[Tutorial] Unlock Bootloader, get root and valid Safetynet

Search This thread

Raz0Rfail

Senior Member
Oct 24, 2013
225
114

04/09/21 v2​

Just install this Module via magisk manager:
which is mentioned by this thread:

You need it + safetynetfix from kdrag0n then you have valid safetynet.

04/09/21​

For the last two days there has been an update on Google's site that causes Safetynet to fail on your phone. It didn't work on my phone and a colleague's phone, but it worked on another colleague's phone with no problems. So it may or may not fail on your end.

If you have the problem with safetynet failing. First update magisk to v.23 and the manager to the latest version.

Then we need lsposed with a separate module for lsposed. You can use edxposed, but for most users it laggs much more than lsposed.

If you don't have lsposed. You need to install the following two Magisk modules in the order described.
1. riru
2. riru - LSposed

Otherwise you will get an installation error because the core is missing.
After the installation, restart the phone.

Then the LSposed manager should be visible in your launcher. If not, download the full zip package from here:

Extract the manager.apk from it and install it.

Inside the manager, you should get a green message with "activated". If not, you have not installed the module.

Inside the Lsposed manager, install the XprivacyLua module from the repo. The search function is located at the bottom.

Go to Modules and click on XprivacyLua. And tick the two items for the recommended applications:
System Framework
settings storage

Then click on the 3 dots at the top right.
There, uncheck the item in "Hide -> System apps".
Now you can search in the app list for
Google play Services and set the hook.

Then click on the gear icon on the top right and the app XprivacyLua will open.

In it, search for Google play Services again and set the checkmark next to the gear icon so that each sub-checkmark is set.

Now we need to hide the Magisk Manager. To do this, open the Magisk Manager.

Click on the gear icon at the top right of the main menu. Then click on hide magisk manager. Enter the desired name and wait until the Magisk Manager opens again.

If you have not installed the Safetynet fix from kdrag0n, you can download it here:

Then install it from the "modules" menu in magisk manager using the "install module from storage" function.

Once you have installed the Safetynet Fix module, restart the phone.

Then open the Settings app and navigate to the Apps section. Then search for Google Play Services, open it and in the storage option, use the function to clear the cache memory.

Now you can check Safetynet again in Magisk and it should be valid.


19/04/21:​

There is currently a problem with magisk checking safetynet. When you check safetynet in magisk, you get a safetynet API error. Either use an alternative Safetynet app e.g. Safetynet Test or install the magisk canary app. I heard it was fixed there, but don't know for sure.



I wrote this entire tutorial already in this Thread, but I think it should be separated, so everyone can find it easier:
https://forum.xda-developers.com/showpost.php?p=83736713&postcount=89

This Tutorial descripes 3 Points:
  • Unlock Bootloader - which is necessary for root
  • Get root via Magisk
  • Valid Safetynet

Enable Developer mode in settings
  1. Open Settings App
  2. Move to About The Phone
  3. 7 Taps on the Build-Number

Enable OEM-Unlock in settings
  1. Go back to Main Menu of Settings
  2. move to system
  3. Unfold Extended
  4. Open Developer options
  5. Enable OEM-Unlock

If you go further, you should either have a clean phone or backup your data. Because if you unlock the bootloader, the entire phone will be wiped.

Reboot Phone in Fastboot

  1. Turn off Phone with long press on Power Button and click turn off
  2. Press Power Button + Lower Volume together for some seconds and you are in fastboot mode

Use Fastboot to unlock Phone
If you don't have it download at first the needed adb and fastboot files for your system:
https://developer.android.com/studio/releases/platform-tools
Extract it to a path where you want it.

  1. Connect your P5 with your PC with an USB cable
  2. Open the path where you have extracted the adb tools.
  3. On Windows press Shift + Right click and in the context menu click on open commandline Window
  4. If you enter the following console command you should see an listed device about it's serial number:
    Code:
    fastboot devices
    If you get an empty result, you have to check if P5 is correct connected via usb and p5 is in fastboot mode (you see it onscreen)
    It could be that you have to install the usb drivers at first for recognizing it via fastboot.

If a Serial was listed in the Previous step, go further.

Enter the following command to start to unlocking your phone
Code:
fastboot flashing unlock

On your Phone you see a message to "not unlock your phone", with volume up you switch it to "unlock your phone". With the Power Button you accept it.
It will reboot now and at this moment it wipes the entire phone, so you start again from scratch to configure the p5.

if you have a Pixel 5 without the KDDI Version, you can use the following boot image, which is already a prepatched boot image including magisk 21 (Build 21005).
Download it at first:
http://www.mediafire.com/file/8ll4mlzt3l9njph/magisk_patched+Build+21005.img/file
KDDI variant: http://www.mediafire.com/file/widag4w5s02itq5/magisk_patched+KDDI.img/file

Copy the img-file to the path where you had extracted the adb files.

After you have configured your phone so you can use it, turn off p5 again and go again into fastboot mode.
Ensure your phone is connected via usb to the PC.

In the opened command line Window enter the following command:
Code:
fastboot flash boot "magisk_patched Build 21005.img"

For windows powershell Users check this out, if the above command failed:
A suggestion, please add that those having issues with the flash command failing to WRITE can try putting ./ before the command and that should work.

hm not working for me. P5 is unlocked.

C:\>fastboot flash boot "magisk_patched Build 21005.img"
target reported max download size of 268435456 bytes
sending 'boot' (98304 KB)...
OKAY [ 2.419s]
writing 'boot'...
FAILED (remote: Failed to write to partition Not Found)
finished. total time: 2.500s

Do:

./fastboot flash boot "magisk_patched Build 21005.img"


After it finished you can reboot your phone into android system and you will see the magisk manager logo.

Open it and you should see magisk 21005 is installed, then you know root access is granted.

For Safetynet you have to do the following steps
  1. In Magisk Manager open settings gear.
  2. under Magisk enable MagiskHide
  3. Above MagiskHide is a menupoint called "Hide Magisk Manager", click on it, give the magisk manager a new name, click ok and wait until it's reopend.
  4. Go to main menu of the magisk manager. On bottom is a "shield icon" open it.
  5. Go to "MagiskHide"
  6. On Top is the item "Google Play Services" unfold it and set every hook on it.
  7. It's recommended to set the hook on every google Service you find.
  8. Go Back to main menu of magisk manager
  9. Download the latest universal safetynet fix for your P5:
    Then in magisk manager under modules click on the "Install from memory" button and then select the zip file you just downloaded and magisk manager will then install the module.
  10. After finished installation reboot your P5.
After reboot check safetynet state in Magisk Manger, it should be OK.

Now you have a rooted phone and a valid safetynet.
 
Last edited:

Raz0Rfail

Senior Member
Oct 24, 2013
225
114
This post describes how to patch magisk to a new firmware as long as no twrp recovery is available:

At first download the specific rom:
https://developers.google.com/android/images

You need only the "Link". Flash is only for flashing the rom over an chromium browser.

After downloaded the zip file open it, and you find another zip file. This zip file has to be extracted.

Into the extracted zip is the file boot.img, extract it.

Copy the boot.img to your p5 by usb.

Install the last magisk manager Canary version on your p5:
https://github.com/topjohnwu/Magisk

Open magisk manager. In main menu click on install. In the new menu click on "select a file and patch it". Search for the copied boot.img on your p5 and select it.
Wait for flash completion. And check if it's successful.

Copy the file /sdcard/download/magisk_patched.img to your pc in the adb files directory.
If you on the step to flash the boot image, you have to use the new file name.
 
Last edited:
  • Like
Reactions: greogory

tehran021

New member
May 1, 2011
2
0
Berlin
flashing img doesn't work

Hi,

I tried it exactly as written here:
In the opened command line Window enter the following command:
Code:
fastboot flash boot "magisk_patched Build 21005.img"
After it finished you can reboot your phone into android system and you will see the magisk manager logo.

Somehow flashing the img does not work for me.

Terminal output:
❯ fastboot flash boot "boot.img"
Sending 'boot_a' (98304 KB) OKAY [ 0.480s]
Writing 'boot_a' OKAY [ 0.312s]
Finished. Total time: 1.152s

Even though the output on the terminal looks fine. At least it doesn't give me an error.

Tried installing magisk manually and flashing the img through the app, but that gave me an error:
!installation failed
-repacking boot image
!Unable to repack boot image

Ahh and btw I'm based in germany so I guess I have to use the non KDDI version.

Appreciate the help
Cina
 
Last edited:

Frost Storm

Member
Feb 25, 2011
33
2
I tried it exactly as written here:
In the opened command line Window enter the following command:
Code:
fastboot flash boot "magisk_patched Build 21005.img"
After it finished you can reboot your phone into android system and you will see the magisk manager logo.

Somehow flashing the img does not work for me.

Terminal output:
❯ fastboot flash boot "boot.img"
Sending 'boot_a' (98304 KB) OKAY [ 0.480s]
Writing 'boot_a' OKAY [ 0.312s]
Finished. Total time: 1.152s

Even though the output on the terminal looks fine. At least it doesn't give me an error.

Same here
I tried all ways thrice and then again

It is not that difficult, usually.
But Magisk Manager says Installed N/A

Thanks for any idea

edit:
I set up everything again on another computer.
Patched the boot.img myself with the MM Canary version
and then it worked.

Looks like my other PC has an unknown problem
 
Last edited:

Hecke92

Senior Member
Dec 27, 2011
334
111
Thanks <3

But will it be possible to have the phone identified as P5 instead of P3a in the future?

A bit scared of doing this.
 

LuMe96

Senior Member
Are you sure you are on the correct boot.img ? i have a pixel 5 from a french carrier and the build number is the same as the "KDDI" version but i'm pretty sure my phone has nothing to do with japanese telecoms.
Yes, I can second this. Looks like a lot of devices shipped to Europe are indeed preloaded with the KDDI version. I contacted Google support about this to better understand, awaiting their response.
 

Raz0Rfail

Senior Member
Oct 24, 2013
225
114
Is it possible to have this fixed in the future? So that we don't have to change the identity?


I won't think so if we can use the p5 fingerprint to get valid safety net. Because we have to switch from basic authentication to hardware key. AFAIK if the hardware method is used, the hardware sensor can check if bootloader is unlocked and give the results to the safety net validator. And you will get automatically false cts profile if the hardware sensor detect that your bootloader is open.

This is a very interesting question about rooting and using custom roms in the future when no other device with newer android version use basic authentication.
 
Last edited:

Raz0Rfail

Senior Member
Oct 24, 2013
225
114
This I type in adb shell or terminal on Android. But what they do?

If you had entered "props" in adb shell you see a menu which is navigated by key inputs. The code section you mentioned are for navigating through the props menu to get the specific p3a fingerprint on basic authentication activated on your phone including reboot.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 9

    04/09/21 v2​

    Just install this Module via magisk manager:
    which is mentioned by this thread:

    You need it + safetynetfix from kdrag0n then you have valid safetynet.

    04/09/21​

    For the last two days there has been an update on Google's site that causes Safetynet to fail on your phone. It didn't work on my phone and a colleague's phone, but it worked on another colleague's phone with no problems. So it may or may not fail on your end.

    If you have the problem with safetynet failing. First update magisk to v.23 and the manager to the latest version.

    Then we need lsposed with a separate module for lsposed. You can use edxposed, but for most users it laggs much more than lsposed.

    If you don't have lsposed. You need to install the following two Magisk modules in the order described.
    1. riru
    2. riru - LSposed

    Otherwise you will get an installation error because the core is missing.
    After the installation, restart the phone.

    Then the LSposed manager should be visible in your launcher. If not, download the full zip package from here:

    Extract the manager.apk from it and install it.

    Inside the manager, you should get a green message with "activated". If not, you have not installed the module.

    Inside the Lsposed manager, install the XprivacyLua module from the repo. The search function is located at the bottom.

    Go to Modules and click on XprivacyLua. And tick the two items for the recommended applications:
    System Framework
    settings storage

    Then click on the 3 dots at the top right.
    There, uncheck the item in "Hide -> System apps".
    Now you can search in the app list for
    Google play Services and set the hook.

    Then click on the gear icon on the top right and the app XprivacyLua will open.

    In it, search for Google play Services again and set the checkmark next to the gear icon so that each sub-checkmark is set.

    Now we need to hide the Magisk Manager. To do this, open the Magisk Manager.

    Click on the gear icon at the top right of the main menu. Then click on hide magisk manager. Enter the desired name and wait until the Magisk Manager opens again.

    If you have not installed the Safetynet fix from kdrag0n, you can download it here:

    Then install it from the "modules" menu in magisk manager using the "install module from storage" function.

    Once you have installed the Safetynet Fix module, restart the phone.

    Then open the Settings app and navigate to the Apps section. Then search for Google Play Services, open it and in the storage option, use the function to clear the cache memory.

    Now you can check Safetynet again in Magisk and it should be valid.


    19/04/21:​

    There is currently a problem with magisk checking safetynet. When you check safetynet in magisk, you get a safetynet API error. Either use an alternative Safetynet app e.g. Safetynet Test or install the magisk canary app. I heard it was fixed there, but don't know for sure.



    I wrote this entire tutorial already in this Thread, but I think it should be separated, so everyone can find it easier:
    https://forum.xda-developers.com/showpost.php?p=83736713&postcount=89

    This Tutorial descripes 3 Points:
    • Unlock Bootloader - which is necessary for root
    • Get root via Magisk
    • Valid Safetynet

    Enable Developer mode in settings
    1. Open Settings App
    2. Move to About The Phone
    3. 7 Taps on the Build-Number

    Enable OEM-Unlock in settings
    1. Go back to Main Menu of Settings
    2. move to system
    3. Unfold Extended
    4. Open Developer options
    5. Enable OEM-Unlock

    If you go further, you should either have a clean phone or backup your data. Because if you unlock the bootloader, the entire phone will be wiped.

    Reboot Phone in Fastboot

    1. Turn off Phone with long press on Power Button and click turn off
    2. Press Power Button + Lower Volume together for some seconds and you are in fastboot mode

    Use Fastboot to unlock Phone
    If you don't have it download at first the needed adb and fastboot files for your system:
    https://developer.android.com/studio/releases/platform-tools
    Extract it to a path where you want it.

    1. Connect your P5 with your PC with an USB cable
    2. Open the path where you have extracted the adb tools.
    3. On Windows press Shift + Right click and in the context menu click on open commandline Window
    4. If you enter the following console command you should see an listed device about it's serial number:
      Code:
      fastboot devices
      If you get an empty result, you have to check if P5 is correct connected via usb and p5 is in fastboot mode (you see it onscreen)
      It could be that you have to install the usb drivers at first for recognizing it via fastboot.

    If a Serial was listed in the Previous step, go further.

    Enter the following command to start to unlocking your phone
    Code:
    fastboot flashing unlock

    On your Phone you see a message to "not unlock your phone", with volume up you switch it to "unlock your phone". With the Power Button you accept it.
    It will reboot now and at this moment it wipes the entire phone, so you start again from scratch to configure the p5.

    if you have a Pixel 5 without the KDDI Version, you can use the following boot image, which is already a prepatched boot image including magisk 21 (Build 21005).
    Download it at first:
    http://www.mediafire.com/file/8ll4mlzt3l9njph/magisk_patched+Build+21005.img/file
    KDDI variant: http://www.mediafire.com/file/widag4w5s02itq5/magisk_patched+KDDI.img/file

    Copy the img-file to the path where you had extracted the adb files.

    After you have configured your phone so you can use it, turn off p5 again and go again into fastboot mode.
    Ensure your phone is connected via usb to the PC.

    In the opened command line Window enter the following command:
    Code:
    fastboot flash boot "magisk_patched Build 21005.img"

    For windows powershell Users check this out, if the above command failed:
    A suggestion, please add that those having issues with the flash command failing to WRITE can try putting ./ before the command and that should work.

    hm not working for me. P5 is unlocked.

    C:\>fastboot flash boot "magisk_patched Build 21005.img"
    target reported max download size of 268435456 bytes
    sending 'boot' (98304 KB)...
    OKAY [ 2.419s]
    writing 'boot'...
    FAILED (remote: Failed to write to partition Not Found)
    finished. total time: 2.500s

    Do:

    ./fastboot flash boot "magisk_patched Build 21005.img"


    After it finished you can reboot your phone into android system and you will see the magisk manager logo.

    Open it and you should see magisk 21005 is installed, then you know root access is granted.

    For Safetynet you have to do the following steps
    1. In Magisk Manager open settings gear.
    2. under Magisk enable MagiskHide
    3. Above MagiskHide is a menupoint called "Hide Magisk Manager", click on it, give the magisk manager a new name, click ok and wait until it's reopend.
    4. Go to main menu of the magisk manager. On bottom is a "shield icon" open it.
    5. Go to "MagiskHide"
    6. On Top is the item "Google Play Services" unfold it and set every hook on it.
    7. It's recommended to set the hook on every google Service you find.
    8. Go Back to main menu of magisk manager
    9. Download the latest universal safetynet fix for your P5:
      Then in magisk manager under modules click on the "Install from memory" button and then select the zip file you just downloaded and magisk manager will then install the module.
    10. After finished installation reboot your P5.
    After reboot check safetynet state in Magisk Manger, it should be OK.

    Now you have a rooted phone and a valid safetynet.
    2
    Hello all,

    Maybe this might sound obvious for many, but better safe than sorry, so here it goes:

    If if flash factory image (A12 public release) via fastboot, using the bat file in its original state, this is without removing the "-w", Ill be on A12 with wiped data. After this, is it safe to just patch and flash boot.img or is it also necessary to flash vbmeta with disabled flags?

    Thank you in advance.
    If you flash the factory image, it also flashes vbmeta. To avoid doing it twice, change the line in the batch file that reads

    fastboot -w update redfin-image.zip

    to

    fastboot --disable-verity --disable-verification -w update redfin-image.zip

    Then, when the update finishes, patch and flash the boot image.

    If you do not disable verity and verification before modifying the boot image, you will get stuck in bootloader with an error message:

    "unable to load/verify boot image"
    2
    For just valid safetynet you need only
    04/09/21 v2
    (on this date Google had changed some behaviors on the server side, which was the reason why safetynet stopped working if you don't use the latest fixes. And the older dates are the fixes for safetynet in the past.)

    If you want to have an rooted phone you have to start at :
    "I wrote this entire tutorial already in this Thread, but I think it should be separated, so everyone can find it easier:"

    Then when you want to have valid safetynet just use the information on the latest Date.
    1
    This post describes how to patch magisk to a new firmware as long as no twrp recovery is available:

    At first download the specific rom:
    https://developers.google.com/android/images

    You need only the "Link". Flash is only for flashing the rom over an chromium browser.

    After downloaded the zip file open it, and you find another zip file. This zip file has to be extracted.

    Into the extracted zip is the file boot.img, extract it.

    Copy the boot.img to your p5 by usb.

    Install the last magisk manager Canary version on your p5:
    https://github.com/topjohnwu/Magisk

    Open magisk manager. In main menu click on install. In the new menu click on "select a file and patch it". Search for the copied boot.img on your p5 and select it.
    Wait for flash completion. And check if it's successful.

    Copy the file /sdcard/download/magisk_patched.img to your pc in the adb files directory.
    If you on the step to flash the boot image, you have to use the new file name.
    1
    So, the data wipe issue has been partly figured out.

    /data must be clean when verity and verification are disabled, once they have been enabled. Unfortunately for those on Android 11, there simply is no way around this.

    The good news is that once disabled, a data wipe is not required so long as they are not enabled again. The bad news is, we cannot let any update process boot the device into system without making sure both are disabled.

    This means no more automatic updates.

    So, we have two (well, three) available options for monthly updates:

    1. Sideload the OTA, then immediately reboot into bootloader, and reflash vbmeta with verity and verification disabled.

    Or...

    2. Flash the factory zip, either via ADB or Android Flash Tool, with verity and verification disabled.