How To Guide [GUIDE] Pixel 6 "oriole": Unlock Bootloader, Update, Root, Pass SafetyNet

Search This thread

torsti

Senior Member
Jul 4, 2010
154
11
Update / Upgrade to android 13 same process as it was? Restore image in magisk, update and reboot in second slot?
 

V0latyle

Forum Moderator
Staff member
Update / Upgrade to android 13 same process as it was? Restore image in magisk, update and reboot in second slot?
Yes, this should work. Make sure you're using the latest version of Magisk as previous versions don't support Android 13.

Worth noting:
1660583705222.png


That being said, it's usually possible to run an older version of Android on newer bootloaders.

To test this, if you're planning on updating anyway, download the factory image and update the bootloader only without updating system.
 
Last edited:
  • Like
Reactions: pbsavages

badabing2003

Recognized Contributor
Sep 17, 2012
997
889
That being said, it's usually possible to run an older version of Android on newer bootloaders.

To test this, if you're planning on updating anyway, download the factory image and update the bootloader only without updating system.

FYI, I tried to live boot my Pixel 6 that was on A12 with A13 boot.img file, but that didn't work, then I tried to boot to patched A13, same story.
Just upgraded to A13 with PixelFlasher, that worked smoothly and kept root, at this point I have no interest of downgrading, but having that option would have been nice, I doubt that we would be able to.

By the way why is it dated June 24? two months old? does that mean that we're missing july and August security patches?
 

r00tcracker

Member
May 8, 2013
43
14
Mine is passing with the modded 2.3.1
I have not experienced any issues yet.
Wallet is also seems to be working, I was able to add a card.
Thank you!
I will wait until more reports come out, see if anything is not working properly before I update.

I know this is not a module thread, but do you by any change use any modules that were working before but not now?
I use LSPOSED and was wondering if that was still ok
Thanks again!
 

V0latyle

Forum Moderator
Staff member
FYI, I tried to live boot my Pixel 6 that was on A12 with A13 boot.img file, but that didn't work, then I tried to boot to patched A13, same story.
Just upgraded to A13 with PixelFlasher, that worked smoothly and kept root, at this point I have no interest of downgrading, but having that option would have been nice, I doubt that we would be able to.

By the way why is it dated June 24? two months old? does that mean that we're missing july and August security patches?
No idea. I believe you can downgrade /system, you just can't downgrade the bootloader.
Any early reports on passing safetynet on 13 with USNF 2.3.1?
Any issues? Etc?
No issues here on my Pixel 5

SafetyNet isn't really the concern anymore....Play Integrity is, and we will never be able to pass with unlocked bootloaders

More information here
 

suhas2k

Member
Hey, I have sideloaded A13 and extracted the boot.img from factory zip and patched it on magisk. When i try to fastboot boot the patched img, it reboots and is infinitely loading at the Google logo. The moment i reboot the original boot img it boots up. Using latest Magisk Canary
 

snake218

Senior Member
Nov 1, 2012
571
143
I tried to update uninstalling magisk and restoring image, but said i have no backup available.

So i used PixelFlasher to update and root again, using instructions on OP, all good.
 

V0latyle

Forum Moderator
Staff member
If I sideload the OTA do I need to extract and create a new master boot image from the A13 factory image to boot the master image?
Yes, however users updating via OTA are experiencing bootloops. Since you're downloading the factory image anyway I recommend using it to perform the update.
Hey, I have sideloaded A13 and extracted the boot.img from factory zip and patched it on magisk. When i try to fastboot boot the patched img, it reboots and is infinitely loading at the Google logo. The moment i reboot the original boot img it boots up. Using latest Magisk Canary
Use the factory image method. For some reason the OTA updates don't like the patched image.
 
  • Like
Reactions: GrandAdmiral
Yes, however users updating via OTA are experiencing bootloops. Since you're downloading the factory image anyway I recommend using it to perform the update.

Use the factory image method. For some reason the OTA updates don't like the patched image.
Done. Thanks. Will likely make the move to PixelFlasher moving forward since sideloading might no longer being an option.
 

hungyip84

Member
Dec 24, 2010
20
2
I forgot to patch the boot before flashing and now is stuck. Anyone can share the patched boot for 13.0?

Thanks.
 

V0latyle

Forum Moderator
Staff member
I forgot to patch the boot before flashing and now is stuck. Anyone can share the patched boot for 13.0?

Thanks.
How are you stuck? You don't have to patch the boot image before flashing; it just means you'll need to boot into system without root then use Magisk to patch the boot image just as you would have done before.
 

mbonus

Senior Member
Aug 18, 2010
961
547
Couple questions on A13 update assuming using full factory image with latest platform tools:

Is it best practice to flash both slots since there is no going back to A12 bootloader?

Is it a requirement to enable the -w flag when coming from July A12? (I understand it is probably best practice, but is it necessary?)

If both slots are A13, is it preferable to boot patched image and direct install in Majisk(25201)?
 

V0latyle

Forum Moderator
Staff member
Couple questions on A13 update assuming using full factory image with latest platform tools:

Is it best practice to flash both slots since there is no going back to A12 bootloader?
At least the bootloader, yes.
Is it a requirement to enable the -w flag when coming from July A12? (I understand it is probably best practice, but is it necessary?)
No.
If both slots are A13, is it preferable to boot patched image and direct install in Majisk(25201)?
It depends. If you want to be able to update via OTA in the future, use direct install. If you flash the patched image, Magisk won't have a backup of the stock boot image.
 
  • Like
Reactions: mbonus

airtower

Senior Member
Sep 9, 2010
1,102
362
Arlington, TX
Google Pixel 6
Couple questions on A13 update assuming using full factory image with latest platform tools:

Is it best practice to flash both slots since there is no going back to A12 bootloader?

Is it a requirement to enable the -w flag when coming from July A12? (I understand it is probably best practice, but is it necessary?)

If both slots are A13, is it preferable to boot patched image and direct install in Majisk(25201)?
Not necessary to wipe, just update it as you would an A12 factory image.
 
  • Like
Reactions: V0latyle and mbonus

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    There are 2 possibilities.
    1. You just tick "Flash on both slots", then A13 is installed to both slots
    2. You select "Custom Flash", select bootloader and select the bootloader image and flash to both slots.

    Cheers
    2
    So I used PixelFlasher to update to Android 13. Does it do this by default (or is this more a question for that thread)?
    I'm not sure what exactly "this" refers to in your question, if it is about flashing to both slots, then it is a choice in PixelFlasher, you choose what you want.
    The default is unselected, however the application remembers your last choices even after restarting.

    If "this" refers to whether you need to flash to both slots every month, the answer is not crispy clear, most often you don't, however if a bootloader bug is discovered that Google's does not want that specific version of bootloader to be downgradeable to, then it would be best to flash to both slots to make sure your older slot sides not inadvertently attempt to boot to it and cause a brick.
    This was the first we had seen from Google.
    1
    I started getting the error "This phone can't be set up to tap to pay" in the last week after I had to clear the data from play services. Anyone else getting this and find a workaround? I've followed all the steps to pass safetynet and it was working fine before this.
    It's because GPay/Wallet use the Play Integrity API, if available, which cannot be spoofed like SafetyNet.

    Have you followed OP's Pass Safetynet section?
    If you had followed that a while back, you need to download the modded module.
    This. The modded USNF module forces legacy SafetyNet attestation.
  • 46
    ⚠️⚠️⚠️WARNING! IF YOU ARE UPDATING TO ANDROID 13 FOR THE FIRST TIME, READ THIS FIRST! ⚠️⚠️⚠️

    If you are looking for my guide on a different Pixel, find it here:
    Update 6-20-22: Magisk 25.1 is recommended as this includes fixes for OTA updates, as well as support for the Android 13 beta.
    Discussion thread for migration to 24.0+.

    DO NOT use any version of Magisk lower than Canary 23016 as it does not yet incorporate the necessary fixes for Android 12 and your device.


    WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.

    Prerequisites:


    Android Source - Setting up a device for development


    1. Follow these instructions to enable Developer Options and USB Debugging.
    2. Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
    3. Connect your device to your PC, and open a command window in your Platform Tools folder.
    4. Ensure ADB sees your device:
      Code:
      adb devices
      If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
      If you see "unauthorized", you need to authorize the connection on your device.
      If you see the device without "unauthorized", you're good to go.
    5. Reboot to bootloader:
      Code:
      adb reboot bootloader
    6. Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
      Code:
      fastboot flashing unlock
      Select Continue on the device screen.

    1. Install Magisk on your device.
    2. Download the factory zip for your build.
    3. Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
    4. Copy boot.img to your device.
    5. Patch boot.img with Magisk: "Install" > "Select and Patch a File"
    6. Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
    7. Reboot your device to bootloader.
    8. Flash the patched image:
      Code:
      fastboot flash boot <drag and drop master root.img here>
    9. Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>

    1. Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
    2. Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
    3. Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
    4. You should now be updated with root.

    1. Download the OTA.
    2. Reboot to recovery and sideload the OTA:
      Code:
      adb reboot sideload
      Once in recovery:
      Code:
      adb sideload ota.zip
    3. When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
    4. Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
    5. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.
    Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.

    Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
    1. Download the factory zip and extract the contents.
    2. Reboot to bootloader.
    3. Compare bootloader versions between phone screen and bootloader.img build number
      Code:
      fastboot flash bootloader <drag and drop new bootloader.img here>
      If bootloader is updated, reboot to bootloader.
    4. Compare baseband versions between phone screen and radio.img build number
      Code:
      fastboot flash radio <drag and drop radio.img here>
      If radio is updated, reboot to bootloader.
    5. Apply update:
      Code:
      fastboot update --skip-reboot image-codename-buildnumber.zip
      When the update completes, the device will be in fastbootd. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.
    Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
    The scripted commands should look like this:
    Code:
    fastboot flash bootloader <bootloader image name>
    fastboot reboot bootloader
    ping -n 5 127.0.0.1 > nul
    fastboot flash radio <radio image name>
    fastboot reboot bootloader
    ping -n 5 127.0.0.1 > nul
    fastboot update  --skip-reboot <image-device-buildnumber.zip>
    Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.

    PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
    The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.

    For instructions, downloads, and support, please refer to the PixelFlasher thread.

    1. Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
    2. When the update completes, the device will be in fastbootd. Reboot to bootloader.
    3. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    4. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    5. Reboot your device. You should now be updated with root.

    Please note that the SafetyNet API has been deprecated for the Play Integrity API. Because Play Integrity relies on Hardware Key Attestation for the MEETS_STRONG_INTEGRITY evaluationType, it is not possible, nor will it ever be, to pass Play Integrity on a modified system with an unlocked bootloader. More information here.

    However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod forces the "old" SafetyNet attestation, as if your device were running a version of Android older than 8.0.

    Mod available here. Do not use MagiskHide Props Config with this mod.

    Please note that this is a temporary solution; any apps that remove legacy support for SafetyNet will not benefit from this; the only reason this hasn't already happened is because doing so would prevent anyone using legacy Android versions older than 8.0 from using said apps.

    This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.

    Zygisk + DenyList enabled
    All subcomponents of these apps hidden under DenyList:
    • Google Play Store
    • GPay
    • Any banking/financial apps
    • Any DRM media apps
    Modules:
    • Universal SafetyNet Fix 2.3.1 Mod - XDA post
    To check SafetyNet status:
    To check Play Integrity status:
    I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.

    Points of note:
    • The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
    • While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
      screenshot_20211218-194517-png.5486339
    • "Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
    • "App" simply shows the version of the app itself.
    • If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
    • If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
    • Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.


    Credits:
    Thanks to @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
    7
    Magisk Canary was updated to 23016 last night. This includes a fix for the vbmeta header issue, meaning that disabling verity/verification should no longer be required, and we should be able to root as we did before. This needs testing, make sure you back up your data and photos before you do this!

    Additionally, for the Pixel 6 and 6 Pro, fstab will now load from /system/etc which should fix the root issue many of you were having.

    Q: "If verity/verification are disabled, do I need to enable them now?"
    A: No. The only thing you have to do is update to Magisk 23016.
    Q: "Will enabling verity/verification wipe my data?"
    A: No.

    I will be updating the OP to reflect this.
    5
    Magisk 24306 (release notes) is now available on the canary channel, and I can confirm that the installation to the inactive slot OTA method is working for the April update.
    5
    Interesting. How did you command the reboot?

    When I tried to update this way on my wife's 5a, it bootlooped back to the original slot.
    I always follow these steps once I know the OTA is available:

    1. Open Magisk and select 'Uninstall Magisk -> Restore Images'
    2. Open Settings and Download/Install OTA *DO NOT REBOOT*
    3. Go back to Magisk and select 'Install -> Install to Inactive Slot (After OTA)' *DO NOT REBOOT*
    4. Go back to Settings and 'Reboot' to finalize the OTA
    5
    So, if I use this tool after rooting OTA updates will work and I'll still have root?

    Edit: And can you explain more clearly the process on how to do this?

    No, the tool does nothing to maintain root. It simply allows you to take the OTA. You will still need to reboot into fastboot and flash or boot from a patched boot image.

    The steps would be:
    1. Restore boot in the Magisk app
    2. Restore vbmeta in Vbmeta Patcher
    3. Take the OTA in System Updater
    4. Patch vbmeta in Vbmeta Patcher
    5. Patch the new boot image in the Magisk app and copy it to your computer
    6. Reboot into fastboot
    7. Boot from the new patched boot image
    8. Direct Install Magisk in the Magisk App
    As I noted the quote post, this process should be considered experimental until it has been more thoroughly tested. You should consider backing up any critical data before attempting it, in case something goes wrong.

    I'm working on another tool to make it a bit easier to acquire the new boot image in step 5, but that will likely be a few days. Hopefully we'll be able to install Magisk to the inactive slot on Pixel devices again in the future, which would consolidate steps 5-8.