Galaxy A8/A8+ incompatibility

[salvogiangri]

Hello everyone. Galaxy A8/A8+ users are reporting that flashing Magisk on their phone with Samsung Experience 9.0 (Android 8.0.0) up breaks their baseband, preventing them to use all its related features; after some tries we actually found it's related to the patched "init" file in ramdisk. Here there are the various logs to look closer this issue: https://drive.google.com/open?id=1F0kBmFjG45Zh1-yvDYHVCKip7XEZ8SGo Hope those will be helpful for the possible future fix of the issue, let me know if you need more infos/file to look at. Greetings!

[breakersvd]

@BlackMesa123 @topjohnwu I have this device and i worked on this bug about two days and in the last it was fixed

compiled magisk sources from latest commit (2018 - 08 - 12).

the problem (losing baseband modem functions) is because xmount overlay for sbin dir,

so the fix is like the next:

in file bootstages.c in startup function on [mount the /sbin tmpfs overlay]: comment out the code: xmount("tmpfs", "/sbin", "tmpfs", 0, NULL); now the problem must be fixed but we could not access to execute any file in /sbin dir so we change setfilecon("/sbin", "u:object_r:rootfs:s0"); to setfilecon("/sbin", "u:object_r:system_file:s0");.

Now everything should works fine like my device.

I tested it on some samsung devices and every thins was fine but i don't know if this edits create a new bugs.

[salvogiangri]

Great news then! You mind if I merge your fix in my fork and release it on XDA temporarely, of course with credits lol. Users should be happy and also topjohnwu can take all the time he wants to work on the issue and find a workaround that should be enough for all the devices

[breakersvd]

@BlackMesa123 Sure we will share but first i need to do more checks because in android (5.1.1 - 6.0.1) need more work to allow user access to files in /sbin even if we set contexts to system_file,, i'm working on it now

[salvogiangri]

Good luck with it. Now gonna release a temporary zip for jackpot Oreo OS users till there's a better fix/gets fixed on a Stable/Beta official build

[breakersvd]

@BlackMesa123 @topjohnwu

Now fixed A530F bug and executing magisk tools in rootfs (this file is ready to release and test):

• changelog: -- commented out this line xmount("tmpfs", "/sbin", "tmpfs", 0, NULL); -- added non_overlay_sbin_codes(); function instead of /sbin overlay (to allow execute binaries), the function added in late_start>core_only: stage

tested on FrankeNDK. i don't know if this edit will destroy root ability on other devices, anyway @topjohnwu this is a temporary solution and i'm sure you will find a stable one as you always do

here is the file ready to compile:

bootstages.txt

@BlackMesa123 If you don't mind just compile with this file and tell us if that worked for you too.

Thanks in advance,

[saboooor]

@breakersvd I tested @BlackMesa123's modified magisk that has your code that fixes the problem, but when I open magisk manager, it fc

[breakersvd]

@587saboor i think that zip is need to be recompiled with last bootstages.txt file above

[saboooor]

@breakersvd oh ok, if you can, can you compile magisk for us? currently @BlackMesa123 is asleep

[breakersvd]

@587saboor I'm working on it now, magisk needs more rules to patch sepolicy to get all permissions to su

[breakersvd]

@BlackMesa123 @587saboor Even with fix Baseband issue or not; Magisk needs to fix su access and i reported it to topjohnwu https://github.com/topjohnwu/Magisk/issues/470

[topjohnwu]

@breakersvd with this fix, it is impossible to hide root with MagiskHide. The /sbin overlay IS the critical key to MagiskHide. Do you guys have a custom kernel that sets SELinux to permissive and see if it works?

[salvogiangri]

@topjohnwu I released almost a month ago a test version of my custom kernel (it has SELinux Permissive aswell) but users reported Magisk wasn't working there too. Gonna release the stable version today and tell my testers to try v16.7 on it and check if it works

[topjohnwu]

OK, I nailed down the baseband issue to this service: cpboot-daemon in init.baseband.rc. For some reason the service cannot be started. @BlackMesa123 your logs are not early enough, I can only see failures but they are way too late (it is doing retries), do you have any ways to capture dmesg and logcat as early as possible (I would love to see logs from the beginning of boot)

[topjohnwu]

Ah, found it: [ 21.151486] defex: safeplace violation [task=init (/init), child=/root/cbd, uid=0] It's Samsung's stupid kernel blocking it from executing from /root

[topjohnwu]

@BlackMesa123 disable this in your defconfig to build a custom kernel that support Magisk CONFIG_SECURITY_DEFEX=y We will need to dig deeper to find out how to hexpatch the kernel to prevent this from happening

[salvogiangri]

@topjohnwu gonna see what I can do. Thanks for your time!

[salvogiangri]

@topjohnwu finally managed to fix this mess! With those two flags set inside defex Makefile everything works flawless. Thanks again a lot and good luck for the further Magisk's development! Gonna leave temporarely the issue open 'till you want it to be closed or 'till the issue is fixed on a future Magisk build with the correct hexpatches for Stock kernel. Greetings!

[saboooor]

@topjohnwu have you found the general fix yet? (the one that doesnt need a custom kernel)

[salvogiangri]

@587saboor he needs to find out which bytes needs to be patched to disable or at least avoid Defex to block the bins in the folders defined in its rules file. It isn't easy since to find the correct bytes to patch he needs to reverse the compiled kernel in order to have at least a clear deassembled code (with all the functions and branches), you just need to have patience till he finds out the issue

[breakersvd]

@BlackMesa123 @topjohnwu @587saboor Finally i found a hexpatch for the stock kernel (tested on A530F 8.0.0)

in stock kernel sources: security/defex_lsm/defex_procs.c @318:

if (!p || p->pid == 1 || !p->mm) - [stock] if (!p || p->pid != 1 || !p->mm) - [patched]

and the matched bytes for that code is the hexpatch code:

./magiskboot --hexpatch kernel b91f040071802f005460de b91f040071812f005460de

Included in this build https://mega.nz/#!nJZzWY7R!aXjEWqzr_TeZQIz8QPsI6dAy9GuAd6tY8sjZ1-IkN30

this worked completely for my device on build A530FXXU2BRG3 with baseband and full root access

[saboooor]

@breakersvd great! now i have full root working, i can use fx file explorer for root now! thanks! https://mega.nz/#!Dp9lkYZb!p9yAHB0zBmSz87WUpE1NroXjmQ8-k2D6-qTcBjhAKZI

[salvogiangri]

@breakersvd if Defex finally doesn't blocks nothing with that patch, this is a really good news. I suggest you to create a pull request so that @topjohnwu can add it in his future release, expecially since Samsung is starting to add Defex LSM in its new devices (confirmed that Note9 has it aswell)

[breakersvd]

@BlackMesa123 Yes with this patch defex will return to task_defex_enforce with DEFEX_ALLOW value and this will allow to execute anything from every where with any PID

[geiti94]

@breakersvd for N9 a new patch is needed. looks like samsung updated defex on note 9. i tryed your magisk zip but after boot no ril

[breakersvd]

@geiti94 Ok i will take a look into the kernel image and the source and see what i can do

[breakersvd]

@geiti94 Samsung didn't released the sources of N9 kernel yet but i have a hexpatch to test, could you give it a try with your device ?

[geiti94]

@breakersvd yes sure i can try

[breakersvd]

@geiti94 Flash the stock kernel then flash this zip: https://mega.nz/#!udx3nKBI!27vCCCUu8M8flYkdVKI7Of9g2ts_a7Afw3nj6HF69gk

[geiti94]

@breakersvd tested now. it bootloops at note 9 logo

[breakersvd]

@geiti94 Ok i think i need to wait samsung until release the N9 kernel sources

[geiti94]

@breakersvd thats what i am waiting too for compile finally a twrp for it. i need for the moment to patch the kernel with magisk on my s9+ then make a backup and reflash it on my n9

[DrKetan]

@geiti94 @breakersvd @topjohnwu N960F kernel source out now

[breakersvd]

@DrKetan yes i saw that i downloaded the sources and working now

[DrKetan]

@breakersvd if (!p || p->pid == 1 || !p->mm) is already there, hex code you posted is not there on older kernel (RG7), I am downloading latest base (RH5) so will check if same hex code available

[breakersvd]

@DrKetan if you have the device i will upload a new magisk zip to test, did you have it and could you test ?

[DrKetan]

@breakersvd sure.

[breakersvd]

@DrKetan ok flash the stock kernel then flash this zip https://mega.nz/#!6F5UhKAL!PXl1bvn5WsmqXlLKYF41UddHQ0UdG00GgfJYW_-YEFE

[DrKetan]

@breakersvd Will do in 1-2 hrs and back to you. Thank you very much.

[breakersvd]

@DrKetan Ok, hope this file works fine

[DrKetan]

@breakersvd yes this code there in kernel b91f0400710030005460c6

[breakersvd]

@DrKetan I know but i just want to test in the device if it will disable it or not

[DrKetan]

WTH I am not able to reboot to download mode with vol down + bixby + power

[breakersvd]

Do it with adb: adb reboot download

[salvogiangri]

@DrKetan combination changed. Hold volume down+bixby buttons then plug your USB-C cable to your pc, it should boot in Download Mode then

[DrKetan]

@BlackMesa123 that did the trick Thank you. @breakersv flashed & reset , waiting (Actually device booted but with screen saying verification fail and asked to reset so hoping this should work)

[DrKetan]

Booted, need to check root Now

[breakersvd]

@DrKetan before check root, what about the baseband and network ?

[DrKetan]

@breakersvd Hey everything fine................ only one thing missing.. Your Paypal ID, kindly provide. Thank you very very much

[breakersvd]

@DrKetan SO glad to hear that, thanks for your tests

[salvogiangri]

Well seems this story has finally reached an happy ending, aswell another Sammy security feature has been defeated once again (lel), thanks a lot you all, time to enjoy Magisk on newer devices/fws. @topjohnwu you decide when to close this issue and merge the new hexpatches on your future builds ;)