[Discussion] Magisk - The Age of Zygisk.

Search This thread

Mepsipax

Senior Member
Sep 15, 2013
58
8
Hey guys, here's a challenge for you. I've not been able to hide root from this app: https://play.google.com/store/apps/details?id=de.volkswagen.carnet.eu.eremote

It was working fine up until a couple of weeks ago when I guess an update happened that improved root detection.

Fortunately, it can be tested easily, because it immediately warns about rooted device when opening it for the first time.

My device is a Oneplus 5T running OxygenOS 10.

I've installed Magisk 25.2 via twrp for root.

Things I've tried to hide root:
- Installed the app "Shelter" to isolate WeConnect into a work profile that does not have magisk in it.
- used the Magisk setting to change its package name
- activated zygisk and put both WeConnect processes on the list.
- installed the safetyNet fix module
- reinstalled WeConnect to check if it's a caching issue
- deleted all magisk, twrp and rom zips from my device

I was successful in hiding root from my banking apps this way.
Now I'm at a loss what else to try and get it working.
Any ideas?
 
  • Like
Reactions: Tech = Spy-Biz

J.Michael

Recognized Contributor
Jan 20, 2018
1,312
1,246
Samsung Galaxy Tab A series
Hey guys, here's a challenge for you. I've not been able to hide root from this app: https://play.google.com/store/apps/details?id=de.volkswagen.carnet.eu.eremote

It was working fine up until a couple of weeks ago when I guess an update happened that improved root detection.

Fortunately, it can be tested easily, because it immediately warns about rooted device when opening it for the first time.

My device is a Oneplus 5T running OxygenOS 10.

I've installed Magisk 25.2 via twrp for root.

Things I've tried to hide root:
- Installed the app "Shelter" to isolate WeConnect into a work profile that does not have magisk in it.
- used the Magisk setting to change its package name
- activated zygisk and put both WeConnect processes on the list.
- installed the safetyNet fix module
- reinstalled WeConnect to check if it's a caching issue
- deleted all magisk, twrp and rom zips from my device

I was successful in hiding root from my banking apps this way.
Now I'm at a loss what else to try and get it working.
Any ideas?
Try without Shelter.
Are you enforcing Deny list?
Try Shamiko, stop enforcing Deny list.
Try Hide-My-Apps. (more involved setup, I think you have to make a dingus specifying the things, like Magisk, and HMA itself, you want to hide. Then a different dingus listing the things to hide from, like the bank app; and some reference to the first list.)
 
  • Like
Reactions: jons99

zgfg

Senior Member
Oct 10, 2016
7,793
5,194
Hey guys, here's a challenge for you. I've not been able to hide root from this app: https://play.google.com/store/apps/details?id=de.volkswagen.carnet.eu.eremote

It was working fine up until a couple of weeks ago when I guess an update happened that improved root detection.

Fortunately, it can be tested easily, because it immediately warns about rooted device when opening it for the first time.

My device is a Oneplus 5T running OxygenOS 10.

I've installed Magisk 25.2 via twrp for root.

Things I've tried to hide root:
- Installed the app "Shelter" to isolate WeConnect into a work profile that does not have magisk in it.
- used the Magisk setting to change its package name
- activated zygisk and put both WeConnect processes on the list.
- installed the safetyNet fix module
- reinstalled WeConnect to check if it's a caching issue
- deleted all magisk, twrp and rom zips from my device

I was successful in hiding root from my banking apps this way.
Now I'm at a loss what else to try and get it working.
Any ideas?
Instead of the old 'official' USNF 2.3.1, try with USNF 2.3.1-mod.
Look into the USNF thread and go through the posts during the last three weeks, posted by Displax

No guarantee that it would solve your case, but simple thing to try first (that version of USNF solves the problem for Play Integrity, that is replacing now the old SafetyNet)

That story about Wallet and Play Integrity is also about three weeks or so old, hence maybe concides with your app and its new/improved detection
 

Mepsipax

Senior Member
Sep 15, 2013
58
8
Try without Shelter.
Are you enforcing Deny list?
Try Shamiko, stop enforcing Deny list.
Try Hide-My-Apps. (more involved setup, I think you have to make a dingus specifying the things, like Magisk, and HMA itself, you want to hide. Then a different dingus listing the things to hide from, like the bank app; and some reference to the first list.)
Shamiko worked! Thanks, dude. You rock!
 
May 25, 2022
31
19
Instead of the old 'official' USNF 2.3.1, try with USNF 2.3.1-mod.
Look into the USNF thread and go through the posts during the last three weeks, posted by Displax

No guarantee that it would solve your case, but simple thing to try first (that version of USNF solves the problem for Play Integrity, that is replacing now the old SafetyNet)

That story about Wallet and Play Integrity is also about three weeks or so old, hence maybe concides with your app and its new/improved detection
 

Mepsipax

Senior Member
Sep 15, 2013
58
8
Shamiko + Stop enforcing Deny List? OR Shamiko + Deny List Enforced? Do we have to use Shelter also?
Can you give the exact steps you did to get bank apps to work? TIA
Refer to my first post for how I got my banking apps to work. And yes, shelter was key. When I installed my banking app on my regular profile, it still detected root.

Now, the other app "WeConnect", still detected root in the work profile. That's actually for remote controlling my car, locking and unlocking it, stuff like that.

For that I just followed the installation instructions for Shamiko: Install as Magisk Module, include app in deny list, don't enforce the deny list, reboot. Then it worked.

Out of curiosity, I just tried both apps on my regular profile again, so without using shelter, but with Shamiko in effect.

WeConnect works there, banking app doesn't. Seems like two different approaches for root detection.
 
  • Like
Reactions: J.Michael
May 25, 2022
31
19
Refer to my first post for how I got my banking apps to work. And yes, shelter was key. When I installed my banking app on my regular profile, it still detected root.

Now, the other app "WeConnect", still detected root in the work profile. That's actually for remote controlling my car, locking and unlocking it, stuff like that.

For that I just followed the installation instructions for Shamiko: Install as Magisk Module, include app in deny list, don't enforce the deny list, reboot. Then it worked.

Out of curiosity, I just tried both apps on my regular profile again, so without using shelter, but with Shamiko in effect.

WeConnect works there, banking app doesn't. Seems like two different approaches for root detection.
Thanks friend, Though there is a one week old report on Shamiko not working for some banking apps but I will certainly check on your previous posts, never know may work (y)
 

RANJITH THRISSUR

Senior Member
Jul 20, 2016
136
27
Guys, I'm on OnePlus 9R, with the method provided in page 68, ie shamiko , lsposed , hide my app... I was able to use ICICI BANK app successfully. Suddenly, yesterday it starts to detect root. I just uninstalled those apps and re do the procedure. Still no luck... Is there any improvisation we need to to on top of the method suggested in page 68?
The help would be much appreciated for every icici imobile app users with a rooted phone.
 

zgfg

Senior Member
Oct 10, 2016
7,793
5,194
Magisk Canary update 25202

Momo does no more report Zygote injection found!
 

Attachments

  • IMG_20220821_075808.jpg
    IMG_20220821_075808.jpg
    257.7 KB · Views: 103
  • IMG_20220821_075753.jpg
    IMG_20220821_075753.jpg
    107.1 KB · Views: 77
  • IMG_20220821_081936.jpg
    IMG_20220821_081936.jpg
    125.3 KB · Views: 98
  • IMG_20220821_082546.jpg
    IMG_20220821_082546.jpg
    105.3 KB · Views: 102
Last edited:
  • Like
Reactions: asripath

pndwal

Senior Member
Guys, I'm on OnePlus 9R, with the method provided in page 68, ie shamiko , lsposed , hide my app... I was able to use ICICI BANK app successfully. Suddenly, yesterday it starts to detect root. I just uninstalled those apps and re do the procedure. Still no luck... Is there any improvisation we need to to on top of the method suggested in page 68?
The help would be much appreciated for every icici imobile app users with a rooted phone.
You mean April?... Well new Play Integrity API take-up began in June, and SafetyNet was deprecated at the same time...

I guess it could be a coincidence!?... What do you think?...

Maybe you aughta catch up and check if you can achieve MEETS_DEVICE_INTEGRITY verdict using Play Integrity API Checker...

Yup, yup, that might be a good start... 🤪 PW
 

zgfg

Senior Member
Oct 10, 2016
7,793
5,194
@zgfg

... Not any more! 😬🤷🤔 ...
w/ 25202:
View attachment 5692223
... Was yours A11 device still?

... Seems we're getting some kind of role reversal here... 🙃 PW
Yeah, also Zygote injection

I forgot that usually Momo does not show that on first test, but if I close and reopen Momo, then Zygote injection is found

I don't have init.rc for long. Don't recall was it solved by checkmarking all Momo processes in DenyList (or with the latest Shamiko)
 

ashish1989

Senior Member
Aug 22, 2014
411
33
Ghaziabad
I am on custom aosp android 7.1.2 rom on my samsung core prime G360H. As soon as I am enabling zygisk from magisk settings, the phone is stuck on boot logo. I have magisk 25.2 installed in it with xposed 3.1.5
 

zgfg

Senior Member
Oct 10, 2016
7,793
5,194
I am on custom aosp android 7.1.2 rom on my samsung core prime G360H. As soon as I am enabling zygisk from magisk settings, the phone is stuck on boot logo. I have magisk 25.2 installed in it with xposed 3.1.5
Please check the first page - it must have been described there (and/or long ago in Magisk General thread)

Old XPosesed is NOT COMPATIBLE. Neither Riru (if you have any Riru module)

There is Zygisk-LSPosed instead. But not sure if Zygisk-LSPosed is compatible with A7
 
  • Like
Reactions: ipdev

ashish1989

Senior Member
Aug 22, 2014
411
33
Ghaziabad
Please check the first page - it must have been described there (and/or long ago in Magisk General thread)

Old XPosesed is NOT COMPATIBLE. Neither Riru (if you have any Riru module)

There is Zygisk-LSPosed instead. But not sure if Zygisk-LSPosed is compatible with A7
Should I not enable zygisk then? But my play store is not certified. And what about some apps which I want to add in deny list to hide them from seeing root access. What can be the best solution now for all above?
 

zgfg

Senior Member
Oct 10, 2016
7,793
5,194
Should I not enable zygisk then? But my play store is not certified. And what about some apps which I want to add in deny list to hide them from seeing root access. What can be the best solution now for all above?
Cannot advise you about A7 (I had A 7-10 3-5 years ago)
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 18
    Mod Info:

    Dear people of this thread,
    pls stay on topic and do not engage in world-events related discussions. This thread has seen enough of it already.

    In the name of peace and prosperity,
    Happy Zygisk-related posting,
    Cheers everyone
    8
    ... Needless inconvenience from banks ... its none of the banks business to stop their clients from using rooted devices. Theyre just adding another hindrance to smooth banking operations thereby possibly hampering their own business by wasting both their and their clients time. Thats Stupidity!
    Bank Devs did you hear? Pls discuss this with your bosses. Its like going backwards instead of forward.
    I totally agree!

    And as I've mentioned here before, every desktop computer is a rooted device, and of course we don't see the banks trying to hinder us from accessing their services from our computers.

    And banks gladly issue us debit cards which we keep in our wallets that are just as easy to steal as mobile devices.

    Rooted Android devices are just low-hanging fruit. And the amount of fraud that's prevented by trying to fight against Android root is minuscule, given the extremely small percentage of mobile device users who want to use rooted Android devices. I wouldn't be surprised if the amount of money that banks spend for anti-Android-modding software development exceeds the maximum amount of money that could be lost via the hacking of modded Android devices.
    4
    Currently, I have no info about Device Certified or not in Google Play Settings (screenshot)

    I observed that yesterday night when I upgraded my Xiaomi 11 Lite 5G NE from the previous week Xiaomi.eu weekly (MIUI 13/A12) to the current.
    I thought it would become Certified over the day, but it's still in limbo

    Frankly, last week when I installed Xiaomi.eu Weekly (first time) I forgot to check

    Everything else is ok, SafetyNet (with Basic CTS), Play Integrity (Basic Integrity), Play Protect is ok, Netflix eg running with L1, etc

    I'm kind of worried to wipe Google Play Data - not knowing would it become Certified or Not

    I'm pretty sure I did have similar cases in the past with previous devices, ROMs, Magisk setup, but they used to settle down by itself in
    After wiping only the Cache for Playstore and waiting few more hours, now Certified
    3
    Now 2 bank apps are working out of 3 after the recent update to the bank apps.
    I used A11 GSI, PhhTreble App Signature Spoofing, TWRP, Magisk 24.3 & a couple of important modules like Hide-User-Debug, USNF Moded, Hide-Props-Config, microG Gapps module safety net : All passed, Installed the bank apps through Aurora.
    For the 3rd bank app Dev Options need to be OFF & Only PlayStore Install allowed not PackageInstaller.
    Needless inconvenience from banks, they can just add more steps of verifications instead like Voice Recognition IVR AI (Voice Recognition IVR AI Bots are already functional in these banks helplline numbers) so they can just use that for bank app login verifications on top of other verifications. Its none of the banks business to stop their clients from using rooted devices. Theyre just adding another hindrance to smooth banking operations thereby possibly hampering their own business by wasting both their and their clients time. Thats Stupidity!
    Bank Devs did you hear? Pls discuss this with your bosses. Its like going backwards instead of forward.
    3
    Why kdragon doesn't update it, or there are no good solution for that?
    As you know, he's aware and thanked @Displax for his fix / PR... And he does clearly want to improve the solution and scope the method
    to Play Integrity code by identifying methods it calls near the beginning and end of integrity checks, and adding hooks to set and restore the fingerprint ...
    https://github.com/kdrag0n/safetynet-fix/pull/207#issuecomment-1195452147

    He has already suggested an idea for adding an end hook, but said:
    Of course, this is all theoretical as it depends on the exact order of steps in the integrity checking process. Worst case scenario, we could just sleep for 1 second or so and revert the fingerprint change in a background thread. Not sure when I'll have time to look into it myself, but feel free to try implementing this idea: ...
    https://github.com/kdrag0n/safetynet-fix/pull/207#issuecomment-1200437447
    - So it seems he's in no rush himself, and he's happy for other Devs to test / contribute (although none appear to have tried adding hooks etc yet)...

    I guess he'll do more on this PR as time allows... If other Dev's haven't had time to test even proposed
    • Set the fingerprint in the key attestation hook
    • Spawn a thread to revert it after 3 seconds:
    thread(daemon = true) {
    Thread.sleep(3000)
    /* revert */
    }
    idea, then he may think 'why should I rush?'... He probably has a ton of more important maintenance on his plethora of apps, utilities, Proton ROM / kernel builds, etc to do...

    Meanwhile, @Displax solution seems a pretty good one to tide us over, for most devices... PW
  • 125
    This is a discussion and help thread for the newer versions of Magisk.

    The main goal of this thread is to help users migrate to Magisk v24+
    • SafetyNet
      Basic integrity Pass
      CTS profile match Pass
    • Play Protect certification
      Device is certified

    Feel free to discuss or give links to other Magisk related issues.
    Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
    Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds. 🙃

    Please read John's State of Magisk (medium.com)

    Starting with the Magisk 23 (23010) canary builds.
    • MagiskHide is removed.
      MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
      Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
      You still have the option to Hide the Magisk app under setting.​
    • Magisk Module online Repo is removed.
      The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.​
    • Everything SafetyNet is removed.
      This includes the SafetyNet check that was incorporated into the Magisk app.​
    • Zygisk is introduced.
      Zygote + Magisk = Zygisk​
    • The Deny list replaces the Hide list.
      The Hide list (more or less) hid Magisk from the process on the list.
      The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.​

    Starting with the Magisk 23 (23017) canary builds.
    • Magisk supports update channels per module.
      Each module can include it's own update link.​
    • Hide Magisk offline.
      You do not need internet connection to rename (repackage) the Magisk app.​

    What does this mean?
    Not much.
    It is just the next step in Magisk's development.
    Zygisk is a big step forward. ;)

    Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share. :D

    Jump to Post


    This is post will be updated once Magisk v24 is released.
    66
    Magisk
    The Magic Mask for Android.

    Magisk Links:
    GitHub
    Release Notes

    Download Links:
    Stable and Beta releases.
    Canary
    • GitHub
      The notes.md file is the change log.
      The app-debug.apk is Magisk canary.
      Click on app-debug.apk and choose View Raw or click on the Download option.​

    Credits:
    topjohnwu
    All who contribute and support this project.
    58
    Modules

    MagiskHide Props Config
    This module allows you to add, change and adjust prop values systemlessly using Magisk.​

    MagiskHide Props Config Links:

    Download Links:

    Credits:
    Didgeridoohan
    All who contribute and support this project.


    Universal SafetyNet Fix
    It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
    This 'trick' has been implemented properly into quite a few custom roms.
    For custom roms that do not include it and/or stock roms, he turned it into a module.​

    Universal SafetyNet Fix Links:

    Download Links:

    Credits:
    kdrag0n
    All who contribute and support this project.
    54
    Apps

    Fox's Magisk Module Manager
    This app allows you to manage and install Magisk modules.
    Including from an online repo.​

    Fox's Magisk Module Manager Links:

    Download Links:

    Credits:
    Fox2Code
    All who contribute and support this project.

    Play Intergrity API Checker
    This app shows info about your device integrity as reported by Google Play Services.
    If any of this fails could mean your device is rooted or tampered in a way (for example you have an unlocked bootloader).​

    Development:

    Download Links:

    Credits:
    1nikolas
    All who contribute and support this project.

    YASNAC - Yet Another SafetyNet Attestation Checker
    YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.​

    YASNAC Links:

    Download Links:

    Credits:
    RikkaW
    All who contribute and support this project.
    46
    Force Basic Attestation

    Newer devices are designed to support hardware attestation.
    Currently there is no way to hide the sensitive device properties when checked using hardware attestation.​

    To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
    SafetyNet will then fall back to check using basic attestation.

    Note:
    This method will work for devices that support hardware attestation and devices that do not.
    • Enable Zygisk.
    • Install the USNF module.
    • Reboot

    To keep posts short, the instructions are hid by spoiler tags.
    If you have not installed Magisk.
    Follow the installation link in the Magisk post.​

    Download the Universal SafetyNet Fix module.
    Download link is in the Modules post.​

    1. Enable Zygisk
      • Open the Magisk app.
      • Go to Settings.
      • Scroll down to the Magisk section.
      • Toggle Zygisk on.
      • Go back to the Magisk Home screen.
    2. Go to Modules.
      • Select Install from storage.
      • Navigate to the Universal SafetyNet Fix module zip file and select it.
    3. Reboot.

    The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
    Depending on the device and system (ROM) configuration, you might need to adjust a few more.
    See the Adjust Prop values post.​