[X3non]

This is a quick guide showing how to disable dm_verity or Android Verified Boot (AVB). Disabling dm-verity / AVB is only important if you intend to flash custom images such as patched boot, custom recoveries or even custom roms onto your device

See the video below or @ https://youtu.be/Oa6ZCb-61B0

Method 1 - Manually patching boot.img using hex editor

Requirements

• Stock boot.img for your phone model (its best its for your Build Number / Variant ) . You can extract from the stock rom / firmware of your device (you may check our firmware collection) OR backup from your device using any method at the forum e.g Wwr_Mtk, Miracle Box, CM2, Nck Box Pro etc
  
• Hxd hex editor ; download @ https://mh-nexus.de/en/hxd/
  
• Install adb and fastboot
  

Follow the steps below to patch boot.img manually to remove dm_verity

1. Launch Hxd hex editor tool
   
2. Drag and drop your boot.img onto hxd hex editor window
   
3. Click Search > Replace
   
4. In the Replace windows, Click Hex-values tab and input the following below
   
   Code:

   search for   : 2C 76 65 72 69 66 79
replace with : 00 00 00 00 00 00 00
   
   
5. Click "Replace all"
   
6. You can confirm if all traces of "verify" has been removed, click Search > find > Text-string
   
   Code:

   search for : verify
   
   
7. Click Search all, and you should get a prompt "Can't find verify", click OK
   
8. Click File > save
   
9. The original unmodified file will be saved as boot.img.bak while the new modified file will be saved as boot.img
   
10. You can now flash the newly patched boot.img using fastboot to remove dm_verity from your device
    
    Code:

    adb devices
adb reboot-bootloader
fastboot devices
fastboot flash boot boot.img

Method 2 - Patching boot.img using magisk manager

Requirements

• Stock boot.img for your phone model (its best its for your Build Number / Variant ) . You can extract from the stock rom / firmware of your device (you may check our firmware collection) OR backup from your device using any method at the forum e.g Wwr_Mtk, Miracle Box, CM2, Nck Box Pro etc
  
• Download Latest Magisk Manager apk @ https://github.com/topjohnwu/Magisk/releases
  
• Active internet connection on your Android device
  
• Install adb and fastboot
  

Follow the steps below to patch boot.img using magisk manager to remove dm_verity

1. Copy the stock boot.img of your device to your phone's internal storage or SD card
   
2. On your phone, launch magisk manager app
   
3. If you're not using the latest version, you'll have to update the app first before proceeding
   
4. Click "Advanced settings" > Untick the checkbox beside "Preserve AVB 2.0/dm-verity"
   
5. Select Install > Install > Patch Boot Image File >
   
6. Navigate to the location of the stock boot.img you copied earlier on, then Select it. Note that if you are using a samsung device then you should select the firmware of your device in .tar format instead of boot.img
   
7. Magisk Manager should begin downloading the magisk zip file used for patching
   
8. Once download is complete, MagiskManager will automatically patch the file and store it under SDcard/Download/magisk_patched.img[.tar]
   
9. You can now flash the magisk_patched boot using fastboot to remove dm_verity from your device
   
   Code:

   adb devices
adb reboot-bootloader
fastboot devices
fastboot flash boot magisk_patched.img

Method 3 - Flashing vbmeta

Requirements

• Device with /vbmeta partition
  
• Download empty vbmeta.img @ [ Login / Register to download free] if your device doesn't require a signed vbmeta or generate a custom signed vbmeta if it does
  
• Install adb and fastboot
  

Follow the steps below to flash vbmeta.img to remove dm_verity

1. Copy the vbmeta.img into your adb and fastboot folder
   
2. You can now flash the vbmeta.img using fastboot to remove dm_verity from your device
   
   Code:

   adb devices
adb reboot-bootloader
fastboot devices
fastboot flash vbmeta vbmeta.img
   
   
3. If the command above doesn't work for you, then you can try either of these commands below
   
   Code:

   fastboot --disable-verity flash vbmeta vbmeta.img
fastboot --disable-verity -disable-verification flash vbmeta vbmeta.img

Important Notice

• If your device runs on android 9 (pie) and has a vbmeta partition then you must use method 3 as other methods won't work for your device
  
• If your device runs on android 8.x (oreo), then you can try either method 1 or 2
  
• If magisk patched boot (which also includes root) bootloops your device then you can try method 1 instead then use a custom recovery to attempt flashing supersu zip to get root
  
• If you've tried method 1 and there's nothing been replaced then you should use method 2 and let magisk do the patching
  

[ikasemota]

Do I need to unlock the bootloader before I could proceed on method #3?

[X3non]

Do I need to unlock the bootloader before I could proceed on method #3?

yes

[Mitchie Boom]

Hi I successfully ported a TWRP from my stock recovery however when I'm going to flash an image there was no system partitions and other partitions, what should I do?

[X3non]

Hi I successfully ported a TWRP from my stock recovery however when I'm going to flash an image there was no system partitions and other partitions, what should I do?

already replied to @ https://forum.hovatek.com/thread-21839-p...#pid192649

[desexiet]

Hi I successfully ported a TWRP from my stock recovery however when I'm going to flash an image there was no system partitions and other partitions, what should I do?

Were you able to install the ported TWRP successfully?

[mainframe]

Hi,

I was following your instructions of creating a custom vbmeta with all the keys (boot key modified) and this guide to flash a patched boot
img, but i am stuck on flashing anything with fastboot. No matter if it is original or patched, it is always stuck like this:

Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (1024 KB)                        OKAY [  0.043s]
Writing 'vbmeta'                                                                                                       

I would appreciate any thoughts on my conundrum.

/edit: The bootloader is unlocked (also by following a hovatek guide with the modified fastboot)

[X3non]

Hi,

I was following your instructions of creating a custom vbmeta with all the keys (boot key modified) and this guide to flash a patched boot
img, but i am stuck on flashing anything with fastboot. No matter if it is original or patched, it is always stuck like this:

Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (1024 KB)                        OKAY [  0.043s]
Writing 'vbmeta'                                                                                                       

I would appreciate any thoughts on my conundrum.

/edit: The bootloader is unlocked (also by following a hovatek guide with the modified fastboot)

did you try using the fastboot binary used while unlocking bootloader?
if you still have problems then create a new thread for this issue..click the "ask question" button at the top

[ikasemota]

Please I read somewhere that it is also possible to flash an image file with SP flash tool without unlocking the bootloader. How true is that?

[X3non]

Please I read somewhere that it is also possible to flash an image file with SP flash tool without unlocking the bootloader. How true is that?

true (if the device in question allows flashing custom images ie non-verified or -sign images using spft) but you should also note that on recent android versions the chances are you'll brick the phone if you flash custom images without unlocking bootloader as a locked bootloader will always attempt to verify the integrity of OS before booting