[Tutorial] Unlock Bootloader, get root and valid Safetynet

Search This thread

jawonder

Senior Member
Nov 29, 2010
2,699
363
Boynton Beach, FL
Hi. Did you figure it out? Same is happening with my 4xl.
I downloaded the latest Factory image for my device from google's website , extracted the boot.img and flashed it vi fastboot and rebooted system which work now. I then got the updated magisk apk for my device, add the boot.img i use from the factory image to my device via PC then use magisk to patch that boot.img . Transfer that patched boot.img to my PC put it in the folder i use adb and fastboot from then reboot to bootloader and flashed it via fastboot.
Phone booted up fine after and i got root.
 

subzerorabee

Member
Dec 8, 2013
5
3
I downloaded the latest Factory image for my device from google's website , extracted the boot.img and flashed it vi fastboot and rebooted system which work now. I then got the updated magisk apk for my device, add the boot.img i use from the factory image to my device via PC then use magisk to patch that boot.img . Transfer that patched boot.img to my PC put it in the folder i use adb and fastboot from then reboot to bootloader and flashed it via fastboot.
Phone booted up fine after and i got root.
Weird, I did the same, but whenever I flash the patched boot image I get bootloop. Magisk 22 canary here. Can't figure it out.
I even tried to disable the modules, still no luck.
Thanks for your reply tho.
 

fkofilee

Senior Member
Aug 6, 2010
1,084
380
Crawley
Same here - Flash March Update - Boots fine.
Patch Boot.img and flash to the device and it just boots to recovery saying Data is corrupt *_*

I assume Magisk is potentially an issue here.
 

RBEmerson

Senior Member
Jul 15, 2012
582
59
SE PA
At the moment, I get LOCKED when I "adb reboot bootloader".

I can't figure out if there's any hope of unlocking the bootloader. I've seen suggestions that the answer is a definite maybe. I seem to have made the mistake of thinking this Pixel 5 is carrier agnostic, but I guess it's not. I bought the phone as an "open box" eBay, with AFAIK no indication being tied to a particular carrier. The model is QD1YQ - any guesses as which carrier uses this model number?
The QD1YQ is the Google Store version of the P5.

Is there any chance of unlocking the bootloader with the OEM option greyed out?
 

jackowy

New member
Mar 6, 2021
4
1
Everything went fine, thanks for the tutorial.

It seems i cant get Google Pay to work, as you can see it says "not set up" with that crossed nfc tag.

NFC is activated, play services and google pay cleared cache, safetynet says "sucess, evalType basic". Opening from long pressing the power button it says "hold near reader".

Is there anything i missed? Its not just Paypal (which worked before), its all my cards...

Screenshot_20210306-155553~2.png

Screenshot_20210306-155549~2.png

Screenshot_20210306-155620~2.png
 

Attachments

  • Screenshot_20210306-155620~2.png
    Screenshot_20210306-155620~2.png
    20.3 KB · Views: 13
Last edited:

RBEmerson

Senior Member
Jul 15, 2012
582
59
SE PA
The QD1YQ is the Google Store version of the P5.

Is there any chance of unlocking the bootloader with the OEM option greyed out?
Code:
PS G:\Pixel5\XDA\sdk> .\fastboot devices
09091FDD4006RD  fastboot
PS G:\Pixel5\XDA\sdk> .\fastboot flashing unlock
FAILED (remote: 'flashing unlock is not allowed')
fastboot: error: Command failed

The devices result makes sense - the serial number is right, and it's in fastboot

It's the unlock that fails.
The bottom of the phone's display says: "Enter reason: combo key"
Kinda makes me think I need a magic key (duh).

Am I as out of luck with rooting as this exchange, following the how-to, says?
 

Sh0X31

Senior Member
Mar 27, 2010
1,354
640
Frankfurt am Main
Do i just need the bypass fix or hide connfig props + bypass fix?

I flashed factory image from April and than I flashed patched boot.img. After I flashed props choose pixel 3a and 11. Than I reboot & flash the fix but still can't bypass
 

Attachments

  • Screenshot_20210406-141548.png
    Screenshot_20210406-141548.png
    72.1 KB · Views: 9
Last edited:

Raz0Rfail

Senior Member
Oct 24, 2013
208
104
Do i just need the bypass fix or hide connfig props + bypass fix?

I flashed factory image from April and than I flashed patched boot.img. After I flashed props choose pixel 3a and 11. Than I reboot & flash the fix but still can't bypass
You only need the magisk module universal safetynet fix.

Go to the first post and go trough all instructions described at:
"For Safetynet you have to do the following steps"...

And I recommend to uninstall the props module to switch the device-fingerprint, because at the moment it isn't needed for the p5.

Regards :)
 
  • Like
Reactions: sidhaarthm

Sh0X31

Senior Member
Mar 27, 2010
1,354
640
Frankfurt am Main
You only need the magisk module universal safetynet fix.

Go to the first post and go trough all instructions described at:
"For Safetynet you have to do the following steps"...

And I recommend to uninstall the props module to switch the device-fingerprint, because at the moment it isn't needed for the p5.

Regards :)

I had uninstall it and install the Modul the universal safetynet fix but still no bypass. I also clear play service & store data.
 

Raz0Rfail

Senior Member
Oct 24, 2013
208
104
Have you enabled magiskhide in magisk settings?

Then you have to switch to the superuser tab and go into the new menu magiskhide.

Inside you click on google play services and it should collapse out and then you click the hook and every item for Google play services should be hooked.

I recommend to hook every google app which you have installed.

After you marked the needed apps reboot phone and check again safetynet.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Do i just need the bypass fix or hide connfig props + bypass fix?

    I flashed factory image from April and than I flashed patched boot.img. After I flashed props choose pixel 3a and 11. Than I reboot & flash the fix but still can't bypass
    You only need the magisk module universal safetynet fix.

    Go to the first post and go trough all instructions described at:
    "For Safetynet you have to do the following steps"...

    And I recommend to uninstall the props module to switch the device-fingerprint, because at the moment it isn't needed for the p5.

    Regards :)
  • 7
    I wrote this entire tutorial already in this Thread, but I think it should be separated, so everyone can find it easier:
    https://forum.xda-developers.com/showpost.php?p=83736713&postcount=89

    This Tutorial descripes 3 Points:
    • Unlock Bootloader - which is necessary for root
    • Get root via Magisk
    • Valid Safetynet

    Enable Developer mode in settings
    1. Open Settings App
    2. Move to About The Phone
    3. 7 Taps on the Build-Number

    Enable OEM-Unlock in settings
    1. Go back to Main Menu of Settings
    2. move to system
    3. Unfold Extended
    4. Open Developer options
    5. Enable OEM-Unlock

    If you go further, you should either have a clean phone or backup your data. Because if you unlock the bootloader, the entire phone will be wiped.

    Reboot Phone in Fastboot

    1. Turn off Phone with long press on Power Button and click turn off
    2. Press Power Button + Lower Volume together for some seconds and you are in fastboot mode

    Use Fastboot to unlock Phone
    If you don't have it download at first the needed adb and fastboot files for your system:
    https://developer.android.com/studio/releases/platform-tools
    Extract it to a path where you want it.

    1. Connect your P5 with your PC with an USB cable
    2. Open the path where you have extracted the adb tools.
    3. On Windows press Shift + Right click and in the context menu click on open commandline Window
    4. If you enter the following console command you should see an listed device about it's serial number:
      Code:
      fastboot devices
      If you get an empty result, you have to check if P5 is correct connected via usb and p5 is in fastboot mode (you see it onscreen)
      It could be that you have to install the usb drivers at first for recognizing it via fastboot.

    If a Serial was listed in the Previous step, go further.

    Enter the following command to start to unlocking your phone
    Code:
    fastboot flashing unlock

    On your Phone you see a message to "not unlock your phone", with volume up you switch it to "unlock your phone". With the Power Button you accept it.
    It will reboot now and at this moment it wipes the entire phone, so you start again from scratch to configure the p5.

    if you have a Pixel 5 without the KDDI Version, you can use the following boot image, which is already a prepatched boot image including magisk 21 (Build 21005).
    Download it at first:
    http://www.mediafire.com/file/8ll4mlzt3l9njph/magisk_patched+Build+21005.img/file
    KDDI variant: http://www.mediafire.com/file/widag4w5s02itq5/magisk_patched+KDDI.img/file

    Copy the img-file to the path where you had extracted the adb files.

    After you have configured your phone so you can use it, turn off p5 again and go again into fastboot mode.
    Ensure your phone is connected via usb to the PC.

    In the opened command line Window enter the following command:
    Code:
    fastboot flash boot "magisk_patched Build 21005.img"

    For windows powershell Users check this out, if the above command failed:
    A suggestion, please add that those having issues with the flash command failing to WRITE can try putting ./ before the command and that should work.

    hm not working for me. P5 is unlocked.

    C:\>fastboot flash boot "magisk_patched Build 21005.img"
    target reported max download size of 268435456 bytes
    sending 'boot' (98304 KB)...
    OKAY [ 2.419s]
    writing 'boot'...
    FAILED (remote: Failed to write to partition Not Found)
    finished. total time: 2.500s

    Do:

    ./fastboot flash boot "magisk_patched Build 21005.img"


    After it finished you can reboot your phone into android system and you will see the magisk manager logo.

    Open it and you should see magisk 21005 is installed, then you know root access is granted.

    For Safetynet you have to do the following steps
    1. In Magisk Manager open settings gear.
    2. under Magisk enable MagiskHide
    3. Above MagiskHide is a menupoint called "Hide Magisk Manager", click on it, give the magisk manager a new name, click ok and wait until it's reopend.
    4. Go to main menu of the magisk manager. On bottom is a "shield icon" open it.
    5. Go to "MagiskHide"
    6. On Top is the item "Google Play Services" unfold it and set every hook on it.
    7. It's recommended to set the hook on every google Service you find.
    8. Go Back to main menu of magisk manager
    9. Download the latest universal safetynet fix for your P5:
      Then in magisk manager under modules click on the "Install from memory" button and then select the zip file you just downloaded and magisk manager will then install the module.
    10. After finished installation reboot your P5.
    After reboot check safetynet state in Magisk Manger, it should be OK.

    Now you have a rooted phone and a valid safetynet.
    1
    This post describes how to patch magisk to a new firmware as long as no twrp recovery is available:

    At first download the specific rom:
    https://developers.google.com/android/images

    You need only the "Link". Flash is only for flashing the rom over an chromium browser.

    After downloaded the zip file open it, and you find another zip file. This zip file has to be extracted.

    Into the extracted zip is the file boot.img, extract it.

    Copy the boot.img to your p5 by usb.

    Install the last magisk manager Canary version on your p5:
    https://github.com/topjohnwu/Magisk

    Open magisk manager. In main menu click on install. In the new menu click on "select a file and patch it". Search for the copied boot.img on your p5 and select it.
    Wait for flash completion. And check if it's successful.

    Copy the file /sdcard/download/magisk_patched.img to your pc in the adb files directory.
    If you on the step to flash the boot image, you have to use the new file name.
    1
    Great write up, It will help many. As for me, it will make a nice reference to ADB.

    Sent from my Pixel 3a XL using Tapatalk
    1
    Same here. Didn't realize they were different until someone pointed it out to me. The boot image from the different firmware still worked for me too

    Lucky you? Are you sure you are on 22.A4?

    I tried but couldn't make it work.
    1
    Can I use pixel 4a or 4a 5g for fingerprint
    Using the 4a or 4a 5G fingerprint would still make you fail SafteyNet. People use the 3a because that was the last Pixel device that didn't have the hardware that trips SafteyNet.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone