Related
Changelog:
V5.23 Fix for Android 6 (Freeze on boot logo)
Installation of kcal kernel module for supported kernels. Get the app from https://forum.xda-developers.com/android/software-hacking/dev-kcal-advanced-color-control-t3032080
V5.22 Bug in the vendor overlay creation. Existing directories (like /vendor/bin) have not been replicated correctly
V5.21 Fix issue when running on Linux (some CR/LF)
Patch libsepol in bootimg for backwards compatibility with Android 6
V5.20 Support for superuser as an alternative to SuperSU (https://github.com/phhusson/Superuser)
Fix for the missing internal storage link in TWRP
V5.11 Support for Android 7.0
Fix in the overlay layout which could prevent some libraries from loading and cause battery drain
V5.1 Support for Android 7.0
Updated bootimg to deal with Android 7.0 policies
New tool inside bootimg for adding new contexts to binary file contexts
New system overlay layout due to a more restrictive linker in Android 7
V5.0 New system overlay method using the /vendor directory. As this directory is also in the library search path even libraries can be easily replaced without modifying the system partition
System-less SuperSU integration improved (Version 2.76 or higher recommended)
System-less xposed integration (using the standard distribution)
Support for 32.A.0.253
V4.51 Fix for awk script for Linux kernel version detection when running on Linux
V4.5 Fixed adb and mtp file access in TWRP for 32.2.A.0.224
V4.42 Added support for Z2 (Sirius) and TWRP fstab fix for leo and aries (thanks to waleedsq81)
V4.41 Fixed issue with Y/N choice on non-english Windows. Added support for Z3 (leo)
V4.4 Support for Z3+/Z4, Tablet Z2, Tablet Z3 and Tablet Z4 added (Z4 still has an issue with TWRP, but DRM fix works)
SuperSU integration reworked in order to need less SELinux exceptions and to be more secure
All tasks can now be individually selected. Therefore there is no separate DRM only script required
V4.31 Renabled Z5P (satsuki) and Z5C (suzuran) for TWRP and drmfix
V4.3 Support for older Lollipop added
Script execution for Linux fixed
V4.24 Fix for for a bug in SuperSU integration in V4.23
V4.23 Fix for repacking 3rd party kernel (Some permissions were on custom directories were lost)
V4.22 Bugfix for readta (flash_dk reported unit not)
V4.21 Fix for the Linux binary of bootimg
V4.2 Updated TWRP to 3.0.2
V4.1
Fix for WideWine (if you have your device key) Thanks a lot to goofnorf101 for testing
unpackinitfs and makeinitfs in my bootimg tool now maintain date/time of files correctly
Automatic SuperSU installation
V4.0
Fix for older kernels (Lollipop)
Binary for Linux (The older version had the ARM version packaged)
Device is not stored in the kernel image anymore
TWRP updated to version 3.0.1
FAQ - Please read
Is is possible to have root with locked bootloader?
Short answer: no
Long answer: The locked bootloader only boots unmodified kernel packages signed by Sony. The stock kernel only mounts unmodified /system partitions (dm-veritiy) -> No modification without unlocking
So any change to the kernel (like this script) or system partition requires unlocked bootloader
What is dm-verity?
A hash checksum on all blocks of a filesystem in order to verify the integrity
What is Sony RIC?
A protection to avoid mounting the root filesystem or system read/write
What happens if I unlock my bootloader
The device key (TA unit 0x1046b) will be wiped, which deactives everything DRM related. In addition a full wipe of your phone will be perfomed.
So extract your TA partition before with this great tool http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597 from zxz0O0
If you already unlocked the bootloader before, then at least the credentials will be restored, which will reactivate stuff like x-reality and camera de-noise
Why do I need to flash my device key?
Without your device only some functions can be reactivated, like x-reality. Other functions like widevine do not work with out your device key.
How do I enter TWRP recovery?
Restart your phone and press the volume key up as soon as the LED switches to yellow
I want to use a custom kernel with the DRM fix
Just say "N" to all other options. Nevertheless be prepared for problems if the custom kernel does not match your Android version.
What should I do if there is an update to this script?
First check if you really need to run this update by checking the changelog. E.g. if it says binary for Linux fixed and you are using Windows then probably you don't care. If you did not change your Android version then all you have to do is to update the kernel package with fastboot flash boot. If you do not use the automatic SuperSU integration then you have to reinstall SuperSU in TWRP.
This tool repacks an existing kernel package (usually the stock kernel) in order to make it rootable and adds TWRP recovery as well. Version 4 has been succesfully tested with LP and MM.
In particular it adresses the following issues:
DM-Verity: Android is now using dm-verity to verfy the integrity of the system partition. Until you switch it off your phone won't boot after modifying /system
SONY RIC: RIC is blocking the write access to the system partition
DRM Keys: After unlocking the bootloader your device key is wiped, which deactivates some functionaliy. E.g. x-reality, denoise in camera aso.
Recompiling the kernel is not required as only the init ramdisk needs to be modified. You can run these scripts either in Windows or Linux.
Thanks to the excellent work of zxz0O0 you can now backup the TA partition before unlocking the bootloader with this tool http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
If you managed to backup your TA partition before you unlocked the bootloader then this version will fully reactivate your keys as well. (many thanks to addicted1900 for helping me with the testing)
As there has been some confusion I would like to point out one more time that you cannot run any kernel package which is not signed by Sony without unlocking the bootloader. So this works only with unlocked bootloader.
As it seems that it is not clear to everyone I also want to mention that <...> is a placeholder. E.g. <extracted kernel> means that you should replace it with then name of your extracted kernel, which could be kernel.elf
There was a report that having SuperSU in the system partition installed may lead to a bootloop. Therfore you shoud first install the bootimage created by this script and then install SuperSU afterwards, as it will then use the system-less strategy.
In order to use these scripts you need the kernel boot image of your current version. There two different ways to obtain it:
Method1:
If you have a .ftf image then open it with zip application (7Zip, WinZip, Windows Compressed Folder) and extract kernel.sin. Afterwards use Flashtool -> Tools -> SIN Editor to extract the kernel. You should end up with the boot image with extension .elf.
Method2:
Run your favourite recovery and connect via
Code:
adb -d shell
Now run
Code:
find /dev -name boot
dd if=<output of the find command before> of=/sdcard/kernel.img
Once you have the kernel image you are ready to use the script.
The newest version support superuser as an alternative to SuperSU. This is available open source and can be verified. In order to integrated you need the current superuser.zip from http://superuser.phh.me/superuser.zip and to be install the app afterwards from Google Play (look for superuser phh) or build it yourself from github.
To integrate the kernel part just place superuser.zip in the rootkernel directory.
You can also still use SuperSU, although it is causing a huge battery draining on my Z5 with Android 7.0 If you place SuperSU in the same directory (SuperSU*.zip, case sensitive) then it will be also installed automatically . It did all the tests with 2.76, but newer versions should work as well. Please be aware that you can not update SuperSU within the application. For a newer SuperSU version you need to rerun the script.
If you want to integrate xposed as well just place the distribution for you device and Android version in the same directory. (e.g. xposed-v86-sdk23-arm64.zip). Only support with Android 6.0 (sdk 23) and higher.
xPosed for Android 7.0+ is still not available.
Code:
rootkernel <extracted kernel> boot.img
You are prompted for several choices:
Sony RIC is enabled. Disable?
I prefer not to disable it in order to keep my phone more secure. Unfortunately there are a lot of bad guys in this world and SELinux and RIC still can save us if someone discovers a new kernel exploit.
Sony RIC basically prevents mounting the /system partition for write. You can still modify it in recovery of of course, but if you require write access to /system without entering recovery then you need to disable it.
Install TWRP recovery? Here you should say yes unless you are trying to patch a non-stock kernel, which comes already with a recovery
Install busybox? For security reasons I prefer not to install. In recovery you have it anyway. This choice is only available if you chose install TWRP
Found SuperSU-v....zip. Install? Integrates SuperSU. For this option to show up you have to place the SuperSU package into the same directory with the name SuperSU*.zip (case sensitive)
Found superuser.zip. Install? Integrates superuser. For this option to show up you have to place superuser.zip into the same directory (case sensitive)
# Make su permissive (Permits any action as su)? This only appears if you install superuser. Permissive means you can anything as root, without it is restricted mainly to file operations (sufficient for e.g. Titanium Backup)
Found xposed-v....zip. Install? Integrates xposed system-less. For this option to show up you have to place the xposed for your device and Android version into the same directory. (e.g. xposed-v86-sdk23-arm64.zip)
Install DRM fix? Installs the DRM fix. First it tries to use the device key which you flashed with flash_dk. If it does not exist it uses an alternative method which cannot fix everything (e.g. Widevine will not work, but X-reality, Camera denoise etc. will work)
Now put your phone into fastboot mode (Volume Up + connect USB) and then run:
To test it without actually flashing it:
Code:
fastboot boot boot.img
For flashing it:
Code:
fastboot flash boot boot.img
If you managed to backup for TA partition before then you can reactivate your original device key as follows:
Code:
flash_dk <ta backup image> DK.ftf
Flashing this file with flashtool will write your device key to an alternative unit, from where the drmfix library will pick it up.
This is a one-time task. It will survive a complete reset of the phone or Android system upgrade. The device key has a length of just 16 bytes, so it is correct that the resulting DK.ftf has a size of only aprox. 500 bytes.
If you like my work you can buy me a coffee
Some background information:
There are two main tools involved (for both Android and Windows)
- busybox
Probably everyone knows it
- bootimg
A multicall binary with several tools for unpacking and packing the boot image as well as adapting the SELinux policy. Part of the code is written by me from scratch, some other parts are cherry picked from other projects. I will also provide the source for it. As Windows doesn't have softlinks I modified the tools for unpacking and packing the init ramdisk to write text files with __lnk__ at the end instead.
Would be great if someone shared E6653 stock .200 kernel boot.img or flashable zip so we can try this out
Funkmasterchilla said:
Would be great if someone shared E6653 stock .200 kernel boot.img or flashable zip so we can try this out
Click to expand...
Click to collapse
Do you want the kernel.sin of stock . 200?
lordriguez said:
Do you want the kernel.sin of stock . 200?
Click to expand...
Click to collapse
I am downloading the whole firmware again from xperifirm. Thank you mate !
Edit: Working great! I'll stick to stock kernel now since Androplus' consumes more battery while asleep !
Edit2: I successfully flashed recoveries in command window from my PC but can't access TWRP at boot though, no LED flashing.
Edit3: Ok that's cuz there's no recovery boot script obviously, my bad. That's above my pay grade, if somebody is kind enough to create a stock. 200 with recoveries it'd be much appreciated PM me if so
Edit!: I flashed monx new stock based kernel
Thank you Tobias !
tobias.waldvogel said:
Hi everyone,
as most of you know, even after unlocking the bootloader there are a few more requirements before you can modify the system partition, i.e. install SuperSU, xposed etc.
- Android is now using dm-verity to verfy the integrity of the system partition. Until you switch it off your phone won't boot after modifying /system
- SONY RIC is blocking the write access to the system partition
The good news is, that it is not required to recompile the kernel. It is sufficent to modify the init scripts inside the init ram disk. So you can just stick to the stock kernel.
I created a package which precisely does this job for you. Just run it from TRWP after installing a new Android version
With this you don't have to wait anymore until someone creates the right kernel package for your phone
PS: It leaves a copy of the new boot image in the internal sdcard if you want to save it somewhere. (boot.img) It can be flashed with fastboot if required.
Click to expand...
Click to collapse
Hmm... I don't understand what this zip file do with phone.... Can you explain more primitive for me?!
Is that for recover stock kernel with stock drm keys?! I understand correct?!
zavpasha said:
Hmm... I don't understand what this zip file do with phone.... Can you explain more primitive for me?!
Is that for recover stock kernel with stock drm keys?! I understand correct?!
Click to expand...
Click to collapse
Before you can start to install thing like SuperSU and xposed you have to change the kernel, otherwise your phone won't boot anymore. In the past you had to wait for someone to come up with a compatible kernel for your phone, now this package just converts your existing kernel.
Regarding the DRM please install the package from the DRM restore thread.
Funkmasterchilla said:
I am downloading the whole firmware again from xperifirm. Thank you mate !
Edit: Working great! I'll stick to stock kernel now since Androplus' consumes more battery while asleep !
Edit2: I successfully flashed recoveries in command window from my PC but can't access TWRP at boot though, no LED flashing.
Edit3: Ok that's cuz there's no recovery boot script obviously, my bad. That's above my pay grade, if somebody is kind enough to create a stock. 200 with recoveries it'd be much appreciated PM me if so
Edit!: I flashed monx new stock based kernel
Thank you Tobias !
Click to expand...
Click to collapse
Thanks for the feedback. Future versions of this package will add TRWP as well. I am currently working on it.
tobias.waldvogel said:
Thanks for the feedback. Future versions of this package will add TRWP as well. I am currently working on it.
Click to expand...
Click to collapse
As promised the new package with TWRP is out
tobias.waldvogel said:
As promised the new package with TWRP is out
Click to expand...
Click to collapse
Great work thanks ,
How would I go about disabling the vibration for recovery?
Sent from my E6653 using Tapatalk
Well, the script which checks if recovery should be started is bin/init inside the zip. If you don't like the vibrate then just remove the line and run the package again
Gesendet von meinem E6683 mit Tapatalk
huh, so it is possible to have 2 recoveries at the same time? (and why would anyone want 2 recoveries? )
Three Recoveries are als possible
CWM, Phils Touch & TWRP
Sent from my E6653 @ XDA Portal
Sorry for being noob.
I miss my Oneplus one where things were so easy.
After unlocking BL what do i do with this zip.
Is it going to Root my phone and Install TWRP?
Thanks for help.
I flash the v2 and i got bootloop. 4 time red LED and the phone reboot and all over again. What's the problem?
Hi Tobias,
can you please build a v2 for the z5 compact too?
thx
stiffmeister
FakeSmile said:
I flash the v2 and i got bootloop. 4 time red LED and the phone reboot and all over again. What's the problem?
Click to expand...
Click to collapse
On which model did you use it and with which firmware version?
If you used flashtool before then you can just flash the kernel one more time (i.e. deselect everything else).
stiffmeister75 said:
Hi Tobias,
can you please build a v2 for the z5 compact too?
thx
stiffmeister
Click to expand...
Click to collapse
This should work on Z5 compact with stock kernel as well, without any change.
In case of any issues you can flash the kernel again via flashtool
If it did not work you can pass me the generated boot.img from your interal sdcard for further analysis
hi tobias,
i didn't try the v2, because i thought, that the twrp recovery wouldn't be compatible.
but when you say it's ok, than i'll try it
br
stiffmeister
stiffmeister75 said:
hi tobias,
i didn't try the v2, because i thought, that the twrp recovery wouldn't be compatible.
but when you say it's ok, than i'll try it
br
stiffmeister
Click to expand...
Click to collapse
I flashed zombie kernel without making backup of stock kernel, can you share it with me so I can try this method (I doubt it will work on zombie)
ps : I have .200 fw
tobias.waldvogel said:
On which model did you use it and with which firmware version?
If you used flashtool before then you can just flash the kernel one more time (i.e. deselect everything else).
Click to expand...
Click to collapse
E6653 on .200 firmware
I've been waited for Magisk v21 released by John Wu this morning, but I ran into some problems
What I've done
- download stock image file from Google official site
- follow the instruction given by John Wu at GitHub wiki
- run command
Code:
adb shell magisk --remove-modules
- when i flash the patched boot.img file, it stuck on the *G logo* with progress bar under it.
- After a certain period of time, it comes back to bootloader with a prompt saying: "no valid slot to boot".
What i've tried:
- redo all processes, no working
- switch active slot to both a & b, none working
- re-patch the stock boot.img file use different Magisk Manager version. The ones i tried: v8.0.0-Beta(offers Magisk v21), v8.0.0-Stable(offers Magisk v20.4), Canary version (offers Magisk Canary who claims to support android 11)
- change the command
HTML:
fastboot flash boot ***.img
to
HTML:
fastboot flash boot_a ***.img
&
HTML:
fastboot flash boot_b ***.img
then run
HTML:
fastboot reboot
. same result as said before
Basic info:
- Device: Pixel 3 (blueline), android 11 (build number RP1A.200720.009), latest android security update & Google play system update.
- Magisk: Magisk Manager v8.0.0 (released hours ago), Magisk v21 is suppose to be installed
Is patched boot.img filesize ~32 or ~64mb?
I ran into the same problem. My phone is a Pixel 2 XL running Android 11. However, I was not patient enough to wait for the "no valid slot to boot" message. After waiting for 5-10 minutes, I did a factory reset.
I followed the installation instruction that were posted by John Wu.. (As a new user, I am not allowed to post an outside link)
The displayed Magisk installation messages do not suggest a problem:
- Device platform: arm64-v8a
- Copying image to cache
- Unpacking boot image
- Checking ram disk status
- Stock boot image detected
- Patching ram disk
- Repacking boot image
***************************
Output file is written to
/storage/emulated/0/Download/magisk_patched.img
***************************
- All Done!
The boot.img and magisk_patched.img files have both a file size of 41943040 bytes. This is a different from previous Magisk version. For instance, with Magisk 20.4 and Android 10, the file sizes of boot.img and magisk_patched.img were 41943040 and 25747456, respectively. Thus, the patched file was smaller than the original.
done
dmk16 said:
Is patched boot.img filesize ~32 or ~64mb?
Click to expand...
Click to collapse
the stock & patched boot.img are both 65535KB large, which is weird and also mentioned by @red stapler
red stapler said:
I ran into the same problem. My phone is a Pixel 2 XL running Android 11. However, I was not patient enough to wait for the "no valid slot to boot" message. After waiting for 5-10 minutes, I did a factory reset.
I followed the installation instruction that were posted by John Wu.. (As a new user, I am not allowed to post an outside link)
The displayed Magisk installation messages do not suggest a problem:
- Device platform: arm64-v8a
- Copying image to cache
- Unpacking boot image
- Checking ram disk status
- Stock boot image detected
- Patching ram disk
- Repacking boot image
***************************
Output file is written to
/storage/emulated/0/Download/magisk_patched.img
***************************
- All Done!
The boot.img and magisk_patched.img files have both a file size of 41943040 bytes. This is a different from previous Magisk version. For instance, with Magisk 20.4 and Android 10, the file sizes of boot.img and magisk_patched.img were 41943040 and 25747456, respectively. Thus, the patched file was smaller than the original.
Click to expand...
Click to collapse
Seems like we're in the same boat here lol, is this enough proof for a legit bug issue to John?
red stapler said:
The boot.img and magisk_patched.img files have both a file size of 41943040 bytes. This is a different from previous Magisk version.
Click to expand...
Click to collapse
DaddyTony said:
the stock & patched boot.img are both 65535KB large, which is weird and also mentioned by @red stapler
Click to expand...
Click to collapse
The patched boot image is supposed to be the same size as the original now.
From the v21 changelog:
[MagiskBoot] Pad boot images to original size with zeros
Click to expand...
Click to collapse
nogaff said:
The patched boot image is supposed to be the same size as the original now.
From the v21 changelog:
Click to expand...
Click to collapse
Glad to hear, hope this indicates patch is successfully done?
Why not:
adb reboot bootloader
fastboot boot twrp-xxxx.img
adb push magisk-xxxx.zip /tmp
adb shell twrp install /tmp/magisk-xxxx.zip
adb reboot system
Let the magisk zip update script figure everything out...
Its what i do on Pixel 2 XL, works every time...10/11
So far, what we've seen that is causing issues with Android 11 and Magisk is usually either having incompatible modules installed (the brand new Safe Mode should take care of that, see the FAQ for details), or having TWRP installed to your device (it'll cause a conflict and the device won't boot, install the stock recovery and only use TWRP booted).
I forgot to mention that I didn't install or use a custom recovery, such as TWRP. Using the stock recovery.
73sydney said:
Why not:
adb reboot bootloader
fastboot boot twrp-xxxx.img
adb push magisk-xxxx.zip /tmp
adb shell twrp install /tmp/magisk-xxxx.zip
adb reboot system
Let the magisk zip update script figure everything out...
Its what i do on Pixel 2 XL, works every time...10/11
Click to expand...
Click to collapse
Sorry but i don't think Pixel 3 have Teamwin (TWRP) support of android 11?
Didgeridoohan said:
So far, what we've seen that is causing issues with Android 11 and Magisk is usually either having incompatible modules installed (the brand new Safe Mode should take care of that, see the FAQ for details), or having TWRP installed to your device (it'll cause a conflict and the device won't boot, install the stock recovery and only use TWRP booted).
Click to expand...
Click to collapse
I forgot to mention that i run this command before install magisk patched boot.img
Code:
adb pm shell magisk --remove-modules
I didn't have TWRP installed on my device, don't seem to have TWRP for Pixel 3 on android 11.
DaddyTony said:
Sorry but i don't think Pixel 3 have Teamwin (TWRP) support of android 11?
Click to expand...
Click to collapse
Theres no TWRP support of my Pixel 2 XL either, but it works
We just dont install it, we fastboot to it
73sydney said:
Theres no TWRP support of my Pixel 2 XL either, but it works
We just dont install it, we fastboot to it
Click to expand...
Click to collapse
Just tried boot into TWRP img, failed. It just says:
Code:
FAILED (remote: 'Error verifying the received boot.img: Invalid Parameter')
Googled it & find out TWRP's a deprecated/no longer recommended way to install Magisk. And according to John Wu's installation instruction, it is no longer supported in modern models.
Due to this reason, we no longer recommend installing Magisk through custom recoveries on modern devices.
Click to expand...
Click to collapse
BTW he also said the "patch image" method is guaranteed to work 100% lol, should we let him know hhh
--------------------
edit:
Just find out Pixel 3 (blueline) has **NO** official support of TWRP v3.4+, but Pixel 3 XL (crosshatch) has it. How ironic.
and I wonder if TWRP v3.4+ support android 11?
DaddyTony said:
Just tried boot into TWRP img, failed. It just says:
Code:
FAILED (remote: 'Error verifying the received boot.img: Invalid Parameter')
Googled it & find out TWRP's a deprecated/no longer recommended way to install Magisk. And according to John Wu's installation instruction, it is no longer supported in modern models.
BTW he also says the "patch image" method is guaranteed to work 100% lol, should we let him know hhh
Click to expand...
Click to collapse
Hmmm, disappointing
Ive literally tried the image patch method once, a lot of faffing about, I always use the TWRP method, easy peasy at least for older device
....we no longer recommend installing Magisk through custom recoveries on modern devices. The custom recovery installation method exists mostly for legacy support.
Download the Magisk installer zip
Reboot to custom recovery
Flash the zip and reboot
Check whether Magisk Manager is installed. If it isn’t installed automatically, manually install the APK.
Click to expand...
Click to collapse
Guess ill be happy to remain a legacy device user
This saved my day:
Code:
fastboot --set-active=b
You might need to use "a" instead.
In my case the kernel was loaded and started and Android startup was hanging.
I guess we have to wait until this is fixed.
Edit: Pixel 3a XL, latest Android 11
Hey all, i have a pixel 2 XL and I'm also stuck in bootloop. However i can't find how to do a factory reset. Could you help me?
polyxn said:
Hey all, i have a pixel 2 XL and I'm also stuck in bootloop. However i can't find how to do a factory reset. Could you help me?
Click to expand...
Click to collapse
Which version of Android?
Do you have TWRP installed?
If you do people have been posting that going to Advanced, then tapping Fix Bootloop may work
Otherwise find the boot image of the ROM you have installed, and flash that to the device
If youre on Android 11 on the Pixel, as i found out myself via bootloop, do NOT install TWRP, just fastboot to it to flash zips
M66B said:
This saved my day:
Code:
fastboot --set-active=b
You might need to use "a" instead.
In my case the kernel was loaded and started and Android startup was hanging.
I guess we have to wait until this is fixed.
Edit: Pixel 3a XL, latest Android 11
Click to expand...
Click to collapse
I used this command (and tried to boot in slot a), the patched img still won't boot.
Did you managed to flash Magisk with patched boot file?
IMPORTANT: This guide will not work with A11; we do not have an official working TWRP for A11 (from the TWRP team) on the 7T Pro.
OVERVIEW
The following will guide you through rooting your OnePlus 7T Pro running stock OOS using TWRP by extracting the boot.img from your own device and patching it using Magisk using adb and fastboot. This is not the only method, but it is the method that I used to obtain Magisk/Root for my 7T Pro (HD1910) running stock OOS (10.0.12 HD01AA at the time of writing). It should work for all variants of 7T Pro running any of the stock OOS. If you can follow directions, there should be no harm to your device, but use at your own risk.
A little bit of introduction (if you care)
I’ve been a member of XDA for quite a while and go way back to the Sammy S3 days. I’ve done what I can to help others out on XDA (I’m just a user), and lately, I’ve noticed that the existing guide(s) hasn’t been updated since they were created, or the information on how to root is not easily found (buried deep inside a thread).
PRE-REQUISITES
An unlocked bootloader
Working adb and fastboot (Latest platform-tools). This step assumes that your PC and 7T Pro are set up correctly (i.e. USB drivers) and adb/fastboot commands are working correctly
Latest Magisk Manager (Latest Magisk Manager) installed on your 7T Pro
A copy of the latest TWRP in the platform-tools directory (TWRP for 7T Pro)
INSTRUCTIONS
Boot TWRP
Connect your device via USB
Open command prompt as administrator and navigate to the platform-tools folder
Reboot your phone into bootloader
Code:
adb reboot bootloader
Boot into TWRP (the entire twrp filename is required)
Code:
fastboot boot twrp-version.img
Once TWRP boots up, you can "Keep System Read only?" by selecting "Keep Read Only"
Extract boot.img
The following code copies the boot.img from your device to the platform-tools directory of your PC.
Code:
adb shell
dd if=/dev/block/bootdevice/by-name/boot of=/tmp/boot.img
exit
adb pull /tmp/boot.img
Reboot your phone
Code:
adb reboot
Patch the boot.img with Magisk Manager
Copy boot.img you just extracted to your 7T Pro internal storage using MTP or
Code:
adb push boot.img /sdcard/Download/boot.img
Open Magisk Manager and tap on Install (Magisk, not Manager). You can use stable or beta, but I would recommend beta if you're looking to fiddle around with custom kernels.
Choose "Select and Patch a File"
Select the boot.img you just placed on the internal storage. Magisk will patch the image to your device's sdcard/Download/ folder as magisk_patched.img
Copy the Magisk patched image to your PC
Code:
adb pull /sdcard/Download/magisk_patched.img
Install the magisk_patched.img
Reboot to bootloader
Code:
adb reboot bootloader
Reboot your phone using magisk_patched.img
Code:
fastboot boot magisk_patched.img
Open Magisk Manager and tap on Install (Magisk, not Manager)
Select "Direct Install (Recommended)"
Reboot
IMPORTANT NOTE: I noticed with 10.0.14HD01AA, Magisk 21.4 and Magisk Manager v8.0.7, the patched image name has changed to "magisk_patched_v5XCB.img" (at least for my device). I'm not sure if the 'v5XCB' is the same for anyone else trying to root for the first time. Just make sure you use the proper filename in full (i.e. "magisk_patched_xxxxx.img") in Step 5 of "Patch the boot.img with Magisk Manager" and Step 2 of "Install the magisk_patched.img"
Retain root/Magisk after OTA update
There's a pretty good guide written already by @daveuk87 so you can check that thread.
If there are any areas within these instructions that are not clear or flat out wrong, please let me know so I can make necessary edits/changes.
Guide created: November 24, 2020
Last updated: March 26, 2021
RESERVED
thanks for this detailed root process, I've been looking for this for around 3days. (my OP7t pro is coming today will try this root method)
Anyone tried it sucesfully already on A11?
Tribux said:
Anyone tried it sucesfully already on A11?
Click to expand...
Click to collapse
No. There is no working TWRP for A11 on the 7T Pro right now.
If you've already got Magisk on A10, then follow the retain root guide above after upgrading to 11 to keep root.
Hw4ng3r said:
No. There is no working TWRP for A11 on the 7T Pro right now.
If you've already got Magisk on A10, then follow the retain root guide above after upgrading to 11 to keep root.
Click to expand...
Click to collapse
I don't have a magisk, so I need to do rollback to A10 probably. Thaks for an answer
Hw4ng3r said:
No. There is no working TWRP for A11 on the 7T Pro right now.
Click to expand...
Click to collapse
It IS working TWRP from LR.TEAM
Can't be posted here as link to the source made as picture with Chinese letters on they site - don't have Chinese keyboard to type this.
And it working! I'm use it!
Tribux said:
I don't have a magisk, so I need to do rollback to A10 probably. Thaks for an answer
Click to expand...
Click to collapse
This method (start to finish) doesn't work on A11, but you can always grab the boot.img using payload dumper or the correct boot.img from here and patch/install using the patch and install steps in this guide.
Hw4ng3r said:
This method (start to finish) doesn't work on A11, but you can always grab the boot.img using payload dumper or the correct boot.img from here and patch/install using the patch and install steps in this guide.
Click to expand...
Click to collapse
Could you please provide full guide for rooting android 11, i managed to root but after reboot i loose the root
When I get to
Code:
adb shell
dd if=/dev/block/bootdevice/by-name/boot of=/tmp/boot.img
exit
adb pull /tmp/boot.img
the window just closes with no message after 2 minutes or so with a # under the command and there is no boot.img in my platforms folder.
Potatoman31 said:
When I get to
Code:
adb shell
dd if=/dev/block/bootdevice/by-name/boot of=/tmp/boot.img
exit
adb pull /tmp/boot.img
the window just closes with no message after 2 minutes or so with a # under the command and there is no boot.img in my platforms folder.
Click to expand...
Click to collapse
Download latest magisk apk, rename it to .zip instead of .apk.
Bot twrp
adb push magisk.zip /tmp
Go to twrp, tmp folder and flash zip.
Hi everyone,
Is it possible to have an explanation about how to root the OP7T Pro one OxygenOS 11.0.1.1.HD01BA ?
Because it sound like crazy, some of the topics are old, some say it work, some it doesn't, some are for the 7T, ect...
I'm feeling lost and would appreciate some help to clarify all of this, thank you very much.
The Magisk process is the same once you obtain the boot.img for the firmware you are using. Use payload dumper to extract the proper boot.img instead of TWRP/adb
Thanks. So this topic is right for the 7T Pro as well ?
=> https://forum.xda-developers.com/t/guide-android-11-how-to-root-oneplus-7t.4253183/
If no, could you kindly provide me a link were i could start ?
gd*T said:
Thanks. So this topic is right for the 7T Pro as well ?
=> https://forum.xda-developers.com/t/guide-android-11-how-to-root-oneplus-7t.4253183/
If no, could you kindly provide me a link were i could start ?
Click to expand...
Click to collapse
Use below as a guide:
(ROOT) Android 11 / Latest stock and patched img's / payload dumper / magisk_patched guides
Hi all, Have seen a lot of requests for patched boot images on these threads so thought i'd share a guide on how to get it yourself as well as all the files required, plus the patched boot.img if you just want to go ahead and boot/flash it...
forum.xda-developers.com
Nice, thank you very much !
Hi!
I am new to OnePlus 7T Pro. The device I have is on Oxygen 11.0.11.HD01BA
Via this howto https://www.droidwin.com/install-twrp-oneplus-7-pro-android-11/ I found a TWRP from @Nebrassy that works with "fastboot boot". But I am unable to flash it. (On Slot A there seems to be an OS, but Slot B says no OS installed.)
And I am also unable to find a support thread for Nebrassy's TWRP for 7T Pro!?
So that's why I am asking here.
If you have any hint for me, I'd really appreciate it.
Tnx in advance,
Enkidu
enkidu70 said:
Hi!
I am new to OnePlus 7T Pro. The device I have is on Oxygen 11.0.11.HD01BA
Via this howto https://www.droidwin.com/install-twrp-oneplus-7-pro-android-11/ I found a TWRP from @Nebrassy that works with "fastboot boot". But I am unable to flash it. (On Slot A there seems to be an OS, but Slot B says no OS installed.)
And I am also unable to find a support thread for Nebrassy's TWRP for 7T Pro!?
So that's why I am asking here.
If you have any hint for me, I'd really appreciate it.
Tnx in advance,
Enkidu
Click to expand...
Click to collapse
[CLOSED][No longer in development] [RECOVERY] [11] [OFFICIAL] TeamWin Recovery Project (7T / 7T Pro)
Status: development dropped. If you want to pick it up, sources are available in my or twrp's GitHub. Introduction: Team Win Recovery Project or TWRP for short, is a custom recovery built with ease of use and customization in mind. We...
forum.xda-developers.com
Nebrassy is not maintaining one for 7T/Pro, I am.
Hello @ all.
I need some help with my oneplus 7t pro and the new available twrp for the 7t pro.
I updated this phone now to Android 11 and stay on Oxigen OS 11.0.3.1 HD01BA now.
I loose my Root also with this update.
What I must to do for have the new version from this twrp and Root again on my phone?
The bootlocker in unlocked already.
I not find something on xda about some people do with android 11 and the new twrp for the One Plus 7t pro.
This one I hope someone can help me with this problem.
Hi all,
I seem to be struggling with my usual process of getting root on my Pixel 5.
I installed the latest Canary build of the Magisk Manager and patched my base boot.img and then flashed it and the phones goes into an infinite loop. Only way to get out of it is to flash-all.bat (w/out the -w). Any ideas on why this process, which I've used even on my previous P2XL, is no longer working?
When I open the manager, it says my installed version is 8.0.4 (4770) and the latest version is 6d88d8ad (4770) (15) but I can't update.
I have the January release and the same magisk version, and my device boots fine. What steps did you do to patch the boot.img file and how did you flash the patched magisk_patched.img file?
Amd4life said:
I have the January release and the same magisk version, and my device boots fine. What steps did you do to patch the boot.img file and how did you flash the patched magisk_patched.img file?
Click to expand...
Click to collapse
This is the process I follow each month/followed for this update:
Download and extract FW
Edit flash-all.bat to remove the -w
Run flash-all.bat while at bootloader screen
Copy \redfin-rq1a.210105.003\boot.img to device
Open Magisk Manager Canary (latest) and click on "Install"
Select "Select and Patch a File"
Copy \download\magisk_patched_0eKAS.img to platform-tools folder on PC
At bootloader screen, run: fastboot flash boot magisk_patched_0eKAS.img
Reboot
I've been using that process for months, going back to my Pixel 2 XL and used that process (with different .img names obviously) last month even for the December update on this here Pixel 5.
Only way to get out of the loop is to re-run step 3.
IlyaKol said:
Hi all,
I seem to be struggling with my usual process of getting root on my Pixel 5.
I installed the latest Canary build of the Magisk Manager and patched my base boot.img and then flashed it and the phones goes into an infinite loop. Only way to get out of it is to flash-all.bat (w/out the -w). Any ideas on why this process, which I've used even on my previous P2XL, is no longer working?
When I open the manager, it says my installed version is 8.0.4 (4770) and the latest version is 6d88d8ad (4770) (15) but I can't update.
Click to expand...
Click to collapse
Have you tried using Magisk latest beta? I ended up using beta for January for whatever reason and had no issue. I'd upload my boot.img but I'm a Verizon user and not sure if it'll work for you. "magisk_patched_dnuD3.img"
Magisk v21.2 (21200)
Magisk Manager v8.0.4 (4768) (15)
andybones said:
Have you tried using Magisk latest beta? I ended up using beta for January for whatever reason and had no issue. I'd upload my boot.img but I'm a Verizon user and not sure if it'll work for you. "magisk_patched_dnuD3.img"
Magisk v21.2 (21200)
Magisk Manager v8.0.4 (4768) (15)
Click to expand...
Click to collapse
Let me give that a whirl in a bit.
IlyaKol said:
Let me give that a whirl in a bit.
Click to expand...
Click to collapse
andybones said:
Have you tried using Magisk latest beta? I ended up using beta for January for whatever reason and had no issue. I'd upload my boot.img but I'm a Verizon user and not sure if it'll work for you. "magisk_patched_dnuD3.img"
Magisk v21.2 (21200)
Magisk Manager v8.0.4 (4768) (15)
Click to expand...
Click to collapse
I installed 8.0.4 but when I try to patch the image with it, it fails. When I try to sideload 21.2 or 20.4, it says:
E:footer is wrong
E:Signature verification failed
E:error: 21
Install from ADB completed with status 2.
Installation aborted.
I was able to patch the image after changing to the beta channel. However, it started to loop again and eventually went back to bootloader with the reason being "no valid slot to boot". I've flash-all.bat'ed again and am back to working. I don't understand why I can't get this to work.
I also had an inability to boot after I tried to do the December update using Minimal ADB. No valid slot.
I switched to a new platform tools install, and the same procedure has now worked twice. How old is your platform tools install?
If anyone is having problems patching the stock boot.img, you can upload it and I can patch it and re-upload it for you.
earlgrey_44 said:
I also had an inability to boot after I tried to do the December update using Minimal ADB. No valid slot.
I switched to a new platform tools install, and the same procedure has now worked twice. How old is your platform tools install?
Click to expand...
Click to collapse
It was pretty new/latest version but I went ahead and just re-downloaded the factory image and platform tools and am trying again...
If it matters, I'm back to Canary manager and here is what my patch screen says:
Code:
- Device platform: arm64-v8a
- Magisk Manager: 8.0.4 (4770)
- Install target: 6d88d8ad (21201)
- Copying image to cache
- Unpacking boot image
- Checking ramdisk status
- Stock boot image detected
- Patching ramdisk
- Repacking boot image
- Output file *path*
- All done!
My actual flash output is:
Code:
> fastboot flash boot magisk_patched_Mx5Yh.img
Sending 'boot_a' (98304 KB) OKAY [ 2.277s]
Writing 'boot_a' OKAY [ 0.312s]
Finished. Total time: 2.918s
UPDATE:
I got it working this time around using a fresh new factory image and platform tools download.
I'm actually wondering if, in my haste, I actually used the bootloader image, not the boot img...but wouldn't Magisk have complained? lol.
Who knows, but looks like my issue is resolved! Thanks all for having me try things like a new platform tools download.
Hi all:
Here is a LineageOS 19.1 ROM for Z5 compact (suzuran).
New: ROM with microG apk's included in priv-app:
Download 2023-06-11
Please pay attention: microG can't coexist with GApps! So decide whether to install microG OR GApps!
If you want to remove microG, enter these commands line by line in a terminal:
Code:
adb root
adb shell
mount -o remount,rw /
rm /system/priv-app/DroidGuard/DroidGuard.apk
rm /system/priv-app/FakeStore/FakeStore.apk
rm /system/priv-app/GmsCore/GmsCore.apk
rm /system/priv-app/GsfProxy/GsfProxy.apk
exit
Reboot!
Or flash this microG-remover.
This is a 7z archive with the zip'ed ROM and the md5 file in it. Please unpack this archive, copy the included two files somewhere to your device, reboot into TWRP and flash this zip file. Enable md5sum checking. The zip file itself is not signed, so you have to disable zip verification.
Kernel sources
Tree sources
Features:
OS Version: 12 (S)
Kernel: Linux 3.10
Kernel 3.10.108
New: Android security patch level: 5 June 2023
Using Sony blob's from stock version 32.4.A.1.54
Important informations:
You should be familiar with general installation of custom ROMs.
Required for installation: TWRP 3.2.1 (pick the version from 2018-02-23!!!)
OR use my self built TWRP-version 3.7.0!
This ROM needs a clean install, old /data may cause problems!
This ROM is NOT pre-rooted. For rooting you can use Magisk.
It is highly recommended that your device is running (or HAS RUN in the past!) the latest stock ROM from Sony (32.4.A.1.54) before flashing this ROM.
Otherwise the baseband files may not match.
Working:
Audio
Bluetooth
New: Camera fully working! (with the restriction to 8 MP)
Enforced SELinux support
Fingerprint (sometimes crashes)
FM-Radio (maybe it needs a few restarts before it's working)
GApps
German App AusweisApp2
GPS
Headset
LiveDisplay
Location services
Network Traffic Monitoring
NFC
Notifications
Notification LED
Offline charging
Phone calls
Reboot into recovery and bootloader
Sensors
Signed build
SMS
Sounds
Torch
WiFi
...please tell me...
These things are NOT (or badly) working:
Encryption
Payment
Streaming (mirroring)
VoLTE
Maybe some more things are not working. Please tell me...
Use this ROM at your own risk! It comes without any warranty! I'm not responsible for any damage! If you don't agree with that, don't try to flash this ROM in any way.
Benefits:
Added Aurora-Store, F-Droid and UnifiedNLP! If you don't want this, simply de-install it.
I've set maximum speaker volume to a higher value.
I've increased microphone gain.
I've changed the microfone gain to avoid echo in phone calls.
Changelog
Troubleshooting:
If you're running into an error, please search in this thread if this error is already posted, before you post it again!
If not, I need a LOG to see what went wrong. Without a LOG I can't help you!
A LOG can be fetched by connecting the device with an USB cable to your PC and then by typing these commands line by line:
Code:
adb root
adb shell logcat -b all -d > logcat
Send my this LOG file via PM.
If you think this could be a SELinux related issue, please try to set the device to permissive mode first.
If the issue is gone, I need the policy file too (plus LOG). Fetch it by typing this line in a terminal:
Code:
adb pull /sys/fs/selinux/policy
If you stuck in a bootloop you can fetch a LOG with this trick:
Press the power button and the volume up button together until the device shuts down.
HOLD the power button.
Release the volume up button and press the volume down button immediately after releasing the volmue up button.
The device should start into TWRP recovery.
Tap on "Advanced", then on "Terminal" and enter these commands line by line:
Code:
cd sys/fs/pstore
cp * /sdcard
Send me the copied file(s), if any, via PM.
One last request:
Please, do not ask about problems for which my ROM is not responsible.
From now on I will only react to problems that I can reproduce and that are caused by my ROM.
I'm sorry for that, but I'm developing this ROM in my spare time and I still have a normal life.
Which GApps would you suggest?
I've tested NikGApps, but they are not working stable. Other GApps aren't available for Android 12 as far as I know. So, I suggest none.
Update: NikGApps works after its self-updated service bibliothek and a manual restart of the device flawlessly.
It's a little bit choppy, but I can live with that.
I've set the state of the development to BETA due to quite good overall performance.
After installing this TWRP was changed to the one from Lineage. It no longer picks up my mounts. Must I use ADB to recover from this? How do I revert to TWRP? I can no longer use fastboot.
I can't believe that fastboot is no longer working.
Please take a look at my 1st post:
Important informations:
Required for installation:
Berni-0815 said:
I can't believe that fastboot is no longer working.
Please take a look at my 1st post:
Important informations:
Required for installation:
Click to expand...
Click to collapse
Thanks. I got fastboot working and installed TWRP again. How did the Lineage loader install though? I did not see any prompts for it.
I performed a cache/dalvik/system and data wipe and installed the latest 19.1 release but it never boots up past the swirling animation. It does not reboot either. I added a zip containing pmsg-ramoops-0
I'll take a look into it asap. Please be patient.
I can't find any reason for the crash; I'm sorry.
New version out; see 1st post.
New values for vibration strengths set.
Fixed Fingerprint location hint animation while enrolling.
Screen density reduced because all of the UI elements of Android 12L (Lineage 19.1) are too large for our little screen.
New version out; see 1st post.
Updated from android-12.1.0_r1 to android-12.1.0_r2
Berni-0815 said:
I'll take a look into it asap. Please be patient.
Click to expand...
Click to collapse
Thanks for looking. I flashed with the currently build and my device is working again.
New version out; see 1st post.
Updated from android-12.1.0_r2 to android-12.1.0_r4
Android security patch level: 5 April 2022
Hey friends,
New z5c, had sony stock on it.
I installed TWRP latest using adb/fastboot on ubuntu 20.04
All good
I flashed Lineage 19
On reboot I just get a boot loop, going between Sony logo and swirly android animation
adb recgnises the device but says "offline"
No commands work
I have tried every button combo I could find suggested everywhere, including above
But the phone will not boot into TWRP
Any suggestions, please?
kaivalyam said:
z5c, had sony stock on it
Click to expand...
Click to collapse
Which version? You have to come from the latest stock ROM (32.4.A.1.54)! Otherwise you can't flash LineageOS successfully!
kaivalyam said:
I installed TWRP latest using adb/fastboot on ubuntu 20.04
Click to expand...
Click to collapse
How have you flashed TWRP?
Berni-0815 said:
Which version? You have to come from the latest stock ROM (32.4.A.1.54)! Otherwise you can't flash LineageOS successfully!
Click to expand...
Click to collapse
Ok, that's probably why it wont boot then, I didnt know that, and didnt check
Berni-0815 said:
How have you flashed TWRP
Click to expand...
Click to collapse
Downloaded latest and used fastboot
fastboot flash recovery twrp.img
If I can just get TWRP to load, I can flash a different ROM and all will be good ..
Ok. Which version of TWRP have you flashed? My own?
You can flash the latest stock ROM with the flashtool. If you're installing this tool at windows, you can use the integrated XPeriFirm tool to download the latest stock ROM.
Or you install this XPeriFirm version.
If you're not in a hurry: In a few minutes my upload of my latest LineageOS 19.1 boot and system image will be completed.