Magisk General Support / Discussion

Search This thread
By:
Advanced…
P

pndwal

Senior Member
Jun 23, 2016
7,003
8,084
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
tim1aust said:
#1 is what I would love to have also, but have been unable to find any information anywhere how to do this. If one could download the OTA and have the standard "Update is available" process allow you to specify the downloaded OTA image, then the process @pndwal referred to at https://github.com/topjohnwu/Magisk/blob/master/docs/ota.md#devices-with-ab-partitions would allow the OTA update be applied with stock images restored, then use Magisk "install to inactive partition" be used *before* rebooting. In fact, my Moto Z3 is running PixelExperience ROM and I get streaming OTA updates on that phone, and follow @pndwal's referenced process without a hitch, each month.

I can't suss out why Google insists on "streaming" OTA updates, and forbid local OTA updates. I suspect the reasoning is based somewhat on they don't want to encourage rooting. Which I suppose is not unreasonable from their view, but if someone has a rooted phone/unlocked bootloader they have already voided their warranty, so IMHO it should be left to the owner of the phone to make these decisions.
Click to expand...
Click to collapse
Streaming updates are supposed to make for a seamless easy update experience for the user... Update uses little data and images are created on the fly from active partition blocks + any updated block data from delta OTA, and all while user still has access to phone... Reboots should also be very quick it all went well, and if not phone simply boots again to original slot...

There are various uses for full OTA images but these are really outside the purpose of the A/B seamless update engines purpose... PW
 
  • Like
Reactions: ipdev
tim1aust

tim1aust

Member
May 27, 2023
14
11
pndwal said:
Streaming updates are supposed to make for a seamless easy update experience for the user... Update uses little data and images are created on the fly from active partition blocks + any updated block data from delta OTA, and all while user still has access to phone... Reboots should also be very quick it all went well, and if not phone simply boots again to original slot...

There are various uses for full OTA images but these are really outside the purpose of the A/B seamless update engines purpose... PW
Click to expand...
Click to collapse

Thanks PW. So I guess the "full" OTA updates that are downloadable from the Google site (and sideloaded) are different from what is served up for the streaming, "seamless update engine". I didn't know that. Still learning...
Tim
 
badabing2003

badabing2003

Recognized Contributor
Sep 17, 2012
3,001
4,634
Update:

On a Pixel 5 device, I managed to have both slots bootable.
One slot rooted, and the other not, both on the same 2023-05 firmware.

The process is as follows (which PF will support OOB in the next release)
- Sideload full OTA
- Reboot to bootloader
- Flash patched image.
- reboot to system (observe root)
- Sideload full OTA
- Reboot to System (no patching, observe no root)
- Switch slot (observe root)

With Pixel 5, one is able to make changes to boot after sideload but before reboot.
It still needs to be tested if this works on Pixel 6, 7 * devices

I find flashing full OTA is slower than flashing full factory, but the benefit of having both slots bootable is a big bonus.
 
  • Like
  • Love
Reactions: Homeboy76, capntrips, ipdev and 3 others
Lughnasadh

Lughnasadh

Senior Member
Mar 23, 2015
5,476
6,524
Google Nexus 5
Huawei Nexus 6P
badabing2003 said:
Update:

On a Pixel 5 device, I managed to have both slots bootable.
One slot rooted, and the other not, both on the same 2023-05 firmware.

The process is as follows (which PF will support OOB in the next release)
- Sideload full OTA
- Reboot to bootloader
- Flash patched image.
- reboot to system (observe root)
- Sideload full OTA
- Reboot to System (no patching, observe no root)
- Switch slot (observe root)

With Pixel 5, one is able to make changes to boot after sideload but before reboot.
It still needs to be tested if this works on Pixel 6, 7 * devices

I find flashing full OTA is slower than flashing full factory, but the benefit of having both slots bootable is a big bonus.
Click to expand...
Click to collapse
Okay, did some testing on my Pixel 6 Pro:

Started with:
Platform Tools 33.0.3
A14 Beta 2.1 (installed using flash-all.bat)
Rooted with Canary Magisk 26102
Active slot=b

Sideloaded the A14 Beta 2.1 OTA
Booted up
Not rooted (of course)
Active slot=a
Then rooted with Canary Magisk 26102

Switched slots to b
Did not boot (as expected)
Booted back into bootloader
Set slot back to a
Sideloaded the A14 Beta 2.1 OTA

Booted up
Not rooted
Active slot=b

Then switched slots to a and booted successfully
Slot a still rooted

Then switched slots to b and booted successfully
Slot b still not rooted

Then switched slots again back to a and booted successfully
Slot a still rooted
 
  • Like
  • Love
Reactions: Homeboy76, ipdev, pndwal and 3 others
badabing2003

badabing2003

Recognized Contributor
Sep 17, 2012
3,001
4,634
Lughnasadh said:
Okay, did some testing on my Pixel 6 Pro:

Started with:
Platform Tools 33.0.3
A14 Beta 2.1 (installed using flash-all.bat)
Rooted with Canary Magisk 26102
Active slot=b

Sideloaded the A14 Beta 2.1 OTA
Booted up
Not rooted (of course)
Active slot=a
Then rooted with Canary Magisk 26102

Switched slots to b
Did not boot (as expected)
Booted back into bootloader
Set slot back to a
Sideloaded the A14 Beta 2.1 OTA

Booted up
Not rooted
Active slot=b

Then switched slots to a and booted successfully
Slot a still rooted

Then switched slots to b and booted successfully
Slot b still not rooted

Then switched slots again back to a and booted successfully
Slot a still rooted
Click to expand...
Click to collapse
Thanks for the test, we can take advantage of this to carry to bootable slots,
I find it interesting that after flashing OTA, factory flashed slot was no longer bootable, that's a bit surprising considering that OTA could not have changed it.
 
  • Like
Reactions: roirraW "edor" ehT and Lughnasadh
Lughnasadh

Lughnasadh

Senior Member
Mar 23, 2015
5,476
6,524
Google Nexus 5
Huawei Nexus 6P
Lughnasadh said:
Okay, did some testing on my Pixel 6 Pro:

Started with:
Platform Tools 33.0.3
A14 Beta 2.1 (installed using flash-all.bat)
Rooted with Canary Magisk 26102
Active slot=b

Sideloaded the A14 Beta 2.1 OTA
Booted up
Not rooted (of course)
Active slot=a
Then rooted with Canary Magisk 26102

Switched slots to b
Did not boot (as expected)
Booted back into bootloader
Set slot back to a
Sideloaded the A14 Beta 2.1 OTA

Booted up
Not rooted
Active slot=b

Then switched slots to a and booted successfully
Slot a still rooted

Then switched slots to b and booted successfully
Slot b still not rooted

Then switched slots again back to a and booted successfully
Slot a still rooted
Click to expand...
Click to collapse
Same test on my Pixel 7 Pro running A13 (May) with same results (this time I did not try to switch slots and boot into the slot that had the OS still installed via flash-all.bat (Step 2) 👍
 
  • Like
Reactions: roirraW "edor" ehT and badabing2003
Lughnasadh

Lughnasadh

Senior Member
Mar 23, 2015
5,476
6,524
Google Nexus 5
Huawei Nexus 6P
badabing2003 said:
Ouch, sorry to hear that, now you need a wipe?

So at what point you should have done that?
When flashing the patched image? just add the extra flags?
Click to expand...
Click to collapse
Yeah, if I want to run a custom kernel (Pixel 7) then I need to wipe. Should have sideloaded (not booted up), then gone into bootloader and run fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img to that slot. Once booted after sideload/flashing the firmware it's too late as it's enabled after booting. Don't think it matters if you do it before or after flashing the patched image, just as long as you do it before you boot up. Oh well, lol...

Nothing to do with what we were testing, just custom kernel related. Seems to also help to avoid getting the red eio corrupt message when things may not go as expected.
 
  • Like
Reactions: ipdev, VerticalCobra, J.Michael and 3 others
badabing2003

badabing2003

Recognized Contributor
Sep 17, 2012
3,001
4,634
Lughnasadh said:
Yeah, if I want to run a custom kernel (Pixel 7) then I need to wipe. Should have sideloaded (not booted up), then gone into bootloader and run fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img to that slot. Once booted after sideload/flashing the firmware it's too late as it's enabled after booting. Don't think it matters if you do it before or after flashing the patched image, just as long as you do it before you boot up. Oh well, lol...

Nothing to do with what we were testing, just custom kernel related. Seems to also help to avoid getting the red eio corrupt message when things may not go as expected.
Click to expand...
Click to collapse
Thanks, I realize it is only needed for custom Kernel cases.
I should add extracting vbmeta from payload.bin then in addition to boot.img / init_boot.img so that the step can be performed if the options are selected.
 
  • Like
Reactions: ipdev, VerticalCobra, sawdoctor and 4 others
roirraW "edor" ehT

roirraW "edor" ehT

Forum Moderator
Staff member
May 8, 2010
15,342
20,284
Tralfamadore
Sprint Samsung Galaxy S III
Samsung Epic 4G Touch
badabing2003 said:
Update:

On a Pixel 5 device, I managed to have both slots bootable.
One slot rooted, and the other not, both on the same 2023-05 firmware.

The process is as follows (which PF will support OOB in the next release)
- Sideload full OTA
- Reboot to bootloader
- Flash patched image.
- reboot to system (observe root)
- Sideload full OTA
- Reboot to System (no patching, observe no root)
- Switch slot (observe root)

With Pixel 5, one is able to make changes to boot after sideload but before reboot.
It still needs to be tested if this works on Pixel 6, 7 * devices

I find flashing full OTA is slower than flashing full factory, but the benefit of having both slots bootable is a big bonus.
Click to expand...
Click to collapse

Lughnasadh said:
Same test on my Pixel 7 Pro running A13 (May) with same results (this time I did not try to switch slots and boot into the slot that had the OS still installed via flash-all.bat (Step 2) 👍
Click to expand...
Click to collapse

Thanks for the test results and extremely fascinating information.

I wonder why, exactly, this works - presumably it's related to how the OTA treats the data that the factory image normally stores on the inactive slot. And it's also interesting that the full OTA and factory image would have different results.

Hopefully I notice the notes I've made on this the next time a Stable update comes out. :)
 
  • Like
Reactions: ipdev, pndwal, shoey63 and 2 others
sawdoctor

sawdoctor

Senior Member
Sep 11, 2016
448
256
Lughnasadh said:
Okay, did some testing on my Pixel 6 Pro:

Started with:
Platform Tools 33.0.3
A14 Beta 2.1 (installed using flash-all.bat)
Rooted with Canary Magisk 26102
Active slot=b

Sideloaded the A14 Beta 2.1 OTA
Booted up
Not rooted (of course)
Active slot=a
Then rooted with Canary Magisk 26102

Switched slots to b
Did not boot (as expected)
Booted back into bootloader
Set slot back to a
Sideloaded the A14 Beta 2.1 OTA

Booted up
Not rooted
Active slot=b

Then switched slots to a and booted successfully
Slot a still rooted

Then switched slots to b and booted successfully
Slot b still not rooted

Then switched slots again back to a and booted successfully
Slot a still rooted
Click to expand...
Click to collapse
So as well as making it easier to keep root with an ota we can have the same firmware on the device one rooted and one not? So if magisk hide/safetynet/etc aren't working we can boot to the non rooted firmware to use wallet/banking apps etc and then boot back to rooted. Or is it a bit more complicated than that? Never had a pixel device before
 
badabing2003

badabing2003

Recognized Contributor
Sep 17, 2012
3,001
4,634
andy242 said:
So as well as making it easier to keep root with an ota we can have the same firmware on the device one rooted and one not? So if magisk hide/safetynet/etc aren't working we can boot to the non rooted firmware to use wallet/banking apps etc and then boot back to rooted. Or is it a bit more complicated than that? Never had a pixel device before
Click to expand...
Click to collapse
I'm afraid that won't help you for that usecase.
Unlocked bootloader alone will trip the detection.
 
  • Like
Reactions: ipdev, Lughnasadh, roirraW "edor" ehT and 1 other person
P

pndwal

Senior Member
Jun 23, 2016
7,003
8,084
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
badabing2003 said:
I'm afraid that won't help you for that usecase.
Unlocked bootloader alone will trip the detection.
Click to expand...
Click to collapse
Well there are some apps that detect root only and don't complain about Play Integrity verdicts or B/L unlocked...

In the case of Starling:
https://forum.xda-developers.com/t/banking-app-starling-detecting-magisk.4576421/
dual boot to root/unrooted alternatively would be quite helpful since users apparently get a 2 week grace period after app detects root before app is disabled. Dual boot would allow them to log in fortnightly w/o root to continue using the app (even with root).

ATM there's no way (even with native bridge loading) to bypass Zygisk or Riru hooking/zygote injection detection, so many users are currently disabling Zygisk and using old p-trace MagiskHide implementations to hide root in order to log in once a fortnight.

👀 PW
 
Last edited:
  • Like
Reactions: ipdev, badabing2003, Lughnasadh and 1 other person
P

pndwal

Senior Member
Jun 23, 2016
7,003
8,084
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
andy242 said:
At least you can relock bootloader and go back stock I guess. On Sammy once you trip Knox that's it something's will never ever work again. Still a pia though
Click to expand...
Click to collapse
There's no problem relocking on Samsung either...

You will lose special Samsung secure 'business platform' B2B (Business to Business) features (+ device enrollment for Knox solutions) incl. use of the Knox Security Container when Knox fuse (warranty bit) is blown.

Several Samsung apps and utilities use Knox Security so these will be also be broken including:
- Samsung pay*
- Samsung Pass
- Samsung Health
- Samsung Secure Folder
*Nb. There should be no issue for G Pay/Wallet.

I believe warrant may still be intact depending on local law, but in many lands the warranty will be voided.

Basically:
If the Knox bit has tripped:
  • A new Workspace can no longer be created on such a device.
  • The data encrypted and stored in an existing Workspace can no longer be retrieved.
  • Other Samsung services that utilize Knox security stop working (Samsung Pay, Secure Folder.)
Everything else outside the Workspace should be the same as before.
Click to expand...
Click to collapse

Likely most users never use the Knox enterprise features and might not need S Pay, S Health etc but need to realise that those features will be lost by flashing custom mods (not simply by unlocking bootloader)... Otherwise they can simply re-lock if and continue using device as before if they wish.

👀 PW
 
  • Like
Reactions: ipdev and roirraW "edor" ehT
Lughnasadh

Lughnasadh

Senior Member
Mar 23, 2015
5,476
6,524
Google Nexus 5
Huawei Nexus 6P
andy242 said:
So as well as making it easier to keep root with an ota we can have the same firmware on the device one rooted and one not? So if magisk hide/safetynet/etc aren't working we can boot to the non rooted firmware to use wallet/banking apps etc and then boot back to rooted. Or is it a bit more complicated than that? Never had a pixel device before
Click to expand...
Click to collapse
Others have already addressed your question, but for me, the biggest benefit here is to have a safety valve in place where your inactive slot is bootable (without first having to flash the firmware) in case you get into a hairy situation where your active slot becomes unbootable for whatever reason. May be useful in some situations.
 
  • Like
Reactions: Homeboy76, ipdev, HippoMan and 5 others
You must log in or register to reply here.

Similar threads

T
  • Locked
  • Sticky
Magisk - The Magic Mask for Android
Replies
56
Views
6M
T
topjohnwu
T
  • Locked
[CLOSED][BETA][2018.7.19] Magisk v16.7 (1671)
Replies
7K
Views
3M
T
topjohnwu
Heisenberg
[Discussion] PokeMon Go Magisk Discussion Thread
Replies
5K
Views
640K
djkrish5610
djkrish5610
Didgeridoohan
[Discussion] Google Pay Magisk Discussion Thread
Replies
3K
Views
546K
C
crok.bic
yochananmarqos
Collection of Magisk Modules v2
Replies
1K
Views
1M
J
jacomail95

Top Liked Posts

24 Hours 30 Days All time
  • 3
    badabing2003
    badabing2003
    portsample said:
    Same same. Renamed only for patching. Only been patching boot_a.img...I have not been touching boot_b.img.
    Click to expand...
    Click to collapse
    stock_boot.img SHA1: e84bb8cfe0eae099b43d5210528147b78d1cb0d9
    boot_a.img SHA1: 209cb9fe9063e51ef45ffebecacdd969d323c87a
    Not the same
    1695246942798.png


    Only been patching boot_a.img is not good enough.
    If you have A/B phone, and your active slot is B
    if you dump A, create a patch from it and flash that to either A or B (B by default if you don't specify and B is your current) you won't get root.
    Which could be the root of your issues and not vbmeta.

    Connect your phone to PixelFlasher and see what it detects, what is your current slot, you can also hit the Device Info button and get additional details.

    If you want to create a patch using PixelFlasher
    In your case because you don't have full firmware or full OTA, you'd have to use the needle icon to create a patch
    1695247432324.png

    Make sure you create a patch from current active slot's dump of boot.img
    Also make sure to dump vbmeta.img of the current active slot.

    So far have you tried flashing patched boot.img on Android 10?
    if so, do you just bootloop?
    If you have not yet tried, please don't blindly flash any patch you create, you want to make sure vbmeta / AVB is truely not in play otherwise you could end up bricking your phone.
    View
    3
    badabing2003
    badabing2003
    pndwal said:
    Point is, why touch it at all?!... I'm certainly not advocating stripping it any more than simply patching it.
    Click to expand...
    Click to collapse
    Why do people mod and experiment with their own devices? :)

    pndwal said:
    I think the reason @portsample could boot such OS/images only until Android 8.1 is that AVB was only verifying/disallowing images for normal flashing... Now we have checks that give 'fatal' errors irrespective of vbmeta, otherwise we could re-lock bootloader with root without signing with custom keys, no?
    Click to expand...
    Click to collapse
    Yes this would be correct, but as you pointed out later:
    This means it's possible that other (vbmeta hash/hashtree?) checks may in fact be the issue... I don't understand how newer vbmeta partitions interact with old VB (A4.4+) as seems they were designed for AVB (A8+)... It is strange that @badabing2003 found stock vbmeta is already zeroed out; that's usually done to bypass AVB... but maybe A10 requires vbmeta partitions so dummies are used since device only has VB (not AVB)?...

    Also, the checks being bypassed by zeroing working in stock configuration really means they should with Magisk too...
    Click to expand...
    Click to collapse
    What I don't understand is why vbmeta is all zero, which means it does not factor into play other than just needing it to be there,
    Unless the current active slot is B, and we only have the vbmeta of slot a.
    @portsample why aren't you dumping both slots?

    pndwal said:
    As I understand it, AVB "typically starts with a read-only portion of the device firmware which loads code and executes it only after cryptographically verifying that the code is authentic and doesn't have any known security flaws"... The vbmeta struct holds the hash for partitions in hash descriptors, and "because this is cryptographically signed, the boot loader can check the signature and verify it was made by the owner of key0 and thereby trust the hashes used for boot, system, and vendor"...
    https://android.googlesource.com/platform/external/avb/+/main/README.md
    Click to expand...
    Click to collapse
    My limited understanding aligns with yours.

    pndwal said:
    So I think all this vbmeta stuff is a red herring for @portsample as long as bootloader cannot be unlocked... Please say if I'm still missing something... PW
    Click to expand...
    Click to collapse
    No you got it in your last post, the bootloader or the ro portion of the old device is not forward proof probably.

    portsample said:
    Attached are the vbmeta and boot image files from a full ROM backup of a SonimXP8 running Android10.
    Click to expand...
    Click to collapse
    What's the difference betweeb stock_boot.img and boot_a.img, and where is the boot_b.img file?
    View
    2
    portsample
    portsample
    pndwal said:
    Very interesting... "isAB=true, isSAR=true"...

    Either they had SAR and A/B before first Pixel, or they managed to retrofit A/B updates... Can you say if device was A/B when on A7 or 8?... 👍 PW
    Click to expand...
    Click to collapse
    Was not A/B before A8.
    View
    1
    zgfg
    zgfg
    berrynddonut said:
    Greetings! Is there any chance there will be a Realme C55 module any time soon? Also, is rooting your device any good in general? Thanks
    Click to expand...
    Click to collapse
    What do you mean by "Realne C35 module? Module for what (for camera on that phone, for BT on that phone, something for WiFi for that phone, etc)

    Magisk is generic. If you are new to Magisk, please start by reading the installation instructions on the Magisk GitHub page
    View
    1
    zgfg
    zgfg
    berrynddonut said:
    Ah sorry, i think that was the tldw recovery tool or smth
    Isn't that necessary tho?
    They don't have a module for REALME C55 phones!
    Click to expand...
    Click to collapse
    Again I don't understand what are you asking for?
    Are you asking for TWRP (custom recovery) for your phone

    Try to find a subforum on XDA devoted to your phone. Look to the guides there, under ROMs there and other development, post your question under Questions

    That's the place where you can find the accurate info related to your phone

    This is here a general/generic thread about Magisk. There is no specific Magisk for Realne or some other phone

    Eg, I have Xiaomi, many others have Pixel or Samsung, etc - you will hardly find here an info, like you're asking, if somebody is developing a "module" for your phone
    View
  • 9
    P
    pndwal
    Latest Magisk Stable:
    Release Notes

    2023.9.4 Magisk v26.3​

    v26.3​

    • [General] Fix device information detection script
    • [General] Update BusyBox to 1.36.1
    • [General] Update toolchain that produces broken arm32 executables
    • [App] Fix root service unable to bind on OnePlus devices
    https://topjohnwu.github.io/Magisk/releases/26300.html

    👍 PW
    View
    8
    ipdev
    ipdev
    HippoMan said:
    I consider it to be unfair to define "modder" or "developer" as "anyone who dumps partitions/nandroid".
    <SNIP>
    Click to expand...
    Click to collapse

    pndwal said:
    <SNIP>
    Since it's not available without unlocking, 'anyone who dumps partitions / performs nandroid' has to agree to modify the device by unlocking which changes original product features including disabling security functions and other features... Then they generally install a custom (modified) recovery...😆
    <SNIP>
    Click to expand...
    Click to collapse
    I miss the days when I could just use adb to dump the data partition into an image file and flash it back. 😿️

    Better yet, when I could wipe system, install a different OS version and leave userdata alone.
    [The original Clean/Dirty flash install.] 🙃️

    As for the Cat and Mouse game...

    My money is on the Mice. 😜️
    "Look, sorry - are we talking about the little white furry things with the cheese fixation and women standing on tables screaming in early sixties sit coms?"

    Slartibartfast coughed politely.

    "These creatures you call mice, you see, they are not quite as they appear. They are merely the protrusion into our dimension of vast hyperintelligent pandimensional beings. The whole business with the cheese and the squeaking is just a front."
    ― Douglas Adams, The Hitchhiker's Guide to the Galaxy

    Cheers all. :cowboy:

    PS.
    I miss FlashFire.     😥️
    View
    8
    P
    pndwal
    HippoMan said:
    This illustrates why I always want to be able to use a device upon which TWRP (or perhaps OrangeFox) is functional. As long as I've taken a proper full nandroid backup of a previous working system, I can easily nandroid-restore that working system after an upgrade, if I wish.

    I am not happy with Google for continuing to "enhance" (ha ha!) Android as time goes on,
    Click to expand...
    Click to collapse
    Yeah... And Microsoft should have stayed with DOS, and maybe Windows as a DOS add-on!...
    HippoMan said:
    thereby making it more and more difficult to get TWRP and OrangeFox working with newer Android versions.
    Click to expand...
    Click to collapse
    That's certainly NOT their intention...

    There's a lot to be said for new innovations and OEM requirements both in the mart of competitive commerce and for the value -added benefits to general Android users...

    Just as a few examples,
    • SAR/2SI enhancements allow for A/B partitioning and 'seamless' (streamed) delta OTA updates,
    • Shared blocks architecture allows for dynamic sup-super partitions which may be RO but are resizable with no unused space, upgradable to larger /system etc in future and space optimised/saving etc,
    • Project Treble (Android 8+)
    https://www.xda-developers.com/goog...ze-android-so-oems-can-update-devices-faster/
    modularised Android so that OEMs can serve Android updates more quickly by reducing OEM dependence on SoC vendors for every single OS update and introduced a new 'vendor interface' and Vendor Test Suite (VTS)... It also facilitated
    • The GSI Project (Android 9+)
    https://developer.android.com/topic/generic-system-image
    which allows app developers to install and run the latest Android Generic System Images to perform app testing on a variety of existing Android devices, and use GSIs from different Android OS release stages... Extra benefits include:
    - Broader test coverage on a greater set of real devices
    - More time to fix app compatibility issues
    - More opportunities to fix compatibility issues in Android that are reported by app developers
    • Project Mainline (Android 10+)
    https://www.xda-developers.com/android-q-project-mainline-security/
    (modules:)
    https://www.xda-developers.com/android-project-mainline-modules-explanation/
    expands on Treble's modularisation to further address fragmentation, adding Android Pony EXpress update packages to allow updating system modules (APEX includes all needed libraries, ART, HALs and precompiled code on addition to apps) through Google Play in Android 10 and 25 new modules with A11, as well as reducing how dependent Google is on OEMs for delivering security updates to key OS components. It also facilitated
    • The GKI Project (Android 11+)
    https://source.android.com/docs/core/architecture/kernel/generic-kernel-image
    with its Generic Kernel Image is an essential change aimed addressing the issue/costs of fragmentation which "has several negative effects on the Android community". GKI/Mainline reductions in fragmentation thus:
    - Make security updates less labor intensive
    - Allow merging Long-Term Supported updates
    - Removes factors that Inhibit Android platform release upgrades
    - Allows easier contribution of kernel changes back to upstream Linux

    So Treble and Mainline, with their GSI and GKI changes/requirements, are initiatives to facilitate easier updates for vendors, give incentive to support devices much longer, etc.

    Google is in the business of promoting it's mobile OS and producing development milestones that reduce costs, improve efficiency, lifecycle, specs etc for OEMs and end users in order to stay competitive, relevant, innovative and appealing... And they make major architectural changes for these reasons...

    They aren't in the game of "making it more and more difficult to get TWRP and OrangeFox working"; they appreciate these efforts but (quite reasonably) have the (different) priorities mentioned above...

    Just as with Magisk injection, there is much pressure on Dee's Troy and team (and other custom recovery teams) to get TWRP functioning properly, let alone to mount and decrypt user data with an ever changing Android architecture, but there are clearly more complex considerations than for simple Magisk injection... Even so, Google allows and even supports such custom mod efforts...

    Moreover it's not Google's fault that community projects like TeamWin find it difficult to devote the time, conscript the Devs or otherwise overcome obstacles needed to properly support new Android iterations... They actually supply clear documentation as part of AOSP for these changes to benefit all Android devs, whether OEMs, app makers or custom modders...

    I don't really know why TWRP has not progressed past Oct 2022 3.7.0 A12 base builds at this time despite the fact that 'Android 13 development had started' already, but the difficulty they have keeping up is not new... I note that everything there is still © 2014 to 2022, also that:
    TWRP development is done by roughly 4 people at this point. We also have a large support community with many people who are willing to answer questions and help people with their devices either through our Zulip channel or on forums like xda-developers.
    Click to expand...
    Click to collapse
    https://twrp.me/about/
    and that, just as when Dees Troy lamented that 'real life' was preventing TWRP keeping pace, the four base team members are still appealing for volunteers:
    We need your help! The bulk of TWRP work is done by a handful of people on a volunteer basis. We have pushed most of our device files to our github and we have a gerrit instance. If you have the ability, please help us maintain our official devices and/or add your device to our official device list. Thanks in advance!
    Click to expand...
    Click to collapse
    -----​

    Despite the difficulty the TWRP four have keeping up with the Google juggernaut, apparently many devices running A13+ have at least unofficial TWRP support with working decryption. Some won't allow permanent flashing but temp booting TWRP works nonetheless, and some have other issues...

    Re devices launched with Android 13:

    Just on Thursday, Dev @Nebrassy posted a TWRP build for OnePlus 11 which is apparently working despite some niggles:
    https://forum.xda-developers.com/t/recovery-12-unofficial-teamwin-recovery-project.4625181/

    This device has dedicated /recovery_a and /recovery_b partitions and Qualcomm SoC, and the Dev doesn't even own the device...

    For Pixel 7 series, the delay getting TWRP w/ decryption working seems to be Tensor SoC / device tree syncing and possibly StrongBox / KeyMint / Titan chip implementation(?) rather than general Android Architectural changes and initiatives.

    However, just yesterday @Wishmasterflo posted a test build of OrangeFox recovery (this is "synced with the latest Teamwin changes", and originally from a Dev who later joined LineageOS) for the Pixel 7a:
    https://forum.xda-developers.com/t/...g-thats-being-worked-on.4532237/post-88986509
    Nb. The Dev cannot test ATM as his device is still locked...

    Pixel 7a users: If someone tests and this works, I'm sure custom recovery support for Pixel 7 series devices will gain momentum...

    Takers?
    -----​

    ... FWIW, some modders will experiment/toy with the latest devices / Android versions as soon as they arrive... Others will stay with old tech because of affordability but migrate ASAP... Still others will refrain as long as possible, whether out of nostalgia or for other reasons...

    Similarly, some car drivers will migrate to EVs quickly... Others will when the price point is more agreeable... Still others will refrain as long as possible, and some will hanker for the ICE age with the smell of petrol and the roar of engines long after it's gone!

    Personally, despite not being able to afford a Tesla yet, I think auto makers in general have not moved to new tech nearly fast enough!...I expect them to continue to "enhance" transportation options as time goes on however... And I cannot be unhappy when phone market leaders adapt, innovate and move with the times either...

    Just might be able to get me a 2nd hand P7Pro now that the P8's in the wind, and wire a fast-charge outlet into the dash of the ol Ford Perfect... 😜 PW
    View
    7
    shoey63
    shoey63
    osm0sis said:
    @zgfg can you change the contents of /data/adb/modules/adb-ndk/system/bin/adb to:
    Code: 
    #!/system/bin/sh
# adb: wrapper to run adb from terminal
# osm0sis @ xda-developers

dir="$(cd "$(dirname "$0")"; pwd)";

export HOME=/sdcard;
export TMPDIR=/data/local/tmp;
start adbd && $dir/adb.bin "$@";

    And see if all still works as expected?
    Click to expand...
    Click to collapse
    @zgfg is busy so I tried it.
    Rog3 > Pixel 6
    Screenshot_20230827-104333_1.jpg
    Changes work perfectly 🤓
    View
    7
    osm0sis
    osm0sis
    Update on the ONDK regression causing all 32bit devices to fail after Magisk 26.2:

    All 32-bit arm static executables segmentation fault after commit 41226c1 · Issue #7264 · topjohnwu/Magisk

    Device: Galaxy Tab 4 10.1" LTE (matisselte)...
    github.com github.com

    https://twitter.com/i/web/status/1697453423158075645
    https://twitter.com/i/web/status/1697461838945071264


    Edit:

    And patched!

    Update to ONDK r26.0 · topjohnwu/Magisk@be50f17

    Close #7264
    github.com github.com
    View
  • 1100
    T
    topjohnwu
    This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases.
    All information, including troubleshoot guides and notes, are in the Announcement Thread
    View
    156
    T
    topjohnwu
    Hello, I haven't given much support on XDA lately. It can be resulted from
    • University started and I have limited free time. In fact, I mostly develop during midnight
    • I live in Taiwan, which has large time zone differences between my European/American contributors/testers, which usually forces me to stay up late at night to discuss/test stuffs.
    • The new version is about to come, I don't want to spend effort on supporting old releases
    The planned update is delayed again and again, to some point I think I'll shed some light about what has been happening lately, also along with some announcements.

    New Forum!
    As you might have already discovered, Magisk got its own subforum on XDA! Many thanks to all the support you gave me, and much more information/features/support is about to come!
    **For developers supporting all the devices that are not using standard Android boot format, feel free to create threads in this section (actually, PLEASE do so) for your favorite devices after v7 is out. As I currently know, Asus devices require signing the boot image before flashing, and is model dependant; Sony devices seems to use ELF kernel that is unpatchable, or some has two ramdisks (inner + outer), both requires different workarounds; LG bootloader locked devices has to manually "BUMP" the boot image after flashing Magisk..... and there may be lots of other crazy boot image formats that haven't come up to my attention yet.
    It is impossible for me to support all these non-standard boot images, and I hope the community can collaborate to make Magisk running across all the devices. Overall, community collaboration is what XDA about :D

    The Pixel Phone
    Some of you might already know this news, that the next Pixel Phone right around the corner seems like it does not have ramdisk in boot image, which pretty much wrecked Magisk in all ways. However, it pretty much doomed root itself too. Kernel modifications is inevitable IMO, so I'll try to migrate my scripts to C programs that could possibly be included into the kernel itself. Note that I'm not familiar with linux kernel, I'm not even sure if my idea and concept is correct or not. But once the device is available, I think developers will find a way to bypass all the difficulties, and I'll do my best to learn things ;)

    Current Progress
    In the past month, I've spent quite some time learning SELinux, so that I can avoid using SuperSU's sepolicy patches. Thanks to the helps and tips from @phhusson and @Chainfire, I finally have a much clearer understanding of how SELinux works. The Magisk core parts (the scripts, boot image patches, new features, more supports) are actually done some time ago. What is causing all the delays is the Magisk Manager.
    To be completely honest, although I can code in Java without much issues, Magisk Manager is actually my first Android application, I had to reach out for assistance, and fortunately awesome developers like @DVDandroid and @digitalhigh contributed a lot, which makes the current Manager awesome.
    After the repo system and module management is mostly done, I was about to do some adjustments and release, but what we really done is decided to add another feature: auto-unroot with per-app settings. I decided to wait for it to be finished, and then do my adjustments. Due to reasons that'll be mentioned later, this feature will likely not be available for the next release (should come in future updates)

    Safety Net Disaster
    Those who are using Magisk for Safety Net bypass purposes must have known that Google recently updated the detection method of my Systemless Xposed. I still have no idea what Safety Net is detecting, so currently I cannot fix it on my side (also because I'm busy working on the next update). However, suhide developed by @Chainfire is able to hide Xposed and worked fine.
    However, only my Systemless Xposed v86.2, which is based on SuperSU's su.d, is supported using that method. v86.2 and v86.5 (latest, Magisk based) have nearly identical binaries, and the only difference is the path where the binaries are stored.
    I'm still not sure what's the real issue for it not being supported, I just hope it is not done intentionally.

    Conclusion
    Due to the fact that my Safety Net bypass is not 100% perfect now, I do not want to spend any more time waiting for auto-unroot to be polished. What I'm doing now is finishing up all the things I'd like to change in Magisk Manager (it has been a while since I last contributed to Manager, my fellow developers are doing all the heavy job), which might take a little more time, after that, packed with tons of information to be announced in Magisk Section, I'll release the long awaited update.

    Hope this lengthy post gives you the idea of the whole situation, and again thanks for all your support!!
    View
    121
    Chainfire
    Chainfire
    Ah, some Chainfire bashing, I hope it is not too late for me to exercise additional villainy.

    First, let me make clear I have nothing against @topjohnwu, nor against Magisk. Magisk is an interesting project and it certainly displays @topjohnwu ingenuity and persistence. I don't doubt we will see more interesting things from his hands.

    -------------------------

    What has happened here is not all that dark and complicated, from either end. I returned from holidays, and someone pointed me at Magisk. My first thought: interesting!

    Among other things, the thread lists some issues with SuperSU, which in combination with the phrase The developer also requests users to not bug Chainfire with compatibility requests for SuperSU with Magisk from the portal article, raised my left eyebrow by nigh half an inch. The popular systemless xposed mod is apparently now based on it, and apparently it now no longer works with SuperSU, and apparently I'm not supposed to fix that, nor any of the other found issues. I found that a bit weird. So yes, I have told @topjohnwu that I was a bit surprised he was posting about issues with SuperSU without notifying me about them (I can't fix or help fix issues I'm not aware of, after all).

    He's also spreading a modified version of the SuperSU package, which is not all that uncommon, nor necessarily a problem. I have not looked into what he modified, I only ran a few quick tests on one of my devices, and found some commonly used commands run as root to be broken. I have informed him of this as well.

    It appears the tool of choice for Magisk is phh's Superuser, because of some of the mentioned issues with SuperSU. That's fine by itself, but fixing issues in that superuser by incorporating SuperSU's binaries into it is a somewhat questionable practise. After all, SuperSU is a commercial closed-source package that helps pay for my dinner, and superuser is a direct competitor. I have informed him that I was surprised he did this without asking for permission. I have expressed similar surprise on him spreading a modified version of LiveBoot (which helps pay for a snack now and then).
    @topjohnwu has also stated that Magisk's scripts are largely influenced by mine (I have not checked). Scripts based on mine are used all over the place on XDA, some people have crafted amazing things based on them, I have never made an issue of this (otherwise I would have just made them binaries). But yes, I have also stated to him that I don't think it's very nice to base something on one program, and then using that to (almost exclusively) push something directly competing with that program.

    tl;dr Towards @topjohnwu, I have:
    - expressed surprise he has issues getting Magisk to work with SuperSU, and has chosen not to inform me about those
    - expressed surprise he is using SuperSU binaries in a competing superuser without permission
    - expressed surprise he is posting a modified LiveBoot without permission
    - informed him of issues with the modified SuperSU he has posted
    - let him know I thought it wasn't very nice to be applying my scripts to benefit seemingly exclusively that same competing superuser

    To be crystal clear:
    - I have not asked for an apology
    - I have not asked for Magisk to be abandoned, neither the root hiding nor systemless module parts, and certainly not systemless xposed
    - I have not made an issue of any of this anywhere, until this post
    - I have not even specifically asked for anything to be taken down (though obviously in my opinion the other superuser package mixed with SuperSU's binaries, as well as the LiveBoot package, should go)
    - I have not reported this thread to XDA moderators for copyright violations or otherwise

    While my conversation with @topjohnwu may not win any awards for being friendly (though it may win some for brevity), I think all things considered my response has been rather mild. To be perfectly honest, until the apology post, I thought this was over with already. I think the apology post was triggered because I haven't replied to his last PM for a while - I was in the zone, it happens.

    To emphasize again, I have nothing against @topjohnwu, Magisk, or systemless xposed, and it is certainly not my goal to see any of them go. If it can be made to work together with SuperSU, great.

    I get it though: you think of something, you want to see if you can make it work, you finally get it to work, you publish it, it takes off - enthusiasm gets the better of you. Maybe in the rush some mistakes are made. That doesn't mean you have to just drop it and run. None of my stuff would make it past 0.1 if I stopped at the first big mistake :)

    Aside from said being in the zone coding, I usually regret actually responding to these sort of things the day after, which has made me hesitant to reply. Surprise me.
    View
    76
    nathanchance
    nathanchance
    Thread temporarily closed so everyone sees this.

    The flood of "SafetyNet isn't working for me either!" posts are not helpful, at all. Please refrain from posting further, it will be looked into. Please do not forget that not passing SafetyNet is 100% NORMAL AND INTENDED when you have an unlocked booloader or running custom firmware. These are workarounds and they will be worked around in turn.

    The Flash
    Forum Moderator

    EDIT: Thread is reopened... I will be cleaning any SafetyNet posts for a while to keep the thread clean for real issues.
    View
    75
    T
    topjohnwu
    Hello everyone!

    I am aware that Google has updated Safety Net that makes Magisk itself a no go for Android Pay. In fact, I witnessed the change live while I am developing the new magiskhide, which should hide all Magisk modules and Magisk installed root.

    Google is serious about Safety Net now, clearly hunting down all possibility to run Xposed with Safety Net passed. I spend quite some time examining the new security measures last midnight, and fortunately it seems that it is possible to run Magisk and root along with Safety Net if no Xposed is running. I'm glad I removed the old root toggle at the right time lol, that is no longer feasible with the latest detection.

    So stay tuned for the next update, it will come with bug fixes, along with the new magiskhide to bypass that Safety Net.

    Google, how will a few systemless mods do any harm :p:p
    View

New posts