[Discussion] Magisk - The Age of Zygisk.

[zgfg]

Why would I do this when v23 works great and 24 removed magiskhide?

Nobody is forcing you.

But are you aware about DenyList instead of MagiskHkde?
Read OP posts here (and maybe post #14)

 

[mingkee]

Thanks @ipdev

I tried to put a short help for probably the most frequent posts/questions soon to expect.
(Sorry for cross-posting, I first put to the old and cluttered General Magisk thread but this is now better place)

===

Please carefully read Magisk Changelog and OP posts in this thread

Study the Magisk documentation from the official Magisk Github page - particularly about installing Magisk (if not familiar with patching the image in Magisk app and flashing the patched img from Fastboot- different from the old school about flashing Magisk zip through TWRP)

a) No more MagiskHide. New technology instead (for the same - to help hiding root): Zygisk+DenyList

b) No more built in SafetyNet checker. Install from PlayStore e g: YASNAC

c) Modules window does no more connect to the (now frozen) old Modules repository.
You must download module zip files manually and "Install from local storage".
Or search for and install Fox Magisk Module Manager (Fox Mmm) app - it will connect to the new, alternative repository

---

1) Make sure that both Magisk app and Magisk are installed and updated to the new version. Inspect version numbers on the main Magisk window/page

2) Make sure to uninstall all Riru modules (not compatible with Zygisk)

3) Settings, Enable Zygisk and reboot.
Then check on the main window does it show Zygisk Yes

4) Settings, enable Enforce DenyList.
Configure DenyList, enable filters to Show OS and System apps
Find Google Play Services and check-in only the two processes ending with gms and gms.unstable.
You will have to check in all your banking apps and so as you used with MagiskHide.
Always reboot upon reconfiguring DenyList

5) If SafetyNet does not pass, install USNF 2.2.1 and test again.
Always reboot upon installing a module, also if/when you enable Systemless Hosts

---

Intentionally, I didn't want to complicate with Shamiko for the new Magisk 24 users

Then Magisk hide is replaced by Zygisk + Deny List?
Should I keep using Safetynet Fix and switch to Zygisk version?

 

[ldeveraux]

Nobody is forcing you.

But are you aware about DenyList instead of MagiskHkde?
Read OP posts here (and maybe post #14)

Can you guarantee that all apps that magiskhide hid root from will hide root with the deny list? Why fix what wasn't broken? magiskhide has worked well for most people for years.

 

[mingkee]

Why would I do this when v23 works great and 24 removed magiskhide?

You have to use 24 on S

 

[nacos]

Did you setup DenyList?
Check if SafetyNet passes.
You may need to use USNF 2.2.1 - read e g. post #14 in this thread

To hide Zygisk itself, use Shamiko - once installed, you need to disable Enforce DenyList since Shamiko will take over

Shamiko must be also downloaded from TG, but thanks to the new module auto-updating scheme (properly implemented for Shamiko but not for LSPosed), its URL can be obtained:

https://github.com/LSPosed/LSPosed.github.io/releases/download/shamiko-72/Shamiko-v0.3.0-72-release.zip

Something's not right. I'm no longer able to open the bank apps ++ (whereas I used to be able to run all these apps under Magisk 23 + Hide)

Samsung S8, Havoc OS (Android 10), MicroG.

1. I did configure Deny list and added all affected aps (as previously)
2. Zygisk shows yes on the main page
3. I did install USNF 2.2.1, however I don't pass SafetyNet. YASNAC reports "Google Play Services API error16: cancelled"
4. I also installed Shamiko and disabled Deny List in settings.
5. Self-check in MicroG confirms System does have signature spoofing (through LSPosed > FakeGaaps)

Any suggestions? Thanks!

 

[ldeveraux]

You have to use 24 on S

I'm on 11 because S came out 3 months ago and I'm not beta testing for Android. Just like nobody's forcing me to update to v24, nobody's forcing anyone to update to Android 12...

 

[mingkee]

Can you guarantee that all apps that magiskhide hid root from will hide root with the deny list? Why fix what wasn't broken? magiskhide has worked well for most people for years.

I will try 24 on my abandoned phone with R
Hopefully I will figure out the new method

 

[V0latyle]

Can you guarantee that all apps that magiskhide hid root from will hide root with the deny list?

Nothing is ever a guarantee. If the risk of root detection is unacceptable to you, don't root. You are completely and absolutely at your own risk here. You and you alone are liable for any problems you may experience.

That being said, for the majority of people using Magisk + USNF + MHPC in the proper configuration have had success.

Why fix what wasn't broken? magiskhide has worked well for most people for years.

This was answered in the OP. Please read John Wu's 2021 blog post as it describes why Magisk transitioned to Zygote, as well as why MagiskHide has been discontinued.

 

[zgfg]

Can you guarantee that all apps that magiskhide hid root from will hide root with the deny list? Why fix what wasn't broken? magiskhide has worked well for most people for years.

Why should I guarantee you anything?!

Guys, please understand that there are VARIOUS (banking) apps that detect or guess about root by VARIOUS methods.
What works to hide root from one app, does not work for the other app - or will no more work for the first app upon they update the app

Did you take some time to read what was posted in this thread about PushTAN?
With the same settings root is successfully hidden for other users but not for any Xiaomi users

YOUR MILLEAGE MAY VARY

Sorry, being tired of answering to such posts, specially when people are lazy or what to first read something - sorry to being rude, but that's it

 

[ldeveraux]

Why should I guarantee you anything?!

Guys, please understand that there are VARIOUS (banking) apps that detect or guess about root by VARIOUS methods.
What works to hide root from one app, does not work for the other app - or will no more work for the first app upon they update the app

Did you take some time to read what was posted in this thread about PushTAN?
With the same settings root is successfully hidden for other users but not for any Xiaomi users

YOUR MILLEAGE MAY VARY

Sorry, being tired of answering to such posts, specially when people are lazy or what to first read something - sorry to being rude, but that's it

It was a hypothetical question; one we all already know the answer too. The point is many people were upset when this transition was announced because something worked great for them and was changed. Sure I don't have to upgrade, and I won't because magiskhide works 100% for me, as it does for most people. We all know why TJW stopped development of magisk and it had nothing to do with the app. This just seems like a regression or at best a lateral tech shift.

ninjaedit: Why in the world is this still considered a version number upgrade from Magisk when they are essentially different apps? Why not just call it the Zygisk app or whatever you're calling it and offer it as a version 1.0 separate entity? Maybe that would confuse people less and you wouldn't have to answer the same question repeatedly.

 

[nacos]

Did you setup DenyList?
Check if SafetyNet passes.
You may need to use USNF 2.2.1 - read e g. post #14 in this thread

To hide Zygisk itself, use Shamiko - once installed, you need to disable Enforce DenyList since Shamiko will take over

Shamiko must be also downloaded from TG, but thanks to the new module auto-updating scheme (properly implemented for Shamiko but not for LSPosed), its URL can be obtained:

https://github.com/LSPosed/LSPosed.github.io/releases/download/shamiko-72/Shamiko-v0.3.0-72-release.zip

Could you please check my last post #85 (link below). I would appreciate any suggestions. Thanks!

[Discussion] Magisk - The Age of Zygisk.

This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...

forum.xda-developers.com

 

[zgfg]

Something's not right. I'm no longer able to open the bank apps ++ (whereas I used to be able to run all these apps under Magisk 23 + Hide)

Samsung S8, Havoc OS (Android 10), MicroG.

1. I did configure Deny list and added all affected aps (as previously)
2. Zygisk shows yes on the main page
3. I did install USNF 2.2.1, however I don't pass SafetyNet. YASNAC reports "Google Play Services API error16: cancelled"
4. I also installed Shamiko and disabled Deny List in settings.
5. Self-check in MicroG confirms System does have signature spoofing (through LSPosed > FakeGaaps)

Any suggestions? Thanks!

SafetyNet uses Google Play Services (GMS). AFAIK, you cannot substitute GMS with MicroG

Maybe it was possible way ago, but not now - GMS communicates with the Google servers. Communication is authenticated by PKI. MicroG or nobody else could sign with the private key of Google Play Services, hence Google servers would immediately know they don't talk to GMS

API error actually means that SN communication is broken.. I doubt that MicroG even provides SN API (knowing that it cannot spoof Google's backend part for SN). Hence your API error probably means that SN checker cannot find GMS and its SN API

 

[nacos]

SafetyNet uses Google Play Services (GMS). AFAIK, you cannot substitute GMS with MicroG

Maybe it was possible way ago, but not now - GMS communicates with the Google servers. Communication is authenticated by PKI. MicroG or nobody else could sign with the private key of Google Play Services, hence Google servers would immediately know they don't talk to GMS

API error actually means that SN communication is broken.. I doubt that MicroG even provides SN API (knowing that it cannot spoof Google's backend part for SN). Hence API error probably means that SN checker cannot find GMS and its SN API

Makes sense. The interesting part is that under Magisk v.23, although clearly I also wasn't passing SafetyNet, I was able to use all banking apps that currently no longer run. This tells me that Magisk's previous built-in hiding mechanism worked, while Magisk's v.24.1 external hiding mechanism doesn't - unless it passes SafetyNet - which is likely the only hiding mechanism.

Anyways, I truly appreciate your help. Thanks a lot.

 

[tom1807]

No idea what kind of sorcery this is, but I got yesterday my Pixel 6 and this Zygisk is pretty awesome.
Not only work now bank apps again, which still detected root, despite being properly rooted on my previous mobile and passing SafetyNet, but most amazing, DRM Info shows, that I am in Widevine CDM on security level L1.
Pretty amazing.

Cheers
Tom

 

[mingkee]

No idea what kind of sorcery this is, but I got yesterday my Pixel 6 and this Zygisk is pretty awesome.
Not only work now bank apps again, which still detected root, despite being properly rooted on my previous mobile and passing SafetyNet, but most amazing, DRM Info shows, that I am in Widevine CDM on security level L1.
Pretty amazing.

Cheers
Tom

How did you setup compared with 23?

 

[tom1807]

How did you setup compared with 23?

I followed this guide, worked like a charm.

Cheers
Tom

 

[bgsdeluxe]

Anybody with Magisk v24 or v24.1 and safetynetfix 2.2.1 and Google Play Services added to hidelist could do me a favour and check, if Play Store is still present in this list after a reboot, please? (Yes, I ticked "show system apps" )
Thanks, highly appreciated.

 

[tom1807]

Anybody with Magisk v24 and safetynetfix 2.2.1 and Google Play Services added to hidelist could do me a favour and check, if Play Store is still present in this list after a reboot, please? (Yes, I ticked "show system apps" )
Thanks, highly appreciated.

Yep, still present

Cheers
Tom

 

[bgsdeluxe]

Yep, still present

Cheers
Tom

Thank you! I meant to ask for Play Services, not Store.
Are you running A12 or an older build?
Another app (non-system app) I added is still in hidelist only Play Services isn't surviving reboot. That's due to Magisk Hide not enabled?

 

[mkcs]

I received this error even though Zygisk is enabled and UNSF are installed