Related
Hello everybody,
I created a tool for the nexus 9 that gets rid of the ForceEncrypt flag in a generic way (meaning it should work no matter what rom you are on). It does that by patching the currently installed boot.img.
Background
The Android CDD (Compatibility Definition Document) suggests that all devices SHOULD enable full disk-encryption (FDE) by default. Even though I support every step towards more security I have to criticize this approach. FDE comes at a price. Encryption takes time because some component has to de- and encrypt the stuff on the disk at some point and in the case of the nexus 9 (aka flounder) it's the CPU's task. Even though the nexus 9's CPU has 2 pretty fast cores you can still easily feel the difference between FDE in the on- or off-state. The I/O is faster and boot-times take only half as long. (I did not do any measurements)
There is an ongoing discussion about this topic in cyanogenmod's gerrit. Although it's a fun read it is pretty clear that this exchange of views is not going anywhere near a useful outcome.
Because performance is important to me and my tablet does not need the extra security I created the FED-Patcher (ForceEncrypt Disable Patcher)
How does it work?
FED-Patcher is a simple flashable ZIP that is supposed to be run in a recovery that has busybox integrated (like TWRP or CWM). This is what it does:
Checks if your device is compatible
Dumps the currently installed boot.img.
Unpacks the dump of your currently installed boot.img. The unpacking process is done via a self-compiled, statically linked version of unmkbootimg.
It patches the filesystem tables which include the force-encrypt flags. This process will change "forceencrypt" to "encryptable".
Then it patches the filesystem tables to not use dm-verity. This is done by removing the "verify" mount-parameter.
Creates a new boot.img. The unpacking process is done via a self-compiled, statically linked version of mkbootimg.
Flashes the modified boot.img
Supported devices
HTC Nexus 9 WiFi (flounder)
HTC Nexus 9 LTE (flounder_lte)
Motorola Nexus 6 (shamu)
Version History
v1 - Initial version with HTC Nexus 9 WiFi (flounder) support
v2 - Added Motorola Nexus 6 (shamu) support
v3 - Added support for HTC Nexus 9 LTE (flounder_lte)
v4 - Added support for signed boot-images
v5 - Changed error handling to compensate for missing fstab files. Some roms seem not to ship with the complete set of boot-files from AOSP.
v6 - FED-Patcher will enforce the same structure for the patched boot.img that the original boot.img had. Additionally, the kernel commandline will also be taken over. This should fix pretty much every case where devices would not boot after patching.
v7 - FED-Patcher will now disable dm-verity in fstab to get rid of the red error sign on marshmallow roms.
What do I need to make this work?
A supported device (Your nexus 9)
An unlocked bootloader
An already installed ROM with forceencrypt flag. (like cyanogenmod CM12.1)
A recovery that includes busybox (TWRP, CWM)
How do I use it?
Make a thorough, conservative backup of your data if there is any on your device
Go into your recovery (TWRP, CWM)
Flash fed_patcher-signed.zip
If your device is already encrypted (You booted your ROM at least once) you need to do a full wipe to get rid of the encryption. This full wipe will clear all your data on your data-partition (where your apps as well as their settings are stored) as well as on your internal storage so please, do a backup before. If you don't do a backup and want to restore your data... well... Call obama.
How do I know if it worked?
Go into your "Settings"-App. In "Security", if it offers you to encrypt your device it is unencrypted. If it says something like "Device is encrypted" it indeed is encrypted.
IMPORTANT: If you update your ROM you have to run FED-Patcher again because ROM-updates also update the boot-partition which effectively removes my patch. So, if you are on CM12.1 for example and you used my patch and do an update to a newer nightly you have to run FED-Patcher again. If you don't do so Android will encrypt your device at the first boot.
Is it dangerous?
Well, I implemented tons of checks that prevent pretty much anything bad from happening. But, of course, we're dealing with the boot-partition here. Even though I tested FED-Patcher quite a lot there is still room for crap hitting the fan.
Screenshot
Scroll down to the attached thumbnails.
Credits
* pbatard for making (un)mkbootimg (dunno if he is on xda)
* @rovo89 for his xposed framework - I used some of his ideas by reading the source of his xposed installer flashable ZIP for FED-Patcher.
Thanks for creating this! In theory, would this work for the Nexus 6 as well? It would seem like it's a similar process.
itlnstln said:
Thanks for creating this! In theory, would this work for the Nexus 6 as well? It would seem like it's a similar process.
Click to expand...
Click to collapse
Hey there,
yes, it would probably work because the process itself is pretty generic. The only real difference between devices is the device-path for the boot-partition as well as the path(s) for the fstab-file(s) inside the boot.img. Nothing that cannot be done - but I don't have a device for testing. If you feel adventurous I can do a nexus6 (shamu) version for you for testing. I will double check so it should not eff up your device .
EDIT: Not to forget, the nexus 9 is a 64bit device. mkbootimg as well as unmkbootimg are compiled for 64bit. I have to rebuild those two programs for 32bit to make them work for 32bit devices.
If you have time for a N6 build, that would be great. If not, it's not a big deal since there seems to be more support for that device.
itlnstln said:
If you have time for a N6 build, that would be great. If not, it's not a big deal since there seems to be more support for that device.
Click to expand...
Click to collapse
Well, it's pretty much done. Do you want to test a version that does not actually flash anything but do everything else - just to see if it works correctly?
Absolutely!
itlnstln said:
Absolutely!
Click to expand...
Click to collapse
Alright, here you go!
If no error occurs there will be the already modified boot.img file in your temp-directory of your nexus 6. You can send me this file to be completely sure that everything went according to plan. Here is the adb-command:
Code:
adb pull /tmp/fed_patcher/boot-new.img
If all goes well I will upload the new version with nexus 6 (shamu) support tomorrow.
Good night!
gladiac said:
Alright, here you go!
If no error occurs there will be the already modified boot.img file in your temp-directory of your nexus 6. You can send me this file to be completely sure that everything went according to plan. Here is the adb-command:
Code:
adb pull /tmp/fed_patcher/boot-new.img
If all goes well I will upload the new version with nexus 6 (shamu) support tomorrow.
Good night!
Click to expand...
Click to collapse
Thanks! It seemed to work OK. Here's the boot image.
itlnstln said:
Thanks! It seemed to work OK. Here's the boot image.
Click to expand...
Click to collapse
Thanks for your help! I just updated the flashable ZIP in the first post. Enjoy
gladiac said:
Thanks for your help! I just updated the flashable ZIP in the first post. Enjoy
Click to expand...
Click to collapse
You're the best! Thanks!
I noticed in op it says "4 pretty fast cores". This puppy only has 2 cores. Just throwing it out there for readers that don't know. I'm sure it was just a minor oversight.
Sent from my Nexus 9
madbat99 said:
I noticed in op it says "4 pretty fast cores". This puppy only has 2 cores. Just throwing it out there for readers that don't know. I'm sure it was just a minor oversight.
Sent from my Nexus 9
Click to expand...
Click to collapse
Hi,
you are right, thanks. I just fixed the text in the op.
Hey everybody,
I will enable support for the Nexus 9 LTE (flounder_lte) this afternoon in FED-Pather v3. If you want other devices to be supported please tell me. Is there a list of android devices that have forced encryption?
So this works great, leaving device unencrypted. But anyone having issues with apps crashing? Most especially Google Play Services?
femmyade2001 said:
So this works great, leaving device unencrypted. But anyone having issues with apps crashing? Most especially Google Play Services?
Click to expand...
Click to collapse
This problem is new to me. My patch only modifies the boot-image so that it does not enforce encryption. It is merely a flag in fstab that gets changed and should not have anything to do with crashing apps. Anyway, do you have a logcat?
Hey everybody,
v3 is here with HTC Nexus 9 LTE (flounder_lte) support!
Enjoy
I'm getting an error with my N9 (WiFi). When I try flashing in TWRP, it throws this error:
! Unpacking failed
=> unmkbootimg return value: 0
E: Error executing updater binary in zip...
All I did was go into fastboot, flash the updated image for LMY48M, then go into TWRP to flash the fix. I even went back into fastboot to try re-flashing the boot.img.
itlnstln said:
I'm getting an error with my N9 (WiFi). When I try flashing in TWRP, it throws this error:
! Unpacking failed
=> unmkbootimg return value: 0
E: Error executing updater binary in zip...
All I did was go into fastboot, flash the updated image for LMY48M, then go into TWRP to flash the fix. I even went back into fastboot to try re-flashing the boot.img.
Click to expand...
Click to collapse
Hi, sorry to hear that. I will have a look into the boot.img that gets shipped with LMY48M. Not sure what is going on here.
itlnstln said:
I'm getting an error with my N9 (WiFi). When I try flashing in TWRP, it throws this error:
! Unpacking failed
=> unmkbootimg return value: 0
E: Error executing updater binary in zip...
All I did was go into fastboot, flash the updated image for LMY48M, then go into TWRP to flash the fix. I even went back into fastboot to try re-flashing the boot.img.
Click to expand...
Click to collapse
Alright - unmkbootimg fails because the boot.img that google ships has 256 Bytes of extra data (it is probably signed or something) at the beginning. If you strip that off it works correctly:
Code:
dd if=boot.img of=boot-stripped.img bs=256 skip=1
Well, this was unexpected. But nothing that cannot be dealt with. I will make my flashable ZIP search for the offset of the boot.img-signature inside the dumped boot.img and strip of the preceding data. The rest of the process should work as usual.
itlnstln said:
I'm getting an error with my N9 (WiFi). When I try flashing in TWRP, it throws this error:
! Unpacking failed
=> unmkbootimg return value: 0
E: Error executing updater binary in zip...
All I did was go into fastboot, flash the updated image for LMY48M, then go into TWRP to flash the fix. I even went back into fastboot to try re-flashing the boot.img.
Click to expand...
Click to collapse
Hi @itlnstln,
I just made a new version which should do the trick. I tested the new functionality to the best of my knowledge. If the script fails for some reason it wont flash anything - so the probability for actual damage is very low. Do you feel adventurous xD?
Please tell me if it worked for you or not.
Hello everyone. I have a problem.
I'm building AOSP 8.0.0_r11 for Pixel XL and when I flash the result zip I'm getting a bootloop.
How am I building?
1) Select java 1.8
2) cd AOSP_8.0
3) source build/ensetup.sh
4) lunch aosp_marlin-userdebug
5) make -j9 updatepackage
6) wait a couple of hours
7) PROFIT
I know the ROM needs vendor blobs, I have them downloaded, extracted and extracted from .sh files.
How does the bootloop look?
Power On->Message about unlocked bootloader->0.5 second of white screen with Android on it-> reboot->repeat.
How do I flash the ROM?
I tried:
1) fastboot update -w aosp_marlin-img-eng.user.zip
and
2) extracted everything from zip and fastboot flash --slot _a PARTITION IMG_FILE
What am I doing wrong? Did anyone have success in building AOSP for this phone?
Did you "make clobber" after installing the drivers? If not, run it then try your make command again.
Alternatively, try "make otapackage" instead of "updatepackage" and then flash it in fastboot.
Also, why are you using the -j9 parameter?
noidea24 said:
Did you "make clobber" after installing the drivers? If not, run it then try your make command again.
Alternatively, try "make otapackage" instead of "updatepackage" and then flash it in fastboot.
Also, why are you using the -j9 parameter?
Click to expand...
Click to collapse
I did "make clobber". It just removes the build directory like "make clean". And this step is redundant if you never built the system before (with or without binaries).
Why make -j9? Because it shows better performance than just make. I know the build system should get the cores number and set the number of build threads, but for some reasons it doesn't do it very well.
P.S. I tried to "make" without -j9 and it is MUCH slower than with -j9.
Are you using the most updated fastboot and adb and sure your computer's variables aren't using an older one also? That was my issue when flashing Oreo.
buru898 said:
Are you using the most updated fastboot and adb and sure your computer's variables aren't using an older one also? That was my issue when flashing Oreo.
Click to expand...
Click to collapse
I'm using those that come with Android Studio 2.3.3 updated to latest versions of all components. That's not the problem with slots support - everything flashes without errors.
Slavon-93 said:
Hello everyone. I have a problem.
I'm building AOSP 8.0.0_r11 for Pixel XL and when I flash the result zip I'm getting a bootloop.
How am I building?
1) Select java 1.8
2) cd AOSP_8.0
3) source build/ensetup.sh
4) lunch aosp_marlin-userdebug
5) make -j9 updatepackage
6) wait a couple of hours
7) PROFIT
I know the ROM needs vendor blobs, I have them downloaded, extracted and extracted from .sh files.
How does the bootloop look?
Power On->Message about unlocked bootloader->0.5 second of white screen with Android on it-> reboot->repeat.
How do I flash the ROM?
I tried:
1) fastboot update -w aosp_marlin-img-eng.user.zip
and
2) extracted everything from zip and fastboot flash --slot _a PARTITION IMG_FILE
What am I doing wrong? Did anyone have success in building AOSP for this phone?
Click to expand...
Click to collapse
More than those blobs are necessary. Look at a invisibleks marlin lineageos device tree to get an idea of what files need to extracted and put in vendor.
Make clobber also cleans out configuration files, in case some of them had been created before the drivers/binaries have been extracted. Speaking of binaries again, did you install the Qualcomm ones?
My build environment is a i7 3770, with 8gb ram, and two blues in raid 0. To get my build compiled correctly, I had to disable ninja and I used -j8.
******
Tomorrow, I'll run a update and build Oreo on my machine from a clean directory and I'll get back with times before end after ccache is filled.
npjohnson said:
More than those blobs are necessary. Look at a invisibleks marlin lineageos device tree to get an idea of what files need to extracted and put in vendor.
Click to expand...
Click to collapse
Well, I don't know about Pixel, but when I had some experience in building AOSP for Nexus 5, Nexus 6, Nexus 9, binaries from Google and Qualcomm were a required minimum to get system booted. And if I wanted to get rid of some errors in logcat, I had to add some additional libraries, but the system booted and worked.
noidea24 said:
Speaking of binaries again, did you install the Qualcomm ones?
Click to expand...
Click to collapse
Yes, of course. I went to google binaries section, selected marlin 8.0.0 and downloaded two .sh files - one from Google, and the other from Qualcomm. Then I extracted them and got a vendor forder which has google_devices/marlin and qcom/marlin folders inside.
I'm curious to know how your process to flash the rom zip works? I've been sitting on a rom build for days because I can't get Twrp to work properly. Also, if your worried about your blobs/vendors the repos are starting to show up on GitHub.
cjkacz said:
I'm curious to know how your process to flash the rom zip works? I've been sitting on a rom build for days because I can't get Twrp to work properly. Also, if your worried about your blobs/vendors the repos are starting to show up on GitHub.
Click to expand...
Click to collapse
I'm sorry if I misundestood the question. I don't undestand why you should need TWRP because you just get the sources, get the blobs, compile them and get a zip file which can be flashed with fastboot command. So, no TWRP in this process is needed. I still don't know how all these ROM creators make zips for flashing with TWRP...
So I was able to get AOSP booting using the basic steps and blobs provided from the script. Even was able to activate the always on display
Zavon said:
So I was able to get AOSP booting using the basic steps and blobs provided from the script. Even was able to activate the always on display
Click to expand...
Click to collapse
Can you, please, describe in details these things:
1) What Linux did you use for building?
2) What revision of AOSP 8.0.0 did you download?
3) What version of blobs did you use?
4) Did you just download the 2 blobs .sh files to the root of the sources and execute them?
5) What AOSP configuration did you choose for building? (I mean aosp_marlin-userdebug or aosp_marlin_svelte-userdebug or aosp-sailfish-userdebug)
6) What command did you use for building?
7) Did you use ccache?
8) Did you flash Google Factory image of Oreo before flashing AOSP?
9) What command did you use to flash?
Slavon-93 said:
Can you, please, describe in details these things:
1) What Linux did you use for building?
2) What revision of AOSP 8.0.0 did you download?
3) What version of blobs did you use?
4) Did you just download the 2 blobs .sh files to the root of the sources and execute them?
5) What AOSP configuration did you choose for building? (I mean aosp_marlin-userdebug or aosp_marlin_svelte-userdebug or aosp-sailfish-userdebug)
6) What command did you use for building?
7) Did you use ccache?
8) Did you flash Google Factory image of Oreo before flashing AOSP?
9) What command did you use to flash?
Click to expand...
Click to collapse
I'm using a base ubuntu vm I built with 2 cores and 8gb ram. I used r11 if memory serves correct. I used the scripts from google and extracted from the factory image. The configuration I used is 21 (marlin-userdebug). I just used make -j8. Could careless about an update zip. And the factory image was on before I flashed using fastboot.
Side note, I also have ElementalX and SuperSU installed. suhide was giving me issues and I just have to figure out the Gapps (I'm a cop so time is hard to come by). I also enabled always on display but just remembered to enable the burnin protection
Please also read the additional notes in post #2, as they are critical to getting Magisk working.
I decided to do some tinkering around with Magisk, and it actually DOES work on the kindles (at least the 8.9"). The problem is, Magisk's patcher just isolates the ramdisk part of the boot.img and doesn't add the boot signature or other magic back to the image when it's time to reflash the patched boot image. By dd'ing the signature (and other files) back to the image, I can get Magisk to successfully boot.
As part of the working POC (because it's exciting to actually see this!), I've uploaded the patched "Magiskified" boot image (which originally comes from the 20180319 LineageOS 14.1 ROM that was built about a week ago). For reference, this is patched by Magisk v16.0, and the setup is basically the same as the official boot.img makefile directions from CM12.1. (It was the most arbitrary source I found, and I doubt the magic used to create the boot images has changed, so I'm just using that script as a reference.) Try to stick to that ROM if you can - no telling what different ROM versions/variants might do if you're not careful.
I plan on releasing a flashable .zip soon (probably in a month? I have college to work through) to automate the patching process, and possibly even extract the official installer zips to work through Magisk's patching scripts manually so the required boot magic can be patched back into the image before it's ever flashed. (I'll try to take requests to manually patch other ROM boot.imgs if asked to in the meantime though.)
As a friendly reminder, please do NOT flash the official Magisk installer zips or any patched boot images that the app produces as is - they need to be "repatched" with the boot magic, or you'll have to fastboot flash your ROM's boot.img manually because the kindle will hang at the bootloader screen.
Important notes
The official Magisk v16.0 zip must be flashed on first install/reinstall in order to properly construct the environment. Flash the boot image attached in the OP immediately after without rebooting in between, or the image Magisk flashed will prevent the kindle from booting normally without advanced intervention.
SafetyNet does NOT pass the basic integrity OR advanced checks. At least, v16 doesn't. Maybe an earlier Magisk build does - feel free to try it once I get the automated patcher zip up and running.
For now, because you're flashing on LineageOS, you may want to flash the LOS 14.1 arm-based su removal zip from Lineage's downloads site. Verify you're downloading arm and not arm64.
How does one go about patching the boot image thats modified by magisk so it's able to be flashed?
kn0wbodh1 said:
How does one go about patching the boot image thats modified by magisk so it's able to be flashed?
Click to expand...
Click to collapse
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
monster1612 said:
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
Click to expand...
Click to collapse
Thank you very much for the detailed instructions. I'll be keeping an eye out for the automated patcher you mentioned. Would love to try out magisk on my 2015 fire.
kn0wbodh1 said:
Thank you very much for the detailed instructions. I'll be keeping an eye out for the automated patcher you mentioned. Would love to try out magisk on my 2015 fire.
Click to expand...
Click to collapse
The instructions only work against the 2012 fire (HD 8.9", 2nd generation). They will more than likely brick any other device. I don't recommend trying the instructions unless you're 100% sure your device is that specific model.
Hi, a month ago i flashed oifficial magisk 16 zip on a 8.9 kindle fire hd, and as you said, dont boot anymore, just satys on the kindle fire logo, please can you tell me how can i restore my device?, i havent used it in almost 3 years and i dont have a clue on what to do, i just wanted to install viper4android and now is dead.
erick_gc said:
Hi, a month ago i flashed oifficial magisk 16 zip on a 8.9 kindle fire hd, and as you said, dont boot anymore, just satys on the kindle fire logo, please can you tell me how can i restore my device?, i havent used it in almost 3 years and i dont have a clue on what to do, i just wanted to install viper4android and now is dead.
Click to expand...
Click to collapse
https://forum.xda-developers.com/showthread.php?t=2128848&p=75525760
I know it's not for the 8.9" but I was able to get my 7" working by repeating the procedure in step 5. Magisk messes up the kernel on the Kindle so all you have to do is reflash the kernel. You'll need a fastboot cable to get in fastboot mode though.
Take a look at the few posts before the one I linked to.
just wondering if you've had any luck with the flashable zip for magisk? Not confident enough to try it manually. Thanks in advance.
monster1612 said:
Please also read the additional notes in post #2, as they are critical to getting Magisk working.
I decided to do some tinkering around with Magisk, and it actually DOES work on the kindles (at least the 8.9"). The problem is, Magisk's patcher just isolates the ramdisk part of the boot.img and doesn't add the boot signature or other magic back to the image when it's time to reflash the patched boot image. By dd'ing the signature (and other files) back to the image, I can get Magisk to successfully boot.
As part of the working POC (because it's exciting to actually see this!), I've uploaded the patched "Magiskified" boot image (which originally comes from the 20180319 LineageOS 14.1 ROM that was built about a week ago). For reference, this is patched by Magisk v16.0, and the setup is basically the same as the official boot.img makefile directions from CM12.1. (It was the most arbitrary source I found, and I doubt the magic used to create the boot images has changed, so I'm just using that script as a reference.) Try to stick to that ROM if you can - no telling what different ROM versions/variants might do if you're not careful.
I plan on releasing a flashable .zip soon (probably in a month? I have college to work through) to automate the patching process, and possibly even extract the official installer zips to work through Magisk's patching scripts manually so the required boot magic can be patched back into the image before it's ever flashed. (I'll try to take requests to manually patch other ROM boot.imgs if asked to in the meantime though.)
As a friendly reminder, please do NOT flash the official Magisk installer zips or any patched boot images that the app produces as is - they need to be "repatched" with the boot magic, or you'll have to fastboot flash your ROM's boot.img manually because the kindle will hang at the bootloader screen.
Click to expand...
Click to collapse
barcia99 said:
just wondering if you've had any luck with the flashable zip for magisk? Not confident enough to try it manually. Thanks in advance.
Click to expand...
Click to collapse
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
monster1612 said:
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
Click to expand...
Click to collapse
thank's much. i'll continue to do some research also. i've had this kindle since it came out and remains stable with root and twrp. runs smooth and just plain like it. only negative is no sd card slot. again thanks for your hard work.
Hoping for the automated package
Here's hoping you get time to finish the automated flash package. I am not confident enough to attempt this even with your detailed instructions.
monster1612 said:
You can't directly flash the official installer zips onto the Kindle - they currently bork the boot image "signature" (causing the bootloader exploit to break) and require reflashing the boot image from your ROM via fastboot to get things working again.
What I've thought of is adding some device detection logic to the installer script and then having it run through the process of properly repatching the boot image after the main Magisk install finishes in order to get things to work (as opposed to having a supplementary zip file work through that after an official build is flashed).
I forked the official Magisk repo a while ago and honestly forgot about it, but since v17 hit stable since then, I'm going to rebase those proposed changes against that version. No ETA on that as of yet - I've started back at college, so time is already kind of a rarity; in addition, given the age of the Kindles already (5+ years!), it may not be a thing to sustain long term. I still have my 8.9", so testing isn't an issue, but I don't expect Magisk running on these specific devices to function as expected (so more than likely SafetyNet will fall, probably Magisk Hide as well). I'm not 100% sure how it'll turn out, but these are pretty much going to be unofficial builds for as long as I/anyone else willing to run builds sees a benefit to doing so. When a build works to my satisfaction, I promise it'll go up on XDA.
Click to expand...
Click to collapse
Successfully patched the boot image and installed magisk 18 and installed some modules and they work
Trey n said:
Successfully patched the boot image and installed magisk 18 and installed some modules and they work
Click to expand...
Click to collapse
Great! Will you post the boot image? What modules have you tried? Is Wifi, Bluetooth, and LTE working?
kgiesselman said:
Great! Will you post the boot image? What modules have you tried? Is Wifi, Bluetooth, and LTE working?
Click to expand...
Click to collapse
took me a while but also finally got it all working. Thanks for this guide. It may help us in the 7, 8 and 10 tablets. I also note my Jem is currently on CM13
monster1612 said:
It's complicated. I recommend not doing this unless you're willing to follow it to the letter - when I get to creating the automated patcher, this won't be necessary.
Make backups!!
extract the boot.img from your ROM .zip, copy it to the device internal storage
install the Magisk Manager app, download the Magisk .zip and choose "patch boot image"; navigate to said boot image file
copy the modified image to a computer (preferably one running a Linux OS like Ubuntu)
download the boot_cert and u-boot.bin files from the official LineageOS/CM device repo; place these files in the same directory as the boot.img file
open a Linux terminal pointed to the same directory as the boot.img file
run for i in $(seq 1024); do echo -ne "\x00\x50\x7c\x80" >> stack.tmp; done to create the remaining file
run cat boot_cert patched_boot.img > boot.img (assuming the Magisk image produced is named patched_boot.img); this is the boot "signature"
run dd if=u-boot.img of=boot.img bs=8117072 seek=1 conv=notrunc to tag the second bootloader on
finally, run dd if=stack.tmp of=boot.img bs=6519488 seek=1 conv=notrunc to add the stack file; copy the new boot.img back to the kindle
reboot into recovery, flash the Magisk .zip to build the environment, but do NOT reboot yet
choose "Flash .img" within TWRP, select the boot.img, and select "Boot" to flash to the boot partition; reboot to system once complete
profit!
Click to expand...
Click to collapse
This works on the Kindle Fire HD 7 as well, just use the files from the Tate repository.
Devo7v said:
https://forum.xda-developers.com/showthread.php?t=2128848&p=75525760
I know it's not for the 8.9" but I was able to get my 7" working by repeating the procedure in step 5. Magisk messes up the kernel on the Kindle so all you have to do is reflash the kernel. You'll need a fastboot cable to get in fastboot mode though.
Take a look at the few posts before the one I linked to.
Click to expand...
Click to collapse
I also have the same issue, but I'm confused as to your referencing for Step 5, because the guide says specifically not to flash the freedom-boot image if you already have a custom ROM present. Can you reiterate on what to do, please, or can I ignore this warning?
BrianSamsungTab said:
I also have the same issue, but I'm confused as to your referencing for Step 5, because the guide says specifically not to flash the freedom-boot image if you already have a custom ROM present. Can you reiterate on what to do, please, or can I ignore this warning?
Click to expand...
Click to collapse
I reflashed the freedom-boot and got everything working properly. It's been a few months so I don't remember if i had to continue anything when it finally booted, but I do know that I didn't lose any data. I still don't know if you need to flash freedom-boot, but it works if you do.
a little late to the party but-
i recently made the mistake of installing magisk and it put the kindle in a bootloop. is there a way to push the stock boot.img with this method or is that too quick and dirty
any advice is appreciated. im tempted to just do a full wipe via the stock recovery but if theres a more surgical method id go for it. i also have a linux debian machine available.
Tools needed: boot.img extractor. I recommend the one created by osm0sis from this thread:
https://forum.xda-developers.com/showthread.php?t=2239421
The first method was developed by osm0sis and removes magisk and all modules.
1. Unpack magisk_patched.img
2. Unzip overlay.dremove1.zip and place overlay.d folder in ramdisk folder.
3. Repack IMG
4. fastboot boot image-new.img created by repacking 8mg
This method is an offshoot of osm0sis version but boots core-only mode. Afterwards, remove the .disable-magisk file from the /cache folder for modules to work. Dot files are hidden files so if your root explorer can't see hidden files, run the "Remove disable_magisk" bat file in ADB.
1. Same as above but use the overlay.dcoreonly1.zip
For both methods you must be rooted for it to work. These are not cure all's for all bootloops.
Remove .disable_magisk bat file
https://www.androidfilehost.com/?fid=4349826312261684994
****************************************
Here is a fastboot bootable image to boot you into Magisk core-only mode in case you bootloop due to flashing a bad module and TWRP is not enough.
Once in fastboot:
fastboot boot image-newpixel3xl.img
You will boot with root but modules disabled. After you remove the offending module you will need to go to /cache folder and delete the .disable_magisk file before your modules will work.
fastboot boot image-newpixel3xlRemove.img
This one should remove magisk and all modules, then reboot and magisk should reinstall itself (ask to install necessary binaries). This is what osm0sis uses to recover from failed flashes. See this post:
https://forum.xda-developers.com/pi...odules-disabler-booting-magisk-t3976625/page2
Images are in this common folder. Pick the appropriate image for your phone.
6-4-20
https://www.androidfilehost.com/?w=files&flid=313291
Looking forward to this, Tulsa. Will be a real lifesaver and game changer.
sliding_billy said:
Looking forward to this, Tulsa. Will be a real lifesaver and game changer.
Click to expand...
Click to collapse
It's official. It works.
Tulsadiver said:
It's official. It works.
Click to expand...
Click to collapse
You are going to make a lot of people (who "forget" to disable the modules before update) very thankful.
sliding_billy said:
You are going to make a lot of people (who "forget" to disable the modules before update) very thankful.
Click to expand...
Click to collapse
I'm one of those, lol! Also, with the nutty stuff I try, I will be able to get by without a factory reset all the time
Tulsadiver said:
I'm one of those, lol! Also, with the nutty stuff I try, I will be able to get by without a factory reset all the time
Click to expand...
Click to collapse
This link worked, but the one on the Pixel 3 page results in a Mega decryption key error.
sliding_billy said:
This link worked, but the one on the Pixel 3 page results in a Mega decryption key error.
Click to expand...
Click to collapse
I pasted it again. Hopefully it works now.
Tulsadiver said:
I pasted it again. Hopefully it works now.
Click to expand...
Click to collapse
It works!
Thank you!!!!
Latest magisk canary added an adb command to remove modules if bootlopps happens ?
DvLAx3l said:
Latest magisk canary added an adb command to remove modules if bootlopps happens
Click to expand...
Click to collapse
That's what I heard. Do you know the steps on how it works? You flash a module and you bootloop. What do you do next?
Tulsadiver said:
That's what I heard. Do you know the steps on how it works? You flash a module and you bootloop. What do you do next?
Click to expand...
Click to collapse
Didn't try yet, I was searching on topjohnwu GitHub but I don't find nothing, it's in the changelog but I don't know ?
DvLAx3l said:
Didn't try yet, I was searching on topjohnwu GitHub but I don't find nothing, it's in the changelog but I don't know
Click to expand...
Click to collapse
Well, if it's an ADB fix, a person is going to have to, at the very least, flash boot.img (though probably system images depending on what you flashed), reboot without root. Enable the ADB mode, flash ADB commands, and reboot. Remove bad modules. Then, go back and root again.
Seems simpler to just flash the modded image-new.img, reboot with root, remove modules (with ADB if you like) and reboot.
Edit: what would be cool is an option to patch a boot.img in core-only mode, right from Magisk manager, where the other option is to patch the boot.img. All that would be needed on John's part is an edited init file in that option. That's the only difference.
Thanks for this! I could've really used this image a few times in the past...
Face_Plant said:
Thanks for this! I could've really used this image a few times in the past...
Click to expand...
Click to collapse
You and me both, buddy!
Got in to a bootloop situation with Bromite systemless webview module. I restored stock boot image and patched it with the latest canary build (the one with 'recovery mode' checked under advanced settings) and bootlooped again. I flashed this file, got in with magisk working, disabled the offending module, patched the boot image without recovery mode, then flashed the patched boot image and everything is up and running! Thanks for the help!
Ok thanks for this but after rebooting from home screen even if I disable/remove bad mods from magisk I still get rr's/boot loops. Would I need to uninstall magisk completely then and start fresh or what?
Jiggs82 said:
Ok thanks for this but after rebooting from home screen even if I disable/remove bad mods from magisk I still get rr's/boot loops. Would I need to uninstall magisk completely then and start fresh or what?
Click to expand...
Click to collapse
Can you open magisk manager? If so, uninstall magisk from there.
If not, once booted in core-only mode, unzip the contents of this zip in a folder you can use ADB from and run the bat file. It'll push the .disable_magisk file to the cache folder and totally disable any module activity.
Tulsadiver said:
Can you open magisk manager? If so, uninstall magisk from there.
If not, once booted in core-only mode, unzip the contents of this zip in a folder you can use ADB from and run the bat file. It'll push the .disable_magisk file to the cache folder and totally disable any module activity.
Click to expand...
Click to collapse
Yes I was able to open magisk but even if I uninstalled it I still had this weird bootlloop so before I saw this message I ended up just flashing factory 10 image clean this time just to be sure everything would flash/install successfully and luckily they did lol but thanks anyways and I will hold onto to these files for future references:good:
would the modded boot img that disables modules work for the pixel 3 as well?
Just to add my experience here, I flashed MARS_SOM magisk rom module which entered a seemingly unrecoverable endless bootloop. This was likely as it conflicted with another magisk module or xposed that I have installed, so not the fault of the rom!
However given we've no twrp yet, the best way (after a LOT of research!) to fix this wasn't easy or obvious. I thought I could just flash stock kernel, uninstall magisk, flash magisk again and uninstall the module. Which unfortunately you can't as they remain in the system files and without root, you can't touch them, though with root, it loads and you get the bootloop - so a vicious endless cycle!
The solution I managed to work out, rather than a full clean wipe was to extract the stock boot from downloaded firmware (using Xperifirm), convert it to an img file using UnSIN, use to unpack, place a certain folder in there (found via the link below), repack and then fastboot flash. This makes magisk operate in core root mode only allowing you to uninstall the module. Once the module is uninstalled, you can simply disable core only mode from the magisk settings.
This saved me from a full wipe!
See here for more details about that unpacking the img, copying a folder etc see here:
https://forum.xda-developers.com/pi...modules-disabler-booting-magisk-t3976621/amp/
This worked for me and so hope it helps someone out too!
cd993 said:
Just to add my experience here, I flashed MARS_SOM magisk rom module which entered a seemingly unrecoverable endless bootloop. This was likely as it conflicted with another magisk module or xposed that I have installed, so not the fault of the rom!
However given we've no twrp yet, the best way (after a LOT of research!) to fix this wasn't easy or obvious. I thought I could just flash stock kernel, uninstall magisk, flash magisk again and uninstall the module. Which unfortunately you can't as they remain in the system files and without root, you can't touch them, though with root, it loads and you get the bootloop - so a vicious endless cycle!
The solution I managed to work out, rather than a full clean wipe was to extract the stock boot from downloaded firmware (using Xperifirm), convert it to an img file using UnSIN, use to unpack, place a certain folder in there (found via the link below), repack and then fastboot flash. This makes magisk operate in core root mode only allowing you to uninstall the module. Once the module is uninstalled, you can simply disable core only mode from the magisk settings.
This saved me from a full wipe!
See here for more details about that unpacking the img, copying a folder etc see here:
https://forum.xda-developers.com/pi...modules-disabler-booting-magisk-t3976621/amp/
This worked for me and so hope it helps someone out too!
Click to expand...
Click to collapse
With Unsin (on windows at least) you can just drag your file over the cmd without having to mess with command lines
AJHutchinson said:
With Unsin (on windows at least) you can just drag your file over the cmd without having to mess with command lines
Click to expand...
Click to collapse
Yeah that's a handy little feature, makes converting it super simple!
cd993 said:
Just to add my experience here, I flashed MARS_SOM magisk rom module which entered a seemingly unrecoverable endless bootloop. This was likely as it conflicted with another magisk module or xposed that I have installed, so not the fault of the rom!
However given we've no twrp yet, the best way (after a LOT of research!) to fix this wasn't easy or obvious. I thought I could just flash stock kernel, uninstall magisk, flash magisk again and uninstall the module. Which unfortunately you can't as they remain in the system files and without root, you can't touch them, though with root, it loads and you get the bootloop - so a vicious endless cycle!
The solution I managed to work out, rather than a full clean wipe was to extract the stock boot from downloaded firmware (using Xperifirm), convert it to an img file using UnSIN, use to unpack, place a certain folder in there (found via the link below), repack and then fastboot flash. This makes magisk operate in core root mode only allowing you to uninstall the module. Once the module is uninstalled, you can simply disable core only mode from the magisk settings.
This saved me from a full wipe!
See here for more details about that unpacking the img, copying a folder etc see here:
https://forum.xda-developers.com/pi...modules-disabler-booting-magisk-t3976621/amp/
This worked for me and so hope it helps someone out too!
Click to expand...
Click to collapse
Hi there; I was in the same situation, flashing a corrupted magisk boot image from standard firmware for XQ-AT51, provided by same author for simple rooting Xperia 1 II; my phone was without xposed, it was in clean factory state. the magisk boot image was taken from another thread "[ROOT] Magisk patched Boot Images & Instructions" designated for rooting of Xperia 1 II;
unfortunately is the same author who build your ROM, he delivered also corrupted magisk image.
It was not enter in bootloop if you flash only one image on phone, not both; his instructions are wrong. the correct flashing instruction is below, at end of my comment.
I solved in smilar way like you: using flashtool to obtain XQ-AT51 ftf file: XQ-AT51_58.0.A.3.39_1321-7706_R13A.ftf;
Attention: the name of file depends of region firmware you want to flash and type of phone (single or dual sim); the given names are with title of example.
Then from download folder of flashtool form your disk C:\Users\username\.flashTool\firmwares\Downloads (username is your username on pc); check for file: boot_X-FLASH-ALL-2389.sin ( applicable for XQ-AT51) and convert the file to .img using unsin; check on xda for unsin, extract unsin archive in exe file and then drag & drop over unsin.exe the file boot_X-FLASH-ALL-2389.sin; will be generated boot_X-FLASH-ALL-2389.img file.
This name file can be other, is just an example, if you have another phone with firmware for other region, pay attention to this!
This can be flashed then back to phone using adb comands; fastboot flash boot boot_X-FLASH-ALL-2389.img;
The same image can be transfered to phone and used later to generate correct magisk image and root the phone.
Best to you all!
daphix said:
Hi there; I was in the same situation, flashing a corrupted magisk boot image from standard firmware for XQ-AT51, provided by same author for simple rooting Xperia 1 II; my phone was without xposed, it was in clean factory state. the magisk boot image was taken from another thread "[ROOT] Magisk patched Boot Images & Instructions" designated for rooting of Xperia 1 II;
unfortunately is the same author who build your ROM, he delivered also corrupted magisk image.
It was not enter in bootloop if you flash only one image on phone, not both; his instructions are wrong. the correct flashing instruction is below, at end of my comment.
I solved in smilar way like you: using flashtool to obtain XQ-AT51 ftf file: XQ-AT51_58.0.A.3.39_1321-7706_R13A.ftf;
Attention: the name of file depends of region firmware you want to flash and type of phone (single or dual sim); the given names are with title of example.
Then from download folder of flashtool form your disk C:\Users\username\.flashTool\firmwares\Downloads (username is your username on pc); check for file: boot_X-FLASH-ALL-2389.sin ( applicable for XQ-AT51) and convert the file to .img using unsin; check on xda for unsin, extract unsin archive in exe file and then drag & drop over unsin.exe the file boot_X-FLASH-ALL-2389.sin; will be generated boot_X-FLASH-ALL-2389.img file.
This name file can be other, is just an example, if you have another phone with firmware for other region, pay attention to this!
This can be flashed then back to phone using adb comands; fastboot flash boot boot_X-FLASH-ALL-2389.img;
The same image can be transfered to phone and used later to generate correct magisk image and root the phone.
Best to you all!
Click to expand...
Click to collapse
Thanks for that, glad you managed to fix your situation too!
cd993 said:
Thanks for that, glad you managed to fix your situation too!
Click to expand...
Click to collapse
What to posted you is very very usefull; it helps you to fix after flashing wrong magisk module.
:good: