How To Guide [Pixel 7 Pro] [TD1A.220804.031] Root guide + Extracted Images + How to

Search This thread

zalman1

Member
Jun 20, 2021
14
4
you're also using shamiko and putting apps on the denylist?
for sure! And was not good

need to use this module to pass the SafetyNet test and with this module Gpay also works fine. 👌

I found it in this guide (post 2 In a section of SafetyNet testing):
 

RafalCOM

Member
Dec 27, 2010
16
3
Do I need to disable verity at some point? I remember it was important on Pixel 6 Pro but I see nothing about it now. When would I do it so I don't have to wipe my phone anymore?
 

Lughnasadh

Senior Member
Mar 23, 2015
4,655
5,260
Google Nexus 5
Huawei Nexus 6P
Do I need to disable verity at some point? I remember it was important on Pixel 6 Pro but I see nothing about it now. When would I do it so I don't have to wipe my phone anymore?
For custom kernels, you need to disable verity and verification, at least for the time being. Work is still being done to see if they can be flashed without disabling those.
 
  • Like
Reactions: roirraW "edor" ehT

RafalCOM

Member
Dec 27, 2010
16
3
For custom kernels, you need to disable verity and verification, at least for the time being. Work is still being done to see if they can be flashed without disabling those.
So for monthly images from Google I don't need to worry about it like before?
TBH I've lost root when I forgot to disable verity on my P6Pro and waited without root for P7 for a couple of months. So you're saying if I'm not using custom kernels it's not an issue anymore?
 

Lughnasadh

Senior Member
Mar 23, 2015
4,655
5,260
Google Nexus 5
Huawei Nexus 6P
So for monthly images from Google I don't need to worry about it like before?
TBH I've lost root when I forgot to disable verity on my P6Pro and waited without root for P7 for a couple of months. So you're saying if I'm not using custom kernels it's not an issue anymore?
If you're not using a custom kernel then you don't have to worry about it. Of course, if you do decide to use a custom kernel in the future and this requirement still exists, you'll have to perform a wipe.

The only other thing disabling those may help with is to avoid getting the "Your device may be corrupt" red eio message, although if you do end up getting for some reason there are other ways to get rid of it and that message is more of an annoyance than anything else.
 
  • Like
Reactions: roirraW "edor" ehT

Lughnasadh

Senior Member
Mar 23, 2015
4,655
5,260
Google Nexus 5
Huawei Nexus 6P
  • Like
Reactions: roirraW "edor" ehT

nujackk

Senior Member
Jun 16, 2008
636
126
Kent
OnePlus 8T
OnePlus 9
Just FYI for a safer way to use the OP provided patched image , make sure you have the magisk apk installed first and do "Fastboot boot " instead of "flash" as listed in OP.
Then when it boots use magisk app to direct install it will patch your boot image and you don't have to flash someone eles' boot image. Reboot and profit.
This is in reference to option 2 not 1
 

roirraW "edor" ehT

Forum Moderator
Staff member
Just FYI for a safer way to use the OP provided patched image , make sure you have the magisk apk installed first and do "Fastboot boot " instead of "flash" as listed in OP.
Then when it boots use magisk app to direct install it will patch your boot image and you don't have to flash someone eles' boot image. Reboot and profit.
This is in reference to option 2 not 1
You can't fastboot boot the init_boot.img, and on the Pixel 7 and Pro, it's the init_boot.img you need to patch with Magisk and flash too the init_boot partition, not the boot.img to the boot partition as on the Pixel 6/Pro/a and below.

Several people tested trying to fastboot boot the init_boot.img, but no luck.
 

nujackk

Senior Member
Jun 16, 2008
636
126
Kent
OnePlus 8T
OnePlus 9
You can't fastboot boot the init_boot.img, and on the Pixel 7 and Pro, it's the init_boot.img you need to patch with Magisk and flash too the init_boot partition, not the boot.img to the boot partition as on the Pixel 6/Pro/a and below.

Several people tested trying to fastboot boot the init_boot.img, but no luck.
Really ok, I read in 7 someone had succuss and this is only way i have done it for my last 3-4 devices. mine is arriving tuesday.
 
  • Like
Reactions: roirraW "edor" ehT

foamerman

Senior Member
Sep 1, 2010
414
86
B-town
Hey guys I've got a question. That init_boot file is only 8,192KB should it not be bigger then that? Or am I just so used to OnePlus using just the boot.img. Thanks for your help.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 25
    How to root:
    You have two options for this, 1 is the recommended way and 2 is the lazy but works way.

    Option 1 (RECOMMENDED):
    Download the latest factory image from: https://developers.google.com/android/images#cheetah (at the time of writing this, it's TD1A.220804.031
    Unlock bootloader (If you don't know how to do this, do not proceed further)
    From the downloaded image file, extract the init_boot.img file and copy it to your phone (directory shouldn't matter)
    Install the Magisk apk from: https://raw.githubusercontent.com/topjohnwu/magisk-files/canary/app-release.apk
    Launch the app, select install, patch a file, select the init_boot file you placed in your phone
    After it's done, it should place a file in your phone's download folder called magisk_patched-<VERSION>_<XYXYXYXYXY>.img
    Copy that over to your PC and now boot to bootloader
    Run the following commands from Powershell/commandline:
    Code:
    fastboot flash init_boot magisk_init_patched-25205_EfWOu.img
    And then reboot, you'll be rooted

    Option 2 (LAZY BUT WORKS):
    I'm sharing my magisk patched init_boot from the TD1A.220804.031 build (post 73MB update). Instructions are:
    Unlock bootloader (If you don't know how to do this, do not proceed further)
    Boot to bootloader
    Download the patched init_boot from: https://sourceforge.net/projects/ag.../magisk_init_patched-25205_EfWOu.img/download
    Run the following commands from Powershell/commandline:
    Code:
    fastboot flash init_boot magisk_init_patched-25205_EfWOu.img
    And then reboot, you'll be rooted
    Install Magisk apk from here: https://raw.githubusercontent.com/topjohnwu/magisk-files/canary/app-release.apk


    To get SafteyNet working:
    Open the Magisk app
    Open the settings from top right, Enable Zygisk
    Reboot
    Flash the MODIFIED SafteyNet fix module by @kdrag0n from the attached files on this thread from within Magisk Modules
    Clear Play store data and you should be good!
    Voila!


    FASTBOOT IMAGES:
    I'm sharing the stock extracted images of the TD1A.220804.031 build, should be a good reset point from fastboot incase any of you get stuck somehwere:
    DO NOT MIRROR THIS PLEASE!!!!
    VERIFY THE MD5 OF THE FILE AFTER DOWNLOADING!!!!!!!
    Mirror 1 | Mirror 2
    MD5: 43613f520697722840ded6a15eb27459
    Massive shoutout to @Some_Random_Username for Mirror 1 and @akhilnarang for Mirror 2 since SourceForge was facing issues!

    Now documentation on how to do it yourself (which I'd highly recommend since you should never trust any file given, always try to do it yourself!):
    How to dump your own device:
    1. Download a GSI which is userdebug/eng and equal/newer Security Patch of the current build on your device from any of the unofficial community builds here: https://github.com/phhusson/treble_experimentations/wiki/Generic-System-Image-(GSI)-list
    2. Install the DSU Sideloader app from: https://github.com/VegaBobo/DSU-Sideloader/releases/latest
    3. Follow instructions in the DSU sideloader app readme here: https://github.com/VegaBobo/DSU-Sideloader/blob/master/README.md
    I'd recommend enabling the userdata toggle and typing 32GB as the size
    4. Reboot into the DSU from the notification
    5. When the device boots up, type the following in the terminal:
    Code:
    adb root
    adb shell
    mkdir -p /sdcard/dump
    for file in /dev/block/bootdevice/by-name/*; do
        if [ "${file##*/}" != "userdata" ]
        then
            echo Dumping "${file##*/}"
            dd if=$file of=/sdcard/dump/"${file##*/}".img
        fi
    done
    6. Once the dump is done, you'll have files in /sdcard/dump/
    7. Copy those over to a PC
    8. Voila
    8
    A massive thanks to @AndyYan @Some_Random_Username for their help (well hand holding) throughout the entire process <3
    Also thanks to @OmkarTheAndroid for the re-brush up of the Android basics I forgot
    4
    so looks like vendor_dlkm has been replaced by vendor_kernel_boot and the init_boot is just the first-stage init. This will be interesting moving forward with AVB and custom images. I will start working on something when source drops. I will likely need to have some testers to see how much this requires to get a custom image up and running.

    EDIT: vendor_boot is actually the one that has been separated out a bit between vendor_boot (holding modules) and vendor_kernel_boot, which has some ramdisk stuff like the vendor_boot has on Pixel 6 devices.

    Kernel now consists of 6 images. init_boot, vendor_boot, vendor_kernel_boot, vendor_dlkm, dtbo and boot.img
    3
    I'd like to remind all that, 1) the DSU method requires some Android/shell knowledge to correctly carry out, and 2) you're discouraged from actually flashing/using those GSIs (TD-based Android 13 GSIs are still in early phase, and P7/P will almost certainly get proper, fully functional device-specific ROMs shortly anyway).