How To Guide (Guide) Install TWRP + Root + Install Magisk + Bypass Safetynet

Search This thread
By:
Advanced…
Canuck Knarf

Canuck Knarf

Senior Member
Dec 19, 2015
1,269
508
Google Pixel 6 Pro
OnePlus 10 Pro
Oh cool..Im just thinking outside the box...I haven't tried it yet....But you got your payload bin for NE2215...? ...Since you aready "soft bricked" ...open and use fastbootd promgram and flash payload bin...just make sure you read and seach for cow files ...delet them...Just throwing it out there
 
A

amomp3

Senior Member
Mar 6, 2012
82
13
Samsung Galaxy S III I9300
OnePlus 2
Canuck Knarf said:
Oh cool..Im just thinking outside the box...I haven't tried it yet....But you got your payload bin for NE2215...? ...Since you aready "soft bricked" ...open and use fastbootd promgram and flash payload bin...just make sure you read and seach for cow files ...delet them...Just throwing it out there
Click to expand...
Click to collapse
sorry, i don´t know what you mean about cow files...

also, i have downloaded a 4.7 gig file from which i could extract payload.bin but it is for NE2213 !

do you know where i can get the payload.bin for NE2215 or should it work anyway and it will transform the device in a NE2213 ?

is the payload.bin a sort of a virgin out of the box rom that one can flash and it would be just as nothing happened ?
 
A

amomp3

Senior Member
Mar 6, 2012
82
13
Samsung Galaxy S III I9300
OnePlus 2
I had the simple idea of factory reset using the WIPE option in TWRP...

AND IT WORKED ! 😮💨

So, obviously lost root and system started as out of the box Android 13.

Now the thinking out loud part to understand myself and maybe to help others...:

So it seems that some protection mechanism on System partition or before passing the control to System makes a cort of verification of something and does not like root...

I have to verify this because if it is like this it's a pain in the ass the fact that the TWRP backups only works TILL root... Or maybe was the fact that i did not disabled the PIN security before making them ?

Deleted again the "nandata" folder and succesfull backup again with wallpaper changed but not developer, not rooted and no security pin enrolled.

gonna see if this backup is restorable...
 
P

PlasmaTornado

Member
Jul 31, 2018
41
66
amomp3 said:
Yes!
Click to expand...
Click to collapse
If you can still get into fastboot, not all is lost.
You can still use FastbootD method to flash the payload of what OOS package you want; HOWEVER; it sounds like you can fix your issue by doing a reset in TWRP.
This will remove all of your apps, but should keep your data (such as media)

I would recommend that whilst you are in TWRP, you extract your important documents to your computer before anything else happens
 
  • Like
Reactions: amomp3
P

PlasmaTornado

Member
Jul 31, 2018
41
66
amomp3 said:
I had the simple idea of factory reset using the WIPE option in TWRP...

AND IT WORKED ! 😮💨

So, obviously lost root and system started as out of the box Android 13.

Now the thinking out loud part to understand myself and maybe to help others...:

So it seems that some protection mechanism on System partition or before passing the control to System makes a cort of verification of something and does not like root...

I have to verify this because if it is like this it's a pain in the ass the fact that the TWRP backups only works TILL root... Or maybe was the fact that i did not disabled the PIN security before making them ?

Deleted again the "nandata" folder and succesfull backup again with wallpaper changed but not developer, not rooted and no security pin enrolled.

gonna see if this backup is restorable...
Click to expand...
Click to collapse
Ah sorry, ignore my last comment. I didnt see that you had done this yet.
I would be careful in future when messing with System applications. Even non-essential applications can cause bootloops (e.g I had a bootloop from deleting my stock Music app on my 7 Pro). I really have no idea why some apps are so temperamental, and especially some google apps.
 
  • Like
Reactions: amomp3
A

amomp3

Senior Member
Mar 6, 2012
82
13
Samsung Galaxy S III I9300
OnePlus 2
amomp3 said:
I have to verify this because if it is like this it's a pain in the ass the fact that the TWRP backups only works TILL root... Or maybe was the fact that i did not disabled the PIN security before making them ?
Click to expand...
Click to collapse
This is the key point. I am not being able to restore any TWRP backup. Made 4 of them all without security (PIN), 1 after root. Tried to restore to any of them always resulting in stuck on boot animation!

After one of the restores tried did't got stuck at boot animation BUT bootlooped straight into TWRP and this message appeared:



IMG_20230201_025814__01.jpg

This made me think that all of my backups were gone as the partition seemed blanked, so I crossed fingers and wiped (factory reset) again and booted OK again and with android booted the files showed up!

I hope this info will make someone understand what is really happening and what am doing wrong becauae this TWRP is being useless for me this way!
Pleaae don't get me wrong, i think it must be me doing something wrong because, if i remember well, other users had restored backups made with this TWRP and. C22 (Android 13) (even rooted?), am I right? Can confirm it is possible?

So what could be different?
The backup and restore process shows OK with no errors so the mess takes place when reboot into system... I can't figure out what could I be doing different for them to be able to boot OK after the restore and I'm not...
 
A

amomp3

Senior Member
Mar 6, 2012
82
13
Samsung Galaxy S III I9300
OnePlus 2
PlasmaTornado said:
Ah sorry, ignore my last comment. I didnt see that you had done this yet.
I would be careful in future when messing with System applications. Even non-essential applications can cause bootloops (e.g I had a bootloop from deleting my stock Music app on my 7 Pro). I really have no idea why some apps are so temperamental, and especially some google apps.
Click to expand...
Click to collapse
The point is that i shouldn't worry if my TWRP backups restores the phone to a bootable state because if i am not sure i simply make a TWRP backup before BUT not being able to get to a bootable System and having to factory reset every time is awfull! I can´t make tests this way !

Is there any way of reverting this mod (the one of the OP) to an out of the box state as if the phone was never touched ?
 
A

amomp3

Senior Member
Mar 6, 2012
82
13
Samsung Galaxy S III I9300
OnePlus 2
PlasmaTornado said:
If you can still get into fastboot, not all is lost.
You can still use FastbootD method to flash the payload of what OOS package you want; HOWEVER; it sounds like you can fix your issue by doing a reset in TWRP.
This will remove all of your apps, but should keep your data (such as media)

I would recommend that whilst you are in TWRP, you extract your important documents to your computer before anything else happens
Click to expand...
Click to collapse

So i found a 4.7 gig zip from NE2213 that has the payload.bin inside...
If i flash that payload with fastbootD (is this "fastboot enhance" windows app?) my NE2215 bought straight from OnePlus in USA would become as a fresh out of the box NE2213 without any issues and more active bands as @beatbreakee said ?
 
Canuck Knarf

Canuck Knarf

Senior Member
Dec 19, 2015
1,269
508
Google Pixel 6 Pro
OnePlus 10 Pro
amomp3 said:
So i found a 4.7 gig zip from NE2213 that has the payload.bin inside...
If i flash that payload with fastbootD (is this "fastboot enhance" windows app?) my NE2215 bought straight from OnePlus in USA would become as a fresh out of the box NE2213 without any issues and more active bands as @beatbreakee said ?
Click to expand...
Click to collapse
Wow you have been actually reading posts.... but if you do...just remember about cow files...you may brick your phone as well...sometimes...50/50 chance...it's hard to advise you..soft brick ..what you have rate now...or you may have complete black phone...
 
  • Like
Reactions: amomp3
Canuck Knarf

Canuck Knarf

Senior Member
Dec 19, 2015
1,269
508
Google Pixel 6 Pro
OnePlus 10 Pro
look here see if you can find your files

一加手机官方ROM下载_全量包_线刷包_救砖包_降级包_一键Root工具-大侠阿木云盘

本站提供一加OnePlus全机型ROM下载,包括一加ACE3V、ACE3、12、一加Ace2Pro、Ace2V、OnePlus 11、Ace Pro、Ace、10 Pro、9Pro、9RT、9R、8T、8 Pro、8、7T Pro、7T、7Pro等全系一加机型的升级全量包、降级包、9008线刷救砖包等各种官方和原厂ROM,全部资源完全免费,不限速,无需登录
yun.daxiaamu.com yun.daxiaamu.com
 
  • Like
Reactions: amomp3
P

PlasmaTornado

Member
Jul 31, 2018
41
66
Canuck Knarf said:
Wow you have been actually reading posts.... but if you do...just remember about cow files...you may brick your phone as well...sometimes...50/50 chance...it's hard to advise you..soft brick ..what you have rate now...or you may have complete black phone...
Click to expand...
Click to collapse
Not only that, removing TWRP for a feature that is not working correctly, and replacing it with something that has virtually no features, and certainly not the ones TWRP have.
 
  • Like
Reactions: amomp3
A

amomp3

Senior Member
Mar 6, 2012
82
13
Samsung Galaxy S III I9300
OnePlus 2
PlasmaTornado said:
It does *mostly* everything you would need (backup, flash, restore, etc).
Click to expand...
Click to collapse
So were you able to restore a TWRP backup and then after reboot system booted OK?

should i unroot before creating the TWRP backup ?

i don't know what i could have made different that, after restoring a TWRP backup, you guys are getting to boot succesfully into system and enjoy your booted backup and i got stuck on boot animation ( having to wipe and start from scratch!)...

is there another place where i should look for help ?
 
A

amomp3

Senior Member
Mar 6, 2012
82
13
Samsung Galaxy S III I9300
OnePlus 2
Prant said:
The issue is shown in your image. You either had a passcode on or made the backup when passcode was on. That leaked TWRP has broken data decryption, which is also stated on the 1st page of this thread, so having a passcode on is a no go.
Click to expand...
Click to collapse
After having to do a default wipe in TWRP to avoid getting stuck on boot animation i took the opportunity of starting from scratch to make several backups WITHOUT any security.

After restoring those backups i got stuck on boot animation too! So the issue it's not caused by passcode/pin enroled system!

When i do the backup i leave it as default, all options ticked... Maybe could you tell what items I should leave unticked because any of the tweaking or magisking or LSposeding will never change anything of that items so it only makes the backups bigger and maybe only needed for first backup (modem, etc)? ...

Maybe restoring the minimum indispensable to boot up system will make the phone boot without getting stuck on boot animation?
 
  • Like
Reactions: Prant
Prant

Prant

Senior Member
Jan 23, 2017
159
116
OnePlus 7 Pro
OnePlus 10 Pro
amomp3 said:
After having to do a default wipe in TWRP to avoid getting stuck on boot animation i took the opportunity of starting from scratch to make several backups WITHOUT any security.

After restoring those backups i got stuck on boot animation too! So the issue it's not caused by passcode/pin enroled system!

When i do the backup i leave it as default, all options ticked... Maybe could you tell what items I should leave unticked because any of the tweaking or magisking or LSposeding will never change anything of that items so it only makes the backups bigger and maybe only needed for first backup (modem, etc)? ...

Maybe restoring the minimum indispensable to boot up system will make the phone boot without getting stuck on boot animation?
Click to expand...
Click to collapse
Are the backups completing successfully? I remember some people having to delete some folders to make the backup actually successful.
 
K

kinkoff85

Senior Member
Dec 3, 2021
51
13
Cleveland Ohio
I know this says ANDROID 13, but has anyone tested this method on Android 12? I have the T-Mobile version (Unfortunately), and it is still on Android 12 (December Security Patch). Speaking of which I will also include this silly question... Anyone find the a working way to Convert the T-Mobile version (NE2217) to the Global version?
 
You must log in or register to reply here.

Similar threads

g96818
How To Guide OnePlus 10 Pro NE2215 ***ROOTED*** - No Longer Being Updated - OTA instructions inside
Replies
675
Views
92K
spevil07
spevil07
dlads
How To Guide NO LONGER BEING UPDATED (Guide) Rooting, payload dumper, magisk_patched guides NE2213
Replies
564
Views
56K
dlads
dlads
empty.cad
General Oneplus 10 Pro Global Rom India / eu
Replies
355
Views
74K
S
safwanp
VovaHouse
How To Guide Root Oneplus 10 Pro (Color OS - Oxygen OS)
Replies
197
Views
53K
M
mortenloveyou
A
How To Guide Enable Native Call Recording + OP Stock Dialer on OnePlus 10 Pro
Replies
174
Views
62K
0
0verd0sed

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 18
    P
    PlasmaTornado
    Please note, the TWRP image used IS NOT the official TWRP image.
    I am not responsible for any any harm, such as bricking, or bootloops, which may happen to your device. This is what worked for me.

    Warning
    As stated by @beatbreakee , do not flash anything on a T-Mobile related device.
    Please read beatbreakee's comment regarding this.

    Warning
    This has only been tested on Android 13. This guide may not work for other Android versions.

    Prerequisites
    1. Unlocked Bootloader
    2. Magisk 25.2 Installation ZIP (see attached files)
    3. TWRP Image (download from GDrive)
    4. ADB and Fastboot tools are installed on your machine. Please see this guide
    5. Android 13
    Step 1 - Unlocking Bootloader:
    1.A - Enable OEM Unlocking:
    1. Open Settings Application -> About device -> Version -> Tap on Build Number 7 times
    2. Open Settings Application -> Additional Settings -> Developer Options
    3. Enable OEM Unlocking
    4. Enable USB Debugging

    1.B - Entering Bootloader
    The bootloader must be unlocked in order to flash the recovery.
    Ensure the device is connected to the computer via ADB by entering the following command
    Code: 
    adb devices

    The output should be something similar to this:
    1671914597202.png

    (note the device name on the left will not be the same)

    Reboot into the bootloader by entering the following command:
    Code: 
    adb reboot bootloader

    1.C - Unlock
    Once entered, enter the following command:
    Code: 
    fastboot flashing unlock
    WARNING: THIS WILL WIPE ALL DATA ON THE DEVICE

    Use the volume keys to select unlocking, and then use the power button to confirm.
    Once complete, enter the following command:
    Code: 
    fastboot reboot

    You will now have to go through the device setup.
    Repeat steps 1.A and 1.B to enter back into the bootloader

    Step 2 - Flashing TWRP:
    2.A - Entering Bootloader
    Repeat steps 1.A and 1.B to re-enter the bootloader

    2.B - Flashing TWRP:
    Again, this IS NOT the official TWRP image. I am not responsible for any harm which this may cause to this device. That being said, it appears to be functional.
    The image used is from a leak found on this XDA post

    This is not a bootable image. You must flash. fastboot boot img will not work
    Enter the following commands to flash the TWRP image:
    Code: 
    fastboot flash recovery_a twrp.img
    Code: 
    fastboot flash recovery_b twrp.img
    Code: 
    fastboot reboot recovery

    You should notice you are in TWRP.
    You may need to change the language to English.

    2.C - Changing TWRP Language:
    1. Tap on the button on the Second column, Third Row
    2. Tap on the World icon
    3. Select your language
    4. Tap on the button on the bottom right corner of your display.

    2.D - Booting into your phone
    1. Select Reboot
    2. Select System
    You should now have successfully booted in the system with TWRP installed as your recovery

    Step 3 - Flashing Magisk:
    3.A Preparing the Device:
    1. Move the Magisk-v25-2.zip to your device
    2. Reboot into your recovery / TWRP
    This can be done by entering the following ADB command:
    Code: 
    adb reboot recovery

    3.B - Flashing Magisk:
    1. Tap Install
    2. Select the Magisk-v25-2.zip
    3. Swipe to flash (this may take some time)
    4. Tap Reboot
    5. Tap System
    You should now enter the device

    3.C - Installing Magisk APK
    Install the Magisk APK, click here to download the APK.
    Install the APK, and you should have root!

    If you encounter a createTarFork() exited with error 255, do the following:
    1. Reboot into TWRP
    2. Select File Manager
    3. Navigate to /data
    4. Copy /data/fonts into /sdcard/
    5. Copy /data/nandswap into /sdcard/
    6. Delete /data/fonts
    7. Delete /data/nandswap

    The error should now be resolved
    The deleted files should not cause any issues. If any issues do occur, then promptly restore them using the backups made to /sdcard/.

    Step - Bypassing Safetynet:
    This is optional; however, highly recommend
    Note, due to the nature of Safetynet, this can change at anytime and may begin failing in the future.
    A - Repackaging Magisk
    1. Launch Magisk Manager
    2. Tap Settings Icon (Top Right Corner)
    3. Tap "Hide The Magisk App"
    4. Enter New Application Name
    5. Click OK and wait
    6. Uninstall original Magisk APK if it has persisted

    B - Enable Zygisk & Deny List
    1. Launch Magisk Manager
    2. Tap Settings Icon (Top Right Corner)
    3. Enable "Zygisk"
    4. Enable "Enforce Deny List"

    C - Configure Deny List
    it is recommended to add any application you would like to hide from Magisk here
    1. Launch Magisk Manager
    2. Tap Settings Icon (Top Right Corner)
    3. Tap "Configure DenyList"
    4. Tap the 3 dots in the top right and select "Show System Apps"
    5. Select the following applications:
    ~ Android System
    ~ Google Play Store
    ~ Google Play Services
    ~ Google Services Framework
    D - Delete App Data
    1. Launch Settings Application
    2. Select Apps
    3. Select App Management
    4. Clear data for the following apps:
    ~ Google Play Store
    ~ Google Play Services
    ~ Google Services Framework
    5. Reboot the device

    E - Flash Universal Safetynet Fix
    1. Download the Universal Safetynet Fix
    2. Launch Magisk
    3. Select Modules
    4. Select "Install From Storage"
    5. Select Universal Safetynet Fix
    6. Wait for Flashing to complete
    7. Reboot

    F - Test Safetynet
    1. Install YASNAC
    2. Grant Super User rights
    3. Select "Run Safetynet Attestation"
    If both checks pass, you successfully have passed Safetynet!
    IMG_20221227_204604.jpg
    View
    6
    P
    PlasmaTornado
    beatbreakee said:
    i wouldnt advise ANYONE with an original TMOBILE device, ANY attempt to flash ANY firmware from the official builds just yet. Tmobile embedded a VERY WELL HIDDEN check into the EFS partition that only appeared in builds after 11_A.14 ... This check forcefully activates a lock triggered by the CarrierDevicePolicy.xml in the efs system... and if the Region and model does not match the original build that it came with, all of your apps will be completely disabled and there is nothing accessible but the settings button. It also disables ADB/USB debugging completely, and deauthorizes your computer from the adb wireless keys too... then it removes the USB DEBUGGING toggle from settings, followed by a persistent message that your phone is "Violating Contract Policy... Please contact after sales for support" ... Tmobile cannot remove this warning... and even them sending an UNLOCK request to your phone for APPROVED will get ignored by your phone. You can hear ringing, but cannot accept calls... hear emails but not open them,.. and you dialer is in emergency calls only!...

    At this point you will think panic is the only option, but instead just Pull your sim card, and use your buttons to force reboot and enter recovery .... Then do a Format Data ,,,, followed by a reboot, but do not put your sim back in... Until you go thru the whole setup wizard, enable usb debugging, and then flash a rollback package to a fw earlier than the one i listed above, your phone will INSTANTLY lock again any time you insert ANY sim card.

    Im very sure that there is a system process that can be disabled which will at least block the lockout.... but i dont have that knowledge as to which process(es) are calling it! A logcat generated about 15 screens on my computer as soon as i plugged a sim in... so that was too much for me to sift thru. This is present on both the 10 Pro and 10 T so be warned.... If you are already not using your original T-MO firmware, but you also have been loading other regions with no problem, that does not matter.... I have found an exact reference to the ORIGINAL FW build and Model # that was loaded by TMO at the factory level, in several different TXT and XML files inside the EFS part. So this is truly an android 12 function that was put in place for Carrier benefit ONLY. Another strike against 1+
    Click to expand...
    Click to collapse
    Absolutely despicable and such an anti-consumer technique.
    This stands against everything OnePlus was. It's sad to see OnePlus turn into such an anti-developer phone
    A Carrier should never have this much power over a device. It is absurd
    View
    4
    beatbreakee
    beatbreakee
    also everyone should know, that EVERY fw on the internet no matter whether it is labeled, 2213, or 2215... 2217, as well as 2413-2419 ALL have EVERY other model's manifest built in and all of the restrictions / bloatware that each region comes with, saved into the OFP extracted files.... so there really is nothing that expressly was bricking your phones by simply flashing a different labeled FW..... the brick came from the manifest reading the region identifiers that the manifests are labeled under.... it is a file that is again picked by some random hidden check inside the TMO EFS, and as soon as your phone tries to boot the newly flashed FW, the TMO Lock is what bricks your phone, to either a bootloop state, or if you continue to force a flash by using Fastboot , you will have a non responsive phone, thanks to this stupid security issue. If unresponsive, the only way out is MSM Tool... and i can help you locate your test points if your buttons dont work.

    I cannot publicly post a picture nor a description of where the test points lie inside the 10T , because i already got a cease and desist letter from BBK and i dont know if they have said anything to the mods here about posting Undisclosed hardware access points.... but ive been a member here almost 10 years, and i aint risking a ban from a tattle tale company! There are test points on the 10 t though,.. just well hidden!

    The 2nd pic is of the 2217 Unpacked OFP , yet the build prop shows a 2210-2211 base in one and a 2413-2415 base in the.... with NO 2217 in either prop,or manifest file, yet when my phone was flashed back from Brick status, THIS is the FW that was used, and my phone identifies as a 2217 NA now..... can oneplus be any more clear that they have completely turned against us, by straight SHOWING US that they are being super cryptic and sneaky in something as common as the BUILD.PROP files?!?
    View
    4
    P
    PlasmaTornado
    kouzelnik3 said:
    I wonder about any major issues with this TWRP as of now. Updating ZIP OOS13 with flashing magisk direclty is working etc.? :)
    Click to expand...
    Click to collapse
    Following the method created by @dladz should still work perfectly fine!
    There could still be issues with this TWRP as this is not an official image.
    AFAIK Switching ROM is still untested, but decryption, backups and flashing are all confirmed working, which for me makes me feel significantly more comfortable
    View
    4
    beatbreakee
    beatbreakee
    i wouldnt advise ANYONE with an original TMOBILE device, ANY attempt to flash ANY firmware from the official builds just yet. Tmobile embedded a VERY WELL HIDDEN check into the EFS partition that only appeared in builds after 11_A.14 ... This check forcefully activates a lock triggered by the CarrierDevicePolicy.xml in the efs system... and if the Region and model does not match the original build that it came with, all of your apps will be completely disabled and there is nothing accessible but the settings button. It also disables ADB/USB debugging completely, and deauthorizes your computer from the adb wireless keys too... then it removes the USB DEBUGGING toggle from settings, followed by a persistent message that your phone is "Violating Contract Policy... Please contact after sales for support" ... Tmobile cannot remove this warning... and even them sending an UNLOCK request to your phone for APPROVED will get ignored by your phone. You can hear ringing, but cannot accept calls... hear emails but not open them,.. and you dialer is in emergency calls only!...

    At this point you will think panic is the only option, but instead just Pull your sim card, and use your buttons to force reboot and enter recovery .... Then do a Format Data ,,,, followed by a reboot, but do not put your sim back in... Until you go thru the whole setup wizard, enable usb debugging, and then flash a rollback package to a fw earlier than the one i listed above, your phone will INSTANTLY lock again any time you insert ANY sim card.

    Im very sure that there is a system process that can be disabled which will at least block the lockout.... but i dont have that knowledge as to which process(es) are calling it! A logcat generated about 15 screens on my computer as soon as i plugged a sim in... so that was too much for me to sift thru. This is present on both the 10 Pro and 10 T so be warned.... If you are already not using your original T-MO firmware, but you also have been loading other regions with no problem, that does not matter.... I have found an exact reference to the ORIGINAL FW build and Model # that was loaded by TMO at the factory level, in several different TXT and XML files inside the EFS part. AND my 10T and 10 Pro BOTH have been fully bricked, then formatted and flashed thru an authorized MSM Account.... Doing an ERASE ENTIRE FILE SYSTEM, thru msm, did not get rid of this file, so i doubt a twrp level wipe will do it either... MAYBE an "unlock Critical" in Fastboot, followed by a "Fastboot wipe", "DM-verity disable", and "VB-Meta erasure" MIGHT take out this crazy security system, but i know this .... if you flash an original FW using TWRP, it has protections in it to keep IT (twrp) from being overwritten, so you might find yourself in bootloop territory if you region hop.... cuz the fw might notice the changes to the partitions... For now, until someone is brave enough to challenge the Android 12 kernel and remove these trapdoors, I would just be happy you have TWRP, and wait for the person who finds and slays the Tmobile Dragon hidden in our phones! But this is truly an android 12 function that was put in place for Carrier and Manufacturer benefit ONLY. Another strike against 1+
    View

New posts