Tutorial for playing with the machine—-Unlocking the system partition of Android models and modifying and deleting system files at will
The system partition is readable and writable
Refer to the previous blog post to learn the common sense about unlocking the system partition. But currently many models are based on Android 12 13. In fact, the simplest method is to flash a third-party patch package that unlocks the system partition. Under the premise that the mask update cannot unlock the system partition. We can also achieve the purpose of unlocking the partition by flashing an unlocking module.
The official resource download address is at the end of the blog post.
Test models and information
Model; Xiaomi 11
Chip: Snapdragon 888
Android version: Android 13
Mask module: Magisk Overlayfs
System version: miui14
The steps are:
After unlocking bl, you will have mask root permissions. This can be done by referring to the unlocking bl and root methods of your own model
Then flash this module into the mask.
After restarting, check that the module is running normally. At this point, you can read and write from any system partition. Use re manager to visually see the effect
Operation effect
You can now delete system partition files at will.
Part of the source code is as follows:
SKIPUNZIP=1 if [ "$BOOTMODE" ] & amp; & amp; [ "$KSU" ]; then ui_print "- Installing from KernelSU app" ui_print "- KernelSU version: $KSU_KERNEL_VER_CODE (kernel) + $KSU_VER_CODE (ksud)" ui_print "- Please note that KernelSU modules mount will make" ui_print "your system partitions unable to mount as rw" ui_print "- If you are using KernelSU, " ui_print "please unmount all ksu overlayfs" ui_print "when you want to modify system partitions" elif [ "$BOOTMODE" ] & amp; & amp; [ "$MAGISK_VER_CODE" ]; then ui_print "- Installing from Magisk app" else ui_print "************************************************ *********" ui_print "! Install from recovery is not supported" ui_print "! Please install from KernelSU or Magisk app" abort "************************************************ *********" fi loop_setup() { unset LOOPDEV local LOOP local MINORX=1 [ -e /dev/block/loop1 ] & amp; & amp; MINORX=$(stat -Lc '%T' /dev/block/loop1) local NUM=0 while [ $NUM -lt 1024 ]; do LOOP=/dev/block/loop$NUM [ -e $LOOP ] || mknod $LOOP b 7 $((NUM * MINORX)) if losetup $LOOP "$1" 2>/dev/null; then LOOPDEV=$LOOP break fi NUM=$((NUM + 1)) done } randdir="$TMPDIR/.$(head -c21 /dev/urandom | base64)" mkdir -p "$randdir" ABI="$(getprop ro.product.cpu.abi)" # Fix ABI detection if [ "$ABI" == "armeabi-v7a" ]; then ABI32=armeabi-v7a elif [ "$ABI" == "arm64" ]; then ABI32=armeabi-v7a elif [ "$ABI" == "x86" ]; then ABI32=x86 elif [ "$ABI" == "x64" ] || [ "$ABI" == "x86_64" ]; then ABI=x86_64 ABI32=x86 fi unzip -oj "$ZIPFILE" "libs/$ABI/overlayfs_system" -d "$TMPDIR" 1> & amp;2 chmod 777 "$TMPDIR/overlayfs_system" if ! $TMPDIR/overlayfs_system --test; then ui_print "! Kernel doesn't support overlayfs, are you sure?" abort fi ui_print "- Extract files" unzip -oj "$ZIPFILE" post-fs-data.sh \ service.sh\ util_functions.sh \ mode.sh \ mount.sh\ uninstall.sh \ module.prop \ "libs/$ABI/overlayfs_system" \ -d "$MODPATH" unzip -oj "$ZIPFILE" util_functions.sh -d "/data/adb/modules/${MODPATH##*/}" ui_print "- Setup module" chmod 777 "$MODPATH/overlayfs_system" resize_img() { e2fsck -pf "$1" || return 1 if [ "$2" ]; then resize2fs "$1" "$2" || return 1 else resize2fs -M "$1" || return 1 fi return 0 } test_mount_image() { loop_setup /data/adb/overlay [ -z "$LOOPDEV" ] & amp; & amp; return 1 result_mnt=1 mount -t ext4 -o rw "$LOOPDEV" "$randdir" & amp; & amp; \ "$MODPATH/overlayfs_system" --test --check-ext4 "$randdir" & amp; & amp; result_mnt=0 # ensure that uppderdir does not override my binary rm -rf "$randdir/upper/system/bin/overlayfs_system" \ "$randdir/upper/system/bin/magic_remount_rw" \ "$randdir/upper/system/bin/magic_remount_ro" umount -l "$randdir" return $result_mnt } create_ext4_image() { dd if=/dev/zero of="$1" bs=1024 count=100 /system/bin/mkfs.ext4 "$1" & amp; & amp; return 0 return 1 } if [ ! -f "/data/adb/overlay" ] || ! test_mount_image; then rm -rf "/data/adb/overlay" ui_print "- Setup 2GB ext4 image at /data/adb/overlay" ui_print "Please wait..." if ! create_ext4_image "/data/adb/overlay" || ! resize_img "/data/adb/overlay" 2000M || ! test_mount_image; then rm -rf /data/adb/overlay abort "! Setup ext4 image failed, abort" fi fi mkdir -p "$MODPATH/system/bin" chcon -R u:object_r:system_file:s0 "$MODPATH/system" chmod -R 755 "$MODPATH/system" ln "$MODPATH/overlayfs_system" "$MODPATH/system/bin" ln -s "./overlayfs_system" "$MODPATH/system/bin/magic_remount_rw" ln -s "./overlayfs_system" "$MODPATH/system/bin/magic_remount_ro" . "$MODPATH/util_functions.sh" support_overlayfs & amp; & rm -rf "$MODPATH/system" ui_print
MODDIR=”${0%/*}”
set -o standalone
export MAGISKTMP=”$(magisk –path)”
chmod 777 “$MODDIR/overlayfs_system”
OVERLAYDIR=”/data/adb/overlay”
OVERLAYMNT=”/dev/mount_overlayfs”
MODULEMNT=”/dev/mount_loop”
mv -fT /cache/overlayfs.log /cache/overlayfs.log.bak
rm -rf /cache/overlayfs.log
echo “— Start debugging log —” >/cache/overlayfs.log
echo “init mount namespace: $(readlink /proc/1/ns/mnt)” >>/cache/overlayfs.log
echo “current mount namespace: $(readlink /proc/self/ns/mnt)” >>/cache/overlayfs.log
mkdir -p “$OVERLAYMNT”
mkdir -p “$OVERLAYDIR”
mkdir -p “$MODULEMNT”
mount -t tmpfs tmpfs “$MODULEMNT”
loop_setup() {
unset LOOPDEV
local LOOP
local MINORX=1
[ -e /dev/block/loop1 ] & amp; & amp; MINORX=$(stat -Lc ‘%T’ /dev/block/loop1)
local NUM=0
while [ $NUM -lt 2048 ]; do
LOOP=/dev/block/loop$NUM
[ -e $LOOP ] || mknod $LOOP b 7 $((NUM * MINORX))
if losetup $LOOP “$1” 2>/dev/null; then
LOOPDEV=$LOOP
break
fi
NUM=$((NUM + 1))
done
}
if [ -f “$OVERLAYDIR” ]; then
loop_setup /data/adb/overlay
if [ ! -z “$LOOPDEV” ]; then
mount -o rw -t ext4 “$LOOPDEV” “$OVERLAYMNT”
ln “$LOOPDEV” /dev/block/overlayfs_loop
fi
fi
if ! “$MODDIR/overlayfs_system” –test –check-ext4 “$OVERLAYMNT”; then
echo “unable to mount writeable dir” >>/cache/overlayfs.log
exit
fi
num=0
for i in /data/adb/modules/*; do
[ ! -e “$i” ] & amp; & amp; break;
module_name=”$(basename “$i”)”
if [ ! -e “$i/disable” ] & amp; & amp; [ ! -e “$i/remove” ]; then
if [ -f “$i/overlay.img” ]; then
loop_setup “$i/overlay.img”
if [ ! -z “$LOOPDEV” ]; then
echo “mount overlayfs for module: $module_name” >>/cache/overlayfs.log
mkdir -p “$MODULEMNT/$num”
mount -o rw -t ext4 “$LOOPDEV” “$MODULEMNT/$num”
fi
num=”$((num + 1))”
fi
if [ “$KSU” == “true” ]; then
mkdir -p “$MODULEMNT/$num”
mount –bind “$i” “$MODULEMNT/$num”
num=”$((num + 1))”
fi
fi
done
OVERLAYLIST=””
for i in “$MODULEMNT”/*; do
[ ! -e “$i” ] & amp; & amp; break;
if [ -d “$i” ] & amp; & amp; [ ! -L “$i” ] & amp; & amp; “$MODDIR/overlayfs_system” –test –check-ext4 “$i”; then
OVERLAYLIST=”$i:$OVERLAYLIST”
fi
done
mkdir -p “$OVERLAYMNT/upper”
rm -rf “$OVERLAYMNT/worker”
mkdir -p “$OVERLAYMNT/worker”
if [ ! -z “$OVERLAYLIST” ]; then
export OVERLAYLIST=”${OVERLAYLIST::-1}”
echo “mount overlayfs list: [$OVERLAYLIST]” >>/cache/overlayfs.log
fi
# overlay_system
. “$MODDIR/mode.sh”
“$MODDIR/overlayfs_system” “$OVERLAYMNT” | tee -a /cache/overlayfs.log
if [ ! -z “$MAGISKTMP” ]; then
mkdir -p “$MAGISKTMP/overlayfs_mnt”
mount –bind “$OVERLAYMNT” “$MAGISKTMP/overlayfs_mnt”
fi
umount -l “$OVERLAYMNT”
rmdir “$OVERLAYMNT”
umount -l “$MODULEMNT”
rmdir “$MODULEMNT”
rm -rf /dev/.overlayfs_service_unblock
echo “— Mountinfo (post-fs-data) —” >>/cache/overlayfs.log
cat /proc/mounts >>/cache/overlayfs.log
(
# block until /dev/.overlayfs_service_unblock
while [ ! -e “/dev/.overlayfs_service_unblock” ]; do
sleep 1
done
rm -rf /dev/.overlayfs_service_unblock
echo “— Mountinfo (late_start) —” >>/cache/overlayfs.log
cat /proc/mounts >>/cache/overlayfs.log
) &
resize_img() { e2fsck -pf "$1" || return 1 if [ "$2" ]; then resize2fs "$1" "$2" || return 1 else resize2fs -M "$1" || return 1 fi return 0 } loop_setup() { unset LOOPDEV local LOOP local MINORX=1 [ -e /dev/block/loop1 ] & amp; & amp; MINORX=$(stat -Lc '%T' /dev/block/loop1) local NUM=0 while [ $NUM -lt 2048 ]; do LOOP=/dev/block/loop$NUM [ -e $LOOP ] || mknod $LOOP b 7 $((NUM * MINORX)) if losetup $LOOP "$1" 2>/dev/null; then LOOPDEV=$LOOP break fi NUM=$((NUM + 1)) done } sizeof(){ EXTRA="$2" [ -z "$EXTRA" ] & amp; & amp; EXTRA=0 [ "$EXTRA" -gt 0 ] || EXTRA=0 size="$(du -s "$1" | awk '{ print $1 }')" # append more 20Mb size="$((size + EXTRA))" echo -n "$((size + 20000))" } handle() { if [ ! -L "/$1" ] & amp; & amp; [ -d "/$1" ] & amp; & amp; [ -d "$MODPATH/system/$1" ]; then rm -rf "$MODPATH/overlay/$1" mv -f "$MODPATH/overlay/system/$1" "$MODPATH/overlay" ln -s "../$1" "$MODPATH/overlay/system/$1" fi } create_ext4_image() { dd if=/dev/zero of="$1" bs=1024 count=100 /system/bin/mkfs.ext4 "$1" & amp; & amp; return 0 return 1 } support_overlayfs() { #OVERLAY_IMAGE_EXTRA - number of kb need to be added to overlay.img #OVERLAY_IMAGE_SHRINK - shrink overlay.img or not? if [ -d "$MODPATH/system" ]; then OVERLAY_IMAGE_SIZE="$(sizeof "$MODPATH/system" "$OVERLAY_IMAGE_EXTRA")" rm -rf "$MODPATH/overlay.img" create_ext4_image "$MODPATH/overlay.img" resize_img "$MODPATH/overlay.img" "${OVERLAY_IMAGE_SIZE}M" || { ui_print "! Setup failed"; return 1; } ui_print "- Created overlay image with size: $(du -shH "$MODPATH/overlay.img" | awk '{ print $1 }')" loop_setup "$MODPATH/overlay.img" if [ ! -z "$LOOPDEV" ]; then rm -rf "$MODPATH/overlay" mkdir "$MODPATH/overlay" mount -t ext4 -o rw "$LOOPDEV" "$MODPATH/overlay" chcon u:object_r:system_file:s0 "$MODPATH/overlay" cp -afT "$MODPATH/system" "$MODPATH/overlay/system" # fix context ( cd "$MODPATH" || exit find "system" | while read line; do chcon "$(ls -Zd "$line" | awk '{ print $1 }')" "$MODPATH/overlay/$line" if [ -e "$line/.replace" ]; then setfattr -n trusted.overlay.opaque -v y "$MODPATH/overlay/$line" fi done ) # handle partition handle vendor handle product handle system_ext umount -l "$MODPATH/overlay" if [ "$OVERLAY_IMAGE_SHRINK" == "true" ] || [ -z "$OVERLAY_IMAGE_SHRINK" ]; then ui_print "- Shrink overlay image" resize_img "$MODPATH/overlay.img" ui_print "- Overlay image new size: $(du -shH "$MODPATH/overlay.img" | awk '{ print $1 }')" fi rm -rf "$MODPATH/overlay" return 0 fi fi return 1 }
This is an open source resource for unlocking system partitions. Official download link: Official open source address
The overall operation steps are relatively simple. Suitable for players at any stage.
Follow me. Learn some common sense about gaming and basic troubleshooting.