• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[Guide] Flash Magisk on Android 12

Search This thread

vandyman

Senior Member
Jul 30, 2012
429
133
S.Jersey
Google Pixel 5
Google Pixel 6
Hi ! I'm on on Android 11 August update can flash the Ota Android 12 Beta 4 only update it with Adb sideload the Ota over Android 11 or do make a clean install. Do you know if Magisk work on Android 12 Beta 4 ?
Yhanks
Check out the Magisk thread, it is always wise to do a little research and reading before modding your device.
 
  • Like
Reactions: ggkameleon
Yes. I tried flash boot_b and just flash boot_. Both resulted in a boot loop. But since I'm not rooted on any of those betas I just installed the OTA. Will try later with the beta 4.1. But sofar I'm very unpleased with the android 12 beta. Haven't seen a beta this unstable since android 8.
today i`ve returned from a11 to a12 and found that it flashed to boot_a. try to flash stock rom with web android flasher, then reboot to fastboot and check which partition is active, and then flash boot image to the active partition. i`ve got same bootloop cause i didnt look at flashed partition in fastboot screen.
 

Sh0X31

Senior Member
Mar 27, 2010
1,378
642
Frankfurt am Main
Thanks for your work, helped a lot but can you please add the fastboot command to the disabled AVB & dm-verity section

I also want to ask, do I still need disabled AVB & dm-verity

Trying to root the Pixel 5 running Android 12 by flashing a magisk-patched boot image results in the phone only booting to fastboot mode ("failed to load/verify boot images")
Some users have reported that booting (instead of flashing) the patched boot image works and makes root temporarily available but i didn't have any success with that.
The phone booted up but roodt didn't work.

I won't explain how to unlock the bootloader or set up adb here.

!Warning! This will wipe your phone so take a backup!

Also i do not take any responsibility if you break your device.
And if anything goes wrong just factory reset your device using the Android Flash Tool or by following this tutorial.

Here's what i did to get Magisk v22.0 working on the first developer preview of Android 12:


Install A12 with disabled AVB & dm-verity:
  1. Make sure USB-Debugging is enabled in developer-options and you have authorized the pc you're using on your phone.

  2. Boot your phone into fastboot mode.
    You can do this by turning it off and then starting it by holding Power + Volume Down
    until fastboot mode appears or just adb reboot bootloader

  3. Go here and click on the link for the Android Flash Tool.
    (I didn't copy the link directly so i don't have to update it everytime google releases a new update)

  4. It should ask you to allow the website to access ADB Keys. Click Ok.
    If the website somehow doesn't work, try using Google Chrome.

  5. Select your Pixel 5. If it's not showing up click add device.

  6. Click on the edit symbol (pen) in the box where the selected build is shown.

  7. Make sure Wipe Device, Disable Verity and Disable Verification are checked.

  8. Install and boot the phone when it's finished.

Patch & flash boot.img
  1. Download and install the Magisk Canary App from GitHub.

  2. Download the factory image from here and extract boot.img from it.
    (Inside the downloaded zip-file is another zip file containing the boot image)

  3. Copy the extracted boot.img to your phone and open the magisk app.

  4. Click on Install -> Select and Patch a File and let it do its magic.

  5. Copy the magisk-patched boot image that should be found in your phones download folder back to your PC.

  6. Reboot into fastboot mode as i explained earlier and flash the patched boot image.
    (fastboot flash boot magisk_patched.img)
    Then reboot the device.

Now root should be working. If it bootloops and says your phone has to be factory reset, do it.
If for some reason you still get an AVB-Error and end up stuck in fastboot mode just flash the stock image and try to patch it again.

This is my first post on here and i didn't have much time but i'm glad if it helped at least one person.
 

evanxyj

Senior Member
Just flashed Beta 5 yesterday, with those 2 params.
Had to Wipe data because of corrupted data error.
Root works just right, but GPay doesn't allow me to add credit cards...
Any1 knwos why ?
Thanks
P.S.: Flashed Magisked patched boot.img with fastboot right after 1st boot
FYI, when seeing corrupted data error, you can solve it by trying "fastboot update the image-redfin-xxx.zip" file, the system will restart itself.
 
  • Like
Reactions: pctv007

junyamada

Member
Aug 29, 2013
42
6
Thank you for this thread. I've been using this to update my beta versions since Beta 3. I've been using the same command "fastboot --skip-reboot --skip-secondary --disable-verity --disable-verification update" since then up to Beta 5.

The weird thing though, ever since I setup my Gpay back in beta 3 and installed the magisk module "safetynet fix B3", I haven't lost my Gpay yet even though I'm not passing safety net during my updates.

I've read some of the comments regarding Gpay and mine is still intact, I tried both adding a new card and paying which worked flawlessly on Beta 5.

P.S. I'm a Pixel 4 XL user
Screenshot_20210910-171717.png
 

Makishima

Senior Member
Jun 3, 2013
254
41
Xiaomi Mi A3
Google Pixel 4a
Thank you for this thread. I've been using this to update my beta versions since Beta 3. I've been using the same command "fastboot --skip-reboot --skip-secondary --disable-verity --disable-verification update" since then up to Beta 5.

The weird thing though, ever since I setup my Gpay back in beta 3 and installed the magisk module "safetynet fix B3", I haven't lost my Gpay yet even though I'm not passing safety net during my updates.

I've read some of the comments regarding Gpay and mine is still intact, I tried both adding a new card and paying which worked flawlessly on Beta 5.

P.S. I'm a Pixel 4 XL user
My GPay works fine without Safetynet passing on Beta 4 either... No idea how. Did you also get the corrupted data error?
 

junyamada

Member
Aug 29, 2013
42
6
Using the fastboot --skip-reboot --skip-secondary --disable-verity --disable-verification update beta5.zip command and then flashing the magisk patched boot image?
Right. I never lost my data all throughout starting from Beta 3. I would do the above, boot up then reboot back again to bootloader then flash patched boot (magisk). Once booted, magisk is working, Gpay is working.

Though I never dared to check Gpay before flashing the patched boot image.

I still have the safetynet fix (B3) installed til now. It never gave me any errors so I never removed it.
 

Makishima

Senior Member
Jun 3, 2013
254
41
Xiaomi Mi A3
Google Pixel 4a
Right. I never lost my data all throughout starting from Beta 3. I would do the above, boot up then reboot back again to bootloader then flash patched boot (magisk). Once booted, magisk is working, Gpay is working.

Though I never dared to check Gpay before flashing the patched boot image.

I still have the safetynet fix (B3) installed til now. It never gave me any errors so I never removed it.
I never installed any safetynet fix... GPay just works. Do you disable your modules first?

Edit: I just flashed it. Disabled my modules, the Magisk app was hidden but I forgot to revert that. Rebooted directly into Fastboot, flashed the beta, no corrupted data error. Booted back fine, Fastboot again to flash Magisk patched boot.img. Everything still works, Magisk still hidden, GPay still works.
 
Last edited:

junyamada

Member
Aug 29, 2013
42
6
I never installed any safetynet fix... GPay just works. Do you disable your modules first?

Edit: I just flashed it. Disabled my modules, the Magisk app was hidden but I forgot to revert that. Rebooted directly into Fastboot, flashed the beta, no corrupted data error. Booted back fine, Fastboot again to flash Magisk patched boot.img. Everything still works, Magisk still hidden, GPay still works.
I never disabled any modules or unhide my magisk. Which is weird, I was expecting it to produce an error specifically on Gpay, but it ended up working all the way.

I have RiruCore, Lsposed, Busybox, MagiskHide Props and the Safetynet Fix (B3). Didn't need to disable them.

I've been thinking of doing a clean install but I'm worried that the Gpay might not working after.

I wonder what's different with our setup. I might try what you did sometime.
 

SadaUkyo

Member
Apr 26, 2021
9
0
So do I still have to use "skip-reboot --skip-secondary --disable-verity --disable-verification" with beta 5 ore can I just flash the patched magisk like I used to do?
 

Top Liked Posts

  • 2
    Why not? If you rarely reboot your phone, it's at least enough to use it with root until we find a permanent solution. It's working for several people here who don't want to wipe data.
    I can say for sure it's working for me until a permanent solution is discovered.
    1
    I've posted status updates in the OP of both of my threads (the guide and the discussion) as to the current status of Android 12 root.

    Currently, this is where we are at:

    * Flashing /vbmeta or /boot after upgrade results in "data corrupted" error
    * Patched image can be live booted (not flashed) for temporary root, as long as /vbmeta and /boot are untouched; if you never reboot your phone this can be a temporary workaround if you don't want to wipe /data
    * Permanent root works after factory reset

    I have found that I was able to go from 12b5 to 12 release without wipe and keeping root.

    The main difference I am seeing between what I have done and others is that I manually applied the OTA update with adb sideload then I was able to flash vbmeta (with verity disabled) as well as the patched boot img from the factory image, all in one go WITHOUT a reboot.

    Pixel 5:
    I have successfully (seemingly) gone from a 12b5 to release 12 without a data wipe. Root, safetynet, GPay, are unaffected after 2 reboots so far.

    I went in prepared to have to wipe after flashing vbmeta with the disable flags, but I didn't need to. Maybe the trick is to sideload OTA upgrade, then flash vbmeta and patched boot image without rebooting in between??

    Anyway, here are the details:

    Just like @V0latyle and others , I started from 12b5 (clean wipe flash coming from Android 11), rooted, then set up Riru, LSPosed, etc. for safetynet+GPay.

    Back when I did the clean wipe 11 -> 12b5, I had used --disable-verification and --disable-verity in flash-all.sh:
    Bash:
    ...
    fastboot --disable-verification --disable-verity -w update image-...
    ...

    Process to upgrade to release:
    - Download release factory AND OTA images
    - Extract vbmeta.img and boot.img from the factory image
    - Patch boot.img using Magisk App on 12b5 phone and pull back to my PC
    - sideload OTA without reboot, switch to fastboot mode
    - flash vbmeta.img
    - flash magisk_patched_boot.img
    - reboot, breath sigh of relief after successful boot (and reboot) with root+data intact

    pseudo-commands:
    Code:
    $ adb reboot sideload
    $ adb sideload redfin-ota-sp1a.210812.015-2596fc07.zip
    ## Once OTA upgrade is complete, you should be dropped into recovery menu.
    ## Pick "Boot to fastboot"
    $ fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
    ## Disable verity and verification for consistency
    $ fastboot flash boot magisk_patched-23001_BLAHB.img
    $ fastboot reboot
    1
    I didn't know you could reboot directly into sideload mode. I thought you had to reboot to recovery and manually enable sideload mode. Good tip, thank you.

    I think its just an internal adb shortcut for the same thing. To your phone, it should be the same as rebooting to recovery then picking sideload manually.
  • 4
    Nightmare, I'm sure a fix will come 👍
    Hopefully! I always run into problems screwing around with updates "the-day-of" but just cant help myself lol.

    -from the other post-
    Dm-verity (device-mapper-verity) is a method by which an image on block devices (the underlying storage layer of the file system) can be checked to determine if it matches an expected configuration, using a cryptographic hash tree. If the hash doesn't match, dm-verity prevents the stored code from loading.

    Vbmeta verification is the other half of this - it provides a cryptographically signed reference hash which is used to verify the integrity of /boot, /system, and /vendor partitions. The vbmeta image is only used to verify /boot, while vbmeta-system is used to verify /system.

    This was implemented to prevent persistent rootkits by means of a hardware level security check, to prevent "potentially harmful applications" such as Magisk from evading detection, as such applications residing within the kernel will have higher privileges than the detection applications.

    What this means is that with these two enabled, a modified boot image will cause a verification error when flashed to the device, preventing boot. Interestingly, this check is not performed against "live" boot images loaded via ADB, so with dm-verity and vbmeta verification enabled, a modified image can be booted as long as the image in /boot is intact.
    3
    I would really appreciate to know your test results. It can help a lot of people.
    Here we go:
    Rebooted to bootloader, flashed vbmeta.img without flags, rebooted. No boot: "failed to load/verify boot images". As expected.

    Flashed vbmeta with flags:
    Code:
    fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
    Booted into system, obviously still have root because I didn't touch /boot.

    I think that's our ticket, and the fastest way to do this without dirty flashing the whole image, which shouldn't be necessary.

    I don't really want to wipe and downgrade right now for the sake of upgrading again.
    It appears that the contents of /vbmeta still matter even if boot verification is disabled, because I tried
    Code:
    fastboot erase vbmeta
    with and without the flags and still got the boot error. Flashed vbmeta again with the flags and all is well.
    2
    Excellent work! Thanks for all your efforts and reporting. Based on what I can gather, would you agree that below is the procedure?

    -Patch boot, have the patched boot.img for later
    -OTA from A11 to A12b, data is preserved, root is lost
    -Boot into bootloader
    -Fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
    -Fastboot flash boot boot.img (patched)
    -Boot into rooted system
    -Win
    The first time, yes. And make sure you keep that patched boot.img as well as the vbmeta.img on the PC, because this is what we'll do for subsequent updates (assuming you have Magisk installed)
    1. Sideload OTA
    2. Reboot to system, let update complete
    3. Reboot to bootloader
    4. Reflash vbmeta with disable flags
    Code:
    fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
    5. Live boot the patched boot image:
    Code:
    fastboot boot boot.img
    6. Open Magisk (will have root) and patch the new boot image
    7.Reboot, enjoy life

    ALTERNATIVE:

    1. Dirty flash the factory image with disable flags, let phone reboot and complete the update
    2. Reboot to bootloader and proceed directly to step 5 above

    You can still boot an "old" kernel as long as the Android version is the same, so extracting, patching, and flashing the boot.img each time should be unnecessary. Just boot the original patched image after the update, run Magisk, and patch the new kernel directly.

    Some questions/thoughts--
    1) It's been a long time since I OTA'd. Can I still register the device for and receive OTA if I am rooted on A11 with bootloader unlocked?
    I don't know about stable OTAs, but when I enrolled in the beta program, I received the A12b5 OTA and updated that way.

    I never received notifications for OTA updates while rooted on Android 11, but given the fact that an update would nuke root, I was OK with having to wait until I got home and could boot TWRP after the update to re-root.
    2) The fact that A12 introduced the verification, I presume this is the new dance for future A12 patches?
    Unless Google pulls something weird and decides to completely eliminate boot verification from Android 12, this will indeed be the new process.

    3) I don't understand the part about the contents of /vbmeta and erasing it. Will you please provide a bit more background/context?

    Again, thank you.
    No problem.

    So my thought process was this: if we disable boot verification, meaning the device will no longer compare the /boot hash to that contained in /vbmeta, do the contents of /vbmeta matter?

    The answer is yes, to a degree. What I don't know is whether a valid vbmeta image has to be there, or if just *something* has to be there. My guess is the latter, because I believe the device still loads the known hash from vbmeta, but just doesn't compare the hash from /boot. There is a possibility that it might also ignore /vbmeta altogether and just checks for data in the partition, although I doubt it.

    And, given that vbmeta won't actually be compared to anything, I think we'll be able to use the same image over and over and over again through subsequent updates, instead of having to extract the new one each time.
    2
    Update 2: Magisk hide + SafetyNet Fix = SafetyNet passed!
    2
    I'm looking for understanding with flashing from A11 to A12b and the need to wipe. For several past major Android version and beta updates, as well as monthly patches, my typical procedure to patch the boot, flash with -w removed, flash the patched boot, and all is well. I've been able to dirty flash without problems. This thread has people saying both that wipe is required and dirty flash is possible. Though I recognize the benefits of wiping and sometimes the need to, I would like to know why this is a must for A11 to A12b.
    If you enroll in the beta program and take the OTA, user data is preserved; however this will eliminate root. The reason for this is additional security features implemented in A12 to prevent persistent rootkits in the boot image (which contains the kernel).
    In this thread, I read that people are removing vbmeta.img and using
    fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img

    I'm not clear what vbmeta is and why disabling verity is needed. Will doing the above allow me to dirty flash? (Edit: a few posts above provide some explaination to this, is this a new security feature for A12?)
    Dm-verity and vbmeta verification are the aforementioned features to prevent malicious code from loading at boot time. This is done by comparing the image in /boot to a hash that tells the verification process what the boot image is supposed to look like.

    Without these features disabled, you will not be able to have permanent root on your phone, as the modified boot image will fail verification, halting boot. The only way around this is to have the stock boot image in /boot, then live boot a modified boot image via
    Code:
    fastboot boot boot.img
    as the security features do not check images loaded via ADB. Of course, this means you lose root if you reboot, and it also means you cannot modify the boot image in any way (such as patching with Magisk) otherwise the phone will not boot.

    The only way to disable these features is by using the Android Flash Tool, or by manually flashing via ADB - but, unfortunately, flashing from one version of Android to another using these methods requires a data wipe, otherwise you get a data corruption error and are left with no choice but to perform a factory reset (which wipes /data).
    How many of you have successfully dirty flashed from A11 to A12b? If wipe is required with A12b, will that change once A12 becomes general release?

    I would appreciate any help or insight.
    Again, if you enroll in beta and take the OTA, or wait until 12 Final is released and take the OTA, your data will be preserved - however, you'll essentially be unable to root your phone due to the security checks implemented in A12, so the only way to upgrade to A12 and still be able to root is to clean flash with dm-verity and vbmeta verification disabled.

    I hope this helps clear things up.
  • 15
    Trying to root the Pixel 5 running Android 12 by flashing a magisk-patched boot image results in the phone only booting to fastboot mode ("failed to load/verify boot images")
    Some users have reported that booting (instead of flashing) the patched boot image works and makes root temporarily available but i didn't have any success with that.
    The phone booted up but root didn't work.

    I won't explain how to unlock the bootloader or set up adb here.

    !Warning! This will wipe your phone so take a backup!

    Also i do not take any responsibility if you break your device.
    And if anything goes wrong just factory reset your device using the Android Flash Tool or by following this tutorial.

    Here's what i did to get Magisk v22.0 working on the first developer preview of Android 12:


    Install A12 with disabled AVB & dm-verity:
    1. Make sure USB-Debugging is enabled in developer-options and you have authorized the pc you're using on your phone.

    2. Boot your phone into fastboot mode.
      You can do this by turning it off and then starting it by holding Power + Volume Down
      until fastboot mode appears or just adb reboot bootloader

    3. Go here and click on the link for the Android Flash Tool.
      (I didn't copy the link directly so i don't have to update it everytime google releases a new update)

    4. It should ask you to allow the website to access ADB Keys. Click Ok.
      If the website somehow doesn't work, try using Google Chrome.

    5. Select your Pixel 5. If it's not showing up click add device.

    6. Click on the edit symbol (pen) in the box where the selected build is shown.

    7. Make sure Wipe Device, Disable Verity and Disable Verification are checked.

    8. Install and boot the phone when it's finished.

    Patch & flash boot.img
    1. Download and install the Magisk Canary App from GitHub.

    2. Download the factory image from here and extract boot.img from it.
      (Inside the downloaded zip-file is another zip file containing the boot image)

    3. Copy the extracted boot.img to your phone and open the magisk app.

    4. Click on Install -> Select and Patch a File and let it do its magic.

    5. Copy the magisk-patched boot image that should be found in your phones download folder back to your PC.

    6. Reboot into fastboot mode as i explained earlier and flash the patched boot image.
      (fastboot flash boot magisk_patched.img)
      Then reboot the device.

    Now root should be working. If it bootloops and says your phone has to be factory reset, do it.
    If for some reason you still get an AVB-Error and end up stuck in fastboot mode just flash the stock image and try to patch it again.

    This is my first post on here and i didn't have much time but i'm glad if it helped at least one person.
    5
    For those of you who don't have safetynet working, here.
    All credit goes to @kdrag0n, I just modified the shell scripts for B3

    Pull request done if you don't want my zip.
    4
    Hey just wondering how you achieved root with beta 2? I've tried a few things and haven't seem to be able to get it working (bootloop).

    Is there a definitive process out there?
    4
    Yeah I wouldn't do this unless you've started from the initial process op outlined. I did this moving from beta 2 to 2.1 and then beta 2.1 to beta 3. However beta 2 was my first android 12 install, which I used ops procedure to achieve.

    Do this:
    You don't need the Android flash tool. I have been manually flashing full images for a long time:
    I don't like things done behing my back.

    For beta 3:
    I flash both sides hence the skip secondary - it saves a few seconds.
    When flashing - watch what's scrolling by. The vbmeta.img is modified on the fly.
    No need to copy from another build or someone else's hack.
    Below is what I use. Successfully.

    Modify the last line in the flash-all.bat or.sh
    fastboot --skip-reboot --skip-secondary --disable-verity --disable-verification update image-redfin-spb3.210618.013.zip
    4
    Has anyone sucefully rooted beta 3?
    Patched boot image with magisk canary if I only boot the image it starts
    Then tried to flash patched boot image and get stuck in bootloader
    For all the updates from beta 2 - 3 I've followed this process without fail:

    - extract boot.img and vbmeta.img from downloaded beta of your relevant device
    - add boot.img to phone (if downloaded, and extracted on another device)
    - patch boot.img in magisk (i like to rename it to patched_magisk.img)
    - move patched_magisk.img to desktop
    - download and install latest beta from the OTA provided
    - tap the reboot button on the OTA install screen once completed
    - once the reboot begins and your screen turns black hit the power and volume down button to get into fastboot
    - run
    fastboot --disable-verity --disable-verification flash vbmeta path/to/vbmeta.img (you can drag img from location)
    - then run
    fastboot flash boot path/to/patched_magisk.img (you can drag img from location)

    This has worked flawlessly, maintaining root while also keeping all my data.