Cover of the book “Linux System Programming“ from O’Reilly

本篇作者是 Magisk 開發者;Magisk 是一套開源的 Android 刷機工具。文章中僅會提到 Linux 系統程式設計,與 Android 本身無太大關聯。

Logging 幾乎是所有程式必用的功能,是搜集資料跟 debug 極度重要的工具之一。如此「基本」的功能,在多線程 (multi-thread)、多程序 (multi-process) 的程式中竟暗藏巨大陷阱?

(本篇內的 pseudo code 語法介於 Python 跟 JavaScript 之間)

問題

Magisk 所有的核心功能是由一個多線程的背景程式 (daemon) 提供。我時不時會收到有人回報某某功能不正常運作,但不僅我這邊無法重現,用戶提供的日誌中只看到 daemon 突然「停止運行」,絲毫沒有任何 crash 的痕跡。

終於,有人用 LLDB 去 debug 停止運行的 daemon,拿到完整 stack trace (#3976) 才真相大白:出乎意料,竟然是在 logging function 內發生 deadlock,導致整個程式直接死掉 🤔 …


Cover of the book “Linux System Programming“ from O’Reilly

本篇作者是 Magisk 開發者;Magisk 是一套開源的 Android 刷機工具。文章中僅會提到 Linux 系統程式設計,與 Android 本身無太大關聯。

最近在寫 Magisk 一個看似很直觀的功能時,發現實作起來異常困難,而且有非常多「陷阱」在裡頭,決定來記錄一下整個思路歷程整理思緒。希望讀者在讀完本篇文章後,能夠對多線程 (multi-threading) 及多程序 (multi-processing) 有更深入的了解,並同時能夠透過此例深刻體會混用 multi-thread 跟 multi-process 是多悲慘的惡夢 😂

(本篇內的 pseudo code 語法介於 Python 跟 JavaScript 之間)

定義問題

以下討論的所有程式碼將會跑在一個多線程的背景程式 (d …


Back in 2016, I was the typical Android enthusiast: rooting, flashing ROMs, custom kernels, messing with Xposed and such. I just learned C++and know very little in programming other than writing some algorithm assignments. I taught myself scripting (yay, noob upgraded to script kiddo) from snippets of shell scripts throughout XDA: SuperSU and Xposed installation scripts being the most prominent ones I referred to.

I first released Systemless Xposed, the first sort-of impactful release to the community, and immediately start working on a general solution. August 2016, I released Magisk to the public, and the rest is history.

The Struggle

The first…


Image from https://thehackernews.com/2016/11/hacking-android-smartphone.html

Update: The “LZPlay” website and download links are no longer accessible. Even if you grabbed the APK before it was gone, it no longer works, as the special certificate required to access the “backdoor” is either revoked by the developer or Huawei. In addition, existing devices that used LZPlay to install GMS no longer passes full SafetyNet Attestation, rendering many apps and services unusable, such as Google Pay and many games.

Right off the bat, here’s the TL;DR

The currently widespread method to install Google Services on newly released Huawei devices relies on undocumented Huawei specific MDM APIs. Although this…


Hello, I’m @topjohnwu, the developer of the popular Android modding tool: Magisk. In this article I’d love to share the whole journey from the process of analyzing the root detection mechanism of a popular anime game Fate/Grand Order (US/JP), to discovering a widespread security/privacy bug that exists on potentially millions of Android devices.

Table of Contents

TL;DR

A massive amount of Android devices are affected by a bug that causes /proc to be mounted without hidepid=2, which opens up the ability for unprivileged applications to read many information of other processes. Google promptly updated

John Wu

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store