modified boot image will cause a verification error when flashed to the device, preventing boot. Interestingly, this check is not performed against "live" boot images loaded via ADB, so with dm-verity and vbmeta verification enabled, a modified image can be booted as long as the image in /boot is intact.
Took the pain and wiped and went through what they said and it works.
 

slim94

Member
Jul 27, 2010
38
3
This is not a Magisk issue; this is the new Verified Boot 2.0 that has been introduced with Android 12. If you read back through this thread, you'll see how this was discovered on the beta and how we had to circumvent it.

Please read my guide on rooting Android 12 here.

If you tried rooting after updating to Android 12 and are stuck in a boot loop, just reflash the factory boot image.

Please note that some users are experiencing a data corruption error with the official 12 release, after following the same instructions that worked on the 12 Beta. If you run into this problem, just reflash the factory vbmeta and boot images (without the disable flags), and you'll be able to use your phone while we look for a solution.

I believe you can still live boot the patched image, so if you absolutely MUST have root, just boot the patched boot image from fastboot (do not flash it). Be aware that if you reboot, the phone will load the stock boot image and you won't have root anymore.

Any idea how we can accomplish the "booting from boot.img" without flashing? Google has failed me :(

Edit: seems i didn't look hard enough: fastboot boot image_file.img

Thx
 
  • Like
Reactions: V0latyle

mistermojorizin

Senior Member
Dec 21, 2011
852
188
Google Pixel 5
Yes, I discovered that over on Reddit as well. Verified Boot has not been introduced on all devices, so far only the 4a 5G, 5, and 5a have been the Google devices on which this was implemented with the update. Not sure about other devices.
Ever since the beta, I've just been boooting the patched kernel instead of flashing it. I can't deal with a data wipe. I thought it is going to be solved once the final a12 was out. This boot 2.0 is like planned obsolescence, because if I have start over, I might as well buy a new phone. It takes forever to set everything up again anyway.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 6
    @Anonshe posted ths method in the Pixel 6 Pro thread. Does this work for the Pixel 4a 5(G), Pixel 5 or the Pixel 5a?
    Just updated my Pixel 5 to the November Sec Patch without any data loss. Since I'd disabled vbmeta before, steps were simple:
    - Used Payload Dumper to extract the boot and vbmeta images. Patched the former.
    - Rebooted to Recovery
    - Sideloaded the OTA package
    - Reboot to bootloader from the recovery menu
    Code:
    fastboot --disable-verification --disable-verity flash vbmeta vbmeta.img
    Code:
    fastboot boot magisk_patched.img

    After it booted up, opened Magisk Manager, installed via Direct Install. All works fine.
    4
    Assume this only works where you have wiped and clean installed android 12 for the first time.
    I had updated from Android 11 -> Android beta 12.5 -> Android 12 and had those 'data corrupt' warnings. I have not wiped my phone yet and was using temp root by booting the magisk boot image.

    I followed the above steps with the Nov security update and alas the 'data corrupt' warnings still pop up.
    So i think a wipe is required at some point.
    Yes - if boot verification was not disabled the last time Android System was running, a data wipe is required.
    3
    Universal SafetyNet Fix 2.2.0 is out on public release for those of you who want to use the new Zygisk.
    2
    I would like to recognize @ipdev for finding this:
    To add to V0latyle's post.

    Pixel 4a [sunfish] has no issue updating and installing Magisk on Android 12.

    The issue starts with Pixel 4a (5G) [bramble].
    This is also the first Pixel using Boot Header v3.
    Boot image header, version 3 - source.android - Link
    Vendor boot header - source.android - Link

    The 3, 3a, and 4 series along with 4a are using header v2.

    4a (5G), 5 and 5a are using header v3.

    Just downloaded and checked.
    6 and 6 Pro are using header v4.

    I am not sure if that is the problem but, it is quite a distinguishing line between Pixels that have this issue with Magisk and those that do not on Android 12. 🙃

    After a little more testing on my 5 [redfin], I will open an issue on GitHub.
    Magisk - GitHub - Issues - Link

    Cheers all. :cowboy:
    We still don't know if this has something to do with our issue, but there's a huge chance it does.
    2
    It's not easy, you basically have to look at the canary channel commits, and they're all named "app-debug"

    Magisk 23001
    Monitor this and you should be able to keep privy of releases (aside from the app notifying you of such).

  • 19
    Trying to root the Pixel 5 running Android 12 by flashing a magisk-patched boot image results in the phone only booting to fastboot mode ("failed to load/verify boot images")
    Some users have reported that booting (instead of flashing) the patched boot image works and makes root temporarily available but i didn't have any success with that.
    The phone booted up but root didn't work.

    I won't explain how to unlock the bootloader or set up adb here.

    !Warning! This will wipe your phone so take a backup!

    Also i do not take any responsibility if you break your device.
    And if anything goes wrong just factory reset your device using the Android Flash Tool or by following this tutorial.

    Here's what i did to get Magisk v22.0 working on the first developer preview of Android 12:


    Install A12 with disabled AVB & dm-verity:
    1. Make sure USB-Debugging is enabled in developer-options and you have authorized the pc you're using on your phone.

    2. Boot your phone into fastboot mode.
      You can do this by turning it off and then starting it by holding Power + Volume Down
      until fastboot mode appears or just adb reboot bootloader

    3. Go here and click on the link for the Android Flash Tool.
      (I didn't copy the link directly so i don't have to update it everytime google releases a new update)

    4. It should ask you to allow the website to access ADB Keys. Click Ok.
      If the website somehow doesn't work, try using Google Chrome.

    5. Select your Pixel 5. If it's not showing up click add device.

    6. Click on the edit symbol (pen) in the box where the selected build is shown.

    7. Make sure Wipe Device, Disable Verity and Disable Verification are checked.

    8. Install and boot the phone when it's finished.

    Patch & flash boot.img
    1. Download and install the Magisk Canary App from GitHub.

    2. Download the factory image from here and extract boot.img from it.
      (Inside the downloaded zip-file is another zip file containing the boot image)

    3. Copy the extracted boot.img to your phone and open the magisk app.

    4. Click on Install -> Select and Patch a File and let it do its magic.

    5. Copy the magisk-patched boot image that should be found in your phones download folder back to your PC.

    6. Reboot into fastboot mode as i explained earlier and flash the patched boot image.
      (fastboot flash boot magisk_patched.img)
      Then reboot the device.

    Now root should be working. If it bootloops and says your phone has to be factory reset, do it.
    If for some reason you still get an AVB-Error and end up stuck in fastboot mode just flash the stock image and try to patch it again.

    This is my first post on here and i didn't have much time but i'm glad if it helped at least one person.
    6
    @Anonshe posted ths method in the Pixel 6 Pro thread. Does this work for the Pixel 4a 5(G), Pixel 5 or the Pixel 5a?
    Just updated my Pixel 5 to the November Sec Patch without any data loss. Since I'd disabled vbmeta before, steps were simple:
    - Used Payload Dumper to extract the boot and vbmeta images. Patched the former.
    - Rebooted to Recovery
    - Sideloaded the OTA package
    - Reboot to bootloader from the recovery menu
    Code:
    fastboot --disable-verification --disable-verity flash vbmeta vbmeta.img
    Code:
    fastboot boot magisk_patched.img

    After it booted up, opened Magisk Manager, installed via Direct Install. All works fine.
    5
    For those of you who don't have safetynet working, here.
    All credit goes to @kdrag0n, I just modified the shell scripts for B3

    Pull request done if you don't want my zip.
    4
    Has anyone sucefully rooted beta 3?
    Patched boot image with magisk canary if I only boot the image it starts
    Then tried to flash patched boot image and get stuck in bootloader
    For all the updates from beta 2 - 3 I've followed this process without fail:

    - extract boot.img and vbmeta.img from downloaded beta of your relevant device
    - add boot.img to phone (if downloaded, and extracted on another device)
    - patch boot.img in magisk (i like to rename it to patched_magisk.img)
    - move patched_magisk.img to desktop
    - download and install latest beta from the OTA provided
    - tap the reboot button on the OTA install screen once completed
    - once the reboot begins and your screen turns black hit the power and volume down button to get into fastboot
    - run
    fastboot --disable-verity --disable-verification flash vbmeta path/to/vbmeta.img (you can drag img from location)
    - then run
    fastboot flash boot path/to/patched_magisk.img (you can drag img from location)

    This has worked flawlessly, maintaining root while also keeping all my data.
    4
    Yeah I wouldn't do this unless you've started from the initial process op outlined. I did this moving from beta 2 to 2.1 and then beta 2.1 to beta 3. However beta 2 was my first android 12 install, which I used ops procedure to achieve.

    Do this:
    You don't need the Android flash tool. I have been manually flashing full images for a long time:
    I don't like things done behing my back.

    For beta 3:
    I flash both sides hence the skip secondary - it saves a few seconds.
    When flashing - watch what's scrolling by. The vbmeta.img is modified on the fly.
    No need to copy from another build or someone else's hack.
    Below is what I use. Successfully.

    Modify the last line in the flash-all.bat or.sh
    fastboot --skip-reboot --skip-secondary --disable-verity --disable-verification update image-redfin-spb3.210618.013.zip