本篇作者是 Magisk 開發者；Magisk 是一套開源的 Android 刷機工具。文章中僅會提到 Linux 系統程式設計，與 Android 本身無太大關聯。
最近在寫 Magisk 一個看似很直觀的功能時，發現實作起來異常困難，而且有非常多「陷阱」在裡頭，決定來記錄一下整個思路歷程整理思緒。希望讀者在讀完本篇文章後，能夠對多線程 (multi-threading) 及多程序 (multi-processing) 有更深入的了解，並同時能夠透過此例深刻體會混用 multi-thread 跟 multi-process 是多悲慘的惡夢 😂
以下討論的所有程式碼將會跑在一個多線程的背景程式 (d …
Back in 2016, I was the typical Android enthusiast: rooting, flashing ROMs, custom kernels, messing with Xposed and such. I just learned C++and know very little in programming other than writing some algorithm assignments. I taught myself scripting (yay, noob upgraded to script kiddo) from snippets of shell scripts throughout XDA: SuperSU and Xposed installation scripts being the most prominent ones I referred to.
I first released Systemless Xposed, the first sort-of impactful release to the community, and immediately start working on a general solution. August 2016, I released Magisk to the public, and the rest is history.
Update: The “LZPlay” website and download links are no longer accessible. Even if you grabbed the APK before it was gone, it no longer works, as the special certificate required to access the “backdoor” is either revoked by the developer or Huawei. In addition, existing devices that used LZPlay to install GMS no longer passes full SafetyNet Attestation, rendering many apps and services unusable, such as Google Pay and many games.
Right off the bat, here’s the TL;DR
The currently widespread method to install Google Services on newly released Huawei devices relies on undocumented Huawei specific MDM APIs. Although this…
Hello, I’m @topjohnwu, the developer of the popular Android modding tool: Magisk. In this article I’d love to share the whole journey from the process of analyzing the root detection mechanism of a popular anime game Fate/Grand Order (US/JP), to discovering a widespread security/privacy bug that exists on potentially millions of Android devices.
A massive amount of Android devices are affected by a bug that causes
/procto be mounted without
hidepid=2, which opens up the ability for unprivileged applications to read many information of other processes. Google promptly updated…