[Tutorial] Unlock Bootloader, get root and valid Safetynet

Search This thread

valunthar

Member
Sep 12, 2012
16
2
Nope same steps, I'm using LOS 18.1 as well.

Install magisk 22.1, install safetynet fix from github link, enable magisk hide and inside disable google play services and other google services.
Currently you can't check safetynet inside magisk app, you get Safetynet API error. Just install another safetynet check app like safetynet test:

That was the missing piece, I was relying on Magisk's safetynet check rather than an alternative. Using the third party check passed. Thank you
 

XNine

Senior Member
Dec 28, 2010
638
277
Denver
HTC 10
OnePlus 6
Nope same steps, I'm using LOS 18.1 as well.

Install magisk 22.1, install safetynet fix from github link, enable magisk hide and inside disable google play services and other google services.
Currently you can't check safetynet inside magisk app, you get Safetynet API error. Just install another safetynet check app like safetynet test:
YOU BEAUTIFUL HUMAN BEING YOU!

I was smacking my head as I just got my P5 yesterday and rooted it. Couldn't figure out why banking apps were opening but safetynet failing in Magisk. I was coming here to see what the hell I did wrong and lo and behold, your answer was right! THANK YOU THANK YOU THANK YOU!
 

swayjd

Senior Member
Aug 10, 2011
271
39
Dublin
Currently passing SafetyNet but still can't use Google Pay.

I am able to add a Card (usually not possible with Root) but can't enable NFC - "Phone doesn't meet security requirements".

In the Play app, no problems with Play Protect and Play Protect certification shows Device is certified.

Any ideas?
 

jackowy

Member
Mar 6, 2021
35
3

lvbel248

Member
Apr 21, 2021
5
0

19/04/21:​

There is currently a problem with magisk checking safetynet. When you check safetynet in magisk, you get a safetynet API error. Either use an alternative Safetynet app e.g. Safetynet Test or install the magisk canary app. I heard it was fixed there, but don't know for sure.



I wrote this entire tutorial already in this Thread, but I think it should be separated, so everyone can find it easier:
https://forum.xda-developers.com/showpost.php?p=83736713&postcount=89

This Tutorial descripes 3 Points:
  • Unlock Bootloader - which is necessary for root
  • Get root via Magisk
  • Valid Safetynet

Enable Developer mode in settings
  1. Open Settings App
  2. Move to About The Phone
  3. 7 Taps on the Build-Number

Enable OEM-Unlock in settings
  1. Go back to Main Menu of Settings
  2. move to system
  3. Unfold Extended
  4. Open Developer options
  5. Enable OEM-Unlock

If you go further, you should either have a clean phone or backup your data. Because if you unlock the bootloader, the entire phone will be wiped.

Reboot Phone in Fastboot

  1. Turn off Phone with long press on Power Button and click turn off
  2. Press Power Button + Lower Volume together for some seconds and you are in fastboot mode

Use Fastboot to unlock Phone
If you don't have it download at first the needed adb and fastboot files for your system:
https://developer.android.com/studio/releases/platform-tools
Extract it to a path where you want it.

  1. Connect your P5 with your PC with an USB cable
  2. Open the path where you have extracted the adb tools.
  3. On Windows press Shift + Right click and in the context menu click on open commandline Window
  4. If you enter the following console command you should see an listed device about it's serial number:
    Code:
    fastboot devices
    If you get an empty result, you have to check if P5 is correct connected via usb and p5 is in fastboot mode (you see it onscreen)
    It could be that you have to install the usb drivers at first for recognizing it via fastboot.

If a Serial was listed in the Previous step, go further.

Enter the following command to start to unlocking your phone
Code:
fastboot flashing unlock

On your Phone you see a message to "not unlock your phone", with volume up you switch it to "unlock your phone". With the Power Button you accept it.
It will reboot now and at this moment it wipes the entire phone, so you start again from scratch to configure the p5.

if you have a Pixel 5 without the KDDI Version, you can use the following boot image, which is already a prepatched boot image including magisk 21 (Build 21005).
Download it at first:
http://www.mediafire.com/file/8ll4mlzt3l9njph/magisk_patched+Build+21005.img/file
KDDI variant: http://www.mediafire.com/file/widag4w5s02itq5/magisk_patched+KDDI.img/file

Copy the img-file to the path where you had extracted the adb files.

After you have configured your phone so you can use it, turn off p5 again and go again into fastboot mode.
Ensure your phone is connected via usb to the PC.

In the opened command line Window enter the following command:
Code:
fastboot flash boot "magisk_patched Build 21005.img"

For windows powershell Users check this out, if the above command failed:



After it finished you can reboot your phone into android system and you will see the magisk manager logo.

Open it and you should see magisk 21005 is installed, then you know root access is granted.

For Safetynet you have to do the following steps
  1. In Magisk Manager open settings gear.
  2. under Magisk enable MagiskHide
  3. Above MagiskHide is a menupoint called "Hide Magisk Manager", click on it, give the magisk manager a new name, click ok and wait until it's reopend.
  4. Go to main menu of the magisk manager. On bottom is a "shield icon" open it.
  5. Go to "MagiskHide"
  6. On Top is the item "Google Play Services" unfold it and set every hook on it.
  7. It's recommended to set the hook on every google Service you find.
  8. Go Back to main menu of magisk manager
  9. Download the latest universal safetynet fix for your P5:
    Then in magisk manager under modules click on the "Install from memory" button and then select the zip file you just downloaded and magisk manager will then install the module.
  10. After finished installation reboot your P5. (1)
After reboot check safetynet state in Magisk Manger, it should be OK.

Now you have a rooted phone and a valid safetynet.
Thanks for your tutorial but magisk manager i don't like it at all i keep getting errors
 

RBEmerson

Senior Member
Jul 15, 2012
601
61
SE PA
Magisk keeps nagging me to update it. Mostly to shut the thing up, can I do the update without breaking root and/or risk having to do a full-on reset?

Or... is there a way to do "go away and never come back"? Unless there's some voodoo spell that needs to be fixed, I'm at "if it ain't broke, don't fix it", Can't name when or if I've every so much as opened the app.

I guess somewhat related, it there a way to shut up the "oooohhhh - you're rooted!!!" message just before booting up from a cold start or restart? Not a high priority thing, just "yeah, yeah, yeah - I know that" annoyance.

FWIW my phone's been working like a charm. Happy happy joy joy!
 

GTDarthYoda

Senior Member
Jul 1, 2012
665
189
Did you try clearing the data for Google pay? I think I did that with mine and it worked.
Might have had to clear google services as well.
 

nostromo12

Senior Member
Sep 23, 2008
110
16
Grossenseebach
There is an ugly bootloader screen with annoying text that the bootloader is unlocked.
Has somebody a nice screen for the pixel 5 I could flash instead?
Which is the ADB command for flashing that screen?
Does it survive an security update?
 

fludi

Member
Mar 10, 2015
23
1
Hi there,

I rooted my Pixel using Raz0Rfails instructions, now I have a strange issue. My GPS ist completely off, the dot is on the equator and the zero meridian. has anyone else experienced this behaviour?

edit: OK, ist depends on which settings you are using in xprivacylua, if you select the whole Google Play Services the positioning ist included, if you uncheck it gets the position again.
 
Last edited:

Darren051

New member
Aug 28, 2008
4
0
There is no way to change this behavior. Live with it or lock the bootloader.
Is that device specific because someone made custom boot splash screens to cover up that bootloader message for the Moto G7 Power.

That is the first and only phone that I was able to root. Just curious on why or how someone was able to do that for a Moto but not a pixel.
 

impactor

Senior Member
Jan 6, 2011
899
136
Kraków
The first post is very confusing. Am I supposed to do all the listed things in reverse order:

19/04/21​

then

04/09/21​

then

04/09/21 v2​


or am I supposed to do only

04/09/21 v2​


or only

19/04/21​

+

04/09/21 v2

?????​

 
  • Like
Reactions: andybones

Raz0Rfail

Senior Member
Oct 24, 2013
225
114
For just valid safetynet you need only
04/09/21 v2
(on this date Google had changed some behaviors on the server side, which was the reason why safetynet stopped working if you don't use the latest fixes. And the older dates are the fixes for safetynet in the past.)

If you want to have an rooted phone you have to start at :
"I wrote this entire tutorial already in this Thread, but I think it should be separated, so everyone can find it easier:"

Then when you want to have valid safetynet just use the information on the latest Date.
 

Raz0Rfail

Senior Member
Oct 24, 2013
225
114
@Raz0Rfail if you can, please update the thread title and OP to reflect that this was written for Android 11, and that Android 12 requires a factory wipe and disabling boot verification to flash a patched boot image.
hmm I'm using Proton ROM for Android 12 and I had to reflash vbmeta partition to use magisk patched boot.img. Without flashed vbmeta partition I always got bootloop.

fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img

Don't know if it helps on A12 Original Rom.
 

V0latyle

Forum Moderator
Staff member
hmm I'm using Proton ROM for Android 12 and I had to reflash vbmeta partition to use magisk patched boot.img. Without flashed vbmeta partition I always got bootloop.

fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img

Don't know if it helps on A12 Original Rom.
Did you wipe data when you installed A12? That's the thing that seems to make the difference. Those that have taken the OTA or dirty flashed the system image get a corrupted data error if they try to reflash vbmeta. For some reason this worked fine on the 12 Beta. The only way that seems to work so far is to wipe data when installing 12, then reflash vbmeta with the disable flags, then flash a patched boot image.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 9

    04/09/21 v2​

    Just install this Module via magisk manager:
    which is mentioned by this thread:

    You need it + safetynetfix from kdrag0n then you have valid safetynet.

    04/09/21​

    For the last two days there has been an update on Google's site that causes Safetynet to fail on your phone. It didn't work on my phone and a colleague's phone, but it worked on another colleague's phone with no problems. So it may or may not fail on your end.

    If you have the problem with safetynet failing. First update magisk to v.23 and the manager to the latest version.

    Then we need lsposed with a separate module for lsposed. You can use edxposed, but for most users it laggs much more than lsposed.

    If you don't have lsposed. You need to install the following two Magisk modules in the order described.
    1. riru
    2. riru - LSposed

    Otherwise you will get an installation error because the core is missing.
    After the installation, restart the phone.

    Then the LSposed manager should be visible in your launcher. If not, download the full zip package from here:

    Extract the manager.apk from it and install it.

    Inside the manager, you should get a green message with "activated". If not, you have not installed the module.

    Inside the Lsposed manager, install the XprivacyLua module from the repo. The search function is located at the bottom.

    Go to Modules and click on XprivacyLua. And tick the two items for the recommended applications:
    System Framework
    settings storage

    Then click on the 3 dots at the top right.
    There, uncheck the item in "Hide -> System apps".
    Now you can search in the app list for
    Google play Services and set the hook.

    Then click on the gear icon on the top right and the app XprivacyLua will open.

    In it, search for Google play Services again and set the checkmark next to the gear icon so that each sub-checkmark is set.

    Now we need to hide the Magisk Manager. To do this, open the Magisk Manager.

    Click on the gear icon at the top right of the main menu. Then click on hide magisk manager. Enter the desired name and wait until the Magisk Manager opens again.

    If you have not installed the Safetynet fix from kdrag0n, you can download it here:

    Then install it from the "modules" menu in magisk manager using the "install module from storage" function.

    Once you have installed the Safetynet Fix module, restart the phone.

    Then open the Settings app and navigate to the Apps section. Then search for Google Play Services, open it and in the storage option, use the function to clear the cache memory.

    Now you can check Safetynet again in Magisk and it should be valid.


    19/04/21:​

    There is currently a problem with magisk checking safetynet. When you check safetynet in magisk, you get a safetynet API error. Either use an alternative Safetynet app e.g. Safetynet Test or install the magisk canary app. I heard it was fixed there, but don't know for sure.



    I wrote this entire tutorial already in this Thread, but I think it should be separated, so everyone can find it easier:
    https://forum.xda-developers.com/showpost.php?p=83736713&postcount=89

    This Tutorial descripes 3 Points:
    • Unlock Bootloader - which is necessary for root
    • Get root via Magisk
    • Valid Safetynet

    Enable Developer mode in settings
    1. Open Settings App
    2. Move to About The Phone
    3. 7 Taps on the Build-Number

    Enable OEM-Unlock in settings
    1. Go back to Main Menu of Settings
    2. move to system
    3. Unfold Extended
    4. Open Developer options
    5. Enable OEM-Unlock

    If you go further, you should either have a clean phone or backup your data. Because if you unlock the bootloader, the entire phone will be wiped.

    Reboot Phone in Fastboot

    1. Turn off Phone with long press on Power Button and click turn off
    2. Press Power Button + Lower Volume together for some seconds and you are in fastboot mode

    Use Fastboot to unlock Phone
    If you don't have it download at first the needed adb and fastboot files for your system:
    https://developer.android.com/studio/releases/platform-tools
    Extract it to a path where you want it.

    1. Connect your P5 with your PC with an USB cable
    2. Open the path where you have extracted the adb tools.
    3. On Windows press Shift + Right click and in the context menu click on open commandline Window
    4. If you enter the following console command you should see an listed device about it's serial number:
      Code:
      fastboot devices
      If you get an empty result, you have to check if P5 is correct connected via usb and p5 is in fastboot mode (you see it onscreen)
      It could be that you have to install the usb drivers at first for recognizing it via fastboot.

    If a Serial was listed in the Previous step, go further.

    Enter the following command to start to unlocking your phone
    Code:
    fastboot flashing unlock

    On your Phone you see a message to "not unlock your phone", with volume up you switch it to "unlock your phone". With the Power Button you accept it.
    It will reboot now and at this moment it wipes the entire phone, so you start again from scratch to configure the p5.

    if you have a Pixel 5 without the KDDI Version, you can use the following boot image, which is already a prepatched boot image including magisk 21 (Build 21005).
    Download it at first:
    http://www.mediafire.com/file/8ll4mlzt3l9njph/magisk_patched+Build+21005.img/file
    KDDI variant: http://www.mediafire.com/file/widag4w5s02itq5/magisk_patched+KDDI.img/file

    Copy the img-file to the path where you had extracted the adb files.

    After you have configured your phone so you can use it, turn off p5 again and go again into fastboot mode.
    Ensure your phone is connected via usb to the PC.

    In the opened command line Window enter the following command:
    Code:
    fastboot flash boot "magisk_patched Build 21005.img"

    For windows powershell Users check this out, if the above command failed:
    A suggestion, please add that those having issues with the flash command failing to WRITE can try putting ./ before the command and that should work.

    hm not working for me. P5 is unlocked.

    C:\>fastboot flash boot "magisk_patched Build 21005.img"
    target reported max download size of 268435456 bytes
    sending 'boot' (98304 KB)...
    OKAY [ 2.419s]
    writing 'boot'...
    FAILED (remote: Failed to write to partition Not Found)
    finished. total time: 2.500s

    Do:

    ./fastboot flash boot "magisk_patched Build 21005.img"


    After it finished you can reboot your phone into android system and you will see the magisk manager logo.

    Open it and you should see magisk 21005 is installed, then you know root access is granted.

    For Safetynet you have to do the following steps
    1. In Magisk Manager open settings gear.
    2. under Magisk enable MagiskHide
    3. Above MagiskHide is a menupoint called "Hide Magisk Manager", click on it, give the magisk manager a new name, click ok and wait until it's reopend.
    4. Go to main menu of the magisk manager. On bottom is a "shield icon" open it.
    5. Go to "MagiskHide"
    6. On Top is the item "Google Play Services" unfold it and set every hook on it.
    7. It's recommended to set the hook on every google Service you find.
    8. Go Back to main menu of magisk manager
    9. Download the latest universal safetynet fix for your P5:
      Then in magisk manager under modules click on the "Install from memory" button and then select the zip file you just downloaded and magisk manager will then install the module.
    10. After finished installation reboot your P5.
    After reboot check safetynet state in Magisk Manger, it should be OK.

    Now you have a rooted phone and a valid safetynet.
    2
    Hello all,

    Maybe this might sound obvious for many, but better safe than sorry, so here it goes:

    If if flash factory image (A12 public release) via fastboot, using the bat file in its original state, this is without removing the "-w", Ill be on A12 with wiped data. After this, is it safe to just patch and flash boot.img or is it also necessary to flash vbmeta with disabled flags?

    Thank you in advance.
    If you flash the factory image, it also flashes vbmeta. To avoid doing it twice, change the line in the batch file that reads

    fastboot -w update redfin-image.zip

    to

    fastboot --disable-verity --disable-verification -w update redfin-image.zip

    Then, when the update finishes, patch and flash the boot image.

    If you do not disable verity and verification before modifying the boot image, you will get stuck in bootloader with an error message:

    "unable to load/verify boot image"
    2
    For just valid safetynet you need only
    04/09/21 v2
    (on this date Google had changed some behaviors on the server side, which was the reason why safetynet stopped working if you don't use the latest fixes. And the older dates are the fixes for safetynet in the past.)

    If you want to have an rooted phone you have to start at :
    "I wrote this entire tutorial already in this Thread, but I think it should be separated, so everyone can find it easier:"

    Then when you want to have valid safetynet just use the information on the latest Date.
    1
    This post describes how to patch magisk to a new firmware as long as no twrp recovery is available:

    At first download the specific rom:
    https://developers.google.com/android/images

    You need only the "Link". Flash is only for flashing the rom over an chromium browser.

    After downloaded the zip file open it, and you find another zip file. This zip file has to be extracted.

    Into the extracted zip is the file boot.img, extract it.

    Copy the boot.img to your p5 by usb.

    Install the last magisk manager Canary version on your p5:
    https://github.com/topjohnwu/Magisk

    Open magisk manager. In main menu click on install. In the new menu click on "select a file and patch it". Search for the copied boot.img on your p5 and select it.
    Wait for flash completion. And check if it's successful.

    Copy the file /sdcard/download/magisk_patched.img to your pc in the adb files directory.
    If you on the step to flash the boot image, you have to use the new file name.
    1
    So, the data wipe issue has been partly figured out.

    /data must be clean when verity and verification are disabled, once they have been enabled. Unfortunately for those on Android 11, there simply is no way around this.

    The good news is that once disabled, a data wipe is not required so long as they are not enabled again. The bad news is, we cannot let any update process boot the device into system without making sure both are disabled.

    This means no more automatic updates.

    So, we have two (well, three) available options for monthly updates:

    1. Sideload the OTA, then immediately reboot into bootloader, and reflash vbmeta with verity and verification disabled.

    Or...

    2. Flash the factory zip, either via ADB or Android Flash Tool, with verity and verification disabled.