[Discussion] Magisk - The Age of Zygisk.

Search This thread

Lughnasadh

Senior Member
Mar 23, 2015
3,329
3,297
Google Nexus 5
Huawei Nexus 6P
I received this error even though Zygisk is enabled and UNSF are installed

View attachment 5521983
"The API key used by YASNAC has a quota of 10,000 times per day. If the quota is exhausted, you will see an error and you will not be able to use it until the quota is restored the next day."

Try another one in the meantime, such as SafetyNet Checker.
 

BillGoss

Senior Member
Sep 2, 2010
5,171
4,546
Sydney
OnePlus 3T
  • Like
Reactions: ipdev

Lughnasadh

Senior Member
Mar 23, 2015
3,329
3,297
Google Nexus 5
Huawei Nexus 6P
I've had the same error after updating to 24.1. But I've also had it pass successfully, so the error seems to come and go.

I've also checked SafetyNet using SafetyNet Test (https://play.google.com/store/apps/details?id=org.freeandroidtools.safetynettest) and it fails saying "fail (can't access Google Play Services)".
See my post above about YASNAC.

Try SafetyNet Checker. https://play.google.com/store/apps/details?id=com.flinkapps.safteynet&hl=en_US&gl=US
 
Last edited:
  • Like
Reactions: BillGoss

doniedogawa

Member
Oct 29, 2021
29
2
Indonesia
I just updated Magisk from version 23 to 24.1 directly from the app on my LG V20 Oreo stock rooted ROM. After restart, it crashed like the attached one.

Maybe Magisk 24+ doesn't compatible with the ROM?
 

Attachments

  • 20220109_102229.jpg
    20220109_102229.jpg
    2.3 MB · Views: 105
Last edited:

zgfg

Senior Member
Oct 10, 2016
7,186
4,635
Thank you! I meant to ask for Play Services, not Store.
Are you running A12 or an older build?
Another app (non-system app) I added is still in hidelist only Play Services isn't surviving reboot. That's due to Magisk Hide not enabled?
AFAIK, USNF 2.2.1 takes care of GMS - somebody reported that he passed SN with USNF although he did not put GMS to DenyList
 
Last edited:

pndwal

Senior Member
It was a hypothetical question; one we all already know the answer too. The point is many people were upset when this transition was announced because something worked great for them and was completely changed. Sure I don't have to upgrade, and I won't because magiskhide worked 100% for me, as it did for most people. We all know why TJW stopped development of magisk and it had nothing to do with the app.
John doesn't do much on the App anyway... He pretty much offloaded that to Diareuse a couple of years ago. 😄

And apart from a break of only weeks, he actually didn't stop development even after beginning his Google tenure. - If you check his commits after mid May, you'll see he'd been working on major framework changes (to support Zygisk etc) and began merging fixes / changes from July... These were hidden from the public until after he announced 'Magisk is back!' at end of August and unhid them.

So in reality, much of the time he had been required to stop contributing to his open source project pending a review of his management chain, copyright, legal, code of conduct, and possibly much more (standard big tech company procedure for new employees with open source projects, and more especially for jobs entailing software [Android] security), he had been working on it, but had simply closed it in the interim...

Turned out Google was as good as the word of some senior staff who posted that Google has no interest in stopping either Magisk Development or root use AFAICS.

Incidentally, some people labelled him a traitor for working for Apple... now for Google!? ... Do we expect a dev like him to operate only in amateur circles?
The point is many people were upset when this transition was announced because something worked great for them and was completely changed. Sure I don't have to upgrade, and I won't because magiskhide worked 100% for me, as it did for most people... this just seems like a regression or at best a lateral tech shift.
But it will stop 'working great' for you one way or another, sooner or later...

If bank apps you use move to custom detection methods harder to circumvent, eg detecting Isolated process leaks (many do already) or other, then you will likely come to appreciate the new the Magisk w/ Zygisk framework which enables more powerful hiding ability (as John explained a couple of years ago when first proposing Magisk in Zygote). Nb. Improved hiding was actually the original object of this quantum shift, but of course it also gives modules more power to do all sorts of things...

So we actually have (much) better hiding potential, it's just that John won't lead the hiding effort any longer (and he's been at pains to explain why he's not interested in doing this any longer - at least since Google began began testing HKA implementation, ie. long before he became a 'Googler' with access to their proprietary source code...). He has, however, pointed out that others need / 'can start to do their job', and that we already have such 3rd party solutions. (Neither John nor Google are out to prevent this, at least until HKA is enforced.)

Really, apart from maintaining SafetyNet passing for new devices / OS changes (which is 'trivial' in John's estimation) and hiding of Magisk App / Manager, John has not been improving Magisks ability to hide modified TEE for years now anyway.

The real innovations / research / testing have actually been led by Devs like RikkaW with her knowledge of injecting into Zygote / pre-Zygisk Riru XHook framework solution supporting her own Storage Isolation (Storage Redirect) app as well as other dev's hiding modules, vvb2060 with her Lite Magisk fork, Riru-Unshare etc, Canyie with her Riru-MomoHider, Nullptr (Dr-TSNG) with HideMyApplist, Shana (LoveSy, LoveSyKun) principal LSPosed contributor (team behind current Shamiko hiding solution), etc...

New Magisk is actually John improving the framework for these (module) Devs!... And I must say, given the complexities of hiding new detections should we expect effective hiding from just one dev?! ... The Cat is no longer just Google, but an ever increasing number of banks running one mouse ragged...

Wait... Why not let more MICE out of the bag and run the cats ragged???

I believe John's strategy to improve the Magisk framework does just this... And it seems there's now an endless supply of such 16 - 25 year old female Anime / Manga (the new Monty Python for coders?) loving genius mice keen to play!... He's been communicating with many of them in his native Chinese just today...

Requirements / for running proprietary code in a TEE and efforts to enforce this are constantly changing / being strengthened (even Windows 11 is a move towards ensuring this thru HKA on PCs).

Subverting detection of modified TEE was fun for TJW for some time, but it's NOT the real purpose of Magisk and never was!... John is now 'taking Magisk more seriously now' as he put it, and leaving the TEE spoofing game to others. (Can you blame him?)
-----------------------​
I did say 'sooner or later'. I hope I've covered 'sooner', how many Devs are now carrying the Magisk hide / TEE spoofing baton, and why John's work continues to support / enable such efforts in reality.

Re. 'later', the TEE spoofing game ('fun') will undoubtedly be over for good once Google enforces HKA. This has already been years in the making, but may occur at any tick of the clock... 🐈🐁🔨

Magisk, on the other hand, is set to live on / continue to be essential for Android custom modders!

🤠 PW
 
Last edited:

mingkee

Senior Member
One Ace crashed and needed factory reset, and I took a chance to try out 24.1
Added Safetynet Fix and enabled zygisk and deny list
Strangely, Google Play Services doesn't stick upon reboot
You need to add two cts components (found in system) on deny list
It seems to be OK and I was able to grab Netflix, but I still have to deal with L3 even Netflix is in deny list
 
Last edited:

pndwal

Senior Member
It seems like everyone is checking their SafetyNet status today for some reason. :unsure:
Just kidding. I know why. :ROFLMAO:

Quite a few SafetyNet check apps are hitting their daily limit. 🙃

Cheers all. :cowboy:

PS.
Root Check app is also maxed out for today.
Yup, Quota limit hit for unpaid apps...

I haven't looked yet, but reportedly an XDA article 'advertised' YASNAC today, and there's been a resulting torrent of downloads / checks just for kicks!?... As mentioned, normality should return tomorrow, or when everyone has caught up with the Daily XDA at least... 😁 PW
 
Last edited:

pndwal

Senior Member
AFAIK, USNF 2.1 takes care of GMS - somebody reported that he passed SN with USNF although he did not put GMS to DenyList
Actually it doesn't. 2.1.x is Riru-USNF and requires MagiskHide; toggling that on adds Google Play Services processes automatically.

2.2.x series is Zygosk-USNF, and does hide these processes itself / removes them from denylist. 😉 PW
 

zgfg

Senior Member
Oct 10, 2016
7,186
4,635
Actually it doesn't. 2.1.x is Riru-USNF and requires MagiskHide; toggling that on adds Google Play Services processes automatically.

2.2.x series is Zygosk-USNF, and does hide these processes itself / removes them from denylist. 😉 PW
It was a typo (2.1 instead of 2.2.1) - but good to see you again
 

Attachments

  • IMG_20220129_084755.jpg
    IMG_20220129_084755.jpg
    171.8 KB · Views: 59
Can you guarantee that all apps that magiskhide hid root from will hide root with the deny list? Why fix what wasn't broken? magiskhide has worked well for most people for years.
Because banking apps, etc. are continuously updated and they themselves will break what worked well for many years. My banking app updated 2 weeks ago and suddenly started detecting root. Magisk 23 with safety net fix and MagiskHide is not guaranteed to continue working as app developers come up with better methods of detecting root, etc.
 

pndwal

Senior Member
Since TG links are not allowed on XDA, decipher from the screenshot
That 'rule' was previously insisted on by moderator @TNSMANI in September.

It wasn't in the official XDA rules post, and I wasted much time (in private conversation posts mid September to October) asking for clarification on how a post re. OPs of development threads being allotted one TG link only could be applied to General Discussion threads with the interpretation that users could not post ANY Social Media links, TG, WhatsApp or other...

I got no clarity, only insistence that this was the official XDA stance, and told to ask other senior moderators... I didn't...

Some time later, @Didgeridoohan posted this:
...
Social media?

However, mods have since warned several of us re. giving links to Twitter, Telegram etc XDA deems 'social media'.
And finally, this little tidbit. I've seen this mentioned a couple of times in this thread, but it needs some clarification.

Linking/quoting social media posts (or other webpages for that matter) is perfectly fine (as long as they're on the straight and narrow, i.e. no warez or stuff like that). I don't care what's been said before, this is where we are at now....

Conclusion/TL;DR
Keep things on topic...
Linking post on social media is fine.
Directing users and discussions away from XDA is not fine....
I was a bit frustrated at the time that common sense only prevailed with a public airing after a user got upset with me for not citing a source, but I think @Didgeridoohan finally killed off / buried that 'rule' in December, although @TNSMANI has never got back to me or commented further on this.

Anyway, that's why I've been freely posting TG and other links again. 😛 PW
 
Last edited:
  • Like
Reactions: davisml and zgfg

jons99

Senior Member
Nov 5, 2019
241
282
looks like safetynet checking is working again so please don't abuse it if you know you can pass safetynet let others that are trying to setup shamiko use it cause shamiko is not very straight forward maybe ipdev can add a few words in the first pages on how to setup shamiko
 

Attachments

  • photo_2022-01-29_10-53-06.jpg
    photo_2022-01-29_10-53-06.jpg
    28.1 KB · Views: 74

shadow460

Member
Oct 6, 2017
35
6
Oklahoma City
After this, Magisk is gonna be a hard pass for me. John's gotta do what's in his best interests and I hope he is successful with Google.
I'll be sticking with Version 23 until another root solution comes along. I am having trouble after trying to update and then downgrading.
As for apps that check root status, if Magisk Hide can't defeat that, I'll delete them. Those services that I need can be accessed through any web browser, so I'll replace the app with a shortcut to the website. It's none of their business what I do with my own cell phone.
I might detail my issues another day. It's late and I'm too tired to work on the phone much. I tried Riru and some safety net fix, but uninstalled them when I downgraded to Magisk 23.
There is a very good reason I do not update anything on my phone unless absolutely necessary, and this is it. Again, I have no hard feelings. I've gotten a lot of miles outta Magisk and am thankful for that.
 

zgfg

Senior Member
Oct 10, 2016
7,186
4,635
That 'rule' was previously insisted on by moderator @TNSMANI in September.

It wasn't in the official XDA rules post, and I wasted much time (in private conversation posts mid September to October) asking for clarification on how a post re. OPs of development threads being allotted one TG link only could be applied to General Discussion threads with the interpretation that users could not post ANY Social Media links, TG, WhatsApp or other...

I got no clarity, only insistence that this was the official XDA stance, and told to ask other senior moderators... I didn't...

Some time later, @Didgeridoohan posted this:

I was a bit frustrated at the time that common sense only prevailed with a public airing after a user got upset with me for not citing a source, but I think @Didgeridoohan finally killed off / buried that 'rule' in December, although @TNSMANI has never got back to me or commented further on this.

Anyway, that's why I've been freely posting TG and other links again. 😛 PW
E.g, this is a new (sub)forum opened last week for Xiaomi Lisa:

As a sticky message from moderators, it still emphasizes the old (2018) rule:

It's still a murky area
 
Last edited:
  • Like
Reactions: pndwal

pndwal

Senior Member
E.g, this is a new (sub)forum opened last week for Xiaomi Lisa:

As a sticky message from moderators, it still emphasizes the old (2018) rule:

It's still a murky area
Sigh... That's why I gave up...

That's the same 'rule', but how do you interpret what it says???

It reads "Why was your Telegram/WhatsApp group/channel thread closed?
...Going forward, we will only allow only one Telegram/WhatsApp link in a development thread by the ROM developer provided thorough support is still provided in the ROM thread....
All discussion channels, photography channels, etc. will be strongly discouraged and removed with immediate effect"

These are neither Development Threads, nor Telegram/WhatsApp group/channel threads, whatever they are... They're General Discussion threads!

And who wants to open a 'discussion channel, photography channel, etc'?... I'm guessing the retired OP was referring to the same 'Telegram/WhatsApp group/channel threads' mentioned at the outset that XDA can "close" / "remove"... So are these XDA threads???

Anyway, it's all hopelessly confusing to me... I think @Didgeridoohan's "Linking/quoting social media posts (or other webpages for that matter) is perfectly fine (as long as they're on the straight and narrow, i.e. no warez or stuff like that). I don't care what's been said before, this is where we are at now...." call for these threads was the right one personally.

XDA is great in some ways, amateurish in others... but of course it must be; they're all volunteers doing their best...

Still, it would be good to have some uniformity / a review of the official rules to clarify what's what across the board (even some rules there seem obsolete / impractical, eg how can we quote but not copy and paste!? - do they want to make life harder for those who contribute?)...

For now I'll take it that at least for Magisk General Discussion, linking Social Media is "perfectly fine"... 😐 PW
 

Top Liked Posts

  • There are no posts matching your filters.
  • 9
    Where do you guys get Momo? I can't download from Telegram on PC and I don't want to create an account.
    I've attached it for you. :)
    8
    I am just curious why you don't want to install telegram. About a year ago, or so, I uninstalled telegram because I got tired of the juvenile, posts on an android app dev forum, lspeed. I feel now that telegram is better moderated, but that is mostly based on the magisk alpha, lsposed. etc that I am now on. Is there some other security issues with it that I am not aware? I have most notification in it turned off so it doesn't constantly annoy me.
    Nah just the childishness nonsense you mention. I was on a few Android groups at one point and they were all pretty obnoxious. That and when I tried having a public profile getting random "Hey are you THE osm0sis from xda? Cool! Just checking." roughly every couple days was ridiculous. Made me fairly certain I'm doing just fine with xda, Twitter, email, GitHub, Slack and TWRP's Zulip. 😜
    6
    But we can attach the file itself, can't we @pndwal ?
    5
    Seems not, but Canyie has fixed her GitHub link to Momo from MomoHider page https://github.com/canyie/Riru-MomoHider ('depreciation notice' introduces Shamiko - MomoHider may not be a 'thing' anymore...) however (Link to momo apk is dead #22 / Fix #22, 54d76a6), so at least we can link to that on XDA since we can't post TG links as file source...

    Momo is linked under 'Test':
    https://github.com/canyie/Riru-MomoHider#test

    👀 PW
    Sigh.. guess I'll secretly install Telegram just to download things. 🤷‍♂️🙄🥲
    5
    What do you'll think about this Xposed module?

    I can't find an app that doesn't work...momo still complains about broken tee.
    4.1.1 momo, 1.3.7 privacyspace, 0.5.0 shamiko and 1.8.3 lsposed
    Momo complains about broken TEE because of the way OnePlus implemented hardware key attestation. The same happens on my 8T.
    It's not something that can be fixed and it doesn't affect root detection or SafetyNet.
  • 114
    This is a discussion and help thread for the newer versions of Magisk.

    The main goal of this thread is to help users migrate to Magisk v24+
    • SafetyNet
      Basic integrity Pass
      CTS profile match Pass
    • Play Protect certification
      Device is certified

    Feel free to discuss or give links to other Magisk related issues.
    Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
    Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds. 🙃

    Please read John's State of Magisk (medium.com)

    Starting with the Magisk 23 (23010) canary builds.
    • MagiskHide is removed.
      MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
      Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
      You still have the option to Hide the Magisk app under setting.​
    • Magisk Module online Repo is removed.
      The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.​
    • Everything SafetyNet is removed.
      This includes the SafetyNet check that was incorporated into the Magisk app.​
    • Zygisk is introduced.
      Zygote + Magisk = Zygisk​
    • The Deny list replaces the Hide list.
      The Hide list (more or less) hid Magisk from the process on the list.
      The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.​

    Starting with the Magisk 23 (23017) canary builds.
    • Magisk supports update channels per module.
      Each module can include it's own update link.​
    • Hide Magisk offline.
      You do not need internet connection to rename (repackage) the Magisk app.​

    What does this mean?
    Not much.
    It is just the next step in Magisk's development.
    Zygisk is a big step forward. ;)

    Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share. :D

    Jump to Post


    This is post will be updated once Magisk v24 is released.
    61
    Magisk
    The Magic Mask for Android.

    Magisk Links:
    GitHub
    Release Notes

    Download Links:
    Stable and Beta releases.
    Canary
    • GitHub
      The notes.md file is the change log.
      The app-debug.apk is Magisk canary.
      Click on app-debug.apk and choose View Raw or click on the Download option.​

    Credits:
    topjohnwu
    All who contribute and support this project.
    55
    Modules

    MagiskHide Props Config
    This module allows you to add, change and adjust prop values systemlessly using Magisk.​

    MagiskHide Props Config Links:

    Download Links:

    Credits:
    Didgeridoohan
    All who contribute and support this project.


    Universal SafetyNet Fix
    It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
    This 'trick' has been implemented properly into quite a few custom roms.
    For custom roms that do not include it and/or stock roms, he turned it into a module.​

    Universal SafetyNet Fix Links:

    Download Links:

    Credits:
    kdrag0n
    All who contribute and support this project.
    51
    Apps

    Fox's Magisk Module Manager
    This app allows you to manage and install Magisk modules.
    Including from an online repo.​

    Fox's Magisk Module Manager Links:

    Download Links:

    Credits:
    Fox2Code
    All who contribute and support this project.


    YASNAC - Yet Another SafetyNet Attestation Checker
    YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.​

    YASNAC Links:

    Download Links:

    Credits:
    RikkaW
    All who contribute and support this project.
    43
    Force Basic Attestation

    Newer devices are designed to support hardware attestation.
    Currently there is no way to hide the sensitive device properties when checked using hardware attestation.​

    To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
    SafetyNet will then fall back to check using basic attestation.

    Note:
    This method will work for devices that support hardware attestation and devices that do not.
    • Enable Zygisk.
    • Install the USNF module.
    • Reboot

    To keep posts short, the instructions are hid by spoiler tags.
    If you have not installed Magisk.
    Follow the installation link in the Magisk post.​

    Download the Universal SafetyNet Fix module.
    Download link is in the Modules post.​

    1. Enable Zygisk
      • Open the Magisk app.
      • Go to Settings.
      • Scroll down to the Magisk section.
      • Toggle Zygisk on.
      • Go back to the Magisk Home screen.
    2. Go to Modules.
      • Select Install from storage.
      • Navigate to the Universal SafetyNet Fix module zip file and select it.
    3. Reboot.

    The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
    Depending on the device and system (ROM) configuration, you might need to adjust a few more.
    See the Adjust Prop values post.​