How To Guide [GUIDE] Pixel 6 Pro "raven": Unlock Bootloader, Update, Root, Pass SafetyNet

Search This thread

V0latyle

Forum Moderator
Staff member
I read elsewhere on here about a recent google wallet update breaking use on rooted phones, and a safety net fix update sorting it out. anyone experienced any problems? it's still working fine for me with the safety net fix from ages ago (2.21?).
It's not Wallet itself, it's the whole underlying security platform Google is using. Previously, they depended almost solely on SafetyNet. Then, they introduced more software methods with Play Protect Certification. Now, they're replacing both of these with the Play Integrity API, which for as yet unknown reasons is still able to detect root.
Don't know about wallet but newest safetynet fix is 2.3.1
USNF 2.3.1 has been out for nearly a month, and as far as I know does not incorporate anything for the Play Integrity API.
 

whatsisnametake2

Senior Member
Sep 15, 2008
338
125
Samsung Galaxy S7
Google Pixel 6 Pro
It's not Wallet itself, it's the whole underlying security platform Google is using. Previously, they depended almost solely on SafetyNet. Then, they introduced more software methods with Play Protect Certification. Now, they're replacing both of these with the Play Integrity API, which for as yet unknown reasons is still able to detect root.

USNF 2.3.1 has been out for nearly a month, and as far as I know does not incorporate anything for the Play Integrity API.
so has this not fully rolled out yet or something? wondering why my device is unaffected?
 

whatsisnametake2

Senior Member
Sep 15, 2008
338
125
Samsung Galaxy S7
Google Pixel 6 Pro
It's not Wallet itself, it's the whole underlying security platform Google is using. Previously, they depended almost solely on SafetyNet. Then, they introduced more software methods with Play Protect Certification. Now, they're replacing both of these with the Play Integrity API, which for as yet unknown reasons is still able to detect root.

USNF 2.3.1 has been out for nearly a month, and as far as I know does not incorporate anything for the Play Integrity API.

It's not Wallet itself, it's the whole underlying security platform Google is using. Previously, they depended almost solely on SafetyNet. Then, they introduced more software methods with Play Protect Certification. Now, they're replacing both of these with the Play Integrity API, which for as yet unknown reasons is still able to detect root.

USNF 2.3.1 has been out for nearly a month, and as far as I know does not incorporate anything for the Play Integrity API.
apparently this update does bypass the play integrity API problem

 

V0latyle

Forum Moderator
Staff member
apparently this update does bypass the play integrity API problem

Except it doesn't. I've had it installed since release and I still get the GPay security message.
 

NippleSauce

Senior Member
Jun 23, 2013
451
302
Mine is working properly including security. You may already tried: Install the Shamiko module and then configure the DenyList in Magisk but "DO NOT" enable the "Enforce DenyList", it works for me.
Exactly. Having NFC payments work isn't necessarily based on what you have installed, but it is based on the order in which you set things up on your phone after an update and/or after rooting.

I am in the same boat as you and it always works for me without using Shamiko or using the DenyList. #IYKYK =)
 

EastonCo

New member
Jun 9, 2022
3
2
Update and Root Factory Image is the one I use everytime. I can never get it to work without getting a "corrupt" notice by simply using the OTA. I don't mind though, I prefer just manually doing it every update then I know exactly what is going on.
 
  • Like
Reactions: roirraW "edor" ehT

V0latyle

Forum Moderator
Staff member
Update and Root Factory Image is the one I use everytime. I can never get it to work without getting a "corrupt" notice by simply using the OTA. I don't mind though, I prefer just manually doing it every update then I know exactly what is going on.
Yeah, patching the out of band OTA has been troublesome for a lot of people.
 
  • Like
Reactions: roirraW "edor" ehT

Cornloaf

Member
Jul 9, 2007
24
1
Has anyone had luck with the GPS patch that came out last week? I went through the steps to uninstall Magisk, install the OTA, install Magisk to the inactive slot, reboot... I get the corrupted image and it hangs on boot. There is no full image file to download and extract a new boot.img. I tried using the July 2022 boot.img, patched it, flashed it and the device rebooted without the GPS fix.
 

Nergal di Cuthah

Senior Member
Sep 20, 2013
1,861
952
Google Pixel 6 Pro
There is no full image file to download and extract a new boot.img.
What do you mean all the released have a full image to extract the boot from. I just did it yesterday. The easiest wayvto update isnt the uninstall of magiisk. It often corrupts like you described. Use pixel flasher from google. Patch the boot (from the latest full image) and flash it in fastboot
 

Cornloaf

Member
Jul 9, 2007
24
1
What do you mean all the released have a full image to extract the boot from. I just did it yesterday. The easiest wayvto update isnt the uninstall of magiisk. It often corrupts like you described. Use pixel flasher from google. Patch the boot (from the latest full image) and flash it in fastboot
The update that I got over OTA is not available to download. This was the extra fix outside of the August 2022 update. I normally uninstall Magisk, do the full update without wipe, patch the boot.img file with no issues. Since there is no OTA or Full Image released with this patch, I can't use this method.

 

Nergal di Cuthah

Senior Member
Sep 20, 2013
1,861
952
Google Pixel 6 Pro
The GPS fix factory image is available. It has a suffix of .004

I believe it was uploaded last Thursday.
So it's newer than Screenshot_20220808-140336.png
Which was released july 20something?
 

Top Liked Posts

  • 1
    Sorry to go off-topic here a bit, but does anyone on a Pixel 6 (or 6 Pro, I suppose) have Google Wallet working for tap to pay payments with root (I'm on stock firmware, just upgraded to Android 13, but it had not been working for me the past couple of months on 12 either).

    I'm on the very latest Magisk (25203), have the latest Universal SafetyNet Fix (2.3.1), have hidden Magisk and have Shamiko (I think) running blacklist for tons of apps (everything I could see that was system/OS/Google/Android) and it still doesn't work.

    It *was* working for me at one point in the summer for a couple of months. Just wondering if this is a known issue or maybe I've just missed something.
    You should probably refer to this thread. Much discussion about it. Also, search for USNF mod by Displax.

    1
    You should probably refer to this thread. Much discussion about it. Also, search for USNF mod by Displax.

    I also updated the OP some time ago to explain why this happens and exactly what to do to fix it.

    Right here.
    1
    You should probably refer to this thread. Much discussion about it. Also, search for USNF mod by Displax.

    Thanks! I'll head over there. I was in this forum trying to filter out all of the stuff not needed for Pixel 6 users, but I will tackle that thread now.
    1
    It does for me, even in an incognito window...
    Ah, I should've specified: doesn't work for me in Firefox! I see that it does work in Chrome & Edge. I'm embarrassed to admit I've not run across that Text Fragments feature before. Thanks for introducing me to it!
    1
    Ah, I should've specified: doesn't work for me in Firefox! I see that it does work in Chrome & Edge. I'm embarrassed to admit I've not run across that Text Fragments feature before. Thanks for introducing me to it!
    People still use Firefox??? :p
  • 5
    Thanks all,
    OEM is already unlocked.
    with out --slot all command , i have the same issue:

    C:\Users\Admin\Desktop\platform-tools_r33.0.3-windows\platform-tools>fastboot flash boot magisk_patched-25200_LDJee.img
    Warning: skip copying boot_b image avb footer (boot_b partition size: 67108864, boot_b image size: 100663296).
    Sending 'boot_b' (98304 KB) OKAY [ 2.306s]
    Writing 'boot_b' (bootloader) unable to update boot image: use unmerged...
    FAILED (remote: 'failed to flash partition (boot_b)')
    fastboot: error: Command failed
    C:\Users\Admin\Desktop\platform-tools_r33.0.3-windows\platform-tools>

    Jumped from a android 12 original rom rooted to android 13.

    i have also sideloaded android 13 after applying the android 13 upgrade.
    Are you using the correct boot image to patch? The size seems to be off. The boot image should be around 64 MB. Looks like you may be using a boot image from a different device.
    5
    The need for Displax's USNF mod depends are what you are trying to do. For example, many people need that mod to use the new Google Wallet. For other things, kdragon's USNF may be sufficient.
    4
    It took me a while to get comfortable with it myself and to figure it out, but this is what I've been doing with every update since July for my P6P (including upgrading to 13):

    1. Uninstall Magisk with restore (can leave modules)
    2. Hook phone to PC & switch to file transfer
    3. Open cmd prompt
    4. adb reboot fastboot
    5. Navigate to and select recovery
    6. Select apply update from adb > click power button to select
    7. adb sideload ota raven-ota-<whatever>.zip
    8. Reboot phone, allow setup to finish
    9. Extract full zip
    10. Extract boot.img from the other zip within the folder
    11. Copy boot.img to the phone
    12. Reinstall Magisk
    13. Patch boot.img
    14. Disconnect/reconnect phone from/to computer and select File Transfer again
    15. Copy patched boot img back to computer
    16. adb reboot fastboot
    17. fastboot flash boot --slot=all magisk_patched-<whatever>.img
    18. Reboot phone
    Hello! In general, your method looks fine to me just on a quick inspection - however, the main problem with Android 13 is when the bootloader (not boot) isn't installed to both slots. Until the Android 13 Stable bootloader is flashed to both slots, there is a chance that you could wind up with a fully bricked phone that can only be repaired by sending it in to Google.

    The very first thing anyone (who is concerned) should do when manually updating on any Pixel 6 is:
    Code:
    adb reboot bootloader
    fastboot --slot all flash bootloader bootloader.img

    After that, all update processes can be done absolutely just like any other month - no matter what method you use.
    4
    Thanks for your reply.

    Upgraded to 33.0.3 but i have the same issue.
    I use the image from the last android 13 official rom : 13.0.0 (TP1A.220624.021, Aug 2022)
    Right, but for which device (raven, oriole, bluejay, etc) and what is the exact name of the image you are patching (boot.img, vbmeta.img, etc).
    Where did you download it from? The ONLY acceptable source for Magisk APKs is the official GitHub, linked in the OP.

    When you're asked specific questions, you should give specific answers. If you don't give us the information we ask for, we can't be of much help.
    size: 67108864, boot_a image size: 100663296).
    Sending 'boot_a' (98304 KB)
    The image size is wrong, I think you're using the wrong image as @Lughnasadh pointed out. The size looks similar to the boot image of the 765G devices (4a 5g, 5, 5a) at 98,304KB (100,663,296 bytes). The correct boot image size for the Raven is 65,536KB (67,108,864 bytes)

    Make sure you are using THIS factory package, and ONLY use the boot image from it.

    The boot image you have been using is NOT from a Tensor series factory package. I don't know where you got it from, but you either took some shortcuts or ignored the instructions completely.
    4
    Yeah, he does know about this. Probably just slipped his mind.
    Also been crazy busy so while I have 5 min here and there to post replies, haven't had time to edit the OP. Typing this on my phone with my cat staring at me and the shower running, less than 40 min til I have to leave for work

    Edited while my breakfast cooks
  • 91
    ⚠️⚠️⚠️ WARNING! IF YOU ARE UPDATING TO ANDROID 13 FOR THE FIRST TIME, READ THIS FIRST!⚠️⚠️⚠️

    If you are looking for my guide on a different Pixel, find it here:
    Update 6-20-22: Magisk 25.1 is recommended as this includes fixes for OTA updates, as well as support for the Android 13 beta.
    Discussion thread for migration to 24.0+.

    DO NOT use any version of Magisk lower than Canary 23016 as it does not yet incorporate the necessary fixes for Android 12 and your device.


    WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.

    Prerequisites:


    Android Source - Setting up a device for development


    1. Follow these instructions to enable Developer Options and USB Debugging.
    2. Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
    3. Connect your device to your PC, and open a command window in your Platform Tools folder.
    4. Ensure ADB sees your device:
      Code:
      adb devices
      If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
      If you see "unauthorized", you need to authorize the connection on your device.
      If you see the device without "unauthorized", you're good to go.
    5. Reboot to bootloader:
      Code:
      adb reboot bootloader
    6. Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
      Code:
      fastboot flashing unlock
      Select Continue on the device screen.

    1. Install Magisk on your device.
    2. Download the factory zip for your build.
    3. Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
    4. Copy boot.img to your device.
    5. Patch boot.img with Magisk: "Install" > "Select and Patch a File"
    6. Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
    7. Reboot your device to bootloader.
    8. Flash the patched image:
      Code:
      fastboot flash boot <drag and drop master root.img here>
    9. Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>

    1. Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
    2. Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
    3. Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
    4. You should now be updated with root.

    1. Download the OTA.
    2. Reboot to recovery and sideload the OTA:
      Code:
      adb reboot sideload
      Once in recovery:
      Code:
      adb sideload ota.zip
    3. When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
    4. Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
    5. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.
    Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.

    Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
    1. Download the factory zip and extract the contents.
    2. Reboot to bootloader.
    3. Compare bootloader versions between phone screen and bootloader.img build number
      Code:
      fastboot flash bootloader <drag and drop new bootloader.img here>
      If bootloader is updated, reboot to bootloader.
    4. Compare baseband versions between phone screen and radio.img build number
      Code:
      fastboot flash radio <drag and drop radio.img here>
      If radio is updated, reboot to bootloader.
    5. Apply update:
      Code:
      fastboot update --skip-reboot image-codename-buildnumber.zip
      When the update completes, the device will be in fastbootd. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.
    Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
    The scripted commands should look like this:
    Code:
    fastboot flash bootloader <bootloader image name>
    fastboot reboot bootloader
    ping -n 5 127.0.0.1 > nul
    fastboot flash radio <radio image name>
    fastboot reboot bootloader
    ping -n 5 127.0.0.1 > nul
    fastboot update  --skip-reboot <image-device-buildnumber.zip>
    Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.

    PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
    The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.

    For instructions, downloads, and support, please refer to the PixelFlasher thread.

    1. Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
    2. When the update completes, the device will be in fastbootd. Reboot to bootloader.
    3. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
    4. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    5. Reboot your device. You should now be updated with root.

    Please note that the SafetyNet API has been deprecated for the Play Integrity API. Because Play Integrity relies on Hardware Key Attestation for the MEETS_STRONG_INTEGRITY evaluationType, it is not possible, nor will it ever be, to pass Play Integrity on a modified system with an unlocked bootloader. More information here.

    However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod forces the "old" SafetyNet attestation, as if your device were running a version of Android older than 8.0.

    Mod available here. Do not use MagiskHide Props Config with this mod.

    Please note that this is a temporary solution; any apps that remove legacy support for SafetyNet will not benefit from this; the only reason this hasn't already happened is because doing so would prevent anyone using legacy Android versions older than 8.0 from using said apps.

    This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.

    Zygisk + DenyList enabled
    All subcomponents of these apps hidden under DenyList:
    • Google Play Store
    • GPay
    • Any banking/financial apps
    • Any DRM media apps
    Modules:
    • Universal SafetyNet Fix 2.3.1 Mod - XDA post
    To check SafetyNet status:
    To check Play Integrity status:
    I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.

    Points of note:
    • The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
    • While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
      screenshot_20211218-194517-png.5486339
    • "Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
    • "App" simply shows the version of the app itself.
    • If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
    • If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
    • Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.


    Credits:
    Thanks to @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
    9
    Magisk Stable is now at version 24.1, so I will no longer be providing any Magisk updates.

    You can use any version of Magisk now - Stable, Beta, or Canary. as long as it is 23016 or newer.

    Once again, if you want to switch versions of Maagisk, it is HIGHLY RECOMMENDED that you "Complete Uninstall" within Magisk before installing the new version. Multiple instances of Magisk can break root.

    If you simply want to update Magisk, the best way to do so is from within the app.


    Once the February update is out, I will perform some testing with installing to inactive slot, and if it works, I will update this guide.

    Given the low activity on this thread, I will probably close it if everything goes well with the next update.

    Thank you all for your testing and contributions.
    8
    My update process is to remove vbmeta.img (in addition to removing the -w flag in the flash-all script) from the factory zip before I flash it in fastboot. Seems to have worked so far, ymmv.
    7
    Magisk Canary updated to 23019
    Changes:
    - [Zygisk] Skip loading modules into the Magisk app to prevent conflicts
    - [MagiskBoot] Change `zopfli` to a more reasonable config so it doesn't take forever
    - [General] Several `BusyBox` changes

    Preferred method of update is from within Magisk app.


    If installing for the first time, here is the APK Download
    7
    I just used this method, (same one described on Magisk website here https://topjohnwu.github.io/Magisk/ota.html) and it worked perfectly, both root and safetynet.
    Can someone explain to me why you see all kind of guide to update which are far more complicated than that ?
    Part of it is due to device differences - non A/B devices can't use seamless updates, so re-rooting is only possible by either patching the boot image directly, or by flashing Magisk in a custom recovery.

    Part of it is also due to user preferences. Some people, like me, prefer to update using the factory images, instead of OTA.

    And part of it is probably a bit of misinformation mixed in with anecdotes, where people who don't fully understand how the process works, but they declare that something has to be done a certain way because of what worked for them.

    I try to stick to the first two. I've spent a lot of time learning about how Android works, so I make a point of providing instructions that align with how everything is supposed to be done, while accommodating alternatives for those who want them.

    Are you 100% sure?

    Cause topjohnwu said that OTA patching from within Magisk was broken for Pixel devices.

    See here

    Notice the date of that post, 16 months ago. Magisk Canary 23017 re-incorporated the ability to install to inactive slots.

    I have been following the commits closely, so when 23017 was released, I announced it in my guides. Had you read back a couple pages, your question has been answered.

    If you don't believe me, check the commits here.