1

From the time system-as-root came, developers have rooted different devices by patching the Magisk su binaries in the kernel. I want to understand how exactly they have done this so to start from basics, I want to test creating a file on the /system but with kernel sources.

I have already built a permissive kernel. I am not able to figure out where to start doing what?

Anyone can guide me in this?

Vatish Sharma
  • 1,001
  • 4
  • 21
  • 36
  • "by patching the Magisk su binaries in the kernel". How an su binary can be in the kernel? su is a userspace tool which communicates to kernel through syscalls for privileges elevation. I think there's some problem with your understanding. Do you mean boot.img by saying kernel? If so, Magisk always patched boot.img since early days, even before SAR. – Irfan Latif Mar 13 '20 at 10:11
  • I think I didn't understand the concept of a custom kernel for system-less rooting. In system-as-root devices, peoples have rooted it without touching the system. As there is no ramdisk in the boot.img so I thought they have customized the kernel to overwrite the required things on the system when device boot. But if su is not in the kernel then how they patched it without modifying the system and boot.img. Please clear my doubts, I shall be very thankful to you. – Vatish Sharma Mar 13 '20 at 11:27
  • Rooting a device without touching /system (system-less root) existed even before system-as-root was introduced. System-less root was adopted at some later stage by SuperSU but Magisk has always been system-less. Rooting by modifying /system was never officially supported (AFAIK), though it works. How system-less rooting works on non-SAR and SAR devices is partially explained (at least basic concepts) in my answers to How Magisk works? and How to disable dm-verity?. – Irfan Latif Mar 13 '20 at 11:38

0 Answers0