Root guide (updated)

Search This thread

NTchrist

Senior Member
May 10, 2011
58
32
Does anyone have a guide for how to flash each image via fastboot from the payload?

I'll be working on a guide today, doesn't seem too involved

Edit: looks like someone beat me to it:

 

LocBox

Senior Member
Aug 16, 2009
191
24
Microsoft Surface Duo
Hey, I'm running into an issue when trying to flash back the stock January boot image to partition A. I am trying to update to February, but it keeps telling me "Write error: Operation not Permitted". When I just boot off of the magisk image, I'm unable to access SU to go further.
 

LocBox

Senior Member
Aug 16, 2009
191
24
Microsoft Surface Duo
@NTchrist Again, I keep running into this issue when trying to make the unpatched permanent in adb, it tells me "write error: operation failed." This time i'm booted off of my old magisk image like usual, no idea why this keeps happening now.
 

pvillasuso

Senior Member
@NTchrist Again, I keep running into this issue when trying to make the unpatched permanent in adb, it tells me "write error: operation failed." This time i'm booted off of my old magisk image like usual, no idea why this keeps happening now.

posts 15-16-17
 
  • Like
Reactions: LocBox

LocBox

Senior Member
Aug 16, 2009
191
24
Microsoft Surface Duo
  • Like
Reactions: pvillasuso

LapinusTech

New member
Mar 24, 2018
3
0
Hi!
I can't seem to boot the Magisk image that I patched. I'm using an AT&T model that has been unlocked.
When I boot the patched boot.img, the device hangs on the MS logo for a few seconds, and then it reboots.
Could someone be so kind to help?
 

ch3mn3y

Senior Member
Sep 11, 2011
2,943
584
Seaside Voivodeships
www.xperiasite.pl
Hi
Im trying to unpck latest update, but getting this error:
Code:
PS A:\ADMIN\Downloads\ota_b1-11-customer_eu_2022.517.57> python.exe -m payload_dumper.py ./payload.bin
Traceback (most recent call last):
  File "C:\Program Files\Python310\lib\runpy.py", line 187, in _run_module_as_main
    mod_name, mod_spec, code = _get_module_details(mod_name, _Error)
  File "C:\Program Files\Python310\lib\runpy.py", line 110, in _get_module_details
    __import__(pkg_name)
  File "A:\ADMIN\Downloads\ota_b1-11-customer_eu_2022.517.57\payload_dumper.py", line 12, in <module>
    import update_metadata_pb2 as um
  File "A:\ADMIN\Downloads\ota_b1-11-customer_eu_2022.517.57\update_metadata_pb2.py", line 6, in <module>
    from google.protobuf import descriptor as _descriptor
ModuleNotFoundError: No module named 'google'
Any idea?

EDIT: Got it working with protobuf 3.20.1
 
Last edited:

fungie

Member
Dec 5, 2010
11
0
Did anyone try the magisk module touchX? It's supposed to improve the touch latency.

 
Last edited:

NTchrist

Senior Member
May 10, 2011
58
32
Did anyone try the magisk module touchX? It's supposed to improve the touch latency.


I would be very interested to know how it performs. Give it a shot and let us know!
 

fungie

Member
Dec 5, 2010
11
0
I would be very interested to know how it performs. Give it a shot and let us know!
A purchase of this device would depend on the outcome of this.
The module works fine on my phone though. Speed wise and regarding the differentiation of key strokes.
But in my experience the hardware could also be bad.
 

NTchrist

Senior Member
May 10, 2011
58
32
A purchase of this device would depend on the outcome of this.
The module works fine on my phone though. Speed wise and regarding the differentiation of key strokes.
But in my experience the hardware could also be bad.
If that's your criteria I would not recommend purchasing this phone. It is not recommended to root this device.
 

fungie

Member
Dec 5, 2010
11
0
If that's your criteria I would not recommend purchasing this phone. It is not recommended to root this device.
I would never use a stock rom with gapps etc. So i would have to root this device. I read the complications on the first pages of this thread. I will take the risk.
I don't know how familiar you are with magisk modules. I mean it seems like you should be. In case of a boot loop, you can remove the modules via adb. The system remains untouched.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 6
    ==== READ THIS POST BEFORE ROOTING ====
    https://www.reddit.com/r/surfaceduo/comments/wn5joi/a_warning_to_wouldbe_developers_and_hobbyist/

    (ORIGINAL GUIDE BELOW)​
    Since the last guy hasn't been updating his op, I figured I'd start a fresh thread with what we know and what to do for newcomers.

    I will not be posting patched boot images in this thread, I'm a firm believer of "give you steps to follow from the top so you know what's going on and can do this yourself in the future". The more hands we have in the kitchen, the more we learn, and the better we are off as a community.

    Walkthroughs for both fresh rooting and updating while rooted are both below:

    ==== FRESH ROOT ====

    0. make sure USB debugging is on in settings > developer options
    0. make sure the phone's bootloader is actually unlocked, if the below doesn't work, back up all the data on your phone because we're about to wipe it
    Code:
    .\fastboot.exe flashing unlock
    .\fastboot.exe flashing unlock_critical
    I did both, but it might only require one of the two, if you only did one and it doesn't work you may not be fully unlocked and might have to do the other. Both of these commands from the bootloader will factory reset your phone. if you've already done this, go to step 1.

    1. go here https://support.microsoft.com/en-us/surface-recovery-image put in your serial number (can be found in settings) and download the latest recovery image

    2. download payload_dumper from here https://gist.github.com/ius/42bd02a.../48ffe1eee59af9a7da883d9ec7902d1507428dc4.zip

    3. download the latest platform-tools from here https://developer.android.com/studio/releases/platform-tools

    4. extract all three zips to the same folder, a folder on your desktop is fine, mine is just the name of the current MS zip archive (2021_314_91 at time of writing and used in the below examples)

    5. open powershell, and cd to that folder.

    6. from the folder, run it like this
    Code:
    PS C:\wherever\your\****\is\2021_314_91> python.exe -m payload_dumper ./payload.bin
    (this will extract a bunch of stuff, boot.img is all we care about today)

    6a. if you don't have python, get it from ninite https://ninite.com/pythonx3/ and go back to step 5/6 and try again, you will likely also need to do a "pip install protobuf" to get the required python libraries for payload-dumper

    7. download the latest version of magisk manager (the new magisk app may work, but I've not tested it, this is the exact version I am using on the exact phone you are using. If you feel like trying the app please report in the thread below!) https://github.com/topjohnwu/Magisk/releases/download/manager-v8.0.7/MagiskManager-v8.0.7.apk

    8. install magisk manager on your phone

    9. make a text file, I called mine magisk_channel.txt and put this in it
    Code:
    https://raw.githubusercontent.com/Lethany/magisk_files/0755a7d5f596dc2a351270120b31b665fb561294/stable.json
    this is the "custom" channel we are using to force an older version of magisk that doesn't choke on our device like newer versions do.

    10. use usb data transfer mode to copy the boot.img file we extracted from step 6 and the text file we created in step 8 to your phone's internal storage, I have a folder on the root of the internal storage directory called Z_Phone, but anywhere is fine as long as you know where it is and remember it later.

    11. in magisk manager, click the gear in the top right and then select "update channel" > "custom channel"

    12. use your duo's dank duo mode to open a file browser on the other screen, open the text file we made in step 9

    13. copy and paste the custom channel text into the custom channel field under update channel in magisk so it has the text from step 9 in it. (the text file just saves us typing it out by hand)

    14. go back to the magisk main screen, and click install next to "magisk"
    14b. click next
    14c. click "select and patch a zip file"
    14d. browse to the location we uploaded boot.img to in step 9 and select boot.img
    14e. click let's go
    (this will create the patched boot.img, it'll be named magisk_patched_[some garbage].img)

    15. open the internal storage on your PC again, and go to your phone's "downloads" folder, it'll have that patched boot.img (if you've tried this a bunch of times and don't remember which one we just made, feel free to delete all the old ones and do 14-14e again) copy this patched_boot.img to your computer, I just put it in that same folder as step 4

    16. in powershell, cd back to that same working folder we've been using and run
    Code:
    .\adb.exe reboot bootloader

    The phone will reboot to the bootloader and we can now try booting the patched image

    16. in powershell, run
    Code:
    .\fastboot.exe boot .\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img

    17. if your phone boots, that's a great sign and we're out of the woods, nothing else will probably go wrong from here, if it doesn't boot factory reset your phone and start at step 0.

    18. open an adb shell prompt and make our boot partitions writable with the below 4 lines, run one by one. Right now we're "rooted" but we've booted off an image over usb, what we really want is to boot off the images on your phone so we need to.
    Code:
    .\adb.exe shell
    su
    chmod 777 /dev/block/by-name/boot_a
    chmod 777 /dev/block/by-name/boot_b

    19. write the patched boot image to your boot partitions with the below lines, again run one by one
    Code:
    adb shell
    su
    dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_a
    dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_b
    (my patched boot image is in a folder called "Z_Phone" and my patched image is called "magisk_patched_ks4OZ.img" so my commands look like:
    Code:
    dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_a
    dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_b
    )

    20. reboot your phone via the power button menu and if all went well, you're now rooted!

    ==== UPDATE WHILE ROOTED ====

    1. go here https://support.microsoft.com/en-us/surface-recovery-image put in your serial number (can be found in settings) and download the latest recovery image

    2. download payload_dumper from here https://gist.github.com/ius/42bd02a.../48ffe1eee59af9a7da883d9ec7902d1507428dc4.zip

    3. download the latest platform-tools from here https://developer.android.com/studio/releases/platform-tools

    4. extract all three zips to the same folder, a folder on your desktop is fine, mine is just the name of the current MS zip archive (2021_314_91 at time of writing)

    5. open powershell, and cd to that folder.

    6. from the folder, run it like this
    Code:
    PS C:\wherever\your\****\is\2021_314_91> python.exe -m payload_dumper ./payload.bin
    (this will extract a bunch of stuff, boot.img is all we care about today)

    7. boot off of your old magisk patched boot image
    Code:
    .\adb.exe reboot bootloader
    .\fastboot.exe boot ..\[LAST VERSION'S FOLDER]\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img

    8. write the old, unpatched boot partition to your boot partitions with the below lines, again run one by one
    Code:
    adb shell
    su
    dd if=/sdcard/[PATH TO IMAGE]/boot.img of=/dev/block/by-name/boot_a
    dd if=/sdcard/[PATH TO IMAGE]/boot.img of=/dev/block/by-name/boot_b
    (my unpatched boot image is in a folder called "Z_Phone" and my unpatched image in this example is called "boot.img" so my commands look like:
    Code:
    dd if=/sdcard/Z_Phone/boot.img of=/dev/block/by-name/boot_a
    dd if=/sdcard/Z_Phone/boot of=/dev/block/by-name/boot_b
    )

    9. reboot

    10. run the OTA update on your now freshly stock phone

    11. use magisk to patch the new boot image same as in the first root instructions (14a-14e)

    12. copy this patched image off of the phone and into our working directory. leave a copy of this on the phone (I put it in my Z_Phone folder)

    13. reboot to bootloader (in powershell, in that same working folder we've been using run)
    Code:
    .\adb.exe reboot bootloader

    14. Boot your phone using the patched boot image (in powershell, run)
    Code:
    .\fastboot.exe boot .\magisk_patched_[WHATEVER_YOURS_IS_NAMED].img

    15. write the patched boot image to your boot partitions with the below lines, again run one by one
    Code:
    adb shell
    su
    dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_a
    dd if=/sdcard/[PATH TO IMAGE]/[PATCHED BOOT].img of=/dev/block/by-name/boot_b
    (my patched boot image is in a folder called "Z_Phone" and my patched image is called "magisk_patched_ks4OZ.img" so my commands look like:
    Code:
    dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_a
    dd if=/sdcard/Z_Phone/magisk_patched_ks4OZ.img of=/dev/block/by-name/boot_b
    )

    16. reboot and you're updated and rooted!
    3
    ...
    6a. if you don't have python, get it from ninite https://ninite.com/pythonx3/ and go back to step 5/6 and try again
    ...
    One hint for the ones also getting stuck after this step:
    You also have to install "Protobuf" with the Powershell command
    python -m pip install protobuf
    1
    For anyone who needs it, here is a patched boot.img for ATT Locked 2021_525_63
    1
    That's on a fresh install or after flashing the Magisk-modified boot.img?

    I'm about to restore with the recovery image & start this again, in case there's some different between OTA & recovery.

    EDIT: Doing a factory reset, ADB sideload of the recovery image, creating the new Magisk boot.img, & booting still doesn't work. I'm going to try the guide's version one more time to use the older version of Magisk Manager & the custom channel, but based on previous experience, I'm not hopeful. I only bought this as a device to have fun with because it can be rooted, so I'm regretting this purchase right now =\

    I do have the factory unlocked, not the ATT version. In my experience when your lockscreen touch input is not recognized, that happens when either the boot image doesn't match the factory image, or someone has used the factory unlocked boot on an ATT phone or vice-versa.

    I'd try a dirty flash of the complete applicable factory images (not just boot/recovery) and then factory reset, then start again from the top. It's possible one of your updates didn't complete or something's become inconsistent between A/B
    1
    I am in the same boat as Veritas is. My Duo is from ATT and hangs on the Microsoft logo as well. I am very new to rooting and what goes into it so a lot of this stuff I am seeing for the first time. How do I know if I have the correct boot? I went through the whole process of extracting the boot image from the recovery file for my phone off of the Microsoft website. Does that get me the right boot to use?