Develop Bugs

T-Virus - Infect your Nokia 8 with Project Treble (2019-07-02)

Code:
#include <std_disclaimer.h>
/*
* Your warranty is now void.
*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research about modifying your android system before flashing this!
* YOU are choosing to make these modifications, and if you point the finger at
* me for messing up your device, I will laugh at you. Hard. A lot.
*/
(if you expected the Resident Evil references to stop, you just got gnomed)
What is this?
T-Virus (for treble-virus) is a tool that takes a stock Nokia 8 firmware and "infects" it with various parts from the Nokia 8 Sirocco firmware, generating a firmware bundle that is compilant with Project Treble and that can be flashed to a Nokia 8 using NOST.
Firmware Sources
The base of T-Virus is the stock Nokia 8 firmware image (5150 / April Security patch at the time of writing). When being run, the build script takes those files and replaces the partition table with the one from Nokia 8 Sirocco. This required for creating a vendor partition that the stock Nokia 8 does not have. The vendor image is taken from the Sirocco firmware as well. During the build, the vendor image is mounted as rw, and various files are copied over from the stock Nokia 8 system image, or get patched to properly support the minor hardware differences between the two phones. Those actions are defined through very basic scripts inside of the vendor folder in the repository.
The boot image is a modified version of my umbrella kernel, which has support for early mounting vendor. It also includes a TWRP build with full support for Project Treble.
SELinux Hell
Because Android does some very weird stuff with SELinux contexts, you cannot launch a service file when it has an unknown context. We have to fix that by force-setting the SELinux context manually, but due to how SELinux works, this is only possible on a Linux system without SELinux. This means, that you cannot build this on a distribution with SELinux (Fedora in my case). I fixed the problem by building the images in a Ubuntu VM.
How to build?
First you have to download the latest firmware image from https://tmsp.io/fs/xda/nb1/firmware, and the exdupe tool from https://www.quicklz.com/exdupe
Extract the firmware into a folder and then clone the repository, like this:
Code:
$ mkdir firmware
$ ./exdupe -R ~/Downloads/NB1-5150-0-00WW-B03.qlz firmware/
$ git clone https://github.com/resident-nokia/t-virus
$ cd t-virus
The build script has two options you have to set: a version and the path to the extracted firmware. This means you have to run it like this:
Code:
$ ./build.sh --version v0.1 --firmware ../firmware
Leave it running and when it asks you, enter your sudo password. This is required to mount the Android ext4 partitions and edit the files that are only accessable by the (Android) root user, and retain their permissions.
When the script has finished the flashable firmware image will be inside of the out folder. You can optionally package this as a .qlz file again using exdupe.
What works?
It boots
Data decryption in recovery
Flashing GSIs / OpenGApps in recovery
WiFi
Mobile Data
Bluetooth
Sound
Vibration
Calling
Hardware buttons
Fingerprint
Camera
GPS
NFC
SDCard
Multi SIM
4k Video
What doesn't work, or isn't tested
Haptic feedback for Hardware buttons
Bluetooth headphones don't get registered properly
Nokia OZO audio support is missing
Fingerprint sensor is reported as being on the back of the phone
There might be issues with USB transfer under Windows
VoLTE (untested)
How to install?
WARNING: This might not be useable as a daily driver. Continue only if you are able to troubleshoot things if neccessary (bootloops, bricking the phone, causing the alarm app to declare nuclear war)
You can download the latest release from the releases page on the repository. It is a .qlz firmware, so you will have to flash it through NOST. You will need a completely unlocked bootloader. When flashing, make sure to select the "Erase Userdata" option, not doing this will most certainly bootloop the phone.
After the installation completed, your phone will reboot into phh's AOSP GSI. If you want to use a different GSI (you most likely will), follow these steps:
Download your favorite GSI
Unpack every form of compression, so you end up with a .img file
Boot into recovery
Copy the .img to the internal storage of your phone, or to your SDCard
Select "Install" -> "Install .img", select the image file you copied and flash it to your system partition
Then install OpenGApps or any other modifications you like.
Wipe /data to allow the new system image to boot properly and then reboot
To update to a newer version without having to erase userdata, download the zipped vendor image from the release page, and flash the image inside in TWRP.
If you want to go back to stock, simply download the 5150-revert firmware and flash it with NOST, with the "Erase Userdata" option enabled. It will revert all changes T-Virus made to your phone. Firmwares from https://tmsp.io/fs/xda/nb1 will not work.
Links?
Repository: https://github.com/resident-nokia/t-virus
Download: https://github.com/resident-nokia/t-virus/releases
Reverting to stock: https://github.com/resident-nokia/t-virus/releases/tag/5150-revert
What if I have a bug?
Upload a proper bugreport. This means logcat and dmesg. If you don't know how to get them, google it. Also, describe the issue and provide steps to replicate it. Everything else will be ignored.
I don't daily drive this phone anymore. I am doing this just because it is an interesting technical challenge. I don't have as much motivation to fix bugs than someone who daily drives it.
I want to say thank you!
I usually don't do this, but since this involved a lot of work on my side, I would be grateful if you would want to say thank you by buying me a coffee (or two): https://paypal.me/thmsp

Ok. After the flashing we have a phone "infected" by the Project Treble. But what it gives to end-user? What is profit of this?

kosmatyj said:
Ok. After the flashing we have a phone "infected" by the Project Treble. But what it gives to end-user? What is profit of this?
Click to expand...
Click to collapse
The ability to install GSIs (Generic System Images). Basically everything from here: https://forum.xda-developers.com/project-treble/trebleenabled-device-development

Oh! Sounds pretty good! Thanks. Will think about it. Really expands posiibilities and needs to be tested.
---------- Post added at 10:54 ---------- Previous post was at 10:29 ----------
Q: Should Ihave an Android Pie be installed first or it can be flashed over ony ROM version (I currently have Nougat ROM installerd on my Nokia 8)?

kosmatyj said:
Q: Should Ihave an Android Pie be installed first or it can be flashed over ony ROM version (I currently have Nougat ROM installerd on my Nokia 8)?
Click to expand...
Click to collapse
It could work, since it is a modified firmware for reflashing, but just to be sure, update to Pie through OTA. That's what this has been tested with and you won't update your bootloader in the process which eliminates some possible incompatibilities.

What is password for t-virus-20190703.qlz? Should I flash the TV-20190703-vendor.zip before or t-virus-20190703.qlz is all I need?

kosmatyj said:
What is password for t-virus-20190703.qlz? Should I flash the TV-20190703-vendor.zip before or t-virus-20190703.qlz is all I need?
Click to expand...
Click to collapse
It's all in the instructions. There is no password on the qlz file. You can't extract it, you have to flash it using NOST. The zip is for updating from previous versions and not for the initial installation.

Oh, I understood. No need to unpack, just download and flash over NOST, right? Thanks ones more. It is new for me, that`s why I have so much questions.

kosmatyj said:
Oh, I understood. No need to unpack, just download and flash over NOST, right? Thanks ones more. It is new for me, that`s why I have so much questions.
Click to expand...
Click to collapse
Yes. Just follow the instructions in NOST and select the T-Virus .qlz when it asks you to. Also, make sure you select the "Erase Userdata" option in the drop down menu that appears after selecting the .qlz.

Thank you for this - hope you enjoy the couple of coffee's

Amazing work. Can the current Android Q GSI be used?

comatrices said:
Amazing work. Can the current Android Q GSI be used?
Click to expand...
Click to collapse
When I tried it it didn't boot. Your mileage may vary, but you probably have to wait until the source code for Q has been published and people can build real phh GSIs from it.

Hello! Author, don`t you planning to build the same but for Android 8.1? Your work is great anyway but would be just amazing to have an Oreo in this appearance. Thank you.

kosmatyj said:
Hello! Author, don`t you planning to build the same but for Android 8.1? Your work is great anyway but would be just amazing to have an Oreo in this appearance. Thank you.
Click to expand...
Click to collapse
Just flash an Oreo GSI? I know you can run Pie GSIs on Oreos vendor, so it should work fine the other way around.

Nah! Didn`t work. After "android" logo it drops into download mode. AOSP 32 (last version of A 8.1 GSI).

kosmatyj said:
Nah! Didn`t work. After "android" logo it drops into download mode. AOSP 32 (last version of A 8.1 GSI).
Click to expand...
Click to collapse
I am not exactly sure if I understand you correctly, but Nokia 8 is not an A-only device, it is an AB device. You need to flash the AB image of AOSP, not the A one.

Right, I did exactly like you said. system-arm64-ab-vanilla-nosu - image that I flashed couple minutes ago. Downloaded from here: https://github.com/phhusson/treble_experimentations/releases/tag/v32
I`m sorry about my English. I`m Russian.

kosmatyj said:
Right, I did exactly like you said. system-arm64-ab-vanilla-nosu - image that I flashed couple minutes ago. Downloaded from here: https://github.com/phhusson/treble_experimentations/releases/tag/v32
I`m sorry about my English. I`m Russian.
Click to expand...
Click to collapse
Ok, then it probably doesn't work the other way around (Oreo with Pie vendor). An Oreo-based T-Virus is unlikely to happen though, because Siroccos Oreo vendor has some problems (calls not going through properly), and I dont want to maintain two versions of it because, as said in the OP, I don't use my Nokia 8 anymore. It seems like Pie is all you can get with this for now, sorry.

Hi all. Just to make it clear. The procedure for the Nokia 8 is:
1. Unlock Bootloader
2. Do "critical unlock" (fastboot flashing unlock_critical)
3. Flash "t-virus-20190703.qlz" with NOST?
Did i miss something? Whats with Security Enabled Linux?

just4me12 said:
Hi all. Just to make it clear. The procedure for the Nokia 8 is:
1. Unlock Bootloader
2. Do "critical unlock" (fastboot flashing unlock_critical)
3. Flash "t-virus-20190703.qlz" with NOST?
Did i missed something? Whats with Security Enabled Linux?
Click to expand...
Click to collapse
That's right. Don't forget to add "erase data" option while flashing t virus with NOST otherwise you'll end up in a bootloop.

How To Guide June 20, 2023 TQ3A.230605.010.A1 T-Mobile/MVNOs / June 13, 2023 TQ3A.230605.010 Global - Root Pixel 6 Pro [Raven]

Pixel 6 Pro [Raven]​
Updated May 13, 2023
Note that more than three users have said that 34.0.1 (even May 10, 2023's binary update of 34.0.1) did not work correctly for them. I recommend sticking with 33.0.3 (just below these quotes)
Someone reported it to Google (added a comment about 34.0.1 to the existing 34.0.0 report).
Spoiler
b0uNz said:
tried to flash the latest build of AncientOS with it, did not work. Back to r33.0.3 and it worked fine
Click to expand...
Click to collapse
Aphex13 said:
platform-tools_r34.0.1-windows is not functioning properly. Back to 33.0.3 we go...
Click to expand...
Click to collapse
budmannxx said:
Add me to the list of users that had a problem with platform-tools 34.0.1. I got into a bootloop after running flash-all.bat. Downgraded to 33.0.3, reran the new (old) flash-all.bat, and was all good.
Using 34.0.1, the phone never even got to the fastbootd part of the process
Click to expand...
Click to collapse
May 10, 2023 binary update of 34.0.1:
Homeboy76 said:
Update
I tested SDK Platform-tools r. 34.0.1 it is not fixed. There are still problems with fastbootd. Use SDK Platform-tools r. 33.0.3
Click to expand...
Click to collapse
Namelesswonder said:
Anyone that updated their platform tools and needs to downgrade can use these links.
Windows
https://dl.google.com/android/repository/platform-tools_r33.0.3-windows.zip
Mac
https://dl.google.com/android/repository/platform-tools_r33.0.3-darwin.zip
Linux
https://dl.google.com/android/repository/platform-tools_r33.0.3-linux.zip
Click to expand...
Click to collapse
Factory Images for Nexus and Pixel Devices | Google Play services | Google for Developers
developers.google.com
Google Pixel Update
Android Security Bulletins | Android Open Source Project
source.android.com
Regarding Developer Support Android 12 images, see @Lughnasadh's post here.
I am not linking directly to the Developer Support Android 12 images because I don't want them to be confused with Stable Android 12, and since the Developer Support images won't receive any OTAs...ever. They likely also will never be manually updated on the Developer Support images site, so they will forever be stuck with the security patch level they're currently on, which will become further out of date every month. You can Google search Developer Support Android images if you want to find them.
TL;DR regarding the PSA. If you update one slot to Android 13, you can fastboot reboot bootloader after and then fastboot --set-active=other to change slots in order to flash Android 13 to the new slot, but IF you have Android 13 on one slot and still have Android 12 (including Android 12 bootloader) on the other slot and you try to fully boot into Android 12, you will be permanently bricked and have to seek repair from Google. No one has yet found a way to repair this on our own. I will update if there is any progress. At least a small handful, and probably more, people have done this already.
At a minimum, do this first: fastboot flash bootloader --slot all bootloader-devicename-slider-1.2-3456789.img (change the name of the bootloader file to the one for your device), then you *should* be much safer than without doing that first. Also note that the bootloader is NOT the same as boot.img (kernel). The bootloader image file has "bootloader" in the filename.
IF you have already bricked your phone and the screen is blank - there is likely nothing we can do to help. You should seek to get a repair from Google, possibly under warranty.
You CANNOT go back to Android 12 Stable. It *seems* as if you can, but Android 12 will not work 100% correctly after updating to the Android 13 bootloader.
My tiny, early, very mini-review of Android 13 is here.
Note that this is mainly for the officially listed "Unlocked" Pixel 6 Pro, available directly from the Google Store. All of this will also apply to any other (carrier-specific) variant of the Pixel 6 Pro which you can achieve an unlocked bootloader on. This includes T-Mobile and AT&T variants. It's likely Verizon variants will never be able to unlock their bootloader, or if so it will require paying the right person to do so.
Feel free to ask about general questions, but for anything that's specific to your variant, you should use one of the other already existing threads. You'll find Verizon, AT&T, and T-Mobile-related threads in those respective search results.
Click to expand...
Click to collapse
Here there be dragons. I am not responsible for anything at all.
Spoiler: Warnings / FYI
Unlocking or locking the bootloader will wipe the device every single time, so be sure to have your data backed up before doing so, or better yet, just unlock it as soon as you get the device.​
Click to expand...
Click to collapse
Keep in mind that unlocking the bootloader or rooting might affect your phone's capability to use banking apps such as Google Pay, your local bank's app, or even the ability to install some apps like NetFlix. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12​
Click to expand...
Click to collapse
If you're going to re-lock the bootloader, make sure the ROM you have on your phone is completely stock (by flashing the latest official firmware) BEFORE re-locking it.​
Click to expand...
Click to collapse
There are no negative consequences if you unlock or re-lock the bootloader other than it will wipe your phone, and while unlocked you get a brief screen when you boot the phone telling you (and anyone who sees your phone at the time) that the bootloader is unlocked. You will also continue to receive updates (if you've merely unlocked the bootloader, you can take updates as normal) unlike Samsung, Sony, et cetera, which have permanent major consequences with reduced functionality even if you un-root and re-lock your bootloader. If you're actually rooted (not just bootloader unlocked), you'll have to perform extra steps to manually update each month, and to keep root/re-root.​
Click to expand...
Click to collapse
All posts about Google Pay or banking will be reported to be deleted. Please keep this thread on-topic. There are at least one or two other How To Guide threads in this section in which folks discuss how to get around banking app restrictions when you're rooted or just have an unlocked bootloader. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12
Click to expand...
Click to collapse
If users persist in discussing banking apps in this thread, I will have this thread locked and only update this first post when there is new and updated information regarding the subjects of the title of the thread: Unlocking the Pixel 6 Pro bootloader, rooting, and TWRP. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12
Click to expand...
Click to collapse
Honorable mention to @Jawomo's aodNotify - Notification Light / LED for Pixel 6 Pro! (XDA link) / Notification light / LED for Pixel - aodNotify (Play Store link), which in my opinion restores useful functionality missing in most phones these days. It also solves some subjective issues some folks have with AOD (Always On Display), and/or solves/works around the problem where AOD is required for the optical fingerprint reader to work without the screen being on.​
Click to expand...
Click to collapse
Check warranty status - *may* reveal if a phone is refurbished, only if the phone was refurbished through Google - thanks to @Alekos for making me aware of the site.
Official Google Pixel Update and Software Repair (reported as of January 23, 2022 to still not be updated for the Pixel 6/Pro yet)
Google's Help Page for Find problem apps by rebooting to safe mode - this can be a lifesaver and keep you from having to do a restore to 100% complete stock or even from having to do a factory reset. This will deactivate all Magisk modules, and they'll remain deactivated even after you boot normally after briefly booting to safe mode. You can reenable the Magisk modules as you wish to try to narrow down the problem if it was caused by a Magisk module. This can even get things working again after a Magisk Module wasn't finished installing and potentially causing a bootloop.
Official Google Pixel Install fingerprint calibration software (also available at the bottom of the Update and Software Repair page above) - I believe this is only helpful if you've replaced the screen
Official Google Android Flash Tool (OEM Unlocking needs to be toggled on - you may not have to manually unlock the bootloader - the "site" will do that on its own)
Lughnasadh said:
OEM unlocking in developer options needs to be toggled on. I don't "believe" you have to actually do the "fastboot flashing unlock" command.
Click to expand...
Click to collapse
ADB/Fastboot, Windows Drivers, and unlocking the bootloader (thanks @sidhaarthm for confirming unlocking the bootloader works as intended, be sure to thank him in his post)
You'll need this if you're going to unlock the bootloader on your Pixel 6 Pro: SDK Platform Tools (download links for Windows, Mac, and Linux). Note that you can find links to download the tools elsewhere, but I wouldn't trust them - you never know if they've been modified. Even if the person providing the link didn't do anything intentionally, the tools could be modified without them being aware. Why take a chance of putting your phone security further at risk?
You can alternately use the tools from the SDK Manager, but most of us will want to stick to the basic tools-only without the complications of the full development manager.
For Windows, get Google's drivers here Get the Google USB Driver (ADB will likely work while the phone is fully booted, but if you're like me, you'll need these drivers for after you "adb reboot-bootloader", to be able to use ADB and Fastboot.
Thanks to @96carboard for posting the details of unlocking the bootloader, be sure to thank him in his post. Unlocking or locking the bootloader will wipe the device every single time, so be sure to have your data backed up before doing so, or better yet, just unlock it as soon as you get the device. Keep in mind that unlocking the bootloader or rooting might affect your phone's capability to use banking apps such as Google Pay, or your local bank's app. If you're going to re-lock the bootloader, make sure the ROM you have on your phone is completely stock (by flashing the latest official firmware) BEFORE re-locking it. My experience on my Pixel 1 was that there were no negative consequences if you unlock or re-lock the bootloader other than it will wipe your phone, and while unlocked you get a brief screen when you boot the phone telling you (and anyone who sees your phone at the time) that the bootloader is unlocked. All of this should still be the case. You will also continue to receive updates. Unlike Samsung, Sony, et cetera, which have major consequences with reduced functionality even if you un-root and re-lock your bootloader. If you're actually rooted (not just bootloader unlocked), you'll have to perform extra steps to keep root/re-root.:
The unlock process works like this:
1) Take brand new fresh phone out of box. Do NOT put sim card in it, just power it on (you can put a SIM card if you want, you just don't have to).
2) When it starts harassing you to join Google, hit "skip" and "remind me tomorrow" as applicable until you reach home screen. YOU DO NOT need to plug in a google account.
3) Settings --> About --> Build number. Repeatedly tap it until it says you're a developer.
4) Back --> Network --> WiFi and connect it.
5) Back --> System --> Developer --> OEM unlocking (check), USB debugging (check), plug in USB, authorize on the phone when requested.
Using the Platform Tools previously mentioned in command line/terminal:
6) #
Code:
adb reboot-bootloader
7) #
Code:
fastboot flashing unlock
Now that you've unlocked it, it has been wiped, so repeat 1-4, then disable all the google spyware, and go ahead and start using it while waiting for aosp and root.
Official Instructions for Locking/Unlocking the Bootloader
Click to expand...
Click to collapse
roirraW edor ehT said:
Personally, I would always use the official drivers Google provides unless they just don't work for whatever reason: Get the Google USB Driver (this is for Windows). They work for me. They are rarely updated, but they are every once in a great while, sometimes years in-between.
Click to expand...
Click to collapse
Alekos said:
I agree with this. be careful using drivers or adb/fastboot tools. Some are fine, but there's no need for it really anymore. Google has made it very easy to install drivers and Platform-Tools (adb/fastboot tool).
Google provides the Fastboot/ADB tool (Platform-Tools) and Google USB Drivers (adb/fastboot interface). This will allow any Pixel to interface with Windows using the fastboot/adb protocol. Official Google USB Driver includes support for both the Fastboot and ADB driver interface. There are 3 main drivers (Fastboot, ADB and MTP/Portable File Transfer). The MTP/Portable File Transfer driver is built-in to Windows 7-11.
Fastboot/ADB Driver Interface - Official Download Link:
When flashing a full image or unlocking your bootloader, the fastboot interface is being used.
First Download official Google USB Drivers (it's a zip file). Extract the zip (important!). Right-click on the android_winusb.inf file and hit install. You can then restart your phone to the Bootloader Screen (hold vol-down while it restarts or turns on). When you plug in your phone, Windows Device Manager will show a new device at the top: Android Device: Android Bootloader Interface.
Using the ADB interface: It's the same driver. Enable USB Debugging on your phone, then plug it in to your computer. A prompt will appear on your phone (to allow USB Debugging). The driver in Device Manager will appear as Android Device: Android Composite ADB interface.
Now you can download and use Platform-Tools to flash an Android Image, OTA or run adb/fastboot commands.
Official Download Page
"Android SDK Platform-Tools is a component for the Android SDK. It includes tools that interface with the Android platform, such as adb, fastboot, and systrace"
It's best to make Platform-Tools available system-wide. Download Platform-Tools from the above link and extract it to your C:\ drive - that way you will have a folder to add to the PATH Environment under Window System Properties Menu, Advanced, Environment Variables, System Variables, PATH (google how to do this, very easy). What this does is allow adb/fastboot commands to be run from anywhere in the system, so you don't have to be in the platform-tools folder to run adb/fastboot commands and flash an Android Image (Official or Android Fork such as ProtonAOSP).
Click to expand...
Click to collapse
Rooting-related​
@Az Biker's thread [How To Guide] [Pixel 6 Pro] Easy STEP BY STEP Unlock-Root.​
OR
@V0latyle's thread [How To Guide] Root Pixel 6 Pro with Magisk
Click to expand...
Click to collapse
No longer applies - Things that make rooting more complicated on Android 12
@V0latyle posted a new thread with some very important and fascinating information about the increased difficulty to root Android 12: Read this before rooting. Be sure to thank him there.
Click to expand...
Click to collapse
A list of the other important guides - be sure to thank the respective OPs
For all relevant guide threads just click the yellow "How To Guide" quick filter above the list of threads in the Pixel 6 Pro section.
Here's the Magisk section of XDA's forums, for rooting. Magisk on GitHub. The most recent Magisk Stable is what's recommended these days.
@sean222's thread Restore WiFi and Cellular Data in Quick Settings (Root Required)
@rickysidhu_'s thread HBM (High Brightness Mode)
@gururoop's thread Probable method to upgrade every month, without wiping data and retaining root
@rickysidhu_'s thread Limit Charge
@Typhus_' thread [MOD][MAGISK][ANDROID 12] Addon Features for Pixel Devices - Pixel 6 Pro Thread
@siavash79's thread [MOD][Xposed+Magisk][Pre-Release] AOSP Mods - System modifications for AOSP-based Android 12+ - a mod that compliments @Typhus_' mod above, and may eventually completely replace it.
@TotallyAnxious' thread [MOD] Collection of "Anxious" Modules for Pixel 6/Pro Series
Every single one of @foobar66's posts.
TWRP (not made for the Pixel 6 Pro yet - will update when it has)
I would guess that this should be the appropriate URL for official TWRP custom recovery for the Pixel 6 Pro, but who knows when/if that will actually be made available, and it may become available unofficially in these forum sections before being made official. I'll adjust this URL as needed. https://twrp.me/google/googlepixel6pro.html.
Click to expand...
Click to collapse
Custom kernels for stock ROM(s)
@Freak07's Kirisakura-Kernel for the Pixel 6 Pro (and possibly the Pixel 6)
@DespairFactor's Despair Kernel (I believe also for both the P6P and P6)
@tbalden's CleanSlate Kernel
@acuicultor's Radioactive Kernel
Click to expand...
Click to collapse
Factory Images (requires an unlocked bootloader)
It's also handy to have to the full official firmware available, whether it's to recovery from accidents or for actual development. Note the official link to the general Factory Images for Nexus and Pixel Devices page. The following link goes directly to the Pixel 6 Pro (Raven) section: Pixel 6 Pro Factory Images. I prefer to actually bookmark a link to the device listed immediately below the device I want the firmware for, because Google dumbly (in my opinion) puts the latest firmware at the bottom of the list for each particular device, and that ends up making you scroll a lot after a year or two of monthly updates.
Note: You can still get the December 2021 Factory Images and OTA from this thread, if you need them for any reason: Alternate links to December - all full factory images and OTAs available
Click to expand...
Click to collapse
Full OTA Images (doesn't require an unlocked bootloader)
Full OTA Images for Nexus and Pixel Devices
Click to expand...
Click to collapse
The usefulness of having Verity and Verification enabled (now that it's not needed for root) - post #2 below.
Regarding P6P 5G model numbers and capabilities - post #3 below.
List of all Pixel monthly security bulletins and Play System Updates - post #4 below.
How I root and update (which is identical whether rooting the first time or updating):
Use the latest Magisk Stable (in my case, I keep the app "hidden" / renamed)
Used the full firmware zip, extracted to the same folder as the latest Platform Tools (S:\platform-tools)
Extracted the new boot.img
Copied new boot.img to the phone
Patched the new boot.img with Magisk Stable
Renamed Magisk'd boot.img so I know what version of firmware it's for
Copied the Magisk'd boot.img back to the computer
Disabled all my Magisk Modules
Removed the "-w " from the flash-all.bat
Re-edited the flash-all.bat to verify I saved it with the "-w " taken out
Open a Command Prompt, navigated to S:\platform-tools
adb reboot bootloader
flash-all.bat
Let phone boot, unlock it, check that it's working, allow the update process to finish (gave it five minutes or so)
adb reboot bootloader
fastboot flash boot kernel.img (renamed Magisk'd boot.img)
fastboot reboot
Unlock, check everything's working
Re-enabled the most basic Magisk Modules which I was sure wouldn't cause a critical issue
Reboot, unlock, made sure everything's working
Back to modding!
Click to expand...
Click to collapse
I may append these first four posts with further useful information or links as needed.
Click to expand...
Click to collapse

Disabling Verity and Verification isn't required except for use with some custom kernels, but just rooting those custom kernels with the latest Magisk Stable v24.1 or higher should make them not require disabled Verity and Verification anymore.
A reminder that disabling Verity and Verification, at least if you've never disabled them before, will cause you to need to factory reset the device otherwise there will be corruption.
prokiller1199 said:
if you didnt disable before then it is enabled since the beginning. Disabling requires a full wipe.
It will show this image if you try to disable.
You can also verify it using adb shell with:
adb shell
su
avbctl get-verity
avbctl get-verification
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Click to expand...
Click to collapse
The usefulness of having Verity and Verification enabled (now that it's not needed for root but IS still required for some custom kernels):
jwoegerbauer said:
1. DM-Verity ( VB 1.0 ) verifies /system and /vendor - it was introduced with Android 4.4, modified with Android 7
2. Android Verified Boot ( VB 2.0 aka AVB ) additionally verifies /boot - it was introduced with Android 8, works on Project Treble enabled devices
Both are running a hash on the memory blocks mentioned of your device to ensure the integrity of your software and help prevent rootkits and the like.
If you disable VB 1.0 and/or VB 2.0 your Android device becomes vulnerable to malware of any type: IMO only those do it who do not care about the built-in protection.
Click to expand...
Click to collapse
V0latyle said:
Yes - this is covered on Android Source.
The basics:
Android Verified Boot ensures that the boot code is legitimate, by using a boot image "signature" compared to a signature stored in the key registry.
Dm-verity is a method by which the code on the block devices is hashed; this hash is then compared to a reference hash to determine its authenticity before the image is loaded, thereby preventing rootkits from declaring themselves legitimate.
Vbmeta verification is a method of storing those reference hashes to which the generated hashes are compared. This can be and often is used for any critical partition, such as /boot and /system.
These aren't new concepts and indeed have been integral to Android for some time. What is new is how the Android 12 AVB headers were handled.
We still don't know exactly where in the process the problem occurred when trying to run custom boot images with Android 12. I suspect that the issue wasn't custom software itself - after all, you could still flash a custom ROM and run it without issues - but rather, trying to use a modified boot image with otherwise stock Android 12 system. Don't take my word for it, though, because I don't know for sure.
Click to expand...
Click to collapse
Freak07 said:
It has nothing to do with the kernel itself. The anykernel.zip uses magiskboot to "repack" the kernel during the flashing kernel.
Click to expand...
Click to collapse

Regarding P6P 5G model numbers and capabilities:
There are three hardware versions:
G8VOU (AU, US); also listed as G8V0U - zero instead of "oh" on some sites, Google shows the former, G8VOU) - has mmWave 5G support
GF5KQ (JP) - has mmWave 5G support
GLUOG (CA, DE, FR, GB, IE, TW) - no mmWave 5G support
For instance, my factory unlocked direct from Google in the United States Pixel 6 Pro 512 GB is a G8VOU. As far as I know, all other variations in each individual phone are controlled by software (which firmware is loaded) and over the internet (which IMEIs are Carrier Unlocked or not, and OEM Unlockable or not).
Check carriers, their 5G networks & their 5G roaming support for Pixel phones. Make sure and choose your country from the drop-down to see the list of carriers beneath.
There's also the section above that Learn which Pixel phones can work with which kinds of 5G.

My personal advice for how to get your device back up and running like you had it previously after a factory reset:
I use Nova Launcher Prime, so I do backups anytime I change my home screen or app drawer/tabs setup, so widgets and app icons and other Nova-specific configurations are easier to restore.
Go to Android Settings and use Settings' search box for Backup. Make sure that your Google account is set up to backup your apps (and app data for the apps that developers have configured to use Google's Backup API). Make sure things are backed up. Note, this doesn't backup the apps themselves, only the list of apps, so only applies to apps installed from the Play Store. As I said in parentheses, developers have to choose to integrate Google's Backup API into their app, and those apps only will get their app data backed up into Google's cloud.
If you're rooted also, then you could use something like Swift Backup to backup to the cloud. I do so, although I still restore as much as possible through Google's backup, and I only restore through Swift on a case-by-case basis, as needed when I discover an app that's tough to set back up doesn't have it's data restored by Google.
If you've used Google Photos to backup your photos to Google's cloud, then hit the button in Google Photos to free up space. This will automatically and only delete your local copies of photos and videos that it's already backed up.
Once that ^ is done, look at your internal storage with your favorite File Manger and see if there's anything left that you want to back up manually, since a factory reset will wipe everything. Copy them to your computer or a flash drive.
When you're just starting the out of the box setup after the reset, when it asks you if you want to use a cable to restore things from an old phone, choose No, and that will lead you to Google's cloud backup where you can choose to restore everything, or you can select what you want to restore.
I think you can figure out the rest.

Reserved.

Reserved.

Reserved.

Reserved.

If you have any reputable youtube links that you think might be of help as well for complete noobs like me, that would be great.

dj24 said:
If you have any reputable youtube links that you think might be of help as well for complete noobs like me, that would be great.
Click to expand...
Click to collapse
This one's kinda long for what it is, and this is for the Pixel 1, but it should be similar for the Pixel 6/Pro. I won't add it to the first post just yet in case there are differences, and I don't want to recommend something I can't actually try on the 6 Pro (since I won't get mine for likely another two days). Unlocking the Bootloader of the Pixel and Pixel XL
Good luck!

roirraW edor ehT said:
This one's kinda long for what it is, and this is for the Pixel 1, but it should be similar for the Pixel 6/Pro. I won't add it to the first post just yet in case there are differences, and I don't want to recommend something I can't actually try on the 6 Pro (since I won't get mine for likely another two days). Unlocking the Bootloader of the Pixel and Pixel XL
Good luck!
Click to expand...
Click to collapse
This is great. I won't be getting mine for a while as well so please come back and update this thread.

dj24 said:
If you have any reputable youtube links that you think might be of help as well for complete noobs like me, that would be great.
Click to expand...
Click to collapse
Generally YouTube video guides for software related things aren't particularly helpful, as they can often get outdated very quickly; especially in the early days of a device as they can't be updated when new things are found out.
It would probably be best to carefully read through guides

@sidhaarthm reports here (be sure to thank him on his original post):
Bootloader successfully unlocked. I will just run everything stock for now - this is just so I don't have to wipe the device later after I have completed full setup and transferred all my data.
View attachment 5441915
Click to expand...
Click to collapse

dj24 said:
This is great. I won't be getting mine for a while as well so please come back and update this thread.
Click to expand...
Click to collapse
FYI, I'm reminded by several members in these forums that unlocking the bootloader (the first step before being able to root your Carrier-Unlocked Pixel 6 Pro) wipes the device - so does re-locking it. So I highly recommend unlocking it as the first step when you get the phone, otherwise, you'll have to back up anything that doesn't normally get backed up, and go through the initial setup process again. Not a big deal for some, but would likely not be optimal for a new user.
Instructions for Locking/Unlocking the Bootloader (note that unlocking or locking the bootloader will wipe the device every single time, so be sure to have your data backed up before doing so, or better yet, just unlock it as soon as you get the device).
Click to expand...
Click to collapse

roirraW edor ehT said:
FYI, I'm reminded by several members in these forums that unlocking the bootloader (the first step before being able to root your Carrier-Unlocked Pixel 6 Pro) wipes the device - so does re-locking it. So I highly recommend unlocking it as the first step when you get the phone
Click to expand...
Click to collapse
This! It's the first thing you should do out of the box if you plan on rooting later.

@V0latyle posted a new thread with some very important and fascinating information about the increased difficulty to root Android 12: Read this before rooting. Be sure to thank him there.

That's great news about Unlocking the bootloader! I'll be doing that first thing to be ready for the future...

Does this mean to say there is no OEM unlocking switch in the developer options screen?

biTToe said:
Does this mean to say there is no OEM unlocking switch in the developer options screen?
Click to expand...
Click to collapse
There is, its there and you need to flip it.

The unlock process works like this;
1) Take brand new fresh phone out of box. Do NOT put sim card in it, just power it on.
2) When it starts harassing you to join google, hit "skip" and "remind me tomorrow" as applicable until you reach home screen. YOU DO NOT need to plug in a google account.
3) Settings --> About --> Build number. Tap it until it says you're a developer.
4) Back --> Network --> Wifi and connect it.
5) Back --> System --> Developer --> OEM unlocking (check), USB debugging (check), plug in USB, authorize when requested.
6) # adb reboot-bootloader
7) # fastboot flashing unlock
Now that you've unlocked it, it has been wiped, so repeat 1-4, then disable all the google spyware, and go ahead and start using it while waiting for aosp and root.

How To Guide [Pixel 6 Pro] Easy STEP BY STEP Unlock-Root-Update

Ready to Unlock, Root, and Update factory images on your Pixel 6 Pro?
There are some really good guides by V0latyle here, and by roirraW "edor" ehT here which are great for veteran/regular users who are really familiar with adb/fastboot and the commands, steps used in the unlocking, rooting environment.
This step by step is for people like ME who are not adb/fastboot gurus, who need every step spelled out so we don't brick our over-priced flagship devices
* * *P L E A S E READ THIS FIRST B E F O R E UPGRADING TO ANDROID 13* * *
What You Need On Your PC:
Factory Image
MAGISK - Canary 24310
SDK Platform Tools & USB Drivers (first time installation)
(additional files I use: optional)
Working SafetyNet @Pekempy
Kirisakura Kernel @Freak07
*** MAKE SURE YOU EXTRACT THE CORRECT BOOT.IMG FILE TO PATCH IN MAGISK ***
-download latest factory image, unzip the MAIN image.zip, then unzip the SECONDARY image.zip , copy the contents of the SECOND image.zip into the same platform tools folder that has the fastboot application in it, then open the image.zip you just copied into the fastboot folder and copy the boot.img and paste it somewhere on your PC.
Device Setup PRIOR To Starting Fastboot:
Settings>About phone>Build Number (click build number until you see YOU ARE NOW A DEVELOPER)
Settings>System>Advanced>Developer Options
Enable OEM Unlocking & USB Debugging & USB Configuration> enable FILE TRANSFER
Unlock the Bootloader, Update Factory Image, and Get Root:
1- Boot your device into bootloader/fastboot (hold power / vol down)
2- Connect USB cable to device and PC ( have diff USB cables available for troubleshooting)
3- From address bar in the platform tools folder where the fastboot application is located on your PC, type CMD to open command prompt window
4- Type FASTBOOT DEVICES, if you see a serial number(s) you are ready, if you don't, verify you've properly set up platform tools folder, change cable, check command, try again)
5- TO UNLOCK BOOTLOADER- type fastboot reboot bootloader (***YOUR DATA WILL BE WIPED***)
6- Type fastboot flashing unlock
7- Type fastboot reboot bootloader
IF UPDATING TO ANDROID 13 FOR THE FIRST TIME IT IS HIGHLY RECOMMENDED YOU FLASH THE 13 BOOTLOADER TO BOTH SLOTS BEFORE UPDATE (read warning at top of page) Follow step 7a to accomplish updating both slots to the Android 13 bootloader:
7a. Type fastboot flash bootloader --slot=all <bootloader image in platform tools>
PRIOR TO FLASHING THE FACTORY IMAGE:
-if you want a clean install, WIPING ALL DATA, skip to step #8
-if you want to SAVE data, edit the FLASH ALL.bat file, REMOVING the -w (leaving just ONE space between the remaining text) and SAVE the file (reopen file to verify -w is removed)
Disabling Verity and Verification isn't required except for use with some custom kernels, but just rooting those custom kernels with the latest Magisk Stable v24.1 or higher should make them not require disabled Verity and Verification anymore. click HERE for more
8- Flash the factory image by typing FLASH-ALL
9- After the install, it will reboot into system, let everything settle, skip start up options and get to where you can download the latest MAGISK apk on your device (downloads folder)
***DISABLE MAGISK MODULES as some have reported issues caused by some active modules***
10- Connect your device and PC and put the extracted BOOT.img file (from the CURRENT factory image you are flashing FOUND IN THE SECOND ZIP FOLDER) that you placed on your PC, put it on your mobile device where you can easily find it (I created a folder FILES TO FLASH)
11- Install Magisk (use Canary 24310 linked above), follow instructions to allow files like this to be installed) ***DISABLE MAGISK MODULES as some have reported issues caused by some active modules***
12- Open Magisk and choose SELECT AND PATCH FILE (select the BOOT.img you just put on your device
13- Copy the new PATCHED BOOT.img from your download folder back into your PLATFORM TOOLS folder where the fastboot application is located on your PC
14- Boot device into fastboot/bootloader, connect device and PC
15- Type CMD in address bar and verify fastboot connection (step 4)
16- Type fastboot reboot bootloader
17- Type fastboot flash boot --slot=all (drag and drop patched boot.img here) OR type in the file name magisk_patched-xxxxxxxxxx.img)
18- Reboot into System
UPDATE Factory Image WITHOUT Wiping Data:
1- Within the Platform Tools folder, find the FLASH-ALL (.bat) file
2- Open it with text editor and remove the -w (keep ONE space between remaining text, SAVE file, reopen to verify -w is removed)
3- Verify FASTBOOT DEVICES by typing CMD in the address bar of the same platform tools folder
4- Type FLASH-ALL
5- Let it boot into system and settle for a minute
6- Patch the boot image (follow steps 10, 12 -18 above)
*** Thanks to V0latyle, roirraW "edor" ehT, and Lughnasadh for the foundations of these instructions! ***
Please let me know if any part of this process is incorrect, has been updated, or is no longer necessary

This is great, it's been like 7 years since I last rooted. Can you also do one for OTA step by step?

dipole said:
This is great, it's been like 7 years since I last rooted. Can you also do one for OTA step by step?
Click to expand...
Click to collapse
+1
Your guide is exactly what I have been summarizing in one of the threads already.
They keypoint now is on how to apply monthly updates without wiping the phone all the time while also still getting root

Az Biker FTW! Good to see you here buddy! (I remember you from the Pixel 2/4 XL forums)

Thanks @Az Biker! I'll update the OP of my thread to link to this thread just as soon as I can find the time.

dipole said:
This is great, it's been like 7 years since I last rooted. Can you also do one for OTA step by step?
Click to expand...
Click to collapse
I've never done the OTA method, so I don't have a step by step for that. Sorry.

How can I re-lock the bootloader?
I'm getting a "command error" with fastboot flashing lock

dipole said:
This is great, it's been like 7 years since I last rooted. Can you also do one for OTA step by step?
Click to expand...
Click to collapse
You can find the OTA sideload method here...
[GUIDE] Pixel 6 Pro "raven": Unlock Bootloader, Update, Root, Pass SafetyNet
⚠️⚠️⚠️ WARNING! IF YOU ARE UPDATING TO ANDROID 13 FOR THE FIRST TIME, READ THIS FIRST!⚠️⚠️⚠️ If you are looking for my guide on a different Pixel, find it here: Pixel 3 Pixel 3XL Pixel 3a Pixel 3aXL Pixel 4 Pixel 4XL Pixel 4a Pixel 4a (5G)...
forum.xda-developers.com

Maybe it makes more sense to combine and improve upon existing tutorials, instead of creating a load of new ones. It's getting a bit confusing here, ESPECIALLY since we don't have any sub-threads/forums.
Why is that, anyway? it makes sifting through threads here a nightmare, since you have to scroll through dozens of threads to find one that suits your interest. Instead of just giving us, like, an overview labeled "mods", "kernels", "camera", "discussion", "flame" - like, in every other previous XDA Pixel forum?!

Morgrain said:
Why is that, anyway? it makes sifting through threads here a nightmare, since you have to scroll through dozens of threads to find one that suits your interest. Instead of just giving us, like, an overview labeled "mods", "kernels", "camera", "discussion", "flame" - like, in every other previous XDA Pixel forum?!
Click to expand...
Click to collapse
Did you see the responses about this subject starting here?
Personally, I haven't had a problem with the way they're doing the forums now. The Quick Filters at the top have been good enough for me when I want to concentrate on one of those particular types of posts.
FYI, although I'm a proponent of the new way, I'm not particularly against the old way. That's what I got used to, too, but things change.

roirraW edor ehT said:
Did you see the responses about this subject starting here?
Personally, I haven't had a problem with the way they're doing the forums now. The Quick Filters at the top have been good enough for me when I want to concentrate on one of those particular types of posts.
FYI, although I'm a proponent of the new way, I'm not particularly against the old way. That's what I got used to, too, but things change.
Click to expand...
Click to collapse
Good to know. Nope, I did not notice that. And I don't really like the filters. I'm used to , uhm, use XDA on my PC with multiple monitors, and the old style forums allowed me to just middle mouse button Press every sub forum, enabling me to open all of them in separate browser threads in the course of a second, which made quickly tabbing / shifting through sections /threads extremely quickly / efficient, at least for someone used to that kind of usage. Now I'm stuck with the heck load of filters and that just slows down the way I browse by factor three, if not more.
This new system is also quite confusing. Back in the days whenever you open a sub forum, you had an easily distinguishable sort of sticky threads. Now it just feels all cluttered together. It made browsing XDA less fun and it just feels tedious.

vibrantliker said:
How can I re-lock the bootloader?
I'm getting a "command error" with fastboot flashing lock
Click to expand...
Click to collapse
Check to be sure you only have one space between each word, and no typos.
I believe fastboot oem lock will work as well.
Make SURE you are running a stock, factory image before doing this (just in case you weren't aware).

Morgrain said:
...use XDA on my PC with multiple monitors, and the old Style forums allowed me to just middle mouse button Press every sub form to me to open all of them in separate browser threads, which made quickly tabbing / shifting through sections /threads extremely quickly, at least for someone used to that kind of usage.
Click to expand...
Click to collapse
Ha! Now that you've reminded me, I used to do the exact same thing here (I too middle mouse button, in general, a lot). Maybe it's been beneficial to me that I've barely had any activity on XDA for the last five years, and especially the last three years.

Thank you, however readability is very bad on a light background. Please change font color.

Tomatot- said:
Thank you, however readability is very bad on a light background. Please change font color.
Click to expand...
Click to collapse
Changed the font to "brown", let me know if that helps with the light theme.
I'm on Xda-dark and hadn't thought about the readability using light theme, thanks!

Az Biker said:
Changed the font to "brown", let me know if that helps with the light theme.
I'm on Xda-dark and hadn't thought about the readability using light theme, thanks!
Click to expand...
Click to collapse
I thought of that, that's why I dared to mention it.
It's better indeed!

Morgrain said:
Maybe it makes more sense to combine and improve upon existing tutorials, instead of creating a load of new ones. It's getting a bit confusing here, ESPECIALLY since we don't have any sub-threads/forums.
Why is that, anyway? it makes sifting through threads here a nightmare, since you have to scroll through dozens of threads to find one that suits your interest. Instead of just giving us, like, an overview labeled "mods", "kernels", "camera", "discussion", "flame" - like, in every other previous XDA Pixel forum?!
Click to expand...
Click to collapse
Sorry for the late response.
FILTER TABS (new way) vs Sub Forums (old way):
Look at it this way:
You're grocery shopping online, and you want to browse the candy bar selection. The store has candy bars in several areas, not just in one place, so now you have to look through pages and pages of all the available product.
Rather than try to scroll through everything in the store to just find the candy bars, you click the CANDY BAR filter tab, and ONLY the candy bars are visible now.
So even though they aren't technically in one single area of the store, you can only see the candy bar selection on your page.
That's how the new forum works. Want to only see Development threads? Click the DEVELOPMENT tab at the top of the device forum.

@Az Biker
could you please make the guide for update factory image with out wiping. and keep root. please please please.

Lw00d said:
@Az Biker
could you please make the guide for update factory image with out wiping. and keep root. please please please.
Click to expand...
Click to collapse
That would be awesome. Just looking around for that as well.

Is it possible to get root without wiping? Currently I only have the bootloader unlocked and I'm on .036

How To Guide Guide to Lock Bootloader while using Rooted GrapheneOS (Magisk Root)

This guide is intended to help people to achieve having a Pixel 6 Pro using GrapheneOS with Root (using Magisk) and a Locked Boot Loader
Though it should be possible to do this with any device that GrapheneOS officially supports.
Do not ever disable the OEM unlocking checkbox when using a locked bootloader with root. This is critically important. With root access, it is possible to corrupt the running system, for example by zeroing out the boot partition. In this scenario, if the checkbox is turned off, both the OS and recovery mode will be made unbootable and fastboot flashing unlock will not be allowed. This effectively renders the device hard bricked.
I am not responsible for any harm you may do to your device, follow at your own risk etc etc, Rooting your device can potentially introduce security flaws, I am not claiming this to be secure.
Simple method without building from source Although I highly recommend building Graphene yourself,
All you really need to do is patch the official OTA released by graphene using AVBRoot
Simply flash the official factory graphene build, then your patched OTA, then flash the avb_pkmd.bin you created following the instructions for AVBRoot and you can lock the bootloader, with patched rooted graphene.
You will need to patch each new OTA to update and sideload the update as explained HERE Flash it to Both Slots
Better Method, But requires more time and a decent computer
Only Recommended for people with experience things building from source
The first step is to build GrapheneOS from its sources or to use AVBRoot on official builds. I will include some of the information specific for Pixel 6 Pro to help with the build process
Part one, follow this guide to build GrapheneOS from source
You will want to build a Stable Release using the TAG_NAME
Code:
TP1A.221105.002.2022111000
this an EXAMPLE Tag for the Pixel 6 Pro
Find the Latest tag on the Releases page https://grapheneos.org/releases#raven-stable
Build the Kernal for Raviole (6th generation Pixels) and follow all the instructions there
When it comes to the step of "Extracting vendor files for Pixel devices"
The DEVICE is
Code:
raven
and an Example of the BUILD_ID is
Code:
tp1a.221105.002
Check the TAG_NAME for the Latest BUILD_ID
Continue to follow the guide until completion, creating your own Keys during the process
I do recommend testing to Lock the Boot Loader, Just to see if you are able to
In my experience if the pixel does not detect a valid signed boot etc, it will not allow you to lock the bootloader
So if it brings up the screen on your phone where you can confirm the locking of the bootloader
at this stage you can just select No / Do not lock
To build with a specific BUILD_NUMBER use the command
Code:
export BUILD_NUMBER=2022112500
Replacing the number with what matches the version you are attempting to build
Remove the encryption from keys/raven/avb.pem that was created for Graphene so that you can use it with AVBRoot
Use the script
Code:
script/decrypt_keys.sh
https://grapheneos.org/build#encrypting-keys
And set a copy of the key aside for the next steps.
Use the following process to create the correct keys for AVBRoot & GrapheneOS
Use the avb.pem you decrypted in the last step
Convert the avb.pem to avb.key with the following command
Code:
openssl rsa -outform der -in avb.pem -out avb.key
Then clone the avb.key and rename it to ota.key
as it says "The boot-related components are signed with an AVB key and OTA-related components are signed with an OTA key. They can be the same RSA keypair, though the following steps show how to generate two separate keys."
Convert the public key portion of the AVB signing key to the AVB public key metadata format. This is the format that the bootloader requires when setting the custom root of trust.
Code:
PATH/TO/avbroot/external/avb/avbtool.py extract_public_key --key avb.key --output avb_pkmd.bin
Generate a self-signed certificate for the OTA signing key. This is used by recovery for verifying OTA updates.
Code:
openssl req -new -x509 -sha256 -key ota.key -out ota.crt -days 10000 -subj '/CN=OTA/'
I also edit the "CN" to match what I used earlier when I generated the keys for Graphene
I am not entirely certain what other of the keys I should use instead, I think this is the best approach for now
as it creates all the keys it requires and this process works for me
Copy the OTA (raven-ota_update-*.zip) from the folder where you have your own Factory Graphene Build and use this with AVBRoot
Then you will have all the keys and files you need to continue the guide and use the AVBRoot script
Now it's time to follow the instructions Here https://github.com/chenxiaolong/avbroot
To create a full factory installer, Intall it and lock the bootloader.
When you are done with AVBRoot and you have the boot.img, vbmeta.img and vendor_boot.img
All patched and signed by AVBRoot, Take a factory image from your Graphene Build and Extract it anywhere
Open the image-raven-*.zip with an Archive manager
Delete the existing boot.img, vbmeta.img and vendor_boot.img files and replace them the patched ones
also replace the avb_pkmd.bin with the one you have created in the previous steps for AVBRoot (might work without this step)
Finally, you are able to run the flash-all.sh and then lock the bootloader
Code:
./flash-all.sh
Code:
fastboot flashing lock
Updating is very simple, Once you use AVBRoot to create the Patched OTA.zip
you can reboot to recovery and flash the patched ota.zip with adb sideload
Code:
adb sideload raven-ota_update-*.zip.patched
https://grapheneos.org/usage#updates-sideloading
Creating the patched full factory installer is not required if you simply flash the avb custom key and the patched OTA zip before locking the bootloader, after flashing the unpatched full system install build
This for me allowed me after much struggle to achieve a Rooted, Locked Boot Loader using GrapheneOS and Magisk
Now though with this guide worked out, I think it should be quite easy for anyone with basic terminal knowledge to accomplish.
Something to note is that GrapheneOS does Not Pass the CTS Profile integrity check
and I do Not Pass the Play Integrity API Check currently, Neither the Basic or Strong check
But I can pass the Basic attestation Safety Net test when using the patched SafetyNet Fix
Further testing is needed and welcomed to try and pass SafetyNet and Play Integrity
To Be Clear, Although it already should be, This is NOT Modifying the official Graphene OS Sources, it is simply using them as a SOURCE for a GUIDE, You build it using unmodified grapheneOS source code so it is an unnofficial build according to their website
Sources: GrapheneOS, AVBRoot, Magisk
PayPal Donation Link

I highly recommend using your own build that is signed with your own keys that you can keep secure!
I make no promises to provide any updates to this rom at this time
Here more as a proof of concept that it works and updates are possible
Latest builds moved to: Unofficial GrapheneOS, Magisk Patched for Pixel 6 / 6 Pro

This really is quite cool man. Maybe I'll try this on my new P7P. This way we have everything. Well Done!
How would you update the rom? Repeat the whole process?

Spl4tt said:
This really is quite cool man. Maybe I'll try this on my new P7P. This way we have everything. Well Done!
How would you update the rom? Repeat the whole process?
Click to expand...
Click to collapse
I haven't worked out updating yet but all it requires is patching an updated OTA with AVBRoot in theory
I have been quite busy irl and haven't had much time to play around with it, if you do figure it out then please let me know

Spl4tt said:
This really is quite cool man. Maybe I'll try this on my new P7P. This way we have everything. Well Done!
How would you update the rom? Repeat the whole process?
Click to expand...
Click to collapse
now that I have had time to do it, Updating was very easy
I have also updated and improved the process for getting and creating the correct keys used for signing
After updating it booted normally, still rooted, no apparent problems or issues

New Release 2022111000
Changes since the 2022110800 release:
remove TrustCor Certificate Authority due to malicious domain squatting and ties to entites involved in surveillance which should have very little impact on web compatibility due to this CA barely being used by anyone other than a specific dynamic DNS provider
ignore wireless alert channels being marked as always-on to prevent channel configuration overriding presidential alert toggle
GmsCompatConfig: change app label from "GmsCompat config" to "GmsCompatConfig"
GmsCompatConfig: disable TelecomTaskService to resolve sandboxed Google Play services crash caused by feature flag
kernel (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a): update base kernel to Android 13 QPR1 Beta 3 to ship the December security update early
Vanadium: update Chromium base to 107.0.5304.105
Download Moved to https://forum.xda-developers.com/t/...magisk-patched-13-raven.4518953/post-87728629

Hey, thanks for the excellent guide, this is all about to be applicable to me
I have run into a small issue though, when generating the avb.key, openssl gives me an unsupported error
openssl rsa -outform der -in avb.pem -out avb.key
routines:ssl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
Unable to load certificate
I am wondering if since I didn't put a password on the keys if that caused an issue. I tried encrypted/decrypted, same issue. It's a fresh arch linux install, so packages are up to date.
Thanks!

Wouldn't rooting GrapheneOS decrease the security of the operating system, a key aspect that Graphene is designed to improve? Seems like that defeats the purpose of using it in the first place.

holofractal said:
Hey, thanks for the excellent guide, this is all about to be applicable to me
I have run into a small issue though, when generating the avb.key, openssl gives me an unsupported error
openssl rsa -outform der -in avb.pem -out avb.key
routines:ssl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
Unable to load certificate
I am wondering if since I didn't put a password on the keys if that caused an issue. I tried encrypted/decrypted, same issue. It's a fresh arch linux install, so packages are up to date.
Thanks!
Click to expand...
Click to collapse
Thank you, I am glad that it has been helpful for you, I have not encountered that error myself but I did use a password initially for the steps to create the keys for Graphene, I don't think this should matter though
If you don't mind and are able to, can you create another copy of the avb.pem, see if the problem still occurs and share it with me if it does, so I can test if I get the same error when I use your .pem
EonOfBlack said:
Wouldn't rooting GrapheneOS decrease the security of the operating system, a key aspect that Graphene is designed to improve? Seems like that defeats the purpose of using it in the first place.
Click to expand...
Click to collapse
I do clearly say in the first post
> Rooting your device can potentially introduce security flaws, I am not claiming this to be secure.
I don't believe just using magisk is really such an issue, you are able to deny root from any applications you don't want to use it
it is possible there are unknown security vulnerabilities in magisk, but that's the same with anything.
Even though it may introduce some potential security vulnerabilities that Graphene combats against
I believe it should be everyones choice to use root and lock their boot loader if they choose to do so

holofractal said:
routines:ssl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
Unable to load certificate
Click to expand...
Click to collapse
This problem appears to be related to this https://github.com/openssl/openssl/issues/14100#issuecomment-847125920

A great and helpful guide!
Thank you, dear FireRattus
​

FireRattus said:
This problem appears to be related to this https://github.com/openssl/openssl/issues/14100#issuecomment-847125920
Click to expand...
Click to collapse
openssl x509 -outform der -in avb.pem -out avb.crt
It was this command
Code:
openssl x509 -outform der -in avb.pem -out avb.crt
Could not read cert etc. of certificate from avb.pem
4087C8C0777F0000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
Following grapheneos's guide, that is generated with:
openssl genrsa 4096 | openssl pkcs8 -topk8 -scrypt -out avb.pem

I think the root of this issue is that the pkcs8 avb.pem is an RSA private key, and the command you specified is expecting a certificate.
At any point in time do you use the crt made by Copy the avb.pem and convert it to .crt with this command step?
So if I read over everything right, I believe the solution here would be to use
openssl req -new -x509 -sha256 -key avb.key -out avb.crt -days 10000 -subj '/CN=AVB/'
But since avb and ota can be the same key, then presumably avb.crt and ota.crt could be the same as well? I get my pixel 7 tonight. I'll try and report back.

I may have accidentally made a mistake like that in the guide, I am not able to test it at the moment but would love to know what works for you

FireRattus said:
I may have accidentally made a mistake like that in the guide, I am not able to test it at the moment but would love to know what works for you
Click to expand...
Click to collapse
So you don't even need that last section.
There are some small differences for the pixel 7 though, but it was easy enough.
I have to say, building grapheneos was the easiest time I've ever had building a ROM. Not once did I have to go on Google fishing for answers. Flashing the ROM and relocking the bootloader took less than 10m, even with root.
This is why I switched to a pixel. I am too old and don't have the time to sit here and fiddle with my phone for hours on end anymore. I need things to just work.
This is as close as you are going to get to first party level support with aftermarket software, but I still care about privacy.
I'll do a write up later so other's don't have the same issues as me, but thanks for getting me started!

holofractal said:
So you don't even need that last section.
There are some small differences for the pixel 7 though, but it was easy enough.
I have to say, building grapheneos was the easiest time I've ever had building a ROM. Not once did I have to go on Google fishing for answers. Flashing the ROM and relocking the bootloader took less than 10m, even with root.
This is why I switched to a pixel. I am too old and don't have the time to sit here and fiddle with my phone for hours on end anymore. I need things to just work.
This is as close as you are going to get to first party level support with aftermarket software, but I still care about privacy.
I'll do a write up later so other's don't have the same issues as me, but thanks for getting me started!
Click to expand...
Click to collapse
I am really glad that the process could be made so smooth and simple for you
I did spend a long time trying to get a rooted grapheneOS with a locked boot loader before I managed to finally work it out, thanks mostly to the developer of AVBRoot, their script is the essential part which has made this so easy
with my internet troubles as well it ended up taking me a few weeks from when I initially started trying to when I was able to lock the booloader with root successfully
Now that I have it all worked out though, I can update and patch it in very little time
Although I did write this guide for the Pixel 6 I would be happy to include any additional information which could be helpful for people using other pixels, I am just not able to test and verify the information myself on other devices
and you don't need the last section? the part where I create a full patched installer ? I did think about this, just using the patched OTA to update the rom should also work to get you root with a locked bootloader if you first flash the full installer you built yourself
I think this is possibly a better way of doing it, but I like also having the patched full installer
I would like to hear peoples opinions and what works best for them.

holofractal said:
I think the root of this issue is that the pkcs8 avb.pem is an RSA private key, and the command you specified is expecting a certificate.
At any point in time do you use the crt made by Copy the avb.pem and convert it to .crt with this command step?
So if I read over everything right, I believe the solution here would be to use
openssl req -new -x509 -sha256 -key avb.key -out avb.crt -days 10000 -subj '/CN=AVB/'
But since avb and ota can be the same key, then presumably avb.crt and ota.crt could be the same as well? I get my pixel 7 tonight. I'll try and report back.
Click to expand...
Click to collapse
I have tested it now and the last command I had to create the files was an unnecessary step I left in by mistake, I have updated and corrected the guide so that now people should be able to use those commands without error to create the required files for AVBRoot
there should be no need to have an avb.crt and if there is, then the ota.crt should suffice
I believe it was this change to AVBRoot which led to me making this mistake
Merge pull request #3 from tnagorran/master · chenxiaolong/[email protected]
Update README.md
github.com

FireRattus said:
I am really glad that the process could be made so smooth and simple for you
I did spend a long time trying to get a rooted grapheneOS with a locked boot loader before I managed to finally work it out, thanks mostly to the developer of AVBRoot, their script is the essential part which has made this so easy
with my internet troubles as well it ended up taking me a few weeks from when I initially started trying to when I was able to lock the booloader with root successfully
Now that I have it all worked out though, I can update and patch it in very little time
Although I did write this guide for the Pixel 6 I would be happy to include any additional information which could be helpful for people using other pixels, I am just not able to test and verify the information myself on other devices
and you don't need the last section? the part where I create a full patched installer ? I did think about this, just using the patched OTA to update the rom should also work to get you root with a locked bootloader if you first flash the full installer you built yourself
I think this is possibly a better way of doing it, but I like also having the patched full installer
I would like to hear peoples opinions and what works best for them.
Click to expand...
Click to collapse
Oh I meant the part about avb.crt.
As for differences, if you follow the pixel 7 section on grapheneos build guide, that will suffice. Also, instead of boot.img, you flash init_boot.img.
I did also make myself an OTA and flashed it through adb, and that worked great. I want to try making my own OTA server to do away with flashing via PC. I have other family on graphene now too, so it wouldn't be all that effort just for myself.

holofractal said:
Oh I meant the part about avb.crt.
As for differences, if you follow the pixel 7 section on grapheneos build guide, that will suffice. Also, instead of boot.img, you flash init_boot.img.
I did also make myself an OTA and flashed it through adb, and that worked great. I want to try making my own OTA server to do away with flashing via PC. I have other family on graphene now too, so it wouldn't be all that effort just for myself.
Click to expand...
Click to collapse
I did end up figuring out that is what you probably meant. since the differences for the pixel 7 are essentially in the graphene build guide, I don't think any changes are really necessary for the guide, I do recommend just following the official guide for that part, I just include some information to help make that process a bit easier for peoples first time building the rom
for me, it wasn't very clear what the TAG_NAME and BUILD_ID were supposed to be as they didn't provide examples, but a little bit of trial and error helped me work it out
Although, since you flash init_boot, does that init_boot get patched by avbroot?
I would also like to setup an OTA server, although I don't really have the funds to do that at the moment

Guide has been updated with a much simpler method thanks to https://forum.xda-developers.com/m/boom15.11870611/
I haven't tested it myself but it was pointed out, that for those who want to
All you need to do is use AVBRoot to patch the official OTA's provided by Graphene following the instructions in the readme here https://github.com/chenxiaolong/avbroot
I did think this should be possible, but I still recommend building it from source yourself if you are able to

Meberry M7 - Unisoc Tiger T310 - Root, TWRP, +Info, etc.

Little review and tablet issues:​
This is a 2020 Tablet, that was launched with Android 11, and the last security patch was December 2021.
Hardware
It packs an UNISOC Tiger T310, basically 1 ARM A75 and 3 A55
4 GB RAM and 64 GB ROM
Build Number: BND_M7_EEA_2022101408 (comment if you have a different build number)
Pretty standard Chinese Tablet with Unisoc proc.
The battery is theoretically 8000mAh, but at least mine, through calibration, has reported less than 5000 mAh. Still, I have to do some extra tests to see if it goes better.
Priced around $100, it's simply a nice cheap tablet, very insecure with an old patch.
Still, I know there are a few owners of this piece of s**t so I would like to join forces and see if we can set Magisk and TWRP at least (100% unlikely to get a new Android 12 or 13 ROM but who knows?
Development: Rooting, Recovery, ROMS​I would like to create a comprehensive list of Rooting, recovery, possible ROMS, that may appear for this recent tablet in the future. The tablet is an Unisoc underdog so we might have to wait a bit until other users start to find some value in this budget powerful tablet, despite of the caveats we have already found.
Progress so far
Unlocking Bootloader
TWRP
Root - Magisk
Unlocking Unisoc Bootloader​
Remember: there is a risk of bricking the tablet!
This will do a full wipe to your Tablet, so remember to back up your data before doing so
1. First, you need to configure ADB and enable Developer Options. This is mostly the same as any other Android device. Also enable in developer options OEM Unlocking and USB Debugging
2. Check if "adb" command is working and do a "adb reboot bootloader"
3. In bootloader, run "fastboot oem get_identifier_token" and take note of the number (beware because it can be in two lines). Something like:
(bootloader) Identifier token:
(bootloader) 30216010214012394021
(bootloader) 3261
OKAY
Click to expand...
Click to collapse
4. Now you need Linux. Do a USB Live with Ubuntu for example. Boot into your Linux system
5. Download this file.
6. You will need to extract it and do writable both fastboot and signidentifier_unlockbootloader.sh (chmod +x name_of_file)
7. Then run: signidentifier_unlockbootloader.sh Your_Identifier_Token rsa4096_vbmeta.pem signature.bin
8. Then run: fastboot flashing unlock_bootloader signature.bin
If you did things right, it will take from 2 to 5 minutes, erase your data and end with a message: "Unlock bootloader success". Otherwise, you did something wrong.
Rooting the table with Magisk​This is my main target currently. I hope I will find something soon.
TWRP process​At this moment we don't have a TWRP or any other recovery compatible with this hardware, stay tunned.
Official ROMs​* Nothing found so far
Changelog​2022/12/17 - First draft