Android Rooting Guide 2022
Android Rooting Guide for 2022. I thought it’d be useful to compile some common methods and termiology used when rooting an Android phone. This guide is geared twards Pixel users, but I’m sure that non-Pixel users could draw some insight from this post regardless.
- See Rooting Steps
- See Custom ROMs
- See Updating While Rooted
Who is this guide for?
This guide is for anyone who wants to learn more about the Android customization scene. I will admit, it’s mostly geared twards Pixel owners, as these devices are very close to stock android. Other devices, like the OnePlus phones, as well as Samsung phones, contain many many tweaks and customizations from the manufacturers, and tend to cause issues when using the methods listed here. This guide can still be useful to you in understanding the broader picture, however.
Before you can think of doing anything to your phone, you need to set up your pc to work on it first. To make changes to our Android phones, we need whats called the “Platform Tools”. So, I figure before we do anything else, let’s make sure that we can connect to the phone though ADB and Fastboot.
Installing the tools
The installation method varies between linux distros.
Debian/Ubuntu/POP OS/ Zorin/ (most) Users
sudo apt-get install android-sdk-platform-tools-common
Fedora / Opensuse Users
sudo dnf install android-tools
Arch Linux Users
pacaur -S android-sdk-platform-tools
If you are having permission issues when trying to detect your device on Linux, you probably need to fix your uDev Rules
- Download the latest version of the android SDK platform tools
- Extract the zip folder somewhere easy to get too (e.x. C:\platform-tools)
- open your windows start menu and type “env” and select the change env variables options
- find the entry called PATH, and double click it. A new window will open with multiple entries
- click add new entry on the right hand side and enter the folder path where you extracted the files (e.x. C:\platform-tools)
- open a terminal window (i reccomend Windows terminal over cmd prompt) and type adb to make sure the command is recognized
Adding the tools to your path variable makes it much easier to use, as this allows you to call adb or fastboot from any directory.
Rooting is referring to having complete access to your phone. Normally, certian portions of the system are kept inaccessible to average users because there is the potential to break or even brick your system if these files are messed with. Being rooted means that some apps, or “modules” as Magisk refers to them, can now edit these system files to change how your operating system works on a lower level than your average app can. Take the Tasker app, for example. Without root, what you can do with the app is limited. Such is the case with other apps, such as the popular third-party launcher, Nova Launcher. Having root permissions means the app can do extra things, such as hiding the system clock at the top of the screen when on the launcher home.
Magisk is the currently accepted rooting method for Android. Back in the day we used an app called SuperSU, but it’s not really supported anymore.
Currently, Magisk is in a strange state. It’s undergoing lots of changes, due to it’s maintainer, TopJonWu, being hired at Google as a security specialist. The project is in some sense a conflict of interest for him and his job, and is undergoing changes. With the latest version of Magisk Canary (the bleeding edge build of Magisk) the ability to hide magisk from system apps (such as google play services or banking apps) has been removed, and the underlying system providing a framework to make modules is changing to a new one called Zygisk. Already, modules are being updated to use Zygisk, and a new form of Magisk Hide is out called deny-list. We still have the same functionality that we’ve always had, just in a slightly different way. Don’t panic people…
Your hard drive (or more accuratley, SSD) in your phone consists of multiple partitions, or parts…just the same as your desktop PC. These partitions all come together to make the entire system. One of these partitions is called the bootlaoder, and it has the very important job of finding the starting point of your system and booting into it, so that the graphical enviorment can start up. Often times, phones are shipped with locked bootloaders and therefore cannot be modified. However, certian phones some with unlockable bootloaders. Pixel devices for the most part are all bootloader-unlocked, meaning we can toggle a setting that will allow us to unlock the bootloader, allowing us to potentially boot into a different system than came with the phone. Unlocking the bootloader is fairly simple, but in most cases will wipe all data on the phone. Sorry folks.
Safteynet is the big G’s way to ensure device compatibility and security. It’s job is basically to allow apps to check the integrity of the system’s security to protect sensitive apps on your device such as banking apps and the tap-to-pay service. We are able to pass safteynet in most cases using the Magisk-Hide module located in the Magisk app in combination with a Safteynet fix module by the awesome platform dev Kdrag0n. Be sure to go support him on Patreon (you’ll also recieve early access to new module and ROM releases).
A custom ROM is entirely different base system than your phone came with. Often times these custom ROMs have performance increases, custom settings/features, UI tweaks for a more beautiful system, custom default apps, and much, much more. These operating systems are generally pulled from a more general base operating system, 99% of the time pulled from either AOSP itself, or Lineage OS base. Using these custom ROMs are usually a give-and-take scenario. You will (most likley) no longer recieve OTA Updates and security patches. You will have to go through special procedures to update your device. Sometimes ROMs cannot support safteynet, and you can no longer use your tap and pay methods or banking apps, and even some play store games will detect you running a custom OS and refuse to let you play for fear of having a hack client. These are things that you must weigh out for yourself and decide if flashing a cusrom ROM is for YOU.
ADB & Fastboot
ADB & Fastboot are the tunnels to our phones internal software. Using ADB & Fastboot we can flash img files to certian partitions (disk sectors) on the operating system, or flash multiple images and replace the operating system as a whole (i.e. flash a custom ROM) without ADB and Fastboot, you will not be able to root or flash a custom ROM. Let’s dive a little into what each of these things are:
ADB stands for Android Debug Bridge. It allows us to do a plethora of things, including (but not limited to) installing and uninstalling apps, accesing hidden developer features, sending and pushing files, rebooting into recovery, fastboot, or the bootloader, and many many more things. In order to use ADB, you must first enable the developer tools in your settings.
Fastboot is a diagnostic tool which allows you to modify the file system of your Android device via your computer. It allows us to install custom firmware, recoveries, or modify existing ones. Fastboot will also allow us to boot into some .img files from the bootloader (such as a tempoary custom recovery)
VBmeta.img and Veritity
The VBmeta.img file in your ROM is a cryptographically signed file that contains verification data for verifying the systems boot.img, system.img, and other things in the operating system. In short, to modify your bootloader or flash a custom kernel, this needs to be disabled. Disabling vbmeta is as follows:
- Extract down into the ROM you are using’s zip file, and locate the vbmeta.img file.
- Open a terminal / powershell window into the same directory as the vbmeta.img
adb reboot bootloader
- Once it’s in bootloader mode, run ```sh fastboot —disable-verity —disable-verification flash vbmeta vbmeta.img“
- That’s it! All done. You’re now free to flash your Magisk patched boot.img, or a custom kernel. Whatever you’d like!
Keep in mind, however, you’ll need to re-do this step each time you update / re-flash your device! Also, not having this option enabled IS a potential security risk. I guess…if you work at the NSA or something. Specifically, your phone can no longer detect if your bootloader and a couple other things are verified (ie. has someone/something changed them) and COULD lead to code being executed on your device that you are un-aware of. Just a fair warning…the likeleyhood of this ever happening is very small.
Unlocking the bootloader
- Ensure you’ve installed and checked your ADB & Fastboot are working correctly and detecting your device.
- Enter your developer settings (or go to settings and type bootloader for the same result)
- Tick the checkbox to enable OEM unlocking
- Plug your device into your computer
- open a terminal and enter
sh adb reboot bootloader
- When the phone boots into the bootloader, enter
sh fastboot flashing unlock
- Confirm on the phone using the indicated volume key that you would indeed, like to unlock the bootloader
- That’s it! Your phone will in all likleyhood reboot and now display a warning that the phone is unlocked during boot. The message will stay for about 5 seconds and then boot as Normally
Congratulations! You now have an unlocked bootloader! 🥳
Small steps first! Let’s talk about how to root the stock ROM on the pixel 5. The steps are the same for any other pixel device as far as I know, but I cannot attest to that as the only other Pixel I’v ever owned was a bootloader-locked 3XL.
What will rooting do to my phone?
Upon first rooting your phone, it will operate exactly the same as it does without root. Often times, root is an unneccessary feature that many people don’t need. Only root if you have a theme/mod/app that requires root permission, otherwise you will go through all the steps for basically no reason. Sometimes, people need root on thier device in order to flash Magisk modules that allow for passing safteynet as well, so keep that in mind. But I can’t recomend anyone root “just to be rooted”.
What about updates?
Updates become somewhat of a hassle after rooting. Any OTA update that you take will write over the boot partition where the Magisk patch lives. So what do we do? In order to update, it’s reccomended to update using fastboot as opposed to updating through the system update section. The whole goal when updating is to re-patch the boot.img and flash it before the first boot after an update, so none of your modules will break and you will still retain root before and after the update. So, like I said…a little more headache, but not too awful bad. I will detail the steps for updating below.
- Download the .zip file for your particular rom (for stock Google images, look here)
- Extract the files somewhere simple (i.e. Downloads folder)
- Open the extracted file, and you will see a couple of .img files, and another .zip file inside
- Extract the nested .zip file into the containing folder as well
- Inside this file you will find what we need, the boot.img and the vbmeta.img
- I like to place the two files we need into a different folder, for simplicity. Create a new folder called “patching” and copy/paste the two files in it
- Download the latest Magisk release from it’s GitHub, and install it on your phone
- Take the boot.img file from your “patching” folder and place it into your phones Downloads folder
- Open the app, and click the install button
- Tap “select and patch file” and select the boot.img file you put on your phone in step 8
- Un-plug and re-plug your phone (otherwise the files won’t update)
- copy the new magisk-patched file to your “patching” folder.
- Ensure you’ve followed the section about installing the platform-tools , and then plug your phone to your PC
- Make sure ADB is detecting your device by running
sh adb devices. You should see your device listed.
sh adb reboot bootloader
- Your phone will reboot to a rather scary-looking screen with a warning shown
sh fastboot --disable-verity --disable-verification flash vbmeta vbmeta.imgin the terminal from the same directory as where you palced the vbmeta.img (in the patching folder if you’re following everything)
sh fastboot flash boot magand press the tab key, and it should auto-complete the rest of the file name
- Press enter on your keyboard and you should recieve a confirmation that the file was flashed correctly after a couple of minutes
- Reboot your phone back into the system, and go check the magisk app. You should see in the status section that we are indeed rooted now!!! 🥳🥳🥳
Custom ROMs bring a plethora of different things to our phones. Some have custom software pre-installed (see Calyx OS custom Firewall app, or Lineage stock apps) and some ROMs have custom tweaks under the hood (see ProtonAOSPs performace fixes) and some offer heavy customization options (see crDroid). However, the steps for installing each are generally the same. I’m going to teach you the big-boy way of flashing ROMs, using your terminal/powershell. Don’t be detered! It’s very simple, I promise.
Quick Run Down
So, what we’re gonna do here is as follows:
- Flash all data on the device
- Use the .zip files flash-all script to install the system
- flash addons / custom kernel (if need be, this is entirely optional)
- reboot into our new system
see? I told you, it really is as simple as that. We will also cover how to properly update your system and maintain root status without your Magisk modules breaking during the update. Let’s move forward!
- Download your preferred ROMs .zip file
- Extract the folder (or use the same folder you extracted for patching the boot.img file)
- Navigate into the extracted folder and locate the flash-all.sh (or flash-all.bat for Windows)
- reboot your phone into bootloader mode using
adb reboot bootloader
- Once the phone has re-booted, run
fastboot -wto wipe the phone’s data
./flash-all.shdo not touch the phone during this process
- Once the flash is done, the phone will return to bootloader mode. Now is the time to flash any addons or modifications (i.e. Google Apps, patched boot.img, or custom kernel). So, flash any additional files you need now. For example, if you want to root the ROM, flash the VBmeta.img file and flash the patched boot.img.
See VB Meta for info about disabling Veritity
See Rooting Steps for info about patching boo.img and flashing Magisk
Updating While Rooted
So, you’re enjoying your new, customized system…and then, an update is released. How in the world do you go about updating this thing?? 🤔 No worries, it isn’t too complicated! Let’s run over the general idea of what we’re doing, and then we’ll cover each update step, one by one.
- We pre-patch the new boot.img using our current system/Magisk install
- Place the patched boot.img somewhere on our PC (I reccomend making a “patching” folder inside your extracted ROM folder)
- Flash the new ROM using the flash-all.sh
- Flash the pre-patched boot.img file (to install Magisk)
- Re-flash any addons we need for the OS (such as Google Apps or a custom kernel)
- Reboot into the system, and you’re done!
See? Really simple. A bit of a headache as compared to just clicking update from the settings app, but it’s the price we pay for custom software! Anyways, let’s get on to the actual steps now:
- Download your new ROM version from it’s website
- Extract the ROM somewhere easy to access (like your downloads or desktop)
- Extract the zip file inside the ROM, enter that folder, and copy both the boot.img as well as the vbmeta.img
- Create a new folder in your ROM folder called “patching” and paste the two .img files into it
- Follow the rooting steps to patch the boot.img with Magisk
- Move the patched boot.img file to your pc’s “patching” folder we created in step 4
- Navigate to your extracted ROM folder using your terminals
- Test adb by running
adb devicesto ensure it’s detecting it correctly
- Start the update by running
./flash-all.shand wait until the terminal reports completed
- (optional) if you’d like to maintain root, keep following these steps
- Disable veritity per the instructions here and procced
- Once the device has rebooted back into bootloader mode (with the warning sign) flash the patched Magisk file uisng
fastboot flash boot magisk-patchedand press the tab key to auto-complete the long file name, and press enter
- Once again, flash any Google apps or custom kernel that you’d like, per the package instructions
And now you’re all done and updated! Congrats!