Rooting and Custom Rom on Ivon's Blog

[Root] Running Docker, Flatpak and Waydroid containers on Android phone with Termux

infoivonblog.nkfjt@aleeas.com (Ivon Huang) — Mon, 26 Feb 2024 17:00:00 +0800

There are various ways of running Docker containers on Android. First, Docker will not work in proot. And because Android kernel lacks the features which are required by dockers to run, even with root permission you still cannot run docker in chroot environment.

The non-rooted method of running Dockers on Android is to set up a virtual machine and install docker in it, see oofnikj - Docker on Termux in a VM. However this method is freaking slow.

In order to run Docker containers on Android without virtual machine and chroot (which means native and better performance), we must our Android phone and compile a custom kernel for it.

My Device: Sony Xperia 5 II (pdx206). LineageOS 20 (Android 13). The source code of the kernel is available on my Github repository.

1. Check kernel compatibility
#

First I rooted my Sony Xperia 5 II. Then I installed LineageOS 20.
Install Termux. Then execute Moby’s script to check kernel’s compatibility o running docker.

pkg install wget tsu
wget https://raw.githubusercontent.com/moby/moby/master/contrib/check-config.sh
chmod +x check-config.sh
sed -i '1s_.*_#!/data/data/com.termux/files/usr/bin/bash_' check-config.sh
sudo ./check-config.sh

The missing configs will be displayed. Take notes of these red missing configs (especially configs under Generally Necessary), we have to enable them during kernel compliation.

2. Compile custom Android kernel
#

In 2021, I had built a docker compatible kernel for Xiaomi Redmi Note 5 Pro (whyred). But at that time I built the kernel out of source tree (standalone) and it was hardly to done for other devices. Therefore, this time I decide to build the kernel with the source tree.

There is an offcial LineageOS port of pdx206.

We need a 64-bit Linux PC to compile the kernel. Ubuntu would be a good choice, however I use Arch Linux.

First follow the steps of Build for pdx206 - LineageOS wiki.

After syncing the code of LineageOS, we can build the kernel only. A boot.img will be generated after compliation.

Enter the compliation environment.

source build/envsetup.sh
breakfast pdx206

Go to the directory of kernel. Generate .config

cd ~/android/lineage/kernel/sony/sm8250/
export ARCH=arm64
make pdx206_defconfig

Start menu configuration

make menuconfig

A menu will pop up. Find the missing configs which listed in Moby’s script and enable them. Use Arrow keys to move, press Space to enable/disable configs. Don’t forget to hit Save before exit.
We can search the configs. For example, to find CONFIG_IP_VS, type / and type the config name, it shall tell you where it is.
According to the prompts of CONFIG_IP_VS, we know it is located at Networking Support -> Networking options -> Network packet filtering framework (Netfilter) -> IP virtual server support.
Some configs such as CONFIG_CGROUP_HUGETLB are not available in Android kernel because the kernel of the device is too old.
CONFIG_BINFMT_MISC should also be enabled in order to run x86 apps (or docker images) on ARM.

KingRoot is a malware. Do not root your phone using this app

infoivonblog.nkfjt@aleeas.com (Ivon Huang) — Sat, 18 Nov 2023 18:30:00 +0800

閱讀中文版文章

KingRoot (also known as KingoRoot or Root Master) is a one-click Root tool developed by Chinese developers. It claims that you can obtain Android Root permissions by simply installing the APP.

However, Kingroot is generally considered to be malicious software.

Yes, KingRoot is not a mainstream Root method. The most common Root method in 2023 is to use Magisk.

In the following I would discusses the reasons why Magisk is better than KingRoot and explains why not to use KingRoot to root your phone.

1. Why should you use Magisk instead of KingRoot
#

1.1. Security
#

Magisk was released around 2016. It is an open source software developed by a Taiwanese developer, topjohnwu. Magisk is based on SuperSU. Magisk is always free, does not collect data, and is still being actively developed.

Magisk’s official website and source code are located at Github. Anyone can check what the program behind it has done.

KingRoot appeared around 2013. It is a closed-source software developed by Chinese developers. And KingRoot has mobile and PC versions.

According to Related reports cited by Baidu Baike, KingRoot can root many mobile phones through exploits… But! Those phones were from 10 years ago, and the vulnerabilities exploited by KingRoot were basically useless after Android 5.

What’s even more ridiculous is that KingRoot now has several “official websites”, and I don’t know which one is real. The KingRoot APKs on the Internet may not be published by the original developer. Some of them may collect the mobile phone’s geographical location. You don’t know what data is collected behind it. They may also push advertisements or even contain viruses.

There are some discussions about KingRoot on the Internet:

In 2017, XDA Developers concluded after a long discussion: “KingRoot is a adware and malware.”

KingRoot Malware/Adware root!! - XDA

Chinese users on ZhiHu even called KingRoot “rogue software”:

如何科学，安全，有效地卸载Kingroot？？ - 知乎

In this case, KingRoot is definitely more insecure than Magisk.

1.2. Differences in Root methods
#

Magisk is systemless root. It only modifies boot.img and does not touch the Android system files. Therefore, there is still the possibility of OTA updates after installing Magisk.

Refer to the How to root Android phone I wrote. The standard method is to unlock the phone bootloader and flash Magisk to obtain Root permissions. Any device with Android 6 or above can be rooted with Magisk.

The principle of KingRoot is similar to the ancient apps such as “Baidu One-click Root” and “360Root”. KingRoot use the method of SueprSU in the ancient Android 2.3 era to root your phone, that is, to put the su file into the Android system.

But what to do if there is no custom recovery? KingRoot can only exploit Android system vulnerabilities to obtain root permissions. XDA once reported that KingRoot exploits the ZNIU vulnerability to obtain root privileges.

How to Get Full Control of Your Android Phone

infoivonblog.nkfjt@aleeas.com (Ivon Huang) — Tue, 20 Dec 2022 00:00:00 +0800

Have you ever wanted to get rid of bloatware on your phone or change the appearance of the User Interface?

Android. Wikipedia

Most of manufacturers of Android phones do not allow users to do these. If users “break” the rules, their warranty will be void and null. Because manufacturers consider these hidden features are dangerous and will eventually brick, or break phones. However, users should have rights to decide what they want to have on their phone instead of being forced to install unnecessary apps. “Root” means granting the highest permission of your phone, which can let you access all functions that are prohibited before. Magisk is the most popular and easiest rooting method in the world currently. The main steps of phone rooting process involves three main steps:

(1) Unlocking bootloader

(2) Installing Custom Recovery

(3) Flashing Magisk and Root Manager

Android Operating system is based on Linux which use its permission and file-system ownership. Generally, users can do things according to their user permissions, such as installing a new app, but they cannot modify system settings. While the root user, also known as super user, is able to access to any files or folders in the system. Despite Google removed the superuser function from Android OS, there are ways to bring it back.

Unlocking Bootloader
#

Unlocking bootloader allows users to install custom firmware on and root their phones. Bootloader is a program that started at computer booting which will load software to memory, then it can boot into operating system. Unfortunately, bootloader on most Android phones are locked by Original Equipment Manufacturers(OEM) to prevent users from granting root permission. Usually, OEMs like Xiaomi, Samsung, Asus will release official tools for consumers to unlock bootloader, while Sony and Huawei do not. Unlocking bootloader can be done by booting the phone into “fastboot mode” and connecting the phone to a computer. Finally, the unlocking tool will unlock bootloader automatically.

Installing Custom Recovery
#

Users can modify system settings directly by installing third-party recovery. Recovery is a program for emergency use when the phone is unable to boot into OS. The original recovery provided by OEMs has limited features: rebooting or erasing user data. Therefore, it is recommended to flash a third-party recovery. TWRP and Clockwork are two most famous custom recoveries which can install, in a more formal term, flash Magisk into the system. Besides, they both have Graphical User Interface instead of Command Lines, which is easier for users to interact with. To install custom recoveries, simply flash them via Android Driver Bridge Tool on the computer.

Flashing Magisk and Root Manager
#

A good root manager is necessary for a rooted phone. Magisk works by repacking boot.img to grant “systemless root” which means Google Safety Check will less likely to detect it. Besides, a root manager is needed. When a app is trying to grant root permission, the manager app will pop up a window which let user allow or reject its request. Therefore, users should save files in the internal storage in advanced. First, boot into recovery by pressing volume up and power button at the same time, click “install ” to flash magsik.zip into the system. Second, rebbot into the system and install Magisk manager.apk.

[Root] Running docker container on Redmi Note 5 Pro

infoivonblog.nkfjt@aleeas.com (Ivon Huang) — Fri, 29 Jul 2022 14:12:46 +0800

🇹🇼 中文版

It is possibe to run docker containers on Android phone with a custom kernel which enable cgroups and other missing features.

Video

My deivce: Xiaomi Redmi Note 5 (whyred)
Phone OS: Lineage OS 18 (Android 11). Rooted.

You can download my pre-compiled kernel here if you own the device: https://github.com/ivon852/android_kernel_xiaomi_whyred_docker

1. Check if the device supports docker features
#

The device must be rooted. Install Termux and check if your device supports docker:

pkg install wget
wget https://raw.githubusercontent.com/moby/moby/master/contrib/check-config.sh
chmod +x check-config.sh
sed -i '1s_.*_#!/data/data/com.termux/files/usr/bin/bash_' check-config.sh
sudo ./check-config.sh

You will see many red “missing”" under “Generally Necessary”. So we must enable them in the following steps.

2. Download and modify the kernel
#

Xiaomi phone is easy for flashing custom roms. Also there are many third-party kernel for them. Sometimes the code is more reliable than the official ones.

So I choose RAD kernel to begin with.

My computer operating system is Lubuntu 20.04. You may need a Linux VM for compiling the kernel on Windows.

Now, please wathc fossfrog’s guide to learn how to compile a custom kernel:

3. Enable missing features in kernel
#

Use make menuconfig to launch kconfig Enable all missing features in kernel.
For exaple, to enable CONFIG_OVERLAY_FS, press / in main menu.
Inout the config name, it will tell your where it is.
Use up and down arrow key to move. Press y to enable it.
Then, use right and left key to move to Save. Then move to Exit.
According to FreddieOliveira’s instructions, you also need to modify kernel/Makefile:

diff --git a/kernel/Makefile b/kernel/Makefile
index d5c1115..2dea801 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile

 $(obj)/configs.o: $(obj)/config_data.h
# config_data.h contains the same information as ikconfig.h but gzipped.
# Info from config_data can be extracted from /proc/config*
targets += config_data.gz
-$(obj)/config_data.gz: arch/arm64/configs/lavender_stock-defconfig FORCE
+$(obj)/config_data.gz: $(KCONFIG_CONFIG) FORCE
 $(call if_changed,gzip)

 filechk_ikconfiggz = (echo "static const char kernel_config_data[] __used = MAGIC_START"; cat $< | scripts/basic/bin2c; echo "MAGIC_END;")

And this net/netfilter/xt_qtaguid.c：

--- orig/net/netfilter/xt_qtaguid.c 2020-05-12 12:13:14.000000000 +0300
+++ my/net/netfilter/xt_qtaguid.c 2019-09-15 23:56:45.000000000 +0300


{
 struct proc_iface_stat_fmt_info *p = m->private;
 struct iface_stat *iface_entry;
- struct rtnl_link_stats64 dev_stats, *stats;
+ struct rtnl_link_stats64 *stats;
 struct rtnl_link_stats64 no_dev_stats = {0};


 current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()));
 iface_entry = list_entry(v, struct iface_stat, list);
+ stats = &no_dev_stats;
- if (iface_entry->active) {
- stats = dev_get_stats(iface_entry->net_dev,
- &dev_stats);
- } else {
- stats = &no_dev_stats;
- }
 /*
 * If the meaning of the data changes, then update the fmtX
 * string.

Complile the kernel

make -j8

Repackage the kerenel into boot.img with Android Image Kitchen. Flash boot.img to the phone.

Rooting and Custom Rom on Ivon's Blog

[Root] Running Docker, Flatpak and Waydroid containers on Android phone with Termux

1. Check kernel compatibility #

2. Compile custom Android kernel #

KingRoot is a malware. Do not root your phone using this app

1. Why should you use Magisk instead of KingRoot #

1.1. Security #

1.2. Differences in Root methods #

How to Get Full Control of Your Android Phone

Unlocking Bootloader #

Installing Custom Recovery #

Flashing Magisk and Root Manager #