[Discussion] Magisk - The Age of Zygisk.

Search This thread

HippoMan

Senior Member
May 5, 2009
1,875
707
Hippoland
01010000011011110110111001101011011011000110010101110011
Code:
def what_is_it(thing):
    item = int(thing, 2)
    print(item.to_bytes((item.bit_length() + 7) // 8, 'big').decode())

what_is_it('01010000011011110110111001101011011011000110010101110011')

101010001100001011010110110010100100000011000010010000001101000011010010111000001110000011011110111000001101111011101000110000101101101011101010111001100100000011101000110111100100000011011000111010101101110011000110110100000100000011101000110111101100100011000010111100100101110


1001001001000000111011101101111011011100110010001100101011100100010000001101000011011110111011100100000011011000110111101101110011001110010000001110100011010000110100101110011001000000111000001101111011100110111010000100000011101110110100101101100011011000010000001101100011000010111001101110100001000000110001001100101011001100110111101110010011001010010000001101001011101000010000001100111011001010111010001110011001000000110110001101001011100010111010101101001011001000110000101110100011001010110010000101110
 
Last edited:
  • Like
  • Haha
Reactions: 73sydney and pndwal

GreekPilot

Senior Member
Jun 12, 2008
228
60
OnePlus 9 Pro
Anyone else with Magisk found from Momo 4.1.1 or am I the only one...
 

Attachments

  • Screenshot_2022-05-19-07-49-14-22_8ecd68a317969a903887707449183b6f.jpg
    Screenshot_2022-05-19-07-49-14-22_8ecd68a317969a903887707449183b6f.jpg
    432.6 KB · Views: 105

Wak Joko

Member
May 15, 2022
5
4
Be careful with enabling Momo in HMA

I never enabled Momo in HMA because (as the name says), Hide My Applist hides applications (like Magisk APP - not the Magisk itself), and as Momo says, Momo does not look for applications

Nevertheless I tested now by enabling Momo in HMA (Effective apps, Enable Hide):

1) enabling File detections or All hide methods does not help to hide TWRP folder.
Simply renaming TWRP folder to TWRP.bak works perfectly for me (without Momo in HMA)

2) Without Momo in HMA, my Momo v4.1.1 does not detect Zygisk.
When I configured Momo in HMA by using All Hide Methods (saved and rebooted) - Momo did complain that Zygisk was found !!!
Hence I disabled Momo in HMA, saved, rebooted and it was fine again - Momo did not find Zygisk.
I tested once again with Momo in HMA (Enable Hide, All hide methods), saved in HMA, rebooted and Momo again wrote Zygisk found

All together, I don't see a use/need for enabling Momo in HMA, Select Effective Apps - without, I have no problem with Zygisk found

And with Momo in HMA, All hide methods - then my Momo finds Zygisk?! (and it does not help to prevent finding TWRP folder)

Xiaomi 11 Lite 5G NE, A11
The ROM diffrences issues assumption could be.
in my case if i enabling the momo in HMA it could solved the "found zygisk"
permenently by configure the API req, intent queries & ID detection without tick the other 2 opt. Yes it does hide the TWRP from momo even i didnt touch the twrp folder. However, its doesnt simply solved the TWRP issue in Oprek. i was deleting/renamed the folder to TWRP.bak etc(temporary i guess) Coz after i reboot into TWRP it recreating the folder again. the Oprek giving me a nightmare. The last solution i had is not using the TWRP.
 

zgfg

Senior Member
Oct 10, 2016
7,403
4,794
The ROM diffrences issues assumption could be.
in my case if i enabling the momo in HMA it could solved the "found zygisk"
permenently by configure the API req, intent queries & ID detection without tick the other 2 opt. Yes it does hide the TWRP from momo even i didnt touch the twrp folder. However, its doesnt simply solved the TWRP issue in Oprek. i was deleting/renamed the folder to TWRP.bak etc(temporary i guess) Coz after i reboot into TWRP it recreating the folder again. the Oprek giving me a nightmare. The last solution i had is not using the TWRP.
Did you simply try:
- Momo ticked in DenyList
- DenyList not enforced
- Shamiko installed

And Momo not enabled in HMA

After the changes you must reboot

That should be the 'normal' way to hide Zygisk
 
  • Like
Reactions: ipdev

BillGoss

Senior Member
Sep 2, 2010
5,239
4,617
Sydney
OnePlus 8T
What do you'll think about this Xposed module?

I can't find an app that doesn't work...momo still complains about broken tee.
4.1.1 momo, 1.3.7 privacyspace, 0.5.0 shamiko and 1.8.3 lsposed
Momo complains about broken TEE because of the way OnePlus implemented hardware key attestation. The same happens on my 8T.
It's not something that can be fixed and it doesn't affect root detection or SafetyNet.
 

Wak Joko

Member
May 15, 2022
5
4
Did you simply try:
- Momo ticked in DenyList
- DenyList not enforced
- Shamiko installed

And Momo not enabled in HMA

After the changes you must reboot

That should be the 'normal' way to hide Zygisk
like i said i can manage the hiding the "found zygisk' detection. And all my detectors are green except "boot loader unlock" in momo.

As u mentioning "momo not enebled in HMA" causing the zygisk not triggered in momo that is doubt to me. Bcoz i enabled it in EFFECTIVE APP list to hide the zygisk. coz thats the way it work by it name HMA (magisk is still app and zygisk is part if it). I already did the test flash the magisk zip without installing the manager and momo was fine. without the manager u couldnt active the zygisk.
 

zgfg

Senior Member
Oct 10, 2016
7,403
4,794
like i said i can manage the hiding the "found zygisk' detection. And all my detectors are green except "boot loader unlock" in momo.

As u mentioning "momo not enebled in HMA" causing the zygisk not triggered in momo that is doubt to me. Bcoz i enabled it in EFFECTIVE APP list to hide the zygisk. coz thats the way it work by it name HMA (magisk is still app and zygisk is part if it). I already did the test flash the magisk zip without installing the manager and momo was fine. without the manager u couldnt active the zygisk.
I was simply asking can you hide Zygisk by the way I described (without using HMA)

But anyway, who cares. You are free to use your method and you don't need to test (I'm also no more interested) 😃
 
Last edited:

Wak Joko

Member
May 15, 2022
5
4
I was simply asking can you hide Zygisk by the way I described (without using HMA)

But anyway, who cares. You are free to use your method and you don't need to test (I'm also no more interested) 😃
Its ok.. not offended.. maybe we both methods can be useful to other here.

So here's the methods comply for hiding from MOMO (as i done) could be suit u too:
First thing come first if u manage to do it well, every thing is going good.

1. In magisk:
install the ur nescessary modules: USNF, busybox, shamiko, lsposed, InitrcHider, HPC & etc..
Activate the ZYGISK core, ignore the ENFORCE DENYLIST (coz u had shamiko installed) & tick in denylist apps such as Banks apps, google apps, games & anything kind sort
of app that can be triggered by detector especially like MOMO/MAGISK DETECTOR/APPLIST DETECTOR/ROOTBEER SAMPLE. BUT DO NOT denylist the LSPOSED & ur hacking tool(if u had) coz u need it functionally with magisk. Then hide the magisk by renamed it to something else. If u do properly untill this steps, then u are done with magisk, nothing else u can do.

2.IN LSPOSED
Use the parasitic manager option for avoiding the detection(incase any detector's apps could
detect lsposed manager apk) in my case i didnt use the shortcut coz HMA can manage hiding as well. Active ur lsposed modules especially HMA (recomended only system framework)

3. IN HMA
install the MAGISK EXTENTION (make sure the extention active in magisk module too - require reboot). Then go to MANANAGE TEMPLATES. Here's how most of people confius the function of the templates. DO NOT add the apps that u use for daily basis like bank, GApps, games, app detectors coz its wont work. Its a vise versa!. Add only MAGISK, LSPOSED(included all LSPOSED MODULES) & ur hush-hush tools :)
If u wish using YTvanced preferred add the youtube app to list if u are annoying the update
from google play store later. dont forget to click save every steps u done in templates section.
Then in SELECT EFFECTIVE APPS. Choose the apps to hiding templates from eg. Google apps, root detectors, Bankapps. Tick the option ENABLE HIDE, ENABLE ALL HIDE METHODS & apply the templates u managed it before. Click save in every step & done.

4. Now for MOMO i configure seperately.
Tick ENABLE HIDE, tap the "SELECT HIDE METHODS" & tick only
API REQUEST/ INTENT QUERIES/ ID DETECTION.
Apply for the TEMPLATES.
Adding the MAPS RULES: lsposed/org.lasposed.manager/magisk & save & done!
reboot device & test ur detectors

If u got red flag from momo:
ART Parameters bla.. bla.. mean u got custom ROM or android 9 by using magisk riru module. The workaround is go to
/data/adb/modules/zygisk_lsposed in root directory. Open (text file) system.prop and put # at the beginning line Save,
reboot (mention by someone in this thread i forgot already)

"Found file modified by magisk module" detection: u could miss the step mentioned above.

Custom recovery/ twrp detection: follow the step mention by @zgfg could be handyful. :)

P/S: Detector that used:
YASNAC
ROOTBEER SAMPLE
SAFETYNET TEST
APPLIST DETECTOR
MAGISK DETECTOR
MOMO
OPREK DETECTOR
 

pndwal

Senior Member
Some good tips. 👍

Just re init.rc detection -
1. In magisk:
install the ur nescessary modules:
...
InitrcHider
This used Canyie's old method from Momohider. She has integrated this in Shamiko now, so this module is not needed with late Shamiko....
P/S: Detector that used:
...
MAGISK DETECTOR
This has been archived for 1½ years (deprecated in favour of Momo), and init.rc detection is broken; - false detection even with Magisk not installed!

👀 PW
 
  • Like
Reactions: paarkhi and ipdev

Stillhard

Senior Member
Sep 25, 2016
127
106
Some good tips. 👍

Just re init.rc detection -

This used Canyie's old method from Momohider. She has integrated this in Shamiko now, so this module is not needed with late Shamiko....

This has been archived for 1½ years (deprecated in favour of Momo), and init.rc detection is broken; - false detection even with Magisk not installed!

👀 PW
Why the spoil? let an old man enjoy his old timer :LOL:
 
  • Haha
Reactions: pndwal

m0han

Senior Member
Apr 30, 2012
4,921
1,995
....I don't see a use/need for enabling Momo in HMA, Select Effective Apps - without, I have no problem with Zygisk found

And with Momo in HMA, All hide methods - then my Momo finds Zygisk?! (and it does not help to prevent finding TWRP folder)...
tried what's suggested here. all that happened for me was momo 4.1.1 (112) did not find 'xposed framework'. and, although i have no folder/file with 'twrp' anywhere in the name, oprek detector still finds 'custom recovery files'. it's all a little disconcerting. would it be something with the device/rom i'm using? i don't plan to change the combo soon, though.
 

Attachments

  • Detector Comparison.png
    Detector Comparison.png
    414.6 KB · Views: 114
  • Momo Comparison.png
    Momo Comparison.png
    373.4 KB · Views: 119
Last edited:
A sidenote I don't think is mentioned here:
If you guys additionally use Sui, make sure to mark Momo as hidden from the Sui app as well. Fixed the "found zygisk" problem in momo for me.

My config: OP5 PE12 with Zygisk, Zygisk - Sui, USNF, Shamiko, LSPosed, HMA, momo 4.1.1
 
tried what's suggested here. all that happened for me was momo 4.1.1 (112) did not find 'xposed framework'. and, although i have no folder/file with 'twrp' anywhere in the name, oprek detector still finds 'custom recovery files'. it's all a little disconcerting. would it be something with the device/rom i'm using? i don't plan to change the combo soon, though.
To fix "Custom recovery files" in Oprek Detector. Just delete or rename /data/media/TWRP.

To be honest, I don't think it matters cos actual banking apps wouldn't care to check like oprek. Please correct me if I'm wrong.
 
  • Like
Reactions: m0han

m0han

Senior Member
Apr 30, 2012
4,921
1,995
...delete or rename /data/media/TWRP....banking apps wouldn't care to check like oprek...
thanks. does the job. i think you're right about banking apps. (i use gpay once in a while.)
don't know what is happening. momo finds 'xposed framework' again, but not magisk. :D
 

Attachments

  • Screenshot_20220521-082010_Oprek Detector.png
    Screenshot_20220521-082010_Oprek Detector.png
    163.2 KB · Views: 47
  • Screenshot_20220521-082319_Momo.png
    Screenshot_20220521-082319_Momo.png
    197.5 KB · Views: 46

Top Liked Posts

  • 2
    Okay... Anyway to check what the app use to detect root? Sound dumb thou but I still will like to ask 🤔
    Just tried... What should I do after this?:
    IMG_20220706_232325.jpg

    😝 PW
    2
    All and everything green on my side (with TJW Canary)...
    ... Tried with Magisk app disabled -> not detected; with Magisk app enabled -> random package name shown...
    All green now on Magisk Delta Canary c403c77 (25101). Magisk app not disabled » random package name not shown. (I'd forgotten to hide Magisk app from TB Checker.)
    2
    I don't hide Magisk app and I don't disable it. I use Hide My Apps to hide Magisk app from eg this TB Checker (and all banking apps and similar)

    And it passes

    As posted above, Hide My apps also successfully hides my four installed LSPosed modules (incl. the HMA itself) from TB Checker - and everything is green
    Yep, understood. HMA is a good method to hide Magisk app. I don't use it because I don't need the other LSPosed modules, so I simply disable the app when not in use.
    1
    😀 Is your device rooted?
    Since new! 😜
    If yes
    Do you see a splash screen
    With warning message "Root detected"?
    Nope...
    If No
    Please I'd like to know how you got it to work without detecting root. Thanks
    App cloner 2.14.7 (1 July 2022)
    Xiaomi Redmi Note 8T, stock MIUI, Android 10.
    Magisk 25101, Zygisk, USNF, Shamiko.
    App in denylist

    IMG_20220706_234837.jpg

    CTS profile match (SafetyNet) pass.
    Play Protect Device is certified.

    This one was easy...
    👍 PW
  • 15
    @ipdev can you add https://github.com/mywalkb/DenylistUnmount to this post, as an open source alternative to Shamiko? Many users are posting positive results with this module.
    I bookmarked it the other day when I ran across the link in a different thread. 🙃
    I added Denylist Unmount to Points of Interest.

    Unfortunately my time has been short lately. 🙁
    Life and sidetracked by other projects.

    I have been meaning to update Post #9 for awhile now.
    Post #9 was to be a catch all post for additional links recommended in the threads.
    I have been trying to figure a good way to format/layout and categorize it.​

    This is my current WIP.
    Still needs to be formatted better. The secondary title needs to be reworded. Add/reword descriptions.
    Other cleanup and format/layout.

    Points of Interest.
    Apps, Links, Modules, Posts and Threads.
    Additional links recommended by the xda family.

    Apps

    Hide My Applist
    Hide apps or reject app list requests.
    Requires Xposed.​
    Download Links:
    GitHub | PlayStore

    Oprek Root Detector
    Check Devices Health​
    Download Links:
    PlayStore

    Magisk Modules

    Denylist Unmount
    Unmount the denylist processes​
    Download Links:
    GitHub

    LSPosed
    Systemless Xposed framework.
    Zygisk releases are now included.
    Releases
    Download Links:
    GitHub

    Shamiko
    Add description​
    Download Links:
    GitHub

    xda Posts

    xda Threads

    Other


    Note(s)
    • Xposed is a framework for modules that can change the behavior of the system and apps without touching any APKs.

    Cheers. :cowboy:
    9
    Anyone here have issue with latest version of Shamiko and some banking apps?
    My Starling app keeps closing itself when I have enabled Shamiko but if I disable it and revert to enforce denylist the app works fine but one of my other apps does not work without shamiko!
    Try using my build, turn off zygisk (optional) and enable MagiskHide.

    About Zygisk: Zygisk is still not perfect for hiding and zygisk leave very obvious traces for some apps such as Livin by Madiri (only work without zygisk). The problem is not "root is not hidden" but "Zygisk is not hidden". Riru has RiruHide to hide itself from scanning /proc/<pid/maps but Zygisk doesn't have hiding method and DenyList doesn't hide zygisk. If you are using LSPosed, recommended to use Riru for now.


    If you apps are still detecting root, try install Riru - MomoHider: https://github.com/HuskyDG/Riru-Momohider/releases/tag/0.0.8-all-configs
    8
    Points of Interest.

    LSPosed
    Zygisk releases are now included.
    Download Links:

    Shamiko
    Download Links:
    @ipdev can you add https://github.com/mywalkb/DenylistUnmount to this post, as an open source alternative to Shamiko? Many users are posting positive results with this module.
    8
    a new safetynet update has been released https://github.com/kdrag0n/safetynet-fix/releases
    thanks to kdrag0n and osm0sis and benjibobs
    5
    How Momo detect some traces:
  • 117
    This is a discussion and help thread for the newer versions of Magisk.

    The main goal of this thread is to help users migrate to Magisk v24+
    • SafetyNet
      Basic integrity Pass
      CTS profile match Pass
    • Play Protect certification
      Device is certified

    Feel free to discuss or give links to other Magisk related issues.
    Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
    Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds. 🙃

    Please read John's State of Magisk (medium.com)

    Starting with the Magisk 23 (23010) canary builds.
    • MagiskHide is removed.
      MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
      Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
      You still have the option to Hide the Magisk app under setting.​
    • Magisk Module online Repo is removed.
      The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.​
    • Everything SafetyNet is removed.
      This includes the SafetyNet check that was incorporated into the Magisk app.​
    • Zygisk is introduced.
      Zygote + Magisk = Zygisk​
    • The Deny list replaces the Hide list.
      The Hide list (more or less) hid Magisk from the process on the list.
      The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.​

    Starting with the Magisk 23 (23017) canary builds.
    • Magisk supports update channels per module.
      Each module can include it's own update link.​
    • Hide Magisk offline.
      You do not need internet connection to rename (repackage) the Magisk app.​

    What does this mean?
    Not much.
    It is just the next step in Magisk's development.
    Zygisk is a big step forward. ;)

    Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share. :D

    Jump to Post


    This is post will be updated once Magisk v24 is released.
    62
    Magisk
    The Magic Mask for Android.

    Magisk Links:
    GitHub
    Release Notes

    Download Links:
    Stable and Beta releases.
    Canary
    • GitHub
      The notes.md file is the change log.
      The app-debug.apk is Magisk canary.
      Click on app-debug.apk and choose View Raw or click on the Download option.​

    Credits:
    topjohnwu
    All who contribute and support this project.
    57
    Modules

    MagiskHide Props Config
    This module allows you to add, change and adjust prop values systemlessly using Magisk.​

    MagiskHide Props Config Links:

    Download Links:

    Credits:
    Didgeridoohan
    All who contribute and support this project.


    Universal SafetyNet Fix
    It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
    This 'trick' has been implemented properly into quite a few custom roms.
    For custom roms that do not include it and/or stock roms, he turned it into a module.​

    Universal SafetyNet Fix Links:

    Download Links:

    Credits:
    kdrag0n
    All who contribute and support this project.
    52
    Apps

    Fox's Magisk Module Manager
    This app allows you to manage and install Magisk modules.
    Including from an online repo.​

    Fox's Magisk Module Manager Links:

    Download Links:

    Credits:
    Fox2Code
    All who contribute and support this project.


    YASNAC - Yet Another SafetyNet Attestation Checker
    YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.​

    YASNAC Links:

    Download Links:

    Credits:
    RikkaW
    All who contribute and support this project.
    43
    Force Basic Attestation

    Newer devices are designed to support hardware attestation.
    Currently there is no way to hide the sensitive device properties when checked using hardware attestation.​

    To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
    SafetyNet will then fall back to check using basic attestation.

    Note:
    This method will work for devices that support hardware attestation and devices that do not.
    • Enable Zygisk.
    • Install the USNF module.
    • Reboot

    To keep posts short, the instructions are hid by spoiler tags.
    If you have not installed Magisk.
    Follow the installation link in the Magisk post.​

    Download the Universal SafetyNet Fix module.
    Download link is in the Modules post.​

    1. Enable Zygisk
      • Open the Magisk app.
      • Go to Settings.
      • Scroll down to the Magisk section.
      • Toggle Zygisk on.
      • Go back to the Magisk Home screen.
    2. Go to Modules.
      • Select Install from storage.
      • Navigate to the Universal SafetyNet Fix module zip file and select it.
    3. Reboot.

    The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
    Depending on the device and system (ROM) configuration, you might need to adjust a few more.
    See the Adjust Prop values post.​