[Discussion] Magisk - The Age of Zygisk.

Search This thread

pndwal

Senior Member
I'm not sure what you mean by "bootloop w/ clean A13 and standard flash on P2XL".
What you did... Clean install of A13 and patch/fastboot flash magisk-patched.boot.img from that...
I did a clean install of A13. It bootloops only with the Magisk patched image. I extracted boot.img from the same LOS ROM using payload_dumper.
... All good here...
I suspect it may have something to do with other changes in the unofficial version, so I will be going back to LOS 19.1 until the official version is released.
Likely for the best...

Similar issues above... Hope your LOS 20.0 was selinux enforcing at least... 😬
There are other problems with this ROM, so it is not quite ready for prime time yet.

Thanks.
Only the most privileged among us can have our choice of cake and eat it too! 🙂 PW
 
  • Like
Reactions: dcarvil

RubyRose

Member
Nov 21, 2022
10
0
Consider using a properly tested ROM to avoid issues and for your own security... I'd go with official LOS if available for your device (you didn't say device) of at least an ROM with Security-Enhanced Linux (SELinux)...
Using an unofficial build on a Raspberry Pi 4 :D
I'm trying to make a "full" android out of it.
That is, these points cannot be corrected?
 

pndwal

Senior Member
Using an unofficial build on a Raspberry Pi 4 :D
I'm trying to make a "full" android out of it.
That is, these points cannot be corrected?
... So you're a bit of a geek then!?... Nice kit...

... Is it PI 4B? This ROM?:
https://forum.xda-developers.com/t/...3-for-raspberry-pi-4-b.4516545/#post-87752445

There will be reasons for these issues:

Not working:
  • Hardware video decoding & encoding (software decoding & encoding works, option to test highly experimental H.264 hardware video decoding)
Issues:
  • Camcorder (i.e. recording videos) & some third party camera apps don't work with official Pi camera modules (works with UVC USB webcams)
  • SELinux is in permissive mode
  • Encrypting userdata is not supported
  • and more…
as stated, and you should treat this as an experimental rom under development... For passing S/N and PI deviceIntegrity, enforcing selinux is going to break stuff (unless you can fix issues before dev does...

Seems you need to compromise for Android TV 13 currently and wait for fixes, or consider an older ROM w/ proper selinux / encryption working... 🙂 PW

Edit: Seems most Android ROMs for this are limited by selinix permissive mode... This article discusses hardware/other limitations for this experimental platform:
 
Last edited:

RubyRose

Member
Nov 21, 2022
10
0
Is it PI 4B? This ROM?:


Edit: Seems most Android ROMs for this are limited by selinix permissive mode... This article discusses hardware/other limitations for this experimental platform:
rpi4, bro. 8GB
I used exactly Android, not Android TV.
This ROM.

Is it possible for me to hide these errors in any way?
In principle, the necessary applications are launched for me. All other checkers go through. But still I would like to bring to the ideal.
 

pndwal

Senior Member
rpi4, bro. 8GB
I used exactly Android, not Android TV.
This ROM.
https://konstakang.com/devices/rpi4/LineageOS18/
Ah yes, you did say A11...
Is it possible for me to hide these errors in any way?
In principle, the necessary applications are launched for me. All other checkers go through. But still I would like to bring to the ideal.
Well you've forced enforcing and seen some issues... You may not be able to do much better...

Re 'ART parameters are abnormal', I believe this got fixed w/ latest LSPosed (I don't have it now and made no edits)... If you're on latest LSP it may have a different cause... I'm not aware of how to fix the other Momo detections either, but it's rare to see a perfect result; I'd urge you use Momo only for comparison purposes when troubleshooting how to bypass detection for a specific app you need... Are you useing bank apps on the Raspberry?... Which apps polling integrity attestations do you need?

Others here may have suggestions, but one of the @KonstaT forums here on XDA will probably be your best bet... PW
 

RubyRose

Member
Nov 21, 2022
10
0
Ah yes, you did say A11...

Well you've forced enforcing and seen some issues... You may not be able to do much better...

Re 'ART parameters are abnormal', I believe this got fixed w/ latest LSPosed (I don't have it now and made no edits)... If you're on latest LSP it may have a different cause... I'm not aware of how to fix the other Momo detections either, but it's rare to see a perfect result; I'd urge you use Momo only for comparison purposes when troubleshooting how to bypass detection for a specific app you need... Are you useing bank apps on the Raspberry?... Which apps polling integrity attestations do you need?

Others here may have suggestions, but one of the @KonstaT forums here on XDA will probably be your best bet... PW
It's a pity.(

Yes, I'm using the latest version of lsposed, and I can't find system.prop. It simply doesn't exist.
In this topic, a person already wrote a similar problem. I have exactly the same.
 

Attachments

  • IMG_20220416_193212.jpg
    IMG_20220416_193212.jpg
    190.8 KB · Views: 56

zgfg

Senior Member
Oct 10, 2016
8,203
5,840
Xiaomi Mi 11
Xiaomi Mi 11 Lite 5G
It's a pity.(

Yes, I'm using the latest version of lsposed, and I can't find system.prop. It simply doesn't exist.
In this topic, a person already wrote a similar problem. I have exactly the same.
New versions of Zygisk-LSPosed do not use system.prop anymore, instead all the props handling is in the Zygosk native so

You may try your luck with an older version of Zygisk-LSposed:

You could download the zips, unzip and find an older version that contained the system.prop file
 

martyfender

Senior Member
Mar 9, 2017
3,315
1,809
Indianapolis, IN
New versions of Zygisk-LSPosed do not use system.prop anymore, instead all the props handling is in the Zygosk native so

You may try your luck with an older version of Zygisk-LSposed:

You could download the zips, unzip and find an older version that contained the system.prop file
Is this device or Android version dependent? On one of my Android 9 tablets with the latest, official, canary debug build, every time I install the latest test version of zygisk lsposed, a new, clean copy of system.prop file is created in the lsposed module folder. The latest version is 1.8.5-6656.
 
  • Like
Reactions: J.Michael

zgfg

Senior Member
Oct 10, 2016
8,203
5,840
Xiaomi Mi 11
Xiaomi Mi 11 Lite 5G
Is this device or Android version dependent? On one of my Android 9 tablets with the latest, official, canary debug build, every time I install the latest test version of zygisk lsposed, a new, clean copy of system.prop file is created in the lsposed module folder. The latest version is 1.8.5-6656.
With Zygisk - LSPosed v1.8.5 (6649), I don't have system.prop in my /data/adb/modules/zygisk_lsposed

However, I see that there is a system.prop file in the installation archive Zygisk_-_LSPosed-v1.8.5(6649).zip, containing a single line:
dalvik.vm.dex2oat-flags=--inline-max-code-units=0

Also, the installation script customize.sh looks for the prop ro.maple.enable, if the prop exists with the value 1, it will be disabled by appending the system.prop:
if [ "$(grep_prop ro.maple.enable)" == "1" ] && [ "$FLAVOR" == "zygisk" ]; then
ui_print "- Add ro.maple.enable=0"
echo "ro.maple.enable=0" >> "$MODPATH/system.prop"
fi


However, I don't see anything else in the scripts to control wether the system.prop file will be kept in the /data/adb/modules/zygisk_lsposed folder or not

That must be controlled by the binary parts - to analyze the logic you would need to study the module's sources from GitHub - if available (frankly, I didn't search on GitHub, I automatically update the module when Magisk, Modules show that an Update is available)

See also the post/answer #2548 about the dex2oat wrapper (you will find in the module's bin subfolder)

Btw, you could check which of the two lines (or both) do you have in your system.prop:
dalvik.vm.dex2oat-flags=--inline-max-code-units=0
and/or
ro.maple.enable=0

The second line will be present only if you otherwise had
ro.maple.enable=1, but the logic behind the need of the first one (probably dependent on the Android version and so) should be in the sources for the module's binaries
 
Last edited:

patrickdrd

Senior Member
Mar 24, 2015
744
152
no shamiko for android 7 nougat?
it says only android 8.1+?
what can I do?

edit: I would also need lsposed zygisk (also not supported :( )

edit2: it seems I can't use lsposed, since it's 8.1+, so what should I do?
ditch zugisk and use xposed as before? or use zygisk but then what about shamiko?
 
Last edited:

samhhmobil

Senior Member
May 25, 2017
467
234
Hamburg
no shamiko for android 7 nougat?
it says only android 8.1+?
what can I do?

edit: I would also need lsposed zygisk (also not supported :( )

edit2: it seems I can't use lsposed, since it's 8.1+, so what should I do?
ditch zugisk and use xposed as before? or use zygisk but then what about shamiko?

You should downgrade, if you use a 5years old Android version.

For Android 7.x you should use Magisk not newer as 23.x (maybe even older)...

samhhmobil
 
  • Like
Reactions: patrickdrd

zgfg

Senior Member
Oct 10, 2016
8,203
5,840
Xiaomi Mi 11
Xiaomi Mi 11 Lite 5G
no shamiko for android 7 nougat?
it says only android 8.1+?
what can I do?

edit: I would also need lsposed zygisk (also not supported :( )

edit2: it seems I can't use lsposed, since it's 8.1+, so what should I do?
ditch zugisk and use xposed as before? or use zygisk but then what about shamiko?
Consider Magisk Delta - with Delta you don't need Shamiko (you will use Zygosk + MagiskHide)

However, there maybe other modules you may need, like LSPosed (same devs like Shamiko) that are also limited to the newer versions of Android
 
  • Like
Reactions: 73sydney and rodken

flaystus

Senior Member
Mar 20, 2011
191
14
Kind of a stupid question probably but I just rooted my phone with Magisk / Zygisk and I'm wondering if I'd make anything NOT work if I just black listed every app including system stuff then only "unblacklisted" the few things I want to have root access.

Basically I'd prefer a white list but short of that will I break anything if I just whole sale black list?
 

pndwal

Senior Member
Because... it runs stable and without issues with that (best is IMHO to combine software of same generation).
John supported A4.2 till 23.0 when he bumped support to 5.0 due to difficulties supporting earlier versions...

We still have 5.0 support... I haven't seen reports/indications of instability w/ 24+... Are there any? (Usually later versions fix bugs and are more stable, not less)... PW
 

patrickdrd

Senior Member
Mar 24, 2015
744
152
You should downgrade, if you use a 5years old Android version.

For Android 7.x you should use Magisk not newer as 23.x (maybe even older)...

samhhmobil
well ok but oddly magisk 23 fails to pass any safetynet tests,
while it passes both with magisk 25.2 :rolleyes:

edit: I even updated my device to android 9 which is the latest it got,
but I still failed to make outlook work (posted on another thread as well),
so I though to give 7.1 a try
 

pndwal

Senior Member
well ok but oddly magisk 23 fails to pass any safetynet tests,
while it passes both with magisk 25.2 :rolleyes:

edit: I even updated my device to android 9 which is the latest it got,
but I still failed to make outlook work (posted on another thread as well),
so I though to give 7.1 a try
Were you using Zygisk USNF module?; Won't be working w/ 23.0... Also, you'll need to toggle MagiskHide on (and use Riru/Riru_USNF etc)... PW
 

Top Liked Posts

  • 2
    Good evening, solved I downloaded directly from github and installed it's good thank you
    1
    (Maybe off-topic) Now we have an app that detect bootloader unlocked :v

    1
    Hello sorry about the irritation I explained myself badly as I solved for the root with magisk.
    My concern comes from the LSPosed apk version 1.8.6-6712 -zygisk-release .APK when I install it via magisk module I get an error I don't know if I should install the lower version or not.
    Also as it asks to restart once restart in magisk.apk no more instalation just the application, so I have to reflash with odin the 4 BL-AP files patched_magisk -CP -and home CSC to find my root.
    Just to know whether to install LSPosed or not.
    I hope it's clearer for sure

    attempt to install LSPosed v 1.8.4 zygisk see screenshot
    I don't know about the APK version of Zygisk-LSposed installation?
    Pls provide the link where you downloaded and the file name (with extension)

    Anyway, if it is really APK file then you have to install as any other APK file - by application installer, not through Magisk app

    I use Zygisk LSPosed, downloaded from below, Zygisk_-_LSPosed-v1.8.6(6712).zip and that one (zip) has to be installed through the Magisk app:

    Also, for Zygisk module, Zygisk must be enabled but on your screenshot it looks like not enabled.
    Make sure you do not use Riru, since Riru is not compatible with Zygisk
  • 5
    I found out the way how to detect magiskhide and safetynet fix, ... which is used by poinku 🙂
    4
    [ ... ] Read Permissive ROM = experimental, insecure, half-baked ROM not fit for daily use [ ... ]
    Actually, that is perfectly fit for my own daily use, and I doubt that I'm the only person who has this preference.
    But it's NOT a preference! ... It's a fact!

    ... I know you're no noob, but you may be developing a knack for confusing issues mate! 😜

    FWIW, John's technical explanation on Reddit: SELinux Permissive ROMs/Kernels are VERY BAD


    I want to be able to turn permissive mode on and off as part of my own ROM usage, depending upon the tasks I want to perform and the software I wish to run. In the past, I was able to do this in one or more ROMs, and there was nothing half-baked about my user experience.
    So you're talking about something completely different!
    www.youtube.com/watch?v=K2P86C-1x3o

    ... That's NOT a permissive ROM!... That's likely a perfectly stable SE enforcing ROM that you choose to disable 'enhanced security' on... And that's your business...

    Like the ROM discussed here, many find the simply cannot switch a permissive ROM to SE enforcing w/o breaking stuff... cos it's still half baked/not properly implemented... BUT permissive just breaks security in exchange for accessing ROM functions that simply won't work as they should...

    ... Bit like the builder in such a rush to list a house on the market that he hasn't fixed the doors that jam on their jambs... So he says "oh well... Who needs doors?"... And then someone buys it!... And they think "what a bargain!"... And they sleep soundly... Cos they got a bargain... Who needs doors, right? 😝

    However here's something more those switching even stable enforcing ROMs to permissive might want to to consider:
    https://www.xda-developers.com/permissive-selinux-dangers-exploits/
    I'm willing to take the associated risks, and I don't want to be paternally "protected" against those things against my will. Again, I'm sure I'm not the only Android user who feels this way.
    Sure you're not... Point is, You don't need a permissive ROM to do that...

    And of course ROM/Kernel Devs do that all the time to test fixes (you'll appreciate @arter97's response to this
    www.twitter.com/topjohnwu/status/1194574073017167877
    if you know who he is...), but it's actually far more likely that switching between modes will simply work on an enforcing ROM...

    Thing is, it may be fine to leave your doors open while you're home and awake... But would you be happy with no doors when you go out or Sleep? 😲 ... And really, any builder should put doors on houses he builds... unless it's for the Korowai people of West Papua... or in a gated hippie commune... PW
    3
    Hey team!
    Anybody can help me to find why still detecting?
    Magisk already hide with another name.

    Thanks

    View attachment 5802703
    View attachment 5802705
    Just answered the similar thing 2hrs ago in this SAME thread (previous page) - 3rd part of the post, HMA:
    https://forum.xda-developers.com/t/discussion-magisk-the-age-of-zygisk.4393877/post-87952173
    3
    But I hid the app from magisk in DenyList! Why does it see Magisk?
    That is the issue with most detection problems: If putting the app in DenyList was enough, this thread would be much shorter.

    Did you read @zgfg's response?
    3
    I found out the way how to detect magiskhide and safetynet fix, ... which is used by poinku 🙂
    Care to elaborate?
  • 130
    This is a discussion and help thread for the newer versions of Magisk.

    The main goal of this thread is to help users migrate to Magisk v24+
    • SafetyNet
      Basic integrity Pass
      CTS profile match Pass
    • Play Protect certification
      Device is certified

    Feel free to discuss or give links to other Magisk related issues.
    Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
    Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds. 🙃

    Please read John's State of Magisk (medium.com)

    Starting with the Magisk 23 (23010) canary builds.
    • MagiskHide is removed.
      MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
      Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
      You still have the option to Hide the Magisk app under setting.​
    • Magisk Module online Repo is removed.
      The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.​
    • Everything SafetyNet is removed.
      This includes the SafetyNet check that was incorporated into the Magisk app.​
    • Zygisk is introduced.
      Zygote + Magisk = Zygisk​
    • The Deny list replaces the Hide list.
      The Hide list (more or less) hid Magisk from the process on the list.
      The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.​

    Starting with the Magisk 23 (23017) canary builds.
    • Magisk supports update channels per module.
      Each module can include it's own update link.​
    • Hide Magisk offline.
      You do not need internet connection to rename (repackage) the Magisk app.​

    What does this mean?
    Not much.
    It is just the next step in Magisk's development.
    Zygisk is a big step forward. ;)

    Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share. :D

    Jump to Post


    This is post will be updated once Magisk v24 is released.
    68
    Magisk
    The Magic Mask for Android.

    Magisk Links:
    GitHub
    Release Notes

    Download Links:
    Stable and Beta releases.
    Canary
    • GitHub
      The notes.md file is the change log.
      The app-debug.apk is Magisk canary.
      Click on app-debug.apk and choose View Raw or click on the Download option.​

    Credits:
    topjohnwu
    All who contribute and support this project.
    59
    Modules

    MagiskHide Props Config
    This module allows you to add, change and adjust prop values systemlessly using Magisk.​

    MagiskHide Props Config Links:

    Download Links:

    Credits:
    Didgeridoohan
    All who contribute and support this project.


    Universal SafetyNet Fix
    It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
    This 'trick' has been implemented properly into quite a few custom roms.
    For custom roms that do not include it and/or stock roms, he turned it into a module.​

    Universal SafetyNet Fix Links:

    Download Links:

    Credits:
    kdrag0n
    All who contribute and support this project.
    55
    Apps

    Fox's Magisk Module Manager
    This app allows you to manage and install Magisk modules.
    Including from an online repo.​

    Fox's Magisk Module Manager Links:

    Download Links:

    Credits:
    Fox2Code
    All who contribute and support this project.

    Play Intergrity API Checker
    This app shows info about your device integrity as reported by Google Play Services.
    If any of this fails could mean your device is rooted or tampered in a way (for example you have an unlocked bootloader).​

    Development:

    Download Links:

    Credits:
    1nikolas
    All who contribute and support this project.

    YASNAC - Yet Another SafetyNet Attestation Checker
    YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.​

    YASNAC Links:

    Download Links:

    Credits:
    RikkaW
    All who contribute and support this project.
    46
    Force Basic Attestation

    Newer devices are designed to support hardware attestation.
    Currently there is no way to hide the sensitive device properties when checked using hardware attestation.​

    To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
    SafetyNet will then fall back to check using basic attestation.

    Note:
    This method will work for devices that support hardware attestation and devices that do not.
    • Enable Zygisk.
    • Install the USNF module.
    • Reboot

    To keep posts short, the instructions are hid by spoiler tags.
    If you have not installed Magisk.
    Follow the installation link in the Magisk post.​

    Download the Universal SafetyNet Fix module.
    Download link is in the Modules post.​

    1. Enable Zygisk
      • Open the Magisk app.
      • Go to Settings.
      • Scroll down to the Magisk section.
      • Toggle Zygisk on.
      • Go back to the Magisk Home screen.
    2. Go to Modules.
      • Select Install from storage.
      • Navigate to the Universal SafetyNet Fix module zip file and select it.
    3. Reboot.

    The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
    Depending on the device and system (ROM) configuration, you might need to adjust a few more.
    See the Adjust Prop values post.​