Magisk won't install/root on AVD API 34 (Android 14)
Closed this issue ยท 8 comments
Hi @newbit1
First, thank you for this handy script.
Long story short - I've been trying to install a Proxyman cert on /system partition on API 34 without success (here and here). One of the methods I'm currently trying to follow is to use Magisk, and so I've landed here. The below are run on macOS Monterey.
API 33
./rootAVD.sh ~/Library/Android/sdk/system-images/android-33/google_apis/arm64-v8a/ramdisk.img
works fine, my avd exits, and after cold start, I got root with Magisk:
API 34
./rootAVD.sh ~/Library/Android/sdk/system-images/android-34/google_apis/arm64-v8a/ramdisk.img
though it produces an identical output as running for API 33, does not make Magisk install root:
[!] and we are NOT in an emulator shell
[*] Set Directorys
[-] Test if ADB SHELL is working
[-] In any AVD via ADB, you can execute code without root in /data/data/com.android.shell
[*] Cleaning up the ADB working space
[*] Creating the ADB working space
[-] Magisk installer Zip exists already
[*] Push Magisk.zip into /data/data/com.android.shell/Magisk
[-] ./Magisk.zip: 1 file pushed, 0 skipped. 395.9 MB/s (11278270 bytes in 0.027s)
[-] ramdisk.img Backup exists already
[*] Push ramdisk.img into /data/data/com.android.shell/Magisk/ramdisk.img
[-] /Users/melquiades/Library/Android/sdk/system-images/android-34/google_apis/arm64-v8a/ramdisk.img: 1 file pushed, 0 skipped. 424.2 MB/s (1790636 bytes in 0.004s)
[*] Push rootAVD.sh into /data/data/com.android.shell/Magisk
[-] rootAVD.sh: 1 file pushed, 0 skipped. 168.9 MB/s (76222 bytes in 0.000s)
[-] run the actually Boot/Ramdisk/Kernel Image Patch Script
[*] from Magisk by topjohnwu and modded by NewBit XDA
[!] We are in a ranchu emulator shell
[-] Api Level Arch Detect
[-] Device Platform is arm64 only
[-] Device SDK API: 34
[-] First API Level: 33
[-] The AVD runs on Android 14
[-] Switch to the location of the script file
[*] Looking for an unzip binary
[-] unzip binary found
[*] Extracting busybox and Magisk.zip via unzip ...
[*] Finding a working Busybox Version
[!] Found a working Busybox Version
[!] BusyBox v1.34.1-Magisk (2022-03-22 04:11:29 PDT) multi-call binary.
[*] Move busybox from lib to workdir
[-] Checking AVDs Internet connection...
[!] AVD is online
[!] Checking available Magisk Versions
[?] Choose a Magisk Version to install and make it local
[s] (s)how all available Magisk Versions
[1] local stable '25.2' (ENTER)
[2] stable 26.1
[3] canary 47d2d4e3(26102)
[4] alpha 709f25f6-alpha(26101)
[-] You choose Magisk local stable Version '25.2'
[*] Re-Run rootAVD in Magisk Busybox STANDALONE (D)ASH
[-] We are now in Magisk Busybox STANDALONE (D)ASH
[*] rootAVD with Magisk '25.2' Installer
[-] Get Flags
[*] System-as-root, keep dm/avb-verity
[-] Encrypted data, keep forceencrypt
[*] RECOVERYMODE=false
[-] KEEPVERITY=true
[*] KEEPFORCEENCRYPT=true
[-] copy all arm64-v8a files from /data/data/com.android.shell/Magisk/lib/arm64-v8a to /data/data/com.android.shell/Magisk
[*] Detecting ramdisk.img compression
[!] Ramdisk.img uses lz4_legacy compression
[-] taken from shakalaca's MagiskOnEmulator/process.sh
[*] executing ramdisk splitting / extraction / repacking
[-] API level greater then 30
[*] Check if we need to repack ramdisk before patching ..
[-] Multiple cpio archives detected
[*] Unpacking ramdisk ..
[*] Searching for the real End of the 1st Archive
[-] Dumping from 0 to 1686612 ..
Detected format: [lz4_legacy]
[-] Dumping from 1686612 to 1790617 ..
Detected format: [lz4_legacy]
[*] Repacking ramdisk ..
[-] Checking ramdisk STATUS=0
[-] Stock boot image detected
[*] Verifying Boot Image by its Kernel Release number:
[-] This AVD = 6.1.23-android14-4-00257-g7e35917775b8-ab9964412
[-] Ramdisk = 6.1.23-android14-4-00257-g7e35917775b8-ab9964412
[!] Ramdisk is probably from this AVD
[-] Patching ramdisk
[*] adding overlay.d/sbin folders to ramdisk
Loading cpio: [ramdisk.cpio]
Create directory [overlay.d] (0750)
Create directory [overlay.d/sbin] (0750)
Dump cpio: [ramdisk.cpio]
[!] patching the ramdisk with Magisk Init
Loading cpio: [ramdisk.cpio]
Add entry [init] (0750)
Add entry [overlay.d/sbin/magisk64.xz] (0644)
Patch with flag KEEPVERITY=[true] KEEPFORCEENCRYPT=[true]
Loading cpio: [ramdisk.cpio.orig]
Backup mismatch entry: [init] -> [.backup/init]
Record new entry: [overlay.d] -> [.backup/.rmlist]
Record new entry: [overlay.d/sbin] -> [.backup/.rmlist]
Record new entry: [overlay.d/sbin/magisk64.xz] -> [.backup/.rmlist]
Create directory [.backup] (0000)
Add entry [.backup/.magisk] (0000)
Dump cpio: [ramdisk.cpio]
[*] repacking back to ramdisk.img format
[!] Rename Magisk.zip to Magisk.apk
[*] Pull ramdiskpatched4AVD.img into ramdisk.img
[-] /data/data/com.android.shell/Magisk/ramdiskpatched4AVD.img: 1 file pulled, 0 skipped. 239.0 MB/s (2192750 bytes in 0.009s)
[*] Pull Magisk.apk into
[-] /data/data/com.android.shell/Magisk/Magisk.apk: 1 file pulled, 0 skipped. 251.2 MB/s (11278270 bytes in 0.043s)
[-] Clean up the ADB working space
[-] Install all APKs placed in the Apps folder
[*] Trying to install Apps/Magisk.apk
[*] Performing Streamed Install
[*] Success
[-] Shut-Down & Reboot (Cold Boot Now) the AVD and see if it worked
[-] Root and Su with Magisk for Android Studio AVDs
[-] Trying to shut down the AVD
[!] If the AVD doesn't shut down, try it manually!
[-] Modded by NewBit XDA - Jan. 2021
[!] Huge Credits and big Thanks to topjohnwu, shakalaca, vvb2060 and HuskyDG
I don't see anything obvious in the log above, nor in your script that would inform me why it would fail for API 34. Perhaps the changes Google mentions in the bug tracker affect it?
Would you have any idea for a way to root AVD API 34 with your script? Is it related to Magisk itself perhaps?
Which bug are you reffering to?
You can try a higher Magisk Version, but make sure you use the FAKEBOOTIMG argument.
Perhaps the cold boot didnt work or a snapshow as loaded.
The logs do look good.
Which bug are you reffering to?
I refer to what Android engineer said on the bug tracker:
I think this is the intended behavior with api 34,
the new way to install your own certificate is probably have to go through the apex approach, build the system image yourself.
You can try a higher Magisk Version, but make sure you use the FAKEBOOTIMG argument.
Just tried now, with 26.1 and FAKEBOOTIMG:
./rootAVD.sh ~/Library/Android/sdk/system-images/android-34/google_apis/arm64-v8a/ramdisk.img FAKEBOOTIMG
it worked. In hindsight, I should have seen why it didn't before. Anyway, thanks a lot!
Great, I think I see your true issue here now.
Non Playstore AVDs don't need Magisk to be rooted, they can be rooted out of the box.
But you need to start your AVD with the -writable-system argument. And perform some adb root
commands. This is already described in your second here link. And also on my readme page.
If you want to replace your emulator executable with custom commands, like -writable-system, take a look on my XDA thread
XDA [GUIDE] Build / Mod AVD Kernel Android 10 / 11 rootAVD [Magisk] [USB passthrough Linux] [Google Play Store API]
Under the Spoiler: Root and fstab.ranchu -> Replace the emulator with a script to pass arguments and run it from the GUI:
Once you can launch your AVD writable, you can smash in the commands from this bug tracker:
Emulator API 34 (UpsideDownCake): issue installing Proxyman certificate in system/etc/security/cacert
adb root
adb remount
adb root
adb shell avbctl disable-verification
adb reboot
adb root
adb remount
And you will get a writeable system partition where you can push files to it:
newbit@rootAVD % adb root
newbit@rootAVD % adb remount
Successfully disabled verity
adb root
virtual bool android::fiemap::ImageManagerBinder::MapImageDevice(const std::string &, const std::chrono::milliseconds &, std::string *) binder returned: Failed to map
[libfs_mgr] could not map scratch image
Failed to allocate scratch on /data, fallback to use free space on super
Using overlayfs for /system
Using overlayfs for /vendor
Using overlayfs for /product
Using overlayfs for /system_dlkm
Using overlayfs for /system_ext
Verity disabled; overlayfs enabled.
Now reboot your device for settings to take effect
newbit@rootAVD % adb root
adbd is already running as root
newbit@rootAVD % adb shell avbctl disable-verification
Successfully disabled verification. Reboot the device for changes to take effect.
newbit@rootAVD % adb reboot
newbit@rootAVD % adb root
restarting adbd as root
newbit@rootAVD % adb remount
AVB verification is disabled, disabling verity state may have no effect
Remounted /system as RW
Remounted /vendor as RW
Remounted /product as RW
Remounted /system_dlkm as RW
Remounted /system_ext as RW
Remount succeeded
newbit@rootAVD % adb push rootAVD.sh /system/etc/security/cacerts
rootAVD.sh: 1 file pushed, 0 skipped. 17.2 MB/s (76971 bytes in 0.004s)
But I guess this will bring you next to nothing, because of this apex issue.
But if you insist to use Magisk, your System partition will remain not-writable.
In order to install files anyway, you need to write a Module for that. Links are also
on my readme page.
I've read something that Magisk is capable of overlaying apex apk's. But I am not sure
if this can be done with a trivial module or if it must be by Zygisk.
And yes, you are right, Magisk 25.2 can't be installed on A14, thanks for pointing this out.
Thanks for taking the time to test this out. I can get the emulator rooted, in fact, that bug tracker report was me :)
My issue is that starting from API 34, my usual root/writeable system partition method doesn't work anymore, i.e I can push the cert to /system, but Android OS doesn't seem to recognise it at all (works fine on lower APIs); in the Android UI, in Settings, Trusted Credentials tab, under System, I see no certificate (and, I can confirm via adb shell on emulator that the cert file is there).
Which has brought me to your repo :) My thinking was that maybe using Magisk and the module would do the trick:
- install Magisk on emulator
- use this module (which I used successfully for Pixel 4a) to get that cert onto /system partition
With your hint re FAKEBOOTIMG and Magisk 26.1, I was able to get Magisk root on API 34. Unfortunately, the module didn't do the job. I'll try this again from scratch tomorrow, maybe I've missed something ๐ค or worst case, as Android engineer says, they've made a change in API 34, and perhaps added some protections against hacking /system files :|
Not yet sure what's the apex is all about too.
Thanks for your XDA thread though, I gave it a quick read, and need to get back to it with some more reading.
I'll try this again from scratch tomorrow, maybe I've missed something ๐ค
The following didn't work:
- โ install Magisk with your script
- โ install Proxyman cert to User
- โ install MagistTrustUserCerts - this should copy cert from user space to system on boot
- โ after boot though, the cert is still not visible by Android UI
I think you should read a couple more to grasp this apex thing. First look at the modules script how it is copying the certs. Perhaps you can mod it...
Second, take a closer look at:
APEX File Format
Android 14 may come with updatable root certificates
Android 14 makes root certificates updatable via Google Play to protect users from malicious CAs
Especially when it comes to directorys, it might come in handy when you mod the cert module.
I get "$ adb shell avbctl disable-verification
/system/bin/sh: avbctl: not found" when doing the command, can you help ?
I'm trying to do "./rootAVD.sh system-images/android-34/google_apis_playstore/arm64-v8a/ramdisk.img FAKEBOOTIMG" but when the magikx app opens nothing happens,
[FIXED] Sorry to bump the closed issue. I'm success to root the device with fakebootimg. But the device is always get black screen whenever I boot. I can boot the device with "Cold Boot Now", but all modification or installed app is gone.
Is there any step that I miss?
For everyone that having the same issue, disable the cold boot snapshot before rooting the device.