You may call it as a tweak, a hack, or a mod but the underlying concept of using one of these files is to avoid bootloop after flashing a custom recovery and gaining root with Magisk. Enter dm-verity disabler tool! Many Mi Fans also call it the “Lazy Flasher“. This file is basically a universal mod to hack boot image with dm-verity enabled. You may end up in a bootloop state or with a broken device if you flashed TWRP and granted it to allow system modification.
In a normal situation, you will have to install a kernel that has dm-verity disabled in the fstab and hence you can bypass the dm-verity’s boot prevention. Instead of installing a custom kernel through baking a custom boot image, this LazyFlasher or Universal DM-Verity Disabler will save your time much by dynamically modify ramdisks and inject kernel binaries into the current boot image. It takes away the pain of building a custom boot image. Many thanks for its developers for that.
The explanation above may sound geeky. Novice users can simply understand following logic: flashing TWRP and swiping to allow system modification on many recent MIUI devices will trigger a security mechanism that prevents the device to boot properly. Therefore, some good developers have managed to create a hack to fix the situation. This helps many novice users from “cooking” a custom boot image.
There are two popular hacks with similar abilities out there: LazyFlasher and Universal DM-Verity Disabler.
Developed by jcadduono, a member of XDA forum, Lazy Flasher has gained its name in many Mi Fans around the globe. It easy-to-remember name helps it gain its popularity. This hack supports many devices powered with arm (armv7), arm64 (aarch64), x86 (i386), x86_64 (amd64), mips, and mips64 CPU architectures including those produced by Qualcomm and MediaTek.
The only downside is its incompatibility with TWRP built based on Android 4.3 or earlier. Check all of its features out below:
- ChromeOS support (ChromeOS test-key signing and recognition)
- MediaTek device support (MTK headers)
- SELinux policy injection support via sepolicy-inject
- Includes an optional bbe tool for applying binary patches
- Supports dtb.img replacement (place it in the root folder named “dtb.img”)
- Scans fstab and partition locations for the boot partition optionally allows a preset location
- Supports Gzip, LZ4, Bzip2, and LZO ramdisks. Support for LZMA and XZ is a work in progress
- Supports arm (armv7), arm64 (aarch64), x86 (i386), x86_64 (amd64), mips, and mips64 architectures
- Intelligently installs kernel modules by copying the previous layout of /system/lib/modules and creating symlinks
- A process that executes a sorted list of scripts for making the desired modifications (separate from the framework)
- Example scripts to disable dm-verity or forced encryption during the install process (010-no-force-encrypt, 015-no-dm-verity)
- Handily unpacks, decompresses, applies changes, compresses, and repacks boot images quickly and safely
- Creates modprobe supported /lib/modules aliases if kernel modules are included in the installer (030-kernel-modules)
- Installs new files to the ramdisk and sets their permissions automatically based on file type from ramdisk-patch (020-patch-ramdisk)
- Unnecessary architectures and tools can be removed to save space
- Many useful functions and variables included in the patch.d environment to simplify modification/patching scripts (patch.d-env)
No Verity Opt Encrypt: The minimal version of the LazyFlasher framework.
No Verity Force Encrypt: The full LazyFlasher framework.
Universal DM Verity Disabler
It works the similar way as Lazyflasher. This hack is more like a universal solution to disable dm-verity and force-encrypt Android security mechanism. The Magisk installer does not modify the fstab files in the ramdisk. However, dm-verity and forceencrypt are disabled under certain conditions, even after flashing Magisk.
The developer Zackptg5, a senior member of XDA, has managed to create two variants of his universal solution: the minimal and the advanced version. The minimal version bypasses DM-Verity and disables it. The later one adds additional functionality which is to disable force encryption.
The version that only removes dm-verity is very useful if you want to keep encryption but need to disable dm_verity in the stock kernel. This is usually when your device is running MIUI Android 8.1 with Treble enabled.
The minimal version:
The advanced version:
You have to flash this zip file after anything else that modifies your boot image (like a custom kernel). However, you have to make sure that you flash it before Magisk. The main reason behind this condition is that the Universal DM Verity Disabler creates the files that tell Magisk to not encrypt.
Read also: Mi Flash Tool: Portable and Standalone Installer.
How dm-verity works? According to the Android official page, this security mechanism works by using a cryptographic hash and a public key.
The public key is included on the boot partition, which must be verified externally by the device manufacturer. That key is used to verify the signature for that hash and confirm the device’s system partition is protected and unchanged… Because the hash values are stored in a tree of pages, only the top-level “root” hash must be trusted to verify the rest of the tree. The ability to modify any of the blocks would be equivalent to breaking the cryptographic hash… dm-verity protection lives in the kernel. So if rooting software compromises the system before the kernel comes up, it will retain that access.
In a short terminology, dm-verity is one technology used by Android to perform a verified boot. Introduced back in Android 4.4, Android’s verified boot implementation is based on the dm-verity device-mapper block integrity checking target. Hence, the dm-verity is a block integrity checking target. The main purpose of dm-verity is to guarantee the integrity of a device volume against corruption or malicious attacks (source: kynetics).