• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[Guide] OnePlus 8T EASY ROOT (for all unlocked variants)

Search This thread

ruckblack

New member
Sep 14, 2021
1
0
Absolutely brilliant rooting method, thank you so much for putting this together. I was able to very easily and quickly root the OnePlus 8T KB2005 on the latest firmware downloaded OTA, Oxygen OS 11.0.10.10.KB05AA.

SafetyNet was a bit of a pain, ctsProfile kept failing. But I used the XPrivacyLua method of circumventing it and it works great now.

Just followed your instructions to the letter and it worked like a charm.
 

morphius88

Senior Member
Dec 12, 2010
206
38
OnePlus 8T
Sony Xperia 1 III
Absolutely brilliant rooting method, thank you so much for putting this together. I was able to very easily and quickly root the OnePlus 8T KB2005 on the latest firmware downloaded OTA, Oxygen OS 11.0.10.10.KB05AA.

SafetyNet was a bit of a pain, ctsProfile kept failing. But I used the XPrivacyLua method of circumventing it and it works great now.

Just followed your instructions to the letter and it worked like a charm.
What is this XPrivacyLua method? I keep failing ctsProfile as well.
 

replica9000

Senior Member
May 31, 2009
2,171
561
Had to re-use this method today as I applied to new OTA and completely forgot to do the necessary Magisk steps. All is well again!

I thought I could cheat and set the active slot back to the previous rooted OTA to save time. Don't do it! I ended up in Qualcomm CrashDump mode and had to figure out how to get back to fastboot to set the active slot back.
 
Jan 8, 2017
7
2
Hello, I am hoping someone will be able to help me out. I have browsed the replies on this thread and another and I am a bit confused about the update process. I am rooted using a method very similar to the one in this post by extracting the boot.img and patching it; KB 2005 running build 11.0.9.9.KB05AA.

I attempted to run the OTA update by uninstalling magisk, selecting restore images, downloading the OTA, got to the page where it says "restart now", went back to magisk and installed to inactive slot, rebooted.

When I rebooted it looks like it didn't take the update. When I go to system updates the new update 11.0.10.10 KB05AA is sitting there waiting to be installed with a "restart now" button. I'm not sure what I did wrong, I'd like to install the new update and keep root, but I don't know how to proceed. I believe I have the original boot.img from before I rooted if I need it. Any help would be greatly appreciated, thank you.

( i posted this in another thread but posting here too for visibility, hope no one minds)

edit: after posting this I (stupidly) tried to repeat the steps with the OTA and installing to inactive slot, seeing if it would take the second time. This caused my phone to only boot to recovery. I went ahead and used the MSM tool to fix it, updated to 11.0.1.10, and repeated the necessary steps to patch the boot img and root. All is well now. However, I am interested to know what I may have done wrong when attempting this OTA update, so I know what to do for future updates.
 
Last edited:

vkbhere

New member
Oct 17, 2021
1
0
after step 4 boot_a.img is not extracted into my cmd working directory. i confirmed my slot is a. sorry for being a noob but where will i find the extracted boot.img
 

xb360

Senior Member
Oct 18, 2010
211
27
Hello, I am hoping someone will be able to help me out. I have browsed the replies on this thread and another and I am a bit confused about the update process. I am rooted using a method very similar to the one in this post by extracting the boot.img and patching it; KB 2005 running build 11.0.9.9.KB05AA.

I attempted to run the OTA update by uninstalling magisk, selecting restore images, downloading the OTA, got to the page where it says "restart now", went back to magisk and installed to inactive slot, rebooted.

When I rebooted it looks like it didn't take the update. When I go to system updates the new update 11.0.10.10 KB05AA is sitting there waiting to be installed with a "restart now" button. I'm not sure what I did wrong, I'd like to install the new update and keep root, but I don't know how to proceed. I believe I have the original boot.img from before I rooted if I need it. Any help would be greatly appreciated, thank you.

( i posted this in another thread but posting here too for visibility, hope no one minds)

edit: after posting this I (stupidly) tried to repeat the steps with the OTA and installing to inactive slot, seeing if it would take the second time. This caused my phone to only boot to recovery. I went ahead and used the MSM tool to fix it, updated to 11.0.1.10, and repeated the necessary steps to patch the boot img and root. All is well now. However, I am interested to know what I may have done wrong when attempting this OTA update, so I know what to do for future updates.
I found myself in same situation as you if my steps is as you. I do the same steps on my older 1+ that download full ROM and it worked flawlessly.
I attempted to run the OTA update by uninstalling magisk, selecting restore images, downloading the OTA, got to the page where it says "restart now", went back to magisk and installed to inactive slot, rebooted.

I assume because this OTA is not full ROM, it will copy part of the boot image in memory to install in the update. Because the boot image in memory is still magisk modified image, the installed image become corrupted.

What I done is, after restore image, I restart the phone. Then only I download OTA and let it restart. Once everything completed, I follow back this guide from first step.

If you want the simple way of after update then magisk install to inactive slot, you need to get the full ROM and do local install. Full ROM usually come out quiet late for certain version of 8t.
 

replica9000

Senior Member
May 31, 2009
2,171
561
I found myself in same situation as you if my steps is as you. I do the same steps on my older 1+ that download full ROM and it worked flawlessly.


I assume because this OTA is not full ROM, it will copy part of the boot image in memory to install in the update. Because the boot image in memory is still magisk modified image, the installed image become corrupted.

What I done is, after restore image, I restart the phone. Then only I download OTA and let it restart. Once everything completed, I follow back this guide from first step.

If you want the simple way of after update then magisk install to inactive slot, you need to get the full ROM and do local install. Full ROM usually come out quiet late for certain version of 8t.

The full OTA isn't available through the OnePlus website yet. I got the full OTA through Oxygen Updater.

Edit: 11.0.11.11.KB05AA is up on the OnePlus website.
 
Last edited:
Aug 18, 2013
28
7
Bryant
OnePlus 8T
Ok, I am trying this and am running into a problem. I got into fastbootd and entered the fastboot getvar all command, and got a big list of info, none of which matched the line saying what my current slot is. It gets down to (bootloader) vendor-fingerprint etc, and the next line is getvar:all FAILED (unknown status code). Please help.
 

BillGoss

Senior Member
Sep 2, 2010
4,801
4,243
Sydney
OnePlus 3T
OnePlus 8T
Ok, I am trying this and am running into a problem. I got into fastbootd and entered the fastboot getvar all command, and got a big list of info, none of which matched the line saying what my current slot is. It gets down to (bootloader) vendor-fingerprint etc, and the next line is getvar:all FAILED (unknown status code). Please help.
fastboot getvar current-slot
 
  • Like
Reactions: Mpolo87

Mr0nLine

Senior Member
Jun 30, 2012
72
5
Cairo
On 11.0.11.11.KB05AA. I can't see this Direct Method install method in Magisk. Only the patch file option when I click install.

Any idea why?
 
Nov 9, 2021
7
1
Hi there. I'm having a little trouble and I could really use some help.

I just got my 8t (KB2005) a couple days ago, followed this guide, and got it rooted. Yay! Thank you, OP!

Then something went wrong.

I had been trying to get Magisk hide and GPay to play nicely, but that didn't go so well for me. I lost root and couldn't get it back. I even experienced the problem mentioned in #133 (above).

I'm not entirely sure what I did/didn't-do to cause this. I tried repeating the steps in this guide without success.

At one point, I rebooted the 8t and I could see 2 entries for its internal storage on my desktop. Each iteration of magisk_patch ended in a series of seemingly random alphanumeric name. I'd open Magisk, attempt to Install boot_b and nothing.

Just before rolling this profile, I factory reset and tried this guide again. Now I'm encountering errors with adb:

error: insufficient permissions for device: user in plugdev group: are your udev rules wrong?

I'm also getting an error for
dd if=/dev/block/by-name...
that the directory doesn't exist.

I've even downloaded platform-tools (even though I didn't need them the first time around).

I've gotten desperate. I've downloaded and installed OP's Official Build (https://www.oneplus.com/support/softwareupgrade/details?code=PM1605596915581) via System Update hoping to get back to something resembling new. Nope.



Sorry this is so long, but I want to provide as much info as I can to help you help me.
 
Nov 9, 2021
7
1
Thank you for replying. I got past the adb error with this:
$ sudo usermod -aG plugdev $LOGNAME

After that, I was able to proceed and currently have root. Spent the day setting up.

Looks like I've been out of the game long enough to be back to 'being a little lost' and knowing just enough to be dangerous (to myself).

I'm not entirely sure I get the dual slot schema. Even less now because my initial (successful root and [subsequent] bork) started off on boot_b and my latest successful root was boot_a. <shrug>
 
Nov 9, 2021
7
1
The 8t is a very nice device. Worlds apart from my 5t!

I'm still a little gun-shy about my root-splosion fiasco, so, I'm not sure if I have things set properly. I don't want to bork it again especially since I have a tendency to over-tighten the screws when it comes to limiting apps in AFW and freezing in Titanium.

For now, I'm wondering if my Magisk is going to continue being okay. Here's what I've got:

Magisk
Installed: 258e89c9 (23013)
Zygisk: No
Ramdisk: Yes

App
Latest: 258e89c9 (23013) (22)
Installed: 258e89c9 (23013)
Package: com.topjohnwu.magisk

Settings
Update Channel: Canary
Checking for updates.
Magisk isn't currently hidden (still want to get GPay to work)
Systemless hosts

Modules
Systemless Hosts

Waiting for a stable call recorder and word on Vanced.
 

JimDandy68

Senior Member
Feb 6, 2012
117
11
T-Mobile Samsung Galaxy S5
Moto X4
Apologies if anyone's covered this and I've missed it, but how are folks dealing with Magisk Canary prompts to update?

When I've accepted them, they seem to break Magisk, and I've ended up downloading the full Canary latest and just installing that.

Last time I think I repatched the boot.img, but this time I ended up uninstalling the old Settings app (the previously installed version, hidden with Magisk Hide), and then I could direct install and regain root. Maybe the secret is to unhide Magisk before updating, I'm not sure. But I'd like to know how others are handling updates. Thanks.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Thanks for this.

    Just to clarify: Magisk Canary should only be used for the purposes of this rooting guide. Once rooted, Magisk should be set to "Stable" update channel, located in settings.

    Should Magisk be un-hidden prior to switching from Canary to Stable?

    Once Magisk is set to 'stable', it's generally safe to accept and install those Magisk updates going forward.

    Am I continuing to use the Direct Install method when switching to the Stable Update Channel?

    Have I got that right?

    While I'm here, I have older (official) zips for modules (call record and YT Vanced), can those be safely installed?

    Thanks in advance. Sorry about all the questions. I appreciate your time and patience.
    Hello!

    1. Starting from february i used stable builds of magisk (for usage and rooting), so canary is not necessary for rooting (android 11) anymore.
    2. It is safe to use direct install method on stable update channel.
    3. I see no problems with installing official zips for magisk modules on stable builds.
    3. Future magisk canary (and later stable) builds have optimizations for Android 12, but at the same time will have omissions considering magisk hide (which is already absent) and magisk repository with modules.
    So when updating to the next version consider what you need more magisk hide & build-in repo access or android 12 support.
  • 45
    CAVEAT
    I've only tested this on my device (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant and os version.

    CREDIT
    The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.

    INFO
    The basic rundown is:
    1. Use the semi-broken TWRP package to give yourself temporary su access through adb.
    2. Extract the boot.img your phone is currently using to your pc.
    3. Reboot to OxygenOS, copy over the boot.img you just extracted and then use Magisk to patch it.
    4. Copy the boot.img back to your pc and use adb to temporarily boot your phone with it, giving you root access until reboot.
    5. Use your temporary root access to allow Magisk to patch your internal as-yet unmodified boot.img to give you permanent root.

    There seems to be some confusion in the thread, I'll try to clear up what's happening and why:
    • The primary issue at hand is that you can't root your device without already having root privileges, for security reasons. Without a custom recovery like TWRP, there are a few more steps than usual (but mostly simple stuff).
    • Because we don't flash anything with this guide, it shouldn't cause any permanent bootloops if you use the wrong boot.img, if you get stuck in one just power cycle your phone.
    • Updating with OTAs should be the same process as the other guides here.
    • Because of changes in Android, devices that launched with Android 10 and above will not allow you to modify the system partition, even with root. This is not a fault of this rooting method.

    Prerequisites:
    • ADB and Fastboot installed.
    • An unlocked bootloader and USB debugging enabled.

    ________________________________________________________

    STEPS:

    1. Connect your phone to your pc and boot it into fastboot mode. You can leave it connected throughout this guide.

    2. On your computer open a terminal/cmd prompt. Set the directory (on your pc) you want to work from, I'm using the desktop:


    for Windows, type cd C:\Users\Yourname\Desktop
    for Mac, type cd desktop or cd /Users/yourname/Desktop
    To usb adb and fastboot commands outside of the folder those programs are located in, you'll need to add their location to the PATH list so your terminal can still find them when it's pointing to a different folder. If you want to skip this step, set the directory to the folder that contains adb instead of the desktop.

    3. Next, use the terminal to check which A/B partition is active on your phone:
    Code:
    fastboot getvar all

    a. You'll find it on this line: (bootloader) current-slot:a/b
    b. For simplicity I'll be referring to boot_a.img throughout the guide, make sure to use boot_b.img if that's the one marked as active on your device.

    4. Download the semi-broken TWRP package to your desktop. We'll be using it to extract a copy of your active boot_a.img. It will give you temporary su access via adb, but there won't be a gui. Only boot from it, DO NOT FLASH IT:
    Code:
    fastboot boot recovery.img
    adb shell
    dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
    exit
    adb pull /sdcard/boot_a.img boot_a.img
    adb reboot


    5. Copy the extracted boot_a.img file to a user accessible area of your phone, like your downloads folder.

    6. Install the latest Magisk Canary apk on your phone. Open it and:

    a. Select the Install option.
    b. Use Select and Patch a File on boot_a.img

    7. Copy the patched magisk_patched_a.img file back to your computer. In terminal, type adb reboot bootloader to get back to fastboot mode.

    8. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
    Code:
    fastboot boot magisk_patched_a.img

    You could flash this boot.img, but it's safer to temporarily boot from it without overwriting your existing image in case anything went wrong along the way. The effect is that you still get root access without modifying your device, and then you can use the much safer Magisk direct install option, which has some safeguards in place.

    9. By booting with the patched image, you now have temporary root access. To make it permanent open Magisk:
    a. Select the Install option.
    b. Use Direct Install (Recommended) to root your internal boot.img

    10. Reboot and verify it worked.
    4
    a couple of notes for any either newBs or old OPO users rejoining the party with a new onplus phone..
    Some prework I had to do for my OnePlus 8T KB2005
    -ensure you have the correct ADB driver installed, I installed the "15sec adb installer 1.4.2" found here on xda, watch the videos provided.
    -ensure to unlock your bootloader first (*this will wipe your device.. didn't think about that..no pain no gain...)
    -With device in bootloader/fastboot, run: fastboot flashing unlock
    -verify with your phone to accept
    -phone will reboot, just through the setup, I just skipped it all and opted for offline setup..
    -renable OEM lock and USB debug
    -restart back into bootloader/fastboot
    -now you are ready to root
    4
    I'm a little confused also about rooting the 8t. Couple of threads refer to using payload dumper. Others refer to using the broken twrp method. One produces one boot image while the other produces two. I went with the payload dump method and got the boot image. Just not ready to pull the trigger yet I guess. Seems the payload dump way has worked for many according to different threads.
    They're two different approaches to the same problem, the crux of it is that you can't root without already having root access which is the problem all of the guides are trying to solve. Without having a working custom recovery like TWRP, we have some extra steps to get there.

    The other methods are taking the OTA update pushed to your phone and using Payload Dumper to extract the boot.img, everything after that is pretty much identical to this guide. The difference is that because there are multiple variants of the device all running different roms, those guides are a bit confusing, especially when it comes to cases like KB2005 where OTAs are only incremental and don't even contain the boot.img you need.

    This skips all that extra work with Payload Dumper and just pulls the actual boot.img your phone is already using- so you already know it's the correct one for your device. I could probably update this guide to check which A/B partition is active so you only have to pull that one boot.img.
    2
    :rolleyes: Forgot to tag it... if an admin is able to do so I'd appreciate it.
    2
    Just came here to say that this is the most genius way to go about it and thanks OP for this solution. To add your screen would flicker in TWRP but you just want to type adb reboot bootloader after you are done copying off the boot files from your phone. Thanks OP!