[Discussion] Magisk - The Age of Zygisk.

Search This thread

zgfg

Senior Member
Oct 10, 2016
7,811
5,223
For the record:

Just switched from Momo 4.2.0 to 4.3.1 and Momo now additionally reports Found Zygisk - on both my two phones

I did not change Magisk (I was and I'm still on Canary 25101), I had and still have DenyList Unmount (not Shamiko) and Momo was/is enabled in DenyList (DenyList is not Enforced)

Moreover, on one of my phones Momo 3.2.1 now also additionally repots Found executable file "su " (I don't recall I have seen that ever before)

PS: Tried with Shamiko instead of DenyList Unmount, Momo 4.3.1 still detects Found Zygisk and on my Xiaomi 11 Lite 5G NE (A11) also Found executable "su"
 
Last edited:

J.Michael

Recognized Contributor
Jan 20, 2018
1,317
1,251
Samsung Galaxy Tab A series
Thanks. Don't really understand your answer so what causes this "refactoring" of magiskinit? Is it Magisk Bootloop Protector? What puzzles me is that Magisk 25.1 was working flawless for 3-4 days.
"Refactor" is a (relatively new, to me) word for "rearrange the pieces of a system". I think one Magisk release was advertised as being the result of restructuring the program -- no new features, no bjg fixes, just reorganizing the program itself.

You did not cause or choose to "refactor", except by choosing to update the version of Magisk. @huskydg's advice was "do not update Magisk right now, keep using the version that works for you".

If you really want to go down the rabbit hole of why 25.1 worked for says before having problems, you should go to github and try to engage a developer.

If, on the other hand, "worked flawlessly for 3-4 days" means "didn't get around to trying this one banking app for 3-4 days", then just let it go -- wait for another release of Magisk.
 
  • Like
Reactions: svendsvin

pndwal

Senior Member
Thanks. Don't really understand your answer so what causes this "refactoring" of magiskinit?...
Just to add the detail, and for anyone interested in what is "a full paradigm shift on how Magisk hot-patch(s) the device at boot":

Refactoring magiskinit = magiskinit-rewrite... "A significant portion of magiskinit (the critical software that runs before your device boots up) is completely rewritten from scratch..."
https://topjohnwu.github.io/Magisk/releases/25000.html#magiskinit-rewrite

It involves changes in the way Magisk boots (initialises) in 2SI* devices, as well as broader changes in the way sepolicy# rules are patched/loaded (injected).

Notes:
* All devices on Android 10+ with the exception (excluding Pixel 3/3a series) of Legacy SAR devices launched with Android 9 (2018-2019).
# Access control policies for Security-Enhanced Linux.

Changes:
  • [MagiskInit] Update 2SI implementation, significantly increase device compatibility (e.g. Sony Xperia devices)
  • [MagiskInit] Introduce new sepolicy injection mechanism
See diffs (changes) here, especially in details.md (Internal Details doc):
https://github.com/topjohnwu/Magisk/commit/4f1a1879e572891bc005b489f82421303f602f72?diff=split

👀 PW
 
Last edited:

pndwal

Senior Member
Further re. refactoring magiskinit (magiskinit-rewrite); It will break Direct Install to update Magisk in 2SI devices...

I put a lot about this in General Support/Discussion thread...

Basically, Direct install breaks due to previous Magisk injection method for 2SI devices (involving patching fstab) being incompatible with new Magisk...

Those facing issues (patching errors, bootloops etc) updating to 25.x (24303+) on 2SI devices need to do a fresh initial installation (patch/fastboot flash an original boot image) of Magisk again, thereby replacing the incompatible fstab-patched image...

It's a bit more complicated in configurations where disabling verity/verification to boot is still required (a number of custom kernels and possibly ROMs), which will need to be able to boot without Magisk prior to patching going forward...

Nb. Because verity/verification is no longer disabled 'in most scenarios', AVB (Android Verified Boot) will remain intact. This means a Red state verified boot issue (dm-verity corruption) is avoided which may actually have advantages for root-hiding...
https://source.android.com/security/verifiedboot/boot-flow

Of course, since an Orange state verified boot issue (UNLOCKED device) is reported, SafetyNet pass spoofing and, in many cases, other 'root' hiding will still be needed for apps requiring attestation to TEE...

👀 PW
 
  • Like
Reactions: svendsvin

J.Michael

Recognized Contributor
Jan 20, 2018
1,317
1,251
Samsung Galaxy Tab A series
...

It's a bit more complicated in configurations where disabling verity/verification to boot is still required (a number of custom kernels and possibly ROMs), which will need to be able to boot without Magisk prior to patching going forward...
...
Could you say this again?
What configuration does not need to be able to boot without Magisk?
Do you mean that it is necessary to boot the unpatched system at least once before trying to install Magisk? Not much of a burden -- I thought most people use the system being patched to run Magisk Manager to patch.
 

pndwal

Senior Member
Could you say this again?
What configuration does not need to be able to boot without Magisk?
No, configurations that couldn't before (relied on Magisk to strip AVB flags etc) will need to be able to boot without Magisk prior to patching going forward... Which is what I said. 😛
Do you mean that it is necessary to boot the unpatched system at least once before trying to install Magisk? Not much of a burden -- I thought most people use the system being patched to run Magisk Manager to patch.
Yes, to confirm kernel will boot because it won't with Magisk either after magiskinit refactoring... But this is NOT for most people; only for those using "a number of custom kernels and possibly ROMs" needing verity/verification disabled!... That means custom kernels like Kirisakura...

And most people "facing issues (patching errors, bootloops etc) updating to 25.x (24303+) on 2SI devices" only "need to do a fresh initial installation (patch/fastboot flash an original boot image) of Magisk again, thereby replacing the incompatible fstab-patched image"... That image only breaks the Direct Install option...

I actually responded to your earlier post with more details on this at the end of this post (scroll down):
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-87068241
but I think you've missed it... 🙃 PW
 

silentuser143

New member
Jun 27, 2022
2
0
As usual so much information. Ah, you're using this phone and using those options. And you're trying to install that version of Magisk...

Sorry for being sarcastic, but if I'm already considering not to root my phone anymore, I really can't understand people rooting and modifying their phones without having any idea what they're doing.
Thank you for the encouragement sir
 

svendsvin

Senior Member
Oct 21, 2013
239
52
Lost in space
Xiaomi Redmi Note 7
Further re. refactoring magiskinit (magiskinit-rewrite); It will break Direct Install to update Magisk in 2SI devices...

I put a lot about this in General Support/Discussion thread...

Basically, Direct install breaks due to previous Magisk injection method for 2SI devices (involving patching fstab) being incompatible with new Magisk...

Those facing issues (patching errors, bootloops etc) updating to 25.x (24303+) on 2SI devices need to do a fresh initial installation (patch/fastboot flash an original boot image) of Magisk again, thereby replacing the incompatible fstab-patched image...

It's a bit more complicated in configurations where disabling verity/verification to boot is still required (a number of custom kernels and possibly ROMs), which will need to be able to boot without Magisk prior to patching going forward...

Nb. Because verity/verification is no longer disabled 'in most scenarios', AVB (Android Verified Boot) will remain intact. This means a Red state verified boot issue (dm-verity corruption) is avoided which may actually have advantages for root-hiding...
https://source.android.com/security/verifiedboot/boot-flow

Of course, since an Orange state verified boot issue (UNLOCKED device) is reported, SafetyNet pass spoofing and, in many cases, other 'root' hiding will still be needed for apps requiring attestation to TEE...

👀 PW
Thanks a lot for clarification and elaborating. Please correct me if I’m wrong, but I understand it as my Xiaomi Note 7 is a 2SI device and all I have to do is to patch boot.img instead of updating the recommended way and I have Magisk 25.1. Is that correct understood?
 

pndwal

Senior Member
Thanks a lot for clarification and elaborating. Please correct me if I’m wrong, but I understand it as my Xiaomi Note 7 is a 2SI device and all I have to do is to patch boot.img instead of updating the recommended way and I have Magisk 25.1. Is that correct understood?
No, Legacy SAR as noted, and as such won't become 2SI even running Android 10+. 😛

You shouldn't have issues updating... Let us know if you do... PW
 
  • Like
Reactions: svendsvin

pndwal

Senior Member
Can someone help me check this app if it detects root (error 301 or 304) using Magisk Delta MagiskHide or zygisk+shamiko+HMA

BNI Mobile
Screenshot_2022-06-28-23-28-55-335_src.com.bni.jpg

zygisk+shamiko+25101... PW
 

pndwal

Senior Member
  • Like
Reactions: J.Michael

shoey63

Recognized Contributor
  • Like
Reactions: J.Michael

Godlydevils

Senior Member
Jan 19, 2015
193
19
You can check with all list bankings i left in previous comment.

Video 1, zygisk+shamiko, imobile detect rooted
Video 2, magiskhide, imobile not detect rooted
LoL this is quite funny.

Literally all financial apps are working, however momo+basic integrity+CTS is failing, but idc, cuz apps are working, really funny, probably devs ditched magisk hide, to adapt with zygisk and well, vulnerability exploited
 

svendsvin

Senior Member
Oct 21, 2013
239
52
Lost in space
Xiaomi Redmi Note 7
No, Legacy SAR as noted, and as such won't become 2SI even running Android 10+. 😛

You shouldn't have issues updating... Let us know if you do... PW
With the help of newly updated Shamiko 0.5.1 I can now update to Magisk 25.1 without Momo telling me the environment is broken. I only get the usual about unlocked bootloader and debugging mode is enabled. And Shamiko 0.5.1 is not crashing my banking app. So far so good. The only problem left is that my banking app detects root no matter what I try. I’m dependent on my banking app so my only choice has been to downgrade Magisk to 24.3 again and wait for some miracle to happen.
 

J.Michael

Recognized Contributor
Jan 20, 2018
1,317
1,251
Samsung Galaxy Tab A series
With the help of newly updated Shamiko 0.5.1 I can now update to Magisk 25.1 without Momo telling me the environment is broken. I only get the usual about unlocked bootloader and debugging mode is enabled. And Shamiko 0.5.1 is not crashing my banking app. So far so good. The only problem left is that my banking app detects root no matter what I try. I’m dependent on my banking app so my only choice has been to downgrade Magisk to 24.3 again and wait for some miracle to happen.
Or, as @reforget noted, find another bank.
 
  • Like
Reactions: reforget

Top Liked Posts

  • There are no posts matching your filters.
  • 18
    Mod Info:

    Dear people of this thread,
    pls stay on topic and do not engage in world-events related discussions. This thread has seen enough of it already.

    In the name of peace and prosperity,
    Happy Zygisk-related posting,
    Cheers everyone
    8
    ... Needless inconvenience from banks ... its none of the banks business to stop their clients from using rooted devices. Theyre just adding another hindrance to smooth banking operations thereby possibly hampering their own business by wasting both their and their clients time. Thats Stupidity!
    Bank Devs did you hear? Pls discuss this with your bosses. Its like going backwards instead of forward.
    I totally agree!

    And as I've mentioned here before, every desktop computer is a rooted device, and of course we don't see the banks trying to hinder us from accessing their services from our computers.

    And banks gladly issue us debit cards which we keep in our wallets that are just as easy to steal as mobile devices.

    Rooted Android devices are just low-hanging fruit. And the amount of fraud that's prevented by trying to fight against Android root is minuscule, given the extremely small percentage of mobile device users who want to use rooted Android devices. I wouldn't be surprised if the amount of money that banks spend for anti-Android-modding software development exceeds the maximum amount of money that could be lost via the hacking of modded Android devices.
    5
    I was follow your every steps carefully but instead of zygisk hide in momo, now it's start detect debugging mode enable 😮💨.
    It detects what it says. If bothering you, turn off USB/ADB debugging mode.
    Or give up on Momo - it will always detect something
    4
    Currently, I have no info about Device Certified or not in Google Play Settings (screenshot)

    I observed that yesterday night when I upgraded my Xiaomi 11 Lite 5G NE from the previous week Xiaomi.eu weekly (MIUI 13/A12) to the current.
    I thought it would become Certified over the day, but it's still in limbo

    Frankly, last week when I installed Xiaomi.eu Weekly (first time) I forgot to check

    Everything else is ok, SafetyNet (with Basic CTS), Play Integrity (Basic Integrity), Play Protect is ok, Netflix eg running with L1, etc

    I'm kind of worried to wipe Google Play Data - not knowing would it become Certified or Not

    I'm pretty sure I did have similar cases in the past with previous devices, ROMs, Magisk setup, but they used to settle down by itself in
    After wiping only the Cache for Playstore and waiting few more hours, now Certified
    3
    Now 2 bank apps are working out of 3 after the recent update to the bank apps.
    I used A11 GSI, PhhTreble App Signature Spoofing, TWRP, Magisk 24.3 & a couple of important modules like Hide-User-Debug, USNF Moded, Hide-Props-Config, microG Gapps module safety net : All passed, Installed the bank apps through Aurora.
    For the 3rd bank app Dev Options need to be OFF & Only PlayStore Install allowed not PackageInstaller.
    Needless inconvenience from banks, they can just add more steps of verifications instead like Voice Recognition IVR AI (Voice Recognition IVR AI Bots are already functional in these banks helplline numbers) so they can just use that for bank app login verifications on top of other verifications. Its none of the banks business to stop their clients from using rooted devices. Theyre just adding another hindrance to smooth banking operations thereby possibly hampering their own business by wasting both their and their clients time. Thats Stupidity!
    Bank Devs did you hear? Pls discuss this with your bosses. Its like going backwards instead of forward.
  • 127
    This is a discussion and help thread for the newer versions of Magisk.

    The main goal of this thread is to help users migrate to Magisk v24+
    • SafetyNet
      Basic integrity Pass
      CTS profile match Pass
    • Play Protect certification
      Device is certified

    Feel free to discuss or give links to other Magisk related issues.
    Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
    Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds. 🙃

    Please read John's State of Magisk (medium.com)

    Starting with the Magisk 23 (23010) canary builds.
    • MagiskHide is removed.
      MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
      Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
      You still have the option to Hide the Magisk app under setting.​
    • Magisk Module online Repo is removed.
      The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.​
    • Everything SafetyNet is removed.
      This includes the SafetyNet check that was incorporated into the Magisk app.​
    • Zygisk is introduced.
      Zygote + Magisk = Zygisk​
    • The Deny list replaces the Hide list.
      The Hide list (more or less) hid Magisk from the process on the list.
      The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.​

    Starting with the Magisk 23 (23017) canary builds.
    • Magisk supports update channels per module.
      Each module can include it's own update link.​
    • Hide Magisk offline.
      You do not need internet connection to rename (repackage) the Magisk app.​

    What does this mean?
    Not much.
    It is just the next step in Magisk's development.
    Zygisk is a big step forward. ;)

    Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share. :D

    Jump to Post


    This is post will be updated once Magisk v24 is released.
    66
    Magisk
    The Magic Mask for Android.

    Magisk Links:
    GitHub
    Release Notes

    Download Links:
    Stable and Beta releases.
    Canary
    • GitHub
      The notes.md file is the change log.
      The app-debug.apk is Magisk canary.
      Click on app-debug.apk and choose View Raw or click on the Download option.​

    Credits:
    topjohnwu
    All who contribute and support this project.
    59
    Modules

    MagiskHide Props Config
    This module allows you to add, change and adjust prop values systemlessly using Magisk.​

    MagiskHide Props Config Links:

    Download Links:

    Credits:
    Didgeridoohan
    All who contribute and support this project.


    Universal SafetyNet Fix
    It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
    This 'trick' has been implemented properly into quite a few custom roms.
    For custom roms that do not include it and/or stock roms, he turned it into a module.​

    Universal SafetyNet Fix Links:

    Download Links:

    Credits:
    kdrag0n
    All who contribute and support this project.
    54
    Apps

    Fox's Magisk Module Manager
    This app allows you to manage and install Magisk modules.
    Including from an online repo.​

    Fox's Magisk Module Manager Links:

    Download Links:

    Credits:
    Fox2Code
    All who contribute and support this project.

    Play Intergrity API Checker
    This app shows info about your device integrity as reported by Google Play Services.
    If any of this fails could mean your device is rooted or tampered in a way (for example you have an unlocked bootloader).​

    Development:

    Download Links:

    Credits:
    1nikolas
    All who contribute and support this project.

    YASNAC - Yet Another SafetyNet Attestation Checker
    YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.​

    YASNAC Links:

    Download Links:

    Credits:
    RikkaW
    All who contribute and support this project.
    46
    Force Basic Attestation

    Newer devices are designed to support hardware attestation.
    Currently there is no way to hide the sensitive device properties when checked using hardware attestation.​

    To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
    SafetyNet will then fall back to check using basic attestation.

    Note:
    This method will work for devices that support hardware attestation and devices that do not.
    • Enable Zygisk.
    • Install the USNF module.
    • Reboot

    To keep posts short, the instructions are hid by spoiler tags.
    If you have not installed Magisk.
    Follow the installation link in the Magisk post.​

    Download the Universal SafetyNet Fix module.
    Download link is in the Modules post.​

    1. Enable Zygisk
      • Open the Magisk app.
      • Go to Settings.
      • Scroll down to the Magisk section.
      • Toggle Zygisk on.
      • Go back to the Magisk Home screen.
    2. Go to Modules.
      • Select Install from storage.
      • Navigate to the Universal SafetyNet Fix module zip file and select it.
    3. Reboot.

    The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
    Depending on the device and system (ROM) configuration, you might need to adjust a few more.
    See the Adjust Prop values post.​