Skip to content

Instantly share code, notes, and snippets.

@gitclone-url
Last active December 30, 2024 08:24
Show Gist options
  • Save gitclone-url/a1f693b64d8f8701ec24477a2ccaab87 to your computer and use it in GitHub Desktop.
Save gitclone-url/a1f693b64d8f8701ec24477a2ccaab87 to your computer and use it in GitHub Desktop.
Guide on how to extract boot image from any android phone without needing to root using magisk and without custom recovery.

Boot Image Extraction Guide

Guide on how to extract a boot image from any Android phone without needing to root using Magisk and without a custom recovery.

Most Android users face hurdles when attempting to root their phones because they require a boot image for patching, and custom recoveries specifically designed for their devices are often unavailable. Additionally, finding the phone firmware online can be challenging. As a result, rooting such phones becomes a daunting task. In this guide, I'll provide a comprehensive solution for users who want to extract the boot image from their phone without the need to root it first, download firmware from the internet, or rely on custom recoveries.

Getting started!

Before diving into the guide, please thoroughly review the Frequently Asked Questions (FAQ) to understand the basics of GSI and the various naming conventions used by GSI builders and maintainers.

Accessing and modifying system files on your device typically requires superuser permissions. To extract the boot image, we'll need a root environment. We'll achieve this by using a GSI that includes the "su" binary or has superuser capabilities built-in.

You can use this Lineage OS GSI as an example. You'll need to flash it onto your phone.

If you're unfamiliar with flashing a GSI or unsure how to proceed, watch this YouTube video or search online for additional guides. You can also join the PHH GSI support group on Telegram for assistance.

Alternatively, the DSU sideloader can be used to install GSIs via Android's DSU feature with ease. For a detailed explanation, watch this YouTube video.

Steps to Follow After Flashing/Installing a GSI

Manual Process

  1. Download the Termux app from here.
  2. If not pre-installed, download the PHH Superuser app from here.
  3. Open Termux, grant storage permission, type su, and approve the superuser request from the PHH app to gain root access.
  4. With superuser permission, you can access any system file. Copy and enter the following command in termux:
for PARTITION in "boot" "boot_a" "boot_b"; do
  BLOCK=$(find /dev/block \( -type b -o -type c -o -type l \) -iname "$PARTITION" -print -quit 2>/dev/null)
  if [ -n "$BLOCK" ]; then
    echo "$PARTITION" = $(readlink -f "$BLOCK")
  fi
done

This command will display the boot partition paths for both A/B and A-only devices.

Note!

On A/B devices, the loop command will display the boot partition paths for both slots, something like this!

boot_a = /dev/block/sda40
boot_b = /dev/block/sda41

In this case, you can extract the image corresponding to your currently active slot.To determine the active slot, enter the command getprop ro.boot.slot_suffix. If the output is _a, use the path for boot_a; otherwise, use the path for boot_b.

  1. Finally, use the following command to extract the image from the specified boot path:
dd if=<boot_partition_path> of=<output_path>

For example:

dd if=/dev/block/mmcblk0p42 of=/sdcard/boot_a.img

Automated Extraction

If you find the manual process too complicated, you can use my Boot-image-Extractor script. This script automates the task, making the extraction process simpler and more efficient. You can find detailed instructions and usage guidelines within the repository.

Disclaimer!

The guide and script provided are for informational purposes only. The author does not take responsibility for any damage or loss caused by using or misusing the guide or script. By using the guide or script, you acknowledge that you are solely responsible for any outcomes, including but not limited to device damage, data loss, or voided warranty. Please note that modifying system files, including extracting the boot image, can have serious consequences if not done correctly. It is recommended to seek additional resources, such as official documentation or dedicated forums, for your specific device and firmware version.

@Damglador
Copy link

I also might need some help, but I hope I'll figure it out

@sagb
Copy link

sagb commented Sep 5, 2024

Btw guys if your device has gki kernel and fastboot boot support (temp booting) u can just flash any gki kernel provided by kernelsu to get temporary root and then you can do anything like flashing magisk or extracting img etc more details https://kernelsu.org/guide/installation.html#install-with-boot-img-provided-by-kernelsu

As soon as you flash boot partition, you loose the ability to restore it back with the original (which you didn't dump yet). The classic chicken and egg problem.

@gitclone-url
Copy link
Author

@sagb Bruh why would you flash? I am talking about fastboot boot which we can use for temporarily booting image. some phone's fastboot doesn't support this but that's a another thing.

But know that when u boot image with fastboot boot cmd your phone will automatically restore back to your original image if it's restarted.

@turk1283
Copy link

dd if=/dev/block/mmcblk0p42 of=/sdcard/boot_a.img
In this command, if my device uses B slot, should I extract it as boot_b?

@gitclone-url
Copy link
Author

@turk1283 name actually doesn't matter, but yeah if you want you can save with boot_b.img

@turk1283
Copy link

@turk1283isim aslında önemli değil ama evet istersen boot_b.img ile kaydedebilirsin

Thanks, thanks to your guide, I successfully rooted my Tecno Pova 4.

@Hot12345
Copy link

Hot12345 commented Oct 8, 2024

First of all many thanks for @gitclone-url ❤️❤️❤️,
All the credits goes to him! By his help I make a small guide for myself!

I managed to extract the init_boot_a and _b.img file of my phone for root access::

Extracted the init_boot_image for acces to root::
Normal phone other then Xiaomi is it boot.img instead of init_boot_a/b.img::

Apps you need:

Working image: Unofficial Android 14 - LineageOS "Light" - Download
https://sourceforge.net/projects/andyyan-gsi/files/lineage-21-light/
BIG S in the file name for Superuser root acces.
lineage-21.0-20240824-UNOFFICIAL-gsi_arm64_vS.img

  1. Download Shizuku and setup this.

  2. Pair with wireless debugging in devp mode.
    3.Enable USB debugging and USB debugging security Settings

  3. Disable Batteryoptimize - Settings - Apps - Shizuku - disable pauze app activity unused- Batterysaver - No restrication

  4. Pair with Wireless debugging in devp mode

  5. Press on Start in Shizuku, when its done Shizuke is running.

  6. Authorized 0 applications, add DSU Sideloader

  7. Close all and start it again Shizuku , you see 1 authorized applications

  8. Go in DSU Sideloader -> Setting -> Operation Mode should Shizuku.

  9. Select the Lineage image S.build from above and select it. It should extract the image. give it time. Not enable Userdata size, and Image size.

  10. Allow one time acces from DSU Side loader

  11. From the notification bar - Dynamic System updates -> Press on Restart.

  12. Phone will boot into the Lineage OS with Superuser permission.

  13. Skip the Wizard. of the OS.

  14. Install from the Internet Termux

  15. Open Termux

  16. Type su
    Prompt SuperUser grant it.
    Use script below of Xiaomi.
    It will give 2 lines:
    init_boot_a = /dev/block/sde30
    init_boot_b = /dev/block/sde59

Extract both of these images of the init_boot_a & b.
dd if=/dev/block/sde30 of=/sdcard/init_boot_a.img
dd if=/dev/block/sde59 of=/sdcard/init_boot_b.img

Extract the init_boot_a and b .img to the PC.
Reboot to the normal state of the phone from the notification bar

Install Magisk.apk.
Patch the one of the Init_boot file. One will be succeed.
Extract the pathed_magisk-image copy that to the adb directory of your pc.
Enable USB debugging from devp mode.
Open CMD -> type adb devices to see if its detect.
type adb reboot fastboot
Because its a init_boot image file, type the following:
type fastboot flash init_boot magisk_patched.img
Quickly go in to the Magisk app, Find Magisk app in your device, open it, click “install” and then check “direct install”, then press “let’s go”. Magisk will now install and make the root permanent. Now click “reboot” and the device will restart.

@Zxxcxwww
Copy link

Can i extract the recovery.img file as well? If can please comment on this page thanks!

@gitclone-url
Copy link
Author

@Zxxcxwww Yeah it's possible, if your device has recovery partition then you can pull the image.
Just replace

for PARTITION in "boot" "boot_a" "boot_b"; do

with your desired partition name that you wanna find.
After locating you can pull the img with dd command 😉

@NeverSm1le
Copy link

Hello, I have a question. My device has a 64bit SoC yet the manufacturer decided to use 32bit Android on it, what GSI version should I use, arm or arm64?

@gitclone-url
Copy link
Author

@NeverSm1le To Know which GSI image is right for your device, Download Treble Info app and check the "Required Image" section. ✨

@NeverSm1le
Copy link

Thank you @gitclone-url, I tried but sadly my device is not unlocked, thankfully it just reboot into recovery and reboot normally after that.

@gitclone-url
Copy link
Author

gitclone-url commented Oct 26, 2024

Yeah bootloader needs to be unlocked, else can't flash/install GSI image.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment