EMUI 9 experimentations - flashing patched (e)recovery_ramdisk to erecovery_ramdisk partion.

[MaciejMalczyk]

Recently i've got in my hands Huawei P20Lite and was trying to install LoS on it. Installing LoS was easy after learning something about Huawei and Emui arcitecture but installing Magisk is much trickier. I know that recomended method is patching recovery image but launching magisk with this method is pretty inconvinient (or propably not possible) so i decided to try patch erecovery_ramdisk and see what will happen as launching erecovery with unlocked bootloader is super easy. To my suprise with patched erecovery_ramdisk system is starting and Magisk is present, but device reboots after half a minute. I looked inside Logcat but nothing interesting was present (maybe i should look into kernel log).

So now my assumptions are:

1. propably erecovery_vendor is different to system vendor. Why? Because Wi-Fi acts differently when launching system normally and through patched erecovery. What is interesting is fact that huaweis erecovery has acces to Wi-Fi and filesystem.
2. erecovery ramdisk and recovery ramdisk has build in script non existent in system ramdisk that is not compatible with system environment.
3. Kernul panic xd

But how i was able to alter erecovery_ramdisk? Friends from 4pda patched TWRP image to mount most device partitions.

Now i will propably install system vendor to erecovery_vendor to find out what will happen.

I will try to post there ADB logcat, kernel log, unpacked erecovery and recovery ramdisk. Maybe someone more involved will find something which will make installing Magisk on EMUI more easily.

[zgfg]

I'm no more in Huaweis but you should be able to extract images for all partiions by use of Huawei Update Extractor (PC app) from update.app (upon unzipping the update zip). 5hen, yyou can flash the images from Fastboot (and you don't really need TWRP)

IMO, recovery-ramdisk and erecovery-ramdisk images are the same (same cheksums - at least it was up to EMUI 8)

Sorry, maybe I forgot something but to boot to eRecovery the phone must be plugged in to USB and you have to keep pressing Vol+

For Recovery, also keep pressing Vol+ but without the USB charging - hence I don't see why would be easier to boot to erecovery than to recovery (unless you flashed TWRP to recovery and then you first boot to TWRP and then from TWRP to erecovery, but in that case you go in two steps and you also need Vol+ for TWRP)

Maybe you should try an earlier version of Magisk like v19 or v20, at those times installing Magisk to recovery (extract, patch, flash) worked for various models with EMUI 9 and 9.1

[MaciejMalczyk]

@zgfg Thanks for response.

At the end i patched recovery_ramdisk, flashed it with fastboot and now to start phone i need to do key combo that you described. For some reason custom kernel was needed but this was fairly easy to install.

Maybe in the future i will try to write some shell script which will automaticly reboot system if magisk file does not exist which will eliminate problem with tricky key combo.

[zgfg]

• To reboot programmatically from Android, you need root (therefore Magisk)

• If you want to have Magisk and TWRP, you can keep Magisk in Recovery and flash TWRP to eRecovery. But it's good to keep stock eRecovery in case of a brick (option: Install latest firmware)

[zgfg]

Also, for easier rebooting, use root apps like this: https://play.google.com/store/apps/details?id=fr.petrus.tools.reboot

Since you have successfully rooted, you can close the ticket 🤩

[MaciejMalczyk]

As you said i finally make magisk work and even without special key start combo. In p20 lite boot to recovery remains as default if device was once booted to it and then not booted with vol-up and power combo.

Unfortunatelly i cannot get basicIntegrity and ctsProfile to work (i'm using GSI image) so propably i will need to get used to this.

[zgfg]

Look at XDA (and ask further if necessary) for SafetyNet fix Magidk module (or search directly on Github for download): https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/

[MaciejMalczyk]

None of known to me modules work. I tried MagiskHidePropsConfig and UniversalSafetyNet fix and have no luck. And this is afecting not only P20Lite but Moto One too. At this point i will close this issue and propably open another but this time about Magisk and GSI problems.

[Didgeridoohan]

None of known to me modules work. I tried MagiskHidePropsConfig and UniversalSafetyNet fix and have no luck. And this is afecting not only P20Lite but Moto One too. At this point i will close this issue and propably open another but this time about Magisk and GSI problems.

Neither of those modules can help you with a failed basic integrity. That's something you'll have to figure out some other way (there are many things than can trigger both basic integrity and CTS): https://www.didgeridoohan.com/magisk/MagiskHide#hn_SafetyNet

And I suggest that you do not open any further issues here regarding that... Take a look at #1152. General MagiskHide problems aren't for GitHub issues. Use XDA for that.

[Didgeridoohan]

@wujekbrezniew Why the reopen? There's nothing here that needs @topjohnwu's attention...

[MaciejMalczyk]

I found solution.

Most treble GSI's are based on Phhusson repo which includes to system phh su files. Those trigger basicIntegrity. After removing su files and then applying magisk problem with basicIntegrity gone (of course after hiding magisk manager and turning on MagiskHide). Commands must be execute from recovery as securize script run from system crashes and makes device bootloop.

Set of commands which must be executed (which i extracted from this script):

mount -o rw,remount /system rm /system/xbin/su rm /system/bin/phh-su rm /system/etc/init/su.rc rm /system/bin/phh-securize.sh rm -Rf /system/{app,priv-app}/me.phh.superuser/ rm -Rf /data/su

/system can be mount with TWRP mount menu too.

This applies to more devices of course.

@Didgeridoohan Maybe this should be quouted on your Magisk wiki?

[MaciejMalczyk]

And now this can be closed. :)

[Didgeridoohan]

That Magisk cannot hide other root solutions is already in the wiki: https://www.didgeridoohan.com/magisk/MagiskHide#hn_Magisk_can_not_hide

I did add a small note under "CTS and basic integrity failing" though...

[breversa]

@wujekbrezniew (and @zgfg ?) : To sum up, can you confirm that patching recovery_ramdisk from Magisk then flashing it to (e)recovery_ramdisk (which one ?) partition allows to have working Magisk in a Treble GSI ?

[zgfg]

@wujekbrezniew (and @zgfg ?) : To sum up, can you confirm that patching recovery_ramdisk from Magisk then flashing it to (e)recovery_ramdisk (which one ?) partition allows to have working Magisk in a Treble GSI ?

Never installed Magisk to EMUI 9 since there was a problem to unlock Bootloader. Later I got rid of Huawei

However, at that time I did read a lot on XDA, Huawei devices forums about installing Magisk to EMUi 9 - so please take your time and study. And yes, every guide was about patching ramdisk but there were side efects to phone app but also a workaround how to fix. So again, dive in and read about details. It should apply to GSI but again investigate on XDA and ask if needed

[breversa]

I started my research, but I hoped that someone had been through already and could save me some time. But thanks for your reply, @zgfg. I'll do my own work and report here when (… if ?) I'm successful. :-)

[MaciejMalczyk]

@wujekbrezniew (and @zgfg ?) : To sum up, can you confirm that patching recovery_ramdisk from Magisk then flashing it to (e)recovery_ramdisk (which one ?) partition allows to have working Magisk in a Treble GSI ?

recovery_ramdisk

[zgfg]

I have no more Huawei phones

But you can read on XDA, for various Huawei/Mate phones with EMUI 9 how to install Magisk

[MaciejMalczyk]

I succesfully installed Magisk with Phh Gsi ROM (as far as i remember with stock vendor) with passed basic integration and CTS profile. If anyone is interested i can make a tutorial on XDA or anywhere else. Idk exacly if it is still requied to modify build.prop manually to pass CTS but i even if i created bash script to ease this process.

[breversa]

@wujekbrezniew A tutorial (XDA would be best, I guess) would be awesome !!

I'm trying to install both Magisk and an /e/ OS GSI (which is PHH-based, AFAIK : https://doc.e.foundation/support-topics/install-GSI) on a Mate 20 Lite with bootloader unlocked.

So far, I've managed to install /e/ OS, but not Magisk.

[breversa]

@wujekbrezniew Is your tutorial offer still up ? I'd love to be able to install /e/ OS GSI + Magisk on this device !

[breversa]

I think I've found the solution : https://forum.xda-developers.com/t/guide-root-al00-emui-9-1.3938483/#post-79703240

The trick is basically to :

• Install /e/ OS GSI from fastboot
• Boot then install the Magisk app
• From the Magisk app, patch the recovery_ramdisk.img
• From fastboot : fastboot flash recovery_ramdisk [file patched from Magisk]
• fastboot reboot then QUICKLY disconnect the USB cable and keep "Volume up" pressed until it reboots to eRecovery (if it does not, I guess you'll have to start over)
• From eRecovery, wipe the phone
• At the next boot, you'll have both /e/ OS AND Magisk !!