[LOCKED][DEV-TOOL] FIsH is the hack to boot whatever you want - ON ANY* DEVICE

5,508 posts
Thanks Meter: 14,867
By steadfasterX, Recognized Developer on 24th March 2017, 12:51 PM
Post Reply Email Thread
FIsH a la carte - A porting guide for the FIsH framework.

Proudly introducing Android FIsH: [F]luffy [I]ncredible [s]teadfasterX [H]ijack

FIsH: [F]luffy [I]ncredible [s]teadfasterX [H]ijack

First of all:
All this is for the brain of DEVELOPERS.
Well.. to be more specific: not really for developers but for COMPILERS

For using FIsH You do NOT need to DEVELOP anything - normally - the only thing you should be able to do is COMPILING -> e.g. TWRP.
If you have the knowledge to compile TWRP then FIsH is what you need to bring it on your locked device.
Just follow the menu card in the post #3 "Bring FIsH on the menu card" and your job is done.

If you are a user wanting to have FIsH for your device: FIND A COMPILER (a person who is able to compile TWRP/ROMs/.. for your device!!).

-> instead find a person willing to port FIsH plus the ramdisk of your choice (e.g. TWRP) and point him/her here.

When do you feel like a compiler or u want to be one: read on
if not: really still here? I said find a compiler!

Table of content

This whole thing here is damn long.. but that's one of the major difference for the FIsH: I try to explain what I do
For a better handling I splitted the guide into several parts:


You can not unlock your bootloader? So now it's all over right?
TWRP and flashing custom ROMs on locked devices is impossible right?
Oh no wait there are hacks (up to KK) which have a workaround for this but I couldn't find anything for LL (sorry if I missed something) and what I found was not easy to port so nothing generic which i could just adapt easily.

Here is where the Android FIsH (refered to just FIsH in this whole doc) steps in
FIsH means: [F]luffy [I]ncredible [s]teadfasterX [H]ijack

FIsH is different from Safestrap or other hijacks because it should be better understood as a kind of framework for any ramdisk image you want to load.
FIsH will not harm the Android boot chain! Means it will not modify /boot, /recovery or aboot partitions. It will just modify /system.

  • ... is NOT MultiROM (see post #5: FIsH hydra)
  • ... is NOT efidroid (see post #5: FIsH hydra)
  • ... is NOT Safestrap
  • ... is NOT TWRP (booting with FIsH is tested and works)
  • ... does NOT root your phone
  • ... does NOT unlock your phone
  • ... is a WORK IN PROGRESS!

... but FIsH could (in theory) "BOOT" any of the above!
U got it? FIsH is the hack to boot whatever you want.

This also means atm it is tested on some devices only and the only FIsHFOOD (ramdisk) FULLY tested and so stated to be working is TWRP.
Nevertheless I'm hard working currently on porting either MultiROM-in-FIsH or efidroid-in-FIsH to bring custom ROMs to locked devices as well (see post #5: FIsH hydra).

What the FIsH is (in short words)

Read about the full details of the implementation of FIsH in the next post (Post #2: FIsH bowels (What's inside)) but to give you a short overview:
  • FIsH is a boot hijack and wants to be a FRAMEWORK for booting any fishfood (ramdisk) you like.
  • FIsH is portable to other devices
  • FIsH gives you all possibilities to make the most of your device by letting you boot whatever you like
  • FIsH will not provide or contain any ROM or recovery by it's own - THATS YOUR HOLY OWN JOB NOW!
  • FIsH is the tool -> but building a ROM or recovery is (still) up to you.

These questions may come up in your mind now
  • Will FIsH void your warranty? Not more or less then rooting your device.
  • Will FIsH unlock your bootloader? omg NO! read it again!
  • Is there a risk with FIsH? For example could it soft-brick my device? Well.. absolutely! Safe is the death only. There are always risks especially for untested devices. I do all I can to keep this risk as low as possible and I provided a way to get out of bootloops but again you will get no guarantees here and elsewhere.
  • Will it work on Android version ICS, KK, LL, MM, N, O, ....? Check the pre-requirements. If you can answer them with yes it should work. If not then not. That easy.
  • Will I need a recovery partition to use FIsH? No. FIsH ran in RAM only. Even if your device does not have a recovery partition it will work.
  • Will FIsH work for my device? FIsH is more than just a hack for a special device or model it is a hack for ALL devices of ANY vendor! wtf? yes. Your FISHFOOD is device specific so the question would be better: Will the FISHFOOD (e.g. TWRP) work on my device? The answer is it depends. You need to compile it for your specific device and it should but who knows.

To narrow it a little more down:
you have to met the pre-requirements and there has to be done some things to get a value out of it but those are straight forward for a good compiler/developer like you!

FIsH pre-requirements

Here are the pre-requirements you have to met!
If you can't get them: Close this page and FORGET it (until the day you met those reqs)!

Here are the 2 simple requirements you have to met:
  1. a) root by SuperSU >=v2.76 (greater or equal v2.76)
    --> to test this requirement just start the installer of FIsH with --check (see next lines) which will check for all requirements and abort if its not possible
    --> for many devices - if not all - this means you HAVE TO downgrade/install LL. It also means that you have to upgrade your SuperSU to this version by e.g. FlashFire if you have a lower version installed!
    --> SU by phh is NOT supported => It needs a modified /boot and this would void the boot signing chain!
    --> Magisk is NOT supported => It needs a modified /boot and this would void the boot signing chain!
    --> I will NOT provide downgrading guides there are plenty of them so search and read.
    --> I will NOT provide any guides in rooting your device
    --> Before you think about downgrading to LL read about ANTI-ROLLBACK protection some devices and may have! Anti-Rollback means you CAN NOT downgrade - it would HARD-BRICK your device (wtf thinking the vendors who we are?? Is this even legal?!)! Check that before!!
  2. b) you have to be able to disable SELinux in your booted Android
    --> You do NOT need to set SELinux permanently to permissive. Just CHECK if you COULD get it MANUALLY. If you can get it OK. If not.. you obviously have not full root access but check the forums maybe there is something you can do about this.
    --> I will NOT provide any guides enabling SELinux but some lines later you will see how u can execute the very simple check
    --> to test this requirement just start the installer of FIsH with --check (see next lines) which will check for all requirements and abort if its not possible

Those above are hard facts so it may NEVER work with MM. Google has changed the way on how the boot chain will be verified and that means changes in /system will void it from now on.
If MM can get fully rooted somehow/somewhen on your device with SuperSU installed and you are able to disable SELinux the method will work there as well.

If you can not meet ALL of the above 2 requirements lay down and cry.
For the others: calm down and read on!

You can simply test those both requirements by downloading FIsH and execute the installer with the testing parameter:

./ --check

Example output:

############# Checking for busybox
...downloading busybox
--2017-03-24 13:37:44--
fishing/busybox 100%[========================>] 1,06M 542KB/s in 2,0s

2017-03-24 13:37:47 (542 KB/s) - »fishing/busybox« saved [1107664/1107664]

Waiting for your device... (you may have to switch to PTP mode on some devices!!)
Android Debug Bridge version 1.0.36
Revision 7.1.1_r13
############# checking Android version
-> Good. Matching exact the required Android SDK: 22
############# checking SuperSU version
-> Matching required SuperSU version: 279
############# temporary disable SELinux
-> command ended successfully (err=0)
SELinux mode: Permissive
... restoring SELinux mode to Enforcing

Tests finished! Check the above output!! Exiting here because in checking mode. Nothing installed.

The important lines are:
  • Matching required SuperSU version: XXX
  • "SELinux mode: Permissive"
If you see "SELinux mode: Enforcing" or any error messages you may doing something wrong or it just do not work for you.


Keep in mind what I said above: FIsH does NOT unlock your bootloader!
That means with FIsH itself you can NOT "install" anything. FIsH actually is the FRAMEWORK(!) for the FIsHFOOD (ramdisk) you want to load.
One good example is TWRP. This can be loaded even on devices do not having a recovery partition (I believe Sony is one of those).

Let's stay by the example of TWRP.
Keep in mind that when you use FIsH to provide TWRP you can NOT
  • Install a custom ROM like CM/Lineage (this will modify boot = SOFT-BRICK. for this u would need efidroid or multirom as FIsHFOOD)
  • Install a custom Kernel (this will modify boot = SOFT-BRICK)
  • Install a custom recovery (this will modify recovery =may SOFT-BRICK)
  • In short: do nothing which modifies boot or recovery partitions. Those changes will break your boot signing chain.
  • You can of course flash everything which is modifying /system /data only (e.g. xposed, Audio mods, etc...)
  • You're able to backup and restore as well of course and doing any other modifications which you may can't while the Android system is running.


You will get the most current downloads at github but I uploaded all stable releases here at XDA as well to mirror them.

Latest stable (well tested and so hopefully fewest bugs): Download latest release at github (click)
Mirror / older stable versions: DOWNLOAD-TAB (click)

Next stable (lesser chances of issues but may still not released yet): github master branch
LIVE/FRESHEST code u can get (high chances of failures, bugs, unexpected behavior - but the latest and greatest features/bugfixes): github develop branch

FIsH helpers

If you want to reboot directly to an implemented version of FIsH from within Android check out this:

Support / IRC Channel

IRC means Internet Relay Chat and you will get best support here only.

This channel mentioned here is NOT an ENDUSER channel!!
It is for developers and compilers only!)
Endusers should use: #Carbon-user instead !

Choose how to get in:
  • PC (HexChat and Pidgin are only 2 of them! This list is not complete!)
  • Android (Yaaic, AndChat, HoloIRC, AndroIRC are only a few of them! This list is not complete!)
  • Web (KiwiIRC-Web,FreenodeWebchat])
  • When you have to choose a channel it is: #Carbon-Fusion (this is NOT an ENDUSER channel!! It is for developers and compilers only!)
  • Endusers should use: #Carbon-user instead !
  • When you be asked for a server network choose: freenode

Credits (without them - no FIsH!!!)
If you feel that someone / you is missing on this list lemme know!
Famous last words

You may say: When this will work for up to LL only.. Why the hell are u releasing this now? We just see the upcoming Android O and you talk about LL? Well.. This whole thing is just a fun project. I want to learn and I want to give back something which helps others.

So at the end.. If u don't like.. its ok. If you don't need it.. ok. If you can't get any value out of it.. ok..
But maybe it helps others out there instead.

So if you're still not scared and want to continue.. what u r waiting for??

XDA:DevDB Information
android FIsH, Tool/Utility for all devices (see above for details)

steadfasterX, BigCountry907, Rees86
Source Code:

Version Information
Status: Stable
Current Stable Version: v3.0
Stable Release Date: 2017-06-14

Created 2017-03-24
Last Updated 2017-09-11
The Following 10 Users Say Thank You to steadfasterX For This Useful Post: [ View ]
24th March 2017, 12:51 PM |#2  
steadfasterX's Avatar
OP Recognized Developer
Thanks Meter: 14,867
Donate to Me
FIsH bowels (What's inside)

This is for ppl understanding the basics. I will not explain it for dummies ;)

Ok prepare urself for the naked magic ;)

Actually FIsH is mostly similar to other RAM hijacks around with 3 major differences:

1. FIsH is based and depends on SuperSU.
YES - I make my life EASY. You actually need a rooted devices for the most kind of hijacks.
... and I assume the most ppl using SuperSU as their su binary.
... and SuperSU does not require to modify boot (at least until LL)
With this in mind and reading the SuperSU docs I had read that beginning from version 2.76 SuperSU
comes with a special kind of internal init.d support means: It executes custom scripts very early with full SELinux perms available.
Check out the docs here:

2. FIsH tries to be a generic framework with instructions to bring it on all devices.
The hack here is not device specific due to its nature of just executing a custom script by SuperSU.
I've made all scripts inside as easy portable as possible and given hopefully good descriptions and
porting instructions for EACH variable you may need to adjust.

3. it works for up to LL (when u can met the pre-reqs for MM or N, O or whatever comes then - it will work there as well!)
I found only methods for up to KK (e.g. 2nd init and others) but nothing for LL (sorry if I missed someone!) so I started FIsH.

So in sum FIsH is:
a set of scripts and tools which gets executed by SuperSU on early boot stage which hijacks the boot process to bring up your own ramdisk.

FIsH vs Flashfire
Flashfire is absolutely an AMAZING tool! You can backup, installing ZIPs etc all without an unlocked bootloader.
Due to it's nature it is not possible to do EVERYTHING with it (on a locked device), e.g. restoring your whole system partition.
TWRP-in-FIsH (FIsH plus TWRP as FIsHFOOD ramdisk) can provide this - even with a locked bootloader.
Besides this FIsH can do more like (hopefully) bringing you custom ROMs on locked bootloader devices.

FIsH vs Safestrap
Safestrap is supported up to KK and besides this it actually is some kind of MultiROM pendant (+ the hijack part).
FIsH supports any Android version up to LL (GB, ICS, KK, LL,..) as long as the 2 bloody requirements can be met.
Safestrap is a very customized version of TWRP and so limited to updates from there.
FIsH lets you boot any ordinary TWRP completely unmodified. This makes it easier to get new TWRP features on your device.
Besides this FIsH wants to be easy to port for everyone thats why it uses standard components only.
AFAIK it is not supported anymore anyways.

FIsH vs other RAM hijacks
The main reasons why FIsH exists are described already (LL support, easy portable and easy to use) so if you still feel that this is not different from the others... i dunno what to say :P

FIsHing (Hijacking) means:
FIsH kills all running services, scripts, binaries it can find.
Afterwards it will unmount everything and delete all files left behind from the initial ramdisk.
Now in that more or less clean state it will replace the initrd with the FIsHFOOD - means your own ramdisk like e.g. TWRP.
Some other stuff may happen also but at the end a binary will be started - normally a /init from your own ramdisk
So in sum it is a live replacemnt of the current ramdisk with your own.

Requirement <SuperSU>
It prepares the system to run the FIsH init script and also ensures that SELinux can be run in permissive mode.
Keep in mind that FIsH will enforce permissive mode on boot to do it's job so you do not have to do anything (normally) to let the FIsH boot.

Main components of FIsH:
  • ./ (file)
    The installer is the first part you may need to adjust when you want to port FIsH.
    This installer is for Linux users only. If you want to have Windows users executing FIsH point them to !!
    .. but you're free to port the installer to Windows (if u like: bring it back to me so I may include it..)
    Your FIsHFOOD (your own ramdisk) has to be compatible to your running STOCK ROM. If you have LL 5.x running your ramdisk has to run / build for it.

    important variables:
    MINSDK: Adjust this SDK level to match your runnin STOCK ROM which has to be compatible with your FIsHFOOD
    MINSU: The minimum SuperSU version required. Do not use anything lower than 279 (means 2.79) because this may not work!
    BUSYBOXURI: This is a full URL to a busybox binary compatible with your device. You may have to adjust this but ensure u use a compatible version
    because we highly depend on its syntax. The reason why FIsH does not come with busybox bundled is besides license stuff (I do not wanted to provide their
    sources :P ) it may be required that you need another binary then me.
  • fishing/ (directory)
    The real FIsH. Means all files which gets copied to the target device.
  • fishing/busybox (file - will be auto downloaded by the installer)
    You should know what it is..
    FIsH comes without busybox but the installer will download it automatically and place it here.
    FIsH uses busybox to have all commands with the expected syntax in place and we highly depend on this in the hijack process!
  • fishing/fishfood.gz (file)
    The FIsHFOOD is your own ramdisk - in gziped cpio (e.g. TWRP)
    This ramdisk has to be compatible to your device's ROM. Means when you have a STOCK ROM 5.1 installed your ramdisk have to be compatible to LL 5.1.
    You can ensure this within the installer (see FIsH Installer) where the Android version will be read and compared before FIsH installs actually.
  • fishing/fishfood.release (file)
    The version and content of your FIsHFOOD
    I recommend the following naming convention:


    You can write in here whatever you like. The content will be send to the fish.log to identify which version the user has installed (helps debugging).
  • fishing/callmeFIsH (file)
    a caller script which gets executed at very first.
    The only task callmeFIsH has is to prepare the whole FIsH to get started out of /system and then starting FIsH from /res. After this it immediately exists to not keep open tasks on /system. callmeFIsH will be placed in /system/su.d/ to get autostarted by SuperSU.
  • fishing/FIsH (file)
    The heart of the FIsH.. Get's called by callmeFIsH.
    It will be executed by SuperSU on boot and will hijack the process and prepare and setup everything to let your FIsHFOOD coming up.
  • fishing/ (file)
    Functions and vars a user/dev normally wouldn't need to change. They are internal stuff only.
  • fishing/FIsH.porting (file)
    As you're trying to port FIsH this file is your main part when it comes to customization for your device.
    Here you should find everything required to be adapted and there are very high chances that you HAVE to adjust this to your device.
  • fishing/ (file)
    The remote installer part. It will actually run as root and prepare your system for FIsH.
    You normally will never need to touch this.

FIsH target directories
  • /system/fish/
    All the bowels of FIsH like, FIsH, Busybox, fishfood.gz and fishfood.release go here
  • /system/su.d/
    The FIsH caller (callmeFIsH) goes here
  • /cache/fish/
    The most important directory for you: Here you will find all logfiles required for debugging!

The Following 7 Users Say Thank You to steadfasterX For This Useful Post: [ View ]
24th March 2017, 12:51 PM |#3  
steadfasterX's Avatar
OP Recognized Developer
Thanks Meter: 14,867
Donate to Me
Bring FIsH on the menu card (porting FIsH)

So you may now have a little bit understanding of what FIsH can do for you and what not.
When you feel FIsH could work for your device then why not just trying to port it?

This guide should help you for this task.
FIsH was made from scratch with portability in mind.
That means I tried to make it as simple as possible for you to port.
I really hope that task has been accomplished.. :P
  • 1. Met the pre-requirements

    You have to understood that FIsH will work ONLY when the pre-requirements are met.
    There is no way around or "if i met 1 of the 2 - will it work?" NO. You need BOTH!

    If you will be asked by a user to port FIsH -> Ensure that the requirements can be met first before investing your time.
    There is an easy test u can go for this: just execute the installer like this:

    ./ --check

    The installer will test and check if it get what it needs and then EXIT without(!) any installation.

  • 2. Build your FIsHFOOD (your custom ramdisk)

    I recommend to start with TWRP but choose whatever you like. For this guide i stay with TWRP.

    Keep in mind that your FIsHFOOD has to be build with the same sources as your running STOCK ROM.
    If you want to support multiple STOCK ROM versions you may have to build multiple FIsHFOOD versions.

    Testing your FIsHFOOD is not that easy on locked devices so your only option is to go on once you feel your build is ready.

  • 3. Cook the FIsHFOOD

    When you build images or ramdisks you may end up with an image file needed some preparation first:

    create a gziped cpio of your initial ramdisk u wanna load

    1. example of twrp build by you:
      after your build has finished you will find several img files in your out/ directory and you just need to copy the following file:
      and move it to:
    2. example of an existing twrp image:
      abootimg -x twrp.img (will extract the twrp image)
      file initrd.img (should tell something like: gzip compressed data. if NOT: gzip it!)
      mv initrd.img fishing/fishfood.gz (moves the extracted initial ramdisk)
    3. Some Notes:
      - this cpio has to be compressed with gzip (.gz file ending is importat!)
      - the name of this file should be fishfood.gz (exactly this)!
      - edit or add a file fishing/fishfood.release and type in what ur fishfood is (e.g. TWRP)
      and the version of it course (a good example is: TWRP-in-FIsH-v1_LG-G4_LL)

  • 4. Prepare the FIsH installer

    Download FIsH and extract it.
    open the file

    Check the variables u may need to adjust: Check Post #2 above for some explanations and read the comments within

    Note about the Android goFIsHing installer (fishing/
    You normally do not need to touch this file. It may be required if you cannot install FIsH but that should hopefully not happen..

  • 5. Cook the FIsH

    open fishing/FIsH.porting

    You will find 2 sections: GLOBAL and PORTING
    Each section has hopefully meaningful comments to give you an idea what they do and how you should modify them.
    Most vars also have example instructions to find the correct values for your device.

    When you're trying to port FIsH you may have to try & error FIsH several times before and you may do not want to use your defined key combo to do so.
    For this and also as a convenient option when you want to boot directly into FIsH from Android you can set a special flag to always boot FIsH.
    Use it with care because it may let it bootloop while in your testing phase.

    The file which activates FIsH without a key press is: /cache/recovery/boot

    It can make sense to use this for an easier testing process (don't need any key presses to activate FIsH).
    In sum the following command comes very handy while developing:

    ./ && adb shell "su -c touch /cache/recovery/boot" && adb reboot

    So the other way is using a key combo without the need to boot into Android.

    For this you will find everything you need in the file fishing/FIsH.porting which you usually have to adjust to your specific device.

    Providing user feedback for activating the FIsH:

    FIsH gets NOT activated by default. That means if you would reboot your device it will just reboot.
    To activate FIsH you need either to use a key combination (provided by you) or using the FIsH file flag.

    The idea of the FIsH booting process is (see fishing/FIsH.porting)

    a) WAIT_LED: show a LED color indicating FIsH has been STARTED (not ACTIVATED)
    ---> the user has to press the magic key combo NOW
    b) VIBRATE: will vibrate to indicate that the time for pressing the magic key combo is over
    c) FISH_LED: show a LED color indicating that FIsH has been ACTIVATED .... or NOT!
    d) boot into either Android or your FIsHFOOD depending on what the user wants

    If your device does not support different LEDs you can instead use the path to vibrate in the LEDs.
    e.g. WAIT_LED="$VIBRATE". This will let the device vibrate instead of showing a LED color.

    Whatever you end up with you have to check and adapt the enduser installation guide ofc as well..

  • 6. Let the FIsH swim

    Now it's time to test your FIsH port. But BEFORE:
    You will take a high risk here at this early stage because it CAN bootloop/soft-brick your device if something goes totally wrong!
    I hope I had done all to keep the risk for this low but no guarantees!!

    So make a FULL backup of ALL your apps and do not forget to backup your internal storage with all your pictures etc.!!! (just a reminder: TWRP does NOT backup your internal storage!! Read the explanation here)
    If the worse case happens you may need to totally bring your device back to pure STOCK so you have been warned!

  • 7. Finally give the FIsH a name
    If your FIsH swims... omg.. CONGRATS well done !!! The most hardest stuff is done now! Woot u r a REALLY good dev did u know that?! Your community will praise u!
    Of course u r free to choose a name but I recommend to name your FIsH package like this:


    Note: Did u see the different use of dashes and underscores? Keeping it that way is important.

    This way we all get a clear understanding what it is, which TWRP-in-FIsH version, for which device and for which STOCK ROM version.

  • 8. Release your FIsH to the wild ocean
    Ok I will not tell you how you should release but it would be nice if you tell the users where this all comes from
    Do not forget to report back to this thread if you have implemented a port so I can add it here for reference.
    An example installation guide for your endusers can be found at Post #7: Go FIsHing

  • If you struggle somewhere you can find me in the IRC (see OP)
    When you have to choose a channel it is: #Carbon-Fusion
    When you will be asked for a server network choose: freenode

Trouble / Bootloop fix
if you encounter a bootloop (should never happen but who knows) you have 3 choices at least:
  • Option 1a: (TWRP-Bootloop) Within TWRP open Advanced -> File Manager -> Goto: /system/su.d and click "select" button -> Delete
    Option 1b: (TWRP-Bootloop) From your PC: adb shell rm -rf /system/su.d/
    Important: Catch the fish log (see next topic)
  • Option 2 (this works also for a bootloop without twrp): boot into download mode and use LGLaf to get a shell
    setenforce 0 <-- if that doesn't work you may have to do a FULL restore to stock
    mount -oremount,rw /system
    rm -rf /system/su.d/

    reboot. You are out of the bootloop.
    Important: Catch the fish log (see next topic)
  • Option 3: Last resort: Reflash STOCK. sorry.. there is always a risk..

Catch the FIsH logs
  • when in TWRP (or other ramdisk providing adb shell):
    adb shell "cat /cache/fish/fish.log"
    adb shell "cat /tmp/recovery.log"
  • OR - when in Android:
    adb shell "su -c cat /cache/fish/fish.log"
    adb shell "su -c cat /cache/fish/fish.log.old"
    adb shell "su -c tar cvzf recoverylogs.tgz /cache/recovery"
    adb pull recoverylogs.tgz
  • Upload the output to and paste the link in the IRC channel
The Following 4 Users Say Thank You to steadfasterX For This Useful Post: [ View ]
24th March 2017, 12:53 PM |#4  
steadfasterX's Avatar
OP Recognized Developer
Thanks Meter: 14,867
Donate to Me
FIsH cuisine (examples)

Example implementations

If you have ported another device or know about one just post to this thread so I can list it here

The Following 4 Users Say Thank You to steadfasterX For This Useful Post: [ View ]
24th March 2017, 12:53 PM |#5  
steadfasterX's Avatar
OP Recognized Developer
Thanks Meter: 14,867
Donate to Me
FIsH hydra (multiboot in FIsH)

Bringing multiboot to your device is still not finished yet.

I just wanted to release FIsH now because I was able to proof the working concept based on TWRP and as FIsH is nothing device specific anything else should do so as well.
I have little hope that maybe other developers step in and trying to help me with this but well if not it doesn't matter.. just taking longer

The whole thing of multiboot is a WIP (work in progress) currently.

But now you can prepare yourself for a possible way on this by starting a port of TWRP-in-FIsH first to see if the FIsH concept works for your device. This is strongly recommended to start with whereever we will end up here. Then come back here and hopefully until then I have some news about that topic..

So in theory multibooting by FIsH should be possible. FIsH is just executing your ramdisk so..

The only thing we would need is a way to start any of the tools already available right?
Correct. But.. any of them have its own requirements and way of work. So I need to investigate the bowels of them first to adapt them to FIsH.

Let's think about my first choice: multiboot by efidroid.

While it is quite new for me and it's implementation of booting multiple ROMs is very nice and different from MultiROM. Kudos to MultiROM which provide multi boot of custom ROMs for years but I really like the approach of efidroid (even when I just starting to use it).
When you would be able to boot into efidroid with FIsH you could use as many (unpatched) ROMs as you like. Just 1 or 20 - depending on your disk space mainly. So what does that mean? With FIsH you can hijack the boot and jump in efidroid and now u r able to boot whatever custom ROM you like. That's the theory.
The practice is: efidroid is a bootloader and so completely different to TWRP for example. Using the same hack here will not work without modifications of efidroid and maybe FIsH. The key here is to use the efidroid binary plus the cmdline needed to get a custom ROM booted.
Don't get me wrong what NEVER will work is booting into efidroid like fastboot boot uefi_boot.img can provide. The first thing what I'm trying to achieve is to use the efidroid binary plus the needed cmdline to boot up a manually added custom ROM (thx to the efidroid dev @m1cha by the way.. I promise to bug u as often as possible ). When this works we have won. Well it will be far away from user friendly leaving it this way but it should be possible to write a GUI (e.g. based on AROMA) and then doing the actions efidroid offers in its boot menu. So.. at the end some kind of MultROM but without kexec patches would be possible then.

The other way around: multiboot by MultiROM.

A long player in the game of multiboot and often ported to many devices. The problem here is that it is more than just a ramdisk. It is splitted into a modified TWRP plus MultiROM itself which needs to be flashed from within TWRP. This flashing will inject modifications in your /boot image so it will not work this way on locked devices out of the box.
Before I want to dive into the deeps of a possibly MultiROM implentation for FIsH I want to end my testing for efidroid. So atm I cannot say if there will be a way or not because for this I need to find out what MultiROM really do in the boot image and adapt this change to FIsH. I strongly believe that this can be adapted but my time is limited and my priority lays on efidroid for the moment.
Tbh bringing up the modified TWRP version should be easy because it will work the same way as bringing the ordinary TWRP to FIsH but the other part in the boot image is what I'm not sure about what it does (haven't had the time to look into this yet).
If u feel like a developer and you are able to unbrick a soft-bricked device then feel free to investigate and try on your own and let me know

Update (2017-06-27):
I had the time to look into the possibilities of a multirom port to FIsH.
The bad news: its not easy as thought. Its near impossible yet not complete impossible.
I was a little bit confused by a new compile flag in multirom named MR_NO_KEXEC which allows you to use kernels not patched for kexec-hardboot.
Well but its not that easy..
- using kexec-hardboot needs a patched kernel
- and not using it (MR_NO_KEXEC flag set) will replace the whole boot partition(!) when a secondary ROM boots
So both options will break and can't be used.
The only way to go would be to modify the multirom sources (likely the trampoline part) to behave like efidroid does (heavy usage of loop devices instead of the current phys ones).
You can think of that this modification goes VERY deep, means a LOT of work and requires heavy C / C++ skills.
That's why I can't proceed here. I don't think that it is worth it tbh so I will investigate the other options and abandon the MultiROM approach.

The FIsH plate (sdcard booting)

Thanks to @BigCountry907 we could boot FIsH on every qualcomm device in a manner which has the potential to root any device, boot any ROM and more.

You remember? FIsH can be installed on a rooted device ONLY!

That's still true but with this you can boot e.g. TWRP-in-FIsH even on a not rooted MM / N /... by using the FIsH plate..

The whole process makes use of a qualcomm feature which let you do this.
- the whole process is incredible complicated to get it working!!!
- the whole process is very sensitive and you have to find the right combination of needed partitons to make it work
- the whole process is a complete try & error
- if I mean IF I get this working I could patch the bootloader partition on that sdcard partition without touching the REAL bootloader to test without bricking...
- I work together with @BigCountry907 to get it working but we live in complete diff timezones which makes it not easier :P

If you want to help you can find me in the IRC (see OP)

The Following 5 Users Say Thank You to steadfasterX For This Useful Post: [ View ]
24th March 2017, 12:53 PM |#6  
steadfasterX's Avatar
OP Recognized Developer
Thanks Meter: 14,867
Donate to Me
Chew the FIsH (Copying/License)


# This is Android FIsH: [F]luffy [I]ncredible [s]teadfasterX [H]ijack
# Copyright (C) 2017 steadfasterX <[email protected]>
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# GNU Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <>.

FIsH mutation history (Changelog)

android FIsH v3.0
Released: 2017-06-14
Full Changelog:
Download: see the OP
Summary Changelog:
  • adding the possibility to exclude easily process names/pid's from being killed (coming with a default exclusion list already)
    check it out: `fishing/FIsH.porting` --> `EXCLUDEPROCS / EXCLUDEPIDS`
  • several fixes regarding the ramdisk extraction
  • heavy speed improvements regarding kill & mount
  • adding a version string to FIsH to be able to identify which framework is running
  • added a better `ps` command than the one provided by `busybox ps`

android FIsH v2.0
Released: 2017-04-11
Full Changelog:
Download: see the OP
Summary Changelog:
  • Improved general speed by factor 4
  • Many bug fixes
  • Many improvements for the installer like a new clean function (uninstall FIsH)

android FIsH v1.0
Released: 2017-03-24
Full Changelog:
Download: see the OP
Summary Changelog:
  • first general public release
The Following User Says Thank You to steadfasterX For This Useful Post: [ View ]
24th March 2017, 12:54 PM |#7  
steadfasterX's Avatar
OP Recognized Developer
Thanks Meter: 14,867
Donate to Me
Go FIsHing (enduser installation guide example)

COPY & PASTE template for your own XDA thread (completely pre-formatted)


The Following User Says Thank You to steadfasterX For This Useful Post: [ View ]
24th March 2017, 12:54 PM |#8  
steadfasterX's Avatar
OP Recognized Developer
Thanks Meter: 14,867
Donate to Me
Special FIsH Dinner (Notes)


The first step to get a success with FIsH is to use TWRP as your FIsHFOOD.
Once started the first thing coming in your mind may be backup & restore but use it with care!
FIsH will brutally unmount /system in - afaik - all cases because there will be open files on it which can't be avoided.

In order to use TWRP successfully you should set at least this special flag:

# Always use rm -rf to wipe

This is a workaround because it means wiping /system or /data will behave differently then you might expect normally. Without this flag TWRP will format the partition. With this flag set TWRP will use rm and delete all files on it without formatting the partition.
The Following 2 Users Say Thank You to steadfasterX For This Useful Post: [ View ]
24th March 2017, 04:13 PM |#9  
veez21's Avatar
Senior Member
Flag Guess Where
Thanks Meter: 2,716
Donate to Me
Very interesting. I actually have a locked (bootloader) device which I'm looking for a way to unlock. I feel likr I could get something (*cough*TWRP*cough*) working because of this. Keep it up
The Following User Says Thank You to veez21 For This Useful Post: [ View ] Gift veez21 Ad-Free
24th March 2017, 05:05 PM |#10  
Senior Member
Thanks Meter: 362
Originally Posted by veez21

Very interesting. I actually have a locked (bootloader) device which I'm looking for a way to unlock. I feel likr I could get something (*cough*TWRP*cough*) working because of this. Keep it up

Just remember the limitations and leave thanks to @steadfasterX
The Following User Says Thank You to DevUt For This Useful Post: [ View ] Gift DevUt Ad-Free
24th March 2017, 08:36 PM |#11  
Senior Member
Thanks Meter: 682
I am very happy to have stumbled on this today.
I cant wait to get a little deeper into it but i must say very nice job.

I have been working on a big project myself. For creating a clone of any device emmc.
Burn the GPT Partition Table to a External_SD Card and flash the images.

What I have found is that If you make the SD Card right the Qualcomm Devices will boot from the sd card.
To the extent that If i unlock a device that normally can not be unlocked using my XTC-2 clip then copy the images ect from the unlocked device burn to sd card and then boot into H-boot or Download mode the Unlocked Status for example Bootloader Unlock and S-off and Super Cid ect ect ect will be present on the locked device. Thus giving elevated permissions. My setback has been there is no normal way for me to write any partitions yet. Anything I flash through H-boot writes to the SD Card. And I have been unable to make TWRP boot this way.

My initial though is to set up my unlocked device with fish and get it all working. Then create the sdcard image that includes the installed fish scripts. It would be simple to modify the external sd to meet all the fish requirements. even if the device itself can not meet the requirements. My device currently meets the requirements but it isnt for me. Its for the community of people that dont have java cards. This could potentially lead to a way of overcoming both of our current limitations.

All i need is a way to boot TWRP from my elevated privileged sd card and I can utilize that to provide unlocking.

The Following 2 Users Say Thank You to BigCountry907 For This Useful Post: [ View ] Gift BigCountry907 Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes