Skip to content

Instantly share code, notes, and snippets.

@mohrezaei

mohrezaei/Calyx3-Magisk.md

Created March 27, 2022 18:02
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mohrezaei/69dae8c7d43c543b38ee5d33f67400b5 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mohrezaei/69dae8c7d43c543b38ee5d33f67400b5 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. mohrezaei created this gist Mar 27, 2022.
    119 changes: 119 additions & 0 deletions Calyx3-Magisk.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,119 @@
    # CalyxOS 3.x (Android 12) with Magisk with working signed images and AVB Verity

    This idea was inspired by this post https://github.com/topjohnwu/Magisk/issues/509#issuecomment-911720167

    I got this working with CalyxOS 3.3.1 (Android 12) with full AVB Verity enabled and was able to lock the bootloader after flashing and still have su.
    The OTA update zip generated was also tested against the Calyx 2.11.0 version (with Magisk) and it works well.

    ### Create a working build
    First, make sure you can build and sign a proper CalyxOS for your device. This is probably the hardest part.

    ### Prepare Magisk files for rooting
    Second, prepare a magisk directory outside your build directory as follows:
    ```
    mkdir magisk24304
    cd magisk24304/
    wget https://cdn.jsdelivr.net/gh/topjohnwu/magisk-files@a17271415ec0b3b34fbb5715d92893a1f8c529d0/app-debug.apk
    unzip app-debug.apk
    ```

    Replace the apk URL with whatever version is latest or works best for you. For Android 12, v24+ is a must.
    The URL for the latest version can be found in the Magisk files repo. https://github.com/topjohnwu/magisk-files

    We then need a few helper scripts in the same directory.
    `cat > root-img.sh`
    ```shell
    #!/bin/bash

    SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"

    export PATH=$PATH:$SCRIPT_DIR

    export BOOTMODE=true
    export KEEPVERITY=true

    cp $SCRIPT_DIR/lib/x86/libmagiskboot.so $SCRIPT_DIR/assets/magiskboot
    cp $SCRIPT_DIR/lib/arm64-v8a/libmagisk64.so $SCRIPT_DIR/assets/magisk64
    cp $SCRIPT_DIR/lib/armeabi-v7a/libmagisk32.so $SCRIPT_DIR/assets/magisk32
    cp $SCRIPT_DIR/lib/arm64-v8a/libmagiskinit.so $SCRIPT_DIR/assets/magiskinit

    . $SCRIPT_DIR/assets/boot_patch.sh $*
    ```
    `chmod 755 root-img.sh`

    Make sure magiskinit is correct for your target in `root-img.sh`.

    `cat > dos2unix`
    ```shell
    #!/bin/bash
    cat $*
    ```
    chmod 755 dos2unix

    cat > getprop
    ```shell
    #!/bin/bash
    echo $*
    ```
    `chmod 755 getprop`

    That's all for preparing magisk.

    ### Prepare signing step
    Now we need to intercept `avbtool` to root the `boot.img` file just before it's hashed/signed.

    In the last step of building the OS, the target files are zipped up and moved into a signing directory, along with the signing keys and binaries. In the `bin` directory, you should find `avbtool` which will be used during signing. We're going to replace it with a script that detects boot images, roots them and then continues with the real `avbtool`.

    ```shell
    cd bin
    mv avbtool avbtool.real
    ```
    `cat > avbtool`
    ```shell
    #!/bin/bash

    # change this to whereever you created the magisk directory:
    MAGISK_DIR=/media/work/magisk24304

    echo "%%%%%%%%%%" `date` Running avbtool with "$*" >> $MAGISK_DIR/avbtool-invokes.txt

    SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
    IMG_NAME=`realpath $3`

    if [[ $1 == add_hash_footer ]] && [[ $7 == boot ]] ;
    then
    echo starting to root $3 >> $MAGISK_DIR/rooting.txt
    $MAGISK_DIR/root-img.sh $IMG_NAME >> $MAGISK_DIR/rooting.txt 2>&1
    cp $MAGISK_DIR/assets/new-boot.img $IMG_NAME
    fi

    $SCRIPT_DIR/avbtool.real $*
    ```
    `chmod 755 avbtool`

    We'll do something similar for `toybox` to avoid an error in the build.

    ```
    mv toybox toybox.real
    ```
    `cat > toybox`
    ```shell
    #!/bin/bash

    SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
    echo "%%%%%%%%%%" `date` Running toybox with "$*" >> $SCRIPT_DIR/toybox-invokes.txt

    if [[ $1 == cpio ]] && [[ $2 == -F ]] ;
    then
    echo ignoring toybox error >> $SCRIPT_DIR/toybox-invokes.txt
    $SCRIPT_DIR/toybox.real $* >> $SCRIPT_DIR/toybox-invokes.txt 2>&1
    exit 0
    fi

    $SCRIPT_DIR/toybox.real $*
    ```
    `chmod 755 toybox`

    Now, sign the target files again.
    If all goes well, that should create a rooted `boot.img` with the correct signatures. You can check the `avbtool-invokes.txt` and `rooting.txt` files to see if everything went well.
    You can apply the factory image (which will wipe the phone), or the OTA update (no wipe) if you have a previous OS with the same keys.