[Discussion] Magisk - The Age of Zygisk.

Search This thread

73sydney

Senior Member
Getting black screen on latest v1.7.86 of this app. Suspect is new detection mechanism. Anyone can test?
Before this version is fine (v1.7.84). Pass safetynet, Shamiko, Added to deny list it just wont work on latest version.

Pixel 6 Pro Latest Nov patch, Magisk 25.2

ill have a crack, also Pixel 6 Pro, though on A13

Update:

No bueno...even with Hide My Applist

Perhaps a Magisk Delta user will test for you.....
 

pupido

Senior Member
Apr 9, 2015
146
10
A few years ago I installed Magisk v. 22 on my Note 9 (Android 10). Today I tried, using Magisk Manager, to update both the app and Magisk to the latest version (via direct installation).
However, while the app updated to v. 25.2, instead, Magisk updated to v. 23. Is this normal?
I thought Magisk would also update to v. 25.2 just like Magisk Manager.
 

zgfg

Senior Member
Oct 10, 2016
8,230
5,871
Xiaomi Mi 11
Xiaomi Mi 11 Lite 5G
A few years ago I installed Magisk v. 22 on my Note 9 (Android 10). Today I tried, using Magisk Manager, to update both the app and Magisk to the latest version (via direct installation).
However, while the app updated to v. 25.2, instead, Magisk updated to v. 23. Is this normal?
I thought Magisk would also update to v. 25.2 just like Magisk Manager.
It's not normal but there are SO MANY differences in Magisk v25 (starting with v24) compared to your old v22 or v23) that I really suggest you:

- search on XDA for Magisk Zygisk thread and carefully read OP posts to be aware what has changed, and what would you need to configure manually from scratch , etc

- since you have happily lived so far with that ancient Magisk v22, maybe you don't need to jump to all the new things (Zygosk, DenyList instead of MagiskHide, no more Modules repository, optional Shamiko, USNF, Hide My Apps), and/or maybe you have an old version of Android that Magisk or important new modules (Shamiko, LSPosed) will not support
 
Last edited:

pupido

Senior Member
Apr 9, 2015
146
10
It's not normal but there are SO MANY differences in Magisk v25 (starting with v24) compared to your old v22 or v23) that I really suggest you:

- search on XDA for Magisk Zygisk thread and carefully read OP posts to be aware what has changed, and what would you need to configure manually from scratch , etc

- since you have happily lived so far with that ancient Magisk v22, maybe you don't need to jump to all the new things (Zygosk, DenyList instead of MagiskHide, no more Modules repository, optional Shamiko, USNF, Hide My Apps), and/or maybe you have an old version of Android that Magisk or important new modules (Shamiko, LSPosed) will not support
Thank you for your response.
I am interested in installing the Pixelify's module and I think with Magisk v. 23 it is not possible.
 

Mr.Jlu

Member
Jun 2, 2016
39
24
Hi Guys,

I found the checks the HDFC Bank_11.1.5 app is performing for checking the root status, most of the stuff is obfuscated but we can get a glimpse of what is going around in the background.
Any suggestion to bypass this is much appreciated.

C++:
package com.backbase.android.core.security;

import android.content.Context;
import com.backbase.android.core.utils.DoNotObfuscate;
import com.backbase.p006a.C0843b;
import lxl.C6232aa;

@DoNotObfuscate
/* loaded from: classes2.dex */
public class RootVerification {
    private C0843b rootUtils;
    private boolean rooted;

    public RootVerification(Context context) {
        this.rootUtils = new C0843b(context);
    }

    public boolean isRooted() {
        return this.rooted;
    }

    public RootVerification withBinaries(String[] strArr) {
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            } else if (C0843b.m10159a(strArr[i])) {
                this.rooted = true;
                break;
            } else {
                i++;
            }
        }
        return this;
    }

    public RootVerification withBusyBoxBinary() {
        this.rooted = C0843b.m10159a(C6232aa.m1119a(22896));
        return this;
    }

    public RootVerification withDangerousProps() {
        this.rooted = this.rootUtils.m10156b();
        return this;
    }

    public RootVerification withDefaultCheck() {
        C0843b c0843b = this.rootUtils;
        this.rooted = c0843b.m10157a((String[]) null) || c0843b.m10155b(null) || C0843b.m10159a(C6232aa.m1119a(22897)) || c0843b.m10156b() || c0843b.m10154c() || C0843b.m10160a() || C0843b.m10152d();
        return this;
    }

    public RootVerification withPotentiallyDangerousApps(String... strArr) {
        this.rooted = this.rootUtils.m10155b(strArr);
        return this;
    }

    public RootVerification withRootCloakingApps(String... strArr) {
        this.rooted = this.rootUtils.m10153c(strArr);
        return this;
    }

    public RootVerification withRootManagementApps(String... strArr) {
        this.rooted = this.rootUtils.m10157a(strArr);
        return this;
    }

    public RootVerification withRwSystem() {
        this.rooted = this.rootUtils.m10154c();
        return this;
    }

    public RootVerification withSuBinary() {
        this.rooted = C0843b.m10159a(C6232aa.m1119a(22898));
        return this;
    }

    public RootVerification withSuExist() {
        this.rooted = C0843b.m10152d();
        return this;
    }

    public RootVerification withTestKeys() {
        this.rooted = C0843b.m10160a();
        return this;
    }
}

Hello Guys,

[UPDATE]

I was able to bypass the root detection of this app using the following magisk module but it stopped working post reboot.

Magisk Module Name: InitRcHider
Reference URL: XDA Download Link: https://forum.xda-developers.com/attachments/initrchider-zip.5472273/
 
Last edited:
  • Like
Reactions: pndwal and ipdev

Eagleman71

Senior Member
Dec 4, 2007
101
31
FYI what to do post Android Security Update if wallet stops working (I don't know if someone else already wrote it or if it is so obvious that nobody needed to, LOL).

My Case:
Xiaomi MI 11 Ultra, Magisk 25.2 (33) installed and working. Banking apps and Wallet working.
Updates to new version with latest Android Security Patch.
Banking apps and Wallet NOT working anymore.

Just patch the new version of the boot.img, reflash and check once again the DenyList because sometimes some goolge servicer gets unflagged.
Al back to normal.
 
  • Like
Reactions: ipdev

anubisjack

Member
May 3, 2017
38
4
Thank you for your effort, at least I know that its not my problem
Fellow Malaysian here, and also before this new update, there are error code keep popping up, u notice? Like not even 1 second then it closed, maybe that was the detection mechanism but its not working yet, I installed the previous version of it for it to work temporary lol
 

prokiller1199

Senior Member
Nov 14, 2014
186
45
Johor Bahru
Fellow Malaysian here, and also before this new update, there are error code keep popping up, u notice? Like not even 1 second then it closed, maybe that was the detection mechanism but its not working yet, I installed the previous version of it for it to work temporary lol
Hey, u mean the stopped working dialog that appears and gone in seconds right. I solved that one by hiding all process in denylist, if not mistaken by default it only tick the first one.
 

anubisjack

Member
May 3, 2017
38
4
Hey, u mean the stopped working dialog that appears and gone in seconds right. I solved that one by hiding all process in denylist, if not mistaken by default it only tick the first one.
My one still popping out even tho I alredi deny all the processes lol, even game like undecember still detected the root even I hide it also
 

prokiller1199

Senior Member
Nov 14, 2014
186
45
Johor Bahru

Attachments

  • Screenshot_20221208-012612.png
    Screenshot_20221208-012612.png
    2.1 MB · Views: 48

pndwal

Senior Member
Hello Guys,

[UPDATE]

I was able to bypass the root detection of this app using the following magisk module.

Magisk Module Name: InitRcHider
Reference URL: XDA Download Link: https://forum.xda-developers.com/attachments/initrchider-zip.5472273/
Still haven't been able to do this on Xiaomi RN8T... Please say your device / OS... Thanks, PW
 

ajlir

Member
Dec 20, 2014
29
5
Model: Xiaomi Mi A1 (tissot)
OS: Lineage (19-20221206-NIGHTLY-tissot)
Magisk version: 25.2
Magisk Modules:
  • Advanced Charging Controller (ACC)
  • Shamiko
  • Systemless Hosts
  • Universal SafetyNet Fix (Displax)
  • Zygisk - LSPosed
LSPosed Module: Hide My Applist

Tested with Ruru and Momo (attached)

Not working with TnG ewallet (stuck at logo)

Will find resolution on Momo's findings and update here.

After reading through last 4-5 pages, I do not see anyone with my issues with Momo detection.

I'll keep looking in the meantime but can I get someone to help me on this, please?
 

Attachments

  • Screenshot_20221208-122532_Trebuchet.png
    Screenshot_20221208-122532_Trebuchet.png
    98.2 KB · Views: 101
  • Screenshot_20221208-125107_Trebuchet[1].png
    Screenshot_20221208-125107_Trebuchet[1].png
    151.7 KB · Views: 100
Last edited:

prokiller1199

Senior Member
Nov 14, 2014
186
45
Johor Bahru
Model: Xiaomi Mi A1 (tissot)
OS: Lineage (19-20221206-NIGHTLY-tissot)
Magisk version: 25.2
Magisk Modules:
  • Advanced Charging Controller (ACC)
  • Shamiko
  • Systemless Hosts
  • Universal SafetyNet Fix (Displax)
  • Zygisk - LSPosed
LSPosed Module: Hide My Applist

Tested with Ruru and Momo (attached)

Not working with TnG ewallet (stuck at logo)

Will find resolution on Momo's findings and update here.
Another TNG user here, I submitted a report to their developer team because I think it is app issues on latest version of TNG.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 5
    I use payload-dumper. You cannot select only a single img file to extract but you can kill it once it extracts what you needed
    I use Payload dumper go by @osm0sis .
    It's a Magisk module and you can extract specific partitions from payload.bin on device without unpacking the whole thing.
    Really handy👍
    5
    I found out the way how to detect magiskhide and safetynet fix, ... which is used by poinku 🙂
    4
    Just a simple question, that was not answered in installation guide on Github:
    When do I need to repatch the boot.img with magisk app? Can I use the same magisk_patched.img (patched boot.img from previous build) to gain back root after updating to newest monthly build?

    Renaming magisk.apk to magisk.zip and flash it in TWRP is no longer recommended, so I don't want to use this method.
    You can re-patch the previously patched boot.img only if updating Magisk (in that case you could also use Direct install)

    But if you upgrade ROM, you must use the new boot.img, coming with the new/updated ROM.
    However, you can extract (from the ROM zip file) and patch the new boot.img before flashing the new ROM, and then flash that patched new boot.img right after you upgrade the ROM

    If upgrading ROM does not wipe Data, all your modules, Magisk db with DenyList etc will remain, hence once you flash the newly patched boot.img, Magisk will continue to work

    However, some old modules might not be compatible with the upgraded ROM (usually when upgrading Android) - to prevent bootloops, better disable suspicious modules before upgrading the ROM (onxe you flash its patched boot.img, in case of bootloop, you will only be able to disable the problematic modules from TWRP or by Factory resetting - in that case you loose all)
    4
    That's interesting...

    This was broken for Pixel 6 and 7 at least for late A12 and A13 updates due to new partition digest checking by update engine... The linked Google documentation doesn't seem to have changed... Still says:

    ... This new check was identified as the issue because boot.img partition digest doesn't match after Magisk flashing so dm-verity devices indicate corrupt boot image and update/slot will be marked as failed/corrupted... I believe disabling verity/verification can't help since vbmeta can't be tampered for delta updates using update engine either...

    I mentioned this here:
    https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-87762979

    The issue is still marked in GitHub as wontfix...

    Do you know if Google has in fact changed/reverted their digest checks, or if this actually works w/ up-to-date releases for some?... And perhaps you could link a user's success story?... Thanks, PW
    Yeah, I'm aware that back in June vvb2060 stated that the OTA feature in Magisk doesn't work on Pixels because the partition digest calculations were not overwriting the original values . To my knowledge, no one has submitted a PR for that issue. Nor am I aware of any changes since then to the digest checks.

    There is also a related issue here.

    Nonetheless, as stated earlier, some people have had success as recently as last month's January security update. It still holds, though, that the majority of people are unsuccessful, at least in my observation. So I wouldn't say it was "broken", per se, but rather "much of the time does not work as intended". I still advise people to not use this method.

    On a side note, I have also seen a few people who were able to successfully take an OTA while rooted. Of course they lost root after they rebooted, but they were still able to successfully update while rooted even though the update should have failed due to the pre-OTA block verifications.

    Below is a quick sample of success stories, from July to last month (I think 3 of them are in December). There are others and I have also seen people report on Telegram that they were successful.










    4
    [ ... ] Read Permissive ROM = experimental, insecure, half-baked ROM not fit for daily use [ ... ]
    Actually, that is perfectly fit for my own daily use, and I doubt that I'm the only person who has this preference.
    But it's NOT a preference! ... It's a fact!

    ... I know you're no noob, but you may be developing a knack for confusing issues mate! 😜

    FWIW, John's technical explanation on Reddit: SELinux Permissive ROMs/Kernels are VERY BAD


    I want to be able to turn permissive mode on and off as part of my own ROM usage, depending upon the tasks I want to perform and the software I wish to run. In the past, I was able to do this in one or more ROMs, and there was nothing half-baked about my user experience.
    So you're talking about something completely different!
    www.youtube.com/watch?v=K2P86C-1x3o

    ... That's NOT a permissive ROM!... That's likely a perfectly stable SE enforcing ROM that you choose to disable 'enhanced security' on... And that's your business...

    Like the ROM discussed here, many find the simply cannot switch a permissive ROM to SE enforcing w/o breaking stuff... cos it's still half baked/not properly implemented... BUT permissive just breaks security in exchange for accessing ROM functions that simply won't work as they should...

    ... Bit like the builder in such a rush to list a house on the market that he hasn't fixed the doors that jam on their jambs... So he says "oh well... Who needs doors?"... And then someone buys it!... And they think "what a bargain!"... And they sleep soundly... Cos they got a bargain... Who needs doors, right? 😝

    However here's something more those switching even stable enforcing ROMs to permissive might want to to consider:
    https://www.xda-developers.com/permissive-selinux-dangers-exploits/
    I'm willing to take the associated risks, and I don't want to be paternally "protected" against those things against my will. Again, I'm sure I'm not the only Android user who feels this way.
    Sure you're not... Point is, You don't need a permissive ROM to do that...

    And of course ROM/Kernel Devs do that all the time to test fixes (you'll appreciate @arter97's response to this
    www.twitter.com/topjohnwu/status/1194574073017167877
    if you know who he is...), but it's actually far more likely that switching between modes will simply work on an enforcing ROM...

    Thing is, it may be fine to leave your doors open while you're home and awake... But would you be happy with no doors when you go out or Sleep? 😲 ... And really, any builder should put doors on houses he builds... unless it's for the Korowai people of West Papua... or in a gated hippie commune... PW
  • 131
    This is a discussion and help thread for the newer versions of Magisk.

    The main goal of this thread is to help users migrate to Magisk v24+
    • SafetyNet
      Basic integrity Pass
      CTS profile match Pass
    • Play Protect certification
      Device is certified

    Feel free to discuss or give links to other Magisk related issues.
    Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
    Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds. 🙃

    Please read John's State of Magisk (medium.com)

    Starting with the Magisk 23 (23010) canary builds.
    • MagiskHide is removed.
      MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
      Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
      You still have the option to Hide the Magisk app under setting.​
    • Magisk Module online Repo is removed.
      The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.​
    • Everything SafetyNet is removed.
      This includes the SafetyNet check that was incorporated into the Magisk app.​
    • Zygisk is introduced.
      Zygote + Magisk = Zygisk​
    • The Deny list replaces the Hide list.
      The Hide list (more or less) hid Magisk from the process on the list.
      The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.​

    Starting with the Magisk 23 (23017) canary builds.
    • Magisk supports update channels per module.
      Each module can include it's own update link.​
    • Hide Magisk offline.
      You do not need internet connection to rename (repackage) the Magisk app.​

    What does this mean?
    Not much.
    It is just the next step in Magisk's development.
    Zygisk is a big step forward. ;)

    Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share. :D

    Jump to Post


    This is post will be updated once Magisk v24 is released.
    68
    Magisk
    The Magic Mask for Android.

    Magisk Links:
    GitHub
    Release Notes

    Download Links:
    Stable and Beta releases.
    Canary
    • GitHub
      The notes.md file is the change log.
      The app-debug.apk is Magisk canary.
      Click on app-debug.apk and choose View Raw or click on the Download option.​

    Credits:
    topjohnwu
    All who contribute and support this project.
    59
    Modules

    MagiskHide Props Config
    This module allows you to add, change and adjust prop values systemlessly using Magisk.​

    MagiskHide Props Config Links:

    Download Links:

    Credits:
    Didgeridoohan
    All who contribute and support this project.


    Universal SafetyNet Fix
    It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
    This 'trick' has been implemented properly into quite a few custom roms.
    For custom roms that do not include it and/or stock roms, he turned it into a module.​

    Universal SafetyNet Fix Links:

    Download Links:

    Credits:
    kdrag0n
    All who contribute and support this project.
    55
    Apps

    Fox's Magisk Module Manager
    This app allows you to manage and install Magisk modules.
    Including from an online repo.​

    Fox's Magisk Module Manager Links:

    Download Links:

    Credits:
    Fox2Code
    All who contribute and support this project.

    Play Intergrity API Checker
    This app shows info about your device integrity as reported by Google Play Services.
    If any of this fails could mean your device is rooted or tampered in a way (for example you have an unlocked bootloader).​

    Development:

    Download Links:

    Credits:
    1nikolas
    All who contribute and support this project.

    YASNAC - Yet Another SafetyNet Attestation Checker
    YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.​

    YASNAC Links:

    Download Links:

    Credits:
    RikkaW
    All who contribute and support this project.
    46
    Force Basic Attestation

    Newer devices are designed to support hardware attestation.
    Currently there is no way to hide the sensitive device properties when checked using hardware attestation.​

    To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
    SafetyNet will then fall back to check using basic attestation.

    Note:
    This method will work for devices that support hardware attestation and devices that do not.
    • Enable Zygisk.
    • Install the USNF module.
    • Reboot

    To keep posts short, the instructions are hid by spoiler tags.
    If you have not installed Magisk.
    Follow the installation link in the Magisk post.​

    Download the Universal SafetyNet Fix module.
    Download link is in the Modules post.​

    1. Enable Zygisk
      • Open the Magisk app.
      • Go to Settings.
      • Scroll down to the Magisk section.
      • Toggle Zygisk on.
      • Go back to the Magisk Home screen.
    2. Go to Modules.
      • Select Install from storage.
      • Navigate to the Universal SafetyNet Fix module zip file and select it.
    3. Reboot.

    The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
    Depending on the device and system (ROM) configuration, you might need to adjust a few more.
    See the Adjust Prop values post.​