[Discussion] Magisk - The Age of Zygisk.

Search This thread

DineshValor

Member
Jan 29, 2022
29
6
Its ok.. not offended.. maybe we both methods can be useful to other here.

So here's the methods comply for hiding from MOMO (as i done) could be suit u too:
First thing come first if u manage to do it well, every thing is going good.

1. In magisk:
install the ur nescessary modules: USNF, busybox, shamiko, lsposed, InitrcHider, HPC & etc..
Activate the ZYGISK core, ignore the ENFORCE DENYLIST (coz u had shamiko installed) & tick in denylist apps such as Banks apps, google apps, games & anything kind sort
of app that can be triggered by detector especially like MOMO/MAGISK DETECTOR/APPLIST DETECTOR/ROOTBEER SAMPLE. BUT DO NOT denylist the LSPOSED & ur hacking tool(if u had) coz u need it functionally with magisk. Then hide the magisk by renamed it to something else. If u do properly untill this steps, then u are done with magisk, nothing else u can do.

2.IN LSPOSED
Use the parasitic manager option for avoiding the detection(incase any detector's apps could
detect lsposed manager apk) in my case i didnt use the shortcut coz HMA can manage hiding as well. Active ur lsposed modules especially HMA (recomended only system framework)

3. IN HMA
install the MAGISK EXTENTION (make sure the extention active in magisk module too - require reboot). Then go to MANANAGE TEMPLATES. Here's how most of people confius the function of the templates. DO NOT add the apps that u use for daily basis like bank, GApps, games, app detectors coz its wont work. Its a vise versa!. Add only MAGISK, LSPOSED(included all LSPOSED MODULES) & ur hush-hush tools :)
If u wish using YTvanced preferred add the youtube app to list if u are annoying the update
from google play store later. dont forget to click save every steps u done in templates section.
Then in SELECT EFFECTIVE APPS. Choose the apps to hiding templates from eg. Google apps, root detectors, Bankapps. Tick the option ENABLE HIDE, ENABLE ALL HIDE METHODS & apply the templates u managed it before. Click save in every step & done.

4. Now for MOMO i configure seperately.
Tick ENABLE HIDE, tap the "SELECT HIDE METHODS" & tick only
API REQUEST/ INTENT QUERIES/ ID DETECTION.
Apply for the TEMPLATES.
Adding the MAPS RULES: lsposed/org.lasposed.manager/magisk & save & done!
reboot device & test ur detectors

If u got red flag from momo:
ART Parameters bla.. bla.. mean u got custom ROM or android 9 by using magisk riru module. The workaround is go to
/data/adb/modules/zygisk_lsposed in root directory. Open (text file) system.prop and put # at the beginning line Save,
reboot (mention by someone in this thread i forgot already)

"Found file modified by magisk module" detection: u could miss the step mentioned above.

Custom recovery/ twrp detection: follow the step mention by @zgfg could be handyful. :)

P/S: Detector that used:
YASNAC
ROOTBEER SAMPLE
SAFETYNET TEST
APPLIST DETECTOR
MAGISK DETECTOR
MOMO
OPREK DETECTOR
I was follow your every steps carefully but instead of zygisk hide in momo, now it's start detect debugging mode enable 😮💨.
 

Attachments

  • Screenshot_2022-10-01-16-34-03-38_8ecd68a317969a903887707449183b6f.jpg
    Screenshot_2022-10-01-16-34-03-38_8ecd68a317969a903887707449183b6f.jpg
    333.5 KB · Views: 111

Spartacus500

Senior Member
Nov 6, 2014
626
118
Hello, today in the morning Play integrity was the first 2 correct, and in the afternoon only the first 1 correct 🤔
 

Attachments

  • Screenshot_20221004-180903_TB Checker.jpg
    Screenshot_20221004-180903_TB Checker.jpg
    152.8 KB · Views: 75

pndwal

Senior Member
Last edited:

Spartacus500

Senior Member
Nov 6, 2014
626
118
TB Checker.

Are you using official USNF, or Displax modded version?... Anything configured in MHPC?

Also, what is YASNAC result? Device? ROM? PW
YASNAC all 2 pass ok. Before yesterday I updated the newest Magisk 25.2, then the newest Shamiko and Lsposed and until this morning there were two integrities correct, and in the afternoon suddenly device integrity fail ... Samsung Galaxy S7 Edge 9.0 Pie NFE 2.2. I do not use the modules you provided.
 

Attachments

  • Screenshot_20221004-212518_Play Integrity API Checker.jpg
    Screenshot_20221004-212518_Play Integrity API Checker.jpg
    151.2 KB · Views: 47

pndwal

Senior Member
YASNAC all 2 pass ok. Before yesterday I updated the newest Magisk 25.2, then the newest Shamiko and Lsposed and until this morning there were two integrities correct, and in the afternoon suddenly device integrity fail ... Samsung Galaxy S7 Edge 9.0 Pie NFE 2.2. I do not use the modules you provided.
So your device is to old for Hardware Attestation, ie won't need to use tricks to fall back to basic attestation...

Seems NFE is a custom ROM so likely uses a later kernel than the latest S7 stock which has limitations preventing Zygisk from working... (W/ Shamiko working Zygisk must be workng on your device)...

Also, being a custom ROM I'm not sure what Fingerprint prop it's built with for CTS Profile match...

I'm not sure why CTSProfile would pass but not deviceIntegrity on you device that uses basic attestation natively but I suspect either 1) a module may be the issue (Play Integrity API may detect more issues than Safety net), 2) some sensitive prop(s) needs setting to a 'safe' value, or 3) a fingerprint prop other than the original/expected one, although passing for SafetyNet, may have been used in ROM build...

Please reboot after disabling all modules to test 1) and report results...

If no module is causing the issue, please install MagiskHide Props Config module and reboot (no need to configure anything in a terminal emulator as we're just testing the Edit MagiskHide props function which is the only function enabled/active by default when module is enabled) to test 2) and report results...

If neither of these changes work, please disable MHPC module, install this mod of Universal SafetyNet Fix (includes a Play Integrity fix as well as sensitive prop manipulation and more):
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-3-1.4217823/post-87198517
to see if it's targeted fingerprint spoofing (or something else it alters) fixes 3)...

If fix for 3) works you can keep it (and it should be fine), but alternatively it is likely that setting a different certified fingerprint prop globally using MHPC module will also work... You could swap USNF_mod for MHPC and try S7 prints from it's list... Please report results...

🤠 PW
 
Last edited:

blksith0

Senior Member
Aug 10, 2008
222
23
Momo app help to find suspicious activity detection in your device, such as magisk, zygisk, Tee, custom rom, dubugging enable, oem unlock (bootloader unlock), etc
Yeah - I know that... I was using the app. Sir.
I was asking how to fool the app.
Ah, forget it, I'm passing the YASNC check so that's good enough.
 

ardiesel

Member
Jun 3, 2014
16
3
I'm on Pixel 6 Pro. Rooted and latest magisk. OTA update came thru. I haven't installed. When in magisk I pressed restore images and got a warning "no stock backup". Won't complete restoration so I can download the update. Any ideas on what I can do?
 

Spartacus500

Senior Member
Nov 6, 2014
626
118
So your device is to old for Hardware Attestation, ie won't need to use tricks to fall back to basic attestation...

Seems NFE is a custom ROM so likely uses a later kernel than the latest S7 stock which has limitations preventing Zygisk from working... (W/ Shamiko working Zygisk must be workng on your device)...

Also, being a custom ROM I'm not sure what Fingerprint prop it's built with for CTS Profile match...

I'm not sure why CTSProfile would pass but not deviceIntegrity on you device that uses basic attestation natively but I suspect either 1) a module may be the issue (Play Integrity API may detect more issues than Safety net), 2) some sensitive prop(s) needs setting to a 'safe' value, or 3) a fingerprint prop other than the original/expected one, although passing for SafetyNet, may have been used in ROM build...

Please reboot after disabling all modules to test 1) and report results...

If no module is causing the issue, please install MagiskHide Props Config module and reboot (no need to configure anything in a terminal emulator as we're just testing the Edit MagiskHide props function which is the only function enabled/active by default when module is enabled) to test 2) and report results...

If neither of these changes work, please disable MHPC module, install this mod of Universal SafetyNet Fix (includes a Play Integrity fix as well as sensitive prop manipulation and more):
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-3-1.4217823/post-87198517
to see if it's targeted fingerprint spoofing (or something else it alters) fixes 3)...

If fix for 3) works you can keep it (and it should be fine), but alternatively it is likely that setting a different certified fingerprint prop globally using MHPC module will also work... You could swap USNF_mod for MHPC and try S7 prints from it's list... Please report results...

🤠 PW
SafetyNet fix 2.3.1 Mod solved the problem 👍
 

Attachments

  • Screenshot_20221005-154143.jpg
    Screenshot_20221005-154143.jpg
    349.4 KB · Views: 51
  • Screenshot_20221005-154209_Play Integrity API Checker.jpg
    Screenshot_20221005-154209_Play Integrity API Checker.jpg
    161.9 KB · Views: 52
  • Like
Reactions: pndwal

dcarvil

Senior Member
Apr 20, 2016
643
361
I'm on Pixel 6 Pro. Rooted and latest magisk. OTA update came thru. I haven't installed. When in magisk I pressed restore images and got a warning "no stock backup". Won't complete restoration so I can download the update. Any ideas on what I can do?
You can manually download and install the update. See https://developers.google.com/android/images. Edit flash-all.bat and remove the -w from the last line to prevent wiping data. Reroot after by patching boot.img.

You can also sideload the OTA. See https://developers.google.com/android/ota. I've never tried that, so don't know if that method is better.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 13
    Hide My AppList Guide i started in a post in this thread is now in its own thread here:

    8
    Hide My AppList Guide is now in its own thread here:

    5
    Perhaps someone with Magisk Delta could test this one?
    Work fine for me (tested with zygisk/riru+magiskhide)
    4
    Is this device or Android version dependent? On one of my Android 9 tablets with the latest, official, canary debug build, every time I install the latest test version of zygisk lsposed, a new, clean copy of system.prop file is created in the lsposed module folder. The latest version is 1.8.5-6656.
    With Zygisk - LSPosed v1.8.5 (6649), I don't have system.prop in my /data/adb/modules/zygisk_lsposed

    However, I see that there is a system.prop file in the installation archive Zygisk_-_LSPosed-v1.8.5(6649).zip, containing a single line:
    dalvik.vm.dex2oat-flags=--inline-max-code-units=0

    Also, the installation script customize.sh looks for the prop ro.maple.enable, if the prop exists with the value 1, it will be disabled by appending the system.prop:
    if [ "$(grep_prop ro.maple.enable)" == "1" ] && [ "$FLAVOR" == "zygisk" ]; then
    ui_print "- Add ro.maple.enable=0"
    echo "ro.maple.enable=0" >> "$MODPATH/system.prop"
    fi


    However, I don't see anything else in the scripts to control wether the system.prop file will be kept in the /data/adb/modules/zygisk_lsposed folder or not

    That must be controlled by the binary parts - to analyze the logic you would need to study the module's sources from GitHub - if available (frankly, I didn't search on GitHub, I automatically update the module when Magisk, Modules show that an Update is available)

    See also the post/answer #2548 about the dex2oat wrapper (you will find in the module's bin subfolder)

    Btw, you could check which of the two lines (or both) do you have in your system.prop:
    dalvik.vm.dex2oat-flags=--inline-max-code-units=0
    and/or
    ro.maple.enable=0

    The second line will be present only if you otherwise had
    ro.maple.enable=1, but the logic behind the need of the first one (probably dependent on the Android version and so) should be in the sources for the module's binaries
    4
    It's a pity.(

    Yes, I'm using the latest version of lsposed, and I can't find system.prop. It simply doesn't exist.
    In this topic, a person already wrote a similar problem. I have exactly the same.
    New versions of Zygisk-LSPosed do not use system.prop anymore, instead all the props handling is in the Zygosk native so

    You may try your luck with an older version of Zygisk-LSposed:

    You could download the zips, unzip and find an older version that contained the system.prop file
  • 130
    This is a discussion and help thread for the newer versions of Magisk.

    The main goal of this thread is to help users migrate to Magisk v24+
    • SafetyNet
      Basic integrity Pass
      CTS profile match Pass
    • Play Protect certification
      Device is certified

    Feel free to discuss or give links to other Magisk related issues.
    Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
    Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds. 🙃

    Please read John's State of Magisk (medium.com)

    Starting with the Magisk 23 (23010) canary builds.
    • MagiskHide is removed.
      MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
      Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
      You still have the option to Hide the Magisk app under setting.​
    • Magisk Module online Repo is removed.
      The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.​
    • Everything SafetyNet is removed.
      This includes the SafetyNet check that was incorporated into the Magisk app.​
    • Zygisk is introduced.
      Zygote + Magisk = Zygisk​
    • The Deny list replaces the Hide list.
      The Hide list (more or less) hid Magisk from the process on the list.
      The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.​

    Starting with the Magisk 23 (23017) canary builds.
    • Magisk supports update channels per module.
      Each module can include it's own update link.​
    • Hide Magisk offline.
      You do not need internet connection to rename (repackage) the Magisk app.​

    What does this mean?
    Not much.
    It is just the next step in Magisk's development.
    Zygisk is a big step forward. ;)

    Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share. :D

    Jump to Post


    This is post will be updated once Magisk v24 is released.
    66
    Magisk
    The Magic Mask for Android.

    Magisk Links:
    GitHub
    Release Notes

    Download Links:
    Stable and Beta releases.
    Canary
    • GitHub
      The notes.md file is the change log.
      The app-debug.apk is Magisk canary.
      Click on app-debug.apk and choose View Raw or click on the Download option.​

    Credits:
    topjohnwu
    All who contribute and support this project.
    59
    Modules

    MagiskHide Props Config
    This module allows you to add, change and adjust prop values systemlessly using Magisk.​

    MagiskHide Props Config Links:

    Download Links:

    Credits:
    Didgeridoohan
    All who contribute and support this project.


    Universal SafetyNet Fix
    It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
    This 'trick' has been implemented properly into quite a few custom roms.
    For custom roms that do not include it and/or stock roms, he turned it into a module.​

    Universal SafetyNet Fix Links:

    Download Links:

    Credits:
    kdrag0n
    All who contribute and support this project.
    55
    Apps

    Fox's Magisk Module Manager
    This app allows you to manage and install Magisk modules.
    Including from an online repo.​

    Fox's Magisk Module Manager Links:

    Download Links:

    Credits:
    Fox2Code
    All who contribute and support this project.

    Play Intergrity API Checker
    This app shows info about your device integrity as reported by Google Play Services.
    If any of this fails could mean your device is rooted or tampered in a way (for example you have an unlocked bootloader).​

    Development:

    Download Links:

    Credits:
    1nikolas
    All who contribute and support this project.

    YASNAC - Yet Another SafetyNet Attestation Checker
    YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.​

    YASNAC Links:

    Download Links:

    Credits:
    RikkaW
    All who contribute and support this project.
    46
    Force Basic Attestation

    Newer devices are designed to support hardware attestation.
    Currently there is no way to hide the sensitive device properties when checked using hardware attestation.​

    To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
    SafetyNet will then fall back to check using basic attestation.

    Note:
    This method will work for devices that support hardware attestation and devices that do not.
    • Enable Zygisk.
    • Install the USNF module.
    • Reboot

    To keep posts short, the instructions are hid by spoiler tags.
    If you have not installed Magisk.
    Follow the installation link in the Magisk post.​

    Download the Universal SafetyNet Fix module.
    Download link is in the Modules post.​

    1. Enable Zygisk
      • Open the Magisk app.
      • Go to Settings.
      • Scroll down to the Magisk section.
      • Toggle Zygisk on.
      • Go back to the Magisk Home screen.
    2. Go to Modules.
      • Select Install from storage.
      • Navigate to the Universal SafetyNet Fix module zip file and select it.
    3. Reboot.

    The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
    Depending on the device and system (ROM) configuration, you might need to adjust a few more.
    See the Adjust Prop values post.​