The system partition is readable and writable
Refer to the previous blog post to learn about the common knowledge about unlocking the system partition. But currently many models are based on Android 12 13. In fact, the simplest method is to flash a third-party patch package that unlocks the system partition. Under the premise that the mask update cannot unlock the system partition. We can also achieve the purpose of unlocking the partition by flashing an unlocking module.
The official resource download address is at the end of the blog post.
Test models and information
Desk type;Xiaomi 11
Core piece:骁龙888
Anzaku version:Anzaku 13
Mengu model:Magisk Overlayfs
Series version:miui14
The steps are:
After unlocking bl, you have mask root permissions. This can be done by referring to the unlocking bl and root methods of your own model.
Then flash this module into the mask.
After restarting, check that the module is running normally. At this point, you can read and write from any system partition. Use re manager to visually view the effect
Operation effect
You can now delete system partition files arbitrarily.
Part of the source code is as follows:
SKIPUNZIP=1
if [ "$BOOTMODE" ] && [ "$KSU" ]; then
ui_print "- Installing from KernelSU app"
ui_print "- KernelSU version: $KSU_KERNEL_VER_CODE (kernel) + $KSU_VER_CODE (ksud)"
ui_print "- Please note that KernelSU modules mount will make"
ui_print " your system partitions unable to mount as rw"
ui_print "- If you are using KernelSU, "
ui_print " please unmount all ksu overlayfs"
ui_print " when you want to modify system partitions"
elif [ "$BOOTMODE" ] && [ "$MAGISK_VER_CODE" ]; then
ui_print "- Installing from Magisk app"
else
ui_print "*********************************************************"
ui_print "! Install from recovery is not supported"
ui_print "! Please install from KernelSU or Magisk app"
abort "*********************************************************"
fi
loop_setup() {
unset LOOPDEV
local LOOP
local MINORX=1
[ -e /dev/block/loop1 ] && MINORX=$(stat -Lc '%T' /dev/block/loop1)
local NUM=0
while [ $NUM -lt 1024 ]; do
LOOP=/dev/block/loop$NUM
[ -e $LOOP ] || mknod $LOOP b 7 $((NUM * MINORX))
if losetup $LOOP "$1" 2>/dev/null; then
LOOPDEV=$LOOP
break
fi
NUM=$((NUM + 1))
done
}
randdir="$TMPDIR/.$(head -c21 /dev/urandom | base64)"
mkdir -p "$randdir"
ABI="$(getprop ro.product.cpu.abi)"
# Fix ABI detection
if [ "$ABI" == "armeabi-v7a" ]; then
ABI32=armeabi-v7a
elif [ "$ABI" == "arm64" ]; then
ABI32=armeabi-v7a
elif [ "$ABI" == "x86" ]; then
ABI32=x86
elif [ "$ABI" == "x64" ] || [ "$ABI" == "x86_64" ]; then
ABI=x86_64
ABI32=x86
fi
unzip -oj "$ZIPFILE" "libs/$ABI/overlayfs_system" -d "$TMPDIR" 1>&2
chmod 777 "$TMPDIR/overlayfs_system"
if ! $TMPDIR/overlayfs_system --test; then
ui_print "! Kernel doesn't support overlayfs, are you sure?"
abort
fi
ui_print "- Extract files"
unzip -oj "$ZIPFILE" post-fs-data.sh \
service.sh \
util_functions.sh \
mode.sh \
mount.sh \
uninstall.sh \
module.prop \
"libs/$ABI/overlayfs_system" \
-d "$MODPATH"
unzip -oj "$ZIPFILE" util_functions.sh -d "/data/adb/modules/${MODPATH##*/}"
ui_print "- Setup module"
chmod 777 "$MODPATH/overlayfs_system"
resize_img() {
e2fsck -pf "$1" || return 1
if [ "$2" ]; then
resize2fs "$1" "$2" || return 1
else
resize2fs -M "$1" || return 1
fi
return 0
}
test_mount_image() {
loop_setup /data/adb/overlay
[ -z "$LOOPDEV" ] && return 1
result_mnt=1
mount -t ext4 -o rw "$LOOPDEV" "$randdir" && \
"$MODPATH/overlayfs_system" --test --check-ext4 "$randdir" && result_mnt=0
# ensure that uppderdir does not override my binary
rm -rf "$randdir/upper/system/bin/overlayfs_system" \
"$randdir/upper/system/bin/magic_remount_rw" \
"$randdir/upper/system/bin/magic_remount_ro"
umount -l "$randdir"
return $result_mnt
}
create_ext4_image() {
dd if=/dev/zero of="$1" bs=1024 count=100
/system/bin/mkfs.ext4 "$1" && return 0
return 1
}
if [ ! -f "/data/adb/overlay" ] || ! test_mount_image; then
rm -rf "/data/adb/overlay"
ui_print "- Setup 2GB ext4 image at /data/adb/overlay"
ui_print " Please wait..."
if ! create_ext4_image "/data/adb/overlay" || ! resize_img "/data/adb/overlay" 2000M || ! test_mount_image; then
rm -rf /data/adb/overlay
abort "! Setup ext4 image failed, abort"
fi
fi
mkdir -p "$MODPATH/system/bin"
chcon -R u:object_r:system_file:s0 "$MODPATH/system"
chmod -R 755 "$MODPATH/system"
ln "$MODPATH/overlayfs_system" "$MODPATH/system/bin"
ln -s "./overlayfs_system" "$MODPATH/system/bin/magic_remount_rw"
ln -s "./overlayfs_system" "$MODPATH/system/bin/magic_remount_ro"
. "$MODPATH/util_functions.sh"
support_overlayfs && rm -rf "$MODPATH/system"
ui_print
MODDIR="${0%/*}"
set -o standalone
export MAGISKTMP="$(magisk --path)"
chmod 777 "$MODDIR/overlayfs_system"
OVERLAYDIR="/data/adb/overlay"
OVERLAYMNT="/dev/mount_overlayfs"
MODULEMNT="/dev/mount_loop"
mv -fT /cache/overlayfs.log /cache/overlayfs.log.bak
rm -rf /cache/overlayfs.log
echo "--- Start debugging log ---" >/cache/overlayfs.log
echo "init mount namespace: $(readlink /proc/1/ns/mnt)" >>/cache/overlayfs.log
echo "current mount namespace: $(readlink /proc/self/ns/mnt)" >>/cache/overlayfs.log
mkdir -p "$OVERLAYMNT"
mkdir -p "$OVERLAYDIR"
mkdir -p "$MODULEMNT"
mount -t tmpfs tmpfs "$MODULEMNT"
loop_setup() {
unset LOOPDEV
local LOOP
local MINORX=1
[ -e /dev/block/loop1 ] && MINORX=$(stat -Lc '%T' /dev/block/loop1)
local NUM=0
while [ $NUM -lt 2048 ]; do
LOOP=/dev/block/loop$NUM
[ -e $LOOP ] || mknod $LOOP b 7 $((NUM * MINORX))
if losetup $LOOP "$1" 2>/dev/null; then
LOOPDEV=$LOOP
break
fi
NUM=$((NUM + 1))
done
}
if [ -f "$OVERLAYDIR" ]; then
loop_setup /data/adb/overlay
if [ ! -z "$LOOPDEV" ]; then
mount -o rw -t ext4 "$LOOPDEV" "$OVERLAYMNT"
ln "$LOOPDEV" /dev/block/overlayfs_loop
fi
fi
if ! "$MODDIR/overlayfs_system" --test --check-ext4 "$OVERLAYMNT"; then
echo "unable to mount writeable dir" >>/cache/overlayfs.log
exit
fi
num=0
for i in /data/adb/modules/*; do
[ ! -e "$i" ] && break;
module_name="$(basename "$i")"
if [ ! -e "$i/disable" ] && [ ! -e "$i/remove" ]; then
if [ -f "$i/overlay.img" ]; then
loop_setup "$i/overlay.img"
if [ ! -z "$LOOPDEV" ]; then
echo "mount overlayfs for module: $module_name" >>/cache/overlayfs.log
mkdir -p "$MODULEMNT/$num"
mount -o rw -t ext4 "$LOOPDEV" "$MODULEMNT/$num"
fi
num="$((num+1))"
fi
if [ "$KSU" == "true" ]; then
mkdir -p "$MODULEMNT/$num"
mount --bind "$i" "$MODULEMNT/$num"
num="$((num+1))"
fi
fi
done
OVERLAYLIST=""
for i in "$MODULEMNT"/*; do
[ ! -e "$i" ] && break;
if [ -d "$i" ] && [ ! -L "$i" ] && "$MODDIR/overlayfs_system" --test --check-ext4 "$i"; then
OVERLAYLIST="$i:$OVERLAYLIST"
fi
done
mkdir -p "$OVERLAYMNT/upper"
rm -rf "$OVERLAYMNT/worker"
mkdir -p "$OVERLAYMNT/worker"
if [ ! -z "$OVERLAYLIST" ]; then
export OVERLAYLIST="${OVERLAYLIST::-1}"
echo "mount overlayfs list: [$OVERLAYLIST]" >>/cache/overlayfs.log
fi
# overlay_system <writeable-dir>
. "$MODDIR/mode.sh"
"$MODDIR/overlayfs_system" "$OVERLAYMNT" | tee -a /cache/overlayfs.log
if [ ! -z "$MAGISKTMP" ]; then
mkdir -p "$MAGISKTMP/overlayfs_mnt"
mount --bind "$OVERLAYMNT" "$MAGISKTMP/overlayfs_mnt"
fi
umount -l "$OVERLAYMNT"
rmdir "$OVERLAYMNT"
umount -l "$MODULEMNT"
rmdir "$MODULEMNT"
rm -rf /dev/.overlayfs_service_unblock
echo "--- Mountinfo (post-fs-data) ---" >>/cache/overlayfs.log
cat /proc/mounts >>/cache/overlayfs.log
(
# block until /dev/.overlayfs_service_unblock
while [ ! -e "/dev/.overlayfs_service_unblock" ]; do
sleep 1
done
rm -rf /dev/.overlayfs_service_unblock
echo "--- Mountinfo (late_start) ---" >>/cache/overlayfs.log
cat /proc/mounts >>/cache/overlayfs.log
) &
resize_img() {
e2fsck -pf "$1" || return 1
if [ "$2" ]; then
resize2fs "$1" "$2" || return 1
else
resize2fs -M "$1" || return 1
fi
return 0
}
loop_setup() {
unset LOOPDEV
local LOOP
local MINORX=1
[ -e /dev/block/loop1 ] && MINORX=$(stat -Lc '%T' /dev/block/loop1)
local NUM=0
while [ $NUM -lt 2048 ]; do
LOOP=/dev/block/loop$NUM
[ -e $LOOP ] || mknod $LOOP b 7 $((NUM * MINORX))
if losetup $LOOP "$1" 2>/dev/null; then
LOOPDEV=$LOOP
break
fi
NUM=$((NUM + 1))
done
}
sizeof(){
EXTRA="$2"
[ -z "$EXTRA" ] && EXTRA=0
[ "$EXTRA" -gt 0 ] || EXTRA=0
size="$(du -s "$1" | awk '{ print $1 }')"
# append more 20Mb
size="$((size + EXTRA))"
echo -n "$((size + 20000))"
}
handle() {
if [ ! -L "/$1" ] && [ -d "/$1" ] && [ -d "$MODPATH/system/$1" ]; then
rm -rf "$MODPATH/overlay/$1"
mv -f "$MODPATH/overlay/system/$1" "$MODPATH/overlay"
ln -s "../$1" "$MODPATH/overlay/system/$1"
fi
}
create_ext4_image() {
dd if=/dev/zero of="$1" bs=1024 count=100
/system/bin/mkfs.ext4 "$1" && return 0
return 1
}
support_overlayfs() {
#OVERLAY_IMAGE_EXTRA - number of kb need to be added to overlay.img
#OVERLAY_IMAGE_SHRINK - shrink overlay.img or not?
if [ -d "$MODPATH/system" ]; then
OVERLAY_IMAGE_SIZE="$(sizeof "$MODPATH/system" "$OVERLAY_IMAGE_EXTRA")"
rm -rf "$MODPATH/overlay.img"
create_ext4_image "$MODPATH/overlay.img"
resize_img "$MODPATH/overlay.img" "${OVERLAY_IMAGE_SIZE}M" || { ui_print "! Setup failed"; return 1; }
ui_print "- Created overlay image with size: $(du -shH "$MODPATH/overlay.img" | awk '{ print $1 }')"
loop_setup "$MODPATH/overlay.img"
if [ ! -z "$LOOPDEV" ]; then
rm -rf "$MODPATH/overlay"
mkdir "$MODPATH/overlay"
mount -t ext4 -o rw "$LOOPDEV" "$MODPATH/overlay"
chcon u:object_r:system_file:s0 "$MODPATH/overlay"
cp -afT "$MODPATH/system" "$MODPATH/overlay/system"
# fix context
( cd "$MODPATH" || exit
find "system" | while read line; do
chcon "$(ls -Zd "$line" | awk '{ print $1 }')" "$MODPATH/overlay/$line"
if [ -e "$line/.replace" ]; then
setfattr -n trusted.overlay.opaque -v y "$MODPATH/overlay/$line"
fi
done
)
# handle partition
handle vendor
handle product
handle system_ext
umount -l "$MODPATH/overlay"
if [ "$OVERLAY_IMAGE_SHRINK" == "true" ] || [ -z "$OVERLAY_IMAGE_SHRINK" ]; then
ui_print "- Shrink overlay image"
resize_img "$MODPATH/overlay.img"
ui_print "- Overlay image new size: $(du -shH "$MODPATH/overlay.img" | awk '{ print $1 }')"
fi
rm -rf "$MODPATH/overlay"
return 0
fi
fi
return 1
}
This is an open source resource for unlocking system partitions. Official download link:Official open source address
The overall operation steps are relatively simple. Suitable for players at any stage.
follow me. Learn some common sense about gaming and basic troubleshooting.