How To Guide [GUIDE] Pixel 6 "oriole": Unlock Bootloader, Update, Root, Pass SafetyNet

Search This thread

badabing2003

Senior Member
Sep 17, 2012
809
586
Simply typing flash-all in the command line should load and execute the correct script, regardless of what you're using.
And wipe the phone if done blindly without first editing it.

@itamargs just follow the guide or better yet what V0latyle said here
 

V0latyle

Forum Moderator
Staff member
And wipe the phone if done blindly without first editing it.

@itamargs just follow the guide or better yet what V0latyle said here
True. My assumption was that he'd already edited the script. One can always perform the commands manually, or use your tool! (I still haven't tried Pixel Flasher yet)
 
  • Like
Reactions: itamargs
Not quite correct...

flash-all.sh is a shell script for a Linux terminal and won't work on Windows.
flash-all.bat is a batch file that contains scripts for the Windows command line.

Simply typing flash-all in the command line should load and execute the correct script, regardless of what you're using. You are correct in that it's not a fastboot command in of itself; the script contains the fastboot commands used for flashing the device.

@C5Longhorn if you wanted to flash manually, here is the correct sequence to dirty flash the factory image to both slots:
  1. Download and extract factory package. Extract boot.img from image-oriole-buildnumber.zip. Patch boot.img in Magisk and copy back to the factory package folder. This can be done before or after the update; I personally prefer to do it before.
  2. Reboot to bootloader:
    Code:
    adb reboot bootloader
  3. Compare bootloader and baseband versions on device screen to the radio and bootloader files in the factory package. If different, or if you just want to be safe, update them:
    Code:
    fastboot flash bootloader --slot=all <drag and drop bootloader.img>
    Wait for flash to complete.
    Code:
    fastboot flash radio --slot=all <drag and drop radio.img>
    Wait for flash to complete
    Code:
    fastboot reboot bootloader
    Observe updated bootloader and baseband versions
  4. Dirty flash the factory image:
    Code:
    fastboot update --slot=all --skip-reboot <drag and drop image-oriole-buildnumber.zip>
    Wait for update to complete; watch command line. Device will reboot to fastboot mode during the process.
  5. When update completes, reboot to bootloader:
    Code:
    fastboot reboot bootloader
  6. Flash patched boot image:
    Code:
    fastboot flash boot --slot=all <drag and drop patched boot.img>
    Wait for flash to complete.
  7. Reboot to system:
    Code:
    fastboot reboot
  8. Your device should boot into updated system with root.
Do you have a specific reason for flashing to both slots, adding '--slot=all' to the fastboot update command? Or is it just a habit from past flashing/updating, thus don't fix what's not broke?
 

V0latyle

Forum Moderator
Staff member
Do you have a specific reason for flashing to both slots, adding '--slot=all' to the fastboot update command? Or is it just a habit from past flashing/updating, thus don't fix what's not broke?
It's not a necessity, but because I always update with the factory image, I flash both slots to ensure a failover if there's a problem with one.
 
  • Like
Reactions: phaino00

badabing2003

Senior Member
Sep 17, 2012
809
586
It's not a necessity, but because I always update with the factory image, I flash both slots to ensure a failover if there's a problem with one.
Actually it is safer without --slot=all

Let me give a scenario

Let's say in April you flashed to All and it is working, so both slots are good.
In May you flash to all and it turns out to be a bad one.
Now both slots are bad

On the other hand if you only flash to one, then you can change the slot and boot to the older image, granted it will get too old over time since flash all flashes to the active slot and not inactive one, but at least you still have a bootable older option.

Of course almost always flashing stock would fix it, but why risk messing both at the same time.
A better option (however takes more time) is once you confirm that it worked, switch the slot and flash to it as well, this way both slots would be current and functional.

I personally don't bother, I just flash to the active one, but that is a personal choice.

Thinking about it, perhaps the best option would be is to mimic the OTA slot approach with flash_all
basically just change the slot first, and then flash to the active slot, if it works you're good, if it doesn't you switch back and you only go back to the last month's version.
With this approach the inactive slot will only be 1 version behind.
 

V0latyle

Forum Moderator
Staff member
Actually it is safer without --slot=all

Let me give a scenario

Let's say in April you flashed to All and it is working, so both slots are good.
In May you flash to all and it turns out to be a bad one.
Now both slots are bad

On the other hand if you only flash to one, then you can change the slot and boot to the older image, granted it will get too old over time since flash all flashes to the active slot and not inactive one, but at least you still have a bootable older option.

Of course almost always flashing stock would fix it, but why risk messing both at the same time.
A better option (however takes more time) is once you confirm that it worked, switch the slot and flash to it as well, this way both slots would be current and functional.

I personally don't bother, I just flash to the active one, but that is a personal choice.

Thinking about it, perhaps the best option would be is to mimic the OTA slot approach with flash_all
basically just change the slot first, and then flash to the active slot, if it works you're good, if it doesn't you switch back and you only go back to the last month's version.
With this approach the inactive slot will only be 1 version behind.
I see what you're saying, and for the most part I agree. The only thing is, you'll always be flashing the factory image with a PC, so if something goes wrong you can just dirty flash the last working image.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    I wasn't referring to any particular one; I do know other tools use MinimalADB. But it looks like you've done a great job of keeping everything up to date with yours :) I may just have to try it out, even though I usually do everything the old fashioned way!
    I'm with you 100% though, I avoid tools if I can do it manually, if I understand the manual steps, I can get myself out of trouble, If I rely on a tool, then it becomes harder unless the tool is well supported.

    In fact, in the credits section of the documentation I explicitly encourage people to first learn and use the manual methods.
    1654534893906.png


    It's a balancing act that we always do, convenience always comes at some cost, after years of doing the manual steps I got lazy and wanted to automate some of the steps, which grew into the program it is now.

    Some aspects of it is truly convenient, like automated patching and single flashing without losing root.
    4
    I think the remove-modules isnt working because magisk isnt installed at the moment. When I tried when the phone is turned on I get the message:

    adb shell magisk --remove-modules
    /system/bin/sh: magisk: inaccessible or not found

    I tried to install the factory image with even bootloader and radio, but it's always the same bootloop after the big G and the loading animation for about 10 seconds.

    I have no idea how to proceed besides wiping the phone and starting from scratch...
    That command will still work even if you're not rooted.

    Removing or disabling Magisk Mods when in a bootloop

    Method 1: (Removing Mods)


    1. Turn off device

    2. adb wait-for-device shell magisk --remove-modules in command prompt

    3. Connect your phone to computer and turn it on.

    4. Phone tries to boot and the command should be accepted

    5. Wait until the command worked and the phone boots up without issues


    Method 2: (Disabling Mods)

    1. Boot into Safemode

    If Phone is On:

    Press and hold your phone's Power button.
    1. On your screen, touch and hold Power off .​
    2. After you see "Safe mode" at the bottom of your screen, wait to see if the problem goes away.​
    If Phone is Off:
    1. Press your phone's power button.​
    2. When the animation starts, press and hold your phone's volume down button. Keep holding it until the animation ends and your phone starts in safe mode.​
    3. You'll see "Safe mode" at the bottom of your screen.​
    2. Reboot

    3. Disable or remove mods

    If none of this works, you might want to try Android Flash Tool without wiping first.
    4
    Magisk Beta 25.0 is out. For those of you who don't like using Canary, this should incorporate all previous fixes.
    As a reminder, do not use Stable 24.3 if you update via OTA.
    3
    Magisk 25.1 was released yesterday. If you aren't already, please ensure you use this version from now on. This incorporates multiple fixes related to image patching, OTA updates, as well as 13 Beta support.
    2
    That command will still work even if you're not rooted.

    Removing or disabling Magisk Mods when in a bootloop

    Method 1: (Removing Mods)


    1. Turn off device

    2. adb wait-for-device shell magisk --remove-modules in command prompt

    3. Connect your phone to computer and turn it on.

    4. Phone tries to boot and the command should be accepted

    5. Wait until the command worked and the phone boots up without issues


    Method 2: (Disabling Mods)

    1. Boot into Safemode

    If Phone is On:

    Press and hold your phone's Power button.
    1. On your screen, touch and hold Power off .​
    2. After you see "Safe mode" at the bottom of your screen, wait to see if the problem goes away.​
    If Phone is Off:
    1. Press your phone's power button.​
    2. When the animation starts, press and hold your phone's volume down button. Keep holding it until the animation ends and your phone starts in safe mode.​
    3. You'll see "Safe mode" at the bottom of your screen.​
    2. Reboot

    3. Disable or remove mods

    If none of this works, you might want to try Android Flash Tool without wiping first.
    Finaly, method 2 worked :love:
    But I had to boot from patched boot.img first, when I just started the phone I wasn't able to disable the modules.
    Therefore method 1 didn't work, since the bootloop was before the adb wait-for-device shell magisk --remove-modules command could be sent from console.
  • 42
    If you are looking for my guide on a different Pixel, find it here:
    Update 6-20-22: Magisk 25.1 is recommended as this includes fixes for OTA updates, as well as support for the Android 13 beta.
    Discussion thread for migration to 24.0+.

    DO NOT use any version of Magisk lower than Canary 23016 as it does not yet incorporate the necessary fixes for Android 12 and your device.


    WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.

    Prerequisites:


    Android Source - Setting up a device for development


    1. Follow these instructions to enable Developer Options and USB Debugging.
    2. Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
    3. Connect your device to your PC, and open a command window in your Platform Tools folder.
    4. Ensure ADB sees your device:
      Code:
      adb devices
      If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
      If you see "unauthorized", you need to authorize the connection on your device.
      If you see the device without "unauthorized", you're good to go.
    5. Reboot to bootloader:
      Code:
      adb reboot bootloader
    6. Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
      Code:
      fastboot flashing unlock
      Select Continue on the device screen.

    1. Install Magisk on your device.
    2. Download the factory zip for your build.
    3. Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
    4. Copy boot.img to your device.
    5. Patch boot.img with Magisk: "Install" > "Select and Patch a File"
    6. Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
    7. Reboot your device to bootloader.
    8. Flash the patched image:
      Code:
      fastboot flash boot <drag and drop master root.img here>
    9. Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>

    1. Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
    2. Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
    3. Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
    4. You should now be updated with root.

    1. Download the OTA.
    2. Reboot to recovery and sideload the OTA:
      Code:
      adb reboot sideload
      Once in recovery:
      Code:
      adb sideload ota.zip
    3. When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
    4. Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
    5. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.
    Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.

    Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
    1. Download the factory zip and extract the contents.
    2. Reboot to bootloader.
    3. Compare bootloader versions between phone screen and bootloader.img build number
      Code:
      fastboot flash bootloader <drag and drop new bootloader.img here>
      If bootloader is updated, reboot to bootloader.
    4. Compare baseband versions between phone screen and radio.img build number
      Code:
      fastboot flash radio <drag and drop radio.img here>
      If radio is updated, reboot to bootloader.
    5. Apply update:
      Code:
      fastboot update --skip-reboot image-codename-buildnumber.zip
      When the update completes, the device will be in fastbootd. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.
    Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
    The scripted commands should look like this:
    Code:
    fastboot flash bootloader <bootloader image name>
    fastboot reboot bootloader
    ping -n 5 127.0.0.1 > nul
    fastboot flash radio <radio image name>
    fastboot reboot bootloader
    ping -n 5 127.0.0.1 > nul
    fastboot update  --skip-reboot --slot=all <image-device-buildnumber.zip>
    Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.

    1. Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
    2. When the update completes, the device will be in fastbootd. Reboot to bootloader.
    3. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    4. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    5. Reboot your device. You should now be updated with root.

    This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.

    Zygisk + DenyList enabled
    All subcomponents of these apps hidden under DenyList:
    • Google Play Store
    • GPay
    • Any banking/financial apps
    • Any DRM media apps
    Modules:
    To check SafetyNet status:
    I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.

    Points of note:
    • The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
    • While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
      screenshot_20211218-194517-png.5486339
    • "Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
    • "App" simply shows the version of the app itself.
    • If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
    • If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
    • Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.


    Credits:
    Thanks to @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
    7
    Magisk Canary was updated to 23016 last night. This includes a fix for the vbmeta header issue, meaning that disabling verity/verification should no longer be required, and we should be able to root as we did before. This needs testing, make sure you back up your data and photos before you do this!

    Additionally, for the Pixel 6 and 6 Pro, fstab will now load from /system/etc which should fix the root issue many of you were having.

    Q: "If verity/verification are disabled, do I need to enable them now?"
    A: No. The only thing you have to do is update to Magisk 23016.
    Q: "Will enabling verity/verification wipe my data?"
    A: No.

    I will be updating the OP to reflect this.
    5
    Magisk 24306 (release notes) is now available on the canary channel, and I can confirm that the installation to the inactive slot OTA method is working for the April update.
    5
    So, if I use this tool after rooting OTA updates will work and I'll still have root?

    Edit: And can you explain more clearly the process on how to do this?

    No, the tool does nothing to maintain root. It simply allows you to take the OTA. You will still need to reboot into fastboot and flash or boot from a patched boot image.

    The steps would be:
    1. Restore boot in the Magisk app
    2. Restore vbmeta in Vbmeta Patcher
    3. Take the OTA in System Updater
    4. Patch vbmeta in Vbmeta Patcher
    5. Patch the new boot image in the Magisk app and copy it to your computer
    6. Reboot into fastboot
    7. Boot from the new patched boot image
    8. Direct Install Magisk in the Magisk App
    As I noted the quote post, this process should be considered experimental until it has been more thoroughly tested. You should consider backing up any critical data before attempting it, in case something goes wrong.

    I'm working on another tool to make it a bit easier to acquire the new boot image in step 5, but that will likely be a few days. Hopefully we'll be able to install Magisk to the inactive slot on Pixel devices again in the future, which would consolidate steps 5-8.
    4
    This is very interesting but maybe a more accurate/calm title would be better :D