Disable avb/dm-verity manually on super partition

my doogee s96, with the TWRP no more able to boot, probably due to the dm-verity check. I tried several things, install Magisk or patching boot.img, but I always failed. The phone starts and suddendly swicth to TWRP without launching Android. With the suggestion of @alecxs I pulled the super partition through adb and umpacked with lpunpack. The idea is to manually disable the avb/dm-verity control. Now I have product.img + system.img + vendor.img. I can open them with 7z and, for instance, i found many lines on /vendor.img/etc/fstab.mt6785 using avb: system /system ext4 ro wait,,avb=vbmeta_system,logical,first_stage_mount,avb_keys=/avb/q-gsi.avbpubkey:/avb/r-gsi.avbpubkey:/avb/s-gsi.avbpubkey vendor /vendor ext4 ro wait,,avb,logical,first_stage_mount product /product ext4 ro wait,,avb,logical,first_stage_mount or the system.img/init.rc with the line exec -- /system/bin/fsverity_init and system.img/system/bin/fsverity_init: # Enforce fsverity signature checking echo 1 > /proc/sys/fs/verity/require_signatures # Load all keys for cert in /product/etc/security/fsverity/*.der; do /system/bin/mini-keyctl padd asymmetric fsv_product .fs-verity < "$cert" || log -p e -t fsverity_init "Failed to load $cert" done # Prevent future key links to .fs-verity keyring /system/bin/mini-keyctl restrict_keyring .fs-verity || log -p e -t fsverity_init "Failed to restrict .fs-verity keyring" The question is: **Is it possible to manually edit the imgs, repack the super and adb push it to make my phone start again?** What should I do? Thank you in advance! State of the art: ----------------- from adb i pulled the superpartition from the device adb pull /dev/block/platform/bootdevice/by-name/super super.img i extracted it with lpunpack in two folders: ./otatools/bin/lpunpack --slot=0 ./super.img ./superA/ mounted and enlarged the partition + edited the fstab.mt6785 sudo mount -t ext4 -o loop,rw,noexec,noatime vendor.img /mnt/vendor sudo dd if=./vendor.img bs=1MiB of=./vendor.img conv=notrunc oflag=append count=5 #to add 5MB sudo losetup | grep vendor #get the right loop device, in my case loop25 sudo losetup -c /dev/loop25 sudo resize2fs /dev/loop25 sudo vim /mnt/vendor/etc/fstab.mt6785 #removed the avb options in vendor, system and product sudo umount /mnt/vendor Following this guide , I built a new super.new.img: $e2fsck -yf vendor.img $resize2fs -M vendor.img $e2fsck -yf vendor.img $stat -c '%n %s' * super.img 3758096384 product.img 1596944384 system.img 1128718336 vendor.img 544976896 $../otatools/bin/lpmake --metadata-size 65536 --super-name super --metadata-slots 1 --device super:3758096384 --group main:3270639616 --partition system:readonly:1128718336:main --image system=./system.img --partition vendor:readonly:544976896:main --image vendor=./vendor.img --partition product:readonly:1596944384:main --image product=./product.img --sparse --output ./super.new.img lpmake I 02-17 12:18:27 2646704 2646704 builder.cpp:1012] [liblp]Partition system will resize from 0 bytes to 1128718336 bytes lpmake I 02-17 12:18:27 2646704 2646704 builder.cpp:1012] [liblp]Partition vendor will resize from 0 bytes to 544976896 bytes lpmake I 02-17 12:18:27 2646704 2646704 builder.cpp:1012] [liblp]Partition product will resize from 0 bytes to 1596944384 bytes Invalid sparse file format at header magic Invalid sparse file format at header magic Invalid sparse file format at header magic even though the size of super.new.img is not the same of super.img (is it normal??) $stat -c '%n %s' super.new.img super.new.img **3248851200** when I flash it with adb the phone goes straight to the recovery without booting android. Please note that 3248851200 is not divisible by 512, which is a requirement of lpmake.... Any suggestion?