WARNING! IF YOU ARE UPDATING TO ANDROID 13 FOR THE FIRST TIME, READ THIS FIRST!
If you are looking for my guide on a different Pixel, find it here:
Pixel 3
Pixel 3XL
Pixel 3a
Pixel 3aXL
Pixel 4
Pixel 4XL
Pixel 4a
Pixel 4a (5G)
Pixel 5
Pixel 5a
Pixel 6
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Prerequisites:
Latest SDK Platform Tools - if Platform Tools is out of date, you WILL run into problems!
USB Debugging enabled
Google USB Driver installed
I recommend using Command Prompt for these instructions; some users have difficulty with PowerShell.
Make sure the Command Prompt is running from your Platform Tools directory!
Android Source - Setting up a device for development
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub
Spoiler: Unlock Bootloader
Follow these instructions to enable Developer Options and USB Debugging.
Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
Connect your device to your PC, and open a command window in your Platform Tools folder.
Ensure ADB sees your device:
Code:
adb devices
If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
If you see "unauthorized", you need to authorize the connection on your device.
If you see the device without "unauthorized", you're good to go.
Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
Code:
fastboot flashing unlock
Select Continue on the device screen.
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA:
Code:
adb reboot sideload
Once in recovery:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.
Spoiler: Update and Root using PixelFlasher <<RECOMMENDED FOR NOVICES>>
PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.
For instructions, downloads, and support, please refer to the PixelFlasher thread.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet/Play Integrity
SafetyNet has been deprecated for the new Play Integrity API. More information here.
In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.
However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.
Mod available here. Do not use MagiskHide Props Config with this mod.
This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
YASNAC - GitHub
To check Play Integrity status:
Play Integrity Checker - NOTE: MEETS_STRONG_INTEGRITY will ALWAYS fail on an unlocked bootloader.
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.
Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!
Thanks! Awesome write-up/explanation.
Now THIS is a useful thread! Thanks
I might try to root my P6P this week-end.
If I already took the OTA from Google, can I just go to #6? (there's no data on my phone yet, just BL unlocked)
"6. Reflash vbmeta to disable boot verification"
Is it necessary to flash modified boot to "slot all"? I never did this before without issues. I always just did flash boot modifiedboot.img
Ghisy said:
Now THIS is a useful thread! Thanks
I might try to root my P6P this week-end.
If I already took the OTA from Google, can I just go to #6? (there's no data on my phone yet, just BL unlocked)
"6. Reflash vbmeta to disable boot verification"
Click to expand...
Click to collapse
Yes. You're basically on a clean factory flash. It might still throw a "corrupted" error at you but a factory reset fixes it.
Cares said:
Is it necessary to flash modified boot to "slot all"? I never did this before without issues. I always just did flash boot modifiedboot.img
Click to expand...
Click to collapse
Not really; I prefer to do that after OTA because OTA is an out of band update that installs to the inactive slot. You don't really have to use the slot commands at all, but I've come into the habit of using them.
The steps for a rooted update via OTA worked perfectly for me! Thank you a tonne for the guide. I was thinking I would have to factory reset for every monthly update, glad we dodged that bullet!
Thanks again.
Is there any way to go back to DM Verity + AVB enabled without wiping after this?
Bandsalat said:
Is there any way to go back to DM Verity + AVB enabled without wiping after this?
Click to expand...
Click to collapse
See @V0latyle's more informed answer below.
Thank you for your time. This thread should be sticky
Bandsalat said:
Is there any way to go back to DM Verity + AVB enabled without wiping after this?
Click to expand...
Click to collapse
Yes - this is in fact the default state if the "disable" flags are not used. All you'd have to do is reflash vbmeta without any flags. Make sure you fully intend to do so, because 1. You won't be able to run a modified boot image, thereby preventing permanent root and 2. If you decided to disable vbmeta again, you would have to wipe data again.
@V0latyle, Is there any downside of using Factory Update vs OTA Sideload for monthly update? Since I will need to download the factory zip anyway for both methods, I would go with the factory update.
For the Android flash tool method, can't you just patch the boot image and add it to the flash tool and skip the reboot to then flash the patched boot?
Someone needs to make a batch file for the above.
xpdragon said:
@V0latyle, Is there any downside of using Factory Update vs OTA Sideload for monthly update? Since I will need to download the factory zip anyway for both methods, I would go with the factory update.
Click to expand...
Click to collapse
Nope, no downside that I'm aware of; many people used the factory images for updates on Android 11 and prior without any problems. Just make sure you flash it with --disable-verification --disable-verity
mkhcb said:
For the Android flash tool method, can't you just patch the boot image and add it to the flash tool and skip the reboot to then flash the patched boot?
Someone needs to make a batch file for the above.
Click to expand...
Click to collapse
I think you're confusing Android Flash Tool with something else. Take a look at the link - you connect your phone via USB and can install firmware direct from Google. There is no option to substitute your own files, which is a good thing.
As for adding the boot image to the flash process...I would avoid this, personally. You CAN edit the flash-all.bat to do this and some members here have. But, P6 and P6 Pro users have run into problems using a boot image they patched prior to updating, so here is my recommendation:
Flash the factory image with verity and verification disabled, and let the update complete including a boot to system. Once in system, you can then patch the boot image, reboot to bootloader, and flash it to /boot.
> Yes - this is in fact the default state if the "disable" flags are not used. All you'd have to do is reflash vbmeta without any flags. Make sure you fully intend to do so, because 1. You won't be able to run a modified boot image, thereby preventing permanent root and 2. If you decided to disable vbmeta again, you would have to wipe data again.
Tried that, but the P6 Pro fails to boot and just goes back to the bootloader after this.
Bandsalat said:
Tried that, but the P6 Pro fails to boot and just goes back to the bootloader after this.
Click to expand...
Click to collapse
Tried what, exactly? It's easier to help if you're more specific about what you did and what result you're getting. Is there a message at the bottom of the bootloader screen?
I have a dumb question:
There seem to be two different commands to disable flags:
fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
&
fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img
Are they equivalent i.e., does the order matter?
biTToe said:
I have a dumb question:
There seem to be two different commands to disable flags:
fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
&
fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img
Are they equivalent i.e., does the order matter?
Click to expand...
Click to collapse
No, the order doesn't matter; yes, they're equivalent.
roirraW edor ehT said:
No, the order doesn't matter; yes, they're equivalent.
Click to expand...
Click to collapse
The way I like to think of it is like this:
[Application: Fastboot/adb] [Command: What you want to do] [Destination: Where you want it to be done] [Modifiers: How you want it to be done] [Payload: What you want to be put there]
Those of us who grew up with DOS would probably do it like this:
Code:
fastboot flash vbmeta vbmeta.img --disable-verity --disable-verification
But I believe it could also be done like this:
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
V0latyle said:
Those of us who grew up with DOS would probably do it like this:
fastboot flash vbmeta vbmeta.img --disable-verity --disable-verification
Click to expand...
Click to collapse
I'm the old DOS guy. THIS makes sense
biTToe said:
I'm the old DOS guy. THIS makes sense
Click to expand...
Click to collapse
Right? Imagine feeling old because you were born prior to 1990
Related
Hello everyone,
So today is the day (at least for me) that I want to try applying the Jan OTA to my Pixel 2 XL. I am currently using Magisk and ElementalX kernel and was wondering if anyone has tried this yet (I know, the OTA just came out)?
If someone has an idea on the process to do this please let me know.
Thanks!
ilatimer1 said:
Hello everyone,
So today is the day (at least for me) that I want to try applying the Jan OTA to my Pixel 2 XL. I am currently using Magisk and ElementalX kernel and was wondering if anyone has tried this yet (I know, the OTA just came out)?
If someone has an idea on the process to do this please let me know.
Thanks!
Click to expand...
Click to collapse
Kernel, TWRP and Magisk get overwritten by the OTA. You need to reinstall.
Also I'd recommend to disable all Substratum themes before flashing - for me this led to a Bootpool...
ilatimer1 said:
Hello everyone, So today is the day (at least for me) that I want to try applying the Jan OTA to my Pixel 2 XL. I am currently using Magisk and ElementalX kernel and was wondering if anyone has tried this yet (I know, the OTA just came out)? If someone has an idea on the process to do this please let me know. Thanks!
Click to expand...
Click to collapse
I recommend using the full image (not OTA) downloaded from Google. Extract the files from the zip into your ADB folder, open up flash-all.bat with a text editor and remove the -w (wipe) switch from the script. Save. Then just execute that file from a fastboot prompt. You will not lose data or settings, but you will lose TWRP, kernel & Magisk. When the script finishes running, boot back into fastboot mode (bootloader) and from your PC, fastboot boot twrp. When it loads queue up (add zips) TWRP.zip, Kernel.zip, Magisk.zip and let her rip. Reboot to system and everything will be normal. Just make sure you have those three files (latest versions) on your phone AND the twrp.img on your PC so you can boot to it. Takes about 3 minutes if you have all the files in place before starting.
v12xke said:
I recommend using the full image (not OTA) downloaded from Google. Extract the files from the zip into your ADB folder, open up flash-all.bat with a text editor and remove the -w (wipe) switch from the script. Save. Then just execute that file from a fastboot prompt. You will not lose data or settings, but you will lose TWRP, kernel & Magisk. When the script finishes running, boot back into fastboot mode (bootloader) and from your PC, fastboot boot twrp. When it loads queue up (add zips) TWRP.zip, Kernel.zip, Magisk.zip and let her rip. Reboot to system and everything will be normal. Just make sure you have those three files (latest versions) on your phone AND the twrp.img on your PC so you can boot to it. Takes about 3 minutes if you have all the files in place before starting.
Click to expand...
Click to collapse
What's the difference between this step and sideloading the OTA?
Edit: nevermind. Realized you'd flash-all without the -w if you have TWRP.
peoplesindian said:
What's the difference between this step and sideloading the OTA?
Edit: nevermind. Realized you'd flash-all without the -w if you have TWRP.
Click to expand...
Click to collapse
Yes, OTA's fail to execute if you have modified the boot or system partition. An OTA is an incremental only update that selectively writes certain files and is (usually) much, much smaller. This is appropriate for a stock, unmodified device. Lots of people get tired of waiting for the OTA to come, and so they just update manually by sideloading the OTA through the stock recovery (over adb). Nothing wrong with that, and it this will sometimes bring a phone back from bootlooping or other serious problems like FC's and crashing.
A full image contains the full partition images and they are written to the device fully and unconditionally via fastboot. You can only flash a full image if your bootloader is unlocked. It essentially erases the partitions by overwriting the entire contents from beginning to end. Some would argue this more "complete" method is less likely to result in errors, or corrupt files. Removing the -w switch from the batch file script prevents the script from overwriting the userdata partition where all your media, user apps and settings are. Some call this "dirty" flashing.
v12xke said:
I recommend using the full image (not OTA) downloaded from Google. Extract the files from the zip into your ADB folder, open up flash-all.bat with a text editor and remove the -w (wipe) switch from the script. Save. Then just execute that file from a fastboot prompt. You will not lose data or settings, but you will lose TWRP, kernel & Magisk. When the script finishes running, boot back into fastboot mode (bootloader) and from your PC, fastboot boot twrp. When it loads queue up (add zips) TWRP.zip, Kernel.zip, Magisk.zip and let her rip. Reboot to system and everything will be normal. Just make sure you have those three files (latest versions) on your phone AND the twrp.img on your PC so you can boot to it. Takes about 3 minutes if you have all the files in place before starting.
Click to expand...
Click to collapse
did exactly this, and all is fine.
otonieru said:
did exactly this, and all is fine.
Click to expand...
Click to collapse
Same
trim81 said:
Same
Click to expand...
Click to collapse
Interesting that Google seems to claim that updating with the OTA should create less problems with this January update:
https://9to5google.com/2018/01/02/psa-google-pixel-2-users-lag-sideload-jan-sec-update-fix/
xclub_101 said:
Interesting that Google seems to claim that updating with the OTA should create less problems with this January update:
https://9to5google.com/2018/01/02/psa-google-pixel-2-users-lag-sideload-jan-sec-update-fix/
Click to expand...
Click to collapse
That article is quite dubious with no source about google confirming the issue :silly:
v12xke said:
Then just execute that file from a fastboot prompt.
Click to expand...
Click to collapse
REALLY dumb question, but how do you execute a .bat from fastboot? Or do you mean with the phone in bootloader/fastboot mode, run the modified .bat?
EDIT: Never mind... put the phone in Bootloader/fastboot mode. Ran the modified .BAT from command prompt within the Platform-tools folder.
I did it last night with no issues. The process is pretty simple.
1) adb reboot bootloader
2) fastboot flash boot /location/of/december/boot.img
3) fastboot flash dtbo /location/of/december/dtbo.img
4) reboot
5) allow the OTA to install
6) adb reboot bootloader
7) fastboot boot twrp
8) install TWRP then custom kernel then Magisk
7) reboot
v12xke said:
I recommend using the full image (not OTA) downloaded from Google. Extract the files from the zip into your ADB folder, open up flash-all.bat with a text editor and remove the -w (wipe) switch from the script. Save. Then just execute that file from a fastboot prompt. You will not lose data or settings, but you will lose TWRP, kernel & Magisk. When the script finishes running, boot back into fastboot mode (bootloader) and from your PC, fastboot boot twrp. When it loads queue up (add zips) TWRP.zip, Kernel.zip, Magisk.zip and let her rip. Reboot to system and everything will be normal. Just make sure you have those three files (latest versions) on your phone AND the twrp.img on your PC so you can boot to it. Takes about 3 minutes if you have all the files in place before starting.
Click to expand...
Click to collapse
I followed this and everything is installed perfectly with root.
Thank you ??
sn0warmy said:
I did it last night with no issues. The process is pretty simple.
1) adb reboot bootloader
2) fastboot flash boot /location/of/december/boot.img
3) fastboot flash dtbo /location/of/december/dtbo.img
4) reboot
5) allow the OTA to install
6) adb reboot bootloader
7) fastboot boot twrp
8) install TWRP then custom kernel then Magisk
7) reboot
Click to expand...
Click to collapse
Slow internet here, you mind uploading the boot and dtbo.img?
sn0warmy said:
I did it last night with no issues. The process is pretty simple.
1) adb reboot bootloader
2) fastboot flash boot /location/of/december/boot.img
3) fastboot flash dtbo /location/of/december/dtbo.img
4) reboot
5) allow the OTA to install
6) adb reboot bootloader
7) fastboot boot twrp
8) install TWRP then custom kernel then Magisk
7) reboot
Click to expand...
Click to collapse
I like this idea better than the flash all, but forgive me as I haven't flashed any Android 8.1 devices yet.
Is dtbo the new name for what used to be called system?
I saw a lot of outdated methods of rooting this phone that will cause a lot of bugs to the device, because of the outdate magisk_patched boot image
HERE'S AN UPDATED VERSION
REQUIREMENTS
Unlocked bootloader
Minimal ADB + Fastboot ( I use 1.4.3 PORTABLE) https://forum.xda-developers.com/showthread.php?t=2317790
Pack with required images, including the new magisk_patched.img (required_files.zip, at the bottom of the post)
INSTRUCTIONS
Extract both the minimal adb + fastboot and required_files.zip to a folder
Boot your device in fastboot mode (power if off, then press power button + volume down until you see a bunny working on a Android robot)
Connect the device to the PC via a USB cable (I suggest the one you use of the charger too)
Copy the images from required_files.zip to the folder where you extracted minimal adb + fastboot
Open a cmd/powershell window in minimal adb + fastboot folder (make sure once again that you copied the files from required_files here)
Type these commands:
fastboot devices
* Make sure that your phone it is recognized by the PC using this command
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
fastboot erase cache
fastboot flash boot magisk_patched.img
fastboot reboot
Click to expand...
Click to collapse
Enjoy! Your phone will reboot (it shouldn't take more than usual btw)
WARNING!
I'm not responsable for any damaaged device, you take the risk
What I basically did is gave you guys an updated magisk_patched image because the the one seen on the internet for now is an old one that caused several problems on some devices, if you're running any other version that the one in the title you should make your own magisk_patched image
Does this method erase user data and do a factory reset, as other guides say?
I know there is always a risk and it's important to make a backup, but my question is if everything goes as expected, is the phone data erased?
Other guides do the command "fastboot erase userdata" before "fastboot erase cache".
alpersoft said:
Does this method erase user data and do a factory reset, as other guides say?
I know there is always a risk and it's important to make a backup, but my question is if everything goes as expected, is the phone data erased?
Other guides do the command "fastboot erase userdata" before "fastboot erase cache".
Click to expand...
Click to collapse
I removed the erase data line cuz I didn't saw why it would be required since it was working great without it
@Bogdi_P
Can you please share how you did modifications?
I am on MIUI Global 12.0.2 Stable 12.0.2.0(QJOINXM) which is an Indian ROM. Model is M2003J15SI.
I downloaded my firmware zip from Updater -> Download latest package.
I can take boot.img, vbmeta.img from it.
After I can patch the boot.img with Magisk.
But what I have to do with vbmeta.img?
HemanthJabalpuri said:
@Bogdi_P
Can you please share how you did modifications?
I am on MIUI Global 12.0.2 Stable 12.0.2.0(QJOINXM) which is an Indian ROM. Model is M2003J15SI.
I downloaded my firmware zip from Updater -> Download latest package.
I can take boot.img, vbmeta.img from it.
After I can patch the boot.img with Magisk.
But what I have to do with vbmeta.img?
Click to expand...
Click to collapse
You can manually patch vbmeta file using an Hex Editor or you can download any already patched vbmeta file for any MIUI version for this device and flash it.
Successfully rooted + edXposed on STOCK rom and GSI roms.
Patched my own boot image (magisk_patched.img) with magisk manager.
To make Netflix & some other apps work, get the liboemcrypto disabler module in Magisk Manager
Also, to pass SafetyNet:
- Enable Magisk Hide
- Install and activate the Riru - Core and Riru - EdXposed (YAHFA or SANDHOOK, both work) modules in magisk manager
- Get EdXposed manager
- Get the HiddenCore Module and activate it
- In EdXposed Manager: Compat List, and tick HiddenCore Module
To avoid issues (Chrome crashes, potential SIM issues, etc..) with HiddenCore:
- In EdXposed Manager, go to Settings > Framework > Enable "App List mode"
- Still in EdXposed Manager, go to Applications(Black List) and tick: Android Services Library, Chrome, Google Play services, Play Store, Google Services Framework
- Reboot and enjoy, you're all set and SafetyNet should pass just fine, and you can do whatever you want.
i have question: vbmeta.img above can be used for all versions of miui or only ver 12.0.2
i am using ver 12.0.3 eea
Pls help not working 12.0.3
tanks
I have patched the image with magisk manager
ma259 said:
You can manually patch vbmeta file using an Hex Editor or you can download any already patched vbmeta file for any MIUI version for this device and flash it.
Click to expand...
Click to collapse
can i download your vbmeta and work for 12.0.4? maybe? yes? no?
New member here! Will this work also on miui 12.0.5 global?
I have not installed root and the phone is not restored
What is working for MERLIN ?
Take a look: https://forum.xda-developers.com/t/...aomi-redmi-note-9-xiaomi-redmi-10x-4g.4204873
V11.0.5.0:
MAGISK: Working.
MAGISK MANAGER: Working.
TWRP: Working.
RIRU-CORE: Working.
RIRU-EDXPOSED: Working.
EDXPOSED-MANAGER: Working.
XPRIVACYLUA: Working.
MINMINGUARD: Not tested yet.
TITANIUMBACKUP: Not tested yet.
Hi,
I was in 12.0.2 following your method :
fastboot devices
* Make sure that your phone it is recognized by the PC using this command
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
fastboot erase cache
fastboot flash boot magisk_patched.img
fastboot reboot
my phone can only boot in fastboot no longer in system.
I am able to go to stock recovery using power + up but I would like to avoid to reset my phone.
Please help what's wrong, can someone help ?
accnetdev said:
Hi,
I was in 12.0.2 following your method :
fastboot devices
* Make sure that your phone it is recognized by the PC using this command
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
fastboot erase cache
fastboot flash boot magisk_patched.img
fastboot reboot
my phone can only boot in fastboot no longer in system.
I am able to go to stock recovery using power + up but I would like to avoid to reset my phone.
Please help what's wrong, can someone help ?
Click to expand...
Click to collapse
same here
For those who can't root via TWRP or somehow lost root while updating (like I did), I have a patched boot image to aid others in this endeavor. This is a boot.img from a T-Mobile 7T which I had converted to the Global ROM, extracted and patched by Magisk after applying the latest update (10.0.13.HD65AA). Fully tested and working!
Instructions:
Unzip and place it in a convenient folder (ie, C:/adb/ or whatever's easy to remember.
Open a cmd prompt and navigate to your fastboot/adb folder.
Then run the command
Code:
fastboot boot boot.img
Your phone will be "temp-rooted" once it boots. If you haven't already, install Magisk Manager, then flash Magisk itself (ALWAYS do direct install!).
Don't install any modules yet. Just reboot when prompted after the Magisk flashing process is done.
Profit!
Download from Google Drive
[I dunno where else to upload this that XDA would consider "safe," so GDrive it is, I suppose.]
Spoiler: Process for manually patching the boot.img without TWRP:
Requirements: Stock device with unlocked bootloader only (no other mods), most recent OTA update applied and system rebooted. Fastboot and ADB Windows executables.
1) Enable advanced reboot and usb debugging in developer options.
2) Reboot to bootloader.
Code:
adb reboot bootloader
3) Boot to twrp
Code:
fastboot boot twrp.img
(or whatever you named it).
4) Once booted, enter:
Code:
adb shell
dd if=/dev/block/bootdevice/by-name/boot of=/tmp/boot.img
exit
5.5) Copy file to the PC:
Code:
adb pull /tmp/boot.img stock_boot.img
6) Reboot phone back to Android.
6.5) Copy boot.img back to phone:
Code:
adb push stock_boot.img /sdcard/boot.img
7) Make sure you have a data connection.
8) Install Magisk Manager.
9) Select option to install Magisk (not the Magisk App). Choose "Select and Patch a File."
10) Point to the boot.img.
11) It will do its thing then come back with a done message. File /sdcard/download/magisk_patched.img will be created.
12) Copy this file to your PC, either using MTP or ADB.
Code:
adb pull /sdcard/download/magisk_patched.img
13) Reboot the phone into bootloader mode again.
Code:
adb reboot bootloader
14) Boot the patched boot from step 12:
Code:
fastboot boot magisk_patched.img
15) Launch Magisk Manager again. You should see the current version available and the installed version below that now. If all is good, choose to install/update Magisk, then "Direct install" and reboot when finished.
I guess you posted it in wrong section as mentioned the file is for Oneplus 7t ?
>Akshay< said:
I guess you posted it in wrong section as mentioned the file is for Oneplus 7t ?
Click to expand...
Click to collapse
OH! You're right. I goofed. I'll ask a mod to move it.
This will delete all the data from the phone + bootloader needs to be unlocked?
Brontok said:
This will delete all the data from the phone + bootloader needs to be unlocked?
Click to expand...
Click to collapse
Flashing this doesn't erase your data, unlocking the bootloader does, though (and is necessary to flash this).
GuyInDogSuit said:
Flashing this doesn't erase your data, unlocking the bootloader does, though (and is necessary to flash this).
Click to expand...
Click to collapse
never mind!
someone already did!
https://forum.xda-developers.com/showpost.php?p=83780229&postcount=12
thanks anyway!
Will this work for 10.0.13 tmobile ? Thanks
gershee said:
Will this work for 10.0.13 tmobile ? Thanks
Click to expand...
Click to collapse
You might be better off pulling the boot.img yourself and patching it. I can't guarantee that this will even work on the T-Mobile version. But if you want to test it, just boot the img and root from Magisk once it loads. If it bootloops, well, then we know.
EDIT: Updated OP with instructions on how to patch the boot.img.
GuyInDogSuit said:
You might be better off pulling the boot.img yourself and patching it. I can't guarantee that this will even work on the T-Mobile version. But if you want to test it, just boot the img and root from Magisk once it loads. If it bootloops, well, then we know.
EDIT: Updated OP with instructions on how to patch the boot.img.
Click to expand...
Click to collapse
Thanks!
Worked like a charm.
Recently I came across a string "pub/ASUS/LiveUpdate/Debug/ZenPad/ASUS_P00J.idx" when searching inside v3.7.4 aboot binary (emmc_appsboot.signed.mbn) in an attempt to find root method for this aging but still capable 8" 2048x1536 Android 7 tablet.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Out of curiosity I put it after Asus download server https://dlcdnet.asus.com to build a download URL (The domain dlcdnlpdv.asus.com shown above no longer exists), and inside downloaded ASUS_P00J.idx there are 3 firmware packages listed: v3.7.3, v3.7.4, and unknown to virtually all Z8s owners, a v5.1.5 firmware.
- The "Release" ASUS_P00J.idx file has fewer firmwares in it (only v3.7.3).
It came as a surprise as the version 5 indicates something big. I combined it with dlcdnet.asus.com into download URL (https://dlcdnet.asus.com/pub/ASUS/EeePAD/Zenpad/ZT582KL/VZW_ZT582KL_V515_all_user.zip), extracted .raw firmware file, unpacked it with https://github.com/Yoti/unraw and the extracted build.prop in system.img proves it is indeed Android 8.0.0, the lost Oreo build of Z8s released in May 2018 but for unknown reason, never pushed by Verizon as OTA update.
I successfully flashed the .raw firmware to my Z8s tablet with Asus Flash Tool v1.0.0.45 under fastboot mode (adb reboot bootloader, or volume down + power buttons when turned off). Theoretically it can also flash by simply copying downloaded .zip file to root of internal storage (/sdcard folder). Now it brings native split-window and 8.0+ app support to our forgotten gem Z8s!
Potentially to root and unlock bootloader:
The new Oreo aboot no longer verifies integrity of boot.img and recovery.img. Flashing to Z8s is already possible with an extra command in fastboot mode:
fastboot getvar sofia_support
fastboot flash boot <path-to-boot.img>
# or: fastboot flash recovery <path-to-recovery.img>
Click to expand...
Click to collapse
With Nougat bootloader, you have to flash the officially signed image from extracted .raw firmware or it will refuse to boot ("Start Up Failed").
Now with Oreo it lets you to boot even with a modified boot.img, displaying a "Your device has loaded a different operating system" screen but allows continuing to boot into OS.
- After that I made it past Verizon splash screen, got "To start Android, enter your password" message and cannot enter OS with a Magisk-patched boot.img flashed.
- Going back by flashing stock boot.img returned it to normal with no data loss.
- UNTESTED: a factory reset (after logging out all Google accounts) can potentially remove the encryption and grant root access.
"fastbook oem unlock" is also possible with new bootloader, but there's no OEM Unlock option available inside Settings -> Developer options.
- UNTESTED: with root you can flip several bits in devinfo partition to achieve direct bootloader unlock (see https://forum.xda-developers.com/t/...vices-devinfo-partition-modification.4100897/, unfortunately there's no firehose / ZT582KL_EMERGENCY_DLOAD.zip publicly shared yet)
- Also UNTESTED and requires root: or toggle the value of sys.oem_unlock_allowed from 0 to 1 (stored in last byte of config partition), which then allows fastboot oem unlock command inside fastboot mode.
Enjoy!
Hello, this is great news! I have a couple of these Z8s devices laying around.
I am curious about how you pulled this off.
I downloaded the zip file, extracted it and opened the flash tool updater.
The 1.0.0.45 asus flash updater tool does not list the ZT582KL device.
I found a newer version of this tool but it does not start (failed to download version control file via ftp).
I can not find a way to bypass this version check.
I tried to install the update as a zip file on an sd card by using android recovery mode. Unfortunately I got an error saying:
can't open /tmp/update-script.log
So I think it has to be updated in fastboot mode. If you could show the steps you performed, I would be most grateful.
Thanks in advance and kind regards!
edzehummel said:
Hello, this is great news! I have a couple of these Z8s devices laying around.
I am curious about how you pulled this off.
I downloaded the zip file, extracted it and opened the flash tool updater.
The 1.0.0.45 asus flash updater tool does not list the ZT582KL device.
I found a newer version of this tool but it does not start (failed to download version control file via ftp).
I can not find a way to bypass this version check.
I tried to install the update as a zip file on an sd card by using android recovery mode. Unfortunately I got an error saying:
can't open /tmp/update-script.log
So I think it has to be updated in fastboot mode. If you could show the steps you performed, I would be most grateful.
Thanks in advance and kind regards!
Click to expand...
Click to collapse
I flashed the zip file under fastboot and the latest Asus Flash Tool version 2.x never worked for me, only 1.0.0.45 could process the firmware .zip file successfully.
Attached is a patched version of ASUS Flash Tool 1.0.0.45 binary, replacing all reference of ZT581KL with ZT582KL (they have the same SoC, I tried with this patch and it worked).
1. Install ASUS Flash Tool 1.0.0.45 (I got it from https://www.gsmofficial.com/asus-zenfone-flash-tool-v1-0-0-45/)
2. Extract the attached AsusFlashTool_ZT582KL.exe into "C:\Program Files (x86)\ASUS\ASUS Flash Tool" folder
3. Run AsusFlashTool_ZT582KL.exe
4. Select device model ZT582KL
5. Select ZT582KL_all_VZW_user_V5.1.5.zip (or .raw) by clicking on the box icon
6. Connect the tablet in fastboot mode (adb reboot bootloader, or volume down + power buttons when turned off)
7. Click on Start button (wipe data is not required) and wait for flash to complete
satelliteseeker said:
I flashed the zip file under fastboot and the latest Asus Flash Tool version 2.x never worked for me, only 1.0.0.45 could process the firmware .zip file successfully.
Attached is a patched version of ASUS Flash Tool 1.0.0.45 binary, replacing all reference of ZT581KL with ZT582KL (they have the same SoC, I tried with this patch and it worked).
1. Install ASUS Flash Tool 1.0.0.45 (I got it from https://www.gsmofficial.com/asus-zenfone-flash-tool-v1-0-0-45/)
2. Extract the attached AsusFlashTool_ZT582KL.exe into "C:\Program Files (x86)\ASUS\ASUS Flash Tool" folder
3. Run AsusFlashTool_ZT582KL.exe
4. Select device model ZT582KL
5. Select ZT582KL_all_VZW_user_V5.1.5.zip (or .raw) by clicking on the box icon
6. Connect the tablet in fastboot mode (adb reboot bootloader, or volume down + power buttons when turned off)
7. Click on Start button (wipe data is not required) and wait for flash to complete
Click to expand...
Click to collapse
Hello satelliteseeker,
Thank you for your effort, detailed and clear description and the shared asustool files. I performed the steps and it worked flawlesslly. I have successfully updated my Asus Zenpad Z8s to Android 8.0 and it works perfectly!!
I am very happy with it!! Thanks again and kind regards!
Edze.
I just achieved root doing nothing more than following your clearly defined advice above
1. applied the oreo update with your modded AFT
2. extracted boot.img from the oreo update .zip
3. patched boot.img with the newest magisk (25.1)
4. flashed patched boot.img using fastboot
5. factory reset
6. ¿???
7. profit
Hope this helps.
Much thanks to you brother for all your work at getting this device a working root. Finding this lost/unreleased update for our device was nothing short of an act of genius
Sneaky.Ninja said:
I just achieved root doing nothing more than following your clearly defined advice above
1. applied the oreo update with your modded AFT
2. extracted boot.img from the oreo update .zip
3. patched boot.img with the newest magisk (25.1)
View attachment 5642587
4. flashed patched boot.img using fastboot
5. factory reset
6. ¿???
View attachment 5642583
7. profit
View attachment 5642585
Hope this helps.
Much thanks to you brother for all your work at getting this device a working root. Finding this lost/unreleased update for our device was nothing short of an act of genius
Click to expand...
Click to collapse
Hi @Sneaky.Ninja ,
Weird, I couldn't get pass step #6 and it is prompting me for decryption password like what satelliteseeker mentioned. Do you know if I have missed any steps in between?
I'm going to try to be thurough but to be honest I'm kind of scratching my head coming up with a list of possible actions that we could of performed different. So my apologies if some of these suggestions are obviously pointless or need to be performed in any combination/order other than what's implied below but these are all things I had done
-------------------------------------------------------------------
* Did you go through the device's initial set-up/ log into a google account/ update all apps while still on V3.7.4 (nougat) before updating to V5.1.5 (oreo)
* Did you use the latest version of Magisk Manager (25.1)
* When patching boot.img did you select all three options
Preserve AVB/dm-verity
Preserve forced encryption
Patch vb meta in boot image
* Factory reset after receiving the 'type password to decrypt storage' prompt at boot
* Boot into recovery (adb reboot recovery / fastboot reboot-recovery) and wipe cache partition
* From the fastboot menu select USB debug mode (Enables USB debugging/ADB)
********CAUTION*********
Proceed with caution. I've soft bricked this device in the past using one or more of these commands
**************************
You could try messing around with these fastboot oem commands that I found in the update.raw binary. I included the whole list but seperated what I feel could make any difference
Some commands don't seem to work and others need you to enter a variable such as 1 or 0 (on/off).
oem verity
oem adb_enable
oem CTS_Auto
oem ffu_unlock
oem reset_root
**************************
oem device-info
oem frp_status
oem enter_method
oem get_baseband
oem get_build_version
oem get_device_model
oem get_device_name
oem get_debug_idx
oem get_debug_status
oem get_IMEI
oem get_model
oem get_release_idx
oem get_release_status
oem get_sua_server
oem enable-charger-screen
oem disable-charger-screen
oem off-mode-charge
oem select-display-panel
oem EnterShippingMode
oem reboot
oem reboot-recovery
oem reboot-bootloader
oem lock
oem unlock
oem unlock-go
oem flashing lock
oem flashing unlock
oem flashing lock_critical
oem flashing unlock_critical
oem flashing get_unlock_ability
oem emmc_info
oem emmc_show_partitions
oem emmc_read_modemst
oem emmc_read_partition
oem emmc_read_userdata
oem resize_partition_table
oem hash
oem preflash
oem continue
oem flash_all_start
oem flash_all_end
Keep the thread updated on any progress or lack of.
Sneaky.Ninja said:
I'm going to try to be thurough but to be honest I'm kind of scratching my head coming up with a list of possible actions that we could of performed different. So my apologies if some of these suggestions are obviously pointless or need to be performed in any combination/order other than what's implied below but these are all things I had done
-------------------------------------------------------------------
* Did you go through the device's initial set-up/ log into a google account/ update all apps while still on V3.7.4 (nougat) before updating to V5.1.5 (oreo)
* Did you use the latest version of Magisk Manager (25.1)
* When patching boot.img did you select all three options
Preserve AVB/dm-verity
Preserve forced encryption
Patch vb meta in boot image
* Factory reset after receiving the 'type password to decrypt storage' prompt at boot
* Boot into recovery (adb reboot recovery / fastboot reboot-recovery) and wipe cache partition
* From the fastboot menu select USB debug mode (Enables USB debugging/ADB)
********CAUTION*********
Proceed with caution. I've soft bricked this device in the past using one or more of these commands
**************************
You could try messing around with these fastboot oem commands that I found in the update.raw binary. I included the whole list but seperated what I feel could make any difference
Some commands don't seem to work and others need you to enter a variable such as 1 or 0 (on/off).
oem verity
oem adb_enable
oem CTS_Auto
oem ffu_unlock
oem reset_root
**************************
oem device-info
oem frp_status
oem enter_method
oem get_baseband
oem get_build_version
oem get_device_model
oem get_device_name
oem get_debug_idx
oem get_debug_status
oem get_IMEI
oem get_model
oem get_release_idx
oem get_release_status
oem get_sua_server
oem enable-charger-screen
oem disable-charger-screen
oem off-mode-charge
oem select-display-panel
oem EnterShippingMode
oem reboot
oem reboot-recovery
oem reboot-bootloader
oem lock
oem unlock
oem unlock-go
oem flashing lock
oem flashing unlock
oem flashing lock_critical
oem flashing unlock_critical
oem flashing get_unlock_ability
oem emmc_info
oem emmc_show_partitions
oem emmc_read_modemst
oem emmc_read_partition
oem emmc_read_userdata
oem resize_partition_table
oem hash
oem preflash
oem continue
oem flash_all_start
oem flash_all_end
Keep the thread updated on any progress or lack of.
Click to expand...
Click to collapse
Hi @Sneaky.Ninja,
Thanks for the guide, actually I have managed to root it by myself.
I noticed that on every new reboot upon factory reset, the tablet will first attempt to erase the device followed by encrypting it. If you proceed with flashing the patched boot.img AFTER the encryption, you will most likely hit the 'type password to decrypt storage' prompt. Thus, my speculation is that the encryption seems to be tied with which boot.img you were having at that time.
So, I then tried reflashing the original boot.img, getting back into the Setting UI once again and factory reset it, except for I was holding the Volume down button this time and it gets me straight into fastboot mode again. Then I flashed the patched boot.img once again, and viola... everything was working as expected (erasing, encrypting and booting into the device initial setup menu) with ROOT!
@satelliteseeker ,
With root, I then tried to play around with the config partition like you mentioned, flipping the last 00 to 01.
- Also UNTESTED and requires root: or toggle the value of sys.oem_unlock_allowed from 0 to 1 (stored in last byte of config partition), which then allows fastboot oem unlock command inside fastboot mode.
However, it seems like I'm still unable to proceed with fastboot oem unlock.. Actually, come to think about it, what's the point even if you have unlocked the bootloader but there are no custom roms for it.
s03191 said:
@satelliteseeker ,
With root, I then tried to play around with the config partition like you mentioned, flipping the last 00 to 01.
- Also UNTESTED and requires root: or toggle the value of sys.oem_unlock_allowed from 0 to 1 (stored in last byte of config partition), which then allows fastboot oem unlock command inside fastboot mode.
However, it seems like I'm still unable to proceed with fastboot oem unlock.. Actually, come to think about it, what's the point even if you have unlocked the bootloader but there are no custom roms for it.
Click to expand...
Click to collapse
Asus might have a different strategy to handle bootloader unlock (maybe it has to be devinfo partition?)
With a preceding command fastboot getvar sofia_support (more details in https://forum.xda-developers.com/t/...-z10-zt500kl-and-zenpad-3s-10-z500kl.4067617/), it's already possible to flash any firmware to boot / recovery / system partitions, so it's not required to achieve a full unlock to tinker with system, especially with root.
Again without debrick tools any such hack has a chance to brick the device. If it fails to enter fastboot, there's minimal chance for a recovery.
I am a Linux user and want to install this on my ZS8. I fired up a windows computer, downloaded the AFT above, unzipped it, and tried to run it, but it complains "The code execution cannot proceed because mfc110u.dll was not found. Reinstalling the program might fix this problem." I then read online that this is a Microsoft library, and installing their development tools might fix it, and some other things, but nothing is working. Any suggestions?
Just successfully upgraded my z8s to 8.0, Thank you so much for your information and tutorial. Really appreciate it.
After upgrading to 8.0, I tried to make a custom TWRP recovery migrated from Zenfone 3 ultra, which uses the same CPU model to Z8s, and successfully fastboot flashed it according to OP's guide. It initially worked well right after the flash, but after a reboot, the system wouldn't boot to the system but stopped at 'Your device is corrupt' as you can see from the pics below.
It seems like I could continue to boot by pressing the volume up button, but unfortunately, the volume up button has just been broken during my disassembly previously... So I'm wondering if anyone knows that everything will be fine as long as the volume up button is pressed, or if there is something wrong that needs to be fixed in the bootloader/recovery?
Thank you in advance.
Note: I managed to flash back the official boot.img and recovery.img, but the system still won't boot up. Also used Asus Flashtool and flashed the official .raw back but had no luck.
First off, I was able to get 8.0 install, amazing job!
When I run through the standard magisk steps though I'm clearly missing something. I'm pulling the boot.img file from the Zip->Raw file to feed to magisk and it's complaining with Unsupported\unknown image format. I use this method for other devices, so I'm generally used to how this should go. Did I miss something on how I should be sourcing the boot.img file.
satelliteseeker said:
I flashed the zip file under fastboot and the latest Asus Flash Tool version 2.x never worked for me, only 1.0.0.45 could process the firmware .zip file successfully.
Attached is a patched version of ASUS Flash Tool 1.0.0.45 binary, replacing all reference of ZT581KL with ZT582KL (they have the same SoC, I tried with this patch and it worked).
1. Install ASUS Flash Tool 1.0.0.45 (I got it from https://www.gsmofficial.com/asus-zenfone-flash-tool-v1-0-0-45/)
2. Extract the attached AsusFlashTool_ZT582KL.exe into "C:\Program Files (x86)\ASUS\ASUS Flash Tool" folder
3. Run AsusFlashTool_ZT582KL.exe
4. Select device model ZT582KL
5. Select ZT582KL_all_VZW_user_V5.1.5.zip (or .raw) by clicking on the box icon
6. Connect the tablet in fastboot mode (adb reboot bootloader, or volume down + power buttons when turned off)
7. Click on Start button (wipe data is not required) and wait for flash to complete
Click to expand...
Click to collapse
Thanks a bunch. This process worked for me. [edit: not so much, see next post] Couple points to add...
First, I did have issues getting communication to work reliably until I updated the driver in Windows Update. Other than that, the steps above worked as advertised (thanks!).
Second, for whatever reason when you flash to Oreo the z8s is no longer Play Protect certified. Because of that, I am (so far) unable to download the Netflix app from Playstore. I did go to my original z8s and verify it WAS Play Protect certified. Maybe not a huge deal. I can still watch Netflix through the web.
Lastly, my motivation wasn't to get to Oreo necessarily. My issue was battery drain due to Android OS and System running all the time. This happened on my 'backup' preowned z8s that I just got out of the box. Google searches pointed toward 'clear system cache' from bootloader to solve this. I couldn't make that happen with z8s. My understanding is it's locked. Soooo... I hoped that flashing to Oreo would also clear the system cache. It did (yay!). Battery usage is back to normal. Note that I did check the box to erase data in the Asus flash tool.
thanks again!
Update. It seems this was not so successful. To be clear, I do have Oreo running. However, I have a few issues now that make the tablet much less useful:
- Can't load Netflix app. Can't watch through Chrome either.
- Spectrum TV app no longer works.
- Battery drain issue is back.
Oh well. Time to move on I guess. My time is worth something, so maybe I'll pony up and buy something else.
tblount70 said:
Update. It seems this was not so successful. To be clear, I do have Oreo running. However, I have a few issues now that make the tablet much less useful:
- Can't load Netflix app. Can't watch through Chrome either.
- Spectrum TV app no longer works.
- Battery drain issue is back.
Oh well. Time to move on I guess. My time is worth something, so maybe I'll pony up and buy something else.
Click to expand...
Click to collapse
Weird about the play protected issue. mine didn't run into that, but you could probably download the Netflix APK directly from one of the various APK mirror sites, I'v done this with various Android devices over the years.
If i have bricked it with update Magisk and direct install kernel how to repair? Only edl mode with Qualcomm HS-USB Diagnostics 900E ?
Thank you Sneaky.Ninja
I have updated the p00j tablet
but how
Extract from raw file
correct boot.img
(ZT582KL_all_VZW_user_V5.1.5 extracted 39.boot.img is not the correct file)
Could this be used to potentially port to the zen pad z10? I just got one for free I’d love to have a custom OS on this Bad boy! Lol my buddy has six in a stack he got from a school they are workable but it would be nice to make them up to date ect. What an awesome find!! I was thinking about taking the url you had and using the 500kl sku would that work do you think to see if there’s maybe a hidden Oreo for us?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sources used: link
1. First unlock your bootloader. This thread does not cover this. I suggest you do not try to tamper with the 1week~ time gate you will encounter else it may get longer should you fail.
2. Enable Developer mode and adb from Developer settings again.
3 Download the appropriate Fastboot files for your device . See the About section in your phone's settings to know what you are currently running.
4. Download latest Magisk-vXX.Y.apk and install it on your device. Magisk developer only provides files from Github, do not download it from anywhere else.
5. Extract(Install 7-zip if needed) the fastboot .tgz archive and copy the boot.img from it to your phone's sdcard through adb (or other means):
Code:
adb push psyche_eea_global_images_V13.0.3.0.SLDEUXM/images/boot.img /sdcard/
6. Open up Magisk on your phone, press Install and use the patch option to navigate to the boot.img you just copied. Select that, next next next.
7. Read the output to see where the patched boot.img got saved. Pull that.
Code:
adb pull /sdcard/Download/magisk_patched-24300_D2K9V.img
8. Reboot phone to fastboot.
Code:
adb reboot fastboot
9. Flash the modified boot image
Code:
fastboot flash boot recoveryxy.img
10. Flash dtbo (found inside rom zip)
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
10. Say your prayers and reboot, your device should now have functional root with Magisk
Code:
fastboot reboot
This did not work for me. Seemingly flashed okay, but phone is now bootlooping.
weggy101 said:
This did not work for me. Seemingly flashed okay, but phone is now bootlooping.
Click to expand...
Click to collapse
im sorry forgot step 10. flash vbmeta image. updated guide.
nofx161 said:
im sorry forgot step 10. flash vbmeta image. updated guide.
Click to expand...
Click to collapse
Still gets stuck in a bootloop. Just for fun I downloaded the tgz archive from another source, same situation.
If anyone else gets stuck, here's how to get out of it:
1) Reboot into RECOVERY mode. Select the option for help. It should show a picture of the phone and a USB cable.
2) Follow the onscreen URL for the MiPhoneAssistant Tool
3) I was not able to download via the tool, so I loaded the image in manually with the 2nd option. For my Chinese phone, it was a ~380 MB ZIP file called V13.0.5.0.SLDCNXM, downloaded from:
https://hugeota.d.miui.com/V13.0.5.0.SLDCNXM/miui-blockota-psyche-V13.0.4.0.SLDCNXM-V13.0.5.0.SLDCNXM-ffe7c45215-12.0.zip
4) After finishing, it just boots up to a black screen. Reboot into FASTBOOT mode.
5) From here you can reflash your ROM and be back in business.
I think it worked here, I patched the boot.img from the EEA ROM I'm running (V13.0.3.0.SLDEUXM_20220528.0000.00_12.0_eea) and the Magisk App says it's installed. The only problem is that I'm not able to edit files and/or paste new ones in the root/system folder.
I'm trying to edit build.prop but it says there's not enough space to complete the operation (using SolidExplorer), I tried to disable my nav buttons with FNG too, but that also won't work.
hey you can use my boot image which is rooted with magisk 25.0
magisk_patched-25000_WA0wW.img
drive.google.com
also the original boot if you messed up
boot.img
drive.google.com
Did anyone solved CTS profile ?
Completed successfully. The steps were really straightforward and easy to execute. The only question I had was about flashing the second slot. These instructions contain the command to flash the active slot only, but the 12x has a and b. I went ahead and flashed the second slot anyway even though it's inactive right now. Also, as was noted in the 12 thread, I was confused why Power-Vol Down boots to "fastboot" while adb reboot fastboot boots to "fastbootd". I don't know, just went with fastbootd and all was fine. Thank you @nofx161 for the instructions.
I haven't really done any testing yet but will report back if I find anything interesting.
bjs339 said:
Completed successfully. The steps were really straightforward and easy to execute. The only question I had was about flashing the second slot. These instructions contain the command to flash the active slot only, but the 12x has a and b. I went ahead and flashed the second slot anyway even though it's inactive right now. Also, as was noted in the 12 thread, I was confused why Power-Vol Down boots to "fastboot" while adb reboot fastboot boots to "fastbootd". I don't know, just went with fastbootd and all was fine. Thank you @nofx161 for the instructions.
I haven't really done any testing yet but will report back if I find anything interesting.
Click to expand...
Click to collapse
What ROM do you use? Stock or xiaomi EU or which one? Which modules have you tried? Thanks!
I'm on the stock rom and really haven't done much with it yet, so not much to report at this point.
An alternative way for installing magisk is to install twrp ( https://forum.xda-developers.com/t/shared-recovery-psyche-twrp-by-skkk.4461461/ ) and then choose "install twrp" from the advanced menu in twrp. Then restart system and tap on the magisk button. The magisk manager will be loaded from web and your good to go with root.
shortek said:
Did anyone solved CTS profile ?
Click to expand...
Click to collapse
Working on it. I've followed the instructions here: https://forum.xda-developers.com/t/working-safetynet-with-pixel-6-pro-android-12.4354149/ except that I'm using the Shamiko magisk module instead of the Magisk Deny List per guidance here: https://forum.xda-developers.com/t/chase-app-always-detects-root.4099627/page-9. I have two banking apps working, but not Chase and can't add a credit card to my Google Wallet yet. I tested with YASNAC and it says it passes Safety Net, so we'll see if I can get it figured out. It sounds like the Chase app is a constant struggle, and I'm not too concerned about that, but I'd really like to be able to use Google Pay.
bjs339 said:
Working on it. I've followed the instructions here: https://forum.xda-developers.com/t/working-safetynet-with-pixel-6-pro-android-12.4354149/ except that I'm using the Shamiko magisk module instead of the Magisk Deny List per guidance here: https://forum.xda-developers.com/t/chase-app-always-detects-root.4099627/page-9. I have two banking apps working, but not Chase and can't add a credit card to my Google Wallet yet. I tested with YASNAC and it says it passes Safety Net, so we'll see if I can get it figured out. It sounds like the Chase app is a constant struggle, and I'm not too concerned about that, but I'd really like to be able to use Google Pay.
Click to expand...
Click to collapse
Got it! This Safety Net mod fixed Google Pay: https://forum.xda-developers.com/t/...tynet-fix-2-3-1.4217823/page-91#post-87198517
bjs339 said:
Got it! This Safety Net mod fixed Google Pay: https://forum.xda-developers.com/t/...tynet-fix-2-3-1.4217823/page-91#post-87198517
Click to expand...
Click to collapse
Do you have Widevine Level 1 with this method? So we could use streaming services on high quality while being rooted. (can be checked by app DRM info).
HikL said:
Do you have Widevine Level 1 with this method? So we could use streaming services on high quality while being rooted. (can be checked by app DRM info).
Click to expand...
Click to collapse
Looks like it if I'm reading that right.
bjs339 said:
View attachment 5699583
Looks like it if I'm reading that right.
Click to expand...
Click to collapse
Great news! Thank you!
Hello. Please help me. I did everything as in instructions except one thing and it reboots in MIUI Recovery 5.0 as in this photo https://prnt.sc/Oyjs9lxGVFX8 (not my photo). The only thing that I didn't follow is instead of installing my current MIUI version official boot.img which updated tonight 13.04 Global, I used 13.02 Global because I couldn't find fastboot version of 13.04.
edit: now it started just constant bootloop without going into recovery mode, they just uploaded 13.04 fastboot version and I'm downloading it in with high hopes. I hope that if I patch the boot.img with Magisk in emulation on PC nothing bad will happen.
edit2: Sadly I was unable to do it with PC emulator, I'd appreciate if anyone patched it for me, attached file.
boot.img
drive.google.com
kiknalex said:
Hello. Please help me. I did everything as in instructions except one thing and it reboots in MIUI Recovery 5.0 as in this photo https://prnt.sc/Oyjs9lxGVFX8 (not my photo). The only thing that I didn't follow is instead of installing my current MIUI version official boot.img which updated tonight 13.04 Global, I used 13.02 Global because I couldn't find fastboot version of 13.04.
edit: now it started just constant bootloop without going into recovery mode, they just uploaded 13.04 fastboot version and I'm downloading it in with high hopes. I hope that if I patch the boot.img with Magisk in emulation on PC nothing bad will happen.
edit2: Sadly I was unable to do it with PC emulator, I'd appreciate if anyone patched it for me, attached file.
Click to expand...
Click to collapse
I patched boot.img with another phone (huawei or smth) repeated all steps and now it's just stuck in fastboot bootloop...
I tried this
Still gets stuck in a bootloop. Just for fun I downloaded the tgz archive from another source, same situation.
If anyone else gets stuck, here's how to get out of it:
1) Reboot into RECOVERY mode. Select the option for help. It should show a picture of the phone and a USB cable.
2) Follow the onscreen URL for the MiPhoneAssistant Tool
3) I was not able to download via the tool, so I loaded the image in manually with the 2nd option. For my Chinese phone, it was a ~380 MB ZIP file called V13.0.5.0.SLDCNXM, downloaded from:
https://hugeota.d.miui.com/V13.0.5....SLDCNXM-V13.0.5.0.SLDCNXM-ffe7c45215-12.0.zip
4) After finishing, it just boots up to a black screen. Reboot into FASTBOOT mode.
5) From here you can reflash your ROM and be back in business.
But my Mi PC Suite doesn't detect phone when I plug cable, although the icon on phone shows that it's plugged in. Please help me...
Edit: issue was fixed in this thread
Please Help Me. Xiaomi 12x. Bricked Phone after trying to root. Stuck in fastboot bootloop.
Hello. I've followed instructions as in this thread https://forum.xda-developers.com/t/root-psyche-root-xiaomi-12x-with-magisk.4455293/ only 1 thing I did wrong is downloading 13.02 boot.img file instead of 13.04 boot.img which wasn't available...
forum.xda-developers.com
Hmmm.... First I would reflash the 13.0.4.0 boot.img to both slots using fastboot.
Copy boot.img to fastboot folder and type
"fastboot flash boot_a boot.img" and then "fastboot flash boot_b boot.img". Now it should boot again. Then you can patch your boot.img and flash it: Copy the patched boot.img to fastboot folder "fastboot flash boot patched_boot.img". Alternatively you can flash magisk via twrp. Therefore download twrp (search our thread), rename the file to twrp.img, copy the twrp.img to fastboot folder, boot the img with "fastboot boot twrp.img" and after twrp is booted go to advanced and tip "flash current twrp" now you have twrp installed. Now you can download the magisk.apk from github, copy it to your internal storage via your pc and flash it via twrp... Violla
Voodoojonny said:
Hmmm.... First I would reflash the 13.0.4.0 boot.img to both slots using fastboot.
Copy boot.img to fastboot folder and type
"fastboot flash boot_a boot.img" and then "fastboot flash boot_b boot.img". Now it should boot again. Then you can patch your boot.img and flash it: Copy the patched boot.img to fastboot folder "fastboot flash boot patched_boot.img". Alternatively you can flash magisk via twrp. Therefore download twrp (search our thread), rename the file to twrp.img, copy the twrp.img to fastboot folder, boot the img with "fastboot boot twrp.img" and after twrp is booted go to advanced and tip "flash current twrp" now you have twrp installed. Now you can download the magisk.apk from github, copy it to your internal storage via your pc and flash it via twrp... Violla
Click to expand...
Click to collapse
Thank you for your answer. I already fixed issue in another thread, will edit my comment.