Android In Docker Application Guide for Magisk

Magisk - System-level "Magic Mask"

Magisk (Magic Mask) is an open-source Android framework developed by topjohnwu. It has become one of the most popular Android system modification tools since its release in 2016. Its core innovation is to achieve root permission acquisition and modular function expansion without modifying the system partition through "systemless" technology.

Core Functions And Advantages

1. Systemless Root

By virtually mounting and overwriting the system partition, root permissions can be obtained without modifying the /system partition, avoiding triggering OTA update failures or security mechanisms (such as Google SafetyNet) detection.

2. Magisk module repository

• System-level function enhancement and customization: Such as interface beautification (custom status bar, font replacement), performance optimization (such as intelligent management of memory usage through the "BlackHog" module).
• Privacy and security protection: Such as ad filtering (install the "AdAway" module to achieve global ad blocking), permission management (finely control application permissions through the "AppOpsX" module, or forge device fingerprints to bypass application risk control detection), and Root hiding (combined with the "Shamiko" module to bypass system security detection).
• Developer debugging and remote management: Such as dynamic analysis (integrating the "Frida-server" module for application reversing and dynamic hooking), remote access module (deploying the "MagiskSSH" module to remotely control the device through the SSH protocol), and compatibility testing (forging device models and Android version numbers to verify the application's performance in different environments).
• Customizable modules: For example, developing modules to install applications in batches, configure network policies, or execute scheduled tasks.

3. Zygisk Dynamic Injection

The Zygisk technology introduced in version v24 enables more efficient module operation and hidden Root detection capabilities by injecting the Android system core process Zygote.

4. Hide Mode

The root status can be hidden for specific applications (such as banking apps and game anti-cheat systems), and more than 90% of root detection mechanisms can be bypassed when used with plug-ins such as "Shamiko".

Magisk Deployment

This time, based on the Firefly RK hardware platform, Magisk Delta (fdac22ba version) was deployed losslessly in the Android in Docker environment without patching the boot partition or modifying the system image.

• Device: ROC-RK3588S-PC
• Firmware: ROC-RK3588S-PC_Ubuntu20.04-Minimal-r2407_240929
• Device system environment: Completed the "Technical Case - Android in Docker" environment construction

Installation Steps

(1) Import magisk.tar, magisk_setup.rc, setup.sh into the host machine.

1. //If the host machine is connected to the Internet, you can use the SCP command to import the host machine
2. scp ./magisk_delta_fdac22ba/magisk.tar root@xxx.xx.xx.xx:/root/
3. scp ./magisk_delta_fdac22ba/remove.rc root@xxx.xx.xx.xx:/root/
4. scp ./magisk_delta_fdac22ba/setup.sh root@xxx.xx.xx.xx:/root/
6. //Or push to the host machine via adb
7. adb push ./magisk_delta_fdac22ba/magisk.tar /root/
8. adb push ./magisk_delta_fdac22ba/magisk_setup.rc /root/
9. adb push ./magisk_delta_fdac22ba/setup.sh /root/

(2) Set magisk_setup.rc permissions.

1. root@firefly:~# chmod 644 /root/magisk_setup.rc
2. root@firefly:~# ls -l /root/magisk_setup.rc
3. -rw-r--r-- 1 root root 979 May 13 07:23 /root/magisk_setup.rc

(3) Modify the container/aic.sh startup script in the host

1.      run_cmd "docker run -itd --restart=always --privileged $CONTAINER_NAME $HOST_NAME $DATA_BIND \
2.       $CONFIG_COMMON $CONFIG_PRIVATE \
3.       $CONTAINER_NETWORK $CONTAINER_MAC $CONTAINER_IP $PORT_BIND \
4. +       -v ~/magisk_setup.rc:/vendor/etc/init/magisk_setup.rc \
5. +       -v ~/setup.sh:/setup.sh \
6. +       -v ~/magisk.tar:/magisk.tar \
7.       $ANDROID_IMAGE"

(4) Execute at first startup

1. ./aic.sh -i # Initialization for the first time
2. ./aic.sh -r <android image.tgz> <number of containers>

Magisk Function Verification And Use

Installation Verification

1. The host machine needs to be connected to the network.

2. View container status

1. root@firefly:/userdata/container# docker ps -a --format "table {{.ID}}\t{{.Ports}}"
2. CONTAINER ID  PORTS
3. 725921edb3a2  0.0.0.0:1100->5555/tcp, :::1100->5555/tcp

3. Check the host IP

1. root@firefly:/userdata/container# ifconfig eth0
2. eth0: flags=4163 mtu 1500
3.    inet 172.16.10.211 netmask 255.255.0.0 broadcast 172.16.255.255
4.    inet6 fe80::fa62:d724:f565:ffed prefixlen 64 scopeid 0x20
5.    ether 6a:01:8e:a5:3f:2c txqueuelen 1000 (Ethernet)
6.    RX packets 384418 bytes 118264726 (118.2 MB)
7.    RX errors 0 dropped 38243 overruns 0 frame 0
8.    TX packets 127586 bytes 29265180 (29.2 MB)
9.    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
10.    device interrupt 92

4. PC uses ADB to connect to the container and cast the screen

1. lwy@DESKTOP-KGTB0I2: adb connect 172.16.10.211:1100
2. lwy@DESKTOP-KGTB0I2: scrcpy.exe -s 172.16.10.211:1100

• For the first startup, you need to enter the APP to complete the initialization restart
• Verification version number: fdac22ba-delta(25210(D))

Magisk Core Function Demonstration

Superuser Authorization

1. lwy@DESKTOP-KGTB0I2: adb -s 172.16.10.211:1100 shell
2. 13|rk3588_docker:/ $ su
3. rk3588_docker:/ #

Enter "su" in the terminal, Magisk will pop up a prompt box, click Grant to complete the authorization.

Zygisk Enable

Magisk settings interface -> Enable zygisk -> Restart. after restart, the zygisk bar on the interface shows "yes".

Application Hiding

Magisk Settings -> Hide Magisk -> Select the disguised app, wait until it is completed, and the icon changes to "Settings".

Magisk Module Application Demonstration

Lsposed

1. //PC directly import LSPosed-v1.9.1-6990-zygisk.zip
2. adb -s 172.16.10.211:1100 push LSPosed-v1.9.1-6990-zygisk.zip /sdcard/

Load LSPosed-v1.9.1-6990-zygisk.zip in the Magisk module interface -> restart to take effect.

MagiskSSH

Similarly, import SSH_for_Magisk-v0.22_22.zip into the container, and restart after the Magisk module interface is loaded.

1. PC directly import SSH_for_Magisk-v0.22_22.zip
2. adb -s 172.16.10.211:1100 push SSH_for_Magisk-v0.22_22.zip /sdcard/

Use the terminal or Termux to enter the command `ssh user@192.xxx.x.xxx` and the login password to log in. For more usage methods, such as password-free login, please refer to the Readme document of SSH_for_Magisk-v0.22_22.zip.

Technical Information Acquisition

Magisk builds an extensible technical foundation for the Android system through the Systemless architecture. Developers can flexibly develop customized functional components based on their modular interface. The platform provides a standardized development framework and supports full-dimensional customization capabilities from permission management to hardware tuning.

The current case demonstrates two modules, Lsposed and MagiskSSH, based on the Firefly hardware platform. Developers can explore more gameplay and system customization development based on this platform. For complete deployment information of Magisk in Android in Docker environment, please contact the Firefly open source team - global@t-firefly.com