• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

How To Guide [GUIDE] Root Pixel 6 Pro "raven" with Magisk

Search This thread
Are you using Chrome if not try that, Google is notorious for not working in other browsers
Yes, it is Chrome (was not working as you say in Firefox). Maybe there is still ad blocking going on, I will check.

The other issue...this step where I have to edit the flash-all.bat file in the platform-tools folder. There is no such file in the latest platform tools I have for Windows. There is flash-all in the factory image zip file. What's up with that?
 
  • Like
Reactions: roirraW "edor" ehT
That's where flash all comes from
Ok thank you, just checking. On this thread:

The OP says it's in the platform-tools package.
 

roirraW "edor" ehT

Recognized Contributor
Ok thank you, just checking. On this thread:

The OP says it's in the platform-tools package.
It also says (near the top of the instructions):

-download latest factory image, unzip image.zip, then unzip the second image.zip, copy the contents of the second image.zip into the same platform tools folder that has the fastboot application in it, then open the image.zip you just copied into the fastboot folder and copy the boot.img and paste it somewhere on your PC.
:)
 
Hmm....ok those instrusctions are still somewhat confusing....let me try...

you want to copy the contents of the FIRST image into the platform-tools folder if you want the flash-all to be there. Not the second. However, the second image has all the boot.img files.
 

roirraW "edor" ehT

Recognized Contributor
Doh!! Thanks backwards guy!

OK, but what about the website flash tool? I still can't get past the "select build" screen. There is no screen where you can uncheck the verity stuff like I had before.
LOL! You're welcome. I have never actually used that method at all, so I can't help you there.

You know, at this point, you might just want to go ahead and wait until the OTA that'll come out in about 15.5 hours, otherwise you'll have to jump through some hoops again to get the latest OTA while having disabled verity and verification. You'll have to do that eventually (if you want updates) anyway, but probably not ideal to do it right away just after you (hopefully otherwise) figure out the current hoops you're jumping through.
 
  • Like
Reactions: galaxys
ok I will take that advice.
I thought I have to do this anyway since I can't install through normal OTA process on the phone or else it will remove root. And i think that is also what you are saying....

Anyway, just got stuck on the android flash tool screen, I think everything was working. And the original root process where I used the same tool did have the options for verity. So not sure what to do.
 

roirraW "edor" ehT

Recognized Contributor
Afraid XDA gang will be testing a lot next week 😳😉📴📱
giphy.gif
 

essdee

Member
Oct 29, 2010
25
8
Google Pixel 6
So, hypothetically... Let's say someone unwisely decided to update their Pixel 6 to the latest factory image in the same way they used to do it, by just removing the '-w' from the fastboot command in flash-all.bat, therefore allowing the phone to reboot itself prematurely and destroy any possibility of regaining root without a factory reset.

Does anyone know any way, without root, to make some kind of backup of the current data and apps that could be copied back onto the phone after a wipe to at least minimize the effort required to undo such a foolish mistake?

Or is this hypothetical person basically screwed?
 
Last edited:
  • Wow
Reactions: roirraW "edor" ehT

Top Liked Posts

  • 3
    For all those having difficulty with the January update: I suggest you update using the factory image method. Just follow the instructions in the OP and you'll be fine.
    Yep, factory method worked like a charm. 0 problems updating from Dec to Jan.
    4
    For those of you interested, looks like enabling installation to the inactive slot on Pixel devices during OTAs has been merged. Think that was the final piece needed (after the bootctl update was added earlier). Looks like it will be in the next Canary.

    @V0latyle

    Screenshot 2022-01-18 081730.png
    2
    Thanks, Warrior!
    Got it rooted, Zygisk installed, and it passes SafetyNet.
    Now to get the apps over and configured.

    Question: What's everyone using for recovery? I don't see that TWRP has a version specifically for this phone yet.
    Can we use the version for the Pixel 5?
    TIA!
    There is no custom recovery available for this phone yet, not that there is much of a use-case at the moment. DO NOT use the Pixel 5 custom recovery on the Pixel 6 series. Perhaps when TWRP updates to Android 12 we'll see a custom recovery, but that'll take a while.
    3
    Thanks, Warrior!
    Got it rooted, Zygisk installed, and it passes SafetyNet.
    Now to get the apps over and configured.

    Question: What's everyone using for recovery? I don't see that TWRP has a version specifically for this phone yet.
    Can we use the version for the Pixel 5?
    TIA!
    You're welcome! Glad it's rooted and all without trouble (sounds like). I use Google's own backup feature (and I also started paying for Google One a few months ago) so that I can cloud restore most things on a fresh phone. These days to restore from Google's cloud backup, when you tell it you want to restore data from another phone, then answer that you don't actually have the phone available to restore from, and then Google's OOBE (Out of Box Experience) will offer the cloud restore function.

    Since I'm rooted, I started using Swift Backup (paid for it) - backing up solely to my free cloud choice of Mega.nz for now so that I can keep my 512 GB of storage free mainly for tons of FLAC-formatted music and temporary storage of recording long videos.

    In case anyone's curious why don't I use Google Drive since I'm paying for it, 1) I don't want too many eggs in the same basket, 2) it's possible I'll downgrade my 2 TB plan to fit my immediate needs, as I got the 2 TB plan at the time in order to get the 10% Google Store credit back on all direct purchases, and 3) There isn't much I need to use my free 50 GB Mega.nz for anyway.

    I typically still restore my apps using Google Cloud and then I restore selective app data from my cloud backup only for particularly troublesome apps to set back up, and as I need it.
    1
    For all those having difficulty with the January update: I suggest you update using the factory image method. Just follow the instructions in the OP and you'll be fine.

    Thank you for this. I applied the January OTA to the November release, fastbooted with my patched November <master root.img> and Magisk refused to install. For reference:
    • The bootloader and radios did not need to be updated from the January factory image but I did need to extract boot.img from the factory update, patch it with Magisk and use that version to fastboot.
    • Magisk came up after the first boot claiming to be installed, with the "direct install" option. After doing a direct install and rebooting from Magisk root access was restored.
    • I had to "re-hide" Magisk but my DenyList was preserved.
  • 6
    This may be some welcome news to some of you:

    Magisk Alpha now supports installing to the inactive slot on Pixel devices, which should simplify things for those of you who prefer to update via OTA.

    This is Alpha software, use at your own risk! It will probably break some things! The last commit failed to build, but I am sure it'll be fixed soon.

    Github download page
    5
    Tried rebooting again? Since I haven't messed with Outlook in many years, no idea if it's normal for it to detect despite everything else. Might be detecting the unlocked bootloader or OEM unlocking toggle enabled, which as far as I know, there's no way to hide either.
    I figured it out... There are lots of dependant apps for my corporate email and though I had them all hidden, I didn't realize that checking the box didn't fully hide all parts of each app. So after expanding Outlook, Company Portal, etc. And ensuring everything was hidden, rebooted and it now works!
    4
    As @Lughnasadh pointed out, verity and verification are enabled by default. They cannot be manually enabled; they can only be manually disabled.

    Now that disabling them is not necessary, you simply do not need to worry about them. They don't need to be re-enabled. All you have to do next update is not think about them - it's literally that simple.

    For the sake of information, those flags are set when the /vbmeta partition is written. Magisk is not involved in that process in any way.
    4
    After many years i'd like to root again. But i am afraid that my banking and some authenticators won't work anymore. Can i reliable hide root for those apps?
    Depends on how complicate the app's root checking is ;-) Your mileage may vary.
    Use Magisk's DenyList.
    Authenticators work when they are on the DenyList. I use MS Authenticator and Microsoft apps (Outlook, Teams, Intune portal) which hook into my work environment.
    And also 'hide' the Magisk app itself.
    Use Magisk canary 23016.
    3
    So I'm not a novice at rooting/updating, but not an expert either lol. So just wanted to ask for some clarification on a couple things. First, after patching the boot.img the first time(and renaming it to master boot.img), I can use that same one for future updates(without having to keep repatching boot.imgs)? Secondly, in the past I've learned you shouldn't update via automatic OTA if rooted, but you can do it now, and just flash the patched boot.img + direct install to reroot again? Am I understanding that correct; is that the safest way? Thanks!
    Not really, no (you can't keep re-using it). The kernel (boot.img) changes every month. Plus, Magisk (and Magisk Canary, such as 23016 that we have to use for the December update) changes especially to keep root working for new updates, so you should always patch the new boot.img each month with the newest Magisk (not necessarily Canary, but for now, yes the latest Canary build).

    It has certainly been dangerous to try to take automatic OTAs in the past, some folks say you can now but I'm going to remain cautious. I always update manually using the full firmware zip. You need the full firmware zip to get the new boot.img out of anyway. That is safer.
  • 65
    If you are looking for my guide on a different Pixel, find it here:

    Update 12/15/21: Magisk 23016 incorporates fixes for vbmeta header patching; disabling verity/verification is no longer necessary. Update and root should work as it always has.

    Additionally, for users of the 6 and 6 Pro, 23016 fixes the fstab issue that broke root on the December update.

    Due to this fix, users of the Pixel 4a (5g), 5, 5a, 6, and 6 Pro MUST use Canary 23016 or newer for root.

    If you have already disabled verity/verification because you used a previous version of Magisk, you do not need to re-enable them; they are enabled by default when the /vbmeta partition is written, unless the "--disable-" options are used. The only thing you have to worry about next update is literally just updating your device.

    DO NOT substitute Magisk Stable, as it does not yet include the necessary fixes for this device!

    WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.

    Prerequisites:

    As many of you know by now, in order to run a patched boot image on Android 12 requires disabling Android Verified Boot.

    Verified Boot on Android 12 devices, at least Pixels with the SD765G and Tensor, is tied to device encryption. Therefore, disabling Verified Boot requires a wipe, if it was not previously disabled.

    To make this clear:
    Verified Boot is disabled by flashing /vbmeta with disable flags:
    Code:
    fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
    Verified Boot is enabled by flashing /vbmeta without flags:
    Code:
    fastboot flash vbmeta vbmeta.img

    Booting the device essentially "locks" the vbmeta state.

    I know this is confusing, Bear with me:

    If you previously disabled vbmeta, you MUST ensure it is disabled again when you update, BEFORE you boot. If you do not, you will have to wipe to regain root.

    Unfortunately, the update process enables Verified Boot by default, because it writes /vbmeta without flags.

    This means that the automatic OTA, or any other update process without intervention, WILL enable Verified Boot, which will require a wipe to disable!


    ****

    Android Source - Setting up a device for development


    1. Follow these instructions to enable Developer Options and USB Debugging.
    2. Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
    3. Connect your device to your PC, and open a command window in your Platform Tools folder.
    4. Ensure ADB sees your device:
      Code:
      adb devices
      If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
      If you see "unauthorized", you need to authorize the connection on your device.
      If you see the device without "unauthorized", you're good to go.
    5. Reboot to bootloader:
      Code:
      adb reboot bootloader
    6. Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
      Code:
      fastboot flashing unlock
      Select Continue on the device screen.

    1. Install Magisk on your device.
    2. Download the factory zip for your build.
    3. Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
    4. Copy boot.img to your device.
    5. Patch boot.img with Magisk: "Install" > "Select and Patch a File"
    6. Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
    7. Reboot your device to bootloader.
    8. Flash the patched image:
      Code:
      fastboot flash boot <drag and drop master root.img here>
    9. Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>

    1. Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
    2. Allow the update to complete. Your device will reboot without root as the OTA overwrites the patched boot image.
    3. Reboot your device to bootloader.
    4. Boot the master root image
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image. Do not flash an older boot image after updating.
    5. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    6. Reboot your device. You should now be updated with root.

    1. Download the OTA.
    2. Reboot to recovery and sideload the OTA:
      Code:
      adb reboot sideload
      Once in recovery:
      Code:
      adb sideload ota.zip
    3. When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
    4. Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
    5. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.

    Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
    1. Download the factory zip and extract the contents.
    2. Reboot to bootloader.
    3. Compare bootloader versions between phone screen and bootloader.img build number
      Code:
      fastboot flash bootloader <drag and drop new bootloader.img here>
      If bootloader is updated, reboot to bootloader.
    4. Compare baseband versions between phone screen and radio.img build number
      Code:
      fastboot flash radio <drag and drop radio.img here>
      If radio is updated, reboot to bootloader.
    5. Apply update:
      Code:
      fastboot update --skip-reboot image-codename-buildnumber.zip
      When the update completes, the device will be in fastbootd. Reboot to bootloader.
    6. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image. Do not flash an older boot image after updating.
    7. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    8. Reboot your device. You should now be updated with root.

    1. Follow the instructions on the Android Flash Tool to update your device. Check the "Skip reboot" box.
    2. When the update completes, the device will be in fastbootd. Reboot to bootloader.
    3. Boot the master root image (See note 1):
      Code:
      fastboot boot <drag and drop master root.img here>
      Note: If you prefer, you can download the factory zip and manually patch the new boot image. Do not flash an older boot image after updating.
    4. Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
    5. Reboot your device. You should now be updated with root.

    This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.

    Zygisk + DenyList enabled
    All subcomponents of these apps hidden under DenyList:
    • Google Play Store
    • GPay
    • Any banking/financial apps
    • Any DRM media apps
    Modules:
    • MagiskHide Props Config 6.1.2 (automatically installed) - MHPC GitHub
    • Universal SafetyNet Fix 2.2.1 - USNF GitHub
    To check SafetyNet status:
    I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread.

    Points of note:
    • The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
    • While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
      screenshot_20211218-194517-png.5486339
    • "Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
    • "App" simply shows the version of the app itself.
    • If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
    • If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.


    Credits:
    Thanks to @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work![/SPOILER]
    8
    My update process is to remove vbmeta.img (in addition to removing the -w flag in the flash-all script) from the factory zip before I flash it in fastboot. Seems to have worked so far, ymmv.
    6
    This may be some welcome news to some of you:

    Magisk Alpha now supports installing to the inactive slot on Pixel devices, which should simplify things for those of you who prefer to update via OTA.

    This is Alpha software, use at your own risk! It will probably break some things! The last commit failed to build, but I am sure it'll be fixed soon.

    Github download page
    6
    Now THIS is a useful thread! Thanks 👍

    I might try to root my P6P this week-end.

    If I already took the OTA from Google, can I just go to #6? (there's no data on my phone yet, just BL unlocked)

    "6. Reflash vbmeta to disable boot verification"
    6
    Idk about that might work but would mess something else up...i remember this issue happening a couple of updates in the past and magisk was the issue and needed an update. So i would suggest dont flash Dec build to keep root lol factory reset(which might work) or just wait for an update to Magisk. Should be out later today if anything hopefully...if they made the dev aware
    I left topjohnwu a note on twitter, hopefully he'll take a look into it rather soon