How To Guide March 4, 2024 AP1A.240305.019.A1 Global - Root Pixel 6 Pro [Raven]

Search This thread
D

Deleted member 6200352

Guest
Yes. They are only jealous the private date belongs to others and not just Google. <kidding>

Can you prove this exploit exists in the wild? Can you show that people are getting duped by malware that's unlocking/downgrading and/or updating their device with god knows what is on it? Like a fake update? This would be a very specific attack done under very specific instances. No. I don't buy it. Vast magority of people don't mod their phones. The phone is locked down (more so if carrier locked). Are you telling me that THOSE people could have their bootloaders remotely unlocked and/or downgraded/upgraded w/ malicious payload without any ACTION by the user? If so, then this goes way beyond the bootloader.


Food for thought: The Pixel 4's and 5's don't have the FRB issue. Are these devices also in danger due to this exploit? And if not, why? And if not, why the 6?

What I'm geting at is, ok an attacker can remote unlock the BL on a pixel 6. Can they do the same on the 4/5? And if they can, can't ARB be done on those devices? ARB has been around since Oreo so theoricially they could make it so the pixel 3s and 4s and 5s cannot downgrade to android 12 from 13, or android 11 from 12 if they did that.
 
Last edited by a moderator:

Namelesswonder

Senior Member
Jan 26, 2014
432
739
Google Pixel XL
Google Pixel 7 Pro
Food for thought: The Pixel 4's and 5's don't have the FRB issue. Are these devices also in danger due to this exploit? And if not, why? And if not, why the 6?

What I'm geting at is, ok an attacker can remote unlock the BL on a pixel 6. Can they do the same on the 4/5? And if they can, can't ARB be done on those devices? ARB has been around since Oreo so theoricially they could make it so the pixel 3s and 4s and 5s cannot downgrade to android 12 from 13, or android 11 from 12 if they did that.
Most likely not, since Qualcomm Pixels uses Qualcomm's bootloaders which are fundamentally different from the bootloaders that Tensor Pixels use, which are an implementation of ARM Trusted Firmware.
And you're taking the speculation a lot farther than anyone else.
It's up to Google and whoever else discovered this vulnerability to disclose it, and not every vulnerability gets a disclosure.

Google could implement the anti-rollback counter on them, but they haven't. Because they probably aren't vulnerable.

In your grand theory of Google becoming draconian, wouldn't they want to prevent all Pixel phones from downgrading? Why just the Pixel 6s?

And everyone needs to stop bringing up the "Oreo added ARB"
Yes, Oreo added anti-rollback to Android Verified Boot.

This is not what is being used here.


AVB-ARB is used to prevent the kernel from being downgraded.
What is implemented in the Pixel 6s bootloaders are anti-rollback to prevent a bootloader downgrade.

These are not the same things.


If they were then I wouldn't have ever been able to boot Android 12.
 

badabing2003

Recognized Contributor
Sep 17, 2012
4,699
8,619
@roirraW "edor" ehT @Lughnasadh @V0latyle
So after reading some threads of people failing to flash their devices with --slot all update I decided to update as I'll probably be getting a Pixel 7 before the disclosure on the vulnerability in the bootloader is released. After trying it I found that the Pixel 6 can't have update use --slot all.

Extremely weird, because on every other Pixel device they can flash all partitions to all slots no problem.

Well it turns out this is what is causing the issue:
Code:
Sending 'super' (4 KB)                             OKAY [  0.000s]
Updating super partition                           OKAY [  0.015s]
Resizing 'product_a'                               OKAY [  0.003s]
Resizing 'product_b'                               OKAY [  0.002s]
Resizing 'system_a'                                OKAY [  0.003s]
Resizing 'system_b'                                OKAY [  0.002s]
Resizing 'system_ext_a'                            OKAY [  0.002s]
Resizing 'system_ext_b'                            OKAY [  0.003s]
Resizing 'vendor_a'                                OKAY [  0.003s]
Resizing 'vendor_b'                                OKAY [  0.003s]
Resizing 'vendor_dlkm_a'                           OKAY [  0.003s]
Resizing 'vendor_dlkm_b'                           OKAY [  0.004s]

The super partition holding the sizes of each partition is used, however the opposite slot for each partition is being resized to the same size and this isn't leaving enough space left. With several opposite slots being larger than they should be, like the system slot, or other slots being included when they shouldn't is messing things up.

A proper dynamic partitioning should be these:
Code:
Sending 'super' (4 KB)                             OKAY [  0.000s]
Updating super partition                           OKAY [  0.013s]
Resizing 'product_a'                               OKAY [  0.005s]
Resizing 'system_a'                                OKAY [  0.004s]
Resizing 'system_ext_a'                            OKAY [  0.002s]
Resizing 'system_b'                                OKAY [  0.002s]
Resizing 'vendor_a'                                OKAY [  0.002s]
Resizing 'vendor_dlkm_a'                           OKAY [  0.002s]
Resizing 'vendor_b'                                OKAY [  0.002s]

So with this in mind the proper instructions would be to update from Android 12 with fastboot:
  1. adb reboot bootloader
  2. fastboot --slot all flash bootloader bootloader.img
  3. fastboot --slot all flash radio radio.img
  4. fastboot reboot bootloader
  5. fastboot --skip-reboot update image.zip
  6. fastboot reboot bootloader
  7. fastboot update image.zip
    1. If using Magisk instead use fastboot --skip-reboot update image.zip
    2. fastboot reboot bootloader
    3. Use the flash or boot method on your Magisk patched boot image.
Or with adb sideload:
  1. adb reboot sideload
  2. adb sideload ota.zip
  3. adb reboot sideload - can be done from within the recovery
  4. adb sideload ota.zip
The directions for if you are already on Android 13 are still steps 1-4 for fastboot or just steps 1-2 for adb.




There's actually one minor issue with Google's steps for option 2:
>adb reboot fastboot
They're having people reboot into fastbootd which can't flash the bootloader, so if the people try to continue from within fastbootd they'll have that issue.

Thanks for the steps, Am I correct in stating that the above steps will not flash the System (image) onto both slots?
Although one can still switch the slot and flash
fastboot update image.zip
 

Namelesswonder

Senior Member
Jan 26, 2014
432
739
Google Pixel XL
Google Pixel 7 Pro
Thanks for the steps, Am I correct in stating that the above steps will not flash the System (image) onto both slots?
Although one can still switch the slot and flash
fastboot update image.zip
The steps actually won't, but I just updated them.
It's just that update doesn't work properly with --slot all on the Pixel 6s, which is weird because I tested it on a Pixel 5 and XL and it works just fine. Android on both slots are flashed fresh from the update/sideload, reboot, update/sideload
 

Namelesswonder

Senior Member
Jan 26, 2014
432
739
Google Pixel XL
Google Pixel 7 Pro
D

Deleted member 6200352

Guest
Most likely not, since Qualcomm Pixels uses Qualcomm's bootloaders which are fundamentally different from the bootloaders that Tensor Pixels use, which are an implementation of ARM Trusted Firmware.
And you're taking the speculation a lot farther than anyone else.
It's up to Google and whoever else discovered this vulnerability to disclose it, and not every vulnerability gets a disclosure.

Google could implement the anti-rollback counter on them, but they haven't. Because they probably aren't vulnerable.

In your grand theory of Google becoming draconian, wouldn't they want to prevent all Pixel phones from downgrading? Why just the Pixel 6s?

And everyone needs to stop bringing up the "Oreo added ARB"
Yes, Oreo added anti-rollback to Android Verified Boot.

This is not what is being used here.


AVB-ARB is used to prevent the kernel from being downgraded.
What is implemented in the Pixel 6s bootloaders are anti-rollback to prevent a bootloader downgrade.

These are not the same things.


If they were then I wouldn't have ever been able to boot Android 12.
All I'm saying is the days of rooting and modding on newer phones are numbered. All in the name of security. They found a exploit on a newer more powerful chip that wasn't found/applicable in the older snapdragons. It [Tensor], and its newer variants will be found in newer devices. Therefore Google is putting the gauntlet down now to control (possibly each and every way) their brand new shiny new chip. Embarrassing. Already there is a way an attacker can do this on a brand new chip. No more rooting. Or customizing. Kernels, recoveries, etc. Google is doing what any company does, covering it up any way they can. They are doing that by locking it down. Locking it down. Locking it down. The Tensor was supposed to be Google's escape-pod away from outsourced SOC and they have their own in house design and already, "somehow" it can be remotely exploited. So, if Google will be following this approach, one has to wonder how the future of modding will be. Hell, or even the notion of "owning" a device.

Yes you can root and put custom recoveries on A13 for now. No downgrading. I mean come on. Do you think it's going to stop at that? No. It won't. Sometime in the near future--"In the Name of Security", we will only be able to do this stuff on our "older" devices.
 
Last edited by a moderator:
  • Like
Reactions: nutzfreelance

Nergal di Cuthah

Senior Member
Sep 20, 2013
2,724
1,928
Google Pixel 6 Pro
Why are you so agro about rollback, 13 it seems is 12L with minor spitshine. If some mods don't work give it some time and they will. If you didn't want 13 why even load it yet. Sorry to continue the verge from info. Maybe we can go back to working with what we have and not wishing for what, at this early point, we don't .
 

Homeboy76

Recognized Contributor
Aug 24, 2012
4,200
2,726
Google Pixel 8 Pro
@roirraW "edor" ehT
Actually I just updated the steps, I forgot to add an --set-active=other, whoops. :cry:
Yes, your excellent set of instructions confirmed
my thoughts for editing the flash-all.bat file :)

  1. When I flash the September 2022 Factory Image, I'll edit the flash-all.bat file.
    * * * * * * * * * *
    @Echo off
    PATH=%PATH%;"%SYSTEMROOT%\System32"
    fastboot flash bootloader bootloader-raven-slider-1.2-8739948.img --slot all
    fastboot reboot-bootloader
    timeout /t 5 >nul
    fastboot flash radio radio-raven-g5123b-102852-220720-b-8851166.img --slot all
    fastboot reboot-bootloader
    timeout /t 5 >nul
    fastboot -- skip-reboot update image-raven-tp1a.220624.021.zip
    Note: I replaced the -w with -- skip-reboot.
    fastboot --set-active=other
    timeout /t 10 >nul
    fastboot reboot-bootloader
    timeout /t 5 >nul
    fastboot update image-raven-tp1a.220624.021.zip
    echo Press any key to exit...
    pause >nul
    exit
  2. Let the phone, fully, reboot
  3. adb reboot bootloader
  4. Then I'll boot the magisk_patched...img to the active slot.
    fastboot boot magisk_patched...img
  5. When Magisk boots I'll do a Direct Install.
  6. Done!
 
Last edited:
D

Deleted member 6200352

Guest
Why are you so agro about rollback, 13 it seems is 12L with minor spitshine. If some mods don't work give it some time and they will. If you didn't want 13 why even load it yet. Sorry to continue the verge from info. Maybe we can go back to working with what we have and not wishing for what, at this early point, we don't .
I'm old fashioned. It's my device. I should be able to do what I please to it. Upgrade/Downgrade. Brick and Unbrick. Repair. Own.
 
  • Like
Reactions: nutzfreelance

Namelesswonder

Senior Member
Jan 26, 2014
432
739
Google Pixel XL
Google Pixel 7 Pro
Yes, your excellent set of instructions confirmed
my thoughts for editing the flash-all.bat file :)

  1. When I flash the September 2022 Factory Image, I'll edit the flash-all.bat file.
    * * * * * * * * * *
    @Echo off
    PATH=%PATH%;"%SYSTEMROOT%\System32"
    fastboot flash bootloader bootloader-raven-slider-1.2-8739948.img --slot all
    fastboot reboot-bootloader
    ping -n 5 127.0.0.1 >nul
    fastboot flash radio radio-raven-g5123b-102852-220720-b-8851166.img --slot all
    fastboot reboot-bootloader
    ping -n 5 127.0.0.1 >nul
    fastboot -- skip-reboot update image-raven-tp1a.220624.021.zip
    Note: I replaced the -w with -- skip-reboot.
    fastboot --set-active=other
    fastboot reboot-bootloader

    fastboot update image-raven-tp1a.220624.021.zip
    echo Press any key to exit...
    pause >nul
    exit
  2. Let the phone, fully, reboot
  3. adb reboot bootloader
  4. Then I'll boot the magisk_patched...img to the active slot (The slot I flashed the last image to.)
    fastboot boot magisk_patched...img
  5. When Magisk boots I'll do a Direct Install.
A couple issues is that you might need to add a delay after --set-active and will definitely need to add another after the second reboot because these commands will return immediately with the next command being sent and the device may not be ready in that time. The 5 second delay might work, but it might need to be increased. And man, I do not miss batch, pinging the loopback five times and abusing that ping has a default interval of one second all because Windows XP doesn't have timeout? Stupidest hack and it's recommended. Glad on Linux it's just sleep and it's been there since the 90s.
 

badabing2003

Recognized Contributor
Sep 17, 2012
4,699
8,619
@roirraW "edor" ehT
Actually I just updated the steps, I forgot to add an --set-active=other, whoops. :cry:
You might want to add one more step
Code:
fastboot reboot-bootloader
between flashing the bootloader and the radio, I'm not sure if it is absolutely necessary but Google's flash_all.bat does that, and it would be safer to include that.
 
  • Like
Reactions: Namelesswonder

Namelesswonder

Senior Member
Jan 26, 2014
432
739
Google Pixel XL
Google Pixel 7 Pro
You might want to add one more step
Code:
fastboot reboot-bootloader
between flashing the bootloader and the radio, I'm not sure if it is absolutely necessary but Google's flash_all.bat does that, and it would be safer to include that.
It is unnecessary, been forgoing it since the Nexus 6P without issue. They can't change the location of the bootloader partitions or radio partitions so there isn't any issue unlike where the other partitions can change with them being removed or added so that's why you need reboot after a bootloader flash but before flashing Android system partitions.
 

Homeboy76

Recognized Contributor
Aug 24, 2012
4,200
2,726
Google Pixel 8 Pro
A couple issues is that you might need to add a delay after --set-active and will definitely need to add another after the second reboot because these commands will return immediately with the next command being sent and the device may not be ready in that time. The 5 second delay might work, but it might need to be increased. And man, I do not miss batch, pinging the loopback five times and abusing that ping has a default interval of one second all because Windows XP doesn't have timeout? Stupidest hack and it's recommended. Glad on Linux it's just sleep and it's been there since the 90s.
What second reboot?
I know "batch, pinging the loopback five times" is a PIA.
What did you use in the updated instructions (Post # ?) to show the necessary time delay for windows users?
Good looking out, I edited my file. :)
 

Namelesswonder

Senior Member
Jan 26, 2014
432
739
Google Pixel XL
Google Pixel 7 Pro
What second reboot?
I know "batch, pinging the loopback five times" is a PIA.
What did you use in the updated instructions (Post # ?) to show the necessary time delay for windows users?
Good looking out, I edited my file. :)
Sorry I meant the third reboot to bootloader.
You can switch out the ping for timeout, as I don't think fastboot works on Windows XP any more, didn't last time I tested in 2017.
What do you mean by showing the time delay? I would just keep with Google's assumption that the device will be ready within 5 seconds.
 

Homeboy76

Recognized Contributor
Aug 24, 2012
4,200
2,726
Google Pixel 8 Pro
Sorry I meant the third reboot to bootloader.
You can switch out the ping for timeout, as I don't think fastboot works on Windows XP any more, didn't last time I tested in 2017.
What do you mean by showing the time delay? I would just keep with Google's assumption that the device will be ready within 5 seconds.
Your instructions # 4, 7, 8 (2) read
fastboot reboot bootloader
How would a XDA member with a windows computer know a time delay of n5 or greater is needed after that command?
 

Namelesswonder

Senior Member
Jan 26, 2014
432
739
Google Pixel XL
Google Pixel 7 Pro
Your instructions # 4, 7, 8 (2) read
fastboot reboot bootloader
How would a XDA member with a windows computer know a time delay of n5 or greater is needed after that command?
Because my instructions are under the assumption that you're putting them into the command line, not editing the scripts.
I wouldn't extensively modify and use the scripts anyway, as a command that fails will not stop execution and just move on to the next command, potentially putting the device into a bad state from a bad flash.
Whereas if a command fails after you enter it you know to stop and figure out what happened.
 

Homeboy76

Recognized Contributor
Aug 24, 2012
4,200
2,726
Google Pixel 8 Pro
Because my instructions are under the assumption that you're putting them into the command line, not editing the scripts.
I wouldn't extensively modify and use the scripts anyway, as a command that fails will not stop execution and just move on to the next command, potentially putting the device into a bad state from a bad flash.
Whereas if a command fails after you enter it you know to stop and figure out what happened.
You got me too (Command line). :rolleyes: I should have quit when I was ahead. :ROFLMAO:
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    Am i wrong or is battery optimization gone and replaced by allow background battery use?

    View attachment 6077774
    Tap the "Allow background usage" text and you should see Optimized and Unrestricted options.
    3
    Just a heads-up: on march update iconify refuse to work if trying to hide navbar. Probably because of laposed incompatibility.Pixel expert also doesn't help but mmersive gesture module still alive.

    Thanks!

    I've been using the following since Iconify broke on QPR1, although I had thought about returning since it had been fixed.
    • @DanGLES3's thread Fullscreen/Immersive Gesture Tweaks for Android 10-14 (most up-to-date version available at the GitHub link in his OP). You configure it while flashing the module using the volume keys. I choose:
      • - (Immersive)
      • + (Hide keyboard buttons - Back/Switch keyboard)
      • + (Reduce the size of the keyboard bar)
      • + (Pick the gesture sensitivity - Low/Module Default)
      • + (Enable Gcam fix)
      • - (NOT Wish to disable the back gesture)
    2
    Your kernel version is not going to change.
    oh your new pixel flasher supports kernelSU patching now .. im currently sitting with sweaty palms as its OTA flashing :)
    Edit: wow, that was so easy. The only issue i experienced was the timeout issue when rebooting after flash, but it was just a bit slow to come back up.
    Pixel Flasher is amazing work :)
  • 65
    Pixel 6 Pro [Raven]

    March 4, 2024:







    Here is the blog post with more in-depth info


    February 16, 2024:

    ADB/Fastboot (SDK Platform Tools) v35.0.0

    Direct Windows download link:

    No changelog yet.

    Regarding Developer Support Android 12 images, see @Lughnasadh's post here.

    I am not linking directly to the Developer Support Android 12 images because I don't want them to be confused with Stable Android 12, and since the Developer Support images won't receive any OTAs...ever. They likely also will never be manually updated on the Developer Support images site, so they will forever be stuck with the security patch level they're currently on, which will become further out of date every month. You can Google search Developer Support Android images if you want to find them.

    TL;DR regarding the PSA. If you update one slot to Android 13, you can fastboot reboot bootloader after and then fastboot --set-active=other to change slots in order to flash Android 13 to the new slot, but IF you have Android 13 on one slot and still have Android 12 (including Android 12 bootloader) on the other slot and you try to fully boot into Android 12, you will be permanently bricked and have to seek repair from Google. No one has yet found a way to repair this on our own. I will update if there is any progress. At least a small handful, and probably more, people have done this already.

    At a minimum, do this first: fastboot flash bootloader --slot all bootloader-devicename-slider-1.2-3456789.img (change the name of the bootloader file to the one for your device), then you *should* be much safer than without doing that first. Also note that the bootloader is NOT the same as boot.img (kernel). The bootloader image file has "bootloader" in the filename.

    IF you have already bricked your phone and the screen is blank - there is likely nothing we can do to help. You should seek to get a repair from Google, possibly under warranty.


    You CANNOT go back to Android 12 Stable. It *seems* as if you can, but Android 12 will not work 100% correctly after updating to the Android 13 bootloader.

    My tiny, early, very mini-review of Android 13 is here.

    Note that this is mainly for the officially listed "Unlocked" Pixel 6 Pro, available directly from the Google Store. All of this will also apply to any other (carrier-specific) variant of the Pixel 6 Pro which you can achieve an unlocked bootloader on. This includes T-Mobile and AT&T variants. It's likely Verizon variants will never be able to unlock their bootloader, or if so it will require paying the right person to do so.

    Feel free to ask about general questions, but for anything that's specific to your variant, you should use one of the other already existing threads. You'll find Verizon, AT&T, and T-Mobile-related threads in those respective search results.

    Here there be dragons. 🐉 I am not responsible for anything at all. 😹

    Unlocking or locking the bootloader will wipe the device every single time, so be sure to have your data backed up before doing so, or better yet, just unlock it as soon as you get the device.


    Keep in mind that unlocking the bootloader or rooting might affect your phone's capability to use banking apps such as Google Pay, your local bank's app, or even the ability to install some apps like NetFlix. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12

    If you're going to re-lock the bootloader, make sure the ROM you have on your phone is completely stock (by flashing the latest official firmware) BEFORE re-locking it.

    There are no negative consequences if you unlock or re-lock the bootloader other than it will wipe your phone, and while unlocked you get a brief screen when you boot the phone telling you (and anyone who sees your phone at the time) that the bootloader is unlocked. You will also continue to receive updates (if you've merely unlocked the bootloader, you can take updates as normal) unlike Samsung, Sony, et cetera, which have permanent major consequences with reduced functionality even if you un-root and re-lock your bootloader. If you're actually rooted (not just bootloader unlocked), you'll have to perform extra steps to manually update each month, and to keep root/re-root.


    All posts about Google Pay or banking will be reported to be deleted. Please keep this thread on-topic. There are at least one or two other How To Guide threads in this section in which folks discuss how to get around banking app restrictions when you're rooted or just have an unlocked bootloader. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12
    If users persist in discussing banking apps in this thread, I will have this thread locked and only update this first post when there is new and updated information regarding the subjects of the title of the thread: Unlocking the Pixel 6 Pro bootloader, rooting, and TWRP. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12

    Honorable mention to @Jawomo's aodNotify - Notification Light / LED for Pixel 6 Pro! (XDA link) / Notification light / LED for Pixel - aodNotify (Play Store link), which in my opinion restores useful functionality missing in most phones these days. It also solves some subjective issues some folks have with AOD (Always On Display), and/or solves/works around the problem where AOD is required for the optical fingerprint reader to work without the screen being on.​


    Check warranty status - *may* reveal if a phone is refurbished, only if the phone was refurbished through Google - thanks to @Alekos for making me aware of the site.
    Official Google Pixel Update and Software Repair (reported as of January 23, 2022 to still not be updated for the Pixel 6/Pro yet)

    Google's Help Page for Find problem apps by rebooting to safe mode - this can be a lifesaver and keep you from having to do a restore to 100% complete stock or even from having to do a factory reset. This will deactivate all Magisk modules, and they'll remain deactivated even after you boot normally after briefly booting to safe mode. You can reenable the Magisk modules as you wish to try to narrow down the problem if it was caused by a Magisk module. This can even get things working again after a Magisk Module wasn't finished installing and potentially causing a bootloop.

    Official Google Pixel Install fingerprint calibration software (also available at the bottom of the Update and Software Repair page above) - I believe this is only helpful if you've replaced the screen
    Official Google Android Flash Tool (OEM Unlocking needs to be toggled on - you may not have to manually unlock the bootloader - the "site" will do that on its own)
    OEM unlocking in developer options needs to be toggled on. I don't "believe" you have to actually do the "fastboot flashing unlock" command.

    ADB/Fastboot, Windows Drivers, and unlocking the bootloader (thanks @sidhaarthm for confirming unlocking the bootloader works as intended, be sure to thank him in his post)
    • You'll need this if you're going to unlock the bootloader on your Pixel 6 Pro: SDK Platform Tools (download links for Windows, Mac, and Linux). Note that you can find links to download the tools elsewhere, but I wouldn't trust them - you never know if they've been modified. Even if the person providing the link didn't do anything intentionally, the tools could be modified without them being aware. Why take a chance of putting your phone security further at risk?
    • For Windows, get Google's drivers here Get the Google USB Driver (ADB will likely work while the phone is fully booted, but if you're like me, you'll need these drivers for after you "adb reboot-bootloader", to be able to use ADB and Fastboot.
    • Thanks to @96carboard for posting the details of unlocking the bootloader, be sure to thank him in his post. Unlocking or locking the bootloader will wipe the device every single time, so be sure to have your data backed up before doing so, or better yet, just unlock it as soon as you get the device. Keep in mind that unlocking the bootloader or rooting might affect your phone's capability to use banking apps such as Google Pay, or your local bank's app. If you're going to re-lock the bootloader, make sure the ROM you have on your phone is completely stock (by flashing the latest official firmware) BEFORE re-locking it. My experience on my Pixel 1 was that there were no negative consequences if you unlock or re-lock the bootloader other than it will wipe your phone, and while unlocked you get a brief screen when you boot the phone telling you (and anyone who sees your phone at the time) that the bootloader is unlocked. All of this should still be the case. You will also continue to receive updates. Unlike Samsung, Sony, et cetera, which have major consequences with reduced functionality even if you un-root and re-lock your bootloader. If you're actually rooted (not just bootloader unlocked), you'll have to perform extra steps to keep root/re-root.:


      The unlock process works like this:

      1) Take brand new fresh phone out of box. Do NOT put sim card in it, just power it on (you can put a SIM card if you want, you just don't have to).
      2) When it starts harassing you to join Google, hit "skip" and "remind me tomorrow" as applicable until you reach home screen. YOU DO NOT need to plug in a google account.
      3) Settings --> About --> Build number. Repeatedly tap it until it says you're a developer.
      4) Back --> Network --> WiFi and connect it.
      5) Back --> System --> Developer --> OEM unlocking (check), USB debugging (check), plug in USB, authorize on the phone when requested.

      Using the Platform Tools previously mentioned in command line/terminal:
      6) #
      Code:
      adb reboot-bootloader
      7) #
      Code:
      fastboot flashing unlock

      Now that you've unlocked it, it has been wiped, so repeat 1-4, then disable all the google spyware, and go ahead and start using it while waiting for aosp and root.

      Official Instructions for Locking/Unlocking the Bootloader
    Personally, I would always use the official drivers Google provides unless they just don't work for whatever reason: Get the Google USB Driver (this is for Windows). They work for me. They are rarely updated, but they are every once in a great while, sometimes years in-between.
    I agree with this. be careful using drivers or adb/fastboot tools. Some are fine, but there's no need for it really anymore. Google has made it very easy to install drivers and Platform-Tools (adb/fastboot tool).

    Google provides the Fastboot/ADB tool (Platform-Tools) and Google USB Drivers (adb/fastboot interface). This will allow any Pixel to interface with Windows using the fastboot/adb protocol. Official Google USB Driver includes support for both the Fastboot and ADB driver interface. There are 3 main drivers (Fastboot, ADB and MTP/Portable File Transfer). The MTP/Portable File Transfer driver is built-in to Windows 7-11.

    Fastboot/ADB Driver Interface - Official Download Link:
    When flashing a full image or unlocking your bootloader, the fastboot interface is being used.

    First Download official Google USB Drivers (it's a zip file). Extract the zip (important!). Right-click on the android_winusb.inf file and hit install. You can then restart your phone to the Bootloader Screen (hold vol-down while it restarts or turns on). When you plug in your phone, Windows Device Manager will show a new device at the top: Android Device: Android Bootloader Interface.

    Using the ADB interface: It's the same driver. Enable USB Debugging on your phone, then plug it in to your computer. A prompt will appear on your phone (to allow USB Debugging). The driver in Device Manager will appear as Android Device: Android Composite ADB interface.

    Now you can download and use Platform-Tools to flash an Android Image, OTA or run adb/fastboot commands.
    Official Download Page
    "Android SDK Platform-Tools is a component for the Android SDK. It includes tools that interface with the Android platform, such as adb, fastboot, and systrace"

    It's best to make Platform-Tools available system-wide. Download Platform-Tools from the above link and extract it to your C:\ drive - that way you will have a folder to add to the PATH Environment under Window System Properties Menu, Advanced, Environment Variables, System Variables, PATH (google how to do this, very easy). What this does is allow adb/fastboot commands to be run from anywhere in the system, so you don't have to be in the platform-tools folder to run adb/fastboot commands and flash an Android Image (Official or Android Fork such as ProtonAOSP).

    Rooting-related


    No longer applies - Things that make rooting more complicated on Android 12
    @V0latyle posted a new thread with some very important and fascinating information about the increased difficulty to root Android 12: Read this before rooting. Be sure to thank him there.

    A list of the other important guides - be sure to thank the respective OPs
    For all relevant guide threads just click the yellow "How To Guide" quick filter above the list of threads in the Pixel 6 Pro section.


    TWRP (not made for the Pixel 6 Pro yet - will update when it has)
    I would guess that this should be the appropriate URL for official TWRP custom recovery for the Pixel 6 Pro, but who knows when/if that will actually be made available, and it may become available unofficially in these forum sections before being made official. I'll adjust this URL as needed. https://twrp.me/google/googlepixel6pro.html.

    Custom kernels for stock ROM(s)

    Factory Images (requires an unlocked bootloader)
    It's also handy to have to the full official firmware available, whether it's to recovery from accidents or for actual development. Note the official link to the general Factory Images for Nexus and Pixel Devices page. The following link goes directly to the Pixel 6 Pro (Raven) section: Pixel 6 Pro Factory Images. I prefer to actually bookmark a link to the device listed immediately below the device I want the firmware for, because Google dumbly (in my opinion) puts the latest firmware at the bottom of the list for each particular device, and that ends up making you scroll a lot after a year or two of monthly updates.

    Note: You can still get the December 2021 Factory Images and OTA from this thread, if you need them for any reason: Alternate links to December - all full factory images and OTAs available

    Full OTA Images (doesn't require an unlocked bootloader)

    The usefulness of having Verity and Verification enabled (now that it's not needed for root) - post #2 below.

    Regarding P6P 5G model numbers and capabilities - post #3 below.

    List of all Pixel monthly security bulletins and Play System Updates - post #4 below.

    How I root and update (which is identical whether rooting the first time or updating):
    • Use the latest Magisk Stable (in my case, I keep the app "hidden" / renamed)
    • Used the full firmware zip, extracted to the same folder as the latest Platform Tools (S:\platform-tools)
    • Extracted the new boot.img
    • Copied new boot.img to the phone
    • Patched the new boot.img with Magisk Stable
    • Renamed Magisk'd boot.img so I know what version of firmware it's for
    • Copied the Magisk'd boot.img back to the computer
    • Disabled all my Magisk Modules
    • Removed the "-w " from the flash-all.bat
    • Re-edited the flash-all.bat to verify I saved it with the "-w " taken out
    • Open a Command Prompt, navigated to S:\platform-tools
    • adb reboot bootloader
    • flash-all.bat
    • Let phone boot, unlock it, check that it's working, allow the update process to finish (gave it five minutes or so)
    • adb reboot bootloader
    • fastboot flash boot kernel.img (renamed Magisk'd boot.img)
    • fastboot reboot
    • Unlock, check everything's working
    • Re-enabled the most basic Magisk Modules which I was sure wouldn't cause a critical issue
    • Reboot, unlock, made sure everything's working
    Back to modding!

    I may append these first four posts with further useful information or links as needed.
    16
    The unlock process works like this;

    1) Take brand new fresh phone out of box. Do NOT put sim card in it, just power it on.
    2) When it starts harassing you to join google, hit "skip" and "remind me tomorrow" as applicable until you reach home screen. YOU DO NOT need to plug in a google account.
    3) Settings --> About --> Build number. Tap it until it says you're a developer.
    4) Back --> Network --> Wifi and connect it.
    5) Back --> System --> Developer --> OEM unlocking (check), USB debugging (check), plug in USB, authorize when requested.
    6) # adb reboot-bootloader
    7) # fastboot flashing unlock

    Now that you've unlocked it, it has been wiped, so repeat 1-4, then disable all the google spyware, and go ahead and start using it while waiting for aosp and root.
    16
    I'm less concerned about the steps/commands as I am with how you updated (auto OTA, sideload, factory image), whether you booted to Android 13, and what happened when you rolled back (I assume using the factory image)
    Used a factory image and booted into Android 13. Auto OTA and a sideload of the full OTA will end in the same result as both use update_engine. I did boot into Android 13 so the ARB counter did get incremented.
    Downgraded by just forcing Android 12 system image with a wipe, switched slots, and did it again. It might be able to be done with a full OTA, but I didn't test it because of the following issue:

    Android 12 doesn't work properly on the Android 13 bootloader.

    It boots up just fine, appears to work just fine, made and received calls and texts, however the issue @bush911 had with WebView crashing is true. It's more than just WebView, the media DRM APEX immediately crashes. WebView crashes sometime after launch when it tries to find out if ClearPlay or WideVine are functional, and DRM Info crashes immediately when I try to launch it. Without DRM working that means you won't be able to play some music or movies and won't be able to use Netflix or any other streaming app.
    There might be more systems or modules nonfunctional, but without working browsers your smartphone isn't going to be more useful than a dumbphone.

    @roirraW "edor" ehT
    So I guess it's time to retract that you can revert to Android 12, because until a modder comes along to cook up a custom Android 12 ROM with Android 13 APEXs or patched ones it won't work.
    15
    SDK Platform Tools updated to v33.0.1 (March 2022):

    33.0.1 (March 2022)​

    • adb
      • Fixes Windows mdns crashes.
      • Fixes enable-verity/disable-verity on old devices.
      • Fixes "install multiple" on old devices
      • Improves the help output to include all supported compression methods.
    13
    Just to let everyone know, updating to .037 and re-rooting (without wiping anything) worked with no problems. My method is to just replace -w with --disable-verity --disable-verification in the flash-all.bat file and run the flash-all command. I then let it reboot, patch the boot image, return to bootloader and flash the patched boot image.

    Canary 23014

    EDIT: Thank you @ipdev for confirming my inquiry that this method would work back on Nov. 4 👍