Magisk on G7 Play XT1952-4 Installed Succesfully

[garha]

I've done work for the Motorola Triumph, LG Tribute, ZTE Awe, Moto G3, Galaxy J7 Perx, Moto G6 Play, Galaxy A20, Moto E6, & Moto G7 Play. My thoughts are living as 1's and 0's spread out across thousands of devices. And not a soul who owns them, has any idea who I am. It's a very weird thing to me. I'm not even sure why I do any of it to be honest. Sometimes I leave jokes inside of scripts or lines of code, because most people will never read them, and that's the biggest joke of it all.

well ill find them dont worry mate!

For sure. A lot of people take what they have for granted and don't really think about the people who put in the work to make it happen. If it means anything, I'm relatively new to this scene (real talk, I'm only here because I managed to get the tmo revvlry for free. First android device I've had since my tmo g2 on gingerbread lol) and already know who you are. So there's one person for ya haha. And this might be a dumb question, but is your work open source and on a repo somewhere? I'm currently still in school atm but would like to take a look just out of curiosity when I'm more free in a month-ish

 

[Spaceminer]

For sure. A lot of people take what they have for granted and don't really think about the people who put in the work to make it happen. If it means anything, I'm relatively new to this scene (real talk, I'm only here because I managed to get the tmo revvlry for free. First android device I've had since my tmo g2 on gingerbread lol) and already know who you are. So there's one person for ya haha. And this might be a dumb question, but is your work open source and on a repo somewhere? I'm currently still in school atm but would like to take a look just out of curiosity when I'm more free in a month-ish

To be honest, I know almost nothing about GitHub except how to track down files and pull sources. I'm just good at fixing broken things, finding loop holes, and cobbling together things that will work.

Anything that I put up can be modified and redistributed by anyone at their discretion. If anything doesn't have a source, it's either original work, or it just never had one to begin with. (Ex. Ported twrps.) In the case of ports, I try to give the original author credit, and provide a history, because sometimes ports, are "ports of ports".

 

[garha]

To be honest, I know almost nothing about GitHub except how to track down files and pull sources. I'm just good at fixing broken things, finding loop holes, and cobbling together things that will work.

Anything that I put up can be modified and redistributed by anyone at their discretion. If anything doesn't have a source, it's either original work, or it just never had one to begin with. (Ex. Ported twrps.) In the case of ports, I try to give the original author credit, and provide a history, because sometimes ports, are "ports of ports".

Gotcha gotcha. Dw git isn't too bad to learn haha. I'm sure you can get it if you're interested. I guess I just wonder how posts like this and this find your work so easily.

 

[muhahsan2004]

Not Booting from Recovery Mode _ (Magisk Root lost)

Hellow every one! I had Moto G7 Play XT-1952-2 Magisk rooted and used rooted for last few months. I recently installed new Magisk Module and my phone didn't bootup using Recovery Mode. It shows the Moto logo and then came back to fastboot screen. When I start the phone from fastboot mode (Start) menu. It boots up with no root. I thought that Magisk root lost.

So I flashed the stock rom back and repeat the process for gaining Magisk root (extract boot.img - patched boot.img using Magisk Manager - flashed the patched_boot.img using fastboot). But when I strated phone from Recovery Mode, it didn't boot and screen shows No Command with android logo. I restart the phone and it boots up normally with no root.

I want to gain Root using magisk, what should I do now?

 

[00p513]

For sure. A lot of people take what they have for granted and don't really think about the people who put in the work to make it happen. If it means anything, I'm relatively new to this scene (real talk, I'm only here because I managed to get the tmo revvlry for free. First android device I've had since my tmo g2 on gingerbread lol) and already know who you are. So there's one person for ya haha. And this might be a dumb question, but is your work open source and on a repo somewhere? I'm currently still in school atm but would like to take a look just out of curiosity when I'm more free in a month-ish

Not sure who you were asking about open source but mine is. 00p513dev on github

 

[cheeseismes]

is it possible to change the firm ware i am very confused??????

 

[Spaceminer]

is it possible to change the firm ware i am very confused??????

Usually, yes. What are you trying to achieve? I'm sure we can help you out.

 

[PoochyX]

is it possible to change the firm ware i am very confused??????

As long as your boot loader is unlocked

([emoji88]Chaos GSI[emoji88])

 

[bcpux]

Hellow every one! I had Moto G7 Play XT-1952-2 Magisk rooted and used rooted for last few months. I recently installed new Magisk Module and my phone didn't bootup using Recovery Mode. It shows the Moto logo and then came back to fastboot screen. When I start the phone from fastboot mode (Start) menu. It boots up with no root. I thought that Magisk root lost.

So I flashed the stock rom back and repeat the process for gaining Magisk root (extract boot.img - patched boot.img using Magisk Manager - flashed the patched_boot.img using fastboot). But when I strated phone from Recovery Mode, it didn't boot and screen shows No Command with android logo. I restart the phone and it boots up normally with no root.

I want to gain Root using magisk, what should I do now?

Has anyone gotten it working since this post? I'v trying to get a XT1952-4 rooted, and having no luck. The older APK for Magisk Manager shows installed with no internet, and auto-updates when you click Install for Magisk. The new version doesn't have the advanced options (specifically the Recovery Mode option). I think that's where it's not working anymore. The patching of the stock boot.img seems to go fine, as well as the flashing via fastboot. It just always says it's not installed, and goes back to patching the boot or downloading the zip again in a loop if you click install.
Booting to Recovery gives No Command, and nothing with Power+Vol Up helps.

Anyone have any suggestions or ideas? I've been beating my head against a wall trying the same things over and over again with minor changes, maybe I'm doing something stupid at this point.
Edit: Had an idea. I used an old Magisk and Magisk manager, created a custom channel, and pointed it there. It works! Super hack-y but it's working for now, and I was able to run Network Signal Guru which requires root. Something happened in later version of magisk manager/magisk that broke it for this phone. I might play around with trying to update at some point, but not right now.

 

[theburrus1]

Has anyone gotten it working since this post? I'v trying to get a XT1952-4 rooted, and having no luck. The older APK for Magisk Manager shows installed with no internet, and auto-updates when you click Install for Magisk. The new version doesn't have the advanced options (specifically the Recovery Mode option). I think that's where it's not working anymore. The patching of the stock boot.img seems to go fine, as well as the flashing via fastboot. It just always says it's not installed, and goes back to patching the boot or downloading the zip again in a loop if you click install.
Booting to Recovery gives No Command, and nothing with Power+Vol Up helps.

Anyone have any suggestions or ideas? I've been beating my head against a wall trying the same things over and over again with minor changes, maybe I'm doing something stupid at this point.
Edit: Had an idea. I used an old Magisk and Magisk manager, created a custom channel, and pointed it there. It works! Super hack-y but it's working for now, and I was able to run Network Signal Guru which requires root. Something happened in later version of magisk manager/magisk that broke it for this phone. I might play around with trying to update at some point, but not right now.

I am having this exact same problem. I had updated my firmware to the August build QPYS30.85-18-3 and since doing this, Magisk will not cooperate. Fastboot flashing the patched image appears at first to work but only has a boot loop then gives an error saying my data may be corrupt and to try booting again or factory reset.

And yes the update to Magisk does not have the recovery option which is where the problem may be.

Any help from anyone appreciated.

 

[chami_bc]

edit nevermind got it to work

How did you get it to work? I just got that "no command" when I went to Recovery

 

[PreciousChaos]

Responsibility

You may not want to take responsibility if we brick our phones following your instructions, and I take responsibility for the risks of trying to root a phone in the first place and, for the first time, bricking my phone. However, in the same respect, you SHOULD take responsibility for putting out incomplete instructions that, if followed to the letter, WILL BRICK OUR PHONES! It's terribly irresponsible to omit those couple crucial steps in this process!

 

[wolf45801]

Is there any way to get magisk installed so you don't have to boot to recovery to have root?

 

[pbarrette]

I've looked into the issue deeper than I wanted to.

It appears that the Kernel's zImage in our boot.img has a somewhat non-standard header and footer that bound the actual compressed kernel.
Because of this, the Magisk patch process fails to update the kernel parameters from "skip_initramfs" to "want_initramfs", which is causing the system to boot directly into the normal system.

Additionally, it looks like the newer install logic is trying to automatically determine if there's a ramdisk image. We have one, so it uses the standard method instead of the "Recovery" method, even though, when Magisk is active, it reports "Ramdisk: No".

I've created a ticket in the Magisk github regarding the issue:
https://github.com/topjohnwu/Magisk/issues/3529

Maybe we can get this fixed.

 

[pbarrette]

So ... I dug a bit deeper into what was going on.

It turns out that because our device is 32bit, it uses an older kernel zImage format despite using A/B partitions and newer the Two-Stage-Init, System-As-Root boot process.

That zImage format looks like: "Header" -> "zImage" -> "Footer"

The header consists of a binary loader that is used to both decompress the gzip'ed image and boot the kernel, as well as a listing of offsets within the file to other important bits like the signature and Device Tree Blob, or (DTB).

Once you decompress the actual zImage and patch it, there's no guarantee that it will re-compress back down to the exact size of the previous one.
If it's not the same size, then all the offsets to the other bits of the boot image get out of sync.
On top of that, topjohnwu says that it's too difficult to generically fix up the offsets across all the phones that might use this scheme, so he's not going to fix it.

Apparently, someone put in a bug report for the G7 Play before, and that was closed over a year ago for basically the same reason.

So I decided, why not try to get the re-compressed zImage to exactly match the original and see what happens.

To do this I used:
Android Image Kitchen by @osm0sis
A capable hex editor
7zip

I started by unpacking the boot.img with AIK.
I then used my hex editor to extract the gzip'ed kernel.

You can usually recognize a gzip file because it starts with 0x1F8B08.
Finding the end of the gzip file is a bit more tricky, since AFAIK, they don't all end the same way. You could likely parse the offset out of the gzip header, but for me it was just faster to look for a likely end of the file, extract to that point, then test it with 7zip. Once you get no errors out of 7zip, you've found the end.

Now you can extract the actual compressed kernel and search for "skip_initramfs" and replace it with "want_initramfs".

Then use gzzip.exe from the AIK to compress it back down using "gzip.exe -9 -n cKernel" and check its file size.
If it's an exact match, you're almost done. If not, we're going to have to do some more work.

Gzip is fairly consistent. So if you're only a few bytes off, you'll need to change a few things in your uncompressed kernel that don't really matter. Datetime stamps are good for that, because nobody really cares exactly what time it was compiled. So, since I was only 1 byte short of an exact match, I added some complexity to the timestamp, so now it reads "Tue Sep 29 19:59:49 CDT 2020". If you need less bytes, try reducing the complexity of the timestamp, like "Tue Sep 29 00:00:01 CDT 2020" instead.

Now that we've got a re-compressed kernel, insert it back into the zImage file, replacing the existing one.
When that's done, we re-pack the boot image using AIK with: repackimg.bat --original

The "original" option just means "don't rebuild the ramdisk". Since we didn't change it, we don't need to.
Now you can use Magisk Manager to build the image using the "recovery" option against your newly packed image.
Then do a "fastboot flash boot magisk_patched.img" and reboot normally.

If that seems like a bit of work; It is. So I can understand why it would be difficult to implement directly into Magisk.
That said, I'll follow the ticket I put in and see why it's not at least generating an error.
This is especially problematic considering that the option to force Recovery Mode seems to now be missing if a ramdisk is detected.

If all this seems outside your comfort zone or skill level, I get that too.
That's why I did the work and saved you the trouble:
https://androidfilehost.com/?fid=10763459528675594222

This boot image is from RETUS_10_QPYS30.85-23-3 and is pre-flashed with Magisk 21.1
It may work on other variants with patch level 2020-10-01, but I can't guarantee that.
Worst case, just re-flash your already working "Recovery Mode" patched image.

Once flashed (if it works for your variant), Magisk will be active on a normal reboot.
Unfortunately, it also overrides the Moto Recovery mode, so you probably shouldn't take an OTA with it.

Note that I will likely not be updating these images, as my primary phone is a Pixel 5.
This is why I have outlined the steps required to reproduce the work.

 

[M47Z]

Thanks for all your work! Trying to reproduce this for RETAIL_10_QPYS30.52-22-9. Just one question though:

Now you can use Magisk Manager to build the image using the "recovery" option against your newly packed image.

You are doing this with latest stable magisk manager or a different/older version? Where would the "recovery" option show up in the new ui? Would be awesome if you could explain that step more in detail!

 

[pbarrette]

Hi @M47Z

I'm using Magisk Manager v7.5.1 and manually selecting "Recovery" in the options. The ability to manually select this was removed from the v8+ versions of MM.

The downside to this is that you may need to create a custom Magisk update channel JSON and point MM to that custom feed. Otherwise, you may be forced to update MM to a version that doesn't support manual "recovery" selection before you can install Magisk to the boot image.

I'm using the custom channel found here, which specifies MM v7.5.1 and Magisk v21.1.

Topjohnwu says he has fixed the issue in the canary builds now and has closed out my github issue, so it may work with that version, but I just got back from vacation and haven't been able to test yet. Bear in mind that "fixed" means it may only work in recovery mode, or may not work at all.

He didn't say what the expected resolution was. If the kernel needs to be patched to work in normal boot mode, then it'll still probably be broken because I assume he's not unpacking, patching, and repacking the kernel gz bits.

 

[M47Z]

@pbarrette thanks for the help, I think I'm getting somewhere... Not even at the magisk patching step yet, but we'll get there! One question left: Is it normal that the new boot.img is way smaller? Original is around 32MB, new image only 17MB... No matter what compression level. Sounds too much difference to just be better compression right? Even if I just do "unpackimg.bat boot.img" and then "repackimg.bat --original", the size difference is the same. Even though I changed nothing. So for now I used "--origsize" to pad it up to default size... But your image is also just 17MB so maybe I'm just paranoid.

THIS IS UNTESTED AND MIGHT NOT WORK:
Stock rom used: CHANNEL_RETAIL_10_QPYS30.52-22-12_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip (download here)
Download patched boot.img here. Or the unpadded version here, not sure if it makes a difference. Keep in mind: this is not already patched with Magisk, but just ready for patching with Magisk as described by pbarrette in the post before this one.

I don't have the device currently, so can not try it out myself. If someone tries it, let me know if it works! I will update this post as soon as I know if this works or not.

 

[pbarrette]

Hi @M47Z,

Your patched boot images work just fine.

I was able to use the latest Magisk Manager (8.0.6) to install the latest version of Magisk (21.3) to your patched boot image. This created a 17.2MB boot image with Magisk installed.

I flashed that image with "fastboot flash boot magisk_patched.img" and rebooted normally.

This results in Magisk Manager recognizing that Magisk is installed and root functions working correctly.