root phone with magisk
2022-01-15 · 4 min read
We'll be rooting our device with Magisk Manager by patching a stock
boot.img and then reflashing that image onto the device. Once completed, we should have a fully rooted device that can install adblock, use f.lux, run busybox cli tools, and so on.
Note: this assumes we've already unlocked our bootloader, since we need to flash a patched boot partition.
We can't automatically install OTA updates, otherwise we'll lose root. To preserve root, follow OTA updates for rooted android phone.
(Windows) Download the Google Windows USB driver and extract somewhere. Right click -> Install.
(Windows) Follow the instructions https://developer.android.com/studio/run/oem-usb#InstallingDriver to install the driver software or upgrade it.
Download the basic sdk platform-tools and extract somewhere https://developer.android.com/studio/releases/platform-tools.
Make sure we can see our device:
$ adb devices List of devices attached FA7AL1A02016 device
adbdoesn't detect the device, try linux ADB udev setup.
Find our device (Pixel 2 - walleye) and the factory image corresponding with our current build (RP1A.201005.004.A1, Dec 2020) here (https://developers.google.com/android/images#walleye). Download the zip file under "Link". The file's pretty big, but we really only need the
boot.img(inside another inner zip lol). Put that somewhere.
Now we need to push the
boot.imgonto our device so Magisk Manager can patch it.
(Windows) For some weird reason this command fails when run inside Git bash shell, so we need to run it in good ol' CMD lmao.
$ adb push images/pixel2-walleye-rp1a.201005.004.a1/boot.img /sdcard/Download
Back on our device, open up Magisk Manager, hit Magisk -> Install -> Select and Patch a File, and choose our
/sdcard/Download/boot.img. This step should patch the
boot.imgand produce a file like
(Pixel 5a - 2022/01/15) Didn't work the first time with stable Magisk; needed to install the latest canary from https://github.com/topjohnwu/magisk-files/blob/master/canary.json
Pull the patched
boot.imgoff our device.
$ adb pull /sdcard/Download/magisk_patched-23000_Oin7Q.img images/pixel2-walleye-rp1a.201005.004.a1/
Now we want to flash our patched
boot.imgonto our phone. Reboot the phone into fastboot mode (Restart -> Hold Volume Down or
adb reboot bootloader).
fastbootshould detect the device now:
$ fastboot devices FA7AL1A02016 fastboot
Finally, flash the patched
$ fastboot flash boot images/pixel2-walleye-rp1a.201005.004.a1/magisk_patched-23000_Oin7Q.img Sending 'boot_b' (32768 KB) OKAY [ 0.733s] Writing 'boot_b' OKAY [ 0.533s] Finished. Total time: 1.396s
Restart the phone normally. Opening Magisk Manager should now detect the device as fully rooted!
- Make sure automatic OTA updates are set OFF in the developer settings so it doesn't silently update and clobber our root.
- In order for our device to run certain apps that disallow root, we'll need to pass Google SafetyNet. To see our current status, hit "Check SafetyNet" in Magisk Manager. By default, our device will probably fail to pass Attestation. Unfortunately, this is even trickier for more recent devices which will run attestations inside a secure enclave. I believe there are some more sophisticated work-arounds to circumvent this.
- To pass SafetyNet, let's first enable "MagiskHide" in the settings.
- Also enable "Hide the Magisk app" and give it a different name. I called it "M A G I S K M A N A G E R" lmao.
- Unfortunately, my phone still doesn't pass the
ctsProfilecheck even after the above. I don't need to hide right now, so maybe figure this out later...
- AdBlocking: Install AdAway from F-Droid. Enable "Systemless hosts" in Magisk Manager and then Reboot. Inside AdAway, use the Root-based AdBlock and then Reboot again.