KernW0lf@github.io ~ $

Rooting Android Devices with Magisk

tags
#Rooting #Magisk #Bootloader
published
reading time
5 minutes

Rooting an Android device opens up a world of possibilities, allowing users to customize their devices beyond the limitations set by manufacturers. Magisk has emerged as a popular tool for rooting due to its systemless approach, meaning you can gain root access without modifying the system partition, making it easier to unroot or pass SafetyNet checks. This guide will take you through the process of rooting your android devices using Magisk.

Before we delve into the process of rooting, let’s just familiarize ourself with the defination of “root”. In the context of computing, root refers to the highest level of access or permission granted to a user or process within an operating system. Specifically, in Unix-like systems, including Android, the root user (often referred to as “root”) has unrestricted access to all commands and files on the system. This allows the root user to perform tasks that are typically restricted to standard users, such as modifying system files, installing or uninstalling applications, and changing system settings. Rooting is the process of gaining administrative access to the operating system.

When it comes to rooting Android devices, there are two primary approaches: using exploits or utilizing tools like Magisk.

Some rooting methods, such as KingoRoot, leverage vulnerabilities in the Android operating system to gain root access. These exploits can automate the rooting process, making it user-friendly for those who may not have technical expertise. One major concern is that users often have little visibility into the actions being performed during the rooting process. This lack of transparency can lead to several potential issues. Since you don’t know what the tool is doing behind the scenes, there’s a risk that it may install unwanted or malicious software on your device. Such software can compromise your privacy and security. For these reasons, it’s essential to approach exploit-based rooting methods with caution and consider more secure alternatives like Magisk that provide better control and safety.

In contrast, Magisk offers a more robust and secure method for rooting. It employs a systemless root approach, meaning it modifies the system in a way that does not alter the system partition directly. Magisk is an open-source project. Its source code is available on GitHub, allowing developers and users to inspect, modify, and contribute to its development.

Risks of Rooting

  1. Void Warranty: Rooting can void your device’s warranty.
  2. Bricking Device: Incorrect procedures may lead to a bricked device.
  3. Security Risks: Root access can expose your device to security vulnerabilities.

Prerequisites for Rooting with Magisk

Device Compatibility

Ensure your device is compatible with Magisk. Check forums like XDA Developers for device-specific guides.

Necessary Tools

  1. ADB and Fastboot: Install ADB and Fastboot on your computer.
  2. Magisk Manager APK: Download the latest version of Magisk Manager.
  3. Custom Recovery (Optional): Obtain a custom recovery (like TWRP) compatible with your device.

Device Tested

To provide a comprehensive overview of the rooting process with Magisk, I tested it on the Pixel 2 XL, the same device I used in my previous blog, where I demonstrated how to unlock the bootloader of a carrier-locked device.

Pixel 2 XL (Verizon)
OS Version: Android 11 with the 2020-10-05 Security Patch

Before proceeding with the rooting process, it is crucial to back up all important data on your device.

Now install the Magisk Apk you downloaded into the device. You can use adb to install.

adb install Magisk-v27.0.apk

Now we need to patch the boot.img and then flash it back to the device. We can obtain the boot.img from the stock firmware ZIP file or the custom ROM package we downloaded. Once extracted, we will use the Magisk Manager app to patch the boot.img, creating a modified version that includes root access. After the patching process is complete, we will flash the modified boot.img back onto the device.

For Nexus and Pixel devices, we can download the factory images from this link.

Let’s grab the build id of the device.

adb shell getprop ro.build.fingerprint

In my case, I got the following output:

google/taimen/taimen:11/RP1A.201005.004.A1/6934943:user/release-keys

So RP1A.201005.004.A1 is the build number of my device.

On searching this build number I got the link to download the factory image.

Factory Image

Once downloaded, extract the zip.

$ unzip taimen-rp1a.201005.004.a1-factory-2f5c4987.zip
$ ls
taimen-rp1a.201005.004.a1  taimen-rp1a.201005.004.a1-factory-2f5c4987.zip
$ cd taimen-rp1a.201005.004.a1
$ ls
bootloader-taimen-tmz30m.img  flash-base.sh
flash-all.bat                 image-taimen-rp1a.201005.004.a1.zip
flash-all.sh                  radio-taimen-g8998-00034-2006052136.img
$ unzip image-taimen-rp1a.201005.004.a1.zip
Archive:  image-taimen-rp1a.201005.004.a1.zip
  inflating: android-info.txt        
  inflating: boot.img                
  inflating: system.img              
  inflating: vendor.img              
  inflating: system_other.img        
  inflating: dtbo.img                
  inflating: vbmeta.img

The boot.img file is a crucial component of the Android operating system that contains the kernel and the ramdisk. The boot.img file is responsible for booting the Android device. It initializes the kernel and sets up the ramdisk, enabling the device to start and run the Android operating system.

Now upload the boot.img into the phone.

adb push boot.img /sdcard/Download

Open Magisk App and Select Install option and Click on “Select and Patch a File”. Factory Image

Go into the Downloads folder and you can see our boot.img Factory Image

Click on Let's Go ->

Factory Image

You can see the patched boot.img in the Download directory. Let’s pull it.

adb pull /sdcard/Download/magisk_patched-27000_XlHup.img .

Now, go in to the bootloader.

$ adb reboot bootloader

You will see something like: bootlader

Image Source: google

Flash the patched boot.img using the following command.

$ fastboot flash boot magisk_patched-27000_XlHup.img

Now, reboot the phone.

$ fastboot reboot

We can now use Magisk Manager to manage and grant root permissions on the device.

In the ADB shell, type su, and in the Magisk app, you can Grant root permission to the ADB shell session, which uses the package name com.android.shell.

taimen:/ $ su

If you don’t see a root permission request in the Magisk app, you can manually navigate to the Superuser section and grant permission to the ADB shell.

Factory Image Factory Image

To unroot the device, simply flash the original boot.img and reboot.

Conclusion

Throughout this guide, I demonstrated how to root your device step-by-step, focusing on the Pixel 2 XL, but the process is applicable to many Android devices. By using Magisk, you can unlock the full potential of your device while maintaining the flexibility to unroot whenever necessary. If you found this guide helpful or have any questions, feel free to reach out. Happy Rooting! Unleash the full potential of your Android device.