[Discussion] Magisk - The Age of Zygisk.

Search This thread

ColinHu

Member
Oct 18, 2022
13
0
Stock ROMs should have GApps.

As also said above (edited), phone must be on the network to access G with your G account (account must be set, connection must not be blocked)
Yes, they are on network. Not bloce on anything. Now I'm trying to factory reset the phone, and redo all the work to see how it goes.
 

zgfg

Senior Member
Oct 10, 2016
8,199
5,831
Xiaomi Mi 11
Xiaomi Mi 11 Lite 5G
Yes, they are on network. Not bloce on anything. Now I'm trying to factory reset the phone, and redo all the work to see how it goes.
Test SafetyNet before rooting - it will fail bcs of Bootloader locked but should not fail due to timeout

Also, SN is passe, G is switching now to Play Integrity API - it was written a lot here on XDA about, you can find the Checker on Google Play (try to use Google Play to make sure your G account works)
 

ColinHu

Member
Oct 18, 2022
13
0
Test SafetyNet before rooting - it will fail bcs of Bootloader locked but should not fail due to timeout

Also, SN is passe, G is switching now to Play Integrity API - it was written a lot here on XDA about, you can find the Checker on Google Play (try to use Google Play to make sure your G account works)
It's working now. Passed the safetynet check. But just cannot use those banking app, and other apps.
 

zgfg

Senior Member
Oct 10, 2016
8,199
5,831
Xiaomi Mi 11
Xiaomi Mi 11 Lite 5G
It's working now. Passed the safetynet check. But just cannot use those banking app, and other apps.
You have to use "safetynet-fix-v2.3.1-MOD_2.0.zip".
You have to put 'banking apps' to DenyList

You should try with Shamiko (in that case DenyList must not be enforced)

You have to try with HMA (not easy to setup but it was desussed/described in posts in various threads here on XDA)

'Banking apps' is too generic - diff apps from diff developers may use different additional methods to find/guess about 'root' (some may look for TWRP folder, etc)

All these things have been discussed fully or partially in certainly hundredth or more posts (some guiding specifically for particular banking app, for a particular ROM, etc) - hence please excuse me but I will not advice further
 

ColinHu

Member
Oct 18, 2022
13
0
You have to use "safetynet-fix-v2.3.1-MOD_2.0.zip".
You have to put 'banking apps' to DenyList

You should try with Shamiko (in that case DenyList must not be enforced)

You have to try with HMA (not easy to setup but it was desussed/described in posts in various threads here on XDA)

'Banking apps' is too generic - diff apps from diff developers may use different additional methods to find/guess about 'root' (some may look for TWRP folder, etc)

All these things have been discussed in certainly hundredth or more posts - hence please excuse me but I will not advice further
I tried all the things that you mentioned above, but still the app not able to work. The bank app works, but not for pokemon go. Every time I login in pogo with g account, it just login in the g account, then nothing happens.
 

pndwal

Senior Member
I tried all the things that you mentioned above, but still the app not able to work. The bank app works, but not for pokemon go. Every time I login in pogo with g account, it just login in the g account, then nothing happens.
Please say results of Play Integrity API Checker app... If deviceIntegrity is passing, please say what root hiding (ie. which root traces) forums say are needed for your game... Also, please list clearly all root hiding methods you have implemented...

With this information I'll try to help / others may be better able to offer suggestions... 👍 PW
 
  • Like
Reactions: 73sydney

fallenone189

Member
Dec 26, 2015
9
4
Redmi note 10 pro user here, im using magisk+shamiko. Just today there was an update to hdfc bank app and it detects root. Tried everything, including getting saftey net mod version. Momo finds zygist and zygote. While applist detector finds some file in magisk.
Any fixes to get hdfc bank app working again? Below are the screen shots of the apps. Any help is appreciated
 

Attachments

  • Screenshot_2022-10-21-13-08-24-388_icu.nullptr.applistdetector.jpg
    Screenshot_2022-10-21-13-08-24-388_icu.nullptr.applistdetector.jpg
    323.6 KB · Views: 69
  • Screenshot_2022-10-21-13-08-17-211_io.github.vvb2060.mahoshojo.jpg
    Screenshot_2022-10-21-13-08-17-211_io.github.vvb2060.mahoshojo.jpg
    325.3 KB · Views: 68

pndwal

Senior Member
Redmi note 10 pro user here, im using magisk+shamiko. Just today there was an update to hdfc bank app and it detects root. Tried everything, including getting saftey net mod version. Momo finds zygist and zygote. While applist detector finds some file in magisk.
Any fixes to get hdfc bank app working again? Below are the screen shots of the apps. Any help is appreciated
Please say results of Play Integrity API Checker app...

If you now have deviceIntegrity pass, have you cleared bank app data since installing @Displax USNF fork? PW
 

73sydney

Senior Member
Redmi note 10 pro user here, im using magisk+shamiko. Just today there was an update to hdfc bank app and it detects root. Tried everything, including getting saftey net mod version. Momo finds zygist and zygote. While applist detector finds some file in magisk.
Any fixes to get hdfc bank app working again? Below are the screen shots of the apps. Any help is appreciated

Step 1: Remove Momo and never quote it here again under pain of death :)
 

fallenone189

Member
Dec 26, 2015
9
4
Please say results of Play Integrity API Checker app...

If you now have deviceIntegrity pass, have you cleared bank app data since installing @Displax USNF fork? PW
My device fails strong integrity, I have attached the screenshot below.
After installing the USNF fork I reinstalled the app and wiped the data, same result.😔
Step 1: Remove Momo and never quote it here again under pain of death :)
This place made me discover momo😂
 

Attachments

  • Screenshot_2022-10-21-14-22-40-715_gr.nikolasspyr.integritycheck.jpg
    Screenshot_2022-10-21-14-22-40-715_gr.nikolasspyr.integritycheck.jpg
    138.7 KB · Views: 36
Last edited:
  • Like
Reactions: 73sydney

pndwal

Senior Member
My device fails strong integrity,
deviceIntegrity is enough...
I have attached the screenshot below.
After installing the USNF fork I reinstalled the app and wiped the data, same result.😔

This place made me discover momo😂
Have you taken Hide the Magisk app in Magisk settings?... Assume app is in denylist? (Nb. w/ this disabled and Shamiko working it actually becomes a hidelist.)

You may need to hide Magisk further as well as other root apps... Installing LSPosed and Hide My Applist module commonly works...

Ensure you use 'parasitic' LSP Manager... May need settings toggle set to bypass launcher icon detection... Add bank app to HMA App manage list and configure a blacklist template incl. Magisk hidden stub app you named (this is still detectable by employing tricks otherwise), HMA itself and any other Zygisk modules as well as any root apps you have (any may be suspicious to bank). May possibly need to hide detection, checker apps and other apps you suspect bank might look like for...

Nb. You should clear bank app data before testing any fix or change.

Nb. 2. This works for many, but there are many apps that also detect Zygisk or other traces of root in the wild...

🤠 PW
 
Last edited:
  • Like
Reactions: jons99

huskydg

Senior Member
Feb 17, 2021
336
360
Redmi note 10 pro user here, im using magisk+shamiko. Just today there was an update to hdfc bank app and it detects root. Tried everything, including getting saftey net mod version. Momo finds zygist and zygote. While applist detector finds some file in magisk.
Any fixes to get hdfc bank app working again? Below are the screen shots of the apps. Any help is appreciated
What is your banking app? Shamiko no longer update and can't fool some apps that detect zygisk (livin by mandiri, instapay Egypt, itsme, picpay, picpay,...)
 
Last edited:

fallenone189

Member
Dec 26, 2015
9
4
deviceIntegrity is enough...

Have you taken Hide the Magisk app in Magisk settings?... Assume app is in denylist? (Nb. w/ this disabled and Shamiko working it actually becomes a hidelist.)

You may need to hide Magisk further as well as other root apps... Installing LSPosed and Hide My Applist module commonly works...

Ensure you use 'parasitic' LSP Manager... May need settings toggle set to bypass launcher icon detection... Add bank app to HMA App manage list and configure a blacklist template incl. Magisk hidden stub app you named (this is still detectable by employing tricks otherwise), HMA itself and any other Zygisk modules as well as any root apps you have (any may be suspicious to bank). May possibly need to hide detection, checker apps and other apps you suspect bank might look like for...

Nb. You should clear bank app data before testing any fix or change.

Nb. 2. This works for many, but there are many apps that also detect Zygisk or other traces of root in the wild...

🤠 PW
THANK YOUU! This worked flawlessly! Banking app works now and the magisk hidden stub app dosent show up on applist detector! You saved me from having to go rootless 😂👍
What is your banking app? Shamiko no longer update and can't fool some apps that detect zygisk (livin by mandiri, instapay Egypt, itsme, picpay, picpay,...) so you should not give up zygisk in future...
Banking app is HDFC mobile app. The issue is fixed now, thanks to @pndwal.
If I give up on zygist, how do I hide root and magisk from other apps? Hide my list works for hiding root too?
 
  • Like
Reactions: jons99 and pndwal

huskydg

Senior Member
Feb 17, 2021
336
360
If I give up on zygist, how do I hide root and magisk from other apps? Hide my list works for hiding root too?
Inject zygote like Zygisk causes detectable and not all apps check for it. As i discovered that there are livin by mandiri, instapay Egypt, itsme, picpay, picpay, sitech, zaincash, chinese games, flawry,... You can only use old good non-injection hiding MagiskHide or modded Riru MomoHider
 
  • Like
  • Love
Reactions: HippoMan and dr4go

pndwal

Senior Member
Inject zygote like Zygisk causes detectable and not all apps check for it. As i discovered that there are livin by mandiri, instapay Egypt, itsme, picpay, picpay, sitech, zaincash, chinese games, flawry,... You can only use old good non-injection hiding MagiskHide or modded Riru MomoHider
I just updated ItsMe Belgium ID app to latest version 3.11.0 and tried again (it was detecting 'root' maybe 3 months ago)...

Interestingly it doesn't seem to be detecting root/mods now with my latest Canary w/ Magisk any more!:
IMG_20221022_003720.jpg

IMG_20221022_003757.jpg

... Perhaps a Shamiko update has fixed some detection bypass?

Nb. I haven't tested any other apps on your list...

Side note: Interestingly Momo has also started detecting unit.rc again recently...
IMG_20221022_002604.jpg


🙃 PW
 
  • Like
Reactions: 73sydney

huskydg

Senior Member
Feb 17, 2021
336
360
@pndwal livin by mandiri, instapay and few apps has been updated to detect zygisk again even you have shamiko 0.5.2, but itsme not update yet
 

huskydg

Senior Member
Feb 17, 2021
336
360
🤔... It was on you list for 'checking for Zygisk' / "You can only use old good non-injection hiding MagiskHide or modded Riru MomoHider"... I tested latest version as stated... I don't know what to say... PW
You already see, Shamiko seems to have not update for a long time while detection is constantly updated. I mean if these apps in future, you can't fool it by zygisk. And Livin by Mandiri seems to can't be bypassed at the momment unless unload Magisk.
I knew you are happy with zygisk but honestly the game will end soon
 
Last edited:

Top Liked Posts

  • 3
    I don't mind an enforcing ROM as long as I can turn off the enforcement whenever I want to, and as long it doesn't prevent me from doing the things I want with my device, and as long as I don't have to jump through crazy, convoluted, headache-producing hoops in order to do any of those things. My current enforcing ROM is OK in these regards.

    However, I probably wouldn't mind a non-enforcing ROM, either.
    Just need to understand that properly implemented ROMs, ie. enforcing, can generally be switched w/ no dramas (for those happy to take the risks)... 'non-enforcing' (permissive) ROMs are the ones you'll generally have issues with;
    they're inherently buggy for starters, and either won't boot w/ enforcing or critical functions will fail... You're usually stuck with permissive (read House with no doors) I'm afraid!...

    That's because they are 'experimental, insecure, half-baked and not fit for daily use' as I originally said, and they've generally been set to permissive simply to allow broken stuff to function...

    There's really no other good reason for a dev to set permissive... And as experts like John are pointing out, doing this simply to release ROMs is NOT good enough... It may be considered "really bad", "LITERALLY BACKDOORING YOUR USERS!", "dubious", "just shooting at your own foot", "nuking a SIGNIFICANT portion of modern Android's security"...


    🙃 PW
    1
    ... That's NOT a permissive ROM!... That's likely a perfectly stable SE enforcing ROM that you choose to disable 'enhanced security' on... And that's your business...

    Yes, I did confuse the issue. I misread the previous discussion and incorrectly came to the conclusion that it wasn't talking about SE enforcing ROMs per se, but rather, simply the ability to disable SE.

    I stand corrected.

    Thing is, it may be fine to leave your doors open while you're home and awake... But would you be happy with no doors when you go out or Sleep? 😲 ... And really, any builder should put doors on houses he builds... unless it's for the Korowai people of West Papua... or in a gated hippie commune... PW

    As for my actual domicile, I indeed prefer to have doors and windows that can be closed ... and I'm the one who makes the decisions as to when I open or close them.

    Likewise, when it comes to my Android device, I want to be the one who can decide when to open and close the doors and windows, and I'm glad and willing to take responsibility for any adverse consequences which might ensue due to faulty judgment.

    And in any case, I'm generally more similar to an outdoor camping enthusiast when it comes to my device's security.
  • 5
    I found out the way how to detect magiskhide and safetynet fix, ... which is used by poinku 🙂
    4
    Yes, but android 13 doesn't have stock rom. Android 12 has stock rom. I want to use Android 13. Is it okay to have a different stock rom or do I need a stock rom of Android 13?
    To install Magisk, you need to patch the boot image of the ROM you are running. The most reliable way to get a copy of the boot image is to extract it from a complete system image.

    If you are running Android 13, find a complete ROM matching what you have installed. If you can't find such a thing, I think you should not be trying to install Magisk.
    4
    Good morning,

    so I just rooted this phone and then proceeded forward top geht SafetyNet and Google Play protection.

    Some Banking Apps still detected root and I couldnt usw it, but after hiding Magick, installing Zygisk, checked then in this Block list, and installed Shamiko, everything worked, bypassed all.

    Then I installed other root Apps, modules like LSPposed (hid it), uninstalled System-Apps and wanted to usw Banking again.

    Some still work, Apps like Netflix also, but the three hardest detecting Banking Apps Font anymore.
    I uninstalled the modules, root Apps etc. again, unhid and hid again Magisk, de- and rechecked them in this blocking list but they still detect root now.

    What to so?
    If you reverted to the exact point where the app(s) previously did not detect root but now they do, make sure that you wipe both the cache and data for those app(s), restart the phone and then try again

    Some apps remember that they detected root at some point and even when you revert or improve hiding they just repeat that the phone is (still) unsafe/rooted

    For that reason it is important before each new test to erase their data - otherwise even if you properly hide the root, they will continue complaining...
    3
    Yes, but android 13 doesn't have stock rom. Android 12 has stock rom. I want to use Android 13. Is it okay to have a different stock rom or do I need a stock rom of Android 13?
    I do not have an 8/8Pro so I can not test myself.

    Can you boot twrp on Android 13?
    fastboot boot twrp-3.7.0_11-0-instantnoodle.img

    If so, you can use dd to dump the installed boot (or any partition) into an image file. ;)
    Then use the dumped a13 boot image for Magisk patching.

    Cheers. :cowboy:

    Edit:
    PS.
    A few years ago, I used to dump my Poco F1 twice a week.
    Long story...

    Found the script I used. 🙃
    For an example of how I used to do it.
    GitHub - Link
    Note: The block mount is device dependent.
    /dev/block/sde45 is boot on Poco F1.
    You can find which partition is what by looking in the by-name directory in dev/block.
    3
    I don't mind an enforcing ROM as long as I can turn off the enforcement whenever I want to, and as long it doesn't prevent me from doing the things I want with my device, and as long as I don't have to jump through crazy, convoluted, headache-producing hoops in order to do any of those things. My current enforcing ROM is OK in these regards.

    However, I probably wouldn't mind a non-enforcing ROM, either.
    Just need to understand that properly implemented ROMs, ie. enforcing, can generally be switched w/ no dramas (for those happy to take the risks)... 'non-enforcing' (permissive) ROMs are the ones you'll generally have issues with;
    they're inherently buggy for starters, and either won't boot w/ enforcing or critical functions will fail... You're usually stuck with permissive (read House with no doors) I'm afraid!...

    That's because they are 'experimental, insecure, half-baked and not fit for daily use' as I originally said, and they've generally been set to permissive simply to allow broken stuff to function...

    There's really no other good reason for a dev to set permissive... And as experts like John are pointing out, doing this simply to release ROMs is NOT good enough... It may be considered "really bad", "LITERALLY BACKDOORING YOUR USERS!", "dubious", "just shooting at your own foot", "nuking a SIGNIFICANT portion of modern Android's security"...


    🙃 PW
  • 130
    This is a discussion and help thread for the newer versions of Magisk.

    The main goal of this thread is to help users migrate to Magisk v24+
    • SafetyNet
      Basic integrity Pass
      CTS profile match Pass
    • Play Protect certification
      Device is certified

    Feel free to discuss or give links to other Magisk related issues.
    Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
    Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds. 🙃

    Please read John's State of Magisk (medium.com)

    Starting with the Magisk 23 (23010) canary builds.
    • MagiskHide is removed.
      MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
      Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
      You still have the option to Hide the Magisk app under setting.​
    • Magisk Module online Repo is removed.
      The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.​
    • Everything SafetyNet is removed.
      This includes the SafetyNet check that was incorporated into the Magisk app.​
    • Zygisk is introduced.
      Zygote + Magisk = Zygisk​
    • The Deny list replaces the Hide list.
      The Hide list (more or less) hid Magisk from the process on the list.
      The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.​

    Starting with the Magisk 23 (23017) canary builds.
    • Magisk supports update channels per module.
      Each module can include it's own update link.​
    • Hide Magisk offline.
      You do not need internet connection to rename (repackage) the Magisk app.​

    What does this mean?
    Not much.
    It is just the next step in Magisk's development.
    Zygisk is a big step forward. ;)

    Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share. :D

    Jump to Post


    This is post will be updated once Magisk v24 is released.
    68
    Magisk
    The Magic Mask for Android.

    Magisk Links:
    GitHub
    Release Notes

    Download Links:
    Stable and Beta releases.
    Canary
    • GitHub
      The notes.md file is the change log.
      The app-debug.apk is Magisk canary.
      Click on app-debug.apk and choose View Raw or click on the Download option.​

    Credits:
    topjohnwu
    All who contribute and support this project.
    59
    Modules

    MagiskHide Props Config
    This module allows you to add, change and adjust prop values systemlessly using Magisk.​

    MagiskHide Props Config Links:

    Download Links:

    Credits:
    Didgeridoohan
    All who contribute and support this project.


    Universal SafetyNet Fix
    It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
    This 'trick' has been implemented properly into quite a few custom roms.
    For custom roms that do not include it and/or stock roms, he turned it into a module.​

    Universal SafetyNet Fix Links:

    Download Links:

    Credits:
    kdrag0n
    All who contribute and support this project.
    55
    Apps

    Fox's Magisk Module Manager
    This app allows you to manage and install Magisk modules.
    Including from an online repo.​

    Fox's Magisk Module Manager Links:

    Download Links:

    Credits:
    Fox2Code
    All who contribute and support this project.

    Play Intergrity API Checker
    This app shows info about your device integrity as reported by Google Play Services.
    If any of this fails could mean your device is rooted or tampered in a way (for example you have an unlocked bootloader).​

    Development:

    Download Links:

    Credits:
    1nikolas
    All who contribute and support this project.

    YASNAC - Yet Another SafetyNet Attestation Checker
    YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.​

    YASNAC Links:

    Download Links:

    Credits:
    RikkaW
    All who contribute and support this project.
    46
    Force Basic Attestation

    Newer devices are designed to support hardware attestation.
    Currently there is no way to hide the sensitive device properties when checked using hardware attestation.​

    To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
    SafetyNet will then fall back to check using basic attestation.

    Note:
    This method will work for devices that support hardware attestation and devices that do not.
    • Enable Zygisk.
    • Install the USNF module.
    • Reboot

    To keep posts short, the instructions are hid by spoiler tags.
    If you have not installed Magisk.
    Follow the installation link in the Magisk post.​

    Download the Universal SafetyNet Fix module.
    Download link is in the Modules post.​

    1. Enable Zygisk
      • Open the Magisk app.
      • Go to Settings.
      • Scroll down to the Magisk section.
      • Toggle Zygisk on.
      • Go back to the Magisk Home screen.
    2. Go to Modules.
      • Select Install from storage.
      • Navigate to the Universal SafetyNet Fix module zip file and select it.
    3. Reboot.

    The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
    Depending on the device and system (ROM) configuration, you might need to adjust a few more.
    See the Adjust Prop values post.​