I have installed Lineage 18.1 GSI and trying to install gapps. I have rooted and using franko to flash opengapps pico and get an error 70 that there is not enough space on /system. What is the way to get this done? Thanks in advance!
I would like to know that as well.
Tried to flash via stock recovery but that aborted because signature verification failed.
Apps like Flashify, Flash Gordon, Flashfire or Rashr didn't work either.
With MagiskGapps-basic-module from wacko1805 the playservice framework always crashed.
I think the easiest and best way would be to flash opengapps via TWRP.
@ada12 seems to have a TWRP build that still has some bugs, but can be used to flash unsigned zip files.
Maybe he can share this with us.
I feel like this should not be a collasal effort, but it has become one. I have spent the whole day trying to figure it out. I want to use Lineage OS 18.1 with gapps from Andyyan, not any other rom.
psychofaktory said:
I think the easiest and best way would be to flash opengapps via TWRP.
Click to expand...
Click to collapse
I suspect that Magisk should be able to do whatever TWRP is doing (which is just putting some files in certain places, for the most part). Have you tried to find a Magisk module with OpenGapps? Or you can try making your own (but be warned that lzip is not available by default on any Android or Linux).
Edit: nevermind, I see you found a LiteGapps Magisk module.
Thanks @wirespot
The hint with the linked script to create a custom Magisk module on the preferred OpenGapps bundle was worth gold!
Now I have another problem that comes from installing the OpenGapps via Magisk.
For passing SafetyNet I have to add com.google.android.gms and com.google.android.gms.unstable to the deny list.
But when restarting Magisk all modules are reloaded. So also the OpenGapps module.
As a result, the adjustments to the deny list for the Google Play services are discarded again with every restart and the SafetyNet check fails.
How can I prevent that the two entries are no longer removed from the deny list?
Or how can I ensure that the entries are automatically added to the deny list on restart?
Edit:
It seems that this is what Magisk intended and com.google.android.gms and ...gms.unstable are automatically added to the deny list.
But now I have the question, how can I pass the SafetyNet test?
wirespot said:
I suspect that Magisk should be able to do whatever TWRP is doing (which is just putting some files in certain places, for the most part). Have you tried to find a Magisk module with OpenGapps? Or you can try making your own (but be warned that lzip is not available by default on any Android or Linux).
Edit: nevermind, I see you found a LiteGapps Magisk module.
Click to expand...
Click to collapse
Yes, but there is an issue with litegapps, the google contacts sync is broken unfortunately...
psychofaktory said:
It seems that this is what Magisk intended and com.google.android.gms and ...gms.unstable are automatically added to the deny list.
But now I have the question, how can I pass the SafetyNet test?
Click to expand...
Click to collapse
The deny list only lets you pass Basic check. To also pass CTS you need the USNF module (Universal SafetyNet Fix) and possibly other modules too. More details in this thread (check the end of the post), but try with just deny list and USNF first.
Neither the basic integrity check, nor cts profile match are passed.
Besides the denial list, I tried the modules "Shamiko", "Universal SafetyNet Fix" and "MagiskHide Props Config".
With the latter I have also tried various combinations, unfortunately unsuccessful in each case.
It looks like the deny-list does not work.
I suspect here also a connection with the message together that Magisk displays with each call:
Code:
An "su" command that does no belong to Magisk is detected. Please remove the other unsupported su
I have already been able to disable Phh-su with these commands:
Code:
adb shell
phh-su
mount -o remount,rw /
mount -o remount,rw /system
remount
mount -o remount,rw /
mount -o remount,rw /system
/system/bin/phh-securize.sh system.img
But the message in Magisk still appears.
Yeah passing SafetyNet with a custom ROM may be tricky. Didgeridoohan has a few more tips on their website you can try.
OK, I am already a big step closer to the solution.
After installing Magisk regularly, I first installed the Franco Kernel Manager.
Through this I was then able to flash UnSu.zip, which completely removed phh-su.
This also removed the message "An "su" command that does no belong to Magisk is detected" from Magisk.
Magisk had to be set up again afterwards, since it was also cleaned up by the UnSu script.
YASNAC now already showed "Basic integrity -> Pass".
But now I have not found a way to pass the CTS-profile match.
Does anyone here know what settings to set via MagiskHideProps Config?
And could someone send me the fingerprint of the stock rom (62.0.A.9.11)?
Code:
getprop ro.build.fingerprint
After some tests I discovered a big disadvantage with the variant to flash OpenGapps via Magisk.
Push notifications do not seem to work.
I use too many services that rely on Google Push notifications, so I can't do without them.
Compared to the "normal" variant of flashing OpenGapps via recovery before the first boot, the Magisk variant seems to be missing important dependencies and permissions that are only set during the first boot of the rom.
Therefore, the only useful variant is to flash GApps via recovery.
I really hope that we will soon have the possibility to flash unsigned zip files here!
Another approach:
Opengapps-zip files cannot be flashed via the stock recovery because it fails signature verfication.
The GSI roms can be flashed via the stock recovery. So they seem to be signed correctly.
Would it be possible to sign the Opengapps-Zip files with the same signature keys as the GSI-Roms to be able to flash them via the stock recovery?
Aren't GSI ROMs flashed through fastboot? Since they're partition images not zip installers like OpenGapps.
Of course. You are right.
Would it be possible to merge a GAPPS zip file into a GSI image and then flash the image with fastboot?
Related
⠀
⠀
If you have TWRP installed you can get a root shell that can attempt to fix things. For example, the mm tool to enable/disable magisk modules runs from this shell.
Can't just boot twrp because it can't mount /data unless it's installed.
Only other thing might be to boot a vanilla image from fastboot. Depending on what you did, having no magisk at all may fix things.
I don't know what that specific module does. Normally modules can be disabled to remove their impact (should not cause permanent changes). The QuickSwitch module (possibly similar to your module?) Is like this. It "modifies" a system file but only if it loads.
There are of course some generic guides like
https://www.xda-developers.com/flash-generic-system-image-project-treble-device/
https://source.android.com/setup/build/gsi#flashing-gsis
and in this G6 Play subforum there is this guide for things such as root, twrp, decrypt, magisk
https://forum.xda-developers.com/showthread.php?t=3929928
But I do not want to root/decrypt my device unless needed and I ESPECIALLY don't want to install sketchy unofficial software from untrusted sources.
It seems TWRP does not officially support the Moto G6 Play, and it seems you can install without it.
So I have a few questions:
Do I need Dm-Verity & ForceEncrypt Disabler?
Do I need Magisk?
Do I need to disable verify boot (AVB) by flashing vbmeta.img?
How can I backup my phone without TWRP?
Any other particularities besides the generic GSI guide?
How badly can I mess up?
I've written Android apps, so I know my way around adb, but this is my first time flashing GSI.
pepijndevos said:
There are of course some generic guides like
https://www.xda-developers.com/flash-generic-system-image-project-treble-device/
https://source.android.com/setup/build/gsi#flashing-gsis
and in this G6 Play subforum there is this guide for things such as root, twrp, decrypt, magisk
https://forum.xda-developers.com/showthread.php?t=3929928
But I do not want to root/decrypt my device unless needed and I ESPECIALLY don't want to install sketchy unofficial software from untrusted sources.
It seems TWRP does not officially support the Moto G6 Play, and it seems you can install without it.
So I have a few questions:
Do I need Dm-Verity & ForceEncrypt Disabler?
Do I need Magisk?
Do I need to disable verify boot (AVB) by flashing vbmeta.img?
How can I backup my phone without TWRP?
Any other particularities besides the generic GSI guide?
How badly can I mess up?
I've written Android apps, so I know my way around adb, but this is my first time flashing GSI.
Click to expand...
Click to collapse
Do I need Dm-Verity & ForceEncrypt Disabler?
Yes, but you need to install twrp first in order to flash it, or it won't work properly. GSIs like to bootloop if you don't disable them.
Do I need Magisk?
Nope. I'd still recommend it though, because I'm not sure if the disabler removes AVB, and having it enabled can cause bootloops.
Do I need to disable verify boot (AVB) by flashing vbmeta.img?
Nope. This doesn't apply to us. We don't have "system as root". AVB is in the boot.img.
How can I backup my phone without TWRP?
You pretty much can't. Some partitions can be backed up with dd commands, but most of them can't be restored like this. You also need root to use them.
Any other particularities besides the generic GSI guide?
You'll need to manually replace the apn if you use Virgin/Sprint/Boost. You'll also need an overlay to enable auto brightness, and another one to fix the rounded screen corners.
How badly can I mess up?
Worst case scenario, you might encounter a bootloop. There isn't much you could do, that flashing stock firmware couldn't fix.
Thanks for the info.
Between the post and your reply I just figured I'd attempt the generic guide.
I guess I'm lucky that I did not encounter a boot loop.
All is working great now.
I should look into adding this overlay maybe...
pepijndevos said:
Thanks for the info.
Between the post and your reply I just figured I'd attempt the generic guide.
I guess I'm lucky that I did not encounter a boot loop.
All is working great now.
I should look into adding this overlay maybe...
Click to expand...
Click to collapse
I have copies for our phone. Check the attachments. Here's all the steps.
1. Install your GSI.
2. Using twrp's file manager, a root browser, or ADB... copy the 2 apks below to /vendor/overlay and set permissions on them to 0644 or rw-r--r-- and reboot.
3. Using ADB or a terminal emulator, run the following commands.
adb shell or su from a terminal emulator.
Code:
[B]chcon u:object_r:vendor_overlay_file:s0 /vendor/overlay;chcon u:object_r:vendor_overlay_file:s0 /vendor/overlay/Autobright.apk[/B]
Code:
[B]chcon u:object_r:vendor_overlay_file:s0 /vendor/overlay;chcon u:object_r:vendor_overlay_file:s0 /vendor/overlay/Curves.apk[/B]
And reboot.
4. Open up adb or a terminal emulator once more. Enter these commands.
adb shell or su
cmd overlay list
cmd overlay enable android.auto_generated_rro__
cmd overlay enable com.android.systemui.Curve
*** You should see the changes immediately after this. You may need to reboot one more time to get auto brightness' options to show up in your settings.
This is a copy of my question on SO.
I want to remove Google apps and services on a new Fairphone 4 (Android 11, now rooted using Magisk. No TWRP build available yet.).
To this end, I am trying to use microG. In the Prerequisites for its usage, signature spoofing and deleting files in `system/priv-app` are listed. For signature spoofing, I followed the *XPosed solution for Android 11 and 12* listed here, i.e. using Magisk + riru + LSPosed + a FakeGApps fork. Not sure, whether or not this worked. All individual steps reported success, but the Signature Spoofing Checker says it didn't work.
Anyway, I'm definitely stuck at the second step, because I don't seem to be able to delete any files in `system_ext/priv-app`. I tried the solutions proposed here and here.
If I try
Code:
adb shell
su
# then confirm on the phone, then
mount -o rw,remount /
I get '/dev/block/dm-0' is read-only. Similar error (with dm-1) if I try mounting /system_ext.
adb root or adb disable-verity don't work, because it's a user build: adbd cannot run as root in production builds, verity cannot be disabled/enabled - USER build.
I even tried to write a Magisk module to replace the directories in question with empty ones, by putting the following in the customize.sh:
Code:
REPLACE="
/system_ext/priv-app/GoogleFeedback
/system_ext/priv-app/GoogleOneTimeInitializer
/system_ext/priv-app/GoogleServicesFramework
/system_ext/priv-app/SetupWizard
/system/system_ext/priv-app/GoogleFeedback
/system/system_ext/priv-app/GoogleOneTimeInitializer
/system/system_ext/priv-app/GoogleServicesFramework
/system/system_ext/priv-app/SetupWizard
"
I think /system/system_ext and /system_ext are hard linked, but not sure whether that matters. After loading that module and rebooting, the contents of those folders are still the same when checking with adb shell.
Any ideas?
For adb I'm using my desktop with Ubuntu 21.10.
Hello,
It's way easier than you can imagine. I did a tutorial there : https://forum.fairphone.com/t/tutorial-install-microg-on-fairphone-os/80016
But as you are quite advanced, the only thing you have to do is to install NanoDroid-MicroG with Magisk : https://downloads.nanolx.org/NanoDroid/Stable/
Just install the Zip and eventually update MicroG on the official website (version packed in NanoDroid is 17, newest one is 22...). This will erase all old Gapps.
PS :signature check spoofer don't work, the package you mentionned (which is the one I use also) only fake signature for Gapps, which is a good thing...
Thanks a ton! Looks like it worked, and it really wasn't more than installing that one module
Better use an ungoogled OS like LeOS-S. It's Android12L and works great an FP4
See https://leos-gsi.de
Hi, i've messed up my device! I've rooted my f3 (enhanced 12.5.7.0 GLOBAL) with magisk and attempted to get google call screening working by changing props using magiskhide props config module. I've set my device fingerprint to pixel 5 and set the device emulation/simulation options by following another thread (admittedly a oneplus thread).
How can I get Google dialer's call screening?
Has anyone been able to get Google's call screening to work? I've seen some guides for older OnePlus devices, I was wondering how it would work for the 9.
forum.xda-developers.com
Now i'm stuck in a bootloop, however if i flash the stock boot.img i can boot into the OS and my phone works as normal but obviously without magisk and root.
Now if i uninstall magisk app then try to reflash the magisk patched boot.img to try to get root i get bootloops again. Is there a way i can revert the fingerprint/emulation settings somehow without root or access to magisk or edit props without root? When i flash the standard boot.img does this reset the fingerprint and device emulation setting but when i reflash magisk pathed boot.img this reactivates the props changes i made with magisk?
Can someone help!
I have attempted to boot into safe mode using the recovery menu, which should disable all magisk modules?, but no joy. The phone booted into safe mode for about 10 seconds then shut off and went back into recovery mode/meu.
Magisk - Installation and troubleshooting:Magisk and MagiskHide Installation and Troubleshooting guide
www.didgeridoohan.com
As per the documentation it says i can create a "disable_mhpc" file and place it on the device but i don't have root and i also don't have /data/cache in the root folder only /android/data/cache. Also what file type is this? an empty .txt file or does it need to have commands within it?
MagiskHidePropsConf/README.md at master · Magisk-Modules-Repo/MagiskHidePropsConf
This tool is now dead... Contribute to Magisk-Modules-Repo/MagiskHidePropsConf development by creating an account on GitHub.
github.com
How to root and pass SafetyNet on Sony Xperia 10 III (XQ-BT52)Tested on firmware 62.0.A.3.163.
Disclaimer:
This guide assumes you're familiar with the concepts of rooting, Magisk, SafetyNet, fastboot, adb and so on. I will explain why things are done but if I explained everything it would become too long.
This guide is limited to getting root and apps working on the stock Sony ROM. It doesn't cover installing other ROMs.
You can mess up your phone if you don't know what you're doing. This is not a beginner's guide.
Before you do anything else, do these preparations:
Make sure your device is updated to the latest firmware. Getting updates after you unlock the bootloader will be more complicated.
Use XperiFirm to grab a copy of your current firmware (after you've updated it). It can run on Linux too, either via Mono or in a virtual machine. It's basically just a downloader, it doesn't need any fancy hardware access.
Screenshot everything under Settings > System.
Open the dialer and enter *#*#7378423#*#*. Screenshot everything in the service submenus.
Unlock developer options (tap Settings > About > Build number 7 times) then find it under Settings > System > Advanced. Activate USB debugging. Activate OEM unlocking.
Install the Android SDK Platform Tools. On Linux they're most likely in a package provided by your distro.
Copy the screenshots to your PC because the phone will be reset at some point.
Boot into fastboot by turning the phone off, then connect it to PC via USB, and press POWER and VOLUME UP together. The phone led will turn blue. On PC run fastboot devices and make sure it lists your phone and has the serial number you got from the service menu.
Unlocking the bootloader:
This is the point of no return as far as warranty is concerned!
This will factory reset the phone! Make sure you got everything you needed off it.
Obtain the unlock code (you will need the IMEI of the 1st SIM slot).
Boot into fastboot, check again that fastboot devices lists the phone.
Issue the unlock command using the code you got earlier: fastboot oem unlock 0x<unlock code here>
Reboot the phone (you can say fastboot reboot). It will say "can't check for corruption" and "erasing" a couple of times but will eventually boot up to the factory setup.
Enabling Magisk & root:
Download the latest Magisk apk to the phone and install it. Right now that means v24+.
Open boot_X-FLASH-ALL-8A63.sin from the original firmware with any archive manager (it's a tar.xz), 7zip will work fine.
Extract boot.000, rename it to boot.img and put it on the phone.
Open the Magisk app, next to "Magisk" tap "install", choose "Select and patch a file", pick the "boot.img" file.
Download the patched img to PC (will be next to boot.img called something like magisk_patched-24100_MKPRJ.img).
Boot into fastboot, check again that fastboot devices lists the phone.
Flash the patched boot image: fastboot flash boot magisk_patched-24100_MKPRJ.img
Must say OKAY. Can then reboot the phone (you can say fastboot reboot).
Open the Magisk app again, it should say "installed" now next to "Magisk". Also the Superuser and Modules buttons should now be enabled.
Go into Magisk settings and activate "Hide the Magisk app". This is NOT MagiskHide, it does not hide Magisk from other apps, it hides the Magisk Manager app from other apps. More on this later.
Go into Magisk settings and activate Zygisk. This is a built-in replacement for Riru going forward.
Reboot!
Install a root checker app and verify that you get a prompt from Magisk to give root and that the checker says it got root.
Important changes about Magisk:
Riru is now obsolete. It has been replaced by a feature built-into Magisk called Zygisk (which is essentially Riru running in Zygote). It is strongly recommended to go into Magisk settings and activate Zygisk (even if you don't use Riru modules). Do not install Riru anymore. All modules that needed Riru should have Zygisk versions by now unless they're abandoned.
Magisk no longer maintains a module repository, To find and install modules install Fox's Magisk Module Manager. It's a dedicated module management app that supports the old Magisk repo as well as new ones. Inside Magisk you can still enable/disable/remove/install manually and can also update if the module has an update URL, so you can do without Fox if you get your modules directly from their XDA or GitHub pages.
MagiskHide has been replaced by a new feature called Deny list (it's in Magisk settings). It's much more powerful because the apps & processes added to the deny list will be completely excluded from anything based on Magisk so it's impossible for them to detect leaks anymore. On the downside, excluded apps can't be affected by any Magisk or LSPosed modules (LSPosed will grey out such apps and say "it's on the deny list".) This feature should be used sparingly (see below) because Magisk still does a good job of evading detection.
Passing SafetyNet:
Install YASNAC to check your SafetyNet status. At this point you're probably not passing either Basic or CTS check.
Go into Magisk settings. Enable "Enforce deny list". Enter "Configure deny list", find Google Services, check it, expand it, and select only the process ending in .gms and the one ending in .gms.unstable.
Reboot. Check YASNAC. At this point you should be passing Basic check but probably not CTS.
Install Universal SafetyNet Fix (aka USNF) by kdrag0n in Magisk. (Some GIS ROMs already include what this module does, so if you install a GIS ROM you may not need it.) This module hijacks the CTS verification and drops an error which causes the Google service to fall back to Basic verification, which we already fixed in the previous step.
Reboot. Check YASNAC. At this point you should be passing both Basic and CTS. That's it!
You may need to clear storage & cache for Google Play & Services. Go to Settings > Apps & notifications > See all apps, select "All apps", find them in the list, clear storage/cache and reboot. After that try searching for a restricted app such as Netflix on the Play store, if it shows up in results you're all good.
Remember to also add to deny list other apps that try to detect if you're using root, like banking apps.
Other SafetyNet related fixes:
People using non-stock GIS ROMs will probably need module MagiskHide Props Config by Didgeridoohan. This will install a props command line util that you can use (as root) to force Basic attestation, apply extra Magisk hiding techniques, spoof device fingerprint, change the way fingerprinting is checked, or even impersonate another device altogether. Install, reboot, enter adb shell, type su to go root (will need to grant root to shell on the phone when prompted), then run props and follow the options.
People running extra-stubborn banking apps (or other apps that try to detect root extra-hard) that don't work even when added to the Magisk deny list can try module Shamiko by LSPosed. This module adds extra hiding techniques for the apps on the deny list. Please note that Shamiko will disable the Magisk "enforce deny list" option but that's ok, that's an extra feature, the deny list is in effect even without it.
Working apps and modulesPlease note that this list is limited to stuff that I personally use. I can't and won't install other stuff to test it.
Root apps:
AFWall(+): Works, but configure it to use its own internal busybox and iptables. Applying rules fails occasionally and you need to retry.
Call Recorder by skvalex: Recording works out of the box, no fiddling required with either headset of mic recording.
JuiceSSH, Termux etc. and other terminal apps: No issues getting root with su.
Busybox: you can install zgfg's module which exposes Magisk's internal Busybox to the rest of the system (bonus: will be updated with Magisk); or you can install osm0sys's module which contains a standalone separate Busybox. As of now both of them provide Busybox 1.34.
MyBackup Pro: Works fine. Used it to transfer 15k+ SMS messages from Android 8.
Solid Explorer: Can access root partitions without issues.
Tasker: No issues.
Titanium Backup: Works but will hang when restoring APKs whose target API doesn't support the ROM's Android version (ie. APKs you can't install directly either).
OAndBackupX: Modern alternative to Titanium, works perfectly.
XPERI+: Version 6 works well and allows you to remap the assistant button and has another couple of features. Version 7 crashes.
Magisk modules:
AFWall Boot AntiLeak
Backup
Builtin BusyBox
Magisk Bootloop Protector
MagiskHide Props Config
Shamiko
SQLite for ARM aarch64 devices
Systemless Hosts (comes with Magisk, enable it in settings)
Universal SafetyNet Fix
Zygisk LSPosed
LSPosed modules:
App Settings Reborn: Works well. May require a couple of reboots before the targeted apps start showing the modifications.
Disable Flag Secure: com.varuns2002 is working, sort of. Please read the module's page. Apps got wise to rooted devices ignoring FLAG_SECURE so now they use hardware DRM or detect screenshots and show you something else (Netflix). So it works only in older versions of apps, or apps that haven't bothered to detect screenshots.
GravityBox [R]: Everything I tried works perfectly.
Physical Button Master Control: The module works as intended, the companion config app has some issues, hopefully they'll be solved soon.
XPrivacyLua: Works perfectly. No issues with SafetyNet.
Not working:
...
Other tested and working Root Apps:
AdAway
Fox's Magisk Module Manager
Franco Kernel Manager
Termux
Not testet yet:
Call Recorder
FolderSync
Total Commander
Vanced Manager
WireGuard
Other tested and working Magisk modules:
1Controller - 1 Module to support all Controllers
Call Recorder - SKVALEX
F-Droid Privileged Extension
Move Certificates (version by Androidacy)
Other tested and working LSPosed modules:
BubbleUPnP AudioCast