Since new does not equal better, please let us know your thoughts on that as well! Your insights have been excellent thus far!
How To Guide PSA! Do NOT try to boot into the old slot after updating only one slot to Android 13 - Unlocking the Pixel 6 Pro bootloader & central repository
- Thread starter roirraW "edor" ehT
- Start date
Only thing I've spotted so far is the n71_n71 combo being back again. Not very useful.
Vo5G is still present for T-Mobile, Metro, and Assurance. Other T-Mobile MVNOs like Simple, Red Pocket, Tracfone, etc might not be far behind with references like the below.
Code:
ims.ims_user_agent_string > T-Mobile VoNR-ePDG-IR94-RTT-ussd #MANUFACTURE#/#MODEL# #BUILD#
Any wagers yet on how soon this new feature will get the axe? Let's see...we have to wait long enough for it to start to become popular, so maybe two years or so, then they can kill it. 
Or maybe it will be just unpopular enough that it sticks around forever and Google just never updates it.
Or maybe it will be just unpopular enough that it sticks around forever and Google just never updates it.
yeah, it may not be possible to remove the greyed out oem unlocking just by removing a package with these phones. IIRC, previously it didn't work to unlock bootloader just with the temp sim unlock, but if it does for you that would be great news! It's much easier to obtain a temp sim unlock than a perm unlock
What you do in this case is call your provider and tell them you need to unlock the phone for an international sim as you are traveling. Make all the temporary things they do, such as tmobile's app, not work (Just tell them its not working). Eventually they will just unlock it fully.
Yep, holiday today so no update.I'm guessing we won't have July's update until tomorrow.
Oh no! They "usually" release it the next day, or sometimes the next day or two.
Important: The Android Security Bulletins are published on the first Monday of each month unless that Monday falls on a holiday. If the first Monday of the month is a holiday the bulletins will be published on the following work day.
Last edited:
Thanks! I didn't realize they ever mention when the next update will come out in those bulletins.Oh no! They "usually" release it the next day, or sometimes the next day or two.
Important: The Android Security Bulletins are published on the first Monday of each month unless that Monday falls on a holiday. If the first Monday of the month is a holiday the bulletins will be published on the following work day.
Looks like July 7.
- For July, the Android public security bulletin will be released on July 7, 2021
Android Security Bulletin—June 2021 | Android Open Source Project
source.android.com
I think they only do it when it will be off schedule, like when it's a holiday or for some other reason.
Per Mishaal, Beta 4 may be on July 14 when they are scheduled to release NDK r25.
this is 2021...Oh no! They "usually" release it the next day, or sometimes the next day or two.
Important: The Android Security Bulletins are published on the first Monday of each month unless that Monday falls on a holiday. If the first Monday of the month is a holiday the bulletins will be published on the following work day.
Looks like July 7.
- For July, the Android public security bulletin will be released on July 7, 2021
Android Security Bulletin—June 2021 | Android Open Source Project
Oh crap, lol.
Well, they still usually release it the day or two afterwards. We'll see...
It will come July 11th, the security bulletin is usually dated the 5th of the month. This could come at any point, which does not indicate the actual release date of the update.
Top Liked Posts
-
3I think this was already answered , but i couldn't find the answer, and i also am the old. If i used google's flasher (default settings) were both slots flashed or am i in danger from this evil brick. If danger do i just follow the psa instructions ?3rooted on 12l stock - the method i used to update to a13 was
1 - completely nuke magisk via the app
2 - the device initiated a reboot so as soon as the screen went black i held power and down for fastboot mode - i then connected the device to PC
3 - in "flash-all.bat" i changed "fastboot -w update image###.zip" to "fastboot update --skip-reboot image###.zip"
4 - closed "flash-all.bat" and then i launched it - when finished i was in fastbootd mode - i then rebooted device to fastboot mode
5 - in CMD i typed and enter "fastboot set_active other" and then relaunched "flash-all.bat" - WIN!! as i was booted with all my data previously on A12 intact
6 - i then installed stable magisk 25.2 and patched boot image from A13 and then rebooted to fastboot mode
7 - i then opened CMD once more and typed and entered "fastboot boot magisk-patched.boot.img" which booted the device rooted - finally i directly installed magisk via the app3
That it does, so it is safe and works.
PixelFlasher/modules.py at main · badabing2005/PixelFlasher
Pixel™ phone flashing GUI utility with...
github.com
33
You didn't, you are on the latest platform-tools. The only things I can point to are bad USB cable, bad USB port, maybe the fastboot USB driver is out of date or from a different vendor so I guess try making sure that is set correctly. I guess one last thing which I'm sure isn't the issue, but the bootloader is unlocked right?
It's not undecided. I've tested it.
The Google Android Flash Tool does not flash to both slots. "Force Flash to All Partitions" only flashes the bootloader and radio again if they are already the same version.Yes.
Android 12 bootloader still on the other slot.
Code:[[email protected]:~]$ fastboot getvar current-slot current-slot: b Finished. Total time: 0.013s [[email protected]:~]$ fastboot getvar version-bootloader version-bootloader: r3-0.4-8351081 Finished. Total time: 0.016s [[email protected]:~]$ fastboot -aa Setting current slot to 'a' OKAY [ 0.313s] Finished. Total time: 0.325s [[email protected]:~]$ fastboot reboot bootloader Rebooting into bootloader OKAY [ 0.013s] Finished. Total time: 0.063s [[email protected]:~]$ fastboot getvar current-slot current-slot: a Finished. Total time: 0.033s [[email protected]:~]$ fastboot getvar version-bootloader version-bootloader: r3-0.5-8633620 Finished. Total time: 0.020s
-
9
You are correct.
I did:
Code:adb reboot bootloader fastboot flash bootloader bootloader-raven-slider-1.2-8739948.img fastboot reboot
And I'm booted into Android 12 still just fine. Below is the command prompt output:
Note to anyone, if after upgrading to 13 you want to downgrade to 12 using a full factory image's flash-all.bat, you'll at minimum have to either remove Android 12's bootloader flash line from the file, or replace it withfastboot flash bootloader bootloader-raven-slider-1.2-8739948.img(and have the right bootloader file in the same folder). Either should work fine.8
I don't know why, but it could be because of this: https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html
The time frame lines up, antirollback commit was implemented in the days after Google told the researcher they are developing a fix.
And it's pretty big, allowing the ex-filtration of the secret keys inside the Titan and doing arbitrary code execution right on the Titan, a complete permanent compromise of the device. This is probably why Google is trying to stop people from downgrading to Android 12. Understandable why this is the first time Google is doing this, someone can resell this permanently compromised device to anyone, or do this to someone's phone. It's too late though, any Tensor device not updated to Android 13 could be forever compromised, so really the security theater of Pixel devices has just been torn down. We'll see if the Pixel 7 or Titan M3 fares better. Previous Pixel phones do not implement these OTP bit checks inside their bootloaders so I believe they are never going to have to worry about being stopped from downgraded, although they are susceptible to compromise.
The average person should never brick their phone from this, the GrapheneOS tester only had this happen because they were testing GrapheneOS on Android 13 and were capable of flashing a borked ROM.
But yes if you're updating to Android 13 manually via fastboot just run
fastboot --slot all flash bootloader bootloader.imgfastboot --slot all flash radio radio.imgfastboot reboot bootloaderfastboot --slot all update image.zip- If using Magisk then use
fastboot --slot all --skip-reboot update image.zipand select reboot to bootloader in fastbootd once fastboot is done flashing to flash your patched Magisk boot image.
- If using Magisk then use
7
There actually is a physical object being destroyed. Yes, there isn't a typical fuse being blown, as a typical fuse blows and opens the circuit. Instead what is implemented is an antifuse. These are the opposite of fuses ("anti") and are normally open. When enough voltage is passed they blow closed, and they actually do blow, they use oxide-breakdown cells that physically break down when the voltage threshold is met. This is more favorable for integrated circuits as blocking flow is a 0 and flowing is a 1. Old terminology hangs around and still refers to these as a fuse, from IBM's technology they named "eFuses" even though they perform opposite of a fuse. The modern terminology is to call them One-Time Programmable memory, or OTP memory. Modern processors have plenty of these. I don't know how many OTP bits are included on Tensor, but another ARM SoC the Rockchip RK3399 has 2 kibibits worth of OTP.
You can read more about them in this PDF, page 31 chapter 6 section 3.
There are OTP cells being blown, inside boot_control it is invoking a system monitor call with what I think are called contexts or secure applications,SMC_CM_OTP_CONTROL (0xC2001014UL).
OTP_CONTROL being One-Time Programmable Control.
The other things being passed areCMD_W_ANTIRBK_NS_AP (0x7UL)andCMD_W_ANTIRBK_S_AP (0x9UL), which are the bits (7 and 9) being blown. I can only infer that the NS and S are for the normal world (NS) and secure world (S).
As for when/sys/kernel/boot_control/blow_aris being blown, it is blown insideBootControl::markBootSuccessful, which is what is setting both the fuse and writing to devinfo that the slot had booted successfully. I don't know when exactly a boot is successful, but it is being ran by a service after Android boots up enough to be considered a success.
What does it change and how does the bootloader use this? Well, we'll never know. We're not privileged enough to know this. The source code for the many (there's something like four) bootloaders are kept closed source. Anything below the kernel and device tree we just don't know. Given that there is a bricked Pixel 6 out there due to the bits being blown on A13 and the slot switched back to A12, it isn't just the Android bootloader checking this, it's below that in either the BL1 or BL2 boot firmware. This I assume lines up with the bits being blown for normal world and secure world, as BL1 operates in the secure world while the Android bootloader operates in the normal world.
What can we do about this? Really, nothing.6Android 13 looks to be OUT!
Factory Images for Nexus and Pixel Devices | Google Play services | Google Developers
developers.google.com
6
No, but they've restricted a few permissions for sideloaded apps (e.g. Notification Listener and Accessibility permissions). But those restrictions can be disabled by going to the app info page and clicking on the 3 dot menu on top right. -
58TL;DR regarding the PSA. If you update one slot to Android 13, you can
fastboot reboot bootloaderafter and thenfastboot --set-active=otherto change slots in order to flash Android 13 to the new slot, but IF you have Android 13 on one slot and still have Android 12 (including Android 12 bootloader) on the other slot and you try to fully boot into Android 12, you will be permanently bricked and have to seek repair from Google. No one has yet found a way to repair this on our own. I will update if there is any progress. At least a small handful, and probably more, people have done this already.
At minimum, do this first:fastboot flash bootloader --slot all bootloader-raven-slider-1.2-8739948.img(or change the name of the bootloader file to the one for your device if not Pixel 6 Pro), then you *should* be much safer than without doing that first.
IF you have already bricked your phone and the screen is blank - there is likely nothing we can do to help. You should seek to get a repair from Google, possibly under warranty.
Summary of command sequence (from running Android at the beginning):
Code:adb reboot bootloader fastboot flash bootloader --slot all bootloader-raven-slider-1.2-8739948.img
How to flash both slots using the full factory image BOTH SLOTS at the same time:
How to flash both slots using the full factory image ONE SLOT at a time:
My tiny, early, very mini-review of Android 13 is here.
Thanks to @Lughnasadh for sharing the news about this, starting here.
Also see here for the reason this was done:
Factory Images for Nexus and Pixel Devices | Google Play services | Google Developers
developers.google.com
Here there be dragons.
I am not responsible for anything at all. 
Check warranty status - *may* reveal if a phone is refurbished, only if the phone was refurbished through Google - thanks to @Alekos for making me aware of the site.
Official Google Pixel Update and Software Repair(reported as of January 23, 2022 to still not be updated for the Pixel 6/Pro yet)
Google's Help Page for Find problem apps by rebooting to safe mode - this can be a lifesaver and keep you from having to do a restore to 100% complete stock or even from having to do a factory reset. This will deactivate all Magisk modules, and they'll remain deactivated even after you boot normally after briefly booting to safe mode. You can reenable the Magisk modules as you wish to try to narrow down the problem if it was caused by a Magisk module. This can even get things working again after a Magisk Module wasn't finished installing and potentially causing a bootloop.
Official Google Pixel Install fingerprint calibration software (also available at the bottom of the Update and Software Repair page above) - I believe this is only helpful if you've replaced the screen
Official Google Android Flash Tool (OEM Unlocking needs to be toggled on - you may not have to manually unlock the bootloader - the "site" will do that on its own)
ADB/Fastboot, Windows Drivers, and unlocking the bootloader (thanks @sidhaarthm for confirming unlocking the bootloader works as intended, be sure to thank him in his post)
Rooting-related
No longer applies -Things that make rooting more complicated on Android 12
A list of the other important guides - be sure to thank the respective OPs
For all relevant guide threads just click the yellow "How To Guide" quick filter above the list of threads in the Pixel 6 Pro section.
- Here's the Magisk section of XDA's forums, for rooting. Magisk on GitHub. The most recent Magisk Stable is what's recommended these days.
- @sean222's thread Restore WiFi and Cellular Data in Quick Settings (Root Required)
- @rickysidhu_'s thread HBM (High Brightness Mode)
- @gururoop's thread Probable method to upgrade every month, without wiping data and retaining root
- @rickysidhu_'s thread Limit Charge
- @Typhus_' thread [MOD][MAGISK][ANDROID 12] Addon Features for Pixel Devices - Pixel 6 Pro Thread
- @siavash79's thread [MOD][Xposed+Magisk][Pre-Release] AOSP Mods - System modifications for AOSP-based Android 12+ - a mod that compliments @Typhus_' mod above, and may eventually completely replace it.
- @TotallyAnxious' thread [MOD] Collection of "Anxious" Modules for Pixel 6/Pro Series
- Every single one of @foobar66's posts.
TWRP (not made for the Pixel 6 Pro yet - will update when it has)
Custom kernels for stock ROM(s)
Factory Images (requires an unlocked bootloader)
Full OTA Images (doesn't require an unlocked bootloader)
The usefulness of having Verity and Verification enabled (now that it's not needed for root) - post #2 below.
Regarding P6P 5G model numbers and capabilities - post #3 below.
List of all Pixel monthly security bulletins and Play System Updates - post #4 below.
How I root and update (which is identical whether rooting the first time or updating):
15The unlock process works like this;
1) Take brand new fresh phone out of box. Do NOT put sim card in it, just power it on.
2) When it starts harassing you to join google, hit "skip" and "remind me tomorrow" as applicable until you reach home screen. YOU DO NOT need to plug in a google account.
3) Settings --> About --> Build number. Tap it until it says you're a developer.
4) Back --> Network --> Wifi and connect it.
5) Back --> System --> Developer --> OEM unlocking (check), USB debugging (check), plug in USB, authorize when requested.
6) # adb reboot-bootloader
7) # fastboot flashing unlock
Now that you've unlocked it, it has been wiped, so repeat 1-4, then disable all the google spyware, and go ahead and start using it while waiting for aosp and root.1513Just to let everyone know, updating to .037 and re-rooting (without wiping anything) worked with no problems. My method is to just replace -w with --disable-verity --disable-verification in the flash-all.bat file and run the flash-all command. I then let it reboot, patch the boot image, return to bootloader and flash the patched boot image.
Canary 23014
EDIT: Thank you @ipdev for confirming my inquiry that this method would work back on Nov. 4
11SDK Platform Tools have been updated to v32.0.0 (January 2022). Update now before you forget and flashing the February update on the 7th gives you hassles.
Direct download for Windows: https://dl.google.com/android/repository/platform-tools-latest-windows.zip
