[Discussion] Magisk - The Age of Zygisk.

Search This thread

shadowstep

Senior Moderator
Staff member
Jun 6, 2014
6,198
14,558
31
Ambala Cantt
OnePlus 9R
You can check with all list bankings i left in previous comment.

Video 1, zygisk+shamiko, imobile detect rooted
Video 2, magiskhide, imobile not detect rooted
HMA is also needed for iMobile. As I said on TG, MagiskHide is still relevant, and it's great to have Magisk Delta (thanks for that!) as an alternative that has MagiskHide, but iMobile works with Zygisk + Shamiko + HMA. Some apps don't, but this one does. :)
 

svendsvin

Senior Member
Oct 21, 2013
238
51
Lost in space
Xiaomi Redmi Note 7
I updated to Magisk stable v. 25.1 about a week ago the recommended way. Everything went smooth. Then a couple of days ago my banking app detected root. Momo (4.3.1) tells me that the environment is broken, but I pass Safetynet (both), Applist Detector finds nothing, Rootbeer shows everything is ok and my phone shows as certified in Play Store settings.

I’m on MIUI 12.5.1 stock rom. Modules USNF 2.2.1 and Shamiko 0.4.4 (v. 0.50 crashes my banking app). I don’t use LSPosed. Magisk app is hidden.

The only change I made is updating HuskyDG’s module Magisk Bootloop Protector to v. 1.8. I removed the module, but still root is detected.

I have then returned to Magisk 24.3 with an OrangeFox Recovery backup. Everything is fine. My banking app does not detect root. Momo only finds Zygisk. I have tried several times to update to Magisk 25.1 again but every time my banking app detects root and Momo tells me the environment is broken.

Can someone tell what to do next, please? Why can’t I suddenly install Magisk 25.1 without my banking app detecting root?
 

m0han

Senior Member
Apr 30, 2012
4,994
2,046
...Momo (4.3.1) tells me that the environment is broken, but I pass Safetynet (both), Applist Detector finds nothing, Rootbeer shows everything is ok and my phone shows as certified in Play Store settings.

I’m on MIUI 12.5.1 stock rom. Modules USNF 2.2.1 and Shamiko 0.4.4 (v. 0.50 crashes my banking app). I don’t use LSPosed. Magisk app is hidden....
Just an FYI: I’m on crDroid v8.6 A12.1 rom. I have modules USNF 2.2.1, Shamiko v0.50, DenyList Unmount v0.2, LSPosed Zygisk v1.8.3 (6552). Magisk Delta app is hidden.

Momo v4.3.1 reports that the environment is abnormal (see screenshot - init.rc is modified is new for me; Magisk Detector has been saying 'unexpected' for long), but I pass SafetyNet, Applist Detector reports 'All Clear', Rootbeer shows 'Not Rooted' and my phone shows as 'Certified' in Play Store settings. GPay worked when I last checked.
 

Attachments

  • Screenshot_20220627_112634.jpg
    Screenshot_20220627_112634.jpg
    134.9 KB · Views: 111
  • Like
Reactions: svendsvin

svendsvin

Senior Member
Oct 21, 2013
238
51
Lost in space
Xiaomi Redmi Note 7
Just an FYI: I’m on crDroid v8.6 A12.1 rom. I have modules USNF 2.2.1, Shamiko v0.50, DenyList Unmount v0.2, LSPosed Zygisk v1.8.3 (6552). Magisk Delta app is hidden.

Momo v4.3.1 reports that the environment is abnormal (see screenshot - init.rc is modified is new for me; Magisk Detector has been saying 'unexpected' for long), but I pass SafetyNet, Applist Detector reports 'All Clear', Rootbeer shows 'Not Rooted' and my phone shows as 'Certified' in Play Store settings. GPay worked when I last checked.
OK. I don't rely that much on Momo but when my banking apps detect root I listen to her :)
 

Attachments

  • 1656312374052.jpg
    1656312374052.jpg
    412.5 KB · Views: 74

dohanin

Senior Member
Mar 26, 2011
225
126
Sony Xperia X Compact
Xiaomi Mi Pad 4
:( can u help me fix it
Hi, I don't use iMobile Pay, but I just tried this app on my phone (A12, Magisk Stable 25.1, USNF, Shamiko) and it detects root if I don't disable the Magisk App (even if it's repackaged to another name). But disabling the Magisk App, the iMobile App works fine. It's pretty much the same as HSBC App that has been discussed before.
 

silentuser143

New member
Jun 27, 2022
2
0
@martyfender @m0han Switched from Alpha to Delta. 😉 Works perfectly fine so far. The steps are as usual:
- Unhide if hidden (restore the hidden app)
- Install delta apk
- Grant delta apk root from original Magisk / Alpha
- Flash Magisk through Delta using Delta's direct install
- Reboot
- Uninstall original Magisk / Alpha
Hello Sir,

I tried this method and now my mobile boots into TWRP, not in system. PLEASE HELP

After uninstalling original magisk from magisk.apk, mobile rebooted automatically and goes in TWRP :(

Tagging @huskydg sir
 

dr4go

Senior Member
Dec 17, 2010
453
374
Vienna
Hello Sir,

I tried this method and now my mobile boots into TWRP, not in system. PLEASE HELP

After uninstalling original magisk from magisk.apk, mobile rebooted automatically and goes in TWRP :(

Tagging @huskydg sir
As usual so much information. Ah, you're using this phone and using those options. And you're trying to install that version of Magisk...

Sorry for being sarcastic, but if I'm already considering not to root my phone anymore, I really can't understand people rooting and modifying their phones without having any idea what they're doing.
 

zubies

New member
Apr 7, 2020
4
0
What hide methods do you have selected in HMA? You didn't cover that in your screen recording. Also, there's no need to repackage the Magisk app. HMA is being utilized to prevent iMobile from finding the Magisk app.
here it is. i did exactly
 

Attachments

  • WhatsApp Video 2022-06-27 at 5.19.18 PM.mp4
    55.7 MB · Views: 0

huskydg

Senior Member
Feb 17, 2021
202
207
Hello Sir,

I tried this method and now my mobile boots into TWRP, not in system. PLEASE HELP

After uninstalling original magisk from magisk.apk, mobile rebooted automatically and goes in TWRP :(

Tagging @huskydg sir
You only need to uninstall original Magisk App after switching to any custom Magisk (alpha, cygisk, delta,...) not Fully uninstall Magisk from the app (completely removing Magisk from boot image and system)
 
Last edited:
  • Like
Reactions: dr4go

huskydg

Senior Member
Feb 17, 2021
202
207
here it is. i did exactly
As he said you didn't use Hide Magisk app option.
In additional, if you try everything (Hide Magisk App, Hide my applist, zygisk+shamiko, ...) but it doesn't work, you can try to switch to magisk delta, turn off zygisk and use only MagiskHide or downgrade to Magisk v23 official to use MagiskHide which is still guaranteed to work for almost banking apps. If you are using magisk delta, you don't need to use Hide Magisk App option because delta already came with custom package name.
zygisk itself is the problem at hiding and leaves obvious traces.
 
Last edited:
  • Like
Reactions: shoey63

pndwal

Senior Member
:( can u help me fix it
What hide methods do you have selected in HMA? You didn't cover that in your screen recording. Also, there's no need to repackage the Magisk app. HMA is being utilized to prevent iMobile from finding the Magisk app.
FWIW

This may not be applicable here at all, but it's worth noting that for some apps, incl. Sparkasse PushTAN, neither one method is enough; Magisk's Hide the Magisk app as well as HMA hiding (using the three 'safe' methods, or just Intent queries) must be employed to successfully thwart their (Promon) protection engine.

This not only looks for known app names and signatures, but uses simple pattern matching on installed apps. Magisk's Hide the app will patch the package name in AndroidManifest.xml, repack it and sign it with a random signature for obfuscation, but the classes.dex with code remains and can be / is used to identify even the stub app.

Further, at least for S PushTAN, since a recent release mileage seems to vary per device... The above method was working across the board for some time, but it seems that no Xiaomi device users now have success (with latest releases) while OnePlus and other device users can still use this method...

The above distills the basics from this (very long) issue:
https://github.com/topjohnwu/Magisk/issues/1084

👀 PW
 

pndwal

Senior Member
Some very interesting news re. apps that use the QUERY_ALL_PACKAGES permission (S PushTAN & many others) FINALLY being pulled into line by Google (from former XDA Editor in chief):
Mishaal Rahman, Apr 6
...
Apps that declare the QUERY_ALL_PACKAGES permission but haven't filled out the relevant permission declaration may be removed from Google Play starting June 1, 2022.
www.twitter.com/MishaalRahman/status/1511452117214679053

Reasons / excuses for the delay:
https://www.xda-developers.com/google-play-store-query-all-packages-rule/

What it means in practice:
My guess is that it will depend a lot on Google... Here's hoping... 🙃 PW
 
Last edited:

zubies

New member
Apr 7, 2020
4
0
As he said you didn't use Hide Magisk app option.
In additional, if you try everything (Hide Magisk App, Hide my applist, zygisk+shamiko, ...) but it doesn't work, you can try to switch to magisk delta, turn off zygisk and use only MagiskHide or downgrade to Magisk v23 official to use MagiskHide which is still guaranteed to work for almost banking apps. If you are using magisk delta, you don't need to use Hide Magisk App option because delta already came with custom package name.
zygisk itself is the problem at hiding and leaves obvious traces.
no luck still
 

Top Liked Posts

  • 1
    Hello friends .
    I have a Redmi 9 (Global) Codename : Lancelot
    Installed magisk via custom recovery (twrp and shrp) and root is sucess , but zygisk doesnt work , when I enable it in settings and reboot , in magisk zygisk : no . I used official MIUI 11.0.4. 11.0.7 11.0.9 12.0.1 12.0.4 Android 10 and zygisk still no success , although it worked on Lineage 18.1 Android 11 and Pixel Experience 12.1 Plus but I want to use MIUI and I want it to be MIUI android 10 to be exact because of some complexity of android 11 in Xiaomi devices I avoid android 11 . now back to MIUI 12.5.6 Android 11 to see if works at all or not , then I'm gonna try EEA or Europe MIUI Roms But before that I'm here to see if others have the same problem with their Xiaomi ? If yes , any fixes yet ?

    Edit : Fixed by flashing latest Global MIUI Rom ,for almost a week I was looking for a way around Redmi 9 android 10 zygisk but was not successful . Switch to android 11 and it will work like a charm but I lost TWRP decryption in Android 11 my internal storage is encrypted while in TWRP . Didnt try EEA roms .
    It's of-topic (TWRP and encryption) but:

    - Generally, when switching ROMs, it's required to Format Data.
    Don't know what exactly you did but you can try that

    - Sometimes it may also help to experiment by switching between pin, pattern and no Android unlock screen setting

    - Make sure you use the latest TWRP

    - TWRP.me does not support A12 encryption yet. However, there are SKKK TWRP versions (for various Xiaomi models) that do support (beta development stage):
  • 6
    Latest Official TJW Canary (release) & Debug (debug) Magisk builds:

    Magisk (f42c089b) (25102)​

    • [MagiskInit] Fix a potential issue when stub cpio is used
    • [MagiskInit] Fix reboot to recovery when stub cpio is used
    • [General] Better data encryption detection
    • [General] Move the whole logging infrastructure into Rust

    Diffs to v25.1​

    • [MagiskInit] Fix a potential issue when stub cpio is used
    • [MagiskInit] Fix reboot to recovery when stub cpio is used
    • [General] Better data encryption detection
    • [General] Move the whole logging infrastructure into Rust
    https://github.com/topjohnwu/magisk-files/blob/8fce25209918072f18b5bb056c43f596f771324d/notes.md

    👍 PW
    5
    Is it possible to find out what an app detects? I have Shamiko 0.5.1 installed and somehow a banking app still detects root. This is the app: https://play.google.com/store/apps/details?id=ro.raiffeisen.eToken&hl=ro&gl=US
    I just tried it on my phone (stock rom, Magisk 24.3, Shamiko 0.5.0, USNF).
    Without doing anything, it detects root.
    Adding it to denylist, still detects root.
    Freezing the Magisk app, goes through!
    5
    I just tried it on my phone (stock rom, Magisk 24.3, Shamiko 0.5.0, USNF).
    Without doing anything, it detects root.
    Adding it to denylist, still detects root.
    Freezing the Magisk app, goes through!
    It's now been reported a number of times that freezing the Magisk app helps thwart root detection in many cases.

    So ... I now believe that what we need to do is not talk about that publicly too much, so that the banking-and-other-kinds-of-app developers who might check these forums don't catch on to the fact the Magisk app itself doesn't actually provide any run-time Magisk functionality.

    This way, those developers will keep thinking that checking for the existence of a non-frozen Magisk app itself is sufficient.

    Given the intelligence level of some of the banking people who lamely think that it's important to block root access under Android in order to "protect" their provided banking functionality, this ruse might actually be quite effective in many cases.

    After all, anyone who accesses a bank via their desktop computer is doing so on a rooted machine, and those idiotic banking software designers don't even care about "protecting" us against that. And those same banks issue us debit cards that we carry in our stealable wallets, and they don't prohibit us from using those debit cards, either. They go crazy only over trying to protect people against rooted Android devices, which are no more insecure than desktop computers and wallet-borne debit cards.
    5
    How should I hide apps?
    ... its just an addon script that (attempts, as best possible) to hide whatevers in the Deny List
    Just to avoid confusion/ be clear, Shamiko does not hide apps (in denylist or otherwise)...

    It's akin to old MagiskHide, and hides traces of root from apps in the list...
    ### Introduction
    Shamiko is a Zygisk module to hide Magisk root, Zygisk itself and Zygisk modules like riru hide.

    Shamiko read the denylist from Magisk for simplicity but it requires denylist enforcement to be disabled first.
    @appleman_wp
    If you wish to hide apps detected by banks etc, try the Hide My Applist LSPosed module...
    I don't think Shamiko has a "Settings". I think you use the Magisk Manager app's deny list. If you do not "Enforce Deny List" in Magisk, then Shamiko will use Magisk's Deny List to tell it what to hide [traces of root] from.
    (Edits mine.)

    Generally Shamiko is used without settings / extra configuration.
    ### Usage
    1. Install Shamiko and enable Zygisk and reboot
    1. Configure denylist to add processes for hiding
    1. *DO NOT* turn on denylist enforcement

    However it can actually be reconfigured (by those game / mavericks 😛) for whitelist mode usage. Note caveats:
    #### Whitelist
    - You can create an empty file `/data/adb/shamiko/whitelist` to turn on whitelist mode and it can be triggered without reboot
    - Whitelist has significant performance and memory consumption issue, please use it only for testing
    - Only apps that was previously granted root from Magisk can access root
    - If you need to grant a new app root access, disable whitelist first

    ... ts theoretically possible to... bootloop your device... At which point myself and the other senior members will pass around the chalice of your tears and drink heartily from it...
    Sadist! 😜 PW
    4
    Interesting. I'll check it out. In addition to creating root, I assumed that Magisk needed to be resident in at least some way to do its ongoing work related to app compatibility, but if it's frozen that's apparently not the case. If the only time that it needs to be unfrozen is when you need to change a setting/update a module etc., then that sounds like a good way to go.
    "Magisk" *does* need to be "resident". You have been advised to freeze "the Magisk Manager app".

    You can see if freezing could possibly help by uninstalling the Magisk app -- not Magisk, the Magisk app. If that solves your detection problem, you might find the freezing more convenient than repeatedly uninstalling/reinstalling.
  • 120
    This is a discussion and help thread for the newer versions of Magisk.

    The main goal of this thread is to help users migrate to Magisk v24+
    • SafetyNet
      Basic integrity Pass
      CTS profile match Pass
    • Play Protect certification
      Device is certified

    Feel free to discuss or give links to other Magisk related issues.
    Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
    Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds. 🙃

    Please read John's State of Magisk (medium.com)

    Starting with the Magisk 23 (23010) canary builds.
    • MagiskHide is removed.
      MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
      Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
      You still have the option to Hide the Magisk app under setting.​
    • Magisk Module online Repo is removed.
      The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.​
    • Everything SafetyNet is removed.
      This includes the SafetyNet check that was incorporated into the Magisk app.​
    • Zygisk is introduced.
      Zygote + Magisk = Zygisk​
    • The Deny list replaces the Hide list.
      The Hide list (more or less) hid Magisk from the process on the list.
      The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.​

    Starting with the Magisk 23 (23017) canary builds.
    • Magisk supports update channels per module.
      Each module can include it's own update link.​
    • Hide Magisk offline.
      You do not need internet connection to rename (repackage) the Magisk app.​

    What does this mean?
    Not much.
    It is just the next step in Magisk's development.
    Zygisk is a big step forward. ;)

    Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share. :D

    Jump to Post


    This is post will be updated once Magisk v24 is released.
    63
    Magisk
    The Magic Mask for Android.

    Magisk Links:
    GitHub
    Release Notes

    Download Links:
    Stable and Beta releases.
    Canary
    • GitHub
      The notes.md file is the change log.
      The app-debug.apk is Magisk canary.
      Click on app-debug.apk and choose View Raw or click on the Download option.​

    Credits:
    topjohnwu
    All who contribute and support this project.
    57
    Modules

    MagiskHide Props Config
    This module allows you to add, change and adjust prop values systemlessly using Magisk.​

    MagiskHide Props Config Links:

    Download Links:

    Credits:
    Didgeridoohan
    All who contribute and support this project.


    Universal SafetyNet Fix
    It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
    This 'trick' has been implemented properly into quite a few custom roms.
    For custom roms that do not include it and/or stock roms, he turned it into a module.​

    Universal SafetyNet Fix Links:

    Download Links:

    Credits:
    kdrag0n
    All who contribute and support this project.
    53
    Apps

    Fox's Magisk Module Manager
    This app allows you to manage and install Magisk modules.
    Including from an online repo.​

    Fox's Magisk Module Manager Links:

    Download Links:

    Credits:
    Fox2Code
    All who contribute and support this project.

    Play Intergrity API Checker
    This app shows info about your device integrity as reported by Google Play Services.
    If any of this fails could mean your device is rooted or tampered in a way (for example you have an unlocked bootloader).​

    Development:

    Download Links:

    Credits:
    1nikolas
    All who contribute and support this project.

    YASNAC - Yet Another SafetyNet Attestation Checker
    YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.​

    YASNAC Links:

    Download Links:

    Credits:
    RikkaW
    All who contribute and support this project.
    43
    Force Basic Attestation

    Newer devices are designed to support hardware attestation.
    Currently there is no way to hide the sensitive device properties when checked using hardware attestation.​

    To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
    SafetyNet will then fall back to check using basic attestation.

    Note:
    This method will work for devices that support hardware attestation and devices that do not.
    • Enable Zygisk.
    • Install the USNF module.
    • Reboot

    To keep posts short, the instructions are hid by spoiler tags.
    If you have not installed Magisk.
    Follow the installation link in the Magisk post.​

    Download the Universal SafetyNet Fix module.
    Download link is in the Modules post.​

    1. Enable Zygisk
      • Open the Magisk app.
      • Go to Settings.
      • Scroll down to the Magisk section.
      • Toggle Zygisk on.
      • Go back to the Magisk Home screen.
    2. Go to Modules.
      • Select Install from storage.
      • Navigate to the Universal SafetyNet Fix module zip file and select it.
    3. Reboot.

    The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
    Depending on the device and system (ROM) configuration, you might need to adjust a few more.
    See the Adjust Prop values post.​