Archive for July, 2025


Tutorial – KernelSU-Next with SuSFS integrated in to a GKI (LTS (Generic Kernel Image (Long Term Support))

This is a tutorial to build KernelSU-Next (rifsxd) with SuSFS (simonpunk) integrated in to a GKI LTS (Generic Kernel Image (Long Term Support)). This is used to gain escalation on your mobile device.


This is an addendum to Tutorial – KernelSU-Next with SuSFS integrated in to a GKI (Generic Kernel Image) but using the LTS (Long Term Support) branch, instead of the Monthly releases. Please sort out the pre-requirements, referenced in that tutorial, first.

…..

Create a work area for yourself and enter it:
Note: If you’ve done the first tutorial, you can omit this, but enter in to the root of the workarea directory (cd ~/workarea).
mkdir workarea && cd workarea

Pull down GKI Monthly:
Note: If you’ve done the first tutorial, you can omit this.
Note2: 8/15/25: Added flag(s) for space reduction.
Note3: 8/21/25: Increase depth.
mkdir gki-kernel && cd gki-kernel
repo init -u https://android.googlesource.com/kernel/manifest --depth=3

Grab manifest_xxxxx.xml from a Tagged build (click kernel under ‘kernel artifacts’):
https://source.android.com/docs/core/architecture/kernel/gki-android14-6_1-release-builds
Note: Replace xxxxx with the actual number.
Note2: If you’ve done the first tutorial, you can omit this.

After you click on manifest_xxxxx.xml, right click ‘Download’, copy link:
curl -o .repo/manifests/manifest_xxxxx.xml "LINK"
Note: Replace LINK with the actual session based URL / LINK that was copied in to your buffer.

Synchronize (Note: Replace xxxxx with the actual number):
Note: If you’ve done the first tutorial, you can omit this.
Note2: 8/15/25: Added flag(s) for space reduction.
Note3: 8/21/25: Increase depth.
repo init -m manifest_xxxxx.xml --depth=3
repo sync -c --no-tags
cd ..

Pull down LTS:
Note: If there is a tagged release, you can replace the branch (android14-6.1-lts) with the tag
Note2: 8/15/25: Added flag(s) for space reduction.
Note3: 8/21/25: Increase depth.
mkdir gki-lts-kernel && cd gki-lts-kernel
git clone --depth 3 --no-tags https://android.googlesource.com/kernel/common.git -b android14-6.1-lts

Add Bazel, dependencies and miscellaneous:
Note: 8/15/25: Use a loop.
for i in build tools prebuilts external .repo kernel common-modules; do rsync -a --del ../gki-kernel/$i/ $i; done
ln -s build/kernel/kleaf/bazel.WORKSPACE WORKSPACE
cd ..

Pull down the susfs4ksu repository and target the gki-android14-6.1-lts-dev branch:
Note: If you have done the previous tutorial, then: cd susfs4ksu && git fetch origin gki-android14-6.1-lts-dev && git checkout gki-android14-6.1-lts-dev
Note2: 8/15/25: Added flag(s) for space reduction.
git clone --depth 3 https://gitlab.com/pershoot/susfs4ksu.git -b gki-android14-6.1-lts-dev

Create the destination directory for the build:
Note: If you’ve done the first tutorial, you can omit this.
mkdir android-kernel

Create a mirror, which you will work against:
rsync -a --del gki-lts-kernel/ gki-14-lts
cd gki-14-lts

Clear out the android-kernel directory:
rm -rf ../android-kernel/*

…..

Continue on with ‘Copy SuSFS module and patches in’ (omit ‘cd gki-14‘):
Tutorial – KernelSU-Next with SuSFS integrated in to a GKI (Generic Kernel Image)

…..

Sources:
pershoot/KernelSU-Next at next-susfs
pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev
KernelSU-Next/KernelSU-Next: An advanced Kernel based root solution for Android
simonpunk/susfs4ksu/-/tree/gki-android14-6.1
sidex15/susfs4ksu-module: An addon root hiding service for KernelSU
backslashxx/KernelSU

Tutorial – KernelSU-Next with SuSFS integrated in to a GKI (Generic Kernel Image)

This is a tutorial to build KernelSU-Next (rifsxd) with SuSFS (simonpunk) integrated in to a GKI (Generic Kernel Image). This is used to gain escalation on your mobile device.

This tutorial will use Pixel 7a as an example (Pixel 6 / 7 / 8 / 9 can be used) and is geared towards using AVB Android14-11. Other interfaces can be used (the tutorial shows how to get this information), but you would need to, perhaps, fix hunks and / or rejects against the source that is applicable to your device, when using the patches. We will build using Ubuntu 24.0.4.2 on WSL2 (this requires virtualization to be on).

…..

Pre-requirements:
You will need adb / fastboot.
Install git (sudo apt-get update && sudo apt-get -y install git)
You will need magiskboot (place the binary from x86-64 (if on Windows using WSL2 Linux) in to the root of the ~/.bin directory (see below; where you are putting the manual install of repo)). Ensure you set execute permissions on it: chmod u+x magiskboot
Install curl (sudo apt-get -y install curl).

You will need to perform a one-time wipe to turn off boot verification so you can boot and flash things you build, to properly test before committal. Please see below but do not remove the -w (wipe USERDATA), but add on the aforementioned flags before it, Thereafter, you will always pass the needed flags when you flash the monthly updates (but remove the -w).
Note: As per Avo and urkiu, leaving it on, doesn’t appear to prevent you from booting and flashing (SPL is being modified). However, antezero ran in to some odd issues which prevented proper back / forth updates and SweBow ran in to a no boot / crash situation, so it is advised to turn it off, which requires a one-time wipe.

Grab the stock boot.img (referenced as boot-stock.img below) from the latest monthly update for your device in to the root of the workarea folder (see below) and name it boot-stock.img (mv boot.img boot-stock.img).

Update to the latest monthly update for your device prior (remove any ramdisk modifications you may have made (Magisk), remove -w after fastboot in flash-all script and replace with –disable-verity –disable-verification):
https://developers.google.com/android/images#xxxxx
Replace xxxxx with the codename for your device.

Repo (Use manual install, its newer).

Put the path to it (repo) in your PATH:
export PATH=PATH_TO_REPO:$PATH
Replace PATH_TO_REPO with the /xxx/xxx/xxx path to repo.
You can make it permanent by adding it in to your shell’s .rc file (i.e. if you use BASH then at the end of ~/.bashrc) and source it after (source ~/.bashrc), so it can reflect in your current shell session.

…..

Create a work area for yourself and enter it:
mkdir workarea && cd workarea

We will use android14-6.1 (Pixel 6 / 7 / 8).
You can get this information by unpacking the stock boot.img (see below) with magiskboot and taking note of the linux version string:
strings kernel | grep -i 'linux version'

…..

Grab manifest_xxxxx.xml from a Tagged build (click kernel under ‘kernel artifacts’):
https://source.android.com/docs/core/architecture/kernel/gki-android14-6_1-release-builds
Note: Replace xxxxx with the actual number.

After you click on manifest_xxxxx.xml, right click ‘Download’, copy link:
curl -o manifest_xxxxx.xml "LINK"
Note: Replace LINK (inside the quotes; retain the quotes (due to special characters in the long link)) with the actual session based URL / LINK that was copied in to your buffer.

Clone susfs4ksu:
Note: 8/15/25: Added flag(s) for space reduction.
Note2: 8/21/25: Increase depth.
git clone --depth 3 --no-tags https://gitlab.com/pershoot/susfs4ksu.git -b gki-android14-6.1-dev

Create the source folder for the repository and the destination directory for the build:
mkdir gki-kernel
mkdir android-kernel

Pull down the repository (Note: Replace xxxxx with the actual number):
Note: 8/15/25: Added flag(s) for space reduction.
Note2: 8/21/25: Increase depth.
cd gki-kernel
repo init -u https://android.googlesource.com/kernel/manifest --depth=3
cp -p ../manifest_xxxxx.xml .repo/manifests
repo init -m manifest_xxxxx.xml --depth=3
repo sync -c --no-tags
cd ..


Create a mirror, which you will work against:
rsync -a --del gki-kernel/ gki-14

Copy SuSFS module and patches in:
cd gki-14
cp -p ../susfs4ksu/kernel_patches/fs/* common/fs
cp -p ../susfs4ksu/kernel_patches/include/linux/* common/include/linux
cp -p ../susfs4ksu/kernel_patches/50_add_susfs_in_gki-android14-6.1.patch common
cp -p ../susfs4ksu/kernel_patches/60_scope-minimized_manual_hooks.patch common

Patch:
Note: 8/15/25: Use input and unified flag.
cd common
patch -p1 -ui 50_add_susfs_in_gki-android14-6.1.patch
patch -p1 -ui 60_scope-minimized_manual_hooks.patch
cd ..

Pull down KernelSU-Next and execute setup:
curl -LSs "https://raw.githubusercontent.com/pershoot/KernelSU-Next/refs/heads/next-susfs/kernel/setup.sh" | bash -s next-susfs

Remove protected exports (also the patches) so Wi-Fi and Bluetooth will function:
sed -i '/^[[:space:]]*"protected_exports_list"[[:space:]]*:[[:space:]]*"android\/abi_gki_protected_exports_aarch64",$/d' common/BUILD.bazel
rm common/android/abi_gki_protected_exports_* common/50_add_susfs_in_gki-android14-6.1.patch common/60_scope-minimized_manual_hooks.patch

Commit the changes in to your local repository:
cd common
git add -A
git commit -a -m "Add KernelSU-Next-susfs"
cd ..

Build:
tools/bazel run --config=fast --config=stamp --lto=thin //common:kernel_aarch64_dist -- --dist_dir=../android-kernel

Create a directory where you will use magiskboot to sort out SPL (Security Patch Level) using your stock image:
Note: If you have ~/.bin in your PATH, then you do not have to put a preceding relative path. The below assumes you followed the manual install of repo and put it in that same directory.
mkdir ../android-kernel/kernel
cd ../android-kernel/kernel
cp -p ../boot.img .
../../../.bin/magiskboot unpack boot.img
../../../.bin/magiskboot repack ../../boot-stock.img

…..


Test your boot image (new-boot.img is found in android-kernel/kernel directory you are in):
adb reboot bootloader or vol down and power
fastboot boot new-boot.img


If all looks well:
adb reboot bootloader
fastboot flash boot new-boot.img
fastboot reboot

…..

Install the latest susfs4ksu module (sidex15) through the KernelSU-Next Manager.

Enjoy!

…..

Sources:
pershoot/KernelSU-Next at next-susfs
pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev
KernelSU-Next/KernelSU-Next: An advanced Kernel based root solution for Android
simonpunk/susfs4ksu/-/tree/gki-android14-6.1
sidex15/susfs4ksu-module: An addon root hiding service for KernelSU
backslashxx/KernelSU