[Discussion] Magisk Delta - Another unofficial third-party Magisk fork

Search This thread
Using the latest Delta Canary (updated today) - screenshot

MHPC works flawlessly - screenshot, and AdAway - for @Asshiddiqi54

Btw, make sure you don't have SuList enabled (screenshot) - with SuList many modules may not work properly (seems that Delta with SuList is kind of like Magisk Lite)
Yes, I read about it on the related TG group. As SuList works like a whitelist for all apps except the ones on the list, I'll keep using it, and monitor the modules installed. Most important, USNF is already adapted to SuList.

EDIT: as the Xperiance Camera module wasn't working either, I turned 'Enforce SuList' off and switched to MagiskHide for the time being.

EDIT2: This is weird. I have a Xperia XZ2 and a XZ3 (both are Tama platform: phones), both running unofficial LineageOS 20.0. My XZ2 passes basic and device integrity tests either with SuList + Riru + USNF, or Zygisk + USNF + Shamiko, or MagiskHide + Riru + USNF. My XZ3 doesn't pass any of the PI tests with the combination MagiskHide +Riru + USNF. How come?
 
Last edited:

Zibri

Senior Member
Dec 10, 2010
348
102
@huskydg

Device: Redmi Note 10 pro (sweet)
Android version: 12.0 (MIUI V13.0.12)
Magisk version name: 337626c0-delta
Magisk version code: (25205)

From magisk home, clicking on APP >> UPDATE, first downloads the app with a progress bar, then a notification also with a progress bar stays there forever.

At the moment the update is triggered because version 1ddb52be-delta (25205) is available.

Nothing relevant in the log file.
 

zgfg

Senior Member
Oct 10, 2016
8,199
5,831
Xiaomi Mi 11
Xiaomi Mi 11 Lite 5G
@huskydg

Device: Redmi Note 10 pro (sweet)
Android version: 12.0 (MIUI V13.0.12)
Magisk version name: 337626c0-delta
Magisk version code: (25205)

From magisk home, clicking on APP >> UPDATE, first downloads the app with a progress bar, then a notification also with a progress bar stays there forever.

At the moment the update is triggered because version 1ddb52be-delta (25205) is available.

Nothing relevant in the log file.
And if you manually install the downloaded app and then update Magisk
 

Harlock1978

Senior Member
Jun 8, 2013
170
25
Yesterday I updated two modules (busybox and adb & fastboot) and since the reboot my telephone is stucked on the logo.
I have Magisk 25.2 delta 3.
I can boot in Fastboot and recovery mode.
I have an Ulefone Armor 11 5G, I found a TWRP recovery, but it cannot decrypt the data partition.
Is there a way I can start in Safe mode or not charging the magisk modules?

TIA
 

asripath

Senior Member
Jul 12, 2020
226
176
Redmi K20 Pro
Yesterday I updated two modules (busybox and adb & fastboot) and since the reboot my telephone is stucked on the logo.
I have Magisk 25.2 delta 3.
I can boot in Fastboot and recovery mode.
I have an Ulefone Armor 11 5G, I found a TWRP recovery, but it cannot decrypt the data partition.
Is there a way I can start in Safe mode or not charging the magisk modules?

TIA
Since you are encrypted without a compatible recovery, try safe mode and see if magisk disables the modules

 

huskydg

Senior Member
Feb 17, 2021
336
360
Yesterday I updated two modules (busybox and adb & fastboot) and since the reboot my telephone is stucked on the logo.
I have Magisk 25.2 delta 3.
I can boot in Fastboot and recovery mode.
I have an Ulefone Armor 11 5G, I found a TWRP recovery, but it cannot decrypt the data partition.
Is there a way I can start in Safe mode or not charging the magisk modules?

TIA
Create `/cache/.disable_magisk`
 

huskydg

Senior Member
Feb 17, 2021
336
360
I'd like to use SuList, but at every Delta Canary release, I enable SuList, but Magisk acts as if core only mode was enabled (i.e. no modules, except the latest USNF-mod, which is adapted to SuList), for what I disable SuList again.
You know why topjohnwu doesn't like the idea of "whitelist"
 

Chiranz

Member
Sep 22, 2018
29
4
Xiaomi Mi A3
Redmi Note 10 Pro
Magisk Delta is not Working on the Latest Version of Spark (13.2)
Worked fine till Spark 13.1

Not WOkring in the sense
EG:Minimal Micro G installer
The module gets installed
After reboot the components are actually not installed
And when i try to remove the Module even after restart it dosent Go away


Please Help
 

zgfg

Senior Member
Oct 10, 2016
8,199
5,831
Xiaomi Mi 11
Xiaomi Mi 11 Lite 5G
Maybe no one know that the latest version of delta has better hidden zygisk provided by http://github.com/5ec1cff 😉
No need to use third party module like Shamiko
Tested on my 2nd phone with Magisk-0c725c04-delta(25205):
- Zygisk and MagiskHide enabled
- No, I'm not using SuList 😁
- Shamiko disabled

I pass (I also did previously, with the older Deltas and with Shamiko enabled): Ruru, Oprek, S-Check, TBChecker

Momo still detects Found Zygisk but does no more detect Found Zygote
(I tried now dozen times, previously it detected like every second time)
 
Last edited:

zgfg

Senior Member
Oct 10, 2016
8,199
5,831
Xiaomi Mi 11
Xiaomi Mi 11 Lite 5G
Tested on my 2nd phone with Magisk-0c725c04-delta(25205):
- Zygisk and MagiskHide enabled
- No, I'm not using SuList 😁
- Shamiko disabled

I pass (I also did previously, with the older Deltas and with Shamiko enabled): Ruru, Oprek, S-Check, TBChecker

Momo still detects Found Zygisk but does no more detect Found Zygote
(I tried now dozen times, previously it detected like every second time)
And now Bingo, with today's Magisk-017cca27-delta(25205), Momo does no more detect Zygisk

- Zygisk and MagiskHide enabled, Shamiko disabled

@huskydg 👍👍👍
Btw, does this version include fix for proper mounting of /my_bigball partition (belonging to System As Root on some OnePlus devices) - I've seen somewhere in your Changelogs but maybe for Delta-4 or something (TJW Magisk does not properly support /my_bigball as part of SAR)

PS: Zygisk-LSPosed and my three LSPosed modules all work fine

Btw, maybe I should start thinking of Livin' by Mandiri 😁
 

Attachments

  • Screenshot_2022-11-14-22-29-27-199_io.github.vvb2060.mahoshojo.jpg
    Screenshot_2022-11-14-22-29-27-199_io.github.vvb2060.mahoshojo.jpg
    363.2 KB · Views: 91
  • IMG_20221114_224858.jpg
    IMG_20221114_224858.jpg
    165.2 KB · Views: 85
  • IMG_20221114_224932.jpg
    IMG_20221114_224932.jpg
    264.3 KB · Views: 75
  • IMG_20221114_224955.jpg
    IMG_20221114_224955.jpg
    78.9 KB · Views: 91
Last edited:
  • Like
Reactions: pndwal and 73sydney

huskydg

Senior Member
Feb 17, 2021
336
360
Magisk Delta is not Working on the Latest Version of Spark (13.2)
Worked fine till Spark 13.1

Not WOkring in the sense
EG:Minimal Micro G installer
The module gets installed
After reboot the components are actually not installed
And when i try to remove the Module even after restart it dosent Go away


Please Help
Go to github pls
 

pndwal

Senior Member
And now Bingo, with today's Magisk-017cca27-delta(25205), Momo does no more detect Zygisk

- Zygisk and MagiskHide enabled, Shamiko disabled
👍
Btw, maybe I should start thinking of Livin' by Mandiri 😁
Interesting analysis from @5ec1cff here:
https://github.com/5ec1cff/my-notes/blob/master/analyse-livin.md

Seems Livin / others may use smap for detection... This study discusses TJW's sanitize environment commit not working properly and LSP fixes in Shamiko as well as efforts needed to hide zygisk hooks, esp for functions of libandroid_runtime.so:
https://github.com/5ec1cff/my-notes/blob/master/new-idea-detect-zygisk.md
... I note dev refers to @canye's (Magisk Bravo) analysis of environment variables too...

This article analyses more recent Zygisk changes and Dev's attempts to hide zygisk /proc/self/attr/current exposure etc:
https://github.com/5ec1cff/my-notes/blob/master/zygisk-new-start-mode.md
... it ends with this conjecture:
"Maybe it's time to consider loading zygisk with native bridge?"
More on this and comparison w/ riru hiding / methods and plans for hiding Zygisk here:
https://github.com/5ec1cff/my-notes/blob/master/maru.md

Many of the ideas revealed in Dev's notes above are implemented in Magisk Maru fork (and adopted for now in Delta)... See top 4 commits here:
https://github.com/5ec1cff/Magisk/commits/maru
... use of complete native/src/zygisk/elf_util.cpp file from LSPosed in inject with native bridge Is interesting...

... Many other interesting notes here:
https://github.com/5ec1cff/my-notes
incl. "build-magisk-on-windows" etc...

... I've only taken a cursory glance at notes I mentioned...

Very credible Zygisk hiding efforts for a fork like Delta however... 👍 👀 PW
 
Last edited:

zxalex9

New member
Nov 15, 2022
1
0
Is there something special to do for Safety net fix to work?
I'm using Magisk 25.2-delta-5, riru-v26.1.7.r530.ab3086ec9f, riru-unshare-7.0 and Safetynet Fix v2.3.1 MOD 2 (Riru/Zygisk) from here, Zygisk is disabled.
And I can't pass Play Integrity. It works with ordinary Magisk and Safetynet Fix v2.3.1-MOD_2.0,.
 

0O00O0O00O

Senior Member
Jan 24, 2014
66
12
Is there a way to backup your MagiskHide settings? Since I often need to reflash my phone this would be nice.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 6
    What do you mean by that? You don't need to pass hardware attestation as there is a workaround for it to fore basic instead then you get all checkmarks passing safety net. You just need a few modules for Magisk Zygisk (official version) and riru zygisk lsposed.

    I'm using MicroG with patched PlayStore, Universal SafetyNet Fix, Shamiko, proper settings in MagiskHide Props Config - then for lsposed you get "Hide My Applist" to block any unwanted detections on a per app basis.

    It thnks my custom aosp based android 10 phone is a completely different one, and I can play games like Pokemon GO and use banking apps without issue.
    Strong Integrity means that CTS had to be attested by the hardware-backed TEE = Trusted Execution Environment (hence not by the 'regular' software where you can spoof things) and its attest signed by the TEE's private key

    But you cannot spoof TEE - if you succeed on eg the new Pixels with Titan, you will be eligible for 0,5 - 1 M $ reward (bounty) from Google

    It was all discussed in details in tens of posts here on XDA, in various threads, pointing to the official Google documentation how Play Integrity API and TEE work

    Eg, USNF does two things. First it spoofs the phone model so that Google Play Services and its PI API thinks that you have an old phone with no (or not reliable) TEE.
    Therefore, instead of on the TEE, CTS gets attested by the 'regular' software, reading the other spoofed props, etc and hence returning the spoofed CTS pass.
    But it was not attested and signed by TEE, hence that Basic CTS attest is valid only for Device Integrity but not for the Strong Integrity pass (requiring the Hardware based CTS attestation on TEE)

    If the CTS would be really tested on TEE, then TEE would not mind for the props spoofed by USNF and it would immediately recognize that eg Bootloader was unlocked, that ROM is no more the certified stock, etc - hence CTS attestation on TEE would fail and you would not pass the Play Integrity API at all

    That's the reason why USNF forces the software or Basic CTS attestation (that is not valid for the Strong Integrity)

    However, the good thing is that apps still don't require Strong Integrity yet (ie, allowing Device Integrity attested by the software instead), since they know that there are still plenty of old phones around without the (proper) TEE's, hence not applicable for the Hardware backed CTS attest, ie for the Strong Integrity

    However, it is really strange that Google does not enforce just a little bit smarter mechanism where PI API would nevertheless try to enforce attestation on TEE, where TEE would then easily find what is your real phone model and is it applicable for the CTS attestation on the TEE or not - then the USNF (and your Riru modules, whatever you want) would no more be able to spoof the TEE to obtain the spoofed CTS attest and thus the spoofed Play Integrity pass

    Btw, make your PI API or the old S/N attest, then click to Open JSON response and you will find the Basic CTS attest (on your 'rooted' phone with all the spoofs required).
    Only if you go back to stock and relocked Bootloader, you will see the Hardware backed CTS attest and the Strong Integrity pass

    PS: I see you are referring to the SafetyNet, not Play Integrity.
    They are actually similar and both include the CTS attestation (either by software or on TEE, hence for both the same comments about TEE apply)

    However, S/N is deprecated by Google. Since the last summer Google Play Services include both APIs but Google will soon drop the S/N and all apps on Google Play (who want to call attestation) will have to switch to the PI API instead - most already did

    And PI (or deprecated S/N) is only a part of the 'root detection' game for most 'banking' apps. They all know its weaknesses (possibility to spoof the Google's CTS by switching to attestation by software) and therefore they additionally use other detection or guessing methods for whom you need your mentioned Riru modules, etc

    But those hidings by Riru modules (Privacy, etc) or HMA are not related to the S/N or PI. For S/N or PI you just need USNF (modded), the rest you need for your apps because they see that you pass PI (S/N) but they are still not convinced that your phone is not 'rooted' and they want to dig deeper - welcome to the mice and cat game
    5
    Tool for run scripts when specific app is running, i hope other people will use it to make some useful modules

    5
    New way to hide Magisk app
    4
    Awesome, thanks for the patient explanation of all this stuff, I had no idea about the new cutting edge stuff being deployed in the near future and it's true I did kind of scim the posts not fully understanding what the meaning was at first.

    Glad there are people working on this stuff, gives me hope!
    4
    Upgraded from Magisk Delta Canary 4dbd8358 (25206) to 64faa31a (25206) and now https://play.google.com/store/apps/details?id=com.hce.compliance.checker
    reports Error Detection

    With 4dbd8358 (25206) and all previous Delta versions I had always fully passing with the same S Check

    Actually, that was the reason/advantage I originally switched from Magisk TJW to Delta (with the official TJW Magisk S Check was also reporting the same Root detection and there was no way to make it passing that Root detection in S Check)

    I double checked by flashing back my previous boot.img patched by Delta 4dbd8358 and then S Check happily passes

    Once more I installed the latest Delta 64faa31a, and S Check again reports that Root detection

    Always the same settings (Zygisk, S Check in MagiskHide, no SU List, no Core Only, no Shamiko, hiding Magisk app and LSposed modules from S Check by HMA)

    Staying back with the good previous 4dbd8358
  • 41
    This is not an officially supported topjohnwu project.
    If you are looking for official Magisk source, please go to this page


    Introduction

    Custom Magisk fork by HuskyDG. Sync with official Magisk adding back MagiskHide.
    http://huskydg.github.io/magisk-files

    PLEASE DO NOT REPORT BUG ON XDA THREAD!
    6
    omg works absolutely perfect unlike this zygisk crap

    you might want to dial down the use of the word crap? people work hard to give you options, not least of which topjohnwu, creator of magisk and zygisk....maybe you were unaware theyre linked...
    6
    And now Bingo, with today's Magisk-017cca27-delta(25205), Momo does no more detect Zygisk

    - Zygisk and MagiskHide enabled, Shamiko disabled
    👍
    Btw, maybe I should start thinking of Livin' by Mandiri 😁
    Interesting analysis from @5ec1cff here:
    https://github.com/5ec1cff/my-notes/blob/master/analyse-livin.md

    Seems Livin / others may use smap for detection... This study discusses TJW's sanitize environment commit not working properly and LSP fixes in Shamiko as well as efforts needed to hide zygisk hooks, esp for functions of libandroid_runtime.so:
    https://github.com/5ec1cff/my-notes/blob/master/new-idea-detect-zygisk.md
    ... I note dev refers to @canye's (Magisk Bravo) analysis of environment variables too...

    This article analyses more recent Zygisk changes and Dev's attempts to hide zygisk /proc/self/attr/current exposure etc:
    https://github.com/5ec1cff/my-notes/blob/master/zygisk-new-start-mode.md
    ... it ends with this conjecture:
    "Maybe it's time to consider loading zygisk with native bridge?"
    More on this and comparison w/ riru hiding / methods and plans for hiding Zygisk here:
    https://github.com/5ec1cff/my-notes/blob/master/maru.md

    Many of the ideas revealed in Dev's notes above are implemented in Magisk Maru fork (and adopted for now in Delta)... See top 4 commits here:
    https://github.com/5ec1cff/Magisk/commits/maru
    ... use of complete native/src/zygisk/elf_util.cpp file from LSPosed in inject with native bridge Is interesting...

    ... Many other interesting notes here:
    https://github.com/5ec1cff/my-notes
    incl. "build-magisk-on-windows" etc...

    ... I've only taken a cursory glance at notes I mentioned...

    Very credible Zygisk hiding efforts for a fork like Delta however... 👍 👀 PW
    6
    Thread re-opened