[Guide] OnePlus 8T EASY ROOT (for all unlocked variants)

Search This thread
By:
Advanced…
BillGoss

BillGoss

Senior Member
Sep 2, 2010
5,610
4,954
Sydney
OnePlus 8T
OnePlus 9 Pro
TanakaX5 said:
Hey guys,

I have a question about updating the magisk app.
So I'm rooted and running a bunch of modules, the last time I Update the magisk App it completely ****ed up my device.
What is the correct way to Update the app?

That's my setup:

Installiert 5d6d2417 (23015)
Zygisk yes
Ramdisk yes

New 92546e8a (23016) (23)
Installed 5d6d2417 (23015)

Last time I just Hit Update and after that **** up town All the Way, had to unbrick and everything.

So, what's the correct way?

Greets,

TanakaX5
Click to expand...
Click to collapse
Wow! Three times you've posted this!
I answered but don't do this again. Read the rules!
forum.xda-developers.com

📚 XDA Developers Forum Rules 📚

XDA-Developers FORUM RULES List of Forum Moderators, click HERE Delete Your XDA Account HERE 1. Search before posting. Use one of our search functions before posting or creating a new thread. Whether you have a question or just something new...
forum.xda-developers.com forum.xda-developers.com
 
M

marcsmv3

Senior Member
Jun 2, 2016
63
16
OK -- This method technically does work for getting root. But it seems to be missing some features related to its lack of SuperUser Binary Fies. Most importantly -- I am not able to pass Basic Integrity NOR ctsProfile when testing SafetyNet. I have tried numerous things -- using the MagiskHide setting (refuses to stay set, if I go right back to Magisk settings after turning it on it shows that it's off), installed various modules such as MagiskHide Props Config, installed Riru/LSPosed/XPrivacyLUA and set XPrivacyLua to block all Google Play services, installed Universal SafetyNet Fix -- NOTHING can even get me past basic attestation. ANY Help here? Without SafetyNet passing I seem to be unable to use GooglePay and I can't even install the latest version of Facebook Messenger (I can install an older hacked version found here on XDA but can't send photos or videos) -- this would probably be a dealbreaker for me and force me to fall back to stock OOS/drop root.

Also of note, when using RootChecker app it can see that I have root access and that a Superuser App is installed but it does show that Superuser Binary files are NOT installed. Is this part of my problem? How can we solve this?

Running OOS 11.0.12.12.KB05AA
 
Last edited:
D

drieg

Member
Aug 23, 2013
31
3
marcsmv3 said:
OK -- This method technically does work for getting root. But it seems to be missing some features related to its lack of SuperUser Binary Fies. Most importantly -- I am not able to pass Basic Integrity NOR ctsProfile when testing SafetyNet. I have tried numerous things -- using the MagiskHide setting (refuses to stay set, if I go right back to Magisk settings after turning it on it shows that it's off), installed various modules such as MagiskHide Props Config, installed Riru/LSPosed/XPrivacyLUA and set XPrivacyLua to block all Google Play services, installed Universal SafetyNet Fix -- NOTHING can even get me past basic attestation. ANY Help here? Without SafetyNet passing I seem to be unable to use GooglePay and I can't even install the latest version of Facebook Messenger (I can install an older hacked version found here on XDA but can't send photos or videos) -- this would probably be a dealbreaker for me and force me to fall back to stock OOS/drop root.

Also of note, when using RootChecker app it can see that I have root access and that a Superuser App is installed but it does show that Superuser Binary files are NOT installed. Is this part of my problem? How can we solve this?

Running OOS 11.0.12.12.KB05AA
Click to expand...
Click to collapse
I am using magisk canary 23016, and with these steps safetynet passes:
1. insall the safetynet fix 2.2.1 module
2. use denylist (need to mark zygisk in settings) on these apps:
google services framework, google play, google pay, google one, and basically any google app
3. hide magisk (through settings)
4. clear cache & data on play store, google pay
that worked for me...
good luck
 
M

marcsmv3

Senior Member
Jun 2, 2016
63
16
When you say 'denylist' -- do you mean on the App settings feature within Android? Or is this some other app or feature within some app or module? In what app's settings am I marking 'zygisk'? Are you talking about XPrivacyLua?? Because if you are, I see no accessible settings feature there.

HideMagisk, as I mentioned, does not work for me. I set it, leave settings and can go right back to settings and it's already been automatically set back to the off setting. Any ideas here?

Also the phone is generally doing some weird things. Plugged it in to charge before bed last night (@ 20% power) with the factory warp charger -- woke up and the phone was stuck at 64% and refused to charge further. Unplugged it, plugged it back in, gave me the warp charge animation, got ready for work -- 30 min later still at 64%...
 
Last edited:
D

drieg

Member
Aug 23, 2013
31
3
In latest magisk canary there is no longer 'magisk hide', but denylist instead, and you need to mark the zygisk in magisk settings in order to see this option
 

Attachments

  • Screenshot_20220120-223128.jpg
    Screenshot_20220120-223128.jpg
    323.6 KB · Views: 42
M

marcsmv3

Senior Member
Jun 2, 2016
63
16
I ****ed up my root by reinstalling magisk in app to I guess the stable 23000 (I was told canary was just for installing and that we want to switch to stable once rooted). Then I tried downloading canary 23017 to see if I could get it back but nada. I've lost access to my modules, Magisk settings screen has virtually no options at all now, and I don't actually have root access anymore (says n/a under 'installed' in Magisk home screen). Yeah this is all too much for me. What's my next move? Worried if I start the process in this guide from the beginning that I'll be ****ed because I'm not starting from a clean device.
 
D

drieg

Member
Aug 23, 2013
31
3
I'de suggest to wait for someone more experienced than me to respond, but if I were you I would have:
1. Backup everything that is important to you, including internal storage files
2. Boot the patched image you are supposed to already have from the process written in this post
3. Install latest canary

I hope whatever you do it will go well, but I recently had some issues myself and eventually I've used MSM tool to have a fresh start, and than rooted again.
Now everything works flawlessly
 
M

marcsmv3

Senior Member
Jun 2, 2016
63
16
It's a new device barely used so everything vital is still accessible on my old 5t so not worried about losing data as everything is on my 5t or in the cloud and can be synced back up with Clone Phone easily.

Where do I find this MSM tool so I can get back to stock, hopefully with my bootloader still unlocked?
 
M

marcsmv3

Senior Member
Jun 2, 2016
63
16
Thanks. I see this MSM tool will kick me back a few versions. Do you recommend I root before or after updating to the most recent OOS?
 
M

marcsmv3

Senior Member
Jun 2, 2016
63
16
Followed the MSM guide but could not use the volume buttons to get into EDL mode. Found a way to get into EDL mode using ADB with the command 'adb reboot edl' which successfully got my phone into EDL mode.

Ok I got EDL drivers working after a PC reboot and the MSM is doing something now... Nope... 'Automatic detection of DDR failed' looks like after a Google search I could need a new motherboard?! Got the phone out of EDL mode by holding down power + volume up (NO ONE said that lol thought I was bricked).

Now I'm booted back to my same non rooted state where Magisk is installed but doesnt work after having been updated to Canary 23017... Running OOS 11.0.12.12.KB05AA -- do I just flash a fresh img with fastboot? Which one? Do I boot TWRP with fastboot to retry this root and flash a fresh img that way?
 
Last edited:
Gameplayraja

Gameplayraja

Member
Mar 17, 2022
9
0
Thanks for this awesome guide. I am going to stop going to these random youtube videos and only come here from now on. Went through a 10 hours rollercoaster ride and a qualcoom boot fail to msm bruteforce until it install the stock img to then still keep going at it to trying to root it with this method. And this method worked like a charm. Thank you very much!
 
tecknight

tecknight

Inactive Recognized Contributor
Jun 12, 2010
1,022
886
Las Vegas
Redmi Note 9 Pro
OnePlus 8T
lordxcom said:
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks
Click to expand...
Click to collapse
Lordx,
This is due to the fact that Google changed the rules starting with Android 10--Starting with Android 10, you cannot remount the system partition rw--The command simply fails and the partition remains ro.

See the following:
android.stackexchange.com

System partition locked to read only in Android 10

Help, I don't know what I did but after installing a custom ROM, I noticed that my system partition cannot be mounted as read/write. I tried "mount -o rw,remount /system" command on a terminal
android.stackexchange.com android.stackexchange.com
 
  • Like
Reactions: Lz3807775t and lordxcom
lordxcom

lordxcom

Senior Member
Nov 11, 2010
145
23
OnePlus One
LG G3
tecknight said:
Lordx,
This is due to the fact that Google changed the rules starting with Android 10--Starting with Android 10, you cannot remount the system partition rw--The command simply fails and the partition remains ro.

See the following:
android.stackexchange.com

System partition locked to read only in Android 10

Help, I don't know what I did but after installing a custom ROM, I noticed that my system partition cannot be mounted as read/write. I tried "mount -o rw,remount /system" command on a terminal
android.stackexchange.com android.stackexchange.com
Click to expand...
Click to collapse
Thank you
 
R

RawSlugs

Senior Member
Oct 12, 2014
258
23
Essential Phone
OnePlus 8T
Magisk is failing safety net, i have magisk hide and universal safetynet fix and nothing
What settings do i need to configure in magisk hide?

Edit: i installed older version on USNF and realized in needed riru
Safety net is showing as passed in some random safteynet test app from playstore but the magisk built in safteynet shows "api error"
 
Last edited:
replica9000

replica9000

Senior Member
May 31, 2009
2,202
575
RawSlugs said:
Magisk is failing safety net, i have magisk hide and universal safetynet fix and nothing
What settings do i need to configure in magisk hide?

Edit: i installed older version on USNF and realized in needed riru
Safety net is showing as passed in some random safteynet test app from playstore but the magisk built in safteynet shows "api error"
Click to expand...
Click to collapse
Sounds like you're on an old version of Magisk. Newer versions don't check SafetyNet anymore.
 
tecknight

tecknight

Inactive Recognized Contributor
Jun 12, 2010
1,022
886
Las Vegas
Redmi Note 9 Pro
OnePlus 8T
RawSlugs said:
Magisk is failing safety net, i have magisk hide and universal safetynet fix and nothing
What settings do i need to configure in magisk hide?

Edit: i installed older version on USNF and realized in needed riru
Safety net is showing as passed in some random safteynet test app from playstore but the magisk built in safteynet shows "api error"
Click to expand...
Click to collapse
Install Magisk 24.3, which has no Magisk hide any more.
Enable Zygisk (Beta).
Enable Enforce Denylist, then
Configure DenyList.
Check any apps that you want to NOT know you are rooted (Google Pay, etc)
Then install YASNAC, a third party SafetyNet checker.
Make sure YASNAC is on the deny list
Also make sure you have installed the latest universal SafetyNet fix.
Run YASNAC and you should be golden
 
Last edited:
  • Like
Reactions: RawSlugs
You must log in or register to reply here.

Similar threads

OPTeam
  • Sticky
[OnePlus 8T][ROM][OTA][Oxygen OS] Repo of Oxygen OS Builds
Replies
898
Views
192K
Rootk1t
Rootk1t
DroidFreak32
[Guide] How to ROOT OnePlus8T (CN/IN/EU/International) KB2000,KB2001,KB2003,KB2005
Replies
702
Views
149K
Rootk1t
Rootk1t
S
Guide: How to use OnePlus dialer with call recording in OnePlus 8T/Nord
Replies
279
Views
74K
S
st11
Some_Random_Username
[OP8T][OOS KB05AA/BA/DA] Unbrick tool to restore your device to OxygenOS
Replies
597
Views
208K
Y
ykjae
C
[GUIDE] Convert TMO to EU via MSM Tool, no SIM Unlock or Bootloader Unlock needed!
Replies
2K
Views
156K
L
lqtdc

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 47
    Mpolo87
    Mpolo87
    DO NOT FOLLOW THIS GUIDE IF YOU HAVE ANDROID 12
    Visit this thread for more information


    ________________________________________________________


    CAVEAT
    I've only tested this on my device running Android 11 (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant and os version.

    CREDIT
    The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.

    INFO
    The basic rundown is:
    1. Use the semi-broken TWRP package to give yourself temporary su access through adb.
    2. Extract the boot.img your phone is currently using to your pc.
    3. Reboot to OxygenOS, copy over the boot.img you just extracted and then use Magisk to patch it.
    4. Copy the boot.img back to your pc and use adb to temporarily boot your phone with it, giving you root access until reboot.
    5. Use your temporary root access to allow Magisk to patch your internal as-yet unmodified boot.img to give you permanent root.

    There seems to be some confusion in the thread, I'll try to clear up what's happening and why:
    • The primary issue at hand is that you can't root your device without already having root privileges, for security reasons. Without a custom recovery like TWRP, there are a few more steps than usual (but mostly simple stuff).
    • Because we don't flash anything with this guide, it shouldn't cause any permanent bootloops if you use the wrong boot.img, if you get stuck in one just power cycle your phone.
    • Updating with OTAs should be the same process as the other guides here.
    • Because of changes in Android, devices that launched with Android 10 and above will not allow you to modify the system partition, even with root. This is not a fault of this rooting method.

    Prerequisites:
    • ADB and Fastboot installed.
    • An unlocked bootloader and USB debugging enabled.
    • Android 11. (Android 12 introduced problems with this method, per other users. See link at top of page)

    ________________________________________________________

    STEPS:

    1. Connect your phone to your pc and boot it into fastboot mode. You can leave it connected throughout this guide.

    2. On your computer open a terminal/cmd prompt. Set the directory (on your pc) you want to work from, I'm using the desktop:

    for Windows, type cd C:\Users\Yourname\Desktop
    for Mac, type cd desktop or cd /Users/yourname/Desktop
    To usb adb and fastboot commands outside of the folder those programs are located in, you'll need to add their location to the PATH list so your terminal can still find them when it's pointing to a different folder. If you want to skip this step, set the directory to the folder that contains adb instead of the desktop.

    3. Next, use the terminal to check which A/B partition is active on your phone:
    Code: 
    fastboot getvar all

    a. You'll find it on this line: (bootloader) current-slot:a/b
    b. For simplicity I'll be referring to boot_a.img throughout the guide, make sure to use boot_b.img if that's the one marked as active on your device.

    4. Download the semi-broken TWRP package to your desktop. We'll be using it to extract a copy of your active boot_a.img. It will give you temporary su access via adb, but there won't be a gui. Only boot from it, DO NOT FLASH IT:
    Code: 
    fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb reboot


    5. Copy the extracted boot_a.img file to a user accessible area of your phone, like your downloads folder.

    6. Install the latest Magisk Canary apk on your phone. Open it and:
    a. Select the Install option.
    b. Use Select and Patch a File on boot_a.img

    7. Copy the patched magisk_patched_a.img file back to your computer. In terminal, type adb reboot bootloader to get back to fastboot mode.

    8. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
    Code: 
    fastboot boot magisk_patched_a.img

    You could flash this boot.img, but it's safer to temporarily boot from it without overwriting your existing image in case anything went wrong along the way. The effect is that you still get root access without modifying your device, and then you can use the much safer Magisk direct install option, which has some safeguards in place.

    9. By booting with the patched image, you now have temporary root access. To make it permanent open Magisk:
    a. Select the Install option.
    b. Use Direct Install (Recommended) to root your internal boot.img

    10. Reboot and verify it worked.
    View
    4
    lordxcom
    lordxcom
    a couple of notes for any either newBs or old OPO users rejoining the party with a new onplus phone..
    Some prework I had to do for my OnePlus 8T KB2005
    -ensure you have the correct ADB driver installed, I installed the "15sec adb installer 1.4.2" found here on xda, watch the videos provided.
    -ensure to unlock your bootloader first (*this will wipe your device.. didn't think about that..no pain no gain...)
    -With device in bootloader/fastboot, run: fastboot flashing unlock
    -verify with your phone to accept
    -phone will reboot, just through the setup, I just skipped it all and opted for offline setup..
    -renable OEM lock and USB debug
    -restart back into bootloader/fastboot
    -now you are ready to root
    View
    4
    Mpolo87
    Mpolo87
    kevk60 said:
    I'm a little confused also about rooting the 8t. Couple of threads refer to using payload dumper. Others refer to using the broken twrp method. One produces one boot image while the other produces two. I went with the payload dump method and got the boot image. Just not ready to pull the trigger yet I guess. Seems the payload dump way has worked for many according to different threads.
    Click to expand...
    Click to collapse
    They're two different approaches to the same problem, the crux of it is that you can't root without already having root access which is the problem all of the guides are trying to solve. Without having a working custom recovery like TWRP, we have some extra steps to get there.

    The other methods are taking the OTA update pushed to your phone and using Payload Dumper to extract the boot.img, everything after that is pretty much identical to this guide. The difference is that because there are multiple variants of the device all running different roms, those guides are a bit confusing, especially when it comes to cases like KB2005 where OTAs are only incremental and don't even contain the boot.img you need.

    This skips all that extra work with Payload Dumper and just pulls the actual boot.img your phone is already using- so you already know it's the correct one for your device. I could probably update this guide to check which A/B partition is active so you only have to pull that one boot.img.
    View
    3
    Mpolo87
    Mpolo87
    ilMerovingio said:
    I can't understand this sentence:


    What does it mean? If I want to root it is because I don't have root yet 🤔
    Click to expand...
    Click to collapse

    To modify the system boot.img to enable root, you have to have elevated permissions- which you don't have by default. Making a copy of the boot.img and then transferring it back to your device as a standard file without those same protections lets you patch it to enable su. Then you use adb to boot using the patched boot.img (without overwriting your existing boot.img) so that while you're temporarily booted with it you do have root access- at which point you just patch your internal boot.img using the same tool, giving you permanent root.

    It's also possible to skip the step of temporarily booting from the patched boot.img and instead just overwrite the unpatched boot.img, but that's risky- it's better to try booting from it first so that if it's not working properly you don't soft brick your phone.
    View
    2
    Mpolo87
    Mpolo87
    :rolleyes: Forgot to tag it... if an admin is able to do so I'd appreciate it.
    View

New posts