General System root + Passed Safety Net Pixel 5a

Search This thread
By:
Advanced…
P

pinchetio

New member
Nov 29, 2021
1
1
I did get this to work on a pixel 5a with Android 12 (build SP1A.211105.003). Thanks @hfam and @dedmau-five for your work on this.

A couple notes on issues I ran into. I was only able to get it working using the Canary channel of Magisk. V23 did not work. When I install canary, the "Magiskhide" option is no longer in the settings. It looks like it's been replaced by the Zygisk feature. This means Riru and the safetynet-fix that depends on Riru don't work. I tried disabling Zygisk to install the linked modules, but that meant there was no option to add apps to the Zygisk deny list (which as far as I can tell works just like the old magiskhide list).

Fortunately, there is a Zygisk version of the universal fix. It took me more time than I'd like to admit to figure it all out, but in case it helps anyone else: older/stable/beta versions of Magisk installed and worked for SU, but the magiskhide option didn't work (it wouldn't enable).

Also, the first time I installed the Canary version, the modules screen was empty. It didn't show any modules. I don't know why, but that lead me down the path of trying different versions. Eventually I tried re-flashing the stock boot image, then the magisk-canary modified version again. Then I installed the Zygisk version of the Universal fix from the github. Enabled Zygisk, check that google play store and google protect service are on the deny list. Cleared data from Google Play Services. Google Pay now works.
 
  • Like
Reactions: manjaroid
R

rahulsha

New member
Aug 31, 2016
1
0
Google Pixel 5a
pinchetio said:
I did get this to work on a pixel 5a with Android 12 (build SP1A.211105.003). Thanks @hfam and @dedmau-five for your work on this.

A couple notes on issues I ran into. I was only able to get it working using the Canary channel of Magisk. V23 did not work. When I install canary, the "Magiskhide" option is no longer in the settings. It looks like it's been replaced by the Zygisk feature. This means Riru and the safetynet-fix that depends on Riru don't work. I tried disabling Zygisk to install the linked modules, but that meant there was no option to add apps to the Zygisk deny list (which as far as I can tell works just like the old magiskhide list).

Fortunately, there is a Zygisk version of the universal fix. It took me more time than I'd like to admit to figure it all out, but in case it helps anyone else: older/stable/beta versions of Magisk installed and worked for SU, but the magiskhide option didn't work (it wouldn't enable).

Also, the first time I installed the Canary version, the modules screen was empty. It didn't show any modules. I don't know why, but that lead me down the path of trying different versions. Eventually I tried re-flashing the stock boot image, then the magisk-canary modified version again. Then I installed the Zygisk version of the Universal fix from the github. Enabled Zygisk, check that google play store and google protect service are on the deny list. Cleared data from Google Play Services. Google Pay now works.
Click to expand...
Click to collapse
Hi,

Kindly share steps if can please, i am unable to root using same method and i am on Android 12 latest firmware out of the box.
 
V0latyle

V0latyle

Forum Moderator
Staff member
Feb 20, 2011
8,299
4
13,637
The Heartland of America
Google Pixel 5
Google Pixel 5a
rahulsha said:
Hi,

Kindly share steps if can please, i am unable to root using same method and i am on Android 12 latest firmware out of the box.
Click to expand...
Click to collapse
  1. Download and install Magisk Canary
  2. Patch boot image using Magisk; reboot, flash patched image, reboot to system
  3. In Magisk settings, enable Zygisk and DenyList
  4. Download Universal SafetyNet Fix 2.2.0
  5. Install USNF 2.2.0 in Magisk
  6. Reboot
  7. Enable DenyList on ALL components of Google Play Services and Google Play Store; use the search icon, and show both system and OS apps
  8. Enable DenyList on any apps that may detect root, such as banking or video streaming apps
 
  • Like
Reactions: manjaroid, jbrucks, Slim2none4u and 2 others
You must log in or register to reply here.

Similar threads

V0latyle
How To Guide [GUIDE] Pixel 5a "barbet": Unlock Bootloader, Update, Root, Pass SafetyNet
Replies
212
Views
37K
C
CarinaPDX
E
Question Magisk/Root procedure for 5a 5G?
Replies
55
Views
22K
A
airheaded1076
Typhus_
Themes / Apps / Mods [MOD][MAGISK][ANDROID 12] Addon Features for Pixel Devices - Pixel 5a Thread
Replies
65
Views
19K
Mokura3rd
Mokura3rd
T
  • Locked
Development [CLOSED] PIXEL EXPERIENCE PIXEL 5A BARBET ANDROID 13 BETA UNOFFICIAL NOV. 7, 2022
Replies
129
Views
11K
Badger50
Badger50
Slim2none4u
Development [ROM][13][barbet] PixelExperience [AOSP][OFFICIAL]&[UNOFFICIAL]
Replies
94
Views
12K
J
jpgalyon

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 23
    H
    hfam
    Alright, as promised, here is my writeup for a step-by-step tutorial for rooting your new Pixel 5a and getting SafetyNet up and going. I know it looks like a book, but I wanted to put it into plain language and attempt to explain the process for everyone, even absolute first timers. I know when I first started I really appreciated when the person helping didn't presume I had any knowledge, so for those that may have some experience, sorry for the wordiness. I'll also include how I apply updates when a new Android security update is pushed out. I understand that there are now elegant ways to accept OTA updates, but that is out of the scope of this tutorial as I have always had issues with OTA, and have to catch up on how that works myself. I can attest to years of using this method though (using a full factory image) to perform the "monthly" security updates, and I have never had anything but full success, so I'll share that here below the rooting tutorial.

    *Disclaimer and heads-up* this is for an UNLOCKED PIxel 5a purchased directly from Google Store. At the time of this writing that is the only place I'm aware of which currently offers the PIxel 5a. Once carriers like Verizon, etc, offer this device, there may be some changes to the process, so just know up front this is for the unlocked Pixel 5a*

    *WARNING*! When you unlock the bootloader on your phone it WILL WIPE YOUR PHONE and reset it to factory. If you've already used your phone and set it up, you're going to lose that setup. If you can't bear it, then the rest of this isn't for you, as root cannot be achieved without unlocking the bootloader.

    First, you'll need a few things
    - https://developers.google.com/android/images
    and download the latest FACTORY IMAGE for "barbet", which is the Pixel 5a. You want to download the SAME VERSION that is currently installed on your device. At the time of this writing, it's the September release.

    From that same page, you will need the ADB+Fastboot platform tools which will allow you to perform the required tasks, download from this link:
    - https://developer.android.com/studio/releases/platform-tools.html

    I use Windows 10, and extract this tools download to a folder in the root of C: called "platform-tools". You will then need to add "c:\platform-tools" to your environment path.

    On the Pixel 5a, you need to enable developer options. Go into Settings/About Phone/and tap "Build Number" 7 times. This enables developer options and it will let you know when you've unlocked this as you tap 7 times. Once developer options is unlocked, go back to Settings/System/Advanced, and you'll see Developer Options is now available.

    Select Developer Options, and enable "USB Debugging" and also enable "OEM Unlocking".
    (**NOTE** For now at least, until you decide how you want to proceed with handling updates in future (more on that later), I strongly recommend turning OFF "Automatic System Updates" as well, just a few items below "OEM Unlocking". This prevents any updates happening automatically on a phone reboot. You don't want to wake up and find an OTA update pushed out and removed root, or worse. You can always turn it back on later.)

    Plug your phone into a USB port on your PC. Allow the PC to do it's thing. You can open up Computer Management on the PC (right click the windows menu button icon lower left of your toolbar and select "Computer Management". Select "Device Manager" on the left panel. You should see "Android ADB Device" appear at the top of the right pane list of devices. if not, then visit:

    Install OEM USB drivers | Android Studio | Android Developers

    Discover links to the web sites for several...
    developer.android.com developer.android.com

    and download the appropriate USB driver for your system and retry the above directions.

    First thing we have to do is unlock the bootloader.
    On the PC, open a command prompt and change directory to "C:\platform-tools" as discussed above.

    Now, type in "adb reboot bootloader". The phone will reboot into bootloader. (you may receive a dialog on the phone which says something to the effect of not recognizing the PC. Go ahead and allow it, check the box to allow it in the future, and proceed.

    Phone is now at the bootloader, and shows you some info letting you know it's so, including that the bootloader is locked. Also, look at the Device Manager we opened earlier and confirm that you see Android ADB Device (or similar) which confirms your PC recognizes the phone and setup for ADB commands .

    To unlock the bootloader, in the command prompt type:

    fastboot flashing unlock

    This will unlock the bootloader, you will likely see a warning that it's going to wipe the phone. Proceed and allow the unlock. The phone will then reboot and take you to your wiped phone just as you received it out of the box, except the bootloader is now unlocked and Developer Options are still available. Let the phone continue through it's first-time setup, and leave the phone plugged into the PC. If you unplugged no biggie, but we're going right back to the PC shortly and it will need to be plugged back in before the next step to accept the file we're going to push to it.

    Now, you want to open a browser on the phone and go to (at the time of this writing, v23.0 is the current stable Magisk):

    Release Magisk v23.0 · topjohnwu/Magisk

    This release is focused on fixing regressions...
    github.com github.com

    Scroll down and under "Assets" select that Magisk 23.apk file, download and install it. Open Magisk if it doesn't open on install, and just let it sit, we're coming back to it shortly.

    PATCHING THE BOOT.IMG FILE

    On the PC, go back to the Factory Image you downloaded, and extract it to a temporary directory. You will see 6 files; a few "flash-all" files, a radio image, a bootloader image, and a ZIP file called "image-barbet-XXXXXXXXXXX.zip (the xxx's are whatever the version number is you've downloaded). Double click that ZIP file and you will see a dozen files. The one we need to root the device is "boot.img".

    Copy (don't move!!) this file to c:\platform-tools. Now, go back to your command prompt (still pointing to c:\platform-tools) and type in:

    adb push boot.img /sdcard/Download

    Now back on the phone, within the Magisk app we left open, at the top where it says Magisk, choose to install. A dialog box will open, select Patch Boot File Image. Point the process to your /sdcard/Download, and select the boot.img file we just pushed there. Now allow it to patch the boot.img and Magisk will show you it's patching it, and in a moment tell you it was successful. Close the Magisk app, open "Files" and direct it to sdcard/Download. Note the name of the patched boot file, which is called "magisk_patched-XXXXX_xxxxx.img (the X's are the Magisk version, and the x's are 5 random chars). Feel free to leave it there as you go back to the PC...

    Back on the PC, in the command prompt, now type:

    adb pull /sdcard/Download/magisk_patched-XXXXX_xxxxx.img
    make certain you get the name exact or it won't go, no worries, just get it correct. The file now resides in the "c:\platform-tools" directory along with the unpatched "boot.img" and your ADB+Fastboot tools.

    Just about done rooting, here we go!

    Now, in the command prompt type:

    adb reboot bootloader

    The phone reboots into bootloader. Now type:

    fastboot flash boot magisk_patched-XXXXX_xxxxx.img (again, use the numbers and letters in YOUR patched file!)

    Lastly, type:

    fastboot reboot

    Your phone reboots, and you should be rooted!! Unplug your phone from the PC, open up Magisk App and confirm, the Magisk entry at the top of the main Magisk App screen should now show you the version you installed, etc!

    Time to get your banking apps (and any others that may detect unlocked bootloaders/root/etc) working!

    In the Magisk App, on the bottom of the screen is a 4 item menu bar. Select the right-most icon, which is "Modules". At the top of the screen select "sorting order" and sort alphabetically. Scroll down to "riru" and select the module that is JUST "RIRU", (not any of the other "riru _______" modules). Choose to download it, then choose to install it. You'll be prompted to reboot the phone, so reboot the phone.

    Next, we're going to install drag0n's Universal SafetyNet fix (at the time of this writing it's currently v 2.1.1) You will need to download this via a browser on your phone, so open a web browser and go to:

    GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk

    Google SafetyNet attestation workarounds for...
    github.com github.com

    On the right-hand side, you'll find "Releases", and v2.1.1 is the latest. Select that, then scroll down to "Assets" and download "safetynet-fix-v2.1.1.zip" By default this will download to sdcard/Download.

    Go back into the Magisk App, select the "Modules" menu as above, and at the very top select the "Install from Storage" bar. Point to the file we just downloaded and install it (don't extract it, etc, it requires the zip exactly as downloaded and will do it's thing). Again, it will install the module and prompt you to reboot. Reboot.

    Almost there!

    At this point, if you havent installed your banking apps, do so. DON'T RUN THEM, just install them. I also have a Nintendo Switch Online app which failed because of root, so if you also have or want this app, install it now, again, do NOT run it yet, just install. Same with any other apps you are aware which have root/bootloader unlocked issues, get them installed, but don't run 'em.

    Now, we're going to use MagiskHide to hide these apps and complete the process for passing SafetyNet and running apps which may not run due to root.

    in the Magisk App, at that 4 item menu bar at the bottom, select the 2nd from left, or "MagiskHide". Select the MagiskHide item and it will open to a scan of all the apps on your system. By default I believe Magisk sets up to hide Google Play Services. You will see it selected, and all the other apps on your system unselected. Select each of the banking apps, the Nintendo Switch Online (if you have it), and any other apps that YOU ARE SURE will complain about unlocked bootloaders and/or root. Any onilne gaming that's popular are good choices, but again, it's easiest to NOT RUN them PRIOR to hiding them via MagiskHide. Pokemon GO comes to mind as one I've seen that needs hiding, etc, so make it easy on yourself and do a little research on any suspect apps prior to running them, then hide them if needed.

    Anyhow, select your banking apps to hide them.

    Now, we're going to check SafetyNet to make sure youll now pass.

    On the Home menu in the Magisk App, select "Check SafetyNet". You will be prompted to download some proprietary SafetyNet shhhhhhhtuff....so let it download. Once done, SafetyNet check will open, and you should show a blue screen which says SUCCESS, and "basicintegrity" and "ctsProfile" will be checkmarked, evalType will show BASIC.

    You're good to go, rooted, SafetyNet works perfect, and you can now open your banking apps and should open right up!!

    If you find any specific issues about specific apps not working, or detecting root, etc, the best place to get help is in the Magisk General Discussion forum:

    Magisk General Support / Discussion

    This is the place for general support and...
    forum.xda-developers.com forum.xda-developers.com

    I owe those folks eternally for showing me what I know, and always having the answers for any issues I've ever had. Some of the nicest, smartest people Ive had the pleasure of knowing, they're always helpful, and even maintain fantastic sites for FAQ and chock full of great info about every aspect of Magisk.

    BONUS ITEM: As I indicated above, I'd share the method I know, trust, and have used many many times, trouble free, to apply a system update to the phone without overwriting anything, and not hitting any issues many encounter using the OTA method (though I understand that's been vastly improved, I haven't educated myself as to that process and will likely continue to use this method).

    Security Update (monthlies) Process using Full System Image

    As above, download the newest Full Factory Image from the site. Extract this full image to a directory inside C:\platform-tools

    In this directory, if you're on Windows, open the "flash-all.bat" file (don't run it, open it with Notepad or something similar, I really like Notepad++ as it's free, has a LOT of great functionality and, like the native Notepad, doesn't do any goofy formatting/fonting/etc when modifying and saving a file.)

    In flash-all.bat, look for the "-w" entry in the fastboot command near the end of the file and REMOVE ONLY THE "-w", leaving the line correctly formatted (don't leave an extra space or something goofy), then save the file over the top of the original with the same name. This will remove the overwriting of your data when pushing the image, the "-w" tells the process to overwrite, so we remove it.

    Open up a Windows Explorer and go to your c:\platform-tools directory. Delete (or move to another location) any "boot.img" files along with any "magisk_patched-XXXXX_xxxxx.img" files from previous operations. Also note and confirm that you have correctly extracted the latest Full System Image to it's own directory, residing in c:\platform-tools.

    Now, connect your phone to the PC. Open your command prompt and point to "C:\platform-tools" again. Type: cd <name of Full system Image directory>

    In command prompt, type:

    adb reboot bootloader

    The phone is now in bootloader. In command prompt, confirm you're pointing to "C:\platform-tools\<Full System Image extract dir>" Type:

    flash-all

    This will do a full factory image push to your phone, you'll see a couple quick writes and phone reboots, then begins writing the rest of the image to your phone, but since we removed the "-w" from "flash-all.bat", it's NOT overwriting your data, just the necessary system files to update it to the latest version!

    Reboot your phone, let it do any optimizing and updating it needs to do, and don't run anything yet, we're not quite done, just let the phone settle in and finish booting and doing it's thing.

    Now, go back and perform the steps above listed under "PATCHING THE BOOT.IMG FILE" to patch the newest boot.img from the Full System Image we just updated the phone with (push the boot.img to sdcard/Download, patch with Magisk App, pull magisk_patched-XXXXX_xxxxx.img to your PC, blast it back using fastboot), and you've now rerooted the phone.

    Lemme just say again that I know this was a friggin' book, and I tried to make it as clear and plain language as I could to help even a first timer, so my apologies if it seems like an onerous process. It's really not, and once you've done this once or twice, it's a cakewalk and takes about 10 minutes of your time from start to finish to do the whole system update and reroot. Again, the newer methods to take OTA without losing root may be something you'd like to look into, i definitely will, but I'm very confident in sharing this method as I know it works like a champ and is foolproof if you take your time the first few times and make sure you do what's required (remove the "-w" from the flash-all.bat, etc)

    Lastly, I've been using this method since the Pixel 2, and just performed it on my new 5a, it worked exactly as it has for years for me on the P2, so you can be confident moving forward that, if you follow instructions and take your time until it's all familiar, you'll be successful in rooting, passing SafetyNet, and applying system updates without screwing up the A/B slots or overwriting your data in the process.

    I hope this helps even one person, and since I rarely find myself able to give back to the community in any real meaningful way (many of these folks are WAAAY beyond my modest skills and know so much!!), I hope that this provides some folks with a useful and meaningful tutorial, providing confidence that anyone can root their P5a (or about any Pixel it seems) without being a Magisk/Android prodigy.

    @Didgeridoohan, @pndwal, @zgfg, @jcmm11, and so many others over the years have been so helpful, I couldn't have done any of this without their selfless help, so give those folks a big thanks also if this is any help to you.

    Best of luck,
    hfam
    View
    5
    V0latyle
    V0latyle
    rahulsha said:
    Hi,

    Kindly share steps if can please, i am unable to root using same method and i am on Android 12 latest firmware out of the box.
    Click to expand...
    Click to collapse
    1. Download and install Magisk Canary
    2. Patch boot image using Magisk; reboot, flash patched image, reboot to system
    3. In Magisk settings, enable Zygisk and DenyList
    4. Download Universal SafetyNet Fix 2.2.0
    5. Install USNF 2.2.0 in Magisk
    6. Reboot
    7. Enable DenyList on ALL components of Google Play Services and Google Play Store; use the search icon, and show both system and OS apps
    8. Enable DenyList on any apps that may detect root, such as banking or video streaming apps
    View
    4
    H
    hfam
    jcmm11 said:
    You're absolutely correct about the dangers in following instructions posted by who knows who. I'll go further and say when it comes to root and associated items stay away from anything posted on a site other than XDA. In many cases even if the instructions were correct at some point in time they may well be outdated now.

    I haven't rooted yet for a few reasons yet but will, hopefully sometime very soon. In the meantime I can state the following:
    They're is no need to modify props. Modifying props to identify as a different phone would only be required for custom ROMs that don't handle it themselves (or some non-certified Chinese phones, which doesn't apply here). If you're running stock just leave that portion alone. And, if I'm not mistaken (although not 100% certain) I think safetynet-fix takes care of that for you in any case.

    You will definitely need kdragOn/safetynet-fix.
    Hopefully that's all you need.
    I'm not sure which version of Magisk you'll need. Unless you know what you're doing and how to get out of trouble I recommend staying away from the current alphas, they're extremely cutting edge and you can expect problems.

    Best best is to check the following threads and see what's going on:
    Actually see this post and the 2 posts immediately following

    Magisk General Support / Discussion

    This is the place for general support and...
    forum.xda-developers.com forum.xda-developers.com
    That should pretty much cover things for the moment. If nobody else (@hfam ?) has done it by the time I get around to rooting I'll write something up specific for the 5a.
    Click to expand...
    Click to collapse
    Just a quick note to say I just finished with everything (new Pixel 5a 5G, rooted + Safety net, restored all my apps, etc) and it's a flawless victory, ALL banking apps work great, SafetyNet passes, no hiccups.

    I'd be happy to craft up a step by step and post it if there's some interest. It's not often I get to give back to this outstanding community, so it's the least I can do jumping on the opportunity. UFC 266 Main card is just starting, so I'll get started right after the fight and post it here in this thread.

    Great to see ya again @jcmm11! Coming back to root a new phone feels like a family reunion, so great to see many of you active folks still here helping out!!

    hfam
    View
    3
    jcmm11
    jcmm11
    borxnx said:
    Why? Isn't the shim version just for Samsungs? Either way, it's the same mod, just different versions.

    Someone who actually knows what they're doing needs to write up a tutorial. Following instructions posted by people who have no idea what they're doing but "it works" for them is dangerous.
    Click to expand...
    Click to collapse
    You're absolutely correct about the dangers in following instructions posted by who knows who. I'll go further and say when it comes to root and associated items stay away from anything posted on a site other than XDA. In many cases even if the instructions were correct at some point in time they may well be outdated now.

    I haven't rooted yet for a few reasons yet but will, hopefully sometime very soon. In the meantime I can state the following:
    They're is no need to modify props. Modifying props to identify as a different phone would only be required for custom ROMs that don't handle it themselves (or some non-certified Chinese phones, which doesn't apply here). If you're running stock just leave that portion alone. And, if I'm not mistaken (although not 100% certain) I think safetynet-fix takes care of that for you in any case.

    You will definitely need kdragOn/safetynet-fix.
    Hopefully that's all you need.
    I'm not sure which version of Magisk you'll need. Unless you know what you're doing and how to get out of trouble I recommend staying away from the current alphas, they're extremely cutting edge and you can expect problems.

    Best best is to check the following threads and see what's going on:
    Actually see this post and the 2 posts immediately following

    Magisk General Support / Discussion

    This is the place for general support and...
    forum.xda-developers.com forum.xda-developers.com
    That should pretty much cover things for the moment. If nobody else (@hfam ?) has done it by the time I get around to rooting I'll write something up specific for the 5a.
    View
    2
    D
    Deadmau-five
    Hey everyone,

    after some trial and error, I was able to pass Safety Net.

    I just want to mention what I did in the process to get there. May have been a combination of things or just one...

    1. I followed this guide, but make sure you notice that It's for the Pixel 5 not 5a. But the process is similar. This process didn't fix the issue. However, it's also a good how-to on how to root. I did also modify the props to the 3a.

    How to Root the Pixel 5 & Still Pass SafetyNet — Full Guide for Beginners & Intermediate Users

    The Pixel 5 is a great value proposition in...
    android.gadgethacks.com android.gadgethacks.com

    2. When that didn't work, I followed this video, and hid all my banking apps besides the Google Play Services:


    3. When that didn't work, I installed these both using Magisk from this post:

    Magisk General Support / Discussion

    This is the place for general support and...
    forum.xda-developers.com forum.xda-developers.com

    4. Cleared my data and cache with Google Play and GPay + any other banking apps.

    That worked for me!


    EDIT: IF GOOGLE MAPS reports the wrong location, its likely XPrivacy-LUA, Google Services. Uncheck some of them.
    View

New posts