Want to support our free Tech. tutorials, videos and tools? Donate A Gadget

Thread Rating:
  • 2 Vote(s) - 4.5 Average
  • 1
  • 2
  • 3
  • 4
  • 5

Share Share Pin
[Tutorial] How to disable dm-verity or Android Verified Boot (AVB)
#1


This is a quick guide showing how to disable dm_verity or Android Verified Boot (AVB). Disabling dm-verity / AVB is only important if you intend to flash custom images such as patched boot, custom recoveries or even custom roms onto your device

See the video below or @ https://youtu.be/Oa6ZCb-61B0


Method 1 - Manually patching boot.img using hex editor


Requirements


Follow the steps below to patch boot.img manually to remove dm_verity

  1. Launch Hxd hex editor tool
  2. Drag and drop your boot.img onto hxd hex editor window
  3. Click Search > Replace
  4. In the Replace windows, Click Hex-values tab and input the following below
    Code:
    search for   : 2C 76 65 72 69 66 79
    replace with : 00 00 00 00 00 00 00

  5. Click "Replace all"
  6. You can confirm if all traces of "verify" has been removed, click Search > find > Text-string
    Code:
    search for : verify

  7. Click Search all, and you should get a prompt "Can't find verify", click OK
  8. Click File > save
  9. The original unmodified file will be saved as boot.img.bak while the new modified file will be saved as boot.img
  10. You can now flash the newly patched boot.img using fastboot to remove dm_verity from your device
    Code:
    adb devices
    adb reboot-bootloader
    fastboot devices
    fastboot flash boot boot.img


Method 2 - Patching boot.img using magisk manager


Requirements


Follow the steps below to patch boot.img using magisk manager to remove dm_verity

  1. Copy the stock boot.img of your device to your phone's internal storage or SD card
  2. On your phone, launch magisk manager app
  3. If you're not using the latest version, you'll have to update the app first before proceeding
  4. Click "Advanced settings" > Untick the checkbox beside "Preserve AVB 2.0/dm-verity"
  5. Select Install > Install > Patch Boot Image File >
  6. Navigate to the location of the stock boot.img you copied earlier on, then Select it. Note that if you are using a samsung device then you should select the firmware of your device in .tar format instead of boot.img
  7. Magisk Manager should begin downloading the magisk zip file used for patching
  8. Once download is complete, MagiskManager will automatically patch the file and store it under SDcard/Download/magisk_patched.img[.tar]
  9. You can now flash the magisk_patched boot using fastboot to remove dm_verity from your device
    Code:
    adb devices
    adb reboot-bootloader
    fastboot devices
    fastboot flash boot magisk_patched.img


Method 3 - Flashing vbmeta


Requirements


Follow the steps below to flash vbmeta.img to remove dm_verity

  1. Copy the vbmeta.img into your adb and fastboot folder
  2. You can now flash the vbmeta.img using fastboot to remove dm_verity from your device
    Code:
    adb devices
    adb reboot-bootloader
    fastboot devices
    fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img

  3. If the command above doesn't work for you, then you can use the command below
    Code:
    fastboot flash vbmeta vbmeta.img


Important Notice
  • If your device runs on android 9 and above, then you must use method 3 as other methods won't work for your device
  • If your device runs on android 8.x (oreo), then you can try either method 1 or 2
  • If magisk patched boot (which also includes root) bootloops your device then you can try method 1 instead then use a custom recovery to attempt flashing supersu zip to get root
  • If you've tried method 1 and there's nothing been replaced then you should use method 2 and let magisk do the patching
Reply
#2

Do I need to unlock the bootloader before I could proceed on method #3?
Reply
#3

(29-04-2020, 02:21 PM)ikasemota Wrote:  Do I need to unlock the bootloader before I could proceed on method #3?

yes
Reply
#4

Hi I successfully ported a TWRP from my stock recovery however when I'm going to flash an image there was no system partitions and other partitions, what should I do?
Reply
#5

(07-05-2020, 05:43 PM)Mitchie Boom Wrote:  Hi I successfully ported a TWRP from my stock recovery however when I'm going to flash an image there was no system partitions and other partitions, what should I do?

already replied to @ https://forum.hovatek.com/thread-21839-p...#pid192649

Reply
#6

(07-05-2020, 05:43 PM)Mitchie Boom Wrote:  Hi I successfully ported a TWRP from my stock recovery however when I'm going to flash an image there was no system partitions and other partitions, what should I do?

Were you able to install the ported TWRP successfully?
Reply
#7

Hi,

I was following your instructions of creating a custom vbmeta with all the keys (boot key modified) and this guide to flash a patched boot
img, but i am stuck on flashing anything with fastboot. No matter if it is original or patched, it is always stuck like this:

Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (1024 KB)                        OKAY [  0.043s]
Writing 'vbmeta'                                                                                                       

I would appreciate any thoughts on my conundrum.

/edit: The bootloader is unlocked (also by following a hovatek guide with the modified fastboot)
Reply
#8

(30-05-2020, 12:28 PM)mainframe Wrote:  Hi,

I was following your instructions of creating a custom vbmeta with all the keys (boot key modified) and this guide to flash a patched boot
img, but i am stuck on flashing anything with fastboot. No matter if it is original or patched, it is always stuck like this:

Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (1024 KB)                        OKAY [  0.043s]
Writing 'vbmeta'                                                                                                       

I would appreciate any thoughts on my conundrum.

/edit: The bootloader is unlocked (also by following a hovatek guide with the modified fastboot)

did you try using the fastboot binary used while unlocking bootloader?
if you still have problems then create a new thread for this issue..click the "ask question" button at the top
Reply
#9

Please I read somewhere that it is also possible to flash an image file with SP flash tool without unlocking the bootloader. How true is that?
Reply
#10

(24-06-2020, 10:38 AM)ikasemota Wrote:  Please I read somewhere that it is also possible to flash an image file with SP flash tool without unlocking the bootloader. How true is that?

true (if the device in question allows flashing custom images ie non-verified or -sign images using spft) but you should also note that on recent android versions the chances are you'll brick the phone if you flash custom images without unlocking bootloader as a locked bootloader will always attempt to verify the integrity of OS before booting
Reply


Possibly Related Threads…
Thread / Author Replies Views Last Post



Users browsing this thread: 3 Guest(s)