FP4 Root Access is possible, maybe a bit risky

I created an issue in OTA Update with Magisk deactivated fails on booting · Issue #279 · kdrag0n/safetynet-fix · GitHub

1 Like

To be clear, this is nothing more than speculation at this point, might just as well be a red herring …

We would either need logs from the failed boot (if we can get them), or someone with that issue could disable modules one after the other until the OTA succeeds, which should tell us the culprit as well :thinking:

Next OTA I will try that. However, maybe other people using the module encounter the problem o other devices, too. The issue should just be a starting point for a discussion

Since I’m a absolute beginner in rooting, i had not so many modules. As far as i remember i definetely had:
Universal SafetyNet Fix

maybe also Shamiko (im really not sure about that one)

I guess i did not had more since this was the absoulte basic need to have a rooted phone and my banking apps to be working.

The MagiskApp itself was hidden and i had some banking apps (and maybe also google play services) on the the denylist.

Im willing to deliver logs if you tell me where to find them. Also happy to hear whats the best solution in my case to recover.

The plot thickens :smirk:

Logs don’t survive a reboot. If we are lucky and the phone gets far enough in the boot process adb logcat > logcat.txt could possibly get us logs.
Apparently there are ways to get kernel logs directly after a failed boot via TWRP, no idea if they still work and flashing TWRP would add yet another variable.

If you need to get back to a working system ASAP, check if you can start the OTA update again, reboot and if that works (you actually end up in an updated system) reroot with the usual instructions. You can use this image:

If the updater doesn’t let you install the OTA update again and / or you still get a bootloop, the new slot probably still has a patched /boot partition, at which point you can either flash a stock one …

… or try disabling modules / Magisk hide until it works.

Let’s maybe start here. So the only option you get is a reboot, right? What happens if you do that? :thinking:

Universal SafetyNet Fix requires Zygisk, so that’s another link between our cases and difference to yours, which I find to be more likely responsible, since SafetyNet Fix should just affect google play services, faking a keystore, it should not have any connections to the updater.

1 Like

Since the system updater does depend on Google Play Services (it stops working if you remove / overlay them IIRC), there might still be a connection there.
But you are absolutely right, Zygisk. and Magisk hide as well probably, are also very likely candidates for issues here.

heres my logcat: from yesterday and before:

01-04 22:59:08.878 585 585 F libc : Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 585 (init), pid 585 (init)
01-04 22:59:08.900 585 585 F libc : crash_dump helper failed to exec, or was killed
04-12 16:39:33.710 3570 3570 F libc : Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 3570 (init), pid 3570 (init)
04-12 16:39:33.798 3570 3570 F libc : crash_dump helper failed to exec, or was killed

Yesterday i was doing the update, the time could be fitting.

Disabling modules / Magisk hide is not an option, since it says it is not installed anymore

Hmm, I don’t see anything interesting there :thinking:

Right, right.

OK, let’s take a step back, it’s not fully clear to me what state your phone is in right now.
If you reboot your phone (normal reboot not through the OTA updater), what exactly happens? Do you see it bootlooping a few times before you end up where you are right now, or does it go straight to the current state?

After a normal restart i see

  1. fairphone screen 2) unlocked bootloader screen 3) normal boot (no bootloop)

And you are still on the previous release, or did the phone update to 0.58 now? :thinking:

Im still on FP4.SP21.B.048.20230215. OTA Updater still shows the reboot now button

Perfect, that’s a good starting point :slightly_smiling_face:

(Now would be a good time to back up everything if you haven’t already, just to be safe)

Alright, let’s figure this out:

  • Make sure you have the latest Magisk app version 26.1 installed
  • I’ve uploaded a patched FPOS-B.048-magisk-boot.img, fastboot boot that image
  • Disable one module in Magisk, Universal SafetyNet Fix seems like a good start
  • Start the OTA update again
  • Install Magisk to the other slot
  • Reboot and check for bootloops
  • If it doesn’t work, rinse and repeat

Don’t change more than one variable at a time, I’d start by disabling the modules one after the other, and only then disable Zygisk, Magisk hide.

1 Like

I’ve updated the apk to the latest version 26.1.

I did fastboot getvar current-slot before and it says im on slot b

fastboot boot with your file delivers:
Sending ‘boot.img’ (98304 KB) OKAY [ 2.113s]
Booting OKAY [ 10.157s]
Finished. Total time: 12.375s

System is booting then. When opening magisk app it still says magisk is not installed (N/A) (Zgysik: No, Ramdisk: Yes).

So disabling any module is not possible right now.

Here it still shows me the reboot now button

Not sure how to do that. Opening magisk shows me just Open file or patch as on option for installing

That’s weird :thinking:
I’ve uploaded FPOS-B.048-magisk-boot-v2.img in case something went wrong during patching. If that doesn’t work either you’ll have to download the factory images yourself and patch the boot.img.

Hmm, so the updater doesn’t offer you to try again and apparently just expects the next reboot to end up on the other slot, alright.
Could you check Settings → About phone → Build number just in case :pray:
So that means you’ll have to switch the slot manually via fastboot --set-active=a

Since the updater won’t run again you can leave out installing Magisk to the other slot, it should already be patched.

OK, new game plan:

  • Boot that new Magisk image, if it doesn’t work patch a stock one yourself and try again
  • Disable a module
  • Restart into the bootloader and switch the slot
  • Hope for the best :crossed_fingers:
  • (In case of failure) switch slots again and repeat

Rebooting through OTA could also be a solution. You loose Magisk then, of course. But with fastbooting a recovery image you can extract the boot image via “dd” and put it on the sd card. Then you could start rooting from scratch then…

That’s what we are trying to accomplish right now. The problem is that since the other slot failed it’s no longer marked to be booted into at the next boot, so rebooting through the updater does nothing (except for rebooting the phone of course).

Since the other slot is still rooted, if the problem still persists it will not boot.
The obvious solution is flashing a stock boot.img to the other slot, but the goal right now is to find the offending module that keeps the OTA from succeeding.

No need to dd any images, The B.048 factory images are available and I have posted stock / rooted B.058 boot.imges further above.


I tried your new file, doesnt wok either. Also i patched a stock boot image (that one: https://storage.googleapis.com/fairphone-source/FP4/B.048-boot.img.gz (unzipped) as an .img file) with magisk and tried to fastboot it. Same result. Maybe fastboot boot is not working correctly? While showing booting in the console i can see the unlocked bootlader page on my phone, when it says finished is see the Fairphone powered by android (then the phone vibrates and the os is starting).

still on B.048

Yes, a is marked as unbootable, see also result of fastboot getvar all

and magisk is showing the following logs

It’s starting to feel like that, but you did root your phone at some point, so it has to have worked at least once.
Did something significant change in your setup since then? :thinking:

I’m not sure, but I see a lot of Magisk mountpoints in there, shouldn’t it be working? :thinking:
Do you have any apps installed that rely on root you could check, or type su into Termux / some other terminal.

Can you boot some recovery image through fastboot?