[Guide] OnePlus 8T EASY ROOT (for all unlocked variants)

Search This thread

nightguy1133

Member
Aug 27, 2019
6
1
After dealing with a headache of tmobile variant issues over the last two days, I'm glad this tutorial was easy, straight to the point, and quick as hell. Thank you!!!! <3 <3 <3
 

racinmason001

Senior Member
May 11, 2012
299
56
Hesperia
OnePlus 7 Pro
OnePlus 8T
CAVEAT
I've only tested this on my device (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant and os version.

CREDIT
The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.

INFO
The basic rundown is:
  1. Use the semi-broken TWRP package to give yourself temporary su access through adb.
  2. Extract the boot.img your phone is currently using to your pc.
  3. Reboot to OxygenOS, copy over the boot.img you just extracted and then use Magisk to patch it.
  4. Copy the boot.img back to your pc and use adb to temporarily boot your phone with it, giving you root access until reboot.
  5. Use your temporary root access to allow Magisk to patch your internal as-yet unmodified boot.img to give you permanent root.

There seems to be some confusion in the thread, I'll try to clear up what's happening and why:
  • The primary issue at hand is that you can't root your device without already having root privileges, for security reasons. Without a custom recovery like TWRP, there are a few more steps than usual (but mostly simple stuff).
  • Because we don't flash anything with this guide, it shouldn't cause any permanent bootloops if you use the wrong boot.img, if you get stuck in one just power cycle your phone.
  • Updating with OTAs should be the same process as the other guides here.
  • Because of changes in Android, devices that launched with Android 10 and above will not allow you to modify the system partition, even with root. This is not a fault of this rooting method.

Prerequisites:
  • ADB and Fastboot installed.
  • An unlocked bootloader and USB debugging enabled.

________________________________________________________

STEPS:

1. Connect your phone to your pc and boot it into fastboot mode. You can leave it connected throughout this guide.

2. On your computer open a terminal/cmd prompt. Set the directory (on your pc) you want to work from, I'm using the desktop:


for Windows, type cd C:\Users\Yourname\Desktop
for Mac, type cd desktop or cd /Users/yourname/Desktop
To usb adb and fastboot commands outside of the folder those programs are located in, you'll need to add their location to the PATH list so your terminal can still find them when it's pointing to a different folder. If you want to skip this step, set the directory to the folder that contains adb instead of the desktop.

3. Next, use the terminal to check which A/B partition is active on your phone:
Code:
fastboot getvar all

a. You'll find it on this line: (bootloader) current-slot:a/b
b. For simplicity I'll be referring to boot_a.img throughout the guide, make sure to use boot_b.img if that's the one marked as active on your device.

4. Download the semi-broken TWRP package to your desktop. We'll be using it to extract a copy of your active boot_a.img. It will give you temporary su access via adb, but there won't be a gui. Only boot from it, DO NOT FLASH IT:
Code:
fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb reboot


5. Copy the extracted boot_a.img file to a user accessible area of your phone, like your downloads folder.

6. Install the latest Magisk Canary apk on your phone. Open it and:

a. Select the Install option.
b. Use Select and Patch a File on boot_a.img

7. Copy the patched magisk_patched_a.img file back to your computer. In terminal, type adb reboot bootloader to get back to fastboot mode.

8. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
Code:
fastboot boot magisk_patched_a.img

You could flash this boot.img, but it's safer to temporarily boot from it without overwriting your existing image in case anything went wrong along the way. The effect is that you still get root access without modifying your device, and then you can use the much safer Magisk direct install option, which has some safeguards in place.

9. By booting with the patched image, you now have temporary root access. To make it permanent open Magisk:
a. Select the Install option.
b. Use Direct Install (Recommended) to root your internal boot.img

10. Reboot and verify it worked.
Worked like a charm!!!!!!!!!
 

orma1

Senior Member
Dec 29, 2016
113
13
anyone knows how to hide magisk?
when trying to hide the app i just get both magisk and manager instead of just manager.
also wanted to say thanks for the great guide. worked great on my kb2003 oneplus 8t.
just need to make sure drivers are installed correctly for the device to show up in fastboot devices.
 
Last edited:

Petitsurfeur

Senior Member
Jun 3, 2015
66
11
Paris
OnePlus 8T
Hi
I received my KB2003 - Build OOS 11.0.5.6.KB05BA. It suggest me to update to 11.0.8.12.KB05BA but it's only an incremental updates. I unlocked it. Is this guide the one I need to follow ? Should I do the update before to root it ?
 

replica9000

Senior Member
May 31, 2009
2,161
557
With the phone unlocked, incremental updates fail.

When a full OTA is released, just download the full OTA, then:
- Magisk > Restore Images
- Settings > System > System Update > Local Upgrade (wait till finished/successful)
- Magisk > Install/Update > Install to inactive slot.

After a reboot, you should automatically boot into the other slot updated and rooted.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Just go into setting and tap hide magisk, and rename it so other app such as banking app doesnt recognize it
    1
    Just go into setting and tap hide magisk, and rename it so other app such as banking app doesnt recognize it
    after trying this few times it worked eventually. thank you very much!
    sometimes when hiding magisk the phone just get stuck and i need to restart. weird.
  • 34
    CAVEAT
    I've only tested this on my device (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant and os version.

    CREDIT
    The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.

    INFO
    The basic rundown is:
    1. Use the semi-broken TWRP package to give yourself temporary su access through adb.
    2. Extract the boot.img your phone is currently using to your pc.
    3. Reboot to OxygenOS, copy over the boot.img you just extracted and then use Magisk to patch it.
    4. Copy the boot.img back to your pc and use adb to temporarily boot your phone with it, giving you root access until reboot.
    5. Use your temporary root access to allow Magisk to patch your internal as-yet unmodified boot.img to give you permanent root.

    There seems to be some confusion in the thread, I'll try to clear up what's happening and why:
    • The primary issue at hand is that you can't root your device without already having root privileges, for security reasons. Without a custom recovery like TWRP, there are a few more steps than usual (but mostly simple stuff).
    • Because we don't flash anything with this guide, it shouldn't cause any permanent bootloops if you use the wrong boot.img, if you get stuck in one just power cycle your phone.
    • Updating with OTAs should be the same process as the other guides here.
    • Because of changes in Android, devices that launched with Android 10 and above will not allow you to modify the system partition, even with root. This is not a fault of this rooting method.

    Prerequisites:
    • ADB and Fastboot installed.
    • An unlocked bootloader and USB debugging enabled.

    ________________________________________________________

    STEPS:

    1. Connect your phone to your pc and boot it into fastboot mode. You can leave it connected throughout this guide.

    2. On your computer open a terminal/cmd prompt. Set the directory (on your pc) you want to work from, I'm using the desktop:


    for Windows, type cd C:\Users\Yourname\Desktop
    for Mac, type cd desktop or cd /Users/yourname/Desktop
    To usb adb and fastboot commands outside of the folder those programs are located in, you'll need to add their location to the PATH list so your terminal can still find them when it's pointing to a different folder. If you want to skip this step, set the directory to the folder that contains adb instead of the desktop.

    3. Next, use the terminal to check which A/B partition is active on your phone:
    Code:
    fastboot getvar all

    a. You'll find it on this line: (bootloader) current-slot:a/b
    b. For simplicity I'll be referring to boot_a.img throughout the guide, make sure to use boot_b.img if that's the one marked as active on your device.

    4. Download the semi-broken TWRP package to your desktop. We'll be using it to extract a copy of your active boot_a.img. It will give you temporary su access via adb, but there won't be a gui. Only boot from it, DO NOT FLASH IT:
    Code:
    fastboot boot recovery.img
    adb shell
    dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
    exit
    adb pull /sdcard/boot_a.img boot_a.img
    adb reboot


    5. Copy the extracted boot_a.img file to a user accessible area of your phone, like your downloads folder.

    6. Install the latest Magisk Canary apk on your phone. Open it and:

    a. Select the Install option.
    b. Use Select and Patch a File on boot_a.img

    7. Copy the patched magisk_patched_a.img file back to your computer. In terminal, type adb reboot bootloader to get back to fastboot mode.

    8. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
    Code:
    fastboot boot magisk_patched_a.img

    You could flash this boot.img, but it's safer to temporarily boot from it without overwriting your existing image in case anything went wrong along the way. The effect is that you still get root access without modifying your device, and then you can use the much safer Magisk direct install option, which has some safeguards in place.

    9. By booting with the patched image, you now have temporary root access. To make it permanent open Magisk:
    a. Select the Install option.
    b. Use Direct Install (Recommended) to root your internal boot.img

    10. Reboot and verify it worked.
    3
    I'm a little confused also about rooting the 8t. Couple of threads refer to using payload dumper. Others refer to using the broken twrp method. One produces one boot image while the other produces two. I went with the payload dump method and got the boot image. Just not ready to pull the trigger yet I guess. Seems the payload dump way has worked for many according to different threads.
    They're two different approaches to the same problem, the crux of it is that you can't root without already having root access which is the problem all of the guides are trying to solve. Without having a working custom recovery like TWRP, we have some extra steps to get there.

    The other methods are taking the OTA update pushed to your phone and using Payload Dumper to extract the boot.img, everything after that is pretty much identical to this guide. The difference is that because there are multiple variants of the device all running different roms, those guides are a bit confusing, especially when it comes to cases like KB2005 where OTAs are only incremental and don't even contain the boot.img you need.

    This skips all that extra work with Payload Dumper and just pulls the actual boot.img your phone is already using- so you already know it's the correct one for your device. I could probably update this guide to check which A/B partition is active so you only have to pull that one boot.img.
    2
    i don't understand why people keep making the exact same thread on how to root this phone.
    Because full roms aren't available for all variants, the other methods don't work if you don't have one.
    2
    Thanks for your reply. Since I have already pulled the boot image with the payload dump process I will try that route first, and if that doesn't work I will try your method. Again thanks for the reply. All in all, I guess just booting the image is no harm , no foul.
    Ok, I just completely rewrote the guide to be simpler, it has more explanations and context and should be easier to follow. And yes, you could technically flash the boot.img but it's safer to boot from it so you don't brick your device if there's a problem with it.
    1
    :rolleyes: Forgot to tag it... if an admin is able to do so I'd appreciate it.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone