• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Question Read this before rooting your Raven

Search This thread
Firmware is out
I don't have the experience with messing with dm-verity so I can't answer for sure (someone else correct me if I'm wrong), but I think it's a one time thing, so long as you don't flash vbmeta again without it? So basically don't use flash-all and flash the images manually, skipping vbmeta.

V0latyle was also saying that the requirement was worked around on the other Pixels anyway so it might not even be required by the next monthly patch.

In fact, re-reading his message again I could probably have got stock to boot again if I re-flashed vbmeta, which just shows my lack of experience with the newer Pixels.
The solution, if you can call it that, was to avoid the automatic OTA; instead, sideload the OTA via ADB, then enter fastboot without rebooting, and flash /vbmeta and /boot.

Still not 100%, I tested this on my Pixel 5 and got stuck at rescue party too...with the stock images.

If it makes you feel any better, those of us who updated to Android 12 already have another update notification, but the OTA hasn't been posted to Google yet, so there's no way to compare the build number.
 

Quinny899

Recognized Developer / Recognized Contributor
Jan 26, 2011
8,641
7,910
24
Salford, Greater Manchester, UK
quinny898.co.uk
1635445408510.png


Confirmed.
 

Quinny899

Recognized Developer / Recognized Contributor
Jan 26, 2011
8,641
7,910
24
Salford, Greater Manchester, UK
quinny898.co.uk
Awesome.

Did you get the "your system may be corrupted" message after flashing /vbmeta and /boot?

I'm wondering if perhaps the issue was the previous version of Magisk.
Yes, after flashing just boot (before I realised you had to do vbmeta too), and also after. Not sure if the latter was due to the former, but I'd guess it probably still happens if you flash boot *and* disable vbmeta in one swoop.

FYI, "Your system may be corrupted" is what I refer to as Rescue Party, because it does the same thing (though it might be something different as Rescue Party is in the system and it didn't get that far): https://source.android.com/devices/tech/debug/rescue-party
 
Yes, after flashing just boot (before I realised you had to do vbmeta too), and also after. Not sure if the latter was due to the former, but I'd guess it probably still happens if you flash boot *and* disable vbmeta in one swoop.

FYI, "Your system may be corrupted" is what I refer to as Rescue Party, because it does the same thing (though it might be something different as Rescue Party is in the system and it didn't get that far): https://source.android.com/devices/tech/debug/rescue-party
Yeah, that's Rescue Party. Us Pixel 5 guys still haven't figured out why that's happening.

Might be something to do with Magisk and ramdisk, I have no idea.
 

Lughnasadh

Senior Member
Mar 23, 2015
2,347
1,764
Google Nexus 5
Huawei Nexus 6P
Firmware is out

The solution, if you can call it that, was to avoid the automatic OTA; instead, sideload the OTA via ADB, then enter fastboot without rebooting, and flash /vbmeta and /boot.

Still not 100%, I tested this on my Pixel 5 and got stuck at rescue party too...with the stock images.

If it makes you feel any better, those of us who updated to Android 12 already have another update notification, but the OTA hasn't been posted to Google yet, so there's no way to compare the build number.
If I'm understanding this right, then flashing the factory image with the -w removed from the flash-all.bat file "may" not work because after you do that it automatically reboots and you want to avoid rebooting before disabling dm-verity? Or did this just pertain to going from Beta to Stable 12?

Trying to understand this because it seems that if you flash the factory image with the -w removed, you are on an unrooted/unmodified boot.img so having to disable dm-verity shouldn't be needed at that point because you aren't rooted when it automatically boots up after flashing the factory image. And that when disabling dm-verity is needed is before you boot up with a patched boot image.

Does that make any sense?
 
If I'm understanding this right, then flashing the factory image with the -w removed from the flash-all.bat file "may" not work because after you do that it automatically reboots and you want to avoid rebooting before disabling dm-verity? Or did this just pertain to going from Beta to Stable 12?

Trying to understand this because it seems that if you flash the factory image with the -w removed, you are on an unrooted/unmodified boot.img so having to disable dm-verity shouldn't be needed at that point because you aren't rooted when it automatically boots up after flashing the factory image. And that when disabling dm-verity is needed is before you boot up with a patched boot image.

Does that make any sense?
You can dirty flash the system image if you want; honestly I don't see the point vs sideloading the OTA. So far, the only way of (possibly) avoiding Rescue Party and a data wipe is to use the OTA > fastboot method.

However, if you want to start completely clean, you can add the disable flags when you flash the system image:
Code:
fastboot update -w --disable-verity --disable-verification raven-image.zip

When the update completes, you can force bootloader via key combo, flash the patched boot.img, and boot into fresh Android 12 with root.

On the other hand, if you don't care about root, then yes, you can either OTA or dirty flash factory, it makes no difference.
 

Lughnasadh

Senior Member
Mar 23, 2015
2,347
1,764
Google Nexus 5
Huawei Nexus 6P
You can dirty flash the system image if you want; honestly I don't see the point vs sideloading the OTA. So far, the only way of (possibly) avoiding Rescue Party and a data wipe is to use the OTA > fastboot method.

However, if you want to start completely clean, you can add the disable flags when you flash the system image:
Code:
fastboot update -w --disable-verity --disable-verification raven-image.zip

When the update completes, you can force bootloader via key combo, flash the patched boot.img, and boot into fresh Android 12 with root.

On the other hand, if you don't care about root, then yes, you can either OTA or dirty flash factory, it makes no difference.
Thanks for that info. Yeah, for the last several years I'm just used to flashing the factory image without the -w to keep data, having it automatically boot without being rooted, then patching the boot image, and going back an flashing that.

But it sounds like now may be the method du jour would be to just sideload the OTA and go from there.

Sounds good 👍
 
Last edited:

Quinny899

Recognized Developer / Recognized Contributor
Jan 26, 2011
8,641
7,910
24
Salford, Greater Manchester, UK
quinny898.co.uk
On the Magisk note, I just tried using Magisk stable to see if I could get Hide working, but it fails to extract the boot image. I would guess that the patching updates mentioned in the changelog are important: https://cdn.jsdelivr.net/gh/topjohnwu/[email protected]/notes.md

This does mean we're "stuck" with zygisk, though modules are adding support pretty fast so it's not the end of the world.
 
On the Magisk note, I just tried using Magisk stable to see if I could get Hide working, but it fails to extract the boot image. I would guess that the patching updates mentioned in the changelog are important: https://cdn.jsdelivr.net/gh/topjohnwu/[email protected]/notes.md

This does mean we're "stuck" with zygisk, though modules are adding support pretty fast so it's not the end of the world.
I was able to use Canary 23001 on the Pixel 5.

To pass SafetyNet on 23010/23011, you'll have to use pre-Riru Universal SafetyNet Fix (v1.2.0) and MagiskHide Props Config. USNF 2.0.0+ was written for Riru, which is not compatible with Zygisk.
 

Quinny899

Recognized Developer / Recognized Contributor
Jan 26, 2011
8,641
7,910
24
Salford, Greater Manchester, UK
quinny898.co.uk
I was able to use Canary 23001 on the Pixel 5.

To pass SafetyNet on 23010/23011, you'll have to use pre-Riru Universal SafetyNet Fix (v1.2.0) and MagiskHide Props Config. USNF 2.0.0+ was written for Riru, which is not compatible with Zygisk.
23001 doesn't work either sadly. USNF 1.2.0 also rejects Android 12, but there's an early build of 2.0 here that is pre-riru and installs fine. Someone on Reddit linked that. Not got it to pass yet, working on it.
 
Whoa--so you are seeing that with >P4a (and P6/P), one can update via OTA sideload and gain permanent root without having to wipe (with verity flags, of course)?
Potentially. Not a guarantee by any means.

The trick is to sideload the OTA, then immediately enter fastboot and flash vbmeta and boot.
 

Ingenium13

Senior Member
Dec 25, 2006
376
161
Pittsburgh, PA
You can dirty flash the system image if you want; honestly I don't see the point vs sideloading the OTA. So far, the only way of (possibly) avoiding Rescue Party and a data wipe is to use the OTA > fastboot method.

However, if you want to start completely clean, you can add the disable flags when you flash the system image:
Code:
fastboot update -w --disable-verity --disable-verification raven-image.zip

When the update completes, you can force bootloader via key combo, flash the patched boot.img, and boot into fresh Android 12 with root.

On the other hand, if you don't care about root, then yes, you can either OTA or dirty flash factory, it makes no difference.
You can likely remove -w and add --skip-reboot so that you can flash patched boot without rebooting. That's how I historically did the updates: extract boot.img and patch. Reboot to bootloader, replace -w with --skip-reboot in the flash-all script, then fastboot flash magisk patched boot. That might be enough to avoid Rescue Party?
 
You can likely remove -w and add --skip-reboot so that you can flash patched boot without rebooting. That's how I historically did the updates: extract boot.img and patch. Reboot to bootloader, replace -w with --skip-reboot in the flash-all script, then fastboot flash magisk patched boot. That might be enough to avoid Rescue Party?
Unsure, although probably not TBH.
 
  • Like
Reactions: roirraW "edor" ehT
You guys are amazing. Fastest from open box brand new phone to root I've ever had.

FYI, the patching process works for Fi as well as Verizon, though I hadn't accepted the OTA prior to patching. I did have to do the wipe after the verity, but I'd just opened the box and wiped for the unlocked bootloader anyway, so literally lost zero data.

root working, I'm transferring files now. Not sure about banking apps, etc., but I only had a few apps in my MagiskHide on my old Pixel 3 (Peacock, Google Pay and my banking apps). Guessing they'll work with deny now.
 

Cares

Senior Member
Dec 2, 2010
1,516
271
Google Pixel 4 XL
Google Pixel 4a
You guys are amazing. Fastest from open box brand new phone to root I've ever had.

FYI, the patching process works for Fi as well as Verizon, though I hadn't accepted the OTA prior to patching. I did have to do the wipe after the verity, but I'd just opened the box and wiped for the unlocked bootloader anyway, so literally lost zero data.

root working, I'm transferring files now. Not sure about banking apps, etc., but I only had a few apps in my MagiskHide on my old Pixel 3 (Peacock, Google Pay and my banking apps). Guessing they'll work with deny now.

All my apps work fine with MagiskHide and Zygist. Unfortunately I can't pass any part of SafetyNet so I can't use GPay and Chase bank also prevents biometrics with root detected.
 

bd177

Senior Member
Jan 26, 2010
478
143
Tonawanda NY
Incorrect. DM verity and vbmeta verification MUST be disabled to run a patched boot image. This is true regardless of whether it's the 12 Beta or the public release.


Remove Magisk via the Uninstall option within the app; first use Restore Images, then use Complete Uninstall. This will restore the boot image, so you don't have to. It will then reboot the phone.

At that point, yes, you would install the older version of Magisk, then root as usual by patching the boot image.
I rooted the android 12 release version on my Pixel 4XL by patching the boot image. I first adb sideloaded the OTA image then rebooted from recovery to bootloader and fastboot flashed the magisk boot image. I didn't do anything else. The only thing that doesn't work are GPay etc.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 8
    Alright, so it's possible. Props to @snovvman for linking the vvb2060 repo, because if you read into the bits in English on the telegram, you'll discover that it has MagiskHide still, as an option.

    So:
    Download the latest alpha build from https://t.me/magiskalpha
    Install it by patching the boot image and flashing in fastboot. You might be able to do a direct install, but I patched it manually and checked it booted with fastboot first first to be safe.
    After it boots, you may need to uninstall a hidden Magisk manager if you didn't already - at this point the alpha build will take over, and tell you it needs to install some files and reboot, allow it.
    After rebooting, go into the Magisk settings and disable Zygisk. A magisk hide option will magically appear. Reboot.
    Install Riru and the latest Universal SafetyNet Fix. There's no repo in the build, so you need to get these from GitHub. I also have MagiskHide Props Config installed, but not with any BASIC spoofing enabled, just installed - not sure if that's required. Doesn't seem to be required.
    Reboot.
    Make sure you have Play Services unstable and snet added to your DenyList (it's still called DenyList, but it's Hide)

    Job done!

    1635533860772.png
    6
    i can't take it anymore. So, why does everyone feel the need to "update" every month? I can see if Google decides to release some "Revolutionary" camera update or something. But just for a security update? lol what a joke that's been running for about 3 years or better
    Because I'm lazy, I update every other month, or every third month (unless the new update includes quadruple battery life), but I don't fault those who want, like, or feel the need to update monthly.

    As crazy as it sounds, some users just ENJOY tinkering, flashing, and messing with their devices and a fresh, new monthly factory image is the perfect excuse to do just that.

    I used to be one of those! I also used to underclock CPUs, GPUs, lower screen brightness, keep a 98% dark wallpaper, and Greenify everything app under the sun JUST to increase my SOT by 30 minutes :p

    But like the monthly factory update, I am now too lazy and no longer care about having to plug my device in once a day :D

    As for those who still squeeze every drop of life out of their battery, who enjoy updating the factory image every, single, month; good for you, keep on enjoying your device the way you prefer.

    For those, like me, who are too lazy or no longer care about living on the developmental razor's edge, good for us.
    4
    Just curious, has anyone here been able to root WITHOUT having to factory reset or wipe data? I think the answer is no but just want to make sure nothing has slipped through the cracks.

    If Google releases their security updates for this phone on Monday (not sure if the release will be higher than .036 though), may give us another chance to see if factory resetting/wiping data is needed on a previously rooted (or previously wiped vbmeta) device while updating.
    This problem began with the 12 Beta on the 4a 5g, 5, and 5a. We didn't have to wipe data, however.

    According to @ipdev , it may be because Android 12 uses Boot Header v4; Android 11 used Boot Header v3. That may be the issue we are dealing with; it's entirely possible that Magisk does not properly patch the v4 boot images. That's just an educated guess, we don't know for sure what is causing the problem.

    Thus far, we have only found one way that seems to allow update and root without wipe, but even then, it's not completely reliable. Basically, you sideload the OTA in recovery, then WITHOUT REBOOTING, you then enter fastboot, and reflash /vbmeta and /boot from there.

    If you take the automatic OTA, or you dirty flash the factory image, then reflash vbmeta, you'll get dumped into Rescue Party until you wipe.
    Something is off with my installation of Magisk, I am unable to check for Safetynet. Any suggestions on how to fix?
    It's not off. Magisk 23010 removed that function; you'll have to use a separate app.

    I STRONGLY recommend that if you need SafetyNet to pass, use Magisk 23001.
    4
    @V0latyle this is the one!
    Please update the OP with these instructions.
    I'm now passing SafetyNet. Who knew you could disable Zygisk and get magiskhide working! (Using the alphabuild from telegram)
    Thank you so much Quinny -

    EDIT, had to do this for banking app to workhttps://forum.xda-developers.com/t/santander-app-is-not-working-on-custom-rom-or-root-device.3794753/page-5#post-77321403
    Yeah, I'm not really going to post a root app from a questionable source in one of my guides. It's already getting rather dangerous with lots of fake websites hosting "Magisk". Fortunately, the Github is still the first result on Google, but it's immediately followed by 3-4 questionable sites.

    I'm glad it worked for you though, feel free to share the news.

    The problem is, 23001 won't work with the P6P. Won't patch the stock boot img. I've even tried patching the stock img with 23011, uninstalling 23011, rebooting to fastboot, loading the patched boot.img, then installing 23001 manually, and it won't allow me to do basically anything. Hide immediately resets when leaving the menu, none of the modules will install successfully, and no root request notifications (such as from an su command in adb shell) will work, even though 23001 shows as "installed."

    A full 23011 will root, but none of the known workarounds for SN function, no hide, no riru.

    Kind of a catch-22 right now.
    Yeah I see a few others are having that same issue. It looks like beyond basic root access, Magisk is kinda useless on the P6 until it's updated.
    4
    Which instructional steps would you suggest I use for being on the latest update and not bothered about losing data, to get permanent root (not lost on reboot)?
    Sorry I took so long to reply. I'm not an expert and shouldn't be considered one, but I've gotten so much help from XDA forums over the years I feel bad not contributing if I've got even 1% knowledge to help.

    So, here's what I did...

    1. Download factory image from Google, Riru & USNF from GitHub and MagiskAlpha from Telegram.
    2. Unlock bootloader (and factory wipe; all the developer mode, USB debugging and adb/fastboot + Google USB driver information applies as normal)
    3. Install MagiskAlpha, patch the factory boot.img
    4. fastboot flash with verity first, then fastboot flash boot the MagiskAlpha modded boot img, then reboot.
    5. You've now achieved root and have the ability to use MagiskHide. Do so, add all of Google Play services to the deny list, hide MagiskAlpha, install Riru module, reboot.
    6. Add USNF module. Reboot.

    should now have persistent root and pass SN. Add your DRM and banking apps to the deny list as necessary. May have to clear your Google Play data.
  • 18
    For those of you who are planning on rooting:

    Be aware that Android 12 changed the way boot images are loaded, at least on the Pixel 4, 4a, and 5. We have no reason to believe the Pixel 6/Pro will be any different.

    Two new Verified Boot features implemented in Android 12 will interfere with attempts to root.

    Dm-verity (device-mapper-verity) is a method by which an image on block devices (the underlying storage layer of the file system) can be checked to determine if it matches an expected configuration, using a cryptographic hash tree. If the hash doesn't match, dm-verity prevents the stored code from loading.

    Vbmeta verification is the other half of this - it provides a cryptographically signed reference hash which is used to verify the integrity of /boot, /system, and /vendor partitions. The vbmeta image is only used to verify /boot, while vbmeta-system is used to verify /system.

    This was implemented to prevent persistent rootkits by means of a hardware level security check, to prevent "potentially harmful applications" such as Magisk from evading detection, as such applications residing within the kernel will have higher privileges than the detection applications.

    What this means is that with these two enabled, a modified boot image will cause a verification error when flashed to the device, preventing boot. Interestingly, this check is not performed against "live" boot images loaded via ADB, so with dm-verity and vbmeta verification enabled, a modified image can be booted as long as the image in /boot is intact.


    Dm-verity and vbmeta verification will need to be disabled in order to flash a rooted boot image. Unfortunately, this means that you will have to wait for the factory firmware to be released.

    fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img

    We also discovered that a data wipe is required in order to get permanent root; flashing /vbmeta with the disable flags gets you stuck in recovery with "Unable to load Android system, your data may be corrupted" error if you didn't wipe /data when you upgraded. To be clear, this only happens in a specific circumstance:
    * You updated to Android 12 without a wipe, AND
    * You reflash vbmeta with the disable flags


    Here are some threads in the Pixel 5 forum on the matter:
    12
    Cheers for this, much appreciated. I can confirm (yet again) that you have to do disable-verity to root the P6 Pro. It's early enough since getting the phone (literally today) that wiping data isn't too much of a hassle at this stage IMO.

    Factory images are now up, I've just booted a freshly wiped phone with a magisk patch image, transferring stuff again now :)
    8
    Alright, so it's possible. Props to @snovvman for linking the vvb2060 repo, because if you read into the bits in English on the telegram, you'll discover that it has MagiskHide still, as an option.

    So:
    Download the latest alpha build from https://t.me/magiskalpha
    Install it by patching the boot image and flashing in fastboot. You might be able to do a direct install, but I patched it manually and checked it booted with fastboot first first to be safe.
    After it boots, you may need to uninstall a hidden Magisk manager if you didn't already - at this point the alpha build will take over, and tell you it needs to install some files and reboot, allow it.
    After rebooting, go into the Magisk settings and disable Zygisk. A magisk hide option will magically appear. Reboot.
    Install Riru and the latest Universal SafetyNet Fix. There's no repo in the build, so you need to get these from GitHub. I also have MagiskHide Props Config installed, but not with any BASIC spoofing enabled, just installed - not sure if that's required. Doesn't seem to be required.
    Reboot.
    Make sure you have Play Services unstable and snet added to your DenyList (it's still called DenyList, but it's Hide)

    Job done!

    1635533860772.png
    6
    The loss of "Hide Magisk" in the lastest release means a few of my apps (banking and work expense) are not going to work if I root my Pixel 6 P. So disappointing. I will miss GravityBox the most, but will learn to live without it.
    Magisk 23010 has DenyList, which works exactly like MagiskHide. However, getting Safetynet to pass is more complicated, as Riru is not compatible with 23010, so you can't use Universal SafetyNet Fix 2.0.0 or newer. So, I went back to Magisk 23001.