• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Root guide (updated)

Search This thread

Hollingsworth90

New member
Sep 19, 2021
4
0
So I'm got back from work/the movies and I tried again with version 8.06 of magisk and I got root! I'm happy but I just have to figure out why I keep getting permission denied in the adb shell.

I got it! I needed to toggle shell in the superuser section of magisk.
 
Last edited:

LocBox

Senior Member
Aug 16, 2009
158
17
So I'm got back from work/the movies and I tried again with version 8.06 of magisk and I got root! I'm happy but I just have to figure out why I keep getting permission denied in the adb shell.

I got it! I needed to toggle shell in the superuser section of magisk.
tried that too...still frozen keygaurd lockscreen.
 

cd85233

Senior Member
Jun 21, 2007
226
14
tried that too...still frozen keygaurd lockscreen.
I just went through this. Make sure the device is also on 2021.817.36. Go look at the build number. Mine was not updated and would not work. I let the device update and then re did the steps from creating the img from magisk and it all worked.
 

NexusPenguin

Senior Member
Sep 21, 2013
1,202
702
Xiaomi Mi 11
I just went through this. Make sure the device is also on 2021.817.36. Go look at the build number. Mine was not updated and would not work. I let the device update and then re did the steps from creating the img from magisk and it all worked.
Good to know that.

I will probably order one from Amazon in the US.
AT&T locked but it seems it can now easily be unlocked.

And then I'll root it and report here if everything went smoothly.

Regards.
 

IrishKevin

Member
Jun 4, 2018
10
0
I've rooted a few Xiaomi devices so I'm not exactly new to rooting, but I can't get past:
16. in powershell, run
Code:
.\fastboot.exe boot .\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img

17. if your phone boots, that's a great sign and we're out of the woods, nothing else will probably go wrong from here, if it doesn't boot factory reset your phone and start at step 0.
The phone is just stuck on the Windows logo. Can reboot just fine but really at a loss as to what's going wrong as I've tried following the guide a few times now.

Edit: Okay after managing to get it to work and attempting to update to the latest Magisk version (just seeing what I could do, basically), my phone is now permanently booting to Bootloader. Can't even get it to boot to Recovery. I can enter EDL mode but can't find any solutions as to how to install recovery software from either mode.
 
Last edited:

LocBox

Senior Member
Aug 16, 2009
158
17
I just went through this. Make sure the device is also on 2021.817.36. Go look at the build number. Mine was not updated and would not work. I let the device update and then re did the steps from creating the img from magisk and it all worked.
problem is still persisting with the latest update. i stayed on stock last month just to start from scratch and it's still freezing the keyguard when i try to boot the magisk patched img
 

LocBox

Senior Member
Aug 16, 2009
158
17
I've rooted a few Xiaomi devices so I'm not exactly new to rooting, but I can't get past:

The phone is just stuck on the Windows logo. Can reboot just fine but really at a loss as to what's going wrong as I've tried following the guide a few times now.


Edit: Okay after managing to get it to work and attempting to update to the latest Magisk version (just seeing what I could do, basically), my phone is now permanently booting to Bootloader. Can't even get it to boot to Recovery. I can enter EDL mode but can't find any solutions as to how to install recovery software from either mode.
extract the boot.img from the stock recovery build and flash that in adb. use payload dumper to extract the boot from the stock recovery build...

Stock Recovery

Dumper
 

IrishKevin

Member
Jun 4, 2018
10
0
extract the boot.img from the stock recovery build and flash that in adb. use payload dumper to extract the boot from the stock recovery build...

Stock Recovery

Dumper
I tried that but always get this error:

"C:\Program Files\Python310>fastboot flash boot boot.img
Sending 'boot_b' (98304 KB) OKAY [ 0.309s]
Writing 'boot_b' FAILED (remote: 'Flashing is not allowed to this partition')
fastboot: error: Command failed"

Tried boot_a also but still the same problem. Seems I might need to send it off to Microsoft.
 

LocBox

Senior Member
Aug 16, 2009
158
17
I tried that but always get this error:

"C:\Program Files\Python310>fastboot flash boot boot.img
Sending 'boot_b' (98304 KB) OKAY [ 0.309s]
Writing 'boot_b' FAILED (remote: 'Flashing is not allowed to this partition')
fastboot: error: Command failed"

Tried boot_a also but still the same problem. Seems I might need to send it off to Microsoft.
try just booting from it instead of flash boot, so ./fastboot boot boot.img. then try to write it permanently to the partitions using the same method mentioned in the op.
 
Last edited:

LocBox

Senior Member
Aug 16, 2009
158
17
this frozen screen thing is driving me nuts. ive done this over and over and still the same results.
 

Nochlab1

Senior Member
Nov 6, 2017
144
39
I tried that but always get this error:

"C:\Program Files\Python310>fastboot flash boot boot.img
Sending 'boot_b' (98304 KB) OKAY [ 0.309s]
Writing 'boot_b' FAILED (remote: 'Flashing is not allowed to this partition')
fastboot: error: Command failed"

Tried boot_a also but still the same problem. Seems I might need to send it off to Microsoft.
did you fix it because i bricked mine and cant figure out how to fix
 

IrishKevin

Member
Jun 4, 2018
10
0
did you fix it because i bricked mine and cant figure out how to fix
Yes and no.

By running "fastboot --set-active=b" while in fastboot, you will swap the active partition to b. This was able to boot the phone using the other partition and functions normally, except there is no recovery mode available still. I didn't try to install Magisk or do anything with it as I wanted to fix partition a and restore the recovery mode but I couldn't find any way to do that. I thought a factory reset in partition b might help but it didn't as anytime I swapped back to partition a, the phone would not boot so I was back to square one. My phone was still in warranty so I locked the bootloader and sent it off to Microsoft as I'd rather not have a phone with no recovery options available.
 

Nochlab1

Senior Member
Nov 6, 2017
144
39
Yes and no.

By running "fastboot --set-active=b" while in fastboot, you will swap the active partition to b. This was able to boot the phone using the other partition and functions normally, except there is no recovery mode available still. I didn't try to install Magisk or do anything with it as I wanted to fix partition a and restore the recovery mode but I couldn't find any way to do that. I thought a factory reset in partition b might help but it didn't as anytime I swapped back to partition a, the phone would not boot so I was back to square one. My phone was still in warranty so I locked the bootloader and sent it off to Microsoft as I'd rather not have a phone with no recovery options available.
My issue is i flashed something in magisk that modified system so is not booting
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Just received my surface duo three days ago. I updated to the latest software and followed the directions given in the op and no dice. Everything works with no hiccups until I get to the magisk_patched.img part. The patched boot image flash fine but I get stuck into a bootloop every single time. Turning off the phone then back on fixes the bootloop but when it resets there is no root.

    I have tried with the magisk apk linked in this thread, the latest stable and also the latest canary version.

    I can not seem to figure this out. If anyone can help out or point me in the right direction to figuring out out I would appreciate thanks

    Edit 1 - AT&T locked version (waiting on my unlock code email - it's been about 18 hours since I requested the code)
    Someone already said , its not working with the latest update .
    I can't confirm that , as I didnt update to the latest .
    1
    Someone already said , its not working with the latest update .
    I can't confirm that , as I didnt update to the latest .
    I actually got it working and can report that it works for both the 2021.913.27 & 2021.1019.25 at&t locked builds.

    I don't know why it didn't work the first time around but the last few tries have worked flawlessly. I followed the instructions of the op and all is good. Up and rooted with the Nov.2021 update
    1
    anyone have the boot.img for November, Unlocked model? Payload dumper keeps giving me an error about missing an update.py file that i never needed before.
    You are in luck
    I just downloaded the latest image from microsoft a few minutes ago
    Not using my duo as primary so I am setting it up to stock to have it ready for android 11 , lol
    Here ( unlocked 128gb ) > https://www.mediafire.com/file/otohorv024wkhb7/boot.img/file
    1
    You are in luck
    I just downloaded the latest image from microsoft a few minutes ago
    Not using my duo as primary so I am setting it up to stock to have it ready for android 11 , lol
    Here ( unlocked 128gb ) > https://www.mediafire.com/file/otohorv024wkhb7/boot.img/file
    update - AND it is Rootable 🔫. Good freakin look man, i hadn't used this phone in months because of my root issue. :giggle:
  • 3
    Since the last guy hasn't been updating his op, I figured I'd start a fresh thread with what we know and what to do for newcomers.

    I will not be posting patched boot images in this thread, I'm a firm believer of "give you steps to follow from the top so you know what's going on and can do this yourself in the future". The more hands we have in the kitchen, the more we learn, and the better we are off as a community.

    Walkthroughs for both fresh rooting and updating while rooted are both below:

    ==== FRESH ROOT ====

    0. make sure USB debugging is on in settings > developer options
    0. make sure the phone's bootloader is actually unlocked, if the below doesn't work, back up all the data on your phone because we're about to wipe it
    Code:
    .\fastboot.exe flashing unlock
    .\fastboot.exe flashing unlock_critical
    I did both, but it might only require one of the two, if you only did one and it doesn't work you may not be fully unlocked and might have to do the other. Both of these commands from the bootloader will factory reset your phone. if you've already done this, go to step 1.

    1. go here https://support.microsoft.com/en-us/surface-recovery-image put in your serial number (can be found in settings) and download the latest recovery image

    2. download payload_dumper from here https://gist.github.com/ius/42bd02a.../48ffe1eee59af9a7da883d9ec7902d1507428dc4.zip

    3. download the latest platform-tools from here https://developer.android.com/studio/releases/platform-tools

    4. extract all three zips to the same folder, a folder on your desktop is fine, mine is just the name of the current MS zip archive (2021_314_91 at time of writing and used in the below examples)

    5. open powershell, and cd to that folder.

    6. from the folder, run it like this
    Code:
    PS C:\wherever\your\****\is\2021_314_91> python.exe -m payload_dumper ./payload.bin
    (this will extract a bunch of stuff, boot.img is all we care about today)

    6a. if you don't have python, get it from ninite https://ninite.com/pythonx3/ and go back to step 5/6 and try again

    7. download the latest version of magisk manager (the new magisk app may work, but I've not tested it, this is the exact version I am using on the exact phone you are using. If you feel like trying the app please report in the thread below!) https://github.com/topjohnwu/Magisk/releases/download/manager-v8.0.7/MagiskManager-v8.0.7.apk

    8. install magisk manager on your phone

    9. make a text file, I called mine magisk_channel.txt and put this in it
    Code:
    https://raw.githubusercontent.com/Lethany/magisk_files/0755a7d5f596dc2a351270120b31b665fb561294/stable.json
    this is the "custom" channel we are using to force an older version of magisk that doesn't choke on our device like newer versions do.

    10. use usb data transfer mode to copy the boot.img file we extracted from step 6 and the text file we created in step 8 to your phone's internal storage, I have a folder on the root of the internal storage directory called Z_Phone, but anywhere is fine as long as you know where it is and remember it later.

    11. in magisk manager, click the gear in the top right and then select "update channel" > "custom channel"

    12. use your duo's dank duo mode to open a file browser on the other screen, open the text file we made in step 9

    13. copy and paste the custom channel text into the custom channel field under update channel in magisk so it has the text from step 9 in it. (the text file just saves us typing it out by hand)

    14. go back to the magisk main screen, and click install next to "magisk"
    14b. click next
    14c. click "select and patch a zip file"
    14d. browse to the location we uploaded boot.img to in step 9 and select boot.img
    14e. click let's go
    (this will create the patched boot.img, it'll be named magisk_patched_[some garbage].img)

    15. open the internal storage on your PC again, and go to your phone's "downloads" folder, it'll have that patched boot.img (if you've tried this a bunch of times and don't remember which one we just made, feel free to delete all the old ones and do 14-14e again) copy this patched_boot.img to your computer, I just put it in that same folder as step 4

    16. in powershell, cd back to that same working folder we've been using and run
    Code:
    .\adb.exe reboot bootloader

    The phone will reboot to the bootloader and we can now try booting the patched image

    16. in powershell, run
    Code:
    .\fastboot.exe boot .\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img

    17. if your phone boots, that's a great sign and we're out of the woods, nothing else will probably go wrong from here, if it doesn't boot factory reset your phone and start at step 0.

    18. open an adb shell prompt and make our boot partitions writable with the below 4 lines, run one by one. Right now we're "rooted" but we've booted off an image over usb, what we really want is to boot off the images on your phone so we need to.
    Code:
    .\adb.exe shell
    su
    chmod 777 /dev/block/by-name/boot_a
    chmod 777 /dev/block/by-name/boot_b

    19. write the patched boot image to your boot partitions with the below lines, again run one by one
    Code:
    adb shell
    su
    dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_a
    dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_b
    (my patched boot image is in a folder called "Z_Phone" and my patched image is called "magisk_patched_ks4OZ.img" so my commands look like:
    Code:
    dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_a
    dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_b
    )

    20. reboot your phone via the power button menu and if all went well, you're now rooted!

    ==== UPDATE WHILE ROOTED ====

    1. go here https://support.microsoft.com/en-us/surface-recovery-image put in your serial number (can be found in settings) and download the latest recovery image

    2. download payload_dumper from here https://gist.github.com/ius/42bd02a.../48ffe1eee59af9a7da883d9ec7902d1507428dc4.zip

    3. download the latest platform-tools from here https://developer.android.com/studio/releases/platform-tools

    4. extract all three zips to the same folder, a folder on your desktop is fine, mine is just the name of the current MS zip archive (2021_314_91 at time of writing)

    5. open powershell, and cd to that folder.

    6. from the folder, run it like this
    Code:
    PS C:\wherever\your\****\is\2021_314_91> python.exe -m payload_dumper ./payload.bin
    (this will extract a bunch of stuff, boot.img is all we care about today)

    7. boot off of your old magisk patched boot image
    Code:
    .\adb.exe reboot bootloader
    .\fastboot.exe boot ..\[LAST VERSION'S FOLDER]\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img

    8. write the old, unpatched boot partition to your boot partitions with the below lines, again run one by one
    Code:
    adb shell
    su
    dd if=/sdcard/[PATH TO IMAGE]/boot.img of=/dev/block/by-name/boot_a
    dd if=/sdcard/[PATH TO IMAGE]/boot.img of=/dev/block/by-name/boot_b
    (my unpatched boot image is in a folder called "Z_Phone" and my unpatched image in this example is called "boot.img" so my commands look like:
    Code:
    dd if=/sdcard/Z_Phone/boot.img of=/dev/block/by-name/boot_a
    dd if=/sdcard/Z_Phone/boot of=/dev/block/by-name/boot_b
    )

    9. reboot

    10. run the OTA update on your now freshly stock phone

    11. use magisk to patch the new boot image same as in the first root instructions (14a-14e)

    12. copy this patched image off of the phone and into our working directory. leave a copy of this on the phone (I put it in my Z_Phone folder)

    13. reboot to bootloader (in powershell, in that same working folder we've been using run)
    Code:
    .\adb.exe reboot bootloader

    14. Boot your phone using the patched boot image (in powershell, run)
    Code:
    .\fastboot.exe boot .\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img

    15. write the patched boot image to your boot partitions with the below lines, again run one by one
    Code:
    adb shell
    su
    dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_a
    dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_b
    (my patched boot image is in a folder called "Z_Phone" and my patched image is called "magisk_patched_ks4OZ.img" so my commands look like:
    Code:
    dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_a
    dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_b
    )

    16. reboot and you're updated and rooted!
    3
    ...
    6a. if you don't have python, get it from ninite https://ninite.com/pythonx3/ and go back to step 5/6 and try again
    ...
    One hint for the ones also getting stuck after this step:
    You also have to install "Protobuf" with the Powershell command
    python -m pip install protobuf
    1
    For anyone who needs it, here is a patched boot.img for ATT Locked 2021_525_63
    1
    That's on a fresh install or after flashing the Magisk-modified boot.img?

    I'm about to restore with the recovery image & start this again, in case there's some different between OTA & recovery.

    EDIT: Doing a factory reset, ADB sideload of the recovery image, creating the new Magisk boot.img, & booting still doesn't work. I'm going to try the guide's version one more time to use the older version of Magisk Manager & the custom channel, but based on previous experience, I'm not hopeful. I only bought this as a device to have fun with because it can be rooted, so I'm regretting this purchase right now =\

    I do have the factory unlocked, not the ATT version. In my experience when your lockscreen touch input is not recognized, that happens when either the boot image doesn't match the factory image, or someone has used the factory unlocked boot on an ATT phone or vice-versa.

    I'd try a dirty flash of the complete applicable factory images (not just boot/recovery) and then factory reset, then start again from the top. It's possible one of your updates didn't complete or something's become inconsistent between A/B
    1
    I am in the same boat as Veritas is. My Duo is from ATT and hangs on the Microsoft logo as well. I am very new to rooting and what goes into it so a lot of this stuff I am seeing for the first time. How do I know if I have the correct boot? I went through the whole process of extracting the boot image from the recovery file for my phone off of the Microsoft website. Does that get me the right boot to use?