Mobileread
Life without Magisk
#1  Renate 04-06-2022, 09:56 AM
Magisk is a great and clever program. Still, it has to go through a lot of machinations to make its magic work. Try doing a "mount" command and see all the stuff that it has to jimmy up to make things work. Maybe the performance hit is not bad, but still...

It is possible to just make the mods that you want without Magisk. This will require you to make a full, binary backup of /vendor and /system so that when Onyx releases an incremental update it will recognize those two partitions as "virgin". Of course, retaining the last non-incremental update and fudging the script or build dates will allow you to downgrade then upgrade.

The system partition is verified against a hash tree when loading, so we want to get rid of verification. The system partition is loaded from /vendor/etc/fstab.qcom That is also verified against a hash tree when loading so we want to get rid of that verification. The vendor partition is loaded from the dtb that is stuck on the kernel in the boot partition.

So, we have to:Are we there yet? Almost.
The two partitions vendor and system are protected by error correction. Android will attempt to correct any changes you make to those two partitions. We have to get rid of that too. The last 4096 block in each partition contains two copies of the FEC header. We can just zero those out.

So now you have a system where these two partitions are normally only mounted read-only, but could be modified externally. If you have a rooted recovery you can make your desired changes and reboot to the main system.

To be continued...
Reply 

#2  mergen3107 04-06-2022, 10:02 AM
So, basically this looks like CWM?
Reply 

#3  Renate 04-06-2022, 12:00 PM
Quote mergen3107
So, basically this looks like CWM?
Mmm, not really. It's complicated.

The first part is moving your Magisk modules to hard modifications in /system.
Magisk does disable some? verifications but doesn't? get rid of the error correction.

So you have to do a full (i.e. partition) backup of the system and vendor partitions and then disable error correction (FEC). You can then copy over your modifications to the system partition, then you can delete the Magisk modules. You're still running Magisk, but without modules. You still have access to "su".

When Magisk is running, you can't modify the system partition because it's all part of the stuff that Magisk is doing. Maybe you can mount it separately, but I'm still figuring stuff out and I don't need that uncertainty. You need a recovery. For recovery I don't need menus and "push this button", I only need a recovery with a rooted, permissive ADB. I do have one.

Code
# mkdir fake
# mount -t ext4 /dev/block/by-name/system /fake
^D
C:\>adb push whatever /fake/system/bin/
C:\>adb shell
# chmod 755 /fake/system/bin/whatever
Of course all this stuff can be put into a makefile or a batch file to redo it all instantly when the next Onyx update comes along.

The second step would be to remove Magisk entirely. I have that working now and all my modifications work correctly. I have normal ADB access but currently it's not running rooted as I've run into some problems with permissions and I'd have to run it SELinux permissive.

Yeah, there is still work to do, but the bottom line is that I can reboot, hit "Last Read" and I'm back to my book where I was and my clicker works correctly.
Reply 

#4  Renate 04-16-2022, 12:16 PM
Interim progress report:
I'm running without Magisk, with enforcing and I have a rooted ADB accessible.

I have to say, if you run the system in SELinux permissive, it's a train wreck.
All this goofy stuff writes all sorts of stuff that it shouldn't.
If you see navigation icons at the bottom of the screen you might be running permissive.

I've still a ways to go to make this a usable product.
Reply 

#5  Renate 05-24-2022, 10:02 AM
I'm pretty happy with things as they are now. I've done a bunch of work on fixing the USB connection so that Onyx can't screw it up. It's always insisting on enabling MTP. My solution won't appeal to many. I just want my rooted ADB.

For those who want to mod their system without using Magisk, the information above is correct, disable verify on /vendor, disable verify on /system, disable error correction on both. To modify DTBs (without "round-tripping" them through dtc disassemble, dtc assemble) you can use my latest released dtbview.exe (in the sig). To extract/replace the dtb in images you can use imgutil.exe

Just extract, dump, hex edit, replace:
Code
C:\>imgutil /x boot.img dtb
C:\>dtbview dtb > dtb.lst
C:\>whatever-hexedit dtb
C:\>imgutil /r boot.img dtb
Code
041b40 vendor {
041b4c compatible = "android,vendor";
041b68 dev = "/dev/block/platform/soc/c0c4000.sdhci/by-name/vendor";
041bac type = "ext4";
041bc0 mnt_flags = "ro,barrier=1,discard";
041be4 fsmgr_flags = "wait,verify";
041bfc status = "ok";
041c0c }
Then (in this case) look a bit past 41be4 for the comma in "wait,verify" and change it to a null character.

Edit: You can blank the last bit of a partition easily (and without arithmetic):

For systems with eMMC (i.e. 8 x 512 blocks):
Code
C:\>edl /e /pvendor /s-8
C:\>edl /e /psystem /s-8
For systems with UFS (i.e. 1 x 4096 block):
Code
C:\>edl /e /u /pvendor /s-1
C:\>edl /e /u /psystem /s-1
Reply 

Today's Posts | Search this Thread | Login | Register