[Tutorial] Unlock Bootloader, get root and valid Safetynet

Search This thread

jawonder

Senior Member
Nov 29, 2010
2,699
363
Boynton Beach, FL
Hi. Did you figure it out? Same is happening with my 4xl.
I downloaded the latest Factory image for my device from google's website , extracted the boot.img and flashed it vi fastboot and rebooted system which work now. I then got the updated magisk apk for my device, add the boot.img i use from the factory image to my device via PC then use magisk to patch that boot.img . Transfer that patched boot.img to my PC put it in the folder i use adb and fastboot from then reboot to bootloader and flashed it via fastboot.
Phone booted up fine after and i got root.
 

subzerorabee

Member
Dec 8, 2013
5
3
I downloaded the latest Factory image for my device from google's website , extracted the boot.img and flashed it vi fastboot and rebooted system which work now. I then got the updated magisk apk for my device, add the boot.img i use from the factory image to my device via PC then use magisk to patch that boot.img . Transfer that patched boot.img to my PC put it in the folder i use adb and fastboot from then reboot to bootloader and flashed it via fastboot.
Phone booted up fine after and i got root.
Weird, I did the same, but whenever I flash the patched boot image I get bootloop. Magisk 22 canary here. Can't figure it out.
I even tried to disable the modules, still no luck.
Thanks for your reply tho.
 

fkofilee

Senior Member
Aug 6, 2010
1,089
382
Crawley
Same here - Flash March Update - Boots fine.
Patch Boot.img and flash to the device and it just boots to recovery saying Data is corrupt *_*

I assume Magisk is potentially an issue here.
 

RBEmerson

Senior Member
Jul 15, 2012
584
59
SE PA
At the moment, I get LOCKED when I "adb reboot bootloader".

I can't figure out if there's any hope of unlocking the bootloader. I've seen suggestions that the answer is a definite maybe. I seem to have made the mistake of thinking this Pixel 5 is carrier agnostic, but I guess it's not. I bought the phone as an "open box" eBay, with AFAIK no indication being tied to a particular carrier. The model is QD1YQ - any guesses as which carrier uses this model number?
The QD1YQ is the Google Store version of the P5.

Is there any chance of unlocking the bootloader with the OEM option greyed out?
 

jackowy

Member
Mar 6, 2021
8
1
Everything went fine, thanks for the tutorial.

It seems i cant get Google Pay to work, as you can see it says "not set up" with that crossed nfc tag.

NFC is activated, play services and google pay cleared cache, safetynet says "sucess, evalType basic". Opening from long pressing the power button it says "hold near reader".

Is there anything i missed? Its not just Paypal (which worked before), its all my cards...

Screenshot_20210306-155553~2.png

Screenshot_20210306-155549~2.png

Screenshot_20210306-155620~2.png
 

Attachments

  • Screenshot_20210306-155620~2.png
    Screenshot_20210306-155620~2.png
    20.3 KB · Views: 16
Last edited:

RBEmerson

Senior Member
Jul 15, 2012
584
59
SE PA
The QD1YQ is the Google Store version of the P5.

Is there any chance of unlocking the bootloader with the OEM option greyed out?
Code:
PS G:\Pixel5\XDA\sdk> .\fastboot devices
09091FDD4006RD  fastboot
PS G:\Pixel5\XDA\sdk> .\fastboot flashing unlock
FAILED (remote: 'flashing unlock is not allowed')
fastboot: error: Command failed

The devices result makes sense - the serial number is right, and it's in fastboot

It's the unlock that fails.
The bottom of the phone's display says: "Enter reason: combo key"
Kinda makes me think I need a magic key (duh).

Am I as out of luck with rooting as this exchange, following the how-to, says?
 

Sh0X31

Senior Member
  • Mar 27, 2010
    1,357
    640
    Frankfurt am Main
    Do i just need the bypass fix or hide connfig props + bypass fix?

    I flashed factory image from April and than I flashed patched boot.img. After I flashed props choose pixel 3a and 11. Than I reboot & flash the fix but still can't bypass
     

    Attachments

    • Screenshot_20210406-141548.png
      Screenshot_20210406-141548.png
      72.1 KB · Views: 12
    Last edited:

    Raz0Rfail

    Senior Member
    Oct 24, 2013
    217
    106
    Do i just need the bypass fix or hide connfig props + bypass fix?

    I flashed factory image from April and than I flashed patched boot.img. After I flashed props choose pixel 3a and 11. Than I reboot & flash the fix but still can't bypass
    You only need the magisk module universal safetynet fix.

    Go to the first post and go trough all instructions described at:
    "For Safetynet you have to do the following steps"...

    And I recommend to uninstall the props module to switch the device-fingerprint, because at the moment it isn't needed for the p5.

    Regards :)
     
    • Like
    Reactions: sidhaarthm

    Sh0X31

    Senior Member
  • Mar 27, 2010
    1,357
    640
    Frankfurt am Main
    You only need the magisk module universal safetynet fix.

    Go to the first post and go trough all instructions described at:
    "For Safetynet you have to do the following steps"...

    And I recommend to uninstall the props module to switch the device-fingerprint, because at the moment it isn't needed for the p5.

    Regards :)

    I had uninstall it and install the Modul the universal safetynet fix but still no bypass. I also clear play service & store data.
     

    Raz0Rfail

    Senior Member
    Oct 24, 2013
    217
    106
    Have you enabled magiskhide in magisk settings?

    Then you have to switch to the superuser tab and go into the new menu magiskhide.

    Inside you click on google play services and it should collapse out and then you click the hook and every item for Google play services should be hooked.

    I recommend to hook every google app which you have installed.

    After you marked the needed apps reboot phone and check again safetynet.
     

    valunthar

    Member
    Sep 12, 2012
    16
    2
    I'm still unable to pass safetynet despite following the steps above, however part of this may be due to the fact that I'm also running lineage os on it. Are the steps different for that rom?
     

    Raz0Rfail

    Senior Member
    Oct 24, 2013
    217
    106
    I'm still unable to pass safetynet despite following the steps above, however part of this may be due to the fact that I'm also running lineage os on it. Are the steps different for that rom?
    Nope same steps, I'm using LOS 18.1 as well.

    Install magisk 22.1, install safetynet fix from github link, enable magisk hide and inside disable google play services and other google services.
    Currently you can't check safetynet inside magisk app, you get Safetynet API error. Just install another safetynet check app like safetynet test:
     
    • Like
    Reactions: XNine

    ticrandall

    Senior Member
    Oct 30, 2011
    116
    5
    Google Pixel 5
    Nope same steps, I'm using LOS 18.1 as well.

    Install magisk 22.1, install safetynet fix from github link, enable magisk hide and inside disable google play services and other google services.
    Currently you can't check safetynet inside magisk app, you get Safetynet API error. Just install another safetynet check app like safetynet test:
    Well. That would of been great info 14 pages ago! Kept testing in Magisk and it failed, testing with another app passes! Thank you for that info!
     

    Top Liked Posts

    • There are no posts matching your filters.
    • 1
      Do i just need the bypass fix or hide connfig props + bypass fix?

      I flashed factory image from April and than I flashed patched boot.img. After I flashed props choose pixel 3a and 11. Than I reboot & flash the fix but still can't bypass
      You only need the magisk module universal safetynet fix.

      Go to the first post and go trough all instructions described at:
      "For Safetynet you have to do the following steps"...

      And I recommend to uninstall the props module to switch the device-fingerprint, because at the moment it isn't needed for the p5.

      Regards :)
      1
      I'm still unable to pass safetynet despite following the steps above, however part of this may be due to the fact that I'm also running lineage os on it. Are the steps different for that rom?
      Nope same steps, I'm using LOS 18.1 as well.

      Install magisk 22.1, install safetynet fix from github link, enable magisk hide and inside disable google play services and other google services.
      Currently you can't check safetynet inside magisk app, you get Safetynet API error. Just install another safetynet check app like safetynet test:
    • 8

      19/04/21:​

      There is currently a problem with magisk checking safetynet. When you check safetynet in magisk, you get a safetynet API error. Either use an alternative Safetynet app e.g. Safetynet Test or install the magisk canary app. I heard it was fixed there, but don't know for sure.



      I wrote this entire tutorial already in this Thread, but I think it should be separated, so everyone can find it easier:
      https://forum.xda-developers.com/showpost.php?p=83736713&postcount=89

      This Tutorial descripes 3 Points:
      • Unlock Bootloader - which is necessary for root
      • Get root via Magisk
      • Valid Safetynet

      Enable Developer mode in settings
      1. Open Settings App
      2. Move to About The Phone
      3. 7 Taps on the Build-Number

      Enable OEM-Unlock in settings
      1. Go back to Main Menu of Settings
      2. move to system
      3. Unfold Extended
      4. Open Developer options
      5. Enable OEM-Unlock

      If you go further, you should either have a clean phone or backup your data. Because if you unlock the bootloader, the entire phone will be wiped.

      Reboot Phone in Fastboot

      1. Turn off Phone with long press on Power Button and click turn off
      2. Press Power Button + Lower Volume together for some seconds and you are in fastboot mode

      Use Fastboot to unlock Phone
      If you don't have it download at first the needed adb and fastboot files for your system:
      https://developer.android.com/studio/releases/platform-tools
      Extract it to a path where you want it.

      1. Connect your P5 with your PC with an USB cable
      2. Open the path where you have extracted the adb tools.
      3. On Windows press Shift + Right click and in the context menu click on open commandline Window
      4. If you enter the following console command you should see an listed device about it's serial number:
        Code:
        fastboot devices
        If you get an empty result, you have to check if P5 is correct connected via usb and p5 is in fastboot mode (you see it onscreen)
        It could be that you have to install the usb drivers at first for recognizing it via fastboot.

      If a Serial was listed in the Previous step, go further.

      Enter the following command to start to unlocking your phone
      Code:
      fastboot flashing unlock

      On your Phone you see a message to "not unlock your phone", with volume up you switch it to "unlock your phone". With the Power Button you accept it.
      It will reboot now and at this moment it wipes the entire phone, so you start again from scratch to configure the p5.

      if you have a Pixel 5 without the KDDI Version, you can use the following boot image, which is already a prepatched boot image including magisk 21 (Build 21005).
      Download it at first:
      http://www.mediafire.com/file/8ll4mlzt3l9njph/magisk_patched+Build+21005.img/file
      KDDI variant: http://www.mediafire.com/file/widag4w5s02itq5/magisk_patched+KDDI.img/file

      Copy the img-file to the path where you had extracted the adb files.

      After you have configured your phone so you can use it, turn off p5 again and go again into fastboot mode.
      Ensure your phone is connected via usb to the PC.

      In the opened command line Window enter the following command:
      Code:
      fastboot flash boot "magisk_patched Build 21005.img"

      For windows powershell Users check this out, if the above command failed:
      A suggestion, please add that those having issues with the flash command failing to WRITE can try putting ./ before the command and that should work.

      hm not working for me. P5 is unlocked.

      C:\>fastboot flash boot "magisk_patched Build 21005.img"
      target reported max download size of 268435456 bytes
      sending 'boot' (98304 KB)...
      OKAY [ 2.419s]
      writing 'boot'...
      FAILED (remote: Failed to write to partition Not Found)
      finished. total time: 2.500s

      Do:

      ./fastboot flash boot "magisk_patched Build 21005.img"


      After it finished you can reboot your phone into android system and you will see the magisk manager logo.

      Open it and you should see magisk 21005 is installed, then you know root access is granted.

      For Safetynet you have to do the following steps
      1. In Magisk Manager open settings gear.
      2. under Magisk enable MagiskHide
      3. Above MagiskHide is a menupoint called "Hide Magisk Manager", click on it, give the magisk manager a new name, click ok and wait until it's reopend.
      4. Go to main menu of the magisk manager. On bottom is a "shield icon" open it.
      5. Go to "MagiskHide"
      6. On Top is the item "Google Play Services" unfold it and set every hook on it.
      7. It's recommended to set the hook on every google Service you find.
      8. Go Back to main menu of magisk manager
      9. Download the latest universal safetynet fix for your P5:
        Then in magisk manager under modules click on the "Install from memory" button and then select the zip file you just downloaded and magisk manager will then install the module.
      10. After finished installation reboot your P5.
      After reboot check safetynet state in Magisk Manger, it should be OK.

      Now you have a rooted phone and a valid safetynet.
      1
      This post describes how to patch magisk to a new firmware as long as no twrp recovery is available:

      At first download the specific rom:
      https://developers.google.com/android/images

      You need only the "Link". Flash is only for flashing the rom over an chromium browser.

      After downloaded the zip file open it, and you find another zip file. This zip file has to be extracted.

      Into the extracted zip is the file boot.img, extract it.

      Copy the boot.img to your p5 by usb.

      Install the last magisk manager Canary version on your p5:
      https://github.com/topjohnwu/Magisk

      Open magisk manager. In main menu click on install. In the new menu click on "select a file and patch it". Search for the copied boot.img on your p5 and select it.
      Wait for flash completion. And check if it's successful.

      Copy the file /sdcard/download/magisk_patched.img to your pc in the adb files directory.
      If you on the step to flash the boot image, you have to use the new file name.
      1
      Great write up, It will help many. As for me, it will make a nice reference to ADB.

      Sent from my Pixel 3a XL using Tapatalk
      1
      Same here. Didn't realize they were different until someone pointed it out to me. The boot image from the different firmware still worked for me too

      Lucky you? Are you sure you are on 22.A4?

      I tried but couldn't make it work.
      1
      Can I use pixel 4a or 4a 5g for fingerprint
      Using the 4a or 4a 5G fingerprint would still make you fail SafteyNet. People use the 3a because that was the last Pixel device that didn't have the hardware that trips SafteyNet.
    Our Apps
    Get our official app!
    The best way to access XDA on your phone
    Nav Gestures
    Add swipe gestures to any Android
    One Handed Mode
    Eases uses one hand with your phone