banner
raye~

Raye's Journey

且趁闲身未老,尽放我、些子疏狂。
medium
tg_channel
telegram
twitter
douban
github
email
nintendo switch
playstation
steam_profiles
zhihu

Android Phone Rooting: Things You Need to Know

The reason is like this. A long time ago (about a year ago), there was a Google Pixel 5 phone that was used for testing. Of course, it couldn't be without tinkering, so Magisk and Tai Chi were installed. However, after a mistake, the phone was reset. So I had to start over, but when I tried to flash Magisk, it failed and caused the phone to endlessly reboot. I regretted it at the time and thought it was unusable, so I just left it aside.

But last week, I decided to charge the phone out of curiosity, and surprisingly, it worked again? Can time really fix bugs? 🤣

I'm not very familiar with Android, so I decided to catch up on the knowledge here.

Some Concepts#

  1. OTA

OTA (Over-The-Air) image refers to the system or application update package that is transmitted wirelessly to the device. OTA updates allow device manufacturers, carriers, or application developers to push updates to user devices without the need to connect to a computer or use other external tools.

Simply put, it is the package obtained through wireless download during regular system upgrades. The specific OTA upgrade principle depends on this android ota upgrade principle 3, but here we only need to understand the concept.

  1. Magisk
    Regarding the principle of Magisk, it can be understood that Magisk mounts a file system that isolates from the system files to load custom content. It opens a gateway to a parallel world for the system partition, where all changes occur (in the Magisk partition) and can be considered as if they have not occurred (from the perspective of the system partition) when necessary.

Since it is related to partitions, let's understand what partitions are. Analogous to the partition of a Windows disk, it is essentially to divide the disk into continuous storage areas and organize data according to a certain format. Just like Windows has a boot partition, let's review the boot process:

  1. The CPU executes BIOS initialization, self-test, and other programs, and loads the disk content to physical memory 0x7c00.
  2. Execution starts from the boot program of the boot sector.
  3. ...

Android is essentially a Linux system, and the boot process can naturally be compared. So it is not difficult to understand Android partitions:

  • boot partition: Contains all the information needed for the boot loader, such as the kernel.
  • system partition: Contains the Android operating system itself.
  • recovery partition: Contains the code for recovery mode, used for updating, backing up, or restoring the system.
  • userdata partition: Contains user data and applications.
  • cache partition: Used to store temporary data and OTA updates.

This information is often written in the first few KB of the disk. If you understand disk partition tables such as MBR and GPT, it is not difficult to understand. On Windows, you can use WinHex to directly view the contents of the boot partition. So how does Android operate?

It can be done through the dd command:

adb shell su -c "dd if=/dev/block/bootdevice/by-name/boot_a of=/sdcard/boot.img"
adb pull /sdcard/boot.img

Since the Android system now supports the A/B partition scheme, which means there are two independent system partitions, boot_a and boot_b, such devices can run the system on one partition and perform background updates on the other partition, and then switch to the new partition on the next reboot to achieve seamless system updates.

Note: Essentially, everything in Linux is a file. boot_a actually points to the device file under /dev/block.

redfin:/ # ls -al /dev/block/bootdevice/by-name/boot_a
lrwxrwxrwx 1 root root 15 1970-01-04 03:33 /dev/block/bootdevice/by-name/boot_a -> /dev/block/sda6

So it is clear what Magisk needs to do here. It essentially extracts the contents of boot.img and patches it to create a Magisk partition.

  1. bootloader

If you remember the operating system boot process, then the bootloader is actually a very important function that initializes memory and loads the boot partition of the disk. So as long as you can enter the bootloader interface, the phone is likely to be recoverable.

adb reboot bootloader
  1. fastboot

fastboot is similar to adb and can communicate with the device's bootloader. It is mainly used for unlocking and flashing.

Note that the device must be in bootloader mode (also known as fastboot mode) to use fastboot.

Common fastboot commands:

  1. fastboot devices: Lists the devices connected to the computer.

  2. fastboot flash [partition] [filename]: Flashes the specified partition. For example, to flash the recovery partition:

fastboot flash recovery recovery.img
  1. fastboot boot [kernel] [ramdisk]: Boots from the given kernel/ramdisk without directly flashing it to the device.

  2. fastboot erase [partition]: Erases the specified partition.

  3. fastboot oem unlock: Unlocks the device's bootloader.

Installing Magisk#

In general, it can be divided into several steps:

  1. Unlock the bootloader.
  2. Patch the boot.img.
  3. Flash the patched boot.img.
  4. Install Magisk through Magisk Manager.

The first step depends on the phone brand. Google is relatively open in this regard. Also, the best thing about Pixel is that the official website already provides the device image: Download link

Just make sure to determine the phone version (unlike Xiaomi, which requires points to apply for the developer version).

Download and extract the file, find the boot.img, transfer it to the phone, and patch it through Magisk Manager, then export it.

Boot from the patched img. This operation is generally safe. If you directly overwrite it, there may be problems (but not too big).

fastboot boot magisk_patched-26100_nRGcd.img
Sending 'boot.img' (98304 KB)                      OKAY [  2.521s]
Booting                                            (bootloader) boot.img missing cmdline or OS version
OKAY [  1.577s]
Finished. Total time: 4.145s

After booting, you will temporarily have root access. Of course, it will be invalid after restarting because it will still boot from the original boot.img.

At this time, you can flash it through Magisk Manager, which is relatively safer.

Reviewing the Problem#

Later, I reviewed the problem:

There are also some other solutions, such as disabling verification, but I tried them and they didn't work, so I didn't pay attention to them.

Magisk boot flashing infinite reboot problem

Originally, I was supposed to recommend some Magisk modules, but unfortunately, I rarely use Android now, and the purpose of installing Magisk is just for root access. 🤣

What to Install After Installing Magisk? I Recommend These 20+ Modules

References#

Essential Operations for Playing with Phones - Pixel 3 Magisk Installation
Resolved: Pixel 4 Cannot Find Device in Fastboot Mode and How to Unbrick
Cloud Phone Underlying Technology Revealed: Android System Boot and Magisk Principle
Original: Magisk Learning - Flashing vbmeta.img and Disabling avb2.0 Verification

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.