How To Guide Rooting Stock Firmware W/ Magisk

[EnumC]

Once you have your bootloader unlocked (See edale1's post), you can get started!


Disclaimer:

* I'm not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed (like it did for me...).
* YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
* Your warranty will be void if you tamper with any part of your device / software.

You first need to acquire a copy of your boot image. If you don't have the stock firmware package, you can extract it by following the steps in my previous post here: https://xdaforums.com/t/full-rom-du...n-gaining-root-access-without-magisk.4321559/

For reference, Here's the stock boot image for DE2118 on build 11.0.1.5.DE18CB, as well as the already Magisk patched version. This has only been tested using the T-Mobile variant of the device. You're welcome to give it a try, but please report your result in the comments section along with your device model number.
If you decide to attempt the patched version, skip to step 5.

1. Get the latest magisk apk from https://github.com/topjohnwu/Magisk/releases
2. Install the apk on your device.
3.

adb push boot_stock.img /storage/emulated/0/Download/

3. Open the magisk app on your phone, select the boot image from your Download folder, and patch the image.
4. Now run

adb pull /storage/emulated/0/Download/name_of_patched_boot

. This will store the new boot image to your PC's currentl directory.
5. Reboot to fastboot by running

adb reboot bootloader

6. Now temporarily boot from the patched boot image FIRST to ensure your device still boots by running

fastboot boot name_of_patched_boot

.
7. Once your device boots, open the Magisk app to check that magisk has been installed successfully.
8. Reboot to fastboot again by running

adb reboot bootloader

9. Run

fastboot getvar current-slot

to get your current active partition slot. If it's A, then run

fastboot flash boot_a name_of_patched_boot

. If it's B, run

fastboot flash boot_b name_of_patched_boot

10. Run

fastboot reboot

to get back to the system

 

[alarmdude9]

All I can say is wow.............

 

[SMcC2]

Once you have your bootloader unlocked (See edale1's post), you can get started!


Disclaimer:

* I'm not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed (like it did for me...).
* YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
* Your warranty will be void if you tamper with any part of your device / software.

You first need to acquire a copy of your boot image. If you don't have the stock firmware package, you can extract it by following the steps in my previous post here: https://xdaforums.com/t/full-rom-du...n-gaining-root-access-without-magisk.4321559/

For reference, Here's the stock boot image for DE2118 on build 11.0.1.5.DE18CB, as well as the already Magisk patched version. This has only been tested using the T-Mobile variant of the device. You're welcome to give it a try, but please report your result in the comments section along with your device model number.
If you decide to attempt the patched version, skip to step 5.

1. Get the latest magisk apk from https://github.com/topjohnwu/Magisk/releases
2. Install the apk on your device.
3.

adb push boot_stock.img /storage/emulated/0/Download/

3. Open the magisk app on your phone, select the boot image from your Download folder, and patch the image.
4. Now run

adb pull /storage/emulated/0/Download/name_of_patched_boot

. This will store the new boot image to your PC's currentl directory.
5. Reboot to fastboot by running

adb reboot bootloader

6. Now temporarily boot from the patched boot image FIRST to ensure your device still boots by running

fastboot boot name_of_patched_boot

.
7. Once your device boots, open the Magisk app to check that magisk has been installed successfully.
8. Reboot to fastboot again by running

adb reboot bootloader

9. Run

fastboot getvar current-slot

to get your current active partition slot. If it's A, then run

fastboot flash boot_a name_of_patched_boot

. If it's B, run

fastboot flash boot_b name_of_patched_boot

10. Run

fastboot reboot

to get back to the system

Thank you!

 

[ttar ttar]

Thank you! Have been waiting for it since June 25!

 

[edale1]

Nice!

So we pretty much just have to wait for a TWRP release and the stock ROM now, right?

 

[EnumC]

Nice!

So we pretty much just have to wait for a TWRP release and the stock ROM now, right?

Stock ROM is uploading, and it should be up on the previous thread shortly (at least the T-Mobile ROM).

 

[PopCaps1996]

Once you have your bootloader unlocked (See edale1's post), you can get started!


Disclaimer:

* I'm not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed (like it did for me...).
* YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
* Your warranty will be void if you tamper with any part of your device / software.

You first need to acquire a copy of your boot image. If you don't have the stock firmware package, you can extract it by following the steps in my previous post here: https://xdaforums.com/t/full-rom-du...n-gaining-root-access-without-magisk.4321559/

For reference, Here's the stock boot image for DE2118 on build 11.0.1.5.DE18CB, as well as the already Magisk patched version. This has only been tested using the T-Mobile variant of the device. You're welcome to give it a try, but please report your result in the comments section along with your device model number.
If you decide to attempt the patched version, skip to step 5.

1. Get the latest magisk apk from https://github.com/topjohnwu/Magisk/releases
2. Install the apk on your device.
3.

adb push boot_stock.img /storage/emulated/0/Download/

3. Open the magisk app on your phone, select the boot image from your Download folder, and patch the image.
4. Now run

adb pull /storage/emulated/0/Download/name_of_patched_boot

. This will store the new boot image to your PC's currentl directory.
5. Reboot to fastboot by running

adb reboot bootloader

6. Now temporarily boot from the patched boot image FIRST to ensure your device still boots by running

fastboot boot name_of_patched_boot

.
7. Once your device boots, open the Magisk app to check that magisk has been installed successfully.
8. Reboot to fastboot again by running

adb reboot bootloader

9. Run

fastboot getvar current-slot

to get your current active partition slot. If it's A, then run

fastboot flash boot_a name_of_patched_boot

. If it's B, run

fastboot flash boot_b name_of_patched_boot

10. Run

fastboot reboot

to get back to the system

thank you so much! i was able to flash magisk patched boot.img after booting patched img trough fastboot to make sure it worked on my metropcs variant! i am now rooted on stock rom with latest updates!

 

[edale1]

thank you so much! i was able to flash magisk patched boot.img after booting patched img trough twrp to make it worked on my metropcs variant! i am now rooted on stock rom with latest updates!

You have TWRP working on the N200?

 

[PopCaps1996]

You have TWRP working on the N200?

No! I'm sorry I have both OnePlus n200 an n10 metro. I'm getting confused between the 2 lol

 

[EnumC]

You have TWRP working on the N200?

I'm working on this also, but still running into roadblocks. Got a majority of the core features working, including booting to TWRP and most of the mounting points. But userdata decryption is still not working. If anyone knows about the flags needed in BoardConfig and recovery.fstab to mount userdata with encryption, please PM.

[  208.269528] [19700113_12:54:27.554867]@6 F2FS-fs (sda16): Magic Mismatch, valid(0xf2f52010) - read(0x6421a6eb)
[  208.269535] [19700113_12:54:27.554876]@6 F2FS-fs (sda16): Can't find valid F2FS filesystem in 1th superblock
[  208.269702] [19700113_12:54:27.555042]@6 F2FS-fs (sda16): Magic Mismatch, valid(0xf2f52010) - read(0x8dc24167)
[  208.269705] [19700113_12:54:27.555046]@6 F2FS-fs (sda16): Can't find valid F2FS filesystem in 2th superblock
[  208.269928] [19700113_12:54:27.555269]@6 F2FS-fs (sda16): Magic Mismatch, valid(0xf2f52010) - read(0x6421a6eb)
[  208.269932] [19700113_12:54:27.555273]@6 F2FS-fs (sda16): Can't find valid F2FS filesystem in 1th superblock
[  208.270096] [19700113_12:54:27.555437]@6 F2FS-fs (sda16): Magic Mismatch, valid(0xf2f52010) - read(0x8dc24167)
[  208.270100] [19700113_12:54:27.555441]@6 F2FS-fs (sda16): Can't find valid F2FS filesystem in 2th superblock

recovery.fstab

/data               f2fs        /dev/block/bootdevice/by-name/userdata                              flags=display="Data";fileencryption=ice:aes-256-cts;wrappedkey;keydirectory=/metadata/vold/metadata_encryption

BoardConfig.mk

PLATFORM_SECURITY_PATCH := 2099-12-31
VENDOR_SECURITY_PATCH := 2099-12-31
TW_INCLUDE_CRYPTO := true
TW_INCLUDE_CRYPTO_FBE := true
TW_INCLUDE_FBE_METADATA_DECRYPT := true
BOARD_USES_METADATA_PARTITION := true

 

[xstahsie]

Once you have your bootloader unlocked (See edale1's post), you can get started!


Disclaimer:

* I'm not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed (like it did for me...).
* YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
* Your warranty will be void if you tamper with any part of your device / software.

You first need to acquire a copy of your boot image. If you don't have the stock firmware package, you can extract it by following the steps in my previous post here: https://xdaforums.com/t/full-rom-du...n-gaining-root-access-without-magisk.4321559/

For reference, Here's the stock boot image for DE2118 on build 11.0.1.5.DE18CB, as well as the already Magisk patched version. This has only been tested using the T-Mobile variant of the device. You're welcome to give it a try, but please report your result in the comments section along with your device model number.
If you decide to attempt the patched version, skip to step 5.

1. Get the latest magisk apk from https://github.com/topjohnwu/Magisk/releases
2. Install the apk on your device.
3.

adb push boot_stock.img /storage/emulated/0/Download/

3. Open the magisk app on your phone, select the boot image from your Download folder, and patch the image.
4. Now run

adb pull /storage/emulated/0/Download/name_of_patched_boot

. This will store the new boot image to your PC's currentl directory.
5. Reboot to fastboot by running

adb reboot bootloader

6. Now temporarily boot from the patched boot image FIRST to ensure your device still boots by running

fastboot boot name_of_patched_boot

.
7. Once your device boots, open the Magisk app to check that magisk has been installed successfully.
8. Reboot to fastboot again by running

adb reboot bootloader

9. Run

fastboot getvar current-slot

to get your current active partition slot. If it's A, then run

fastboot flash boot_a name_of_patched_boot

. If it's B, run

fastboot flash boot_b name_of_patched_boot

10. Run

fastboot reboot

to get back to the system

Thanks so much for the patched boot img file. It worked great. Flashed it on two phones and both phones are working great

 

[Lossyx]

On step 6, just go to magisk manager and direct install. And there is no need to specify a slot when flashing with fastboot.

 

[Lossyx]

I'm working on this also, but still running into roadblocks. Got a majority of the core features working, including booting to TWRP and most of the mounting points. But userdata decryption is still not working. If anyone knows about the flags needed in BoardConfig and recovery.fstab to mount userdata with encryption, please PM.

[  208.269528] [19700113_12:54:27.554867]@6 F2FS-fs (sda16): Magic Mismatch, valid(0xf2f52010) - read(0x6421a6eb)
[  208.269535] [19700113_12:54:27.554876]@6 F2FS-fs (sda16): Can't find valid F2FS filesystem in 1th superblock
[  208.269702] [19700113_12:54:27.555042]@6 F2FS-fs (sda16): Magic Mismatch, valid(0xf2f52010) - read(0x8dc24167)
[  208.269705] [19700113_12:54:27.555046]@6 F2FS-fs (sda16): Can't find valid F2FS filesystem in 2th superblock
[  208.269928] [19700113_12:54:27.555269]@6 F2FS-fs (sda16): Magic Mismatch, valid(0xf2f52010) - read(0x6421a6eb)
[  208.269932] [19700113_12:54:27.555273]@6 F2FS-fs (sda16): Can't find valid F2FS filesystem in 1th superblock
[  208.270096] [19700113_12:54:27.555437]@6 F2FS-fs (sda16): Magic Mismatch, valid(0xf2f52010) - read(0x8dc24167)
[  208.270100] [19700113_12:54:27.555441]@6 F2FS-fs (sda16): Can't find valid F2FS filesystem in 2th superblock

recovery.fstab

/data               f2fs        /dev/block/bootdevice/by-name/userdata                              flags=display="Data";fileencryption=ice:aes-256-cts;wrappedkey;keydirectory=/metadata/vold/metadata_encryption

BoardConfig.mk

PLATFORM_SECURITY_PATCH := 2099-12-31
VENDOR_SECURITY_PATCH := 2099-12-31
TW_INCLUDE_CRYPTO := true
TW_INCLUDE_CRYPTO_FBE := true
TW_INCLUDE_FBE_METADATA_DECRYPT := true
BOARD_USES_METADATA_PARTITION := true

Seeing the same on 8/Pro, but haven't found a solution. Bigbiff tried spent some time trying to fix but no luck.
Honestly I don't know more than that. If you haven't already you can join twrp zulip and ask there

 

[AiM2LeaRn]

I'm working on this also, but still running into roadblocks. Got a majority of the core features working, including booting to TWRP and most of the mounting points. But userdata decryption is still not working. If anyone knows about the flags needed in BoardConfig and recovery.fstab to mount userdata with encryption, please PM.

[  208.269528] [19700113_12:54:27.554867]@6 F2FS-fs (sda16): Magic Mismatch, valid(0xf2f52010) - read(0x6421a6eb)
[  208.269535] [19700113_12:54:27.554876]@6 F2FS-fs (sda16): Can't find valid F2FS filesystem in 1th superblock
[  208.269702] [19700113_12:54:27.555042]@6 F2FS-fs (sda16): Magic Mismatch, valid(0xf2f52010) - read(0x8dc24167)
[  208.269705] [19700113_12:54:27.555046]@6 F2FS-fs (sda16): Can't find valid F2FS filesystem in 2th superblock
[  208.269928] [19700113_12:54:27.555269]@6 F2FS-fs (sda16): Magic Mismatch, valid(0xf2f52010) - read(0x6421a6eb)
[  208.269932] [19700113_12:54:27.555273]@6 F2FS-fs (sda16): Can't find valid F2FS filesystem in 1th superblock
[  208.270096] [19700113_12:54:27.555437]@6 F2FS-fs (sda16): Magic Mismatch, valid(0xf2f52010) - read(0x8dc24167)
[  208.270100] [19700113_12:54:27.555441]@6 F2FS-fs (sda16): Can't find valid F2FS filesystem in 2th superblock

recovery.fstab

/data               f2fs        /dev/block/bootdevice/by-name/userdata                              flags=display="Data";fileencryption=ice:aes-256-cts;wrappedkey;keydirectory=/metadata/vold/metadata_encryption

BoardConfig.mk

PLATFORM_SECURITY_PATCH := 2099-12-31
VENDOR_SECURITY_PATCH := 2099-12-31
TW_INCLUDE_CRYPTO := true
TW_INCLUDE_CRYPTO_FBE := true
TW_INCLUDE_FBE_METADATA_DECRYPT := true
BOARD_USES_METADATA_PARTITION := true

According to @theincognito as far as with how the Oneplus8 was released... the 8 and 8 pro uses ICE encryption and 8t and later use aes-256. Perhaps something similar with the OnePlus Nord N200 Tmobile Variant where the encryption algo was slightly changed? maybe you can MSG @theincognito and perhaps maybe he can shed some insight as to his findings with Oneplus encryption regarding helpful insights to recovery dev build for OnePlus device recovery

 

[EnumC]

According to @theincognito as far as with how the Oneplus8 was released... the 8 and 8 pro uses ICE encryption and 8t and later use aes-256. Perhaps something similar with the OnePlus Nord N200 Tmobile Variant where the encryption algo was slightly changed? maybe you can MSG @theincognito and perhaps maybe he can shed some insight as to his findings with Oneplus encryption regarding helpful insights to recovery dev build for OnePlus device recovery

The issue is even with the original config from stock recovery.fstab:

/dev/block/bootdevice/by-name/userdata                  /data                  f2fs    noatime,nosuid,nodev,discard,inlinecrypt,reserve_root=32768,resgid=1065,fsync_mode=nobarrier    latemount,wait,check,formattable,fileencryption=aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized+wrappedkey_v0,keydirectory=/metadata/vold/metadata_encryption,metadata_encryption=aes-256-xts:wrappedkey_v0,quota,reservedsize=128M,sysfs_path=/sys/devices/platform/soc/1d84000.ufshc

It still exhibits the same issue. And it looks like he also used the stock fstab entry. I'm looking through some of the chat history for OP 8T/9R and see if I can pick up anything atm.

 

[mingkee]

BOOM!
All we need is system dump and snatch boot.
I'll do it once I got home even I can do it with other rooted phone with adb host installed

 

[lzgmc]

For the FBE decryption issues, have you tried looking at the TWRP device tree for the Nord N10? I see a bunch of extra files related to decryption which could help.

 

[mingkee]

The way I flash patched boot is just

fastboot flash boot

Press space once, and drag and drop patched boot onto command window, and press enter

 

[EnumC]

For the FBE decryption issues, have you tried looking at the TWRP device tree for the Nord N10? I see a bunch of extra files related to decryption which could help.

Thanks for including a link. Yes, I'm currently attempting to integrate the same common device tree that repo also has. Got the scripts running without critical issues & made sure all the FBE binaries' dynamically linked libraries are included. TWRP still not decrypting properly and fails very early:

I:Unable to decrypt metadata encryption
I:FBE setup failed. Trying FDE...DEBUG:PrepDecrypt::Running PrepDecrypt script for TWRP...
E:fde::get_crypt_ftr_and_key::Unexpected value for crypto key location:
E:Error getting crypt footer and key
...
I:PrepDecrypt::File Based Encryption (FBE) is present.
DEBUG:PrepDecrypt::SDK version: 30
DEBUG:PrepDecrypt::DEFAULTPROP variable set to prop.default.
DEBUG:PrepDecrypt::A/B device detected! Finding current boot slot...
DEBUG:PrepDecrypt::Current boot slot: _b
DEBUG:PrepDecrypt::No recovery partition found.
I:PrepDecrypt::SETPATCH=true
DEBUG:PrepDecrypt::Build tree is Oreo or above. Proceed with setting props...
DEBUG:PrepDecrypt::Temporary vendor folder created at /v.
DEBUG:PrepDecrypt::vendor mounted at /v.
DEBUG:PrepDecrypt::Vendor Build.prop exists! Reading vendor properties from build.prop...
DEBUG:PrepDecrypt::Current vendor Android SDK version: 30
DEBUG:PrepDecrypt::Current vendor is Oreo or above. Proceed with setting vendor security patch level...
DEBUG:PrepDecrypt::Resetprop binary not found. Falling back to setprop.
DEBUG:PrepDecrypt::Current Vendor Security Patch Level:
E:PrepDecrypt::setprop failed. Vendor Security Patch Level unchanged.
DEBUG:PrepDecrypt::prop.default update successful! ro.vendor.build.security_patch=2021-07-01
DEBUG:PrepDecrypt::Temporary system folder created at /s.
DEBUG:PrepDecrypt::system mounted at /s.
I:Can't probe device /dev/block/sda16
I:Unable to mount '/data'

 

[Zwitterion]

On step 6, just go to magisk manager and direct install. And there is no need to specify a slot when flashing with fastboot.

This! Much easier:

1. flashboot boot [patchedbootfilename.bin]
2. Once booted, go to Magisk and do Direct Install.
3. Done.