Magisk MultiROM Support - Magisk

https://forum.xda-developers.com/showpost.php?p=69226527&postcount=6
Was this ever fully achieved? Fully systemlesz MultiROM support / module support with Magisk? I have always wanted to see the day that TWRP got a bit of a work over and addition of the possibility of a flashable addon for MultiROM support for what phones that would be supported. I brought this up to my team and also the OrangeFox and a few other groups hoping it might become something. But im getting OT here.. so lets -> back to Magisk chatter.
Any info would be greatly appreciated. Usually i do my fair share of extensive research before asking such but lately I have been overworked and haven't the time to pour over pages and pages as usual.
Thanks!

I've done tons of reading, can't seem to find the answer to this question either
Maybe @topjohnwu can chime in here...

noidodroid said:
https://forum.xda-developers.com/showpost.php?p=69226527&postcount=6
Was this ever fully achieved? Fully systemlesz MultiROM support / module support with Magisk? I have always wanted to see the day that TWRP got a bit of a work over and addition of the possibility of a flashable addon for MultiROM support for what phones that would be supported. I brought this up to my team and also the OrangeFox and a few other groups hoping it might become something. But im getting OT here.. so lets -> back to Magisk chatter.
Any info would be greatly appreciated. Usually i do my fair share of extensive research before asking such but lately I have been overworked and haven't the time to pour over pages and pages as usual.
Thanks!
Click to expand...
Click to collapse
Hey Buddy, Long time no see... Since the android forums days i guess it was.
I ended up here because i was searching to see if there was perhaps a magisk module to enable this as a test feature? or if there was a bit better documentation on how this would work...
My team and I have been deving for some alcatel mtk devices, and we are searching for info to either add multi/dual boot functions to our personal recovery builds, or find or build some other sort of solution.
I actually stumbled right to here.
So say, @topjohnwu would you happen to be able to drop any of us a plug-in module or a quick how to for those of us who ARE GOING TO KILL DEVICES ANYWAY playing with this stuff?
I'd definitely beta test any of that, @topjohnwu I was taking apart your Magisk and reversing/modding parts of it to accomplish some dificult things in one of my devices and wanted to compliment your clean style in your scripts.
I was thinking to my self that day though ,
"Could I change some things to make an option to switch between several GSI system.img stored on sdcard thats partially formatted ext4... and perhaps have it ask me which slot.." When thinking about it, if I make several 4-5 GB ext4 partitions on my sdcard I should be able to write a system.img to each of those partitions, then have magisk take a user selection and boot the system from that partition....{speaking about an arm a-only device}
it would become more difficult with system-as-root though wouldn't it? I'd think it would be possible to do some sort of fstab muckery where the script looks for these partitions, u choose 1, it sets a variable, and restarts the boot process with that VAR set to boot the system on chosen partition....
IDK I bet Mr John WU probably has it already worked out but these are just a few of the things we are messing with over at my support/development group on Telegram..
https://t.me/Android_General_Chat

LgPWN'd said:
Hey Buddy, Long time no see... Since the android forums days i guess it was.
I ended up here because i was searching to see if there was perhaps a magisk module to enable this as a test feature? or if there was a bit better documentation on how this would work...
My team and I have been deving for some alcatel mtk devices, and we are searching for info to either add multi/dual boot functions to our personal recovery builds, or find or build some other sort of solution.
I actually stumbled right to here.
So say, @topjohnwu would you happen to be able to drop any of us a plug-in module or a quick how to for those of us who ARE GOING TO KILL DEVICES ANYWAY playing with this stuff?
I'd definitely beta test any of that, @topjohnwu I was taking apart your Magisk and reversing/modding parts of it to accomplish some dificult things in one of my devices and wanted to compliment your clean style in your scripts.
I was thinking to my self that day though ,
"Could I change some things to make an option to switch between several GSI system.img stored on sdcard thats partially formatted ext4... and perhaps have it ask me which slot.." When thinking about it, if I make several 4-5 GB ext4 partitions on my sdcard I should be able to write a system.img to each of those partitions, then have magisk take a user selection and boot the system from that partition....{speaking about an arm a-only device}
it would become more difficult with system-as-root though wouldn't it? I'd think it would be possible to do some sort of fstab muckery where the script looks for these partitions, u choose 1, it sets a variable, and restarts the boot process with that VAR set to boot the system on chosen partition....
IDK I bet Mr John WU probably has it already worked out but these are just a few of the things we are messing with over at my support/development group on Telegram..
https://t.me/Android_General_Chat
Click to expand...
Click to collapse
Very good write up on Tue thoughts of how one could achieve what we have in thought at this moment. I have similar thoughts but haven't taken them very deep as most know I'm back And fourth between handsets and ideas. Good work. Perhaps the top hat Mr John wu can elaborate a bit more on this subject matter.

Have you solved the problem?
Teach me please

SupraLance said:
I've done tons of reading, can't seem to find the answer to this question either
Maybe @topjohnwu can chime in here...
Click to expand...
Click to collapse
Perhaps he can. When we get around to building recoveries for the Schokk Turbo and Schokk Turbo XL along with more solid verions for the Orbic Wonder and Orbic Slim I want to get the team working on a custom verison or plugin. That and or EFI Droid which is might interesting... Here check it out - https://efidroid.org/ - https://forum.xda-developers.com/android/general/poll-recovery-t3942781 .
Btw are you a sys admin? I know a Lance that was a SYS Admin for a local ISP. I'm a stones throw away from your county.

Any solutions ever become of this idea? Curious to know.

noidodroid said:
Any solutions ever become of this idea? Curious to know.
Click to expand...
Click to collapse
Bump

Related

[Q] Could this actually work for our milestones (Q)

Could this possibly work for our milestones? (Just a question, beginner here)
http://www.phonedog.com/2011/01/20/why-is-motorola-continuing-to-lock-bootloaders/ :
Motorola made it extra difficult – for some – to do what they wanted in terms of software and loading ROMs. Some developers got smart about this though, and an application named Droid X Recovery Bootstrap (by Koush) popped up in Android Market. This application hijacked parts of the boot process and fooled the system into thinking everything was okay. In other words, it was a workaround for Motorola's sneaky and unwelcome software. Point being, no matter how hard a company works to prevent users from loading ROMs on their Android devices or jailbreaking their iPhones, developers find a way around it. Every time. Most people are fond of Motorola's nice build quality, but not everyone is a fan of MOTOBLUR; the same could be said of HTC and Sense UI. So why not give users a choice or at least assist them in making their phone what they want it to be?
Yes, but there is an easier way to boot into recovery.
It doesn't help us at all;
http://www.koushikdutta.com/2010/08/droid-x-recovery.html
So can we now install custom ROMs?
Yes, but you can't replace the kernel or boot image. But really, once you have access to /system, anything is possible. It will just take a little hackery.
Click to expand...
Click to collapse
we don't need tht to gain access to /system. we already got access to /system thts why u can see alot of custom mods downs here. which i think is much better compared to any others custom rom as alot of our dev's are pro's and really spent alot of time to make the mods almost perfect.
We are using similar way to boot custom ROMs on Milestone for some time already.
1. sh-hijack to take over the control during the early init phase (on init)
https://github.com/nadlabak/android_system_core/commit/6c27adb5b0e33f214c48ee2411a717f6343c81b8
(hacked sh will run /system/bin/sh_hijack.sh instead of /init_prep_keypad.sh)
2. 2nd-init run from sh-hijack script, to restart the init process with custom init.rc scripts in use
https://github.com/nadlabak/android_device_motorola_umts_sholes/blob/froyo/prebuilt/bin/sh_hijack.sh
(copy init scripts from /etc/rootfs to root and run 2nd-init)
https://github.com/nadlabak/android_device_motorola_umts_sholes/blob/froyo/prebuilt/bin/2nd-init.c
(restart init)

kexec for HP TouchPad (WORKING release!)

kexec is now fully working!
Kexec host kernel: https://github.com/willcast/ubuntu-kernel-tenderloin branch is "kexec"
Graphical bootloader: https://github.com/willcast/kexecboot
Compiled host kernel uImage UPDATED: https://docs.google.com/file/d/0B4WUjKii92l2RHJoNE93c2dVRlU/edit?usp=sharing
THE ATTACHED KERNEL PATCH (decomp_copy_atags.diff) _MUST_ BE APPLIED for ANY kernel to be bootable FROM kexec.
YouTube: http://www.youtube.com/watch?v=ko_4cOj_5iM
Kexec kernel and OS installation is best performed through SmackMe2, which is available in its own thread on this site.
I have no idea what you are saying, but keep up the great work!
Keep up the good work man , one question with you work in the future can we delete web os from the touchpad forever?
I imagine that's already possible. Use lvm to delete all the logical volumes not tied to another OS and then delete the uImage.webOS symlink. That deletes webOS, frees mostof its space and removes it from the moboot menu.
If you choose to do that, though, using the doctor to restore WEBOS will be even more difficult because you'll have to wipe out everything AND potentially need to "unbrick" your TP (using the method involving NovaCom, the small boot image ripped from the doctor and a string of LVM commands that is posted on sone or other forum.)
Lvm? Can you make a tutorial? How to remove webos from touchpad?
Thank you
Before this is complete or posted for testing, I think we will need a tutorial and links to files of how to fix the tp from a full brick such as issues with removing and restoring webos.
Great job if your boot loader works as planned we will have a full multi-boot device with a few restrictions(drivers for untested ports, etc).
Keep it up.
Sent from my cm_tenderloin using xda app-developers app
Awesome that you're resuming development castrwilliam! Can't help you with kexec though, sorry. I hang around in the Motorola Defy forums and some developers like Quarx have tried pursuing the kexec route in order to load custom kernels onto the Defy, might be worthwhile to throw him a PM. Would be great to have a more flexible bootloader!
I anyone needs a full restore, this thread helped me out. I followed the instructions when I screwed up and doctored without removing partitions. I believe WebOS Doctor handles repartitioning, so it should work:
http://forum.xda-developers.com/showthread.php?t=1426244
WORKING (but non-Kexec) Android multiboot for TouchPad.
DON'T TRY ANYTHING UNTIL YOU HAVE READ THE WHOLE POST!!
Beta 2 Updated with support for my Froyo Qcom kang.
I created a script that can install multiple versions of Android on the HP Touchpad, side by side, such that they can be selected at the MoBoot menu and operate independently. The script modifies them, on the Touchpad itself, to work with the new names for the partitions.
I want your feedback on this installer. It is used in the same way as ACME Installer but only shares one line of actual code with it (and it also uses the same binaries and config files on the initial ramdisk image, but they are Open Source so that should'nt matter.) I'll be posting this on XDA in a minute, my username there is also "castrwilliam".
If you do choose to use (TEST!) this:
- You need to create a folder on your media partition (the one that is shown when you select USB mode) with the following zips:
moboot [moboot_0.3.5.zip]
(the rest are optional but I recommend using them all so that you can help me test everything)
Froyo Test [Froyo-2.2.1-Qcom-Kang-Touchpad-a0.1-incl-gapps.zip]
CM7 alpha3.5 [update-cm-7.1.0-tenderloin-a3.5-fullofbugs.zip]
CM9 latest nightly [cm-9-xxxxxxxx-NIGHTLY-tenderloin.zip]
CM10 latest preview [cm-10-xxxxxxxx-EXPERIMENTAL-tenderloin-FOR_LIMITED_TESTING_ONLY_CAM.zip]
2.3.x gapps [gapps-gb-xxxxxxxx.zip]
4.0.x gapps [gapps-ics-xxxxxxxx.zip]
4.1.x gapps [gapps-jb-xxxxxxxx.zip] MAKE SURE not to use 4.2 gapps!
(NO Android Recovery will work yet, so don't try. It will reject TWRP and CWM at least.)
- If you already have Android and/or Moboot and/or native Linux (Ubuntu, etc.) installed:
* back up any data on your media volume. webOS should back up your apps for you.
* make both a nandroid (which WON'T work to restore in a multiboot config, but if you go back to single boot, it will be fine) and a Titanium backup [which should be portable to the same OS.]
* run ACMEUninstaller and then run SmackMe-Installer.
* if you have native Linux, backup your /etc and /home (I recommend the lovely GNU tar and gzip/bzip2). That should be the majority of what to keep.
* ALSO uninstall any native Linux you may be using after you back it up.
* lastly unzip and novacom boot the SmackMe-Installer.
If you don't already have Android, MoBoot OR native Linux, just:
* back up any data on your media volume. webOS should back up your apps for you.
* then unzip and novacom boot the SmackMe-Installer.
youtube demo:
http://www.youtube.com/watch?v=8Hhy20lzhR4&feature=youtu.be
File should be attached. Report bugs by PM'ing me, or posting in this thread
Can i remove webos with this multiboot? And stay only on android and ubuntu?
This is strictly an installer. I was going to write a webOS removal script. However, android doesn't have the needed binaries. That leaves me two options: make another thing like SmackMe to do it or do it under whatever version of native Ubuntu you are running. Either way, I really don't want to have to test it myself. If I need to I'll have to doctor my touchpad EVERY TIME I do it. That's a lot of doctoring and a lot of flash write wear. So the answer is basically "find me a dev that wants to remove webos too. They'll either make you one or beta test mine." Sorry man.
Amazing keep up the good work castrwilliam !
Strange request
Hey, does anyone here still have the 2011 Froyo (2.2.1) system dump for Touchpad? It wasn't CM6, just something that HP accidentally released and someone over at Rootzwiki dumped. I'm posting this here because I have no account and they'd think I'm a noob there. All the links are down to it and I want to try messing around with its files, just for kicks. Maaaaybe I can get it to boot, and add support for it to the SmackMe installer, so at least I can have *four* versions of Android on my touchpad.
http://forum.xda-developers.com/showthread.php?t=1234381
You know, 'cause I'm just that crazy.
Wow it's been hard to find it but i think this is the good dump:
http://download.digiex.net/Consoles/Tablets/HP-Touchpad-Android2.2.1-Disk-Images.zip
sources:
http://digiex.net/downloads/downloa...hpad-android-2-2-1-system-image-download.html
it's alive! (sorta)
Somebody on XDA found a link that I thought was dead. It was the mmc dump of someone who had Froyo leaked by HP onto their fire-sale Touchpad.
FAQ:
"Obviously nobody wants this. Everybody's running Jelly Bean."
That's exectly why I did it. My point is to do the most outrageous and downright unnecessary things possible with commonplace hardware.
"What doesn't work?"
Rotation, sound, wi-fi, softkeys (i.e. Home, Back, Menu, Search.)
"What does work?"
Camera (OH HAYULL YA), touchscreen, battery reading, power button, volume button (but it dosen't matter b/c sound is borked).
"I can haz Modded Froyo?!"
Not yet.
YouTube: http://www.youtube.com/watch?v=zX29IcTIB14
Hah awesome work, I think you hold the record of most different OS'es on one device now! It looks quite functional already.
Oh and about the "Obviously nobody wants this. Everybody's running Jelly Bean." quote, I only run WebOS and your Ubuntu 12.10 port on the TP!
As soon as I get my power button sorted out I am on this!
Sent from my slim_tenderloin using xda app-developers app
Hey everyone! Froyo here!
I've just zipped up my Froyo kang such that it will work if flashed from SmackMe, and if you're crazy enough to run it alone, hopefully also Android recovery.
sound works!!
The Wi-Fi works now BUT YOU NEED A STATIC IP ADDRESS. (problems with dhcpcd)
The buttons are hacked to work (by my new shell script: /system/bin/buttond, check it out) as follows:
Volume Down is Back
Volume Up is Menu
Center is Home.
Obviously once the audio works (if ever) that will be an issue. My embarrassing secret (at least probably to the devs here) is that I don't know Java. That makes it difficult to mod on any touchscreen buttons...
The real audio library is /system/lib/libaudioflinger.real.so and the stub one (default via a symlink) is /system/lib/audioflinger.so. Using the real one causes bootloops.
Auto rotation still won't function.
Google Apps and even Facebook are included in this ROM. (It's not CM6.) So are some potentially geeky Qualcomm apps.
Don't set up your Google Account during first boot, because it will ask you to slide the keyboard open. That sounds pretty impossible onn this device. Set it up from Settings later, and you shouldn't have that issue.
UPDATED due to install issues with actual Android Recovery. Redownload.
Download Initial Version (Alpha Minus-One-Point-One): https://www.dropbox.com/s/wcs2mra8aedj1hf/Froyo-2.2.1-Qcom-Kang-Touchpad-a0.1-incl-gapps.zip
Download Second Version (Alpha 0.2): https://www.dropbox.com/s/t1cptjj5i02epas/Froyo-2.2.1-Qcom-Kang-Touchpad-a0.2-incl-gapps.zip
^^^
I wanted to try froyo soo bad when I heard about those dumps last year (I think) lol. I still want to try it.
Now, if I read correctly, I can flash this from TWRP/CWM right?
jacobas92 said:
^^^
I wanted to try this soo bad when I heard about it last year lol. I still want to try it.
Now, if I read correctly, I can flash this from TWRP/CWM right?
Click to expand...
Click to collapse
It should work from that. I only tried with my SmackMeInstaller from the last page. That said... MAKE A NANDROID, because it WILL delete your current Android install, and if anything goes wrong (or even if it works but you see a CWM/TWRP error/warning), tell me and I'll fix it.
castrwilliam said:
It should work from that. I only tried with my SmackMeInstaller from the last page. That said... MAKE A NANDROID, because it WILL delete your current Android install, and if anything goes wrong (or even if it works but you see a CWM/TWRP error/warning), tell me and I'll fix it.
Click to expand...
Click to collapse
Ok, thanks!

Got Semi-Root-- Is Anyone Still Full-Rooted?

Dear forum,
Long time no talk! I have been able to get "root" for our phones on G925VVRU4BOG7, which anyone can downgrade to. The catch is that even with /system mounted as rw, I am unable to write to it directly through most conventional means. (I can write to /data, though, which means i can patch dalvik-cache, which means my mods are coming ) However, I am able to still write to it using another, more complicated way (I can go into more detail for those interested), as a whole. Here's where you come in-- is anyone still full-rooted? If so, please message me as soon as possible! I may be able to have users who are on newer builds downgrade to older builds and get su properly installed, then manually upgrade back up to the later builds again!
If you are rooted still, all i'm going to have you do is perform this command:
Code:
su
dd if=/dev/block/platform/15570000.ufs/by-name/SYSTEM bs=4096 of=/sdcard/system.img
Then send me that system.img file on your sdcard! It'll be pretty big, so you can zip it or .7z (7-zip), whatever you'd like to do.
I will also need what build you are on. You can just send me your Build number within "Settings->About phone".
First one who does it gets credits on the official release thread i'll make, when I get a procedure down that people can follow!
Thanks!
-Trailblazer101
i have an s6 edge on 5.0.2 rooted. Would that be of help?
Did you get the system.img file? I really wish I could help you. I have this phone on 6.0.1 and stuck without root, but the thing is I really need the root because I bought it used, worked fine the first few days, then didn't get any signal (turns out that it was reported as stolen and of course the IMEI got blacklisted; I tried to contact the seller but he was gone, and his ebay account deleted, so basicly I'm stucked with a ' 5.1" tablet' . I got scammed :/ )
I would be very grateful if you could explain how did you get root on G925VVRU4BOG7 . I know that you want the file mentioned for creating some kind of universal root for the phone, but right now I'm kind of desperate and need root as soon as possible to fix my IMEI issue and I would follow your steps if you made a tutorial.
Thank you very much!
trailblazer101 said:
Dear forum,
Long time no talk! I have been able to get "root" for our phones on G925VVRU4BOG7, which anyone can downgrade to. The catch is that even with /system mounted as rw, I am unable to write to it directly through most conventional means. (I can write to /data, though, which means i can patch dalvik-cache, which means my mods are coming ) However, I am able to still write to it using another, more complicated way (I can go into more detail for those interested), as a whole. Here's where you come in-- is anyone still full-rooted? If so, please message me as soon as possible! I may be able to have users who are on newer builds downgrade to older builds and get su properly installed, then manually upgrade back up to the later builds again!
If you are rooted still, all i'm going to have you do is perform this command:
Code:
su
dd if=/dev/block/platform/15570000.ufs/by-name/SYSTEM bs=4096 of=/sdcard/system.img
Then send me that system.img file on your sdcard! It'll be pretty big, so you can zip it or .7z (7-zip), whatever you'd like to do.
I will also need what build you are on. You can just send me your Build number within "Settings->About phone".
First one who does it gets credits on the official release thread i'll make, when I get a procedure down that people can follow!
Thanks!
-Trailblazer101
Click to expand...
Click to collapse
I am currently running on A0E2 using your rooted rom for this phone. It runs great....except I tried flashing xposed framework using Flashfire and it of course failed...due to the fact that xposed only works on 5.1.1 or above...sucks we are in such a catch 22 with our devices...although I'm happy because I am still rooted.. Anyway...I set up ADB and entered that command you posted and it worked...I just don't know where the storage location of the system.img file is for me to transfer to my PC, 7zip, and send to you. Any help would be excellent....as I desperately want to run xposed framework on my device....but am stuck on 5.0.2
r0ckinb0i said:
I am currently running on A0E2 using your rooted rom for this phone. It runs great....except I tried flashing xposed framework using Flashfire and it of course failed...due to the fact that xposed only works on 5.1.1 or above...sucks we are in such a catch 22 with our devices...although I'm happy because I am still rooted.. Anyway...I set up ADB and entered that command you posted and it worked...I just don't know where the storage location of the system.img file is for me to transfer to my PC, 7zip, and send to you. Any help would be excellent....as I desperately want to run xposed framework on my device....but am stuck on 5.0.2
Click to expand...
Click to collapse
Looking at the last part of the command and if it ran successfully, it should be in /sdcard. Did you ever find it?
gabes100 said:
Looking at the last part of the command and if it ran successfully, it should be in /sdcard. Did you ever find it?
Click to expand...
Click to collapse
Thank you I found it...I'm new to command prompt although I am learning quickly. I found it. I just need to load it onto my computer and compress it so I can send it to Trailblazer. I will do that tomorrow night when I get back home.
I have the img on my computer. It is 4.3G. How do I get it to Trailblazer? Google Drive? EDIT: it is 4.58GB. I am uploading now to google drive, it will an hour
Hi Trailblazer,
Here is a link to system.img:
https :// drive google com / open?id=0B-j3XfGrnj9PbUdwaml5eERvbFU
I am too new to post links the correct way.
Are there any updates on this topic? When I first saw this thread last week, It got me thinking about what a Tethered Root (Temporary/Semi - Root) would still be capable of doing for those of us still on Official Firmware in this day and age.
And really it occurred to me at that moment, that if we could just attain a Root Shell even if it was only for 60 seconds to five minutes, that would be sufficient to get enough root information off of the phone and into a PC editable format.
I ask, because I am in the process of forming a method for the G925V 6.0.1 [PI2] Build. The problem I'm pretty sure I'm going to run into sooner or later in my experiments/research, is the fact that I am one of the few who have the 64GB Verizon S6 Edge. Technically speaking, my device refers to itself in Download/ODIN mode as a SM-G925VZKE model. This also means that my Stock .PIT file is going to be very different than most people's, also meaning my FSTAB configuration probably will be different.
Because there shouldn't be a reason I can't at least get a temporary Root Shell very soon.
So whats up with this? My wife has 6.0.1 on Verizon and I have international much better choice. Will we have root on this phone?
If you are currently on 6.0.1 on your Verizon device. It would serve you well for the time being to disable Automatic Security Updates.
Settings > Lock Screen and Security > Other Security Settings > Security Policy Updates
Turn OFF Automatic Updates, and Turn OFF Wi-Fi Only.
If you leave these on, any potential root option will be patched by Samsung/Google before you know it exists. Disable it for now so you can find an exploit for the build the device is on.
UPDATE:
So apparantly, I've had a rooted 6.0.1 PI2 device persistent through factory resets for over a week, but didn't realize just how much was achieved on my device! According to diagnostics.
I'm already started on writing up the combination of methods that the OP was walking into. Turns out it works up to the September patch too.
But lucky me and not you this time. I got my device essentially decommissioned because I ran my code too soon. But in the sweetest possible way after being so pissed when my tech coach said my warranty was void.
By the end of tomorrow night I should have a thread.
Anyone still working on this?
d0lph said:
Anyone still working on this?
Click to expand...
Click to collapse
Yes. Using the dirtycow vulnerability we've managed to get an arm64 version running that will indeed allow a root console on MM builds.
The last thing standing in the way, for at least a tethered root, is for someone to help me convert the script from the flashable zip version of the SuperSu installer into basically a batch script. Because the how-to guide ChainFire wrote in comments inside his installer script is kind of hard to read because it covers all the different versions of android in a tiny block of text and not every device sets up the same SELinux environment.
Not to mention, if I could get SuperSU to try and install itself as a System Application, it would probably work with what I have already. But for some reason I CANNOT find a single guide anywhere on how to perform a "System" Install of SuperSU, everyone wants to use the "Systemless" version, which is NOT going to work I believe.
We can manage booting the device in the event of DM-Verity Failure, when that happens with the 5.1.1 OG ENG Kernel, we can indeed mount "/system" as read/write, and we can indeed change the contents of the System partition that persist through a reboot.
I just need help setting Perms & Contexts. Because at one point in time, I DID actually manage to get SuperSU to give me a root shell instead of a user shell, but only on the ADB Command Line. In that test I could not get an application to start from the launcher and have Root Permissions.
Delgoth said:
Yes. Using the dirtycow vulnerability we've managed to get an arm64 version running that will indeed allow a root console on MM builds.
The last thing standing in the way, for at least a tethered root, is for someone to help me convert the script from the flashable zip version of the SuperSu installer into basically a batch script. Because the how-to guide ChainFire wrote in comments inside his installer script is kind of hard to read because it covers all the different versions of android in a tiny block of text and not every device sets up the same SELinux environment.
Not to mention, if I could get SuperSU to try and install itself as a System Application, it would probably work with what I have already. But for some reason I CANNOT find a single guide anywhere on how to perform a "System" Install of SuperSU, everyone wants to use the "Systemless" version, which is NOT going to work I believe.
We can manage booting the device in the event of DM-Verity Failure, when that happens with the 5.1.1 OG ENG Kernel, we can indeed mount "/system" as read/write, and we can indeed change the contents of the System partition that persist through a reboot.
I just need help setting Perms & Contexts. Because at one point in time, I DID actually manage to get SuperSU to give me a root shell instead of a user shell, but only on the ADB Command Line. In that test I could not get an application to start from the launcher and have Root Permissions.
Click to expand...
Click to collapse
Thank you for taking the time to still work on this. Subscribed. Following this to the T.
Rand0lph said:
Thank you for taking the time to still work on this. Subscribed. Following this to the T.
Click to expand...
Click to collapse
If you want to follow the complete story of what I just mentioned please follow and contribute to this thread: Injecting Root & Setting SELinux - End Stages?
This is the thread that contains the Greyhat Root console, first designed for the AT&T Galaxy Note 5. But that device uses the same Exynos7420 Mainboard as the Galaxy S6 Edge, so the project is still compatible.
I haven't kept the OP maintained as I should yes. But it is actually worth it to read that whole thread as @droidvoider went out of his way explaining some of his methods. I have a bit of R&D that isn't posted in that thread as well, if you can read up on the project. I'd be more than happy to share what I know with anyone wanting to help as long as they can catch up with what we have accomplished so far.
Look at some of the other threads I've started as well for the initial methods.
Delgoth said:
If you want to follow the complete story of what I just mentioned please follow and contribute to this thread: Injecting Root & Setting SELinux - End Stages?
This is the thread that contains the Greyhat Root console, first designed for the AT&T Galaxy Note 5. But that device uses the same Exynos7420 Mainboard as the Galaxy S6 Edge, so the project is still compatible.
I haven't kept the OP maintained as I should yes. But it is actually worth it to read that whole thread as @droidvoider went out of his way explaining some of his methods. I have a bit of R&D that isn't posted in that thread as well, if you can read up on the project. I'd be more than happy to share what I know with anyone wanting to help as long as they can catch up with what we have accomplished so far.
Look at some of the other threads I've started as well for the initial methods.
Click to expand...
Click to collapse
Sorry, I didn't even acknowledge this is for the EDGE S6. I have a regular Verizon S6.
Rand0lph said:
Sorry, I didn't even acknowledge this is for the EDGE S6. I have a regular Verizon S6.
Click to expand...
Click to collapse
I don't really think that matters as much for the thread I referred to.
I tested the Greyhat Root Console on my S7 Edge, and it worked as well using the September build.
The S6 Line plus the Note 5, all use the same System on a Chip.
If anything, there may be just a couple tweaks to make when compiling it using the NDK.

Magisk for treble

I am using the version of magisk modified by @TeamMex for his Treble based Xperience ROM on Moto Z Play and I can't get magisk hide to work or modules to install. I found a work around for the modules but I really need magisk hide, is there a certain file I can make or copy from another device to force it to work? This is the log if any smart people want to give it a shot.
I'm completely in the dark about Treble, but after looking at your log I'm curious if you have root access at all? MagiskHide is triggering, but there's a whole lot of sqlite3 database issues, which makes me thing you have su problems.
Does that Magisk version happen to have verbose logging enabled so that you have a magisk_debug.log in /data/adb? If so, that log might show more.
Didgeridoohan said:
I'm completely in the dark about Treble, but after looking at your log I'm curious if you have root access at all? MagiskHide is triggering, but there's a whole lot of sqlite3 database issues, which makes me thing you have su problems.
Does that Magisk version happen to have verbose logging enabled so that you have a magisk_debug.log in /data/adb? If so, that log might show more.
Click to expand...
Click to collapse
in unnoficial treble need to handle other partition name as vendor in this case need to mount oem partition as vendor (if we try to use oficial magisk it make a bootloops)
Su works(you can modify system partition but not vendor trying to modify vendor makes a system freezing) but MagiskHide isn't here
Hi,
Regarding the Magisk for Treble devices, I found sparse and inconsistent info. So, I suggest to write up-to-date info and details.
So, I do this summary:
At time, no official support of Magisk for Treble devices.
Some unofficial ports exists: v16.0 from @pchatzop; v16.3 from @faizauthar12; etc.
I feel that not all treble devices has equal partitions, so the unofficial versions can, or can not, work in all devices.
And this is all the info that I see.
Please, can you help to complete it?
Thank you!
manos78 said:
Hi,
Regarding the Magisk for Treble devices, I found sparse and inconsistent info. So, I suggest to write up-to-date info and details.
So, I do this summary:
At time, no official support of Magisk for Treble devices.
Some unofficial ports exists: v16.0 from @pchatzop; v16.3 from @faizauthar12; etc.
I feel that not all treble devices has equal partitions, so the unofficial versions can, or can not, work in all devices.
And this is all the info that I see.
Please, can you help to complete it?
Thank you!
Click to expand...
Click to collapse
Hey
my custom release is only for "factory" partition
although, we ( z2_plus user ) doesn't need these custom binaries anymore
we're already rename our partition to "vendor"
here is the link
faizauthar12 said:
Hey
my custom release is only for "factory" partition
although, we ( z2_plus user ) doesn't need these custom binaries anymore
we're already rename our partition to "vendor"
here is the link
Click to expand...
Click to collapse
Thank you!
As soon I'll receive my new Moto G6+, I need to know how to "port" Magisk to this model...
Regarding your mod:
It can work with other devices despite the Z2+?
Why you write in "/system" (updater-script creates "/system/addon.d/")?
Any recomendation for doing the port?
Regards. :highfive:

[GUIDE] Re-locking the bootloader on the OnePlus 6t with a self-signed build of LOS

What is this tutorial?
This tutorial will:
Creating an unofficial build of LineageOS 17.1 suitable for using to re-lock the bootloader on a OnePlus 6/6t
Take you through the process of re-locking your bootloader after installing the above
This tutorial will NOT:
Remove *all* warning messages during boot (the yellow "Custom OS" message will be present though the orange "Unlocked bootloader" message will not)
Allow you to use official builds of LineageOS 17.1 on your device with a re-locked bootloader (more details near the end of the tutorial)
This tutorial will assume you are working on an Ubuntu 18.04 installation, if you are using Windows or another Linux distro, the commands may be different.
Supported devices:
Current both the OnePlus 6 (enchilada) and 6t (fajita) have been tested, but newer phones should work as well.
For simplicities sake, all further references will only be to the 6t (fajita).
Pre-requisites:
a mid level knowledge of terminal commands and features
a supported phone
a PC with enough CPU/RAM to build LineageOS 17.1 (recommended 8 cores, 24g of RAM)
a working USB cable
fastboot/adb installed and functional
LineageOS 17.1 source code downloaded
at least one successful build of LineageOS
at least one successful signing of your build with your own keys
Misc. notes:
the basics of building/signing of LineageOS is outside the scope of this tutorial, refer to the LineageOS Wiki for details on how to complete these tasks
you'll be modifying some code in LineageOS, so if you are not comfortable using basic editing utilities as well as patch, do not proceed any further
the path to your LineageOS source code is going to be assumed to be ~/android/lineageos, if it is somewhere else, substitute the correct path in the tutorial
the path to your private certificate files is going to be assumed to be ~/android-certs, if it is somewhere else, substitute the correct path in the tutorial
*** WARNING ****
This process may brick your device. Do not proceed unless you are comfortable taking this risk.
*** WARNING ****
This process will delete all data on your phone! Do not proceed unless you have backed up your data!
*** WARNING ****
Make sure you have read through this entire process at least once before attempting, if you are uncomfortable with any steps include in this guide, do not continue.
And now on with the show!
Step 1: Basic setup
You need a few places to store things, so create some working directories:
Code:
mkdir ~/android/fajita
mkdir ~/android/fajita/oos
mkdir ~/android/fajita/images
mkdir ~/android/fajita/images_raw
mkdir ~/android/fajita/patches
mkdir ~/android/fajita/pkmd
You also need to add "~/android/lineageos/out/host/linux-x86/bin" to your shell's profile path. Make sure to close and restart your session afterwards otherwise the signing will fail later on with a "file not found" error message .
Step 2: Download the latest OxygenOS from OnePlus
Go to https://www.oneplus.com/support/softwareupgrade and download the latest OOS update, store it in ~/android/fajita/oos
Step 3: Extract the vendor.img from OOS
Run the following commands to extract the vendor.img from OOS:
Code:
cd ~/android/fajita/oos
unzip [oos file name you downloaded] payload.bin
cd ../images_raw
python ~/android/lineageos/lineage/scripts/update-payload-extractor/extract.py --partitions vendor --output_dir . ../oos/payload.bin
You should now have a ~1g file named vendor.img in the images_raw directory.
Step 4: Update fajita's BoardConfig.mk
You will need to add a few parameters to the end of ~/android/lineageos/device/oneplus/fajita/BoardConfig.mk, they are:
Code:
BOARD_PREBUILT_VENDORIMAGE := /home/<userid>/android/fajita/images_raw/vendor.img
AB_OTA_PARTITIONS += vendor
BOARD_AVB_ALGORITHM := SHA256_RSA2048
BOARD_AVB_KEY_PATH := /home/<userid>/.android-certs/releasekey.key
Note you cannot use "~"" in the path names above to signify your home directory, so give the full absolute path to make sure the files are found.
Step 5: Update sdm845-common's BoardConfigCommon.mk (optional)
LineageOS by default disables Android Verified Boot's partition verification, but you can enable it now as all the required parts will be in place. However, you may not want to if you intend to make other changes to the system/boot/vendor partitions (like Magisk, etc.) after you have re-locked the bootloader.
To enable partition verification do the following:
Code:
cd ~/android/lineageos/devices/sdm845-common
sed -i 's/^BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flag 2/#BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flag 2/' BoardConfigCommon.mk
Step 6: Patch the AOSP/LineageOS releasetools
Two releasetools included with LineageOS need to be patched as they otherwise will not properly process a pre-built vendor.img.
The required patches can be found here:
https://raw.githubusercontent.com/W.../source/add_img_to_target_files.py-17.1.patch
https://raw.githubusercontent.com/W...r/source/sign_target_files_apks.py-17.1.patch
Download both and store in ~/android/fajita/patches.
Now apply them with the following commands:
Code:
cd ~/android/lineageos/build/tools/releasetools
patch add_image_to_target_files.py ~/android/fajita/patches/add_image_to_target_files.py-17.1.patch
patch sign_target_files_apks.py ~/android/fajita/patches/sign_target_files_apks.py-17.1.patch
Step 7: Build LineageOS
You are now ready to build:
Code:
cd ~/android/lineageos
source build/envsetup.sh
croot
breakfast fajita
mka target-files-package otatools
Step 8: Prepare vendor.img
As part of the build process above, your raw vendor.img will been copied to the $OUT directory and a new hashtree (what AVB uses to verify the image) will have been added to it.
You need to use this new version in the signing process but due to how the build system works, this is not done by default.
So, let's put it where it is needed:
Code:
cp $OUT/obj/PACKAGING/target_files_intermediates/lineage_fajita-target_files-eng.*/IMAGES/vendor.img ~/android/fajita/images
Step 9: Sign the APKs
You are now ready to sign the apks with sign_target_files_apks:
Code:
./build/tools/releasetools/sign_target_files_apks -o -d ~/.android-certs --prebuilts_path ~/android/fajita/images $OUT/obj/PACKAGING/target_files_intermediates/*-target_files-*.zip signed-target_files.zip
Note the new "--prebuilts_path" option, which points to where your new vendor.img file is located.
Step 10: Build the OTA
Now it is time to complete the OTA package:
Code:
./build/tools/releasetools/ota_from_target_files -k ~/.android-certs/releasekey --block signed-target_files.zip lineage-17.1-[date]-UNOFFICIAL-fajita-signed.zip
Note, replace [date] with today's date in YYYYMMDD format.
Step 11: Create pkmd.bin for your phone
Before you can lock your phone, you have to tell it what your public key is so it knows it can trust your build.
To do this you need to create a pkmd.bin file:
Code:
~/android/lineageos/external/avb/avbtool extract_public_key --key ~/.android-certs/releasekey.key --output ~/android/fajita/pkmd/pkmd.bin
Step 12: Flashing your LineageOS build
It's time to flash your build to your phone. The following steps assume you have already unlocked your phone and have flashed an official version of LineageOS to it. You don't need to have flashed LineageOS yet, you could use TWRP through "fastboot boot" if you prefer.
Reboot your phone in to recovery mode
In LineageOS Recovery select "Apply update"
From your PC, run:
Code:
adb sideload ~/android/lineageos/lineage-17.1-[date]-UNOFFICIAL-fajita-signed.zip
When the sideload is complete, reboot in to LineageOS. Make sure everything looks good with your build.
You may also need to format your data partition at this time depending on what you had installed on your phone previously.
Step 13: Flashing your signing key
Now it's time to add your signing key to the Android Verified Boot process. To do so, do the following:
Reboot your phone in to fastboot mode
From your PC, run:
Code:
fastboot flash avb_custom_key ~/android/fajita/pkmd/pkmd.bin
fastboot reboot bootloader
fastboot oem lock
On your phone, confirm you want to re-lock and it will reboot
Your phone will then factory reset and then reboot in to LineageOS.
Which of course means you have to go through the first time setup wizard, so do so now.
Step 14: Disable OEM unlock
Congratulations! Your boot loader is now locked, but you can still unlock it again using fastboot, so it's time to disable that as well.
Unlock you phone and go to Settings->About phone
Scroll to the bottom and find "Build number"
Tap on it you enable the developer options
Go to Settings->System->Advanced->Developer options
Disable the "OEM unlocking" slider
Reboot
Step 15: Profit!
Other things
The above will build a standard USERDEBUG version of LineageOS, however this will still allow LineageOS Recovery to sideload non-signed files. If you have implemented step 5 above, then this protects your system/vendor/boot/dtbo partitions, but none of the others. Likewise USERDEBUG builds will allow for rolling back to a previous version. To increase security and disallow both of these scenarios you may want to build a USER version of LineageOS to install. However this brings in other issues, such as flashing newer firmware from OnePlus so make sure you understand the implications of both choices. For more details on build types, see https://source.android.com/setup/develop/new-device#build-variants.
In the above example the releasekey from your LineageOS install has been used to sign AVB, but AVB supports other key strengths up to SHA512_RSA8192. You could create a key just for signing AVB that used different options than the default keys generated to sign LineageOS.
If you want to remove you signing key from your phone, you can do it by running "fastboot erase avb_custom_key".
The changes you made to the make files and releasetools may conflict with future updates that you pull from LineageOS through repo sync, if you have to reset the files to get repo sync to complete successfully, you'll have to reapply the changes afterwards.
So why can't I do this with official LineageOS builds?
For Android Verified Boot (AVB) to work, it must have the hash values for each of the system/vendor/boot/dtbo partitions stored in vbmeta. Official LineageOS builds do not include the vendor.img in them (for fajita at least, other phones may), instead simply using the existing partition on the phone.
That means that there is no vendor.img information in vbmeta for the official builds, which means AVB will fail to verify it during boot and give the red corruption message and halt the boot process after you have re-locked the bootloader.
And since you cannot add to vbmeta without the LineageOS private key, which only the LineageOS signing server has, you cannot add it.
This means you must do a full build with new signing keys to make it work.
Theoretically you could pick apart a LineageOS release, rehash the system/vendor/boot/dtbo and then recreate vbmeta and the payload.bin file, but that brings a host of other issues. For example, since such a "build" would look like a full LinageOS release, if you ever accidentally let the updater run it would brick (soft) that slot and you'd have swap back to your other slot to boot again. In an extreme case, if you managed to corrupt the second slot somehow you'd have to wipe your entire and recover from the brick with one of the available tools to do so.
Ok, what messages do I see during the boot process then?
During a boot you will of course see the standard OnePlus power up screen, followed by the yellow "custom os" message an then the stardard LineageOS boot animation.
For more details on AVB boot messages, see https://source.android.com/security/verifiedboot/boot-flow
So what do those two patches to the release tools do?
AOSP/LineageOS's add_image_to_target_files.py detects if a vendor.img file already exists, and if so, simply includes it in the build process. The patch adds one extra step, so that AVB is being enabled for the build, it will replace the existing hashtree on vendor.img using the same salt and other options as will be used on system/boot/dtbo. This ensure that when vbmeta is generated, it has the right information from vendor.img.
The script is called from the make system as part of the "mka target-files-package otatools" and the appropriate parameters from the make system, like "BOARD_PREBUILT_VENDORIMAGE", are used to create arguments to the script to build the standard image files as well as include the prebuilt vendor.img.
This script is used both during the initial build as well as the signing process, but this change is only targeted at the build time implementation. During signing, the script uses whatever hashtrees are in place and does not regenerate them.
AOSP/LineageOS's sign_target_files_apks.py is responsible for signing the APKs that have been built as part of "mka target-files-package otatools", unfortunately it is not part of the "make" system, so settings like "BOARD_PREBUILT_VENDORIMAGE" do not impact the script. This means that sign_target_files_apks.py does not have any knowledge that it should be including a pre-built vendor.img, even though it is in the $OUT directory waiting to be used.
The patch adds a new parameter to the script (--prebuilts_path), so that during the signing process, any image files found in the provided path, will be included in the process. So make sure that only vendor.img is in the provided directory. This is a directory instead of a single file as future uses may be to include things like firmware, other partition types, etc. in to the signing process.
Thank you's
Obviously to all of the members of the LineageOS team!
LuK1337 for supporting fajita
optimumpro for the OnePlus 5/5t re-locking guide (https://forum.xda-developers.com/oneplus-5/how-to/guide-relock-bootloader-custom-rom-t3849299) which inspired this one
Quark.23 for helping with the process and testing on enchilada
Nice , Will this enable widewine L1?
jsidney96 said:
Nice , Will this enable widewine L1?
Click to expand...
Click to collapse
I don't believe there is a connection between the two.
WhitbyGreg said:
I don't believe there is a connection between the two.
Click to expand...
Click to collapse
If you unlock bootloader on phones supporting L1 they drop to L3. I know some Oneplus phones (op6 etc.) did not support L1 even on stock.
cowgaR said:
If you unlock bootloader on phones supporting L1 they drop to L3. I know some Oneplus phones (op6 etc.) did not support L1 even on stock.
Click to expand...
Click to collapse
Yeah.. It brings it to L1
Great writeup @WhitbyGreg
As Android security gets tighter and tighter, hoping one day all ROMs would support AVB by default..
---------- Post added at 06:16 PM ---------- Previous post was at 05:48 PM ----------
Curious question here,
WhitbyGreg said:
*** will build a standard USERDEBUG version of LineageOS, however this will still allow LineageOS Recovery to sideload non-signed files. If you have implemented step 5 above, then this protects your system/vendor/boot/dtbo partitions, but none of the others. Likewise USERDEBUG builds will allow for rolling back to a previous version. To increase security and disallow both of these scenarios you may want to build a USER version of LineageOS to install. However this brings in other issues, such as flashing newer firmware from OnePlus so make sure you understand the implications of both choices***
Click to expand...
Click to collapse
After a launch of any phone, how drastic are such firmware updates to bother about? In other words, Unless we're in stock ROM is it mandatory to update phone firmware?
arvindgr said:
Yeah.. It brings it to L1
Click to expand...
Click to collapse
Good to know.
arvindgr said:
Great writeup @WhitbyGreg
As Android security gets tighter and tighter, hoping one day all ROMs would support AVB by default..
Click to expand...
Click to collapse
That would be nice but more importantly, more phones need to support re-locking.
arvindgr said:
Curious question here,
After a launch of any phone, how drastic are such firmware updates to bother about? In other words, Unless we're in stock ROM is it mandatory to update phone firmware?
Click to expand...
Click to collapse
Reasonably important, after all, if you never get firmware updates you'll have outdated security patching for the firmware. Some official LOS builds require newer versions of the firmware as they are released and won't install without it.
This guide was very helpful to me when re-locking my Oneplus 7T and enabling hash/hashtree verification. A dude on telegram had actually sent me the link and I only briefly skimmed over. Ironically when looking for patches to fix my issues after attempting to include pre-built vendor/odm and failing I cross referenced and ended up back here.
Here's where I originally found them:
https://review.lineageos.org/c/LineageOS/android_build/+/278015
https://review.aosip.dev/c/AOSIP/platform_build/+/13385
I myself have made some more patches to ensure every possible pre-built image gets signed on my builds. After some experimentation I have found it possible to have Magisk with hash verification enabled
https://github.com/Geofferey/omni_android_build/commits/geofferey/android-10
There is also a fix to ensure appropriate args get passed when regenerating hashtree for pre-built vendor.
Geofferey said:
This guide was very helpful to me when re-locking my Oneplus 7T and enabling hash/hashtree verification.
Click to expand...
Click to collapse
So you can confirm you have relocked the bootloader on the 7T with AVB enabled?
Geofferey said:
A dude on telegram had actually sent me the link and I only briefly skimmed over. Ironically when looking for patches to fix my issues after attempting to include pre-built vendor/odm and failing I cross referenced and ended up back here.
Here's where I originally found them:
https://review.lineageos.org/c/LineageOS/android_build/+/278015
https://review.aosip.dev/c/AOSIP/platform_build/+/13385
Click to expand...
Click to collapse
Yes, those are my patches that I've submitted to LOS, I also have two other patches submitted to allow for other prebuilt images (aka firmware images) to be included in the build process.
Geofferey said:
I myself have made some more patches to ensure every possible pre-built image gets signed on my builds. After some experimentation I have found it possible to have Magisk with hash verification enabled
https://github.com/Geofferey/omni_android_build/commits/geofferey/android-10
There is also a fix to ensure appropriate args get passed when regenerating hashtree for pre-built vendor.
Click to expand...
Click to collapse
I'll take a look and see if I need to update any of my submissions, thanks.
I will have to update those commits with you as author. I messed that up and set person who picked yours as author. I am sorry. BTW thank you for those patches they were a lifesaver and inspired me.
Yes, I can confirm re-lock with AVB enabled on 7T works and also with hash verification. If I flash an image not signed by the build process with hash verification enabled I go red. Currently I am working on getting magisk directly integrated with build instead of using prebuilt patched imgs that cause builds to not pass CTS.
Geofferey said:
Currently I am working on getting magisk directly integrated with build instead of using prebuilt patched imgs that cause builds to not pass CTS.
Click to expand...
Click to collapse
Why do you want to put Magisk if you went to all the trouble of having avb with a locked bootloader? Isn't rooting defeating the purpose of avb?
quark23 said:
Why do you want to put Magisk if you went to all the trouble of having avb with a locked bootloader? Isn't rooting defeating the purpose of avb?
Click to expand...
Click to collapse
No, it does not defeat the purpose... Hashtree verification will still happen since root can be included in the build as opposed to flashing after the fact. In a way it's actually even more advised. The way I think, having root may lead to a means of being exploited but true AVB closes the door to any persistent rootkits that may try to modify partitions at block level. If ANYTHING modifies the verified partitions phone will refuse to boot and I will be protected. Doing exactly what AVB is supposed to do, verify the phone is in it's intended state. I also think of phone as a computer, you have root access on Linux, Windows and even Mac for Christ sake, why shouldn't it be the same for phones? The ONLY reason we don't by default is so manufacturers and carriers can stay in control. I've been rooting and modifying phones for years without AVB and yet to have a known breech of my data besides the Google apps constantly collecting on me. This just adds another level of security that I used to sacrifice in order to have root access.
Here is my PoC to include Magisk in builds so dm-verity can be kept enabled. Just two commits. If someone could make this better that would be really cool.
https://github.com/Geofferey/omni_android_build/commit/d60958780e6b26d7cb0cec5939b82df3df74a68f
https://github.com/Geofferey/android_vendor_magisk
I have rooted for testing and you don't gen any warning. The way avb works on my phone is it discards any modification after reboot. With no warning at boot time. If you get hacked, you can have persistent hacks with root. Make a modification from twrp with avb enabled and see for yourself.
You break the Android security model by rooting the phone. If you need certain things you can include them at build time, such as a custom hosts file.
Also, what can you do with root that does not alter the hashtree?
The power you mention is of no real use yet you expose yourself by having it. Sure, you can go by without any issues. The problem is if you happen to get hacked, the attacker has full control over your phone. You won't br able to get rid of it by rebooting.
Also I see no way for google to collect data in this setup, with or without root. Afwall has an equivalent in android 10 (that mobile data & wifi setting) and inter process comms are the real issue if you are worried about rogue apps. Afwall leaks dns requests like crazy anyway.
I say you are better off letting root go and include what you need at build time. I see that as better spent effort than trying to add root.
quark23 said:
I have rooted for testing and you don't gen any warning. The way avb works on my phone is it discards any modification after reboot. With no warning at boot time. If you get hacked, you can have persistent hacks with root. Make a modification from twrp with avb enabled and see for yourself.
Click to expand...
Click to collapse
So you built your ROM from source with root included, had TWRP go through signing and was able to modify system and other partitions without receiving a device corrupt message? I highly doubt AVB is even implemented appropriately if you were able to do so. If it is implemented it sounds like the old version, tho I remember if I violated FS too much it wouldn't be able to fix and failed to boot. Having a locked bootloader because AVB is enabled does not mean dm-verity is enabled. Also, it should be nearly impossible to just write things like files to /system or w.e. if you are on a device that ships with 10.
quark23 said:
You break the Android security model by rooting the phone. If you need certain things you can include them at build time, such as a custom hosts file.
Click to expand...
Click to collapse
I know it does, but I am not doing such small things as modifying a host file. The kinds of things I include in my personal ROMs require such a high level of access to the point where I can not write SE polices that will allow me to pass CTS and spit out user builds without serious modifications to the build env.
quark23 said:
Also, what can you do with root that does not alter the hashtree?
The power you mention is of no real use yet you expose yourself by having it. Sure, you can go by without any issues. The problem is if you happen to get hacked, the attacker has full control over your phone. You won't b able to get rid of it by rebooting.
Click to expand...
Click to collapse
The act of flashing Magisk is what breaks AVB, if you include it in the ROM at build time like I am doing then it doesn't need to be flashed. It makes modifications to the system by binding data from the wipeable data partition to /system/. If something utilizes that to install a backdoor or tunnel it goes bye-bye when I wipe. If something utilizes it to flash anything or modify system device no boot.
quark23 said:
Also I see no way for google to collect data in this setup, with or without root. Afwall has an equivalent in android 10 (that mobile data & wifi setting) and inter process comms are the real issue if you are worried about rogue apps. Afwall leaks dns requests like crazy anyway.
Click to expand...
Click to collapse
You're kidding right? Android solely exist as a mean for Google to collect data. That was the whole idea behind Android. Buy & develop an OS that any manufacturer can put on their device, let them certify for Google Play Services and collect the data that powers their ad platform. They certainly didn't opensource their baby for free. If you allow ports 80 and 443 out with inbound related allowed, that's all they need.
quark23 said:
I say you are better off letting root go and include what you need at build time. I see that as better spent effort than trying to add root.
Click to expand...
Click to collapse
I'd just rather the manufactures and Google would implement a root solution that plays nice with Androids security instead of making us resort to violating it. It's funny to me that we find it acceptable for these fools to maintain control of something you purchased with your hard earned dollars because they think we are too stupid to have it. Like I stated root and admin privileges are fully available to us on nearly any PC but phones for some reason are an exception.
_________________________________________________
I could rant and debate about this forever... Fact of matter is, you don't have to disable every Android security feature to have root.
I didn't build with magisk, I just flashed after building.
But you can try and modify anything on /system or /vendor from twrp, without magisk, without locking the bootloader, and see what happens. Avb discards the modification, but doesn't warn you. Curious of your findings regarding this. If you then flash magisk, you ofc break the hashtree and avb and the mods remain persistent.
I understand that you are building with magisk included in the hashtree. What I am wondering is what exactly are you wanting root for? What are you doing with root that does not break the hashtree?
Regarding the data collection, you lost me. What exactly is being collected on a LOS userbuild without google services? Got any dns logs or mitm wireshark packets to show? What service exactly is collecting what kind of data? Google's dns servers can be replaced before building, Greg has some scripts for that. Captive portal can also be replaced or turned off. Apart from that, and any apps you add yourself, what kind of data is being collected as I want to check it out myself. I've monitored my phone and it's pretty silent. Whatever goes out is from additional apps I use. But I don't see anything from LOS. Really curious about this.
Regarding your last point I think it's something akin to risking shooting yourself in the foot by having root by default. I understand (somewhat) the security model and I find it smart to not have it by default. Also Android uses selinux more than your standard linux distro does. There are some differences in the security models between android and pc linux distro.
I'm really hapoy that AOSP exists. Also pretty happy with the LOS project. My problem is with the outdated blobs. Maybe I'll get a Pixel at some point and give GrapheneOS a go. Seems like a really nice project.
Managed to get hardened malloc + Vanadium on LOS atm and I'm liking the browser. Overall I think AOSP is a great project. Not a fan of google's privacy policy but they do make great stuff.
quark23 said:
I understand that you are building with Magisk included in the hashtree. What I am wondering is what exactly are you wanting root for? What are you doing with root that does not break the hashtree?
Click to expand...
Click to collapse
Ah, there lies the real question. I am including in my personal builds a Debian Linux chroot that gets extracted to /data/ so I can run Linux services, etc. I have customized the chroot with Openvpn so that it connects to my server and essentially allows me back into device wherever it may lay. Basically I am adding in the stuff of nightmares that all this security is supposed to prevent. That is why I want dm-verity, because I know I am leaving my self partially open by doing so. I have a decent understanding of dm-verity and have confirmed that it does and will protect me against the scenarios I imagine. BTW it operates completely differently in locked state vs. unlocked.
quark23 said:
Regarding the data collection, you lost me. What exactly is being collected on a LOS userbuild without google services?
Click to expand...
Click to collapse
Well, if you're the type of person who doesn't require Google Play Services, nothing of course. I was merely stating that Google had open sourced Android in hopes that manufacturers would adopt the OS and qualify their devices for Google PS so that it could be used as a data collection platform. You won't easily see all the information Google collects in a Wireshark log because it is encrypted of course. LOS better be silent as hell without it or I'd contact that dev with a strongly worded message lmfao.
quark23 said:
Regarding your last point I think it's something akin to risking shooting yourself in the foot by having root by default. I understand (somewhat) the security model and I find it smart to not have it by default. Also Android uses selinux more than your standard linux distro does. There are some differences in the security models between android and pc linux distro.
Click to expand...
Click to collapse
Oh I DO NOT think it should just be enabled by default. If I had my way it would be enabled in dev ops requiring authentication and protected via a different password than the one you use to unlock the device once setup. You'd also require those "root" privileges to OEM unlock once enabled. While those features were enabled you'd be warned on boot as well but without locking you out of apps etc because that kind of sensitive data should be handled by TEE and TZ. In a real Linux operating system that hasn't been fundamentally raped to offer a false sense of security in the name of protecting carriers and manufactures you can modify SE linux policies etc, not while live but without compiling from source. A lot of us forget most these security features exist more to protect their interest and attempt to hide what's going on behind the scenes. I've actually heard of some pretty shady stories where manufacturers in China place ad-tappers that run in background on devices running GooglePS to be sold in US, so it definitely doesn't protect you if the person building your phone is shade.
quark23 said:
I'm really hapy that AOSP exists. Also pretty happy with the LOS project. My problem is with the outdated blobs. Maybe I'll get a Pixel at some point and give GrapheneOS a go. Seems like a really nice project.
Managed to get hardened malloc + Vanadium on LOS atm and I'm liking the browser. Overall I think AOSP is a great project. Not a fan of google's privacy policy but they do make great stuff.
Click to expand...
Click to collapse
Me too mate. . AOSP has taught me a lot about development and coding in general. Sadly outdated blobs are a usually a by-product of using pre-builts from manufacturers that don't update as often. Pixel would be way to go if that's a concern. I honestly just think a lot of the security is abused to suit their needs. I am just trying to turn it around to work for me where it can.
If you repo sync you should run the vendor files script as there's a couple of new files added. The Muppets github has been updated with them as well. If you don't your build will fail at first power on.
A quick question, forgive me if this is obvious: am I correct in assuming that one the above has been completed and the device is using a locally-built copy of Lineage OS, that I cannot take advantage of OTA updates? I just want to know what I'm getting in to before wiping my phone multiple times.
Thanks in advance, this thread is massively helpful.
nictabor said:
A quick question, forgive me if this is obvious: am I correct in assuming that one the above has been completed and the device is using a locally-built copy of Lineage OS, that I cannot take advantage of OTA updates? I just want to know what I'm getting in to before wiping my phone multiple times.
Thanks in advance, this thread is massively helpful.
Click to expand...
Click to collapse
Correct, though if you setup your own update server you can still use the inbuilt updater app if you want.
I just happened across this thread searching for a proper way to generate the custom avb key. I thought i had found it at one time on aosp documentation but i lost/forgot where it was.
Anyways, I have a quick q about this. Would I be correct in assuming that if i wanted gapps to be available in my build, I would need to include it during build time and not be able to flash it as per the typical methods?
I am pretty sure I won't be able to but wanted to ask here for you guys' experiences.
Also, @WhitbyGreg you should be able to i believe. just setup the url properly and host it somewhere with direct download links. (This also requires setup of json for the updater to monitor for updates)
klabit87 said:
Would I be correct in assuming that if i wanted gapps to be available in my build, I would need to include it during build time and not be able to flash it as per the typical methods?
Click to expand...
Click to collapse
Correct (at least as far as I know), once the bootloader is relocked any modification of the system partition (like adding the play services) would trigger an AVB failure.

Categories

Resources