Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
John Wu Profile picture
@topjohnwu
Feb 19, 2020 19 tweets 3 min read Read on X
Just flashed Android 11 on my Pixel 4 XL, there's a new partition named system_ext, which I think is part of early boot partitions. Would need to update MagiskInit for that...
Great, device won't boot. If partial source code is out, will check that, otherwise time for some very "fun" trial and error since pre-init is basically impossible to properly debug 😂
Hats off to Android engineers who gave me this kind of excitement every year LOL. Gonna head out to do some real world crap, will continue hacking after heading back home throughout this whole day.
Back home, USB hooked up, open Android Studio, full mug of milk (not 🍺 LOL), and let's go baby!
Managed to nuke my data by basically doing nothing, thanks. Man this Android 11 is fragile... I hate it when the development phone is also my main phone.
Progress update: For some reason the logical partition setup for system_ext will be messed up after MagiskInit's fstab patches, causing the partition fail to be early mounted. Still have no idea how this can happen.
Building Pixel 4 XL kernel from scratch to enable KernelSU 😭. Gonna need some kind of root access to dig deeper what's going on. No TWRP on this device really is inconvenient 😅
Finally managed to get the device booting with MagiskInit, but I just found out that Google removed /sbin from root directory duh. It will be a HUGE PAIN IN THE ASS to workaround that. I guess someone at Google really IS trying to make my life hell LOL
I really wanna rage quit at this point 😂
Got custom SELinux loaded into the kernel, continue chugging my way through....
Oh great, Google also removed init.rc from root directory! Happy times you know 😂
So on Android 11 Google moved /init.rc to /system/etc/init/hw/init.rc. Dunno why they do this though, maybe just to give me more headache I guess 🤪
Well finally at least something worked!
I just found a bug in MagiskInit that wasted me at least 10 hours trying to figure out what's up. It is so stupid that I want to throw my laptop out of the window.
Changes in Android 11 is too significant that it'll take quite some time to refactor things. These changes will come in phases, so don't expect things to get ready in the near future. The current plan is to slowly convert existing code to what will eventually work on Android 11.
I'll end this Twitter thread here. Now I basically know how Android 11 behaves at early boot from inside out. The rest of the work is basically redesigning lots of stuff and just keep grinding!
Reviving this old thread back, cause you know what's up 😉. We are now infinitely closer to the goal!
github.com/topjohnwu/Magi…
Android 11 moved the Android runtime portion of the com.android.runtime APEX module into com.android.art. Didn't expect this change to affect Magisk, but well I fixed it anyways 🤷‍♂️

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Wu

John Wu Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @topjohnwu

John Wu Profile picture
Oct 6, 2021
Continuing with the discussion on Android modding.

If you unlock the bootloader of an Android device, you *actually can* run almost whatever software you want! (Except proprietary/trusted components such as the bootloader, TEE, radio, firmware etc.)
You can replace the kernel. You can compile your own Android OS. On Pixels, you can even sign the images and have verified boot enforced. You can install F-Droid and only run FOSS apps. You actually DO have the freedom to run almost all software with something you can control.
However, with how the world is directing, there is an increasing demand for "Trusted Computing". It is how devices store/process secret data securely. User data encryption, biometric authentication, contactless payments, DRMs, all depend on some "trusted environment".
Read 11 tweets
John Wu Profile picture
Oct 6, 2021
There are still people upset about me sunsetting MagiskHide. I'll address everything in one place, one last time:

• I genuinely do not enjoy doing any development on hiding anymore, because there is a very obvious solution to it, and there is no practical way to defeat it
• The solution mentioned in the previous point is HW key attestation, and it has been slowly adopted in various detection methods, notably SafetyNet

• Ever since HW KA started to be used more widely, any real development on MagiskHide had basically already been halted
• I "officially" announced the removal of MagiskHide, not only because of the obvious conflict of interest with my job at Google, but also I wanted to give an early heads up to the community so those who are still passionate about hiding can start "doing their job" 😉
Read 9 tweets
John Wu Profile picture
Oct 4, 2021
In response to this whole rant:

Every design has its advantages and drawbacks. If you want to see the exact counter example of all this A/B + Dynamic partitions on Android, just look at iPhones.
The whole point of A/B partitions (or, seamless updates) is to "trick" people into system updates. Before the user even notices, the update is already done, and it just needs a quick reboot.

On iOS system updates take a while, and a lot of my friends just... never updates 🤷‍♂️
Unlike Android where all read-only partitions has its space preallocated (the super partition is still fixed size), on iOS, system files and user files share the same storage space.

In this case, you'll eventually run into this. What do people do? Don't update their system 🤷‍♂️
Read 4 tweets
John Wu Profile picture
Jun 25, 2021
This research is an interesting read. One question though: why are they testing stuffs on a LG Nexus 5 running Android 6.0.1 in 2021? ART has changed drastically and it affects app installation size a lot…
dl.acm.org/doi/pdf/10.114…
App bundles are now enforced on Play Store, so unsupported native libs and resources are no longer downloaded and stored in user’s storage. Modern ART no longer precompile the whole DEX file into machine code AOT; instead it is now using JIT + PGO based AOT hybrid approach.
Oh and also, native libraries can now be directly memory mapped and linked as long as it is aligned and uncompressed in the APK (I believe this is now the default behavior in Android Studio). This also removes the need to extract the libraries, wasting unnecessary space.
Read 4 tweets
John Wu Profile picture
Jun 25, 2021
Disclaimer: I'm not saying you're wrong or trying to put you under attack, quoting your tweet so I can explain to my followers with context.

The reason why I have ditched custom recovery is because it is an external dependency that I cannot control.
On modern Android, precise device status detection is crucial for configuring an installation. I've seen too many bug reports caused by inability to accurately detect device information in custom recovery environments.
There is no "standard" in custom recoveries. TWRP used to be a very good candidate to target, but over the years it has become more difficult to work with. This is not caused by incompetence of developers, but instead a side effect of Android becoming aggressively complicated.
Read 5 tweets
John Wu Profile picture
Feb 9, 2021
Remember when I said using SELinux permissive is really bad? Here is a privilege escalation PoC where the only requirement is SELinux permissive. If you are still releasing custom ROMs/kernels with permissive, YOU ARE LITERALLY BACKDOORING YOUR USERS!
github.com/vvb2060/Magica
In this PoC, when you press install, it will gain (restricted yet still powerful) root access in a service and install Magisk to your boot image. This demo shows that any ARBITRARY app, including malware, can PERMANENTLY root your device without your consent and permission.
Imagine this scenario: you are using a custom kernel that ships with SELinux permissive. You accidentally install a malware using this loophole. The malware installs a modified "malicious Magisk" to permanently gain full root access. BOOM, your device is now #pwned.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(