How To Guide [GUIDE] Pixel 6 "oriole": Unlock Bootloader, Update, Root, Pass SafetyNet

Search This thread
By:
Advanced…
V0latyle

V0latyle

Forum Moderator
Staff member
Feb 20, 2011
5,864
1
9,194
The Heartland of America
Google Pixel 5
Google Pixel 5a
⚠️⚠️⚠️WARNING! IF YOU ARE UPDATING TO ANDROID 13 FOR THE FIRST TIME, READ THIS FIRST! ⚠️⚠️⚠️

If you are looking for my guide on a different Pixel, find it here:
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.

WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.

Prerequisites:

Android Source - Setting up a device for development

Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub

  1. Follow these instructions to enable Developer Options and USB Debugging.
  2. Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
  3. Connect your device to your PC, and open a command window in your Platform Tools folder.
  4. Ensure ADB sees your device:
    Code: 
    adb devices
    If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
    If you see "unauthorized", you need to authorize the connection on your device.
    If you see the device without "unauthorized", you're good to go.
  5. Reboot to bootloader:
    Code: 
    adb reboot bootloader
  6. Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
    Code: 
    fastboot flashing unlock
    Select Continue on the device screen.

  1. Install Magisk on your device.
  2. Download the factory zip for your build.
  3. Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
  4. Copy boot.img to your device.
  5. Patch boot.img with Magisk: "Install" > "Select and Patch a File"
  6. Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
  7. Reboot your device to bootloader.
  8. Flash the patched image:
    Code: 
    fastboot flash boot <drag and drop master root.img here>
  9. Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>

  1. Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
  2. Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
  3. Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
  4. You should now be updated with root.

  1. Download the OTA.
  2. Reboot to recovery and sideload the OTA:
    Code: 
    adb reboot sideload
    Once in recovery:
    Code: 
    adb sideload ota.zip
  3. When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
  4. Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
  5. Reboot to bootloader.
  6. Boot the master root image (See note 1):
    Code: 
    fastboot boot <drag and drop master root.img here>
    Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
  7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
  8. Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.

Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
  1. Download the factory zip and extract the contents.
  2. Reboot to bootloader.
  3. Compare bootloader versions between phone screen and bootloader.img build number
    Code: 
    fastboot flash bootloader <drag and drop new bootloader.img here>
    If bootloader is updated, reboot to bootloader.
  4. Compare baseband versions between phone screen and radio.img build number
    Code: 
    fastboot flash radio <drag and drop radio.img here>
    If radio is updated, reboot to bootloader.
  5. Apply update:
    Code: 
    fastboot update --skip-reboot image-codename-buildnumber.zip
    When the update completes, the device will be in fastbootd. Reboot to bootloader.
  6. Boot the master root image (See note 1):
    Code: 
    fastboot boot <drag and drop master root.img here>
    Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
  7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
  8. Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code: 
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update  --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.

PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.

For instructions, downloads, and support, please refer to the PixelFlasher thread.

  1. Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
  2. When the update completes, the device will be in fastbootd. Reboot to bootloader.
  3. Boot the master root image (See note 1):
    Code: 
    fastboot boot <drag and drop master root.img here>
    Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
  4. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
  5. Reboot your device. You should now be updated with root.

SafetyNet has been deprecated for the new Play Integrity API. More information here.

In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.

However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.

Mod available here. Do not use MagiskHide Props Config with this mod.

This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.

Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
  • Google Play Store
  • GPay
  • Any banking/financial apps
  • Any DRM media apps
Modules:
  • Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
To check Play Integrity status:
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.

Points of note:
  • The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
  • While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
    screenshot_20230323-072859-3-png.5870161
  • "Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
  • "App" simply shows the version of the app itself.
  • If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
  • If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
  • Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.


Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
 
Last edited:
  • Like
  • Love
Reactions: webhook, fernoct, Graddy01 and 46 others
D

draymond1987

Senior Member
Apr 21, 2014
365
128
Philadelphia
I posted in another tread but I was on November's patch but used .15's vbmeta to root (before images were available for November)
Can I just flash vbmeta with the disable flags, and not worry about a wipe?
 
  • Like
Reactions: V0latyle
L

lackalil

Member
Mar 10, 2011
35
8
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
 
V0latyle

V0latyle

Forum Moderator
Staff member
Feb 20, 2011
5,864
1
9,194
The Heartland of America
Google Pixel 5
Google Pixel 5a
lackalil said:
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
Click to expand...
Click to collapse
To pass SafetyNet, you have to use Universal SafetyNet Fix 2.2.0, which is currently in beta on Patreon.
 
L

lackalil

Member
Mar 10, 2011
35
8
V0latyle said:
To pass SafetyNet, you have to use Universal SafetyNet Fix 2.2.0, which is currently in beta on Patreon.
Click to expand...
Click to collapse
Ahh, I see that in the thread now. Not a big deal for me because I don't use any apps that need it—I've just been doing it as a matter of course for a good while. Nonetheless, I'm still passing attestation with USNF 2.1.1 according to Root Checker and YASNAC.
 
S

schalacker

Member
Jul 18, 2018
23
20
Massachusetts
LG Nexus 5X
Google Pixel 3
Confirmed root working on Magisk Alpha v23001 (then reverted back to MM 23.0 to keep the old module repository links). Also updated to Nov '21 bootloader and radio at the same time. GPay stopped working for me since the Sept '21 update and all the various requirements to re-enable. I'm not that interested in GPay functionality.
 
  • Like
Reactions: V0latyle
V0latyle

V0latyle

Forum Moderator
Staff member
Feb 20, 2011
5,864
1
9,194
The Heartland of America
Google Pixel 5
Google Pixel 5a
schalacker said:
Confirmed root working on Magisk Alpha v23001 (then reverted back to MM 23.0 to keep the old module repository links). Also updated to Nov '21 bootloader and radio at the same time. GPay stopped working for me since the Sept '21 update and all the various requirements to re-enable. I'm not that interested in GPay functionality.
Click to expand...
Click to collapse
In case anyone is, GPay is working for me on my Pixel 5 with the November build. Magisk 23001 + MagiskHide + Riru + Universal SafetyNet Fix 2.1.1.
 
V0latyle

V0latyle

Forum Moderator
Staff member
Feb 20, 2011
5,864
1
9,194
The Heartland of America
Google Pixel 5
Google Pixel 5a
  • Like
Reactions: miss and JimSmith94
S

sic0048

Senior Member
Jun 25, 2010
994
532
Google Pixel 6a
Google Pixel 7
Great write up! Thanks for putting it together.

You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.

Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
 
  • Like
Reactions: Bobbaloo, ipdev and vandyman
vandyman

vandyman

Senior Member
Jul 30, 2012
850
470
S.Jersey
Google Pixel 5
Google Pixel 6
sic0048 said:
Great write up! Thanks for putting it together.

You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.

Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
Click to expand...
Click to collapse
Exactly, I was guilty of not removing a Magisk module on my P5 when installing an update. And learned the hard way.

You really never know if there is some sort of residue left from your previous setup.
 
  • Like
Reactions: sic0048
V0latyle

V0latyle

Forum Moderator
Staff member
Feb 20, 2011
5,864
1
9,194
The Heartland of America
Google Pixel 5
Google Pixel 5a
sic0048 said:
Great write up! Thanks for putting it together.

You talk about booting the patched boot.img as an option instead of flashing it just to make sure everything is working correctly before they flash the patched file. I just want to really suggest to people that they do this anytime they are rooting after an update.

Sure it's an extra step (because you will have to flash the modified boot.img to make root permanent), but being able to simply reboot the phone if something goes wrong to get back to a working OS is priceless. You might think the odds are very low of something going wrong and causing a bootloop if you flash the boot.img before booting it, but experience has taught me this isn't the case. It's possible that there is a Magisk module that doesn't work with the update, or it's possible that user error will cause an issue (I have copied over the wrong patched boot.img from the phone before as an example). Whatever the case, if something goes wrong you will be glad you are only booting the patched boot.img file instead of flashing it!
Click to expand...
Click to collapse
You don't actually have to flash it. If you boot the patched image and it works, you should be able to use Direct Install in Magisk to patch the image in /boot. Then, next time you reboot, the device loads that image, which should be exactly the same as what you live booted.

But yes, it's very useful to be able to test.
 
  • Like
Reactions: EuphoricFuzion, sic0048 and ipdev
capntrips

capntrips

Senior Member
Aug 29, 2020
314
718
OnePlus 6T
Google Pixel 6
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:

github.com

Release v1.0.0-alpha01 · capntrips/VbmetaPatcher

initial commit
github.com github.com

The process should be considered experimental until a few other people have tested it. Should anyone attempt it, I would suggest backing up any critical data.

I'm also considering making a tool to restore the stock boot backup image, in case anyone fastboot flashed, rather than doing a direct install in the Magisk app. It could also be used to download the newly installed boot image from the inactive slot after an OTA, to avoid having to download the full factory image.

Unfortunately, patching boot in the inactive slot in Magisk was disabled for Pixel devices a while back, since it caused issues with starting back up. When the December OTA comes out, I'll probably take the plunge to see if I can figure out a way to make it work.

On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
 
Last edited:
  • Like
Reactions: Flawn, ipdev, B1nny and 1 other person
K

KedarWolf

Senior Member
Apr 27, 2012
295
157
capntrips said:
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:

github.com

Release v1.0.0-alpha01 · capntrips/VbmetaPatcher

initial commit
github.com github.com

The process should be considered experimental until a few other people have tested it.

I'm also considering making a tool to restore the stock boot backup image, in case anyone fastboot flashed, rather than doing a direct install in the Magisk app. It could also be used to download the newly installed boot image from the inactive slot after an OTA, to avoid having to download the full factory image.

Unfortunately, patching boot in the inactive slot in Magisk was disabled for Pixel devices a while back, since it caused issues with starting back up. When the December OTA comes out, I'll probably take the plunge to see if I can figure out a way to make it work.

On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
Click to expand...
Click to collapse

So, if I use this tool after rooting OTA updates will work and I'll still have root?

Edit: And can you explain more clearly the process on how to do this?
 
Last edited:
capntrips

capntrips

Senior Member
Aug 29, 2020
314
718
OnePlus 6T
Google Pixel 6
KedarWolf said:
So, if I use this tool after rooting OTA updates will work and I'll still have root?

Edit: And can you explain more clearly the process on how to do this?
Click to expand...
Click to collapse

No, the tool does nothing to maintain root. It simply allows you to take the OTA. You will still need to reboot into fastboot and flash or boot from a patched boot image.

The steps would be:
  1. Restore boot in the Magisk app
  2. Restore vbmeta in Vbmeta Patcher
  3. Take the OTA in System Updater
  4. Patch vbmeta in Vbmeta Patcher
  5. Patch the new boot image in the Magisk app and copy it to your computer
  6. Reboot into fastboot
  7. Boot from the new patched boot image
  8. Direct Install Magisk in the Magisk App
As I noted the quote post, this process should be considered experimental until it has been more thoroughly tested. You should consider backing up any critical data before attempting it, in case something goes wrong.

I'm working on another tool to make it a bit easier to acquire the new boot image in step 5, but that will likely be a few days. Hopefully we'll be able to install Magisk to the inactive slot on Pixel devices again in the future, which would consolidate steps 5-8.
 
Last edited:
  • Like
Reactions: wbedard, ipdev, Att.Fan1982 and 2 others
V0latyle

V0latyle

Forum Moderator
Staff member
Feb 20, 2011
5,864
1
9,194
The Heartland of America
Google Pixel 5
Google Pixel 5a
capntrips said:
I was able to take the SD1A.210817.019 to SD1A.210817.036 delta OTA via System Update by restoring my boot (via Magisk) and vbmeta (via dd) partitions back to stock, then patching vbmeta in both slots (again via dd) before rebooting. No data wipe required. To simplify that process, I made a tool to patch and restore the vbmeta partitions:
Click to expand...
Click to collapse
Patch vbmeta how? What does patching the image accomplish?
capntrips said:
On a related note, a fix that will allow Magisk to properly detect the current slot on Pixel 6 devices has been approved. Hopefully it'll get merged before the next mainline canary build, so we can stop using custom builds (or having to fastboot flash boot_b when on slot B).
Click to expand...
Click to collapse
This is good news. Would the same thing be accomplished by flashing the boot image to both slots using --slot=all?
 
  • Like
Reactions: ipdev
D

dadoc04

Senior Member
Mar 25, 2008
3,772
911
Jax and The DMV
Google Pixel 6 Pro
Samsung Galaxy Watch 4
lackalil said:
Confirmed working using Flash Tool method coming from 015 to 036. Used Magisk Alpha 23012 to patch boot image and pass SafetyNet on checker apps. GPay still doesn't work, though. It may be identifying that verity and/or verification is disabled. I don't use it, but it's generally what I confirm the SN fix with.
Click to expand...
Click to collapse


did the flash tool make you wipe when disabling verity and verification? I noticed it allows you to uncheck the wipe device option.... just curious thx
 
L

lackalil

Member
Mar 10, 2011
35
8
dadoc04 said:
did the flash tool make you wipe when disabling verity and verification? I noticed it allows you to uncheck the wipe device option.... just curious thx
Click to expand...
Click to collapse
If the build you're currently on has verity and verification disabled, you don't have to wipe when you update using the flash tool.

I haven't tried it without wiping from unrooted/stock vbmeta. It could well be possible despite a wipe being required when flashing using adb.
 
Last edited:
  • Like
Reactions: ipdev and dadoc04
You must log in or register to reply here.

Similar threads

H
How To Guide [Guide] Root Pixel 6 with Magisk + Unlock Bootloader + Pass SafetyNet + More
Replies
538
Views
97K
badabing2003
badabing2003
L
How To Guide Sim unlock tmobile pixel 6
Replies
142
Views
45K
G
GigaPVP
Typhus_
Themes / Apps / Mods [MOD][MAGISK][ANDROID 12] Addon Features for Pixel Devices - Pixel 6 Thread
Replies
366
Views
54K
Aks
Aks
H
How To Guide Converting Japanese Pixel 6 to Global version
Replies
127
Views
46K
crazykas
crazykas
MikeChannon
  • Sticky
General Google Pixel 6
Replies
38
Views
36K
henrycavill12
henrycavill12

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 2
    Lughnasadh
    Lughnasadh
    Admiral2145 said:
    On pixel 6 a/b is there away to flash both slots at the same time with fastboot?
    Click to expand...
    Click to collapse
    With Pixel Flasher you can. To do it manually you'll need to flash one slot, set the active slot to the other slot and then flash again.
    View
    1
    devilsshadow
    devilsshadow
    pa.pn2 said:
    Anyone else got a magisk canary update, but won't open after installation?
    Click to expand...
    Click to collapse
    yes and apparently it's a known "issue" that occurs when you blindly tap on the update notification without unhiding magisk first. No clue how to fix, will try with pixel flasher.

    EDIT: not fixed after updating to feb update via pixelflasher. No clue how to restore magisk atm.

    EDIT 2: known issue with the latest canary build. Either install the debug build for now, or wait for a fix.
    View
    1
    Lughnasadh
    Lughnasadh
    Xpargas said:
    I'm having trouble rooting my pixel 6.
    I rooted it a long time ago, but then I had to wipe it and it hasn't been rooted since.
    Bootloader is still unlocked.

    I extracted and patched the boot.img for the build I currently have installed (TQ1A.230205.001.D2, Feb 2023, T-Mobile, T-Mobile MVNOs).
    Transferred the patched boot.img back to my computer, rebooted to recovery, and then did the fastboot flash boot command.
    After rebooting, the phone just boot loops. I'm able to flash the stock boot.img back and it boots again.
    I've tried it several times and with Pixelflasher, but I just keep going into a boot loop. Not sure what i'm doing wrong.

    Thanks.

    Edit: Forgot to add that i'm using the latest Debug build of magisk. Tried the stable build also.
    Click to expand...
    Click to collapse
    You should be in fastboot mode, not recovery, to flash the patched image, but I'm assuming you are since you were able to flash the stock boot.img.

    Do you happen to have any Magisk mods still installed? If you have one that needs updating, that will cause a bootloop.
    View
    1
    X
    Xpargas
    Lughnasadh said:
    You should be in fastboot mode, not recovery, to flash the patched image, but I'm assuming you are since you were able to flash the stock boot.img.

    Do you happen to have any Magisk mods still installed? If you have one that needs updating, that will cause a bootloop.
    Click to expand...
    Click to collapse


    THANK YOU.
    Forgot I had some old modules installed. Did adb wait-for-device shell magisk --remove-modules and it booted and is rooted.
    View
    1
    DarkH2O
    DarkH2O
    From what I was able to find by searching, I can't root the Verizon version of the Pixel 6?
    View
  • 49
    V0latyle
    V0latyle
    ⚠️⚠️⚠️WARNING! IF YOU ARE UPDATING TO ANDROID 13 FOR THE FIRST TIME, READ THIS FIRST! ⚠️⚠️⚠️

    If you are looking for my guide on a different Pixel, find it here:
    For best results, use the latest stable Magisk release.
    Discussion thread for migration to 24.0+.
    Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.

    WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.

    Prerequisites:

    Android Source - Setting up a device for development

    Pixel OTA Images
    Pixel Factory Images
    Magisk Stable, Magisk Canary - Magisk GitHub

    1. Follow these instructions to enable Developer Options and USB Debugging.
    2. Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
    3. Connect your device to your PC, and open a command window in your Platform Tools folder.
    4. Ensure ADB sees your device:
      Code: 
      adb devices
      If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
      If you see "unauthorized", you need to authorize the connection on your device.
      If you see the device without "unauthorized", you're good to go.
    5. Reboot to bootloader:
      Code: 
      adb reboot bootloader
    6. Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
      Code: 
      fastboot flashing unlock
      Select Continue on the device screen.

    1. Install Magisk on your device.
    2. Download the factory zip for your build.
    3. Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
    4. Copy boot.img to your device.
    5. Patch boot.img with Magisk: "Install" > "Select and Patch a File"
    6. Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
    7. Reboot your device to bootloader.
    8. Flash the patched image:
      Code: 
      fastboot flash boot <drag and drop master root.img here>
    9. Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>

    1. Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
    2. Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
    3. Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
    4. You should now be updated with root.

    1. Download the OTA.
    2. Reboot to recovery and sideload the OTA:
      Code: 
      adb reboot sideload
      Once in recovery:
      Code: 
      adb sideload ota.zip
    3. When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
    4. Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
    5. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code: 
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.
    Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.

    Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
    1. Download the factory zip and extract the contents.
    2. Reboot to bootloader.
    3. Compare bootloader versions between phone screen and bootloader.img build number
      Code: 
      fastboot flash bootloader <drag and drop new bootloader.img here>
      If bootloader is updated, reboot to bootloader.
    4. Compare baseband versions between phone screen and radio.img build number
      Code: 
      fastboot flash radio <drag and drop radio.img here>
      If radio is updated, reboot to bootloader.
    5. Apply update:
      Code: 
      fastboot update --skip-reboot image-codename-buildnumber.zip
      When the update completes, the device will be in fastbootd. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code: 
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.
    Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
    The scripted commands should look like this:
    Code: 
    fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update  --skip-reboot <image-device-buildnumber.zip>
    Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.

    PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
    The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.

    For instructions, downloads, and support, please refer to the PixelFlasher thread.

    1. Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
    2. When the update completes, the device will be in fastbootd. Reboot to bootloader.
    3. Boot the master root image (See note 1):
      Code: 
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    4. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    5. Reboot your device. You should now be updated with root.

    SafetyNet has been deprecated for the new Play Integrity API. More information here.

    In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.

    However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.

    Mod available here. Do not use MagiskHide Props Config with this mod.

    This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.

    Zygisk + DenyList enabled
    All subcomponents of these apps hidden under DenyList:
    • Google Play Store
    • GPay
    • Any banking/financial apps
    • Any DRM media apps
    Modules:
    • Universal SafetyNet Fix 2.3.1 Mod - XDA post
    To check SafetyNet status:
    To check Play Integrity status:
    I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.

    Points of note:
    • The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
    • While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
      screenshot_20230323-072859-3-png.5870161
    • "Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
    • "App" simply shows the version of the app itself.
    • If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
    • If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
    • Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.


    Credits:
    Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
    View
    7
    V0latyle
    V0latyle
    Magisk Canary was updated to 23016 last night. This includes a fix for the vbmeta header issue, meaning that disabling verity/verification should no longer be required, and we should be able to root as we did before. This needs testing, make sure you back up your data and photos before you do this!

    Additionally, for the Pixel 6 and 6 Pro, fstab will now load from /system/etc which should fix the root issue many of you were having.

    Q: "If verity/verification are disabled, do I need to enable them now?"
    A: No. The only thing you have to do is update to Magisk 23016.
    Q: "Will enabling verity/verification wipe my data?"
    A: No.

    I will be updating the OP to reflect this.
    View
    5
    capntrips
    capntrips
    Magisk 24306 (release notes) is now available on the canary channel, and I can confirm that the installation to the inactive slot OTA method is working for the April update.
    View
    5
    soodz
    soodz
    V0latyle said:
    Interesting. How did you command the reboot?

    When I tried to update this way on my wife's 5a, it bootlooped back to the original slot.
    Click to expand...
    Click to collapse
    I always follow these steps once I know the OTA is available:

    1. Open Magisk and select 'Uninstall Magisk -> Restore Images'
    2. Open Settings and Download/Install OTA *DO NOT REBOOT*
    3. Go back to Magisk and select 'Install -> Install to Inactive Slot (After OTA)' *DO NOT REBOOT*
    4. Go back to Settings and 'Reboot' to finalize the OTA
    View
    5
    capntrips
    capntrips
    KedarWolf said:
    So, if I use this tool after rooting OTA updates will work and I'll still have root?

    Edit: And can you explain more clearly the process on how to do this?
    Click to expand...
    Click to collapse

    No, the tool does nothing to maintain root. It simply allows you to take the OTA. You will still need to reboot into fastboot and flash or boot from a patched boot image.

    The steps would be:
    1. Restore boot in the Magisk app
    2. Restore vbmeta in Vbmeta Patcher
    3. Take the OTA in System Updater
    4. Patch vbmeta in Vbmeta Patcher
    5. Patch the new boot image in the Magisk app and copy it to your computer
    6. Reboot into fastboot
    7. Boot from the new patched boot image
    8. Direct Install Magisk in the Magisk App
    As I noted the quote post, this process should be considered experimental until it has been more thoroughly tested. You should consider backing up any critical data before attempting it, in case something goes wrong.

    I'm working on another tool to make it a bit easier to acquire the new boot image in step 5, but that will likely be a few days. Hopefully we'll be able to install Magisk to the inactive slot on Pixel devices again in the future, which would consolidate steps 5-8.
    View

New posts