[Discussion] Magisk - The Age of Zygisk.

Search This thread

73sydney

Senior Member
Fwiw

Delta is not entirely without its own issues, chiefly for me occaisonally losing root in the background, leaving me with having to reset my damn Watch 4 twice a day (if i was lucky) during the 3 days i tested it - once the link to watch is severed by root detection, theres NO way to recover it without reset....i soon went back to 25 debug and zero issues...luckily my bank app doesnt detect using zygisk/shamiko.

i.e. nothing is perfect and its still (relatively speaking) early days for zygisk/shamiko and im sure other zygisk alternatives
 
Last edited:
  • Like
Reactions: rodken

vietmobi

New member
Jun 28, 2022
2
1
It detects Zygisk.
You need Magisk Hide, ie.Magisk Alpha/Delta
Thank, i try magisk delta, turn off zygisk and use magiskhide. It finally works.

IMG_20220629_211324_227.jpg
 
  • Like
Reactions: shoey63

proza

Senior Member
Sep 18, 2012
169
3
I have a moto G7 plus.
I installed the Pixel OS 12 Plus. I installed Magisk 25.1. I enabled both Zygisk and Enforce DenyList. In the DenyList, I only selected the Google Play Services, enabled all the items except com.google.android.gms.
I rebooted and installed module MagiskHidePropsConf-v6.1.2.zip. Rebooted and installed module safetynet-fix-Zygisk-v2.2.1.zip. Rebooted and use the terminal to change the props to Google Nexus 6P.
Rebooted, run Root Checker. It shows SafetyNet request Failed. CTS profile match N/A. Basic integrity N/A.
What else can I do to pass the safetynet?
 

zgfg

Senior Member
Oct 10, 2016
7,814
5,227
It says "Something went wrong, Attestation response timeout"
Do you have GApos in your ROM?
SafetyNet goes through Google Play Services - if missing, it cannot work

AFAIK, there was a MicroG version (an open source alternative to GMS) but it must be provided with the ROM, proper version, etc

I don't know the details and frankly Im not interested (I use stock or custom ROMs with GApps), but I recall it was discussed here and/or in the USNF or MHPC threads, You could search

If you do have GApps, turn off all possible firewalls, blockers, etc - SN is not checked locally, GMS must connect to the Google servers
 

proza

Senior Member
Sep 18, 2012
169
3
Do you have GApos in your ROM?
SafetyNet goes through Google Play Services - if missing, it cannot work

AFAIK, there was a MicroG version (an open source alternative to GMS) but it must be provided with the ROM, proper version, etc

I don't know the details and frankly Im not interested (I use stock or custom ROMs with GApps), but I recall it was discussed here and/or in the USNF or MHPC threads, You could search

If you do have GApps, turn off all possible firewalls, blockers, etc - SN is not checked locally, GMS must connect to the Google servers

From the website, it says "PixelExperience is an AOSP based ROM, with Google apps included"
I have disabled the firewall and paused the adaway.
 

zgfg

Senior Member
Oct 10, 2016
7,814
5,227
From the website, it says "PixelExperience is an AOSP based ROM, with Google apps included"
I have disabled the firewall and paused the adaway.
Here you have the official SafetyNet API specifcation:

You can see that no response or timeout means that somewhere in the request/response channel (call to GMS, call to Google servers, responses back) is broken.
It does not mean that CTS or Basic integrity fail (hence you cannot fix with USNF or MHPC), but there is no response (and therefore no verdict about - they might be perfectly passing if attestation channel was not broken)

If one SN checker fails to answer, it can be that that something is wrong with that checker (or they went over quota with the number of requests to Google today or so).
But if it happens to you with different SN checkers (YASNAC now works perfectly for me), the pipe is broken in your ROM or on your line

Eg, ask in the group where you took the ROM from, how they test and pass SN
 
  • Like
Reactions: J.Michael

rodken

Senior Member
Jan 11, 2010
1,138
464
{Mod edit: Quoted post has been deleted}
You need to be more specific:

-- What device are you utilizing
-- Which version of Android
-- Custom ROM or Stock
-- What steps did you take [if any] to mitigate the issue
 
Last edited by a moderator:

GreekPilot

Senior Member
Jun 12, 2008
233
62
OnePlus 9 Pro
Good morning everybody. With new Shamiko v0.5.1 (117), no zygisk detected.
 

Attachments

  • Screenshot_2022-07-01-08-22-45-95_8ecd68a317969a903887707449183b6f.jpg
    Screenshot_2022-07-01-08-22-45-95_8ecd68a317969a903887707449183b6f.jpg
    487.1 KB · Views: 85

aximili

Member
Jun 29, 2007
18
0
I can't get HMA to work. I have enabled it in LSPosed but I don't have the module in Magisk.
(I have tried installing it from the APK and from the Play Store)
Help please?

Screenshot_20220701-172526 HMA not activated.jpg
 
Last edited:

m0han

Senior Member
Apr 30, 2012
5,117
2,131
Did you checkbox all for momo processes in denylist?
This is how I have Momo configured in DenyList at the moment. The middle item was disabled after reading somewhere that it is advisable. (I don't recall where I read it.) Would my Momo situation change for the better if I enable that also?
 

Attachments

  • Screenshot_20220701_153402.jpg
    Screenshot_20220701_153402.jpg
    181.2 KB · Views: 66

dohanin

Senior Member
Mar 26, 2011
231
128
Sony Xperia X Compact
Xiaomi Mi Pad 4
This is how I have Momo configured in DenyList at the moment. The middle item was disabled after reading somewhere that it is advisable. (I don't recall where I read it.) Would my Momo situation change for the better if I enable that also?
Probably the same.

If you like to hide Init.rc, you can install another magisk module InitRcHider. Or use Shamiko which has included initrc hider since 0.4.3. Although it doesn't make much difference I guess as not many apps would try to look for it.
 

Top Liked Posts

  • 1
    SafetyNet fix 2.3.1 Mod solved the problem 👍
    I'd be very interested to know if you can still pass deviceIntegrity if you uninstall that and install MagiskHide Props Config module and reboot as I suggested above (no need to configure anything in a terminal emulator as we're just testing the Edit MagiskHide props function which is the only function enabled/active by default when module is enabled) to test if the actual issue is that some sensitive prop(s) needs setting to a 'safe' value, or if a fingerprint prop other than the one used in ROM build is needed, and report results...

    Of course this is purely academic but would help to understand what changes are actually needed on pre-hardware key attestation (ie. pre-keymaster 3 Android 8 launch version) compliant devices...

    Of course no version of USNF should actually be needed for Galaxy S7 Edge since Basic evaluationType attestation is used by default... Even if unconfigured MHPC (to fix sensitive props; nb. USNF does that too) isn't enough, using MHPC to configure a different fingerprint globally (enter 'props' in a terminal emulator and follow prompts... I'd also be interested to know if Galaxy S7 Edge fingerprint works or if a mismatched device fingerprint is needed) should do the trick...

    🙂 PW
  • 18
    Mod Info:

    Dear people of this thread,
    pls stay on topic and do not engage in world-events related discussions. This thread has seen enough of it already.

    In the name of peace and prosperity,
    Happy Zygisk-related posting,
    Cheers everyone
    9
    oh good, a new Momo discussion in the thread

    let me grab some popcorn....
    6
    I was follow your every steps carefully but instead of zygisk hide in momo, now it's start detect debugging mode enable 😮💨.
    It detects what it says. If bothering you, turn off USB/ADB debugging mode.
    Or give up on Momo - it will always detect something
    3
    I'm on Pixel 6 Pro. Rooted and latest magisk. OTA update came thru. I haven't installed. When in magisk I pressed restore images and got a warning "no stock backup". Won't complete restoration so I can download the update. Any ideas on what I can do?
    You can manually download and install the update. See https://developers.google.com/android/images. Edit flash-all.bat and remove the -w from the last line to prevent wiping data. Reroot after by patching boot.img.

    You can also sideload the OTA. See https://developers.google.com/android/ota. I've never tried that, so don't know if that method is better.
    2
    It is curious because there is an unofficial version of lineageos 19.1 that works just installed yasnac. No timeout. AT the moment you use Magisk (in my case to create whatsapp mount part from internal to SD for example). It behaves as mentioned. If I don't change the fingerprint I can't use banks.

    But I don't reach that level of depth. Thank you very much for answering ♥
    Unofficial LOS, like many custom ROMs, manipulates props (eg builds with certified fingerprint and matches security patch date) and integrates @kdragon SafetyNet fix (as per his Proton builds) so these pass SafetyNet w/o Magisk... Scores of ROMs are now building @Displax's fix for new Play Integrity deviceIntegrity verdict (Ie. adding certified but mismatched device fingerprint to bypass enforcement of a hardware based attestation verdict) into their frameworks_bases also... See the string of references at the end of this issue:
    https://github.com/kdrag0n/safetynet-fix/pull/207

    Official LOS will never do this due to their strict policy not to tamper security signals...

    That's why @Displax modded USNF module (not official) may be needed for many bank apps to work w/ official LOS as suggested above (and no need for MHPC)...

    👀 PW
  • 127
    This is a discussion and help thread for the newer versions of Magisk.

    The main goal of this thread is to help users migrate to Magisk v24+
    • SafetyNet
      Basic integrity Pass
      CTS profile match Pass
    • Play Protect certification
      Device is certified

    Feel free to discuss or give links to other Magisk related issues.
    Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
    Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds. 🙃

    Please read John's State of Magisk (medium.com)

    Starting with the Magisk 23 (23010) canary builds.
    • MagiskHide is removed.
      MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
      Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
      You still have the option to Hide the Magisk app under setting.​
    • Magisk Module online Repo is removed.
      The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.​
    • Everything SafetyNet is removed.
      This includes the SafetyNet check that was incorporated into the Magisk app.​
    • Zygisk is introduced.
      Zygote + Magisk = Zygisk​
    • The Deny list replaces the Hide list.
      The Hide list (more or less) hid Magisk from the process on the list.
      The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.​

    Starting with the Magisk 23 (23017) canary builds.
    • Magisk supports update channels per module.
      Each module can include it's own update link.​
    • Hide Magisk offline.
      You do not need internet connection to rename (repackage) the Magisk app.​

    What does this mean?
    Not much.
    It is just the next step in Magisk's development.
    Zygisk is a big step forward. ;)

    Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share. :D

    Jump to Post


    This is post will be updated once Magisk v24 is released.
    66
    Magisk
    The Magic Mask for Android.

    Magisk Links:
    GitHub
    Release Notes

    Download Links:
    Stable and Beta releases.
    Canary
    • GitHub
      The notes.md file is the change log.
      The app-debug.apk is Magisk canary.
      Click on app-debug.apk and choose View Raw or click on the Download option.​

    Credits:
    topjohnwu
    All who contribute and support this project.
    59
    Modules

    MagiskHide Props Config
    This module allows you to add, change and adjust prop values systemlessly using Magisk.​

    MagiskHide Props Config Links:

    Download Links:

    Credits:
    Didgeridoohan
    All who contribute and support this project.


    Universal SafetyNet Fix
    It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
    This 'trick' has been implemented properly into quite a few custom roms.
    For custom roms that do not include it and/or stock roms, he turned it into a module.​

    Universal SafetyNet Fix Links:

    Download Links:

    Credits:
    kdrag0n
    All who contribute and support this project.
    54
    Apps

    Fox's Magisk Module Manager
    This app allows you to manage and install Magisk modules.
    Including from an online repo.​

    Fox's Magisk Module Manager Links:

    Download Links:

    Credits:
    Fox2Code
    All who contribute and support this project.

    Play Intergrity API Checker
    This app shows info about your device integrity as reported by Google Play Services.
    If any of this fails could mean your device is rooted or tampered in a way (for example you have an unlocked bootloader).​

    Development:

    Download Links:

    Credits:
    1nikolas
    All who contribute and support this project.

    YASNAC - Yet Another SafetyNet Attestation Checker
    YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.​

    YASNAC Links:

    Download Links:

    Credits:
    RikkaW
    All who contribute and support this project.
    46
    Force Basic Attestation

    Newer devices are designed to support hardware attestation.
    Currently there is no way to hide the sensitive device properties when checked using hardware attestation.​

    To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
    SafetyNet will then fall back to check using basic attestation.

    Note:
    This method will work for devices that support hardware attestation and devices that do not.
    • Enable Zygisk.
    • Install the USNF module.
    • Reboot

    To keep posts short, the instructions are hid by spoiler tags.
    If you have not installed Magisk.
    Follow the installation link in the Magisk post.​

    Download the Universal SafetyNet Fix module.
    Download link is in the Modules post.​

    1. Enable Zygisk
      • Open the Magisk app.
      • Go to Settings.
      • Scroll down to the Magisk section.
      • Toggle Zygisk on.
      • Go back to the Magisk Home screen.
    2. Go to Modules.
      • Select Install from storage.
      • Navigate to the Universal SafetyNet Fix module zip file and select it.
    3. Reboot.

    The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
    Depending on the device and system (ROM) configuration, you might need to adjust a few more.
    See the Adjust Prop values post.​