Hovatek Forum DEVELOPMENT Android [Tutorial] How to disable dm-verity or Android Verified Boot (AVB)
Try our Online TWRP Builder..its free!
Can't login? Please, reset your password.


[Tutorial] How to disable dm-verity or Android Verified Boot (AVB)

[Tutorial] How to disable dm-verity or Android Verified Boot (AVB)

 View a Printable Version
 
Pages (11): 1 2 3 4 511 Next
X3non
X3non
X3non
Recognized Contributor
Find
22,062
17-03-2020, 10:29 PM
#1



This is a quick guide showing how to disable dm-verity or Android Verified Boot (AVB). Disabling dm-verity / AVB is only important if you intend to flash custom images such as patched boot, custom recoveries or even custom roms onto your device. Skipping this will result in a Red State warning and boot loop

See the video below or @ https://youtu.be/Oa6ZCb-61B0


Method 1 - Manually patching boot.img using hex editor


Requirements

  • Ideal for devices with Android Verified Boot 1.0 (commonly found in Android 8)
  • Stock boot.img for your phone model (it's best it's for your Build Number / Variant ). You can extract from the stock ROM / firmware of your device (you may check our firmware collection) OR backup from your device using any method at the forum e.g Wwr_Mtk, Miracle Box, CM2, Nck Box Pro etc
  • Hxd hex editor ; download @ https://mh-nexus.de/en/hxd/
  • Install adb and fastboot

Follow the steps below to patch boot.img manually to remove/disable dm-verity

  1. Launch Hxd hex editor tool
  2. Drag and drop your boot.img onto HxD hex editor window
  3. Click Search > Replace
  4. In the Replace windows, Click the Hex-values tab and input the following below

    Search for    2C 76 65 72 69 66 79
    replace with  00 00 00 00 00 00 00


  5. Click "Replace all"
  6. You can confirm if all traces of "verify" have been removed, by clicking Search > find > Text-string

    Search for verify


  7. Click Search all, and you should get a prompt "Can't find verify", click OK
  8. Click File > save
  9. The original unmodified file will be saved as boot.img.bak while the new modified file will be saved as boot.img
  10. You can now flash the newly patched boot.img using fastboot to remove dm-verity from your device
    Code:

    adb devices
    adb reboot-bootloader
    fastboot devices
    fastboot flash boot boot.img


Method 2 - Patching boot.img using Magisk Manager


Requirements

  • Ideal for devices with Android Verified Boot 1.0 (commonly found in Android 8)
  • Stock boot.img for your phone model (it's best it's for your Build Number / Variant ). You can extract from the stock ROM / firmware of your device (you may check our firmware collection) OR backup from your device using any method at the forum e.g Wwr_Mtk, Miracle Box, CM2, Nck Box Pro etc
  • Download Latest Magisk Manager apk @ https://github.com/topjohnwu/Magisk/releases
  • Active internet connection on your Android device
  • Install adb and fastboot

Follow the steps below to patch boot.img using Magisk Manager to remove dm-verity

  1. Copy the stock boot.img of your device to your phone's internal storage or SD card
  2. On your phone, launch the Magisk Manager app
  3. If you're not using the latest version, you'll have to update the app first before proceeding
  4. Click "Advanced settings" > Untick the checkbox beside "Preserve AVB 2.0/dm-verity"
  5. Select Install > Install > Patch Boot Image File >
  6. Navigate to the location of the stock boot.img you copied earlier on, then Select it.
    Note that if you are using a Samsung device then you should select the AP of your device's firmware in .tar format instead of boot.img
  7. Magisk Manager should begin downloading the magisk zip file used for patching
  8. Once the download is complete, Magisk Manager will automatically patch the file and store it under SDcard/Download/magisk_patched.img[.tar]
  9. You can now flash the magisk_patched boot using fastboot or AP using Odin to remove dm-verity from your device
    Code:

    adb devices
    adb reboot-bootloader
    fastboot devices
    fastboot flash boot magisk_patched.img


Method 3 - Flashing blank vbmeta


Requirements


Follow the steps below to flash vbmeta.img to remove dm-verity

  1. Copy the vbmeta.img into your adb and fastboot folder
  2. You can now flash the vbmeta.img using fastboot to remove dm-verity from your device
    Code:

    adb devices
    adb reboot-bootloader
    fastboot devices
    fastboot flash vbmeta vbmeta.img


Method 4 - Flashing stock vbmeta with flags


This method is ideal for cases where the blank vbmeta method doesn't work or you wish to remove WARNING: LOCK FLAG IS: UNLOCK, SKIP VERIFY!!! message during boot

Requirements

  • Ideal for devices with Android Verified Boot 2.0 (commonly found in Android 9 and above)
  • Userdata encryption should be disabled else the --disable-verification flag will result in a boot loop
  • Stock vbmeta.img

Follow the steps below to flash vbmeta.img to remove dm-verity

  1. Copy the vbmeta.img into your adb and fastboot folder
  2. You can now flash the vbmeta.img using fastboot to remove dm-verity from your device
    Code:

    adb devices
    adb reboot-bootloader
    fastboot devices
    fastboot oem cdms
    fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img


Important Notice
  • If your device gets stuck in a white screen with "Sysdumpping now, keep power on" text then flash back stock vbmeta
  • If your device runs on Android 9 and above (or AVB 2.0), then you must use method 3 or 4 as other methods won't work for your device
  • If your device runs on Android 8.x (Oreo), then you can try either method 1 or 2
  • If Magisk-patched boot (which also includes root) boot loops your device then you can try method 1 instead then use a custom recovery to attempt flashing SuperSU (no longer maintained) zip to get root
  • If you've tried method 1 and nothing has been replaced then you should use method 2 and let magisk do the patching
  • Some models don't play nice with a blank or custom vbmeta. For such models, you use method 4
This post was last modified: 10-03-2024, 07:11 AM by hovatek.
Reply
Reply
ikasemota
ikasemota
ikasemota
Junior Member
Find
36
29-04-2020, 02:21 PM
#2
Do I need to unlock the bootloader before I could proceed on method #3?
This post was last modified: 29-04-2020, 02:24 PM by ikasemota.
Reply
Reply
X3non
X3non
X3non
Recognized Contributor
Find
22,062
30-04-2020, 01:00 AM
#3
(29-04-2020, 02:21 PM)ikasemota Do I need to unlock the bootloader before I could proceed on method #3?

yes
Reply
Reply
Mitchie Boom
Mitchie Boom
Mitchie Boom
Enthusiastic Member
Find
10
07-05-2020, 05:43 PM
#4
Hi I successfully ported a TWRP from my stock recovery however when I'm going to flash an image there was no system partitions and other partitions, what should I do?
Reply
Reply
X3non
X3non
X3non
Recognized Contributor
Find
22,062
08-05-2020, 12:00 PM
#5



(07-05-2020, 05:43 PM)Mitchie Boom Hi I successfully ported a TWRP from my stock recovery however when I'm going to flash an image there was no system partitions and other partitions, what should I do?

already replied to @ https://www.hovatek.com/forum/thread-218...#pid192649
This post was last modified: 08-05-2020, 12:07 PM by X3non.
Reply
Reply
desexiet
desexiet
desexiet
Experienced Member
Find
96
11-05-2020, 01:33 AM
#6
(07-05-2020, 05:43 PM)Mitchie Boom Hi I successfully ported a TWRP from my stock recovery however when I'm going to flash an image there was no system partitions and other partitions, what should I do?

Were you able to install the ported TWRP successfully?
Reply
Reply
mainframe
mainframe
mainframe
Newbie
Find
2
30-05-2020, 12:28 PM
#7
Hi,

I was following your instructions of creating a custom vbmeta with all the keys (boot key modified) and this guide to flash a patched boot
img, but i am stuck on flashing anything with fastboot. No matter if it is original or patched, it is always stuck like this:

Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (1024 KB)                        OKAY [  0.043s]
Writing 'vbmeta'                                                                                                       

I would appreciate any thoughts on my conundrum.

/edit: The bootloader is unlocked (also by following a hovatek guide with the modified fastboot)
This post was last modified: 30-05-2020, 01:02 PM by mainframe.
Reply
Reply
X3non
X3non
X3non
Recognized Contributor
Find
22,062
30-05-2020, 10:48 PM
#8
(30-05-2020, 12:28 PM)mainframe Hi,

I was following your instructions of creating a custom vbmeta with all the keys (boot key modified) and this guide to flash a patched boot
img, but i am stuck on flashing anything with fastboot. No matter if it is original or patched, it is always stuck like this:

Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (1024 KB)                        OKAY [  0.043s]
Writing 'vbmeta'                                                                                                       

I would appreciate any thoughts on my conundrum.

/edit: The bootloader is unlocked (also by following a hovatek guide with the modified fastboot)

did you try using the fastboot binary used while unlocking bootloader?
if you still have problems then create a new thread for this issue..click the "ask question" button at the top
Reply
Reply
ikasemota
ikasemota
ikasemota
Junior Member
Find
36
24-06-2020, 10:38 AM
#9
Please I read somewhere that it is also possible to flash an image file with SP flash tool without unlocking the bootloader. How true is that?
Reply
Reply
X3non
X3non
X3non
Recognized Contributor
Find
22,062
25-06-2020, 10:16 AM
#10



(24-06-2020, 10:38 AM)ikasemota Please I read somewhere that it is also possible to flash an image file with SP flash tool without unlocking the bootloader. How true is that?

true (if the device in question allows flashing custom images ie non-verified or -sign images using spft) but you should also note that on recent android versions the chances are you'll brick the phone if you flash custom images without unlocking bootloader as a locked bootloader will always attempt to verify the integrity of OS before booting
This post was last modified: 25-06-2020, 10:18 AM by X3non.
Reply
Reply
Pages (11): 1 2 3 4 511 Next
 View a Printable Version
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
YtWhTl
live chat
whatsapp telegram instagram