doc:appunti:hardware:xiaomi_mi_a1
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
doc:appunti:hardware:xiaomi_mi_a1 [2019/11/08 15:59] – [Upgrade Magisk and MagiskManager] niccolo | doc:appunti:hardware:xiaomi_mi_a1 [2020/09/23 17:06] (current) – [August 2020 security update] niccolo | ||
---|---|---|---|
Line 10: | Line 10: | ||
^ Internal Memory | ^ Internal Memory | ||
^ CPU | Qualcomm Snapdragon 625 2.0GHz 8-core | ^ CPU | Qualcomm Snapdragon 625 2.0GHz 8-core | ||
+ | ^ Architecture | ||
^ Screen | ^ Screen | ||
^ Connector | ^ Connector | ||
Line 68: | Line 69: | ||
< | < | ||
adb shell | adb shell | ||
- | tissot_sprout:/ | + | tissot_sprout:/ |
- | /dev/block/platform/soc/ | + | |
- | cd / | + | |
- | ls -l | + | |
... | ... | ||
lrwxrwxrwx 1 root root 21 1970-07-10 05:23 boot_a -> / | lrwxrwxrwx 1 root root 21 1970-07-10 05:23 boot_a -> / | ||
Line 78: | Line 76: | ||
</ | </ | ||
- | The meaning is: search into **/dev/** for a directory named " | + | The meaning is: search into **/dev/ |
Now we need to **boot** into an environment where we have **root privileges**, | Now we need to **boot** into an environment where we have **root privileges**, | ||
Line 127: | Line 125: | ||
* **Do not swap Slot A and Slot B**. Some recipes found on the internet say to do that in TWRP (it is from the Reboot menu). I tried it and it was a nightmare! The Reboot menu was stating that the Slot B were active, so I switched to Slot A and installed TWRP. At the next reboot I got a non-working environment: | * **Do not swap Slot A and Slot B**. Some recipes found on the internet say to do that in TWRP (it is from the Reboot menu). I tried it and it was a nightmare! The Reboot menu was stating that the Slot B were active, so I switched to Slot A and installed TWRP. At the next reboot I got a non-working environment: | ||
* **Do not veryfy the ZIP archive**. The archive does not have the required info to check. | * **Do not veryfy the ZIP archive**. The archive does not have the required info to check. | ||
- | * **Do not wipe the Dalvik cache after the install**. Don't know if it was the culprit, but after installing TWRP, I clicked the button to wipe Dalvik cache, at the next reboot I had a damaged system. The **home button did not work**, the Developer options were no longer availables (// | + | * **Do not wipe the Dalvik cache after the install**. Don't know if it was the culprit, but after installing TWRP, I clicked the button to wipe Dalvik cache, at the next reboot I had a damaged system. The **home button did not work**, the Developer options were no longer availables (// |
==== Install Magisk, the SuperUser Tool ==== | ==== Install Magisk, the SuperUser Tool ==== | ||
Line 153: | Line 151: | ||
When an app requires root privileges, the Magisk management app will show a pop-up on the phone, allowing to grant or deny the permission, so be sure that the phone is not in screen-locked mode. | When an app requires root privileges, the Magisk management app will show a pop-up on the phone, allowing to grant or deny the permission, so be sure that the phone is not in screen-locked mode. | ||
===== Recovery Mode ===== | ===== Recovery Mode ===== | ||
+ | |||
+ | Android devices have a feature called **Android Recovery Mode**, which allows users to fix some problems. Technically, | ||
+ | |||
+ | To enter the Recover mode you can follow one of this ways: | ||
* **Power Off** the phone. | * **Power Off** the phone. | ||
* Press **VolumeUp + Power**, wait about 3 seconds for the Mi logo screen. | * Press **VolumeUp + Power**, wait about 3 seconds for the Mi logo screen. | ||
- | | + | |
+ | If you have installed the TWRP Recovery, its main screen will appear. If you have the stock ROM Recovery you have to: | ||
+ | |||
+ | | ||
* Press **Power + VolumeUp** shortly, the Recovery menu will appear. | * Press **Power + VolumeUp** shortly, the Recovery menu will appear. | ||
Line 162: | Line 167: | ||
{{.: | {{.: | ||
- | ===== Fastboot Mode ===== | + | When the phone is booted |
- | + | ||
- | Once in Recovery Menu, you can boot into the **Fastboot Mode** using the menu entry //Reboot to bootloader// | + | |
< | < | ||
- | adb reboot | + | adb reboot |
</ | </ | ||
+ | |||
+ | |||
+ | ===== Fastboot Mode ===== | ||
+ | |||
+ | In Android, **fastboot** is a special diagnostic protocol that you can boot your Android device into. While in fastboot, you can modify the file system images from a computer over a USB connection. | ||
+ | |||
+ | You can start fastboot mode in severl ways: | ||
+ | |||
+ | * Power off the phone, then press **VolumeDown + Power** buttons together, untill vibration. | ||
+ | * Executing the **adb reboot bootloader** command on a PC when the phone is booted normally and connected via the USB cable. It is required to enable //USB debugging// on the phone and to authorize the PC on the phone pop-up, once connected. | ||
+ | * From the **stock Recovery** menu, choosing the entry **Reboot to bootloader**. | ||
+ | * From the **TWRP Recovery**, choosing **Reboot** menu, then **Bootloader**. | ||
+ | |||
+ | The Xiaomi Mi A1 will show the following image when in fastboot mode: | ||
{{.: | {{.: | ||
+ | |||
+ | To control the fastboot mode of the phone, you have to install the **fastboot** command on your PC. On a Debian GNU/Linux install the **fastboot 8.1.0** package. **NOTICE**: Version 7.0.0 is not reccomended, | ||
+ | |||
+ | Here are some commands that can be used in fastboot mode: | ||
< | < | ||
- | adb devices | + | fastboot help |
- | List of devices | + | fastboot |
- | 574524d99913 | + | fastboot boot recovery-3.2.1-2-oreo.img |
+ | fastboot flash boot_b boot_b.img | ||
+ | fastboot oem unlock | ||
+ | fastboot set_active b | ||
+ | fastboot reboot | ||
</ | </ | ||
Line 263: | Line 288: | ||
The phone automatically warns about the availability of an **OTA (On The Air) Upgrade**. You can also check for upgrades availability by tapping // | The phone automatically warns about the availability of an **OTA (On The Air) Upgrade**. You can also check for upgrades availability by tapping // | ||
- | If you allow downloading and installing the upgrade, a check will be performed about the **integrity** of the **boot image** and the **system image**, before the actual install. The check will fail and the upgrade will be aborted if one of this condition | + | If you allow downloading and installing the upgrade, a check will be performed about the **integrity** of the **boot image** and the **system image**, before the actual install. The check will fail and the upgrade will be aborted if one or both of these two conditions |
- You have installed **Magisk SU** or **TWRP Recovery**. These software are installed into the boot partition, either **boot_a** or **boot_b** partition. The installation of Magisk patches only the active boot partition, whereas TWRP will patches (install itself) both boot partitions. | - You have installed **Magisk SU** or **TWRP Recovery**. These software are installed into the boot partition, either **boot_a** or **boot_b** partition. The installation of Magisk patches only the active boot partition, whereas TWRP will patches (install itself) both boot partitions. | ||
- You have used **su** to modify the **/system** partition. If you have **re-mounted** /system in **read/ | - You have used **su** to modify the **/system** partition. If you have **re-mounted** /system in **read/ | ||
- | To revert from the first condition, it is sufficient to restore the boot partition from the original backup. You will loose root and TWRP Recovery, but you can reinstall them after the upgrade. | + | The upgrade |
- | Allow upgrading after tampering | + | To escape from the first condition, it is sufficient |
- | Uninstalling Magisk should be rather simple: start the Magisk Manager app, disable | + | < |
+ | adb reboot bootloader | ||
+ | fastboot flash boot_b boot_b.img | ||
+ | fastboot reboot | ||
+ | </ | ||
+ | |||
+ | Allowing automatic OTA upgrade after **tampering the /system partition** is more painful: you have to **restore system partition** by flashing it in fastboot mode. Obviously you need the original **system.img** file, either from your own backup or from factory ROM archive. Fortunately enough Xiaomi provides full stock ROM archives of the various versions. Look at this **[[https:// | ||
+ | |||
+ | Once you extracted | ||
+ | |||
+ | < | ||
+ | fastboot flash system_b system.img | ||
+ | fastboot reboot | ||
+ | </ | ||
+ | ==== The OTA Update ==== | ||
+ | |||
+ | When the phone downloads an OTA upgrade, | ||
+ | |||
+ | The file is actualy a Jar archive. The jar executable is provided by the Debian package **openjdk-8-jdk-headless** (or whatever version of Java you have), and you can use it in this way: | ||
+ | |||
+ | < | ||
+ | mkdir update | ||
+ | cd update | ||
+ | jar -xf ../ | ||
+ | </ | ||
+ | |||
+ | The main content is a **payload.bin**, | ||
+ | |||
+ | ===== March 2020 security update ===== | ||
+ | |||
+ | In March 2020 Xiaomi released | ||
+ | |||
+ | I performed | ||
+ | |||
+ | * A/B System Updates status: **Current Slot: B** (checked via TWRP => Reboot screen). | ||
+ | * Bootloader is **unlocked**. | ||
+ | * Installed O.S.: Android: 9, Build number: **PKQ1.180917.001.V10.0.14.0.PDHMIXM** (check | ||
+ | * From // | ||
+ | * **Magisk** v20.1 and **TWRP** 3.3.0 were installed into **boot partition** (Slot B). | ||
+ | * **System partition** was the stock one: root privileges were never used to tamper the **/system** hierarchy. | ||
+ | |||
+ | The system upgrade will **verify** the **boot** | ||
+ | |||
+ | I restored the stock **boot_b.img** | ||
< | < | ||
Line 279: | Line 347: | ||
fastboot reboot | fastboot reboot | ||
</ | </ | ||
+ | |||
+ | I got **a problem** during this step: may be the **boot_b.img** was saved from version **9.6.8.0**, | ||
+ | |||
+ | < | ||
+ | android.hardware.wifi@1.0-service: | ||
+ | android.hardware.wifi@1.0-service: | ||
+ | android.hardware.wifi@1.0-service: | ||
+ | android.hardware.wifi@1.0-service: | ||
+ | </ | ||
+ | |||
+ | I proceeded with the standard upgrade path, trusting that the boot partition would be recognized as original and therefore upgraded to the new one. Remember: the update ZIP archive were already downloaded into the phone, so I just launched the **reboot and install** action. After some minutes and a few reboots, the system was upgraded to **Android v.9** build number **PKQ1.180917.001.V10.0.19.0.PDHMIXM**. Fortunately enough the WiFi were recovered. | ||
+ | |||
+ | To complete the upgrade: | ||
+ | |||
+ | - Copy **twrp-installer-3.3.0-2-tissot.zip** and **Magisk-v20.1.zip** into the phone internal storage. | ||
+ | - Backup the stock boot partitions. | ||
+ | - Reinstall TWRP. | ||
+ | - Reinstall Magisk. | ||
+ | - Backup the rooted boot partitions. | ||
+ | |||
+ | First of all **run the TWRP** recovery // | ||
+ | |||
+ | < | ||
+ | adb reboot bootloader | ||
+ | fastboot boot twrp-3.3.0-2-tissot.img | ||
+ | </ | ||
+ | |||
+ | From //TWRP// => //Reboot// menu, I verified that the **Current Slot** is **A**: it is normal that the upgrade procedure swaps the boot partition during the upgrade. Using ADB from the connected PC, I backed up the stock boot images: | ||
+ | |||
+ | < | ||
+ | adb pull / | ||
+ | adb pull / | ||
+ | </ | ||
+ | |||
+ | Now I installed the TWRP recovery into the boot partitions: from //TWRP// => //Install// => **twrp-installer-3.3.0-2-tissot.zip**. The installation warns about //Running boot image patcher on slot// A and B, and spit some harmless warnings about the **/vendor** mounting point. It is necessary to install TWRP before Magisk, otherwise TWRP will unroot the phone during its install. | ||
+ | |||
+ | After a system reboot, and another boot into Recovery, I did //TWRP// => //Install// => **Magisk-v20.1.zip**. This will install //root// on the phone(the **su** program). Once again I got some harmless warnings about the /vendor mounting point. | ||
+ | |||
+ | Finally I repeated the procedure to **backup** the patched **boot_a** and **boot_b** partitions. | ||
+ | |||
+ | **NOTICE**: the ADB client required to perform the '' | ||
+ | |||
+ | Once rebooted the phone into normal system, I installed the root permissions manager: **MagiskManager-v7.5.1.apk**. | ||
+ | |||
+ | ===== August 2020 security update ===== | ||
+ | |||
+ | This is a new update from Xiaomi, still featuring **AndroidOne v.9** relase, build **PKQ1.180917.001.V10.0.24.0.PDHMIXM**. The upgrade was downloaded nightly over the WiFi. It seems impossibile to prevent such automatic download: I did not find any settings to prevent automatic upgrade download. After downloading, | ||
+ | |||
+ | The starting conditions were: | ||
+ | |||
+ | * A/B System Updates status: **Current Slot: ?** (may be it was **A**, because after installation it is **B**). | ||
+ | * Bootloader is **unlocked**. | ||
+ | * **Magisk** and **TWRP** were installed, but may be they were hidden by accident. Infact the installation of the upgrade went OK after a reboot, whereas it should fail because the boot sector is tampered with **Magisk su**. | ||
+ | * **System partition** was the stock one: root privileges were never used to tamper the **/system** hierarchy. | ||
+ | |||
+ | After the upgrade, I did the following to get **root again**: | ||
+ | |||
+ | * adb reboot bootloader | ||
+ | * fastboot boot twrp-3.3.0-2-tissot.img | ||
+ | * Verified from TWRP => Reboot: **Current slot: B** | ||
+ | * adb pull / | ||
+ | * adb pull / | ||
+ | * TWRP ⇒ Install ⇒ **twrp-installer-3.3.0-2-tissot.zip**\\ Running boot image patcher on slot a and b. | ||
+ | * system reboot | ||
+ | * adb reboot bootloader | ||
+ | * fastboot boot twrp-3.3.0-2-tissot.img | ||
+ | * TWRP ⇒ Install ⇒ **Magisk-v20.4.zip**\\ Current boot slot: _b, unpacking, patching, repacking, flashing new boot image. | ||
===== Web References ===== | ===== Web References ===== |
doc/appunti/hardware/xiaomi_mi_a1.1573225153.txt.gz · Last modified: 2019/11/08 15:59 by niccolo