[GUIDE] Pixel 4a (5G) "bramble": Unlock Bootloader, Update, Root, Pass SafetyNet

Search This thread

V0latyle

Forum Moderator
Staff member
Magisk Canary 23018 is out.
Changes:
  • [Zygisk] Show warning in app UI to indicate incompatible Zygisk modules
  • [App] Allow modules to specify an update URL for in-app update + install
Update from within Magisk to prevent problems like breaking root.

If you do not already have Magisk installed, Download it here
 
Last edited:
  • Like
Reactions: TKruzze

V0latyle

Forum Moderator
Staff member
Magisk Canary updated to 23019
Changes:
- [Zygisk] Skip loading modules into the Magisk app to prevent conflicts
- [MagiskBoot] Change `zopfli` to a more reasonable config so it doesn't take forever
- [General] Several `BusyBox` changes

Preferred method of update is from within Magisk app.

If installing for the first time, here is the APK Download
 

V0latyle

Forum Moderator
Staff member
Just wanted to update your question, Magisk 24001 now allows us early updaters to get root again without wipe. Tested myself and works perfectly. FINALLY! hehe.
I feel like I should explain this a little bit...

Prior to Magisk 23016, Magisk did not properly preserve parts of the boot image header when the image was patched. So, the device would see an invalid header and would fail to load the boot image.

We found a workaround where disabling verity and verification would allow the device to load the boot image anyway; the problem is, disabling verity and verification require data to be clean unless they're already disabled. This meant that running a patched boot image required disabling verity/verification, and disabling verity/verification required wiping data the first time when they had been enabled.

Magisk Canary 23016 fixed this, so when the boot image was patched the header was properly preserved, so disabling verity/verification was no longer necessary.

Also worthy of note: Temporary root has always been possible by live booting the patched image.
 
  • Like
Reactions: TKruzze

V0latyle

Forum Moderator
Staff member
Magisk Stable is now at version 24.1, so I will no longer be providing any Magisk updates.

You can use any version of Magisk now - Stable, Beta, or Canary. as long as it is 23016 or newer.

Once again, if you want to switch versions of Maagisk, it is HIGHLY RECOMMENDED that you "Complete Uninstall" within Magisk before installing the new version. Multiple instances of Magisk can break root.

If you simply want to update Magisk, the best way to do so is from within the app.


Once the February update is out, I will perform some testing with installing to inactive slot, and if it works, I will update this guide.

Given the low activity on this thread, I will probably close it if everything goes well with the next update.

Thank you all for your testing and contributions.
 
  • Like
Reactions: hochoch and TKruzze

yekrut

Member
Mar 24, 2022
7
1
Magisk Stable is now at version 24.1, so I will no longer be providing any Magisk updates.

You can use any version of Magisk now - Stable, Beta, or Canary. as long as it is 23016 or newer.

Once again, if you want to switch versions of Maagisk, it is HIGHLY RECOMMENDED that you "Complete Uninstall" within Magisk before installing the new version. Multiple instances of Magisk can break root.

If you simply want to update Magisk, the best way to do so is from within the app.

I did the OTA update to A12+March update and lost root so Magisk can no longer do a complete uninstall. But I really need to reroot because I live in a country where I can't use the local networks without Magisk mods to unlock the networks. (China) What is the safest way to get back to a working Magisk root?

I'm pretty new to all of this. I bought the phone already rooted from an internet seller. I've been reading threads on this forum for 5 or 6 hours but frankly the guides and methods have been in discussion for the last year or more and I have no idea what's still current.

I *think* I need to unlock the bootloader.
I *think* I need to update the radio and something else I can't find now.
I think I need to do a factory reset, or reset to stock, and data wipe.
I think I need to do all that before I can start the root process again but I'm worried I'll overlook something and destroy my phone.

The problem is that everything uses the phone in China. I use it to pay for everything, I use it for the 'green code' to enter businesses. Without it I have nothing.
 

V0latyle

Forum Moderator
Staff member
I did the OTA update to A12+March update and lost root so Magisk can no longer do a complete uninstall. But I really need to reroot because I live in a country where I can't use the local networks without Magisk mods to unlock the networks. (China) What is the safest way to get back to a working Magisk root?

I'm pretty new to all of this. I bought the phone already rooted from an internet seller. I've been reading threads on this forum for 5 or 6 hours but frankly the guides and methods have been in discussion for the last year or more and I have no idea what's still current.

I *think* I need to unlock the bootloader.
I *think* I need to update the radio and something else I can't find now.
I think I need to do a factory reset, or reset to stock, and data wipe.
I think I need to do all that before I can start the root process again but I'm worried I'll overlook something and destroy my phone.

The problem is that everything uses the phone in China. I use it to pay for everything, I use it for the 'green code' to enter businesses. Without it I have nothing.
Everything in the OP is current, with the exception of the deprecated spoiler. It's actually very hard to destroy your device unless you do something deliberately wrong.

Green code? Is that the health code app they're talking about that's a thinly veiled means of social control? This is why we Americans have been so resistant to such measures - freedom is sacred to us.
 

yekrut

Member
Mar 24, 2022
7
1
Everything in the OP is current, with the exception of the deprecated spoiler. It's actually very hard to destroy your device unless you do something deliberately wrong.

Green code? Is that the health code app they're talking about that's a thinly veiled means of social control? This is why we Americans have been so resistant to such measures - freedom is sacred to us.

In fact I'm American. I teach English in China at the moment. And yes, they use apps for contact tracing. There's a health code that monitors if you've been near a person later identified as having coronavirus. Then there is a travel code used to show if you've been to an area with elevated risk, and each city/province has its own way of checking into an address via app. The local app is so screwed up that it set my nationality to the UAE instead of USA and I can't change it.

I need my phone for everything. Stores won't allow you to enter without being able to generate a code, which I can't do without phone signal. I can't take a bus, or communicate via translation, or take a taxi without it.

So after knowing about my phone situation, which of those guides do you recommend I follow? It seems that I need to remove any old traces of Magisk as well as do a factory reset, but I can't uninstall in Magisk. I've read a lot of your posts from the last year and I know you know this subject well. A few more days without a phone isn't an option. What would you do?
 

V0latyle

Forum Moderator
Staff member
In fact I'm American. I teach English in China at the moment. And yes, they use apps for contact tracing. There's a health code that monitors if you've been near a person later identified as having coronavirus. Then there is a travel code used to show if you've been to an area with elevated risk, and each city/province has its own way of checking into an address via app. The local app is so screwed up that it set my nationality to the UAE instead of USA and I can't change it.

I need my phone for everything. Stores won't allow you to enter without being able to generate a code, which I can't do without phone signal. I can't take a bus, or communicate via translation, or take a taxi without it.
That's actually kinda terrifying. Imagine your whole life depending on something the government is using to track you. Apparently that app is known for transmitting private data to the PRC MSS...

After I had Covid, the county called me (apparently the hospital gave them my contact information) to try to conduct contact tracing. I told them in no uncertain terms that it was a breach of my privacy, so they could take a long walk off a short pier.
So after knowing about my phone situation, which of those guides do you recommend I follow? It seems that I need to remove any old traces of Magisk as well as do a factory reset, but I can't uninstall in Magisk. I've read a lot of your posts from the last year and I know you know this subject well. A few more days without a phone isn't an option. What would you do?
I have no idea what methods that app uses to detect root or Magisk. If you want to retain root, you could try the Universal SafetyNet Fix module, and configure DenyList on the contact tracing app.

If you need to return your device to complete stock, you can use the Android Flash Tool to return your device to factory stock. Your bootloader must be unlocked to do this, but in the tool options you can specify to relock your bootloader. In this case, I would check the Wipe Device, Force flash all partitions and Lock bootloader options.
 

yekrut

Member
Mar 24, 2022
7
1
I have no idea what methods that app uses to detect root or Magisk. If you want to retain root, you could try the Universal SafetyNet Fix module, and configure DenyList on the contact tracing app.

If you need to return your device to complete stock, you can use the Android Flash Tool to return your device to factory stock. Your bootloader must be unlocked to do this, but in the tool options you can specify to relock your bootloader. In this case, I would check the Wipe Device, Force flash all partitions and Lock bootloader options.
My root is gone after A12 OTA update. It still has magisk, but no super user ability or modules. It's just an empty shell showing the Magisk version. If I had realized updating would cause all these issues I wouldn't have done it. I didn't know the automatic update would do so much damage (and I really hate the new UI).

edit: Bootloader has to be unlocked to re-root after reverting to stock, right?
 

V0latyle

Forum Moderator
Staff member
My root is gone after A12 OTA update. It still has magisk, but no super user ability or modules. It's just an empty shell showing the Magisk version. If I had realized updating would cause all these issues I wouldn't have done it. I didn't know the automatic update would do so much damage (and I really hate the new UI).
The A11 images are still available, and you can downgrade your device if you so desire.
edit: Bootloader has to be unlocked to re-root after reverting to stock, right?
I thought I made this clear. The only thing you can do on a locked bootloader is sideload the OTA. To flash partitions, such as with the Android Flash Tool, your bootloader must be unlocked. If you choose to return to bone stock and don't wish to root, you can re lock it, and the Android Flash Tool provides for this.
 

yekrut

Member
Mar 24, 2022
7
1
The A11 images are still available, and you can downgrade your device if you so desire.

I thought I made this clear. The only thing you can do on a locked bootloader is sideload the OTA. To flash partitions, such as with the Android Flash Tool, your bootloader must be unlocked. If you choose to return to bone stock and don't wish to root, you can re lock it, and the Android Flash Tool provides for this.
Thanks, that is clear. Unfortunately I need to root in order to use mainland China cell towers, hence my predicament. So I plan to make sure the bootloader is still unlocked, then use the Android Flash Tool to put everything back to bone stock, then reinstall Magisk to root. Thank you :)
 
  • Like
Reactions: V0latyle

V0latyle

Forum Moderator
Staff member
Thanks, that is clear. Unfortunately I need to root in order to use mainland China cell towers, hence my predicament. So I plan to make sure the bootloader is still unlocked, then use the Android Flash Tool to put everything back to bone stock, then reinstall Magisk to root. Thank you :)
Make damn sure you use a VPN, and encrypt your device.
 

yekrut

Member
Mar 24, 2022
7
1
Can I let Android Flash Tool lock the bootloader AFTER I have returned to stock and rooted with Magisk on it? In effect, to be able to turn on the phone without pressing the power button twice first? I've seen that the device must be wiped in order to unlock the bootloader but how about relock?
 

V0latyle

Forum Moderator
Staff member
Can I let Android Flash Tool lock the bootloader AFTER I have returned to stock and rooted with Magisk on it? In effect, to be able to turn on the phone without pressing the power button twice first? I've seen that the device must be wiped in order to unlock the bootloader but how about relock?
The Android Flash Tool will not perform individual actions. You cannot simply choose one action without flashing a complete firmware set, such as flashing a single partition, wiping the device, or locking the bootloader.
You can, however, perform this manually through the ADB/fastboot terminal.

As for the unlocked bootloader warning, you don't have to take any action when it displays. Simply ignore it, the device continues in about 5 seconds.

Do not lock the bootloader on modified firmware. Locking the bootloader enables Android Verified Boot, wherein the device checks the boot image against a reference hash while it's loading. Any modification to the boot image, such as a Magisk patch, will fail verification, preventing boot. It is possible in some cases to lock the bootloader on a custom ROM, when a custom root of trust has been set; however, I am not aware of any available ROMs for the Pixel series that accommodate this.

Therefore, if you're going to lock the bootloader, ensure the device is returned to bone stock before doing so.
 
Last edited:

yekrut

Member
Mar 24, 2022
7
1
The Android Flash Tool will not perform individual actions. You cannot simply choose one action without flashing a complete firmware set, such as flashing a single partition, wiping the device, or locking the bootloader.
You can, however, perform this manually through the ADB/fastboot terminal.

As for the unlocked bootloader warning, you don't have to take any action when it displays. Simply ignore it, the device continues in about 5 seconds.

Do not lock the bootloader on modified firmware. Locking the bootloader enables Android Verified Boot, wherein the device checks the boot image against a reference hash while it's loading. Any modification to the boot image, such as a Magisk patch, will fail verification, preventing boot. It is possible in some cases to lock the bootloader on a custom ROM, when a custom root of trust has been set; however, I am not aware of any available ROMs for the Pixel series that accommodate this.

Therefore, if you're going to lock the bootloader, ensure the device is returned to bone stock before doing so.
Thanks, that is good info. I had decided not to try to lock it again since doing everything useful except OTA updates seems to require it to be unlocked. Now I understand more about how that works.

I still have one question before I'm ready to take the plunge and try to go through these steps. I have seen places in your guides where you say that the radio img and boot image need to be newer than the installed version, otherwise the update will fail. How can a phone go from version 12 to 11 without failing that criterion? Is it because in one case an update is being performed and in the other case a fresh, "initial" OS is being installed?
 

V0latyle

Forum Moderator
Staff member
Thanks, that is good info. I had decided not to try to lock it again since doing everything useful except OTA updates seems to require it to be unlocked. Now I understand more about how that works.

I still have one question before I'm ready to take the plunge and try to go through these steps. I have seen places in your guides where you say that the radio img and boot image need to be newer than the installed version, otherwise the update will fail. How can a phone go from version 12 to 11 without failing that criterion? Is it because in one case an update is being performed and in the other case a fresh, "initial" OS is being installed?
The androidinfo script in the factory image checks the bootloader and radio versions before applying the update. If they are not equal to, or newer than, the bootloader and radio versions contained in the factory zip, the update will fail.

However, if you choose to downgrade, this is largely irrelevant. If you downgrade via Android Flash Tool, it will flash the bootloader and radio images that came with the release you're installing. On the other hand, if you manually flash the factory image via the command line, I believe you can install an older version of Android on a newer bootloader/radio combo.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 10
    If you are looking for my guide on a different Pixel, find it here:
    Update 6-20-22: Magisk 25.1 is recommended as this includes fixes for OTA updates.
    Discussion thread for migration to 24.0+.

    DO NOT use any version of Magisk lower than Canary 23016 as it does not yet incorporate the necessary fixes for Android 12 and your device.


    WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.

    Prerequisites:


    Android Source - Setting up a device for development


    1. Follow these instructions to enable Developer Options and USB Debugging.
    2. Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
    3. Connect your device to your PC, and open a command window in your Platform Tools folder.
    4. Ensure ADB sees your device:
      Code:
      adb devices
      If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
      If you see "unauthorized", you need to authorize the connection on your device.
      If you see the device without "unauthorized", you're good to go.
    5. Reboot to bootloader:
      Code:
      adb reboot bootloader
    6. Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
      Code:
      fastboot flashing unlock
      Select Continue on the device screen.

    1. Install Magisk on your device.
    2. Download the factory zip for your build.
    3. Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
    4. Copy boot.img to your device.
    5. Patch boot.img with Magisk: "Install" > "Select and Patch a File"
    6. Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
    7. Reboot your device to bootloader.
    8. Flash the patched image:
      Code:
      fastboot flash boot <drag and drop master root.img here>
    9. Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>

    1. Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
    2. Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
    3. Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
    4. You should now be updated with root.

    1. Download the OTA.
    2. Reboot to recovery and sideload the OTA:
      Code:
      adb reboot sideload
      Once in recovery:
      Code:
      adb sideload ota.zip
    3. When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
    4. Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
    5. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.
    Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.

    Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
    1. Download the factory zip and extract the contents.
    2. Reboot to bootloader.
    3. Compare bootloader versions between phone screen and bootloader.img build number
      Code:
      fastboot flash bootloader <drag and drop new bootloader.img here>
      If bootloader is updated, reboot to bootloader.
    4. Compare baseband versions between phone screen and radio.img build number
      Code:
      fastboot flash radio <drag and drop radio.img here>
      If radio is updated, reboot to bootloader.
    5. Apply update:
      Code:
      fastboot update --skip-reboot image-codename-buildnumber.zip
      When the update completes, the device will be in fastbootd. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.
    Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
    The scripted commands should look like this:
    Code:
    fastboot flash bootloader <bootloader image name>
    fastboot reboot bootloader
    ping -n 5 127.0.0.1 > nul
    fastboot flash radio <radio image name>
    fastboot reboot bootloader
    ping -n 5 127.0.0.1 > nul
    fastboot update  --skip-reboot --slot=all <image-device-buildnumber.zip>
    Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.

    1. Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
    2. When the update completes, the device will be in fastbootd. Reboot to bootloader.
    3. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    4. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    5. Reboot your device. You should now be updated with root.

    This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.

    Zygisk + DenyList enabled
    All subcomponents of these apps hidden under DenyList:
    • Google Play Store
    • GPay
    • Any banking/financial apps
    • Any DRM media apps
    Modules:
    To check SafetyNet status:
    I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.

    Points of note:
    • The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
    • While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
      screenshot_20211218-194517-png.5486339
    • "Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
    • "App" simply shows the version of the app itself.
    • If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
    • If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
    • Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.


    Credits:
    Thanks to @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
    2
    Yea, they said change the port, but wanted $100 to do it. It's not an easy job, so that's not unreasonable, but the phone is probably worth only $200ish , so that seemed like a lot. I've tore down plenty of phones so it was a lot more economical to do it myself.
    2
    Magisk Stable is now at version 24.1, so I will no longer be providing any Magisk updates.

    You can use any version of Magisk now - Stable, Beta, or Canary. as long as it is 23016 or newer.

    Once again, if you want to switch versions of Maagisk, it is HIGHLY RECOMMENDED that you "Complete Uninstall" within Magisk before installing the new version. Multiple instances of Magisk can break root.

    If you simply want to update Magisk, the best way to do so is from within the app.


    Once the February update is out, I will perform some testing with installing to inactive slot, and if it works, I will update this guide.

    Given the low activity on this thread, I will probably close it if everything goes well with the next update.

    Thank you all for your testing and contributions.
    2
    Magisk Canary was updated to 23016 last night. This includes a fix for the vbmeta header issue, meaning that disabling verity/verification should no longer be required, and we should be able to root as we did before.
    So I did upgrading from latest 11 to latest 12 some minutes ago. Booted, patched boot.img with magisk 23016 and flashed the patched image to get back root. Worked like a charm just like any update before. So no more wipe needed.

    So, it's time for the good old pal Stinky Wizzleteats and his song about being happy. That's right, it's the happy, happy, joy, joy song:
    Happy, happy, joy, joy
    Happy, happy, joy, joy
    Happy, happy, joy, joy
    Happy, happy, joy, joy
    Happy, happy, joy, joy
    Happy, happy, joy, joy

    ┌(・。・)┘♪
    1
    DO NOT take the automatic OTA if you are rooted.

    Well, that explains why I haven't been able to update boot with my patched file.

    First I've heard of it and not sure I'm ready to wipe everything and start over.

    Sucks to be an early adopter.

    Thanks for the post.