Guide on how to extract boot image from any android phone without needing to root using magisk and without custom recovery.

Boot image extraction guide.md

Boot Image Extraction Guide

Guide on how to extract a boot image from any Android phone without needing to root using Magisk and without a custom recovery.

Most Android users face hurdles when attempting to root their phones because they require a boot image for patching, and custom recoveries specifically designed for their devices are often unavailable. Additionally, finding the phone firmware online can be challenging. As a result, rooting such phones becomes a daunting task. In this guide, I'll provide a comprehensive solution for users who want to extract the boot image from their phone without the need to root it first, download firmware from the internet, or rely on custom recoveries.

Getting started!

Before diving into the guide, please thoroughly review the Frequently Asked Questions (FAQ) to understand the basics of GSI and the various naming conventions used by GSI builders and maintainers.

Accessing and modifying system files on your device typically requires superuser permissions. To extract the boot image, we'll need a root environment. We'll achieve this by using a GSI that includes the "su" binary or has superuser capabilities built-in.

You can use this Lineage OS GSI as an example. You'll need to flash it onto your phone.

If you're unfamiliar with flashing a GSI or unsure how to proceed, watch this YouTube video or search online for additional guides. You can also join the PHH GSI support group on Telegram for assistance.

Alternatively, the DSU sideloader can be used to install GSIs via Android's DSU feature with ease. For a detailed explanation, watch this YouTube video.

Steps to Follow After Flashing/Installing a GSI

Manual Process

1. Download the Termux app from here.
2. If not pre-installed, download the PHH Superuser app from here.
3. Open Termux, grant storage permission, type su, and approve the superuser request from the PHH app to gain root access.
4. With superuser permission, you can access any system file. Copy and enter the following command in termux:

for PARTITION in "boot" "boot_a" "boot_b"; do
  BLOCK=$(find /dev/block \( -type b -o -type c -o -type l \) -iname "$PARTITION" -print -quit 2>/dev/null)
  if [ -n "$BLOCK" ]; then
    echo "$PARTITION" = $(readlink -f "$BLOCK")
  fi
done

This command will display the boot partition paths for both A/B and A-only devices.

Note!

On A/B devices, the loop command will display the boot partition paths for both slots, something like this!

boot_a = /dev/block/sda40
boot_b = /dev/block/sda41

In this case, you can extract the image corresponding to your currently active slot.To determine the active slot, enter the command getprop ro.boot.slot_suffix. If the output is _a, use the path for boot_a; otherwise, use the path for boot_b.

5. Finally, use the following command to extract the image from the specified boot path:

dd if=<boot_partition_path> of=<output_path>

For example:

dd if=/dev/block/mmcblk0p42 of=/sdcard/boot_a.img

Automated Extraction

If you find the manual process too complicated, you can use my Boot-image-Extractor script. This script automates the task, making the extraction process simpler and more efficient. You can find detailed instructions and usage guidelines within the repository.

Disclaimer!

The guide and script provided are for informational purposes only. The author does not take responsibility for any damage or loss caused by using or misusing the guide or script. By using the guide or script, you acknowledge that you are solely responsible for any outcomes, including but not limited to device damage, data loss, or voided warranty. Please note that modifying system files, including extracting the boot image, can have serious consequences if not done correctly. It is recommended to seek additional resources, such as official documentation or dedicated forums, for your specific device and firmware version.

why can't you do this by opening a shell with adb in the device?? or can you?? just instead of downloading termux space is always limited on older phones anyway. Just an idea

@rvcproton Thanks for suggestion! , yes you can use adb shell su
to execute the necessary commands to find and extract the boot img if you want to. Initially I just wanted to to make the guide as minimal as possible and user friendly. I didn't thought that space can be a concern on older phones. Anyways I will update the guide when I'll have free time.

@rvcproton Thanks for suggestion! , yes you can use adb shell su to execute the necessary commands to find and extract the boot img if you want to. Initially I just wanted to to make the guide as minimal as possible and user friendly. I didn't thought that space can be a concern on older phones. Anyways I will update the guide when I'll have free time.

Is it possible to extract the boot.img or init_boot.img Without root or any kind of recovery or Fastboot rom?

Because in some situations there is no recovery image available online, so you want to extract the boot.img so you can patch in Magisk to get root acces.

So the question is, Is it possible to extract the boot.img or init_boot.img Without root or any kind of recovery or Fastboot rom? If pc is need it that's okay.

Let me know!

@Hot12345 the guide is all about that 🙃 didn't you have read it fully or you just don't understand?,
Btw if you want to extract init_boot just replace

for PARTITION in "boot" "boot_a" "boot_b"; do

with

for PARTITION in "init_boot_a" "init_boot_b"; do

Other commands remains same, this will reveal the path for those partition and you can then use dd command to get the image procedure is same.

I read the whole guide ghehe. The problem with this is, that with: DSU SideLoader -> Step 4 you saying that you need: ''superuser permission", aka this called root access.

So therefore Im saying, Im looking for a way when as a user installed the OTA / Update ROM, and there is no Fastboot or Recovery available on the internet, how can I extract the boot.img / init_boot.img from the phone WITHOUT having ROOT access already applied on the phone? Even with a computer and/or cmd to extract the boot.img of the phone that the phone sits at.

So therefore Im saying, Im looking for a way when as a user installed the OTA / Update ROM, and there is no Fastboot or Recovery available on the internet, how can I extract the boot.img / init_boot.img from the phone WITHOUT having ROOT access already applied on the phone? Even with a computer and/or cmd to extract the boot.img of the phone that the phone sits at.

I didn't fully get it either, but DSU Sideloader can be used with Shizuku that doesn't even require a PC. As I understand it, after booting into GSI you have to do terminal stuff to extract boot.img.

Guide is pretty unclear on GSI part, would be nice if it was explained better

@Damglador yes you are right, actually I am too lazy I didn't even updated it🙃

Btw guys if your device has gki kernel and fastboot boot support (temp booting) u can just boot any gki kernel provided by kernelsu to get temporary root and then you can do anything like flashing magisk or extracting img etc more details https://kernelsu.org/guide/installation.html#install-with-boot-img-provided-by-kernelsu

@Hot12345

If you need assistance do contact me on telegram link is on my GitHub profile, I will help you step by step if I have time:⁠-⁠)

I also might need some help, but I hope I'll figure it out

Btw guys if your device has gki kernel and fastboot boot support (temp booting) u can just flash any gki kernel provided by kernelsu to get temporary root and then you can do anything like flashing magisk or extracting img etc more details https://kernelsu.org/guide/installation.html#install-with-boot-img-provided-by-kernelsu

As soon as you flash boot partition, you loose the ability to restore it back with the original (which you didn't dump yet). The classic chicken and egg problem.

@sagb Bruh why would you flash? I am talking about fastboot boot which we can use for temporarily booting image. some phone's fastboot doesn't support this but that's a another thing.

But know that when u boot image with fastboot boot cmd your phone will automatically restore back to your original image if it's restarted.

dd if=/dev/block/mmcblk0p42 of=/sdcard/boot_a.img
In this command, if my device uses B slot, should I extract it as boot_b?

@turk1283 name actually doesn't matter, but yeah if you want you can save with boot_b.img

@turk1283isim aslında önemli değil ama evet istersen boot_b.img ile kaydedebilirsin

Thanks, thanks to your guide, I successfully rooted my Tecno Pova 4.