[Guide] OnePlus 8T EASY ROOT (for all unlocked variants)

Search This thread

tecknight

Recognized Contributor
Jun 12, 2010
1,022
882
Las Vegas
Redmi Note 9 Pro
OnePlus 8T
I ****ed up my root by reinstalling magisk in app to I guess the stable 23000 (I was told canary was just for installing and that we want to switch to stable once rooted). Then I tried downloading canary 23017 to see if I could get it back but nada. I've lost access to my modules, Magisk settings screen has virtually no options at all now, and I don't actually have root access anymore (says n/a under 'installed' in Magisk home screen). Yeah this is all too much for me. What's my next move? Worried if I start the process in this guide from the beginning that I'll be ****ed because I'm not starting from a clean device.
To pass SafetyNet, follow the instructions here:
 

BillGoss

Senior Member
Sep 2, 2010
5,294
4,656
Sydney
OnePlus 8T
Install Magisk 24.3, which has no Magisk hide any more.
Enable Zygisk (Beta).
Enable Enforce Denylist, then
Configure DenyList.

Check any apps that you want to NOT know you are rooted (Google Pay, etc)
Then install YASNAC, a third party SafetyNet checker.
Make sure YASNAC is on the deny list
Also make sure you have installed the latest universal SafetyNet fix.
Run YASNAC and you should be golden
You do NOT need to add Yasnac to the Deny list. Yasnac doesn't check for root.
 
Last edited:

tecknight

Recognized Contributor
Jun 12, 2010
1,022
882
Las Vegas
Redmi Note 9 Pro
OnePlus 8T
This is a Magisk module I created to prevent a rooted system from attempting an OTA update (which would fail). It prevents the update by replacing
/system/etc/security/otacerts.zip
with a zero byte file. This will prevent the OTA process from receiving the update file.
You can then restore the stock boot and recovery images and apply the OTA update, then re-root.

 

Attachments

  • NoOTAupdates.zip
    2.3 KB · Views: 28
Last edited:

scottlam1

Senior Member
Aug 16, 2011
145
36
Not sure if this was stated yet but easiest way to root is to change magisk apk to magisk.zip and install either with twrp zip installer or adb sideload magisk.zip it auto patches boot and installs magisk apk
 
  • Like
Reactions: tecknight

lenox30

Member
Jan 22, 2015
15
1
Hello everyone, who has the c20 global firmware, can you pull out the boot from it and drop it here? I will be grateful. stock and magisk patch
 

rcbjr2

Member
Aug 12, 2010
44
4
Not sure if this was stated yet but easiest way to root is to change magisk apk to magisk.zip and install either with twrp zip installer or adb sideload magisk.zip it auto patches boot and installs magisk apk
So, if you side load the zip, you don't have to follow all the steps at the beginning of this thread? I thought that there wasn't an updated TWRP for the 8T?
 

rcbjr2

Member
Aug 12, 2010
44
4
I had to get a new OnePlus 8T off eBay the other day. I'm trying to unlock the Bootloader so I can install Magisk. I enabled Developer mode. I enabled OEM Unlocking. I've rebooted to the fastboot menu, connected it to my laptop, opened a CMD window, and entered "fastboot oem unlock" to display the unlock screen. However, the phone is flashing back and forth between "do not" and "unlock" repeatedly with a blue highlight. The phone says to press a volume key to select an option. When I just touch a volume key, it switches the option but immediately starts flashing back and forth between the two options again. If I hold down the volume key and select the unlock option, it will hold, but then the phone says to press Power to select the option, but pressing Power does nothing. I don't think it's supposed to be flashing like this. My prior 8T just let me select options. And now the only way to reboot is to use fastboot reboot because holding Power doesn't do anything. Should it be flashing like this? Suggestions? Thanks.

By the way, the phone has the latest Android 12 update. KB2003_11_C.21.

Also, when I turn power off, hold both volume keys, and reboot to get the Fastboot mode, it flashes options at the top like Start, Recovery, etc., and doesn't let me select any. Weird.
 

BillGoss

Senior Member
Sep 2, 2010
5,294
4,656
Sydney
OnePlus 8T
I had to get a new OnePlus 8T off eBay the other day. I'm trying to unlock the Bootloader so I can install Magisk. I enabled Developer mode. I enabled OEM Unlocking. I've rebooted to the fastboot menu, connected it to my laptop, opened a CMD window, and entered "fastboot oem unlock" to display the unlock screen. However, the phone is flashing back and forth between "do not" and "unlock" repeatedly with a blue highlight. The phone says to press a volume key to select an option. When I just touch a volume key, it switches the option but immediately starts flashing back and forth between the two options again. If I hold down the volume key and select the unlock option, it will hold, but then the phone says to press Power to select the option, but pressing Power does nothing. I don't think it's supposed to be flashing like this. My prior 8T just let me select options. And now the only way to reboot is to use fastboot reboot because holding Power doesn't do anything. Should it be flashing like this? Suggestions? Thanks.

By the way, the phone has the latest Android 12 update. KB2003_11_C.21.

Also, when I turn power off, hold both volume keys, and reboot to get the Fastboot mode, it flashes options at the top like Start, Recovery, etc., and doesn't let me select any. Weird.
I've found that fastboot reboot bootloader sometimes stops the cycling problem.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    I've found that fastboot reboot bootloader sometimes stops the cycling problem.
    This stopped all the flashing activity and I was able to unlock the bootloader. Thanks!
    1
    CAVEAT
    I've only tested this on my device (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant and os version.

    CREDIT
    The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.

    INFO
    The basic rundown is:
    1. Use the semi-broken TWRP package to give yourself temporary su access through adb.
    2. Extract the boot.img your phone is currently using to your pc.
    3. Reboot to OxygenOS, copy over the boot.img you just extracted and then use Magisk to patch it.
    4. Copy the boot.img back to your pc and use adb to temporarily boot your phone with it, giving you root access until reboot.
    5. Use your temporary root access to allow Magisk to patch your internal as-yet unmodified boot.img to give you permanent root.

    There seems to be some confusion in the thread, I'll try to clear up what's happening and why:
    • The primary issue at hand is that you can't root your device without already having root privileges, for security reasons. Without a custom recovery like TWRP, there are a few more steps than usual (but mostly simple stuff).
    • Because we don't flash anything with this guide, it shouldn't cause any permanent bootloops if you use the wrong boot.img, if you get stuck in one just power cycle your phone.
    • Updating with OTAs should be the same process as the other guides here.
    • Because of changes in Android, devices that launched with Android 10 and above will not allow you to modify the system partition, even with root. This is not a fault of this rooting method.

    Prerequisites:
    • ADB and Fastboot installed.
    • An unlocked bootloader and USB debugging enabled.

    ________________________________________________________

    STEPS:

    1. Connect your phone to your pc and boot it into fastboot mode. You can leave it connected throughout this guide.

    2. On your computer open a terminal/cmd prompt. Set the directory (on your pc) you want to work from, I'm using the desktop:


    for Windows, type cd C:\Users\Yourname\Desktop
    for Mac, type cd desktop or cd /Users/yourname/Desktop
    To usb adb and fastboot commands outside of the folder those programs are located in, you'll need to add their location to the PATH list so your terminal can still find them when it's pointing to a different folder. If you want to skip this step, set the directory to the folder that contains adb instead of the desktop.

    3. Next, use the terminal to check which A/B partition is active on your phone:
    Code:
    fastboot getvar all

    a. You'll find it on this line: (bootloader) current-slot:a/b
    b. For simplicity I'll be referring to boot_a.img throughout the guide, make sure to use boot_b.img if that's the one marked as active on your device.

    4. Download the semi-broken TWRP package to your desktop. We'll be using it to extract a copy of your active boot_a.img. It will give you temporary su access via adb, but there won't be a gui. Only boot from it, DO NOT FLASH IT:
    Code:
    fastboot boot recovery.img
    adb shell
    dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
    exit
    adb pull /sdcard/boot_a.img boot_a.img
    adb reboot


    5. Copy the extracted boot_a.img file to a user accessible area of your phone, like your downloads folder.

    6. Install the latest Magisk Canary apk on your phone. Open it and:

    a. Select the Install option.
    b. Use Select and Patch a File on boot_a.img

    7. Copy the patched magisk_patched_a.img file back to your computer. In terminal, type adb reboot bootloader to get back to fastboot mode.

    8. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
    Code:
    fastboot boot magisk_patched_a.img

    You could flash this boot.img, but it's safer to temporarily boot from it without overwriting your existing image in case anything went wrong along the way. The effect is that you still get root access without modifying your device, and then you can use the much safer Magisk direct install option, which has some safeguards in place.

    9. By booting with the patched image, you now have temporary root access. To make it permanent open Magisk:
    a. Select the Install option.
    b. Use Direct Install (Recommended) to root your internal boot.img

    10. Reboot and verify it worked.
    Can you please edit your original post to include this: https://forum.xda-developers.com/t/...ro-8t-9r-with-oxygenos-12-coloros-12.4426167/

    Oneplus 8T and 8 Pro have an issue with TWRP that causes a cascade of problems, and can in fact true brick your device. I almost made the same mistake, fortunately I had a short in my cord and it disconnected during a flashing process so I had to restore my phone, and while I was waiting I did some reading and found that post. I'm glad I had a short in my cord, or else I would have went through with this and would be very angry.

    I'd just put at the top of your post in all caps, something along the lines of *IF YOU ARE ON ANDROID 12 DO NOT FOLLOW THIS GUIDE*. Thank you
    1
    Question for ya, there is a sticky thread that basically outlines the same process in the OP... except it uses MSM Tool Readback to grab the stock boot.img from the phone (instead of TWRP) ... is that method A12 safe? and thus shouldnt result in the possibility of ddr mismatch brick?
    I'm not sure, I never upgraded to OOS12. But it may be, the TWRP method was a little janky since the package never ran properly so you could only control it via ADB. MSM Tool Readback might be a more elegant solution and more broadly compatible.
  • 47
    DO NOT FOLLOW THIS GUIDE IF YOU HAVE ANDROID 12
    Visit this thread for more information


    ________________________________________________________


    CAVEAT
    I've only tested this on my device running Android 11 (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant and os version.

    CREDIT
    The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.

    INFO
    The basic rundown is:
    1. Use the semi-broken TWRP package to give yourself temporary su access through adb.
    2. Extract the boot.img your phone is currently using to your pc.
    3. Reboot to OxygenOS, copy over the boot.img you just extracted and then use Magisk to patch it.
    4. Copy the boot.img back to your pc and use adb to temporarily boot your phone with it, giving you root access until reboot.
    5. Use your temporary root access to allow Magisk to patch your internal as-yet unmodified boot.img to give you permanent root.

    There seems to be some confusion in the thread, I'll try to clear up what's happening and why:
    • The primary issue at hand is that you can't root your device without already having root privileges, for security reasons. Without a custom recovery like TWRP, there are a few more steps than usual (but mostly simple stuff).
    • Because we don't flash anything with this guide, it shouldn't cause any permanent bootloops if you use the wrong boot.img, if you get stuck in one just power cycle your phone.
    • Updating with OTAs should be the same process as the other guides here.
    • Because of changes in Android, devices that launched with Android 10 and above will not allow you to modify the system partition, even with root. This is not a fault of this rooting method.

    Prerequisites:
    • ADB and Fastboot installed.
    • An unlocked bootloader and USB debugging enabled.
    • Android 11. (Android 12 introduced problems with this method, per other users. See link at top of page)

    ________________________________________________________

    STEPS:

    1. Connect your phone to your pc and boot it into fastboot mode. You can leave it connected throughout this guide.

    2. On your computer open a terminal/cmd prompt. Set the directory (on your pc) you want to work from, I'm using the desktop:


    for Windows, type cd C:\Users\Yourname\Desktop
    for Mac, type cd desktop or cd /Users/yourname/Desktop
    To usb adb and fastboot commands outside of the folder those programs are located in, you'll need to add their location to the PATH list so your terminal can still find them when it's pointing to a different folder. If you want to skip this step, set the directory to the folder that contains adb instead of the desktop.

    3. Next, use the terminal to check which A/B partition is active on your phone:
    Code:
    fastboot getvar all

    a. You'll find it on this line: (bootloader) current-slot:a/b
    b. For simplicity I'll be referring to boot_a.img throughout the guide, make sure to use boot_b.img if that's the one marked as active on your device.

    4. Download the semi-broken TWRP package to your desktop. We'll be using it to extract a copy of your active boot_a.img. It will give you temporary su access via adb, but there won't be a gui. Only boot from it, DO NOT FLASH IT:
    Code:
    fastboot boot recovery.img
    adb shell
    dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
    exit
    adb pull /sdcard/boot_a.img boot_a.img
    adb reboot


    5. Copy the extracted boot_a.img file to a user accessible area of your phone, like your downloads folder.

    6. Install the latest Magisk Canary apk on your phone. Open it and:

    a. Select the Install option.
    b. Use Select and Patch a File on boot_a.img

    7. Copy the patched magisk_patched_a.img file back to your computer. In terminal, type adb reboot bootloader to get back to fastboot mode.

    8. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
    Code:
    fastboot boot magisk_patched_a.img

    You could flash this boot.img, but it's safer to temporarily boot from it without overwriting your existing image in case anything went wrong along the way. The effect is that you still get root access without modifying your device, and then you can use the much safer Magisk direct install option, which has some safeguards in place.

    9. By booting with the patched image, you now have temporary root access. To make it permanent open Magisk:
    a. Select the Install option.
    b. Use Direct Install (Recommended) to root your internal boot.img

    10. Reboot and verify it worked.
    4
    a couple of notes for any either newBs or old OPO users rejoining the party with a new onplus phone..
    Some prework I had to do for my OnePlus 8T KB2005
    -ensure you have the correct ADB driver installed, I installed the "15sec adb installer 1.4.2" found here on xda, watch the videos provided.
    -ensure to unlock your bootloader first (*this will wipe your device.. didn't think about that..no pain no gain...)
    -With device in bootloader/fastboot, run: fastboot flashing unlock
    -verify with your phone to accept
    -phone will reboot, just through the setup, I just skipped it all and opted for offline setup..
    -renable OEM lock and USB debug
    -restart back into bootloader/fastboot
    -now you are ready to root
    4
    I'm a little confused also about rooting the 8t. Couple of threads refer to using payload dumper. Others refer to using the broken twrp method. One produces one boot image while the other produces two. I went with the payload dump method and got the boot image. Just not ready to pull the trigger yet I guess. Seems the payload dump way has worked for many according to different threads.
    They're two different approaches to the same problem, the crux of it is that you can't root without already having root access which is the problem all of the guides are trying to solve. Without having a working custom recovery like TWRP, we have some extra steps to get there.

    The other methods are taking the OTA update pushed to your phone and using Payload Dumper to extract the boot.img, everything after that is pretty much identical to this guide. The difference is that because there are multiple variants of the device all running different roms, those guides are a bit confusing, especially when it comes to cases like KB2005 where OTAs are only incremental and don't even contain the boot.img you need.

    This skips all that extra work with Payload Dumper and just pulls the actual boot.img your phone is already using- so you already know it's the correct one for your device. I could probably update this guide to check which A/B partition is active so you only have to pull that one boot.img.
    3
    I can't understand this sentence:


    What does it mean? If I want to root it is because I don't have root yet 🤔

    To modify the system boot.img to enable root, you have to have elevated permissions- which you don't have by default. Making a copy of the boot.img and then transferring it back to your device as a standard file without those same protections lets you patch it to enable su. Then you use adb to boot using the patched boot.img (without overwriting your existing boot.img) so that while you're temporarily booted with it you do have root access- at which point you just patch your internal boot.img using the same tool, giving you permanent root.

    It's also possible to skip the step of temporarily booting from the patched boot.img and instead just overwrite the unpatched boot.img, but that's risky- it's better to try booting from it first so that if it's not working properly you don't soft brick your phone.
    2
    :rolleyes: Forgot to tag it... if an admin is able to do so I'd appreciate it.