Doesn't work properly in andriod rooted using Magisk

shirshak55 commented 2 years ago

HTTP Toolkit is currently one of the best MITM proxy tools used for application development, reverse engineering, etc... However, at the moment there is a small issue with magisk rooted phone. Even though the phone is rooted, it seems CA certificates don't seem to be installed properly.

shirshak55 commented 2 years ago

Reproducing the issue:

I installed CA certs but that goes to user CA which means it will nag me forever. And app shows me System Trust Disabled because CA is not in the proper directory. I am perplexed by this issue.

I am confused because HTTP Toolkit Ui clearly says " Automatically injects system HTTPS certs in rooted phone" but it doesn't seem to reflect it.

Today I tried with USB debugging with wires too. But it is failing too. I wonder what happened.

~/Downloads ➜ adb root
adbd is already running as root

~/Downloads ➜ adb shell raphaelin:/ #

Something is weird.

Some screenshots:

screen screen1

Andriod version 11.

shirshak55 commented 2 years ago

It seems the shellscript used in httptoolkit is not working as expected. From log: Adding cert file as /data/local/tmp/91511479.0

Which means 91511479.0 should be moved into /system/etc/security/cacerts

I remounted and add certs myself

hash=$(openssl x509 -inform PEM -subject_hash_old -in certificate | head -1)
mv certificate "$hash.0"

And copied that to android cacerts and it seems to work now.

pimterry commented 2 years ago

Hi @shirshak55. Sorry to hear you're having issues. All the output shown here is as expected though I think... HTTP Toolkit's Android root ADB setup does a few things:

It tests a variety of different root methods at the same time, to work out how to get root access
It copies various necessary files onto the device (the certificate and shell script)
It runs the shell script, which moves the files into place and sets their properties correctly.

That process starts here and you can see the individual methods it's calling like getRootCommand and injectSystemCertificate here.

I think it's normal that some of the root commands might time out. As long as one command works, that's fine. The commands that get tested are:

su root whoami in an ADB shell
su -c whoami in an ADB shell
adb root, then whoami in an ADB shell

They count as succeeding if they print 'root'. Can you check which one of those works on your device?

Once one of those does succeed, the certificate is copied to the tmp path (which is why that path appears in the output above) and then a script running on the device remounts the certificate directory, copy the files to the correct place, and sets the required properties on them.

You said "It seems the shellscript used in httptoolkit is not working as expected" - can you explain exactly what it's doing wrong on your device? If 'Cert Injected' is shown in the output then the script and everything else should have run correctly.

shirshak55 commented 2 years ago

I think shell script is failing to copy certs to android system certs folder. Root access is working properly. I think remounting system dir, removing tmp files and copying certs is probably having issue?

Actually its not a big issue to me because I copied the certs myself which httptoolkit andriod app was able to recognize but many other people might be having similar trouble. I think many people in hacker news were raising this issue that's why i tried to do postmortem

shirshak55 commented 2 years ago

if it had copied certs it should have shown that cert file 91xxxxx.0 in android system cacert directory. But when I ls into that directory there was no such file.

pimterry commented 2 years ago

It would be good to look into this, totally agree. It's very surprising that the script would succeed without actually copying the file though.

Can you please:

Reboot your Android device and wait for it to boot as normal
Start running adb logcat -T1 > logcat.txt
Start HTTP Toolkit, from the command line so you can see all output
Click the ADB interception button and wait until the app opens (or 10 seconds pass, if nothing happens)

And then post here:

All output from HTTP Toolkit on the CLI
The contents of logcat.txt
The output from running adb shell and then:
- ls -la /data/local/tmp/
- ls -la /system/etc/security/cacerts
- mount

That should make it a bit clearer what exactly is happening here.

shirshak55 commented 2 years ago

Logcat is sent to your email (too large to paste here)

raphaelin:/ # ls -la /system/etc/security/cacerts/91511479.0                                                                                                                             
ls: /system/etc/security/cacerts/91511479.0: No such file or directory

~ ➜  httptoolkit 
Gtk-Message: 20:25:31.909: Failed to load module "xapp-gtk3-module"
(node:8417) electron: The default of nativeWindowOpen is deprecated and will be changing from false to true in Electron 15.  See https://github.com/electron/electron/issues/28511 for more information.
(Use `httptoolkit --trace-warnings ...` to show where the warning was created)
(node:8465) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
(node:8465) [DEP0125] DeprecationWarning: The _stream_wrap module is deprecated.
Config checked in 7 ms
Certificates setup in 3 ms
Standalone server started in 2 ms
Server started in 10 ms
Total startup took 22 ms
Updating all Docker network aliases...
httptoolkit-server: Updating CLI... already on latest version: 1.5.1
Browser cache updated
httptoolkit-server: Updating CLI... already on latest version: 1.5.1
Error: Timeout for ADB command su,root,whoami
    at /opt/HTTP Toolkit/resources/httptoolkit-server/bundle/index.js:487:418818
    at runNextTicks (internal/process/task_queues.js:60:5)
    at listOnTimeout (internal/timers.js:524:9)
    at processTimers (internal/timers.js:498:7)
    at async Promise.all (index 0)
    at async e.getRootCommand (/opt/HTTP Toolkit/resources/httptoolkit-server/bundle/index.js:487:419678)
    at async e.AndroidAdbInterceptor.injectSystemCertIfPossible (/opt/HTTP Toolkit/resources/httptoolkit-server/bundle/index.js:487:417241)
    at async e.AndroidAdbInterceptor.activate (/opt/HTTP Toolkit/resources/httptoolkit-server/bundle/index.js:487:415063)
    at async activateInterceptor (/opt/HTTP Toolkit/resources/httptoolkit-server/bundle/index.js:479:15278)
    at async /opt/HTTP Toolkit/resources/httptoolkit-server/bundle/index.js:311:4252
Adding cert file as /data/local/tmp/91511479.0
Cert injected
httptoolkit-server: Updating CLI... already on latest version: 1.5.1
^CShutting down after API call...

Mount

Click to view

``` ~/Downloads/CAF_SFM_REG_N20 via  v17.3.0 ➜ adb shell raphaelin:/ # mount /dev/root on / type ext4 (rw,seclabel,relatime,errors=remount-ro) tmpfs on /dev type tmpfs (rw,seclabel,nosuid,relatime,size=3786132k,nr_inodes=946533,mode=755) devpts on /dev/pts type devpts (rw,seclabel,relatime,mode=600,ptmxmode=000) tmpfs on /dev/ZomL9l type tmpfs (rw,seclabel,relatime,size=3786132k,nr_inodes=946533,mode=755) proc on /proc type proc (rw,relatime,gid=3009,hidepid=2) sysfs on /sys type sysfs (rw,seclabel,relatime) selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime) tmpfs on /mnt type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=3786132k,nr_inodes=946533,mode=755,gid=1000) tmpfs on /mnt/installer type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=3786132k,nr_inodes=946533,mode=755,gid=1000) tmpfs on /mnt/androidwritable type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=3786132k,nr_inodes=946533,mode=755,gid=1000) /dev/block/sde53 on /vendor type ext4 (rw,seclabel,relatime,discard) tmpfs on /apex type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=3786132k,nr_inodes=946533,mode=755) tmpfs on /linkerconfig type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=3786132k,nr_inodes=946533,mode=755) none on /dev/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) none on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime) none on /dev/cpuctl type cgroup (rw,nosuid,nodev,noexec,relatime,cpu) none on /acct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct) none on /dev/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset,noprefix,release_agent=/sbin/cpuset_release_agent) none on /dev/memcg type cgroup (rw,nosuid,nodev,noexec,relatime,memory) none on /dev/stune type cgroup (rw,nosuid,nodev,noexec,relatime,schedtune) tracefs on /sys/kernel/tracing type tracefs (rw,seclabel,relatime) none on /config type configfs (rw,nosuid,nodev,noexec,relatime) binder on /dev/binderfs type binder (rw,relatime,max=1048576,stats=global) none on /sys/fs/fuse/connections type fusectl (rw,relatime) bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime) pstore on /sys/fs/pstore type pstore (rw,seclabel,nosuid,nodev,noexec,relatime) /dev/block/sda29 on /cache type ext4 (rw,seclabel,nosuid,nodev,noatime,data=ordered) /dev/block/sde52 on /vendor/firmware_mnt type vfat (ro,context=u:object_r:firmware_file:s0,relatime,gid=1000,fmask=0337,dmask=0227,codepage=437,iocharset=iso8859-1,shortname=lower,errors=remount-ro) /dev/block/sde48 on /vendor/dsp type ext4 (rw,seclabel,relatime,data=ordered) /dev/block/sda23 on /mnt/vendor/persist type ext4 (rw,seclabel,nosuid,nodev,noatime,data=ordered) /dev/block/sde26 on /vendor/bt_firmware type vfat (ro,context=u:object_r:bt_firmware_file:s0,relatime,uid=1002,gid=3002,fmask=0337,dmask=0227,codepage=437,iocharset=iso8859-1,shortname=lower,errors=remount-ro) /dev/block/sda31 on /data type ext4 (rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,inlinecrypt,resgid=1065,data=ordered) tmpfs on /linkerconfig type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=3786132k,nr_inodes=946533,mode=755) /dev/block/sda31 on /data/user/0 type ext4 (rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,inlinecrypt,resgid=1065,data=ordered) tmpfs on /data_mirror type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=3786132k,nr_inodes=946533,mode=700,gid=1000) /dev/block/sda31 on /data_mirror/data_ce/null type ext4 (rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,inlinecrypt,resgid=1065,data=ordered) /dev/block/sda31 on /data_mirror/data_ce/null/0 type ext4 (rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,inlinecrypt,resgid=1065,data=ordered) /dev/block/sda31 on /data_mirror/data_de/null type ext4 (rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,inlinecrypt,resgid=1065,data=ordered) /dev/block/sda31 on /data_mirror/cur_profiles type ext4 (rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,inlinecrypt,resgid=1065,data=ordered) /dev/block/loop6 on /apex/com.android.media@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop6 on /apex/com.android.media type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop7 on /apex/com.android.tzdata@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop7 on /apex/com.android.tzdata type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop8 on /apex/com.android.vndk.v30@1 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop8 on /apex/com.android.vndk.v30 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop9 on /apex/com.android.wifi@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop9 on /apex/com.android.wifi type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop10 on /apex/com.android.mediaprovider@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop10 on /apex/com.android.mediaprovider type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop11 on /apex/com.android.cellbroadcast@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop11 on /apex/com.android.cellbroadcast type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop12 on /apex/com.android.resolv@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop12 on /apex/com.android.resolv type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop13 on /apex/com.android.extservices@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop13 on /apex/com.android.extservices type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop14 on /apex/com.android.media.swcodec@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop14 on /apex/com.android.media.swcodec type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop15 on /apex/com.android.conscrypt@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop15 on /apex/com.android.conscrypt type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop16 on /apex/com.android.art@1 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop16 on /apex/com.android.art type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop17 on /apex/com.android.i18n@1 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop17 on /apex/com.android.i18n type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop18 on /apex/com.android.neuralnetworks@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop18 on /apex/com.android.neuralnetworks type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop19 on /apex/com.android.apex.cts.shim@1 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop19 on /apex/com.android.apex.cts.shim type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop20 on /apex/com.android.runtime@1 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop20 on /apex/com.android.runtime type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop21 on /apex/com.android.os.statsd@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop21 on /apex/com.android.os.statsd type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop22 on /apex/com.android.sdkext@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop22 on /apex/com.android.sdkext type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop23 on /apex/com.android.ipsec@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop23 on /apex/com.android.ipsec type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop24 on /apex/com.android.permission@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop24 on /apex/com.android.permission type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop25 on /apex/com.android.tethering@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop25 on /apex/com.android.tethering type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop26 on /apex/com.android.adbd@300000000 type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/block/loop26 on /apex/com.android.adbd type ext4 (ro,dirsync,seclabel,nodev,noatime) /dev/ZomL9l/.magisk/block/vendor on /dev/ZomL9l/.magisk/mirror/vendor type ext4 (ro,seclabel,relatime,discard) /dev/ZomL9l/.magisk/block/data on /dev/ZomL9l/.magisk/mirror/data type ext4 (rw,seclabel,relatime,noauto_da_alloc,inlinecrypt,resgid=1065,data=ordered) /dev/ZomL9l/.magisk/block/system_root on /dev/ZomL9l/.magisk/mirror/system_root type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/data on /dev/ZomL9l/.magisk/modules type ext4 (rw,seclabel,relatime,noauto_da_alloc,inlinecrypt,resgid=1065,data=ordered) tmpfs on /system/bin type tmpfs (rw,seclabel,relatime,size=3786132k,nr_inodes=946533) /dev/ZomL9l/.magisk/block/system_root on /system/bin/abb type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/am type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/apexd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/app_process32 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/app_process64 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/appops type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/appwidget type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/arping type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/atrace type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/audioserver type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/auditctl type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/awk type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/bc type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/bcc type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/blank_screen type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/blkid type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/bmgr type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/bootanimation type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/bootstat type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/bootstrap type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/boringssl_self_test32 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/boringssl_self_test64 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/bpfloader type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/bu type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/bugreport type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/bugreportz type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/bzip2 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/cameraserver type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/charger type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/clatd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/clean_scratch_files type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/cmd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/content type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/crash_dump32 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/crash_dump64 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/credstore type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/debuggerd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/device_config type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/dmctl type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/dnsmasq type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/dpm type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/drmserver type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/dumpstate type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/dumpsys type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/e2freefrag type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/e2fsck type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/e2fsdroid type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/flags_health_check type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/fsck.exfat type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/fsck.f2fs type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/fsck.ntfs type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/fsck_msdos type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/fsverity_init type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/gatekeeperd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/gdbserver type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/gdbserver64 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/gpuservice type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/gsi_tool type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/gsid type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/heapprofd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/hid type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/hw type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/hwservicemanager type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/idlcli type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/idmap2 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/idmap2d type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/ime type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/incident type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/incident-helper-cmd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/incident_helper type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/incidentd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/init type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/input type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/installd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/iorap.cmd.compiler type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/iorap.cmd.maintenance type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/iorap.inode2filename type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/iorap.prefetcherd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/iorapd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/iotop type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/ip type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/iperf3 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/iptables type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/iw type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/keystore type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/keystore_cli_v2 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/ld.mc type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/ldd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/librank type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/linkerconfig type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/lmkd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/lockagent_crasher type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/locksettings type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/logcat type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/logcatd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/logd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/logpersist.start type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/logwrapper type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/lpdump type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/lpdumpd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/lshal type ext4 (ro,seclabel,relatime,errors=remount-ro) tmpfs on /system/bin/magisk type tmpfs (rw,seclabel,relatime,size=3786132k,nr_inodes=946533,mode=755) tmpfs on /system/bin/magiskinit type tmpfs (rw,seclabel,relatime,size=3786132k,nr_inodes=946533,mode=755) /dev/ZomL9l/.magisk/block/system_root on /system/bin/make_f2fs type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/mdnsd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/mediaextractor type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/mediametrics type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/mediaserver type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/migrate_legacy_obb_data.sh type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/mini-keyctl type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/misc_writer type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/mke2fs type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/mkfs.exfat type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/mkfs.ntfs type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/monkey type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/mount.ntfs type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/mtpd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/ndc type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/netd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/netutils-wrapper-1.0 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/newfs_msdos type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/notify_traceur.sh type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/perfetto type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/ping type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/ping6 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/pm type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/pppd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/procrank type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/racoon type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/reboot type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/recovery-persist type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/remount type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/requestsync type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/resize2fs type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/rss_hwm_reset type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/run-as type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/sanitizer-status type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/schedtest type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/screencap type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/screenrecord type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/sdcard type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/secdiscard type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/secilc type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/sensorservice type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/service type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/servicemanager type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/set-verity-state type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/settings type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/sgdisk type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/sh type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/showmap type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/simpleperf type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/simpleperf_app_runner type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/sload_f2fs type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/sm type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/snapshotctl type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/sqlite3 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/ss type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/start_with_lockagent type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/storaged type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/strace type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/surfaceflinger type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/svc type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/tc type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/tcpdump type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/telecom type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/themed_bootanimation type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/tombstoned type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/toolbox type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/toybox type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/traced type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/traced_perf type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/traced_probes type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/tracepath type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/tracepath6 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/traceroute6 type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/trigger_perfetto type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/tune2fs type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/tzdatacheck type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/uiautomator type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/uncrypt type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/unwind_info type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/unwind_reg_info type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/unwind_symbols type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/usbd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/vdc type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/viewcompiler type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/vold type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/vold_prepare_subdirs type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/vr type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/wait_for_keymaster type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/watchdogd type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/wificond type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/wm type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/system_root on /system/bin/ziptool type ext4 (ro,seclabel,relatime,errors=remount-ro) /dev/ZomL9l/.magisk/block/data on /system/etc/hosts type ext4 (rw,seclabel,relatime,noauto_da_alloc,inlinecrypt,resgid=1065,data=ordered) tmpfs on /storage type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=3786132k,nr_inodes=946533,mode=755,gid=1000) adb on /dev/usb-ffs/adb type functionfs (rw,relatime) diag on /dev/ffs-diag type functionfs (rw,relatime) diag_mdm on /dev/ffs-diag-1 type functionfs (rw,relatime) diag_mdm2 on /dev/ffs-diag-2 type functionfs (rw,relatime) /data/media on /mnt/runtime/default/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=1015,multiuser,mask=6,derive_gid,default_normal,unshared_obb) /data/media on /mnt/runtime/read/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=9997,multiuser,mask=23,derive_gid,default_normal,unshared_obb) /data/media on /mnt/runtime/write/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=9997,multiuser,mask=7,derive_gid,default_normal,unshared_obb) /data/media on /mnt/runtime/full/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=9997,multiuser,mask=7,derive_gid,default_normal,unshared_obb) /dev/fuse on /storage/emulated type fuse (rw,lazytime,nosuid,nodev,noexec,noatime,user_id=0,group_id=0,allow_other) /dev/fuse on /mnt/installer/0/emulated type fuse (rw,lazytime,nosuid,nodev,noexec,noatime,user_id=0,group_id=0,allow_other) /dev/fuse on /mnt/androidwritable/0/emulated type fuse (rw,lazytime,nosuid,nodev,noexec,noatime,user_id=0,group_id=0,allow_other) /dev/fuse on /mnt/user/0/emulated type fuse (rw,lazytime,nosuid,nodev,noexec,noatime,user_id=0,group_id=0,allow_other) /data/media on /mnt/pass_through/0/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=9997,multiuser,mask=7,derive_gid,default_normal,unshared_obb) /dev/block/sda31 on /data/app/~~78GzaHFrrPkuEn7SX7l28g==/com.google.android.youtube-hIEPvh9_9qCzRsyauPCKZw==/base.apk type ext4 (rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,inlinecrypt,resgid=1065,data=ordered) /data/media on /mnt/androidwritable/0/emulated/0/Android/data type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=1015,multiuser,mask=6,derive_gid,default_normal,unshared_obb) /data/media on /mnt/installer/0/emulated/0/Android/data type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=1015,multiuser,mask=6,derive_gid,default_normal,unshared_obb) /data/media on /storage/emulated/0/Android/data type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=1015,multiuser,mask=6,derive_gid,default_normal,unshared_obb) /data/media on /mnt/user/0/emulated/0/Android/data type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=1015,multiuser,mask=6,derive_gid,default_normal,unshared_obb) /data/media on /mnt/androidwritable/0/emulated/0/Android/obb type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=1015,multiuser,mask=6,derive_gid,default_normal,unshared_obb) /data/media on /storage/emulated/0/Android/obb type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=1015,multiuser,mask=6,derive_gid,default_normal,unshared_obb) /data/media on /mnt/user/0/emulated/0/Android/obb type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=1015,multiuser,mask=6,derive_gid,default_normal,unshared_obb) /data/media on /mnt/installer/0/emulated/0/Android/obb type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=9997,multiuser,mask=7,derive_gid,default_normal,unshared_obb) ```

HttpToolkit is telling me to install the client certs so its not working for me :D

shirshak55 commented 2 years ago

Probably something in here is not working as intended and it works differently on your phone vs mine?

https://github.com/httptoolkit/httptoolkit-server/blob/e1dbaf0a3691e8d0ddb919bc0b14aa99b94224dd/src/interceptors/android/adb-commands.ts#L221

pimterry commented 2 years ago

Probably something in here is not working as intended and it works differently on your phone vs mine?

Yes, definitely! That mount output looks particularly suspicious.

On my rooted test device, the initial output looks like:

Mount output

tmpfs on /dev type tmpfs (rw,seclabel,nosuid,relatime,mode=755) devpts on /dev/pts type devpts (rw,seclabel,relatime,mode=600) proc on /proc type proc (rw,relatime,gid=3009,hidepid=2) sysfs on /sys type sysfs (rw,seclabel,relatime) selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime) tmpfs on /mnt type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,mode=755,gid=1000) tmpfs on /apex type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,mode=755) /dev/block/mmcblk0p16 on / type ext4 (ro,seclabel,nodev,relatime) /dev/block/mmcblk0p10 on /efs type ext4 (rw,seclabel,nosuid,nodev,noatime,journal_checksum,journal_async_commit,noauto_da_alloc,data=ordered) none on /dev/cpuctl type cgroup (rw,nosuid,nodev,noexec,relatime,cpu) none on /acct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct) none on /dev/memcg type cgroup (rw,nosuid,nodev,noexec,relatime,memory) /dev/block/mmcblk0p16 on /apex/com.android.tzdata@290000000 type ext4 (ro,seclabel,relatime) /dev/block/mmcblk0p16 on /apex/com.android.tzdata type ext4 (ro,seclabel,relatime) /dev/block/mmcblk0p16 on /apex/com.android.runtime@1 type ext4 (ro,seclabel,relatime) /dev/block/mmcblk0p16 on /apex/com.android.runtime type ext4 (ro,seclabel,relatime) debugfs on /sys/kernel/debug type debugfs (rw,seclabel,relatime) none on /config type configfs (rw,nosuid,nodev,noexec,relatime) none on /dev/bfqio type cgroup (rw,relatime,bfqio) /dev/block/mmcblk0p29 on /data type ext4 (rw,seclabel,nosuid,nodev,noatime,journal_checksum,journal_async_commit,noauto_da_alloc,data=ordered) /dev/block/mmcblk0p18 on /cache type ext4 (rw,seclabel,nosuid,nodev,noatime,journal_checksum,journal_async_commit,noauto_da_alloc,data=ordered) /dev/block/mmcblk0p1 on /firmware type vfat (ro,relatime,fs=vfat:16,uid=1000,gid=1000,fmask=0337,dmask=0227,codepage=cp437,iocharset=utf8,shortname=winnt,namecase=0,symlink=0,bps=512,errors=remount-ro) /dev/block/mmcblk0p2 on /firmware-mdm type vfat (ro,relatime,fs=vfat:16,uid=1000,gid=1000,fmask=0337,dmask=0227,codepage=cp437,iocharset=utf8,shortname=winnt,namecase=0,symlink=0,bps=512,errors=remount-ro) adb on /dev/usb-ffs/adb type functionfs (rw,relatime) tmpfs on /storage type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,mode=755,gid=1000) /dev/block/mmcblk0p16 on /apex/com.android.media.swcodec@290000000 type ext4 (ro,seclabel,nodev,relatime) /dev/block/mmcblk0p16 on /apex/com.android.media.swcodec type ext4 (ro,seclabel,nodev,relatime) /dev/block/mmcblk0p16 on /apex/com.android.resolv@290000000 type ext4 (ro,seclabel,nodev,relatime) /dev/block/mmcblk0p16 on /apex/com.android.resolv type ext4 (ro,seclabel,nodev,relatime) /dev/block/mmcblk0p16 on /apex/com.android.conscrypt@299900000 type ext4 (ro,seclabel,nodev,relatime) /dev/block/mmcblk0p16 on /apex/com.android.conscrypt type ext4 (ro,seclabel,nodev,relatime) /dev/block/mmcblk0p16 on /apex/com.android.media@290000000 type ext4 (ro,seclabel,nodev,relatime) /dev/block/mmcblk0p16 on /apex/com.android.media type ext4 (ro,seclabel,nodev,relatime) /data/media on /mnt/runtime/default/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=1015,multiuser,mask=6,derive_gid,default_normal,unshared_obb) /data/media on /storage/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=1015,multiuser,mask=6,derive_gid,default_normal,unshared_obb) /data/media on /mnt/runtime/read/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=9997,multiuser,mask=23,derive_gid,default_normal,unshared_obb) /data/media on /mnt/runtime/write/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=9997,multiuser,mask=7,derive_gid,default_normal,unshared_obb) /data/media on /mnt/runtime/full/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=9997,multiuser,mask=7,derive_gid,default_normal,unshared_obb)

This device is using LineageOS 17.1.

After setting up ADB interception, one extra line is added:

tmpfs on /system/etc/security/cacerts type tmpfs (rw,seclabel,relatime)

That's what I would expect to happen, but in your case the output has a lot of extra magisk lines, and the tmpfs cacerts mount never appears.

How exactly was this device set up? It would be great if you could share the OS version and any manual rooting steps or any other custom configuration that might be relevant.

I suspect the mount command is what's failing here, but it would be best to check the whole script. Can you try copying the cert file into /data/local/tmp/, running the script commands manually, and see what errors or other results you get? Exit codes (i.e. echo $?) for any commands that do fail would be very helpful too.

It seems likely that this is failing on the mount step for some reason, but the fact that you can copy the certificate in manually anyway means we might be able to skip that in this case. If there's a way we can detect whether this is necessary then that'd work as a fix. Any clues you can get about exactly why this fails would be very useful!

shirshak55 commented 2 years ago

@pimterry I am myself bewildered here. The file on tmp directory gets removed but it is still not copied to android system cacerts folders. Strange.

Btw have you tried testing on magisk rooted device? (Most of the rooted phone is going to use magisk because of systemless root anyway)

pimterry commented 2 years ago

When you run the commands one by one manually, do you see any kind of errors?

shirshak55 commented 2 years ago

@pimterry it works if I do it manually :(

shirshak55 commented 2 years ago

@pimterry https://www.youtube.com/watch?v=rjukdUm7ZJY

pimterry commented 2 years ago

Thanks, that's really great! Very clear on the issue, the behaviour there is very odd, although it doesn't immediately give me many ideas of what might be going wrong.

If you set up a local server, you should be able to edit the script directly in the server, and then test that directly. That should let you debug it up close to work out what it's really doing and why it's failing.

One thing I've noticed already is that we're not using or logging the script output at all, which might have some good clues...

Do you get anything interesting in the server log output if you change this line to log its output, as below?

const output = await run(adbClient, deviceId, rootCmd.concat('sh', injectionScriptPath));
console.log(output);

I'm hoping that that might produce some proper clues immediately. If not, but you do get the command output, it would be interesting to know what ls and mount output when run directly inside the script there, so I'd try that.

Does that make sense? Give that a go, if it doesn't work then I'm going to have to put together a test device that matches yours I think and start trying to reproduce this myself.

shirshak55 commented 2 years ago

@pimterry Let's do this in anydesk, it's probably easier in that way? Or we can live chat in discord?

pimterry commented 2 years ago

@shirshak55 I think that's a good idea, that'll definitely help. I'm afraid that's a bit difficult for me for the next few days though.

Are you free some time next week to dig into this, let's say on Wednesday? I'm in Spain, so CET time. Pick any time you like here: https://calendly.com/httptoolkit-tim/30min

pimterry commented 2 years ago

Just writing up my notes from our call last week and my investigation since:

If you open one terminal session and run the ADB commands, everything works. If you open a second ADB shell though, the mount and the injected certificate are not visible, even though they remain visible in the first session. This is not expected :exploding_head:
It seems like what's happening is that Magisk is isolating the view of the mounted file systems by process somehow.
That means that to fix this we need to either a) workaround that, so we can create a mount that's visible everywhere, or b) use a totally different injection technique that's independent of Magisk.
I have found one way to work around this: we could build a magisk module (see detailed docs, and this intro guide).
- A Magisk module is just a zip with some extra files that should be mounted. We could dynamically build a zip that contains the certificate, and install that as a Magisk module on the device, to tell Magisk to manage injecting the certificate for us.
- To do this, we need to be able to run magisk via adb to install a given zip. @shirshak55 what happens on your device if you reboot, then run adb shell, then run magisk? Does it exist? Do we need to run su first to run it as root?
- If that works, it looks like you can even mark Magisk modules are temporary (so they disappear on reboot) which would let us add certificates completely non-persistently, which would be great.
Alternatively, as an alternative injection technique: running adb remount and then manually copying the certificate in does seem to work correctly and persistently, so we should probably do that. We only want to do that when it's strictly necessary though, so we need to detect this issue.
For detection, the easiest option is probably to just use this as a fallback:
- Run all the normal steps
- After they complete, open a new shell and check that the certificate appears. If it doesn't, check if we can see '.magisk/block/system_root' references in mount output (example output), just to make sure that's we're dealing with Magisk.
- If the certificate is missing and Magisk is managing mounts, try to use adb remount & inject it that way

shirshak55 commented 2 years ago

@pimterry Yes it exists and it seems we don't need su

raphaelin:/ $ magisk                                                           
Magisk - Multi-purpose Utility

Usage: magisk [applet [arguments]...]
   or: magisk [options]...

Options:
   -c                        print current binary version
   -v                        print running daemon version
   -V                        print running daemon version code
   --list                    list all available applets
   --remove-modules          remove all modules and reboot
   --install-module ZIP      install a module zip file

Advanced Options (Internal APIs):
   --daemon                  manually start magisk daemon
   --[init trigger]          start service for init trigger
                             Supported init triggers:
                             post-fs-data, service, boot-complete
   --unlock-blocks           set BLKROSET flag to OFF for all block devices
   --restorecon              restore selinux context on Magisk files
   --clone-attr SRC DEST     clone permission, owner, and selinux context
   --clone SRC DEST          clone SRC to DEST
   --sqlite SQL              exec SQL commands to Magisk database
   --path                    print Magisk tmpfs mount path

Available applets:
    su, resetprop, magiskhide

And, sorry for the delay

pimterry commented 2 years ago

Excellent! No worries about the delay. It sounds like there's definitely a possible route there then: if we detect magisk as a command on the device, then instead of using the mount approach we need to create a Magisk module zip containing the files, and temporarily install that module.

No worries about the delay of course, hope your exams went well!

If you have some free time now, any chance you want to work out how Magisk modules work, and build & test one out on your device? We need to:

Work out what the zip needs to contain to make it inject the certificate for us
Manually create an example zip that does that
Test that installing this zip with magisk does inject the cert on your device.

If you can do that and share a working zip, then I can write the Node code to automatically build and install such zips, and then we'll have fixed this problem permanently.

GOTEM321 commented 2 years ago

I'm reading this whole entire blog and would like to say thank you. No one could have made this as clear as it was for me but you guys.

shirshak55 commented 2 years ago

@pimterry I think there is already one magisk module that is available.

https://github.com/victor141516/httpcanary-magisk

We just need to put our certs there.

https://github.com/victor141516/httpcanary-magisk/tree/master/system/etc/security/cacerts

Obviously they are putting hard coded certs. But for security reasons I think we should use generated certs.

pimterry commented 2 years ago

@GOTEM321 Thanks! Glad to hear that the blog posts helped you out :smile:

pimterry commented 2 years ago

@shirshak55 Excellent find, yes that's a perfect example that we can use as a basis for this, great work.

The key step is testing whether it works to solve the issue for devices like yours though.

If you swap out the certificate in that module with your own, and then install it using magisk, does it successfully install a system certificate on your device?

shirshak55 commented 2 years ago

Solved by: https://github.com/httptoolkit/httptoolkit-server/pull/37

httptoolkit / httptoolkit-android

Doesn't work properly in andriod rooted using Magisk #8