[Discussion] Magisk - The Age of Zygisk.

Search This thread

williamcll

Senior Member
Jan 8, 2010
103
10
Hong Kong
OnePlus 6
Nintendo Switch
Anyone know what I need to get around Hang Seng bank's detection? Safteycheck is all good, but putting the app in denylist as well as closing almost all services in servicely doesn't work. Installing shamiko and turning off denylist doens't work either.

Edit: Island work
 
Last edited:

dohanin

Senior Member
Mar 26, 2011
231
128
Sony Xperia X Compact
Xiaomi Mi Pad 4
that's a bit too far fetched, I also asked on the XDA discord and they told me to use Island, which worked.
Well, using a work profile is more than just freezing the Magisk app, isn't it? Anyway, some people who need to reserve work profile for company use (like my case), cannot use island. And to clarify, I was suggesting to disable (i.e. freeze) the Magisk app, not Magisk itself.
 

huskydg

Senior Member
Feb 17, 2021
240
246
Well, using a work profile is more than just freezing the Magisk app, isn't it? Anyway, some people who need to reserve work profile for company use (like my case), cannot use island. And to clarify, I was suggesting to disable (i.e. freeze) the Magisk app, not Magisk itself.
If you compile a custom magisk with different custom package name by yourself, you will not have to freeze magisk app
 
  • Like
Reactions: dohanin

huskydg

Senior Member
Feb 17, 2021
240
246
Zygisk is just for hiding root???? Since i just see you guys discuss about hiding root in zygisk thread
 
  • Like
Reactions: pndwal

dohanin

Senior Member
Mar 26, 2011
231
128
Sony Xperia X Compact
Xiaomi Mi Pad 4
Not clear if you used/tried Hide the Magisk app in App settings...

Also, using HMA LSPosed module to further hide already hidden Magisk App also works for many bank apps... PW
I guess he did. I did as well, but hiding Magisk app with a random package name appears not enough for some banking apps. For some reasons, they can still identify Magisk app unless it's disabled (or hidden by other methods like HMA) - well, I never understand this part. Are all apps allowed to look through other apps in the device, but not for apps that are disabled?
 

pndwal

Senior Member
Hope so too... Not clear though...
I did as well, but hiding Magisk app with a random package name appears not enough for some banking apps. For some reasons, they can still identify Magisk app unless it's disabled (or hidden by other methods like HMA) - well, I never understand this part.
See this:
https://forum.xda-developers.com/t/discussion-magisk-the-age-of-zygisk.4393877/post-87078475
Are all apps allowed to look through other apps in the device, but not for apps that are disabled?
and this:
https://forum.xda-developers.com/t/discussion-magisk-the-age-of-zygisk.4393877/post-87078529

👀 PW
 

dohanin

Senior Member
Mar 26, 2011
231
128
Sony Xperia X Compact
Xiaomi Mi Pad 4
Thank you. But I found no explanation of why disabled app can avoid detection. There are some apps that can show a lot of information of installed apps (enabled or not), e.g. https://play.google.com/store/apps/details?id=com.majeur.applicationsinfo ,without requesting any permissions.

But why some banking apps only check enabled apps? Sorry if I missed some key points in your links.
 

pndwal

Senior Member
Thank you. But I found no explanation of why disabled app can avoid detection.
Still, you said
but hiding Magisk app with a random package name appears not enough for some banking apps. For some reasons, they can still identify Magisk app unless it's disabled (or hidden by other methods like HMA) - well, I never understand this part.
... the need for further hiding is explained; I went to some trouble to distil the info from that GitHub issue re. pattern matching etc...
There are some apps that can show a lot of information of installed apps (enabled or not), e.g. https://play.google.com/store/apps/details?id=com.majeur.applicationsinfo
Good share, thanks...
,without requesting any permissions.
This was possible in A10 but was supposed to be fixed in A11 in May 2021.

App Devs discovered an easy bypass however, using the QUERY_ALL_PACKAGES permission, and have since exploited this loophole (and others).

Google has been slow to patch /enforce their rules... Enforcement for compliance was pushed back to Nov ('for Covid-related reasons'), and it seems still not enforced till recently, but a new ultimatum gave June 1 2022 as the date apps would begin to be pulled for non-essential use of this permission or failure to issue a proper statement re. why use is 'essential'...

This is all in the link(s)...
But why some banking apps only check enabled apps?
I think they do whatever they can... Fraud / scams / hacking / device security are becoming critical issues... With IOS ahead of the game and Google's SafetyNet API an abysmal failure*, banks are becoming as inventive as possible and Google compliance rules are also viewed as fair game / expendable...

* Read 'Totally unreliable', at least while fallback from Hardware to Basic evaluation for attestation to TEE is possible; this effectively bypasses / makes a joke of (A)ndroid (V)erified (B)oot and it's 'Chain of Trust' ...
Sorry if I missed some key points in your links.
You did, but hopefully the summary will clarify a few things for all... PW
 
Last edited:
  • Like
Reactions: dohanin

williamcll

Senior Member
Jan 8, 2010
103
10
Hong Kong
OnePlus 6
Nintendo Switch
Well, using a work profile is more than just freezing the Magisk app, isn't it? Anyway, some people who need to reserve work profile for company use (like my case), cannot use island. And to clarify, I was suggesting to disable (i.e. freeze) the Magisk app, not Magisk itself.
Turning off magisk might break my other apps.
Not clear if you used/tried Hide the Magisk app in App settings...

Also, using HMA LSPosed module to further hide already hidden Magisk App also works for many bank apps... PW
Zygisk was on as well as LSPosed and Shamiko was turned on the whole time and it didn't work.
 

zgfg

Senior Member
Oct 10, 2016
7,795
5,195
Turning off magisk might break my other apps.

Zygisk was on as well as LSPosed and Shamiko was turned on the whole time and it didn't work.
Please distinguish Magisk from Magisk app = former Magisk Manager

You even uninstall Magisk APPLICATION but Magisk, all its modules, root Grants, DenyList continue working as you previously configured.
Any time you install Magisk APK back. you continue using it

App is only user interface to make you managing the Magiske more easier - otherwise, you would need to use Magisk CLI )command line interface)
 

dohanin

Senior Member
Mar 26, 2011
231
128
Sony Xperia X Compact
Xiaomi Mi Pad 4
Turning off magisk might break my other apps.
As said, I meant disabling (freezing) the magisk app, not Magisk itself. The app is only needed when you grant superuser access, adding apps to denylist, managing modules and other settings.

There are a number of apps which could automate the freezing. E.g. Airfrozen, Ice Box.
 
  • Like
Reactions: J.Michael

pndwal

Senior Member
Turning off magisk might break my other apps.
It won't... Even uninstalling Magisk App does not disable (or 'turn off') Magisk...

Some actually resort to uninstalling it during bank app use / when not needed... Works well enough for them...
Zygisk was on as well as LSPosed and Shamiko was turned on the whole time and it didn't work.
Still not clear if you used/tried Hide the Magisk app in App settings, or used HMA LSPosed module to further hide the already hidden Magisk App... PW
 
  • Like
Reactions: J.Michael

m0han

Senior Member
Apr 30, 2012
5,104
2,121

Attachments

  • Screenshot_20220702_232538.jpg
    Screenshot_20220702_232538.jpg
    178 KB · Views: 47

doniedogawa

Member
Oct 29, 2021
33
2
Indonesia
I just installed Magisk v25.1 on my LG V20 H990DS with stock oreo and success without having kernel issues, but the app itself can't be opened (stuck on logo).
 

angelomb

Member
Jun 4, 2013
10
1
Anyone know what I need to get around Hang Seng bank's detection? Safteycheck is all good, but putting the app in denylist as well as closing almost all services in servicely doesn't work. Installing shamiko and turning off denylist doens't work either.

Edit: Island work
what is island ? how does it work? I have the same problem with an app , if yu have a link with a tutorial I would appreciate
 

dohanin

Senior Member
Mar 26, 2011
231
128
Sony Xperia X Compact
Xiaomi Mi Pad 4
what is island ? how does it work? I have the same problem with an app , if yu have a link with a tutorial I would appreciate
Just search Island (from Oasis Feng) in Google Play. It sets up work profile, in which you can install your apps, and avoid root app detection.

But I still think it's too much work just to hide the Magisk app. I suggested simply freezing your Magisk app. It works for HSBC and some other bank apps too. Of course, you still need to add those bank apps to the denylist.
 
  • Like
Reactions: angelomb

angelomb

Member
Jun 4, 2013
10
1
Just search Island (from Oasis Feng) in Google Play. It sets up work profile, in which you can install your apps, and avoid root app detection.

But I still think it's too much work just to hide the Magisk app. I suggested simply freezing your Magisk app. It works for HSBC and some other bank apps too. Of course, you still need to add those bank apps to the denylist.
freeze it and it doesn't work either. It works in all banks except one. My mobile has Android 12 (Miui 13), when I had Andorid 11 (Miui 12) I had the same problem but solved it using the magisk 23. Magisk 23 does not work on Android 12 , I read that some block URLs with Adaway but there is not much information about it
 

Top Liked Posts

  • There are no posts matching your filters.
  • 18
    Mod Info:

    Dear people of this thread,
    pls stay on topic and do not engage in world-events related discussions. This thread has seen enough of it already.

    In the name of peace and prosperity,
    Happy Zygisk-related posting,
    Cheers everyone
    8
    ... Needless inconvenience from banks ... its none of the banks business to stop their clients from using rooted devices. Theyre just adding another hindrance to smooth banking operations thereby possibly hampering their own business by wasting both their and their clients time. Thats Stupidity!
    Bank Devs did you hear? Pls discuss this with your bosses. Its like going backwards instead of forward.
    I totally agree!

    And as I've mentioned here before, every desktop computer is a rooted device, and of course we don't see the banks trying to hinder us from accessing their services from our computers.

    And banks gladly issue us debit cards which we keep in our wallets that are just as easy to steal as mobile devices.

    Rooted Android devices are just low-hanging fruit. And the amount of fraud that's prevented by trying to fight against Android root is minuscule, given the extremely small percentage of mobile device users who want to use rooted Android devices. I wouldn't be surprised if the amount of money that banks spend for anti-Android-modding software development exceeds the maximum amount of money that could be lost via the hacking of modded Android devices.
    4
    Currently, I have no info about Device Certified or not in Google Play Settings (screenshot)

    I observed that yesterday night when I upgraded my Xiaomi 11 Lite 5G NE from the previous week Xiaomi.eu weekly (MIUI 13/A12) to the current.
    I thought it would become Certified over the day, but it's still in limbo

    Frankly, last week when I installed Xiaomi.eu Weekly (first time) I forgot to check

    Everything else is ok, SafetyNet (with Basic CTS), Play Integrity (Basic Integrity), Play Protect is ok, Netflix eg running with L1, etc

    I'm kind of worried to wipe Google Play Data - not knowing would it become Certified or Not

    I'm pretty sure I did have similar cases in the past with previous devices, ROMs, Magisk setup, but they used to settle down by itself in
    After wiping only the Cache for Playstore and waiting few more hours, now Certified
    3
    Now 2 bank apps are working out of 3 after the recent update to the bank apps.
    I used A11 GSI, PhhTreble App Signature Spoofing, TWRP, Magisk 24.3 & a couple of important modules like Hide-User-Debug, USNF Moded, Hide-Props-Config, microG Gapps module safety net : All passed, Installed the bank apps through Aurora.
    For the 3rd bank app Dev Options need to be OFF & Only PlayStore Install allowed not PackageInstaller.
    Needless inconvenience from banks, they can just add more steps of verifications instead like Voice Recognition IVR AI (Voice Recognition IVR AI Bots are already functional in these banks helplline numbers) so they can just use that for bank app login verifications on top of other verifications. Its none of the banks business to stop their clients from using rooted devices. Theyre just adding another hindrance to smooth banking operations thereby possibly hampering their own business by wasting both their and their clients time. Thats Stupidity!
    Bank Devs did you hear? Pls discuss this with your bosses. Its like going backwards instead of forward.
    3
    Why kdragon doesn't update it, or there are no good solution for that?
    As you know, he's aware and thanked @Displax for his fix / PR... And he does clearly want to improve the solution and scope the method
    to Play Integrity code by identifying methods it calls near the beginning and end of integrity checks, and adding hooks to set and restore the fingerprint ...
    https://github.com/kdrag0n/safetynet-fix/pull/207#issuecomment-1195452147

    He has already suggested an idea for adding an end hook, but said:
    Of course, this is all theoretical as it depends on the exact order of steps in the integrity checking process. Worst case scenario, we could just sleep for 1 second or so and revert the fingerprint change in a background thread. Not sure when I'll have time to look into it myself, but feel free to try implementing this idea: ...
    https://github.com/kdrag0n/safetynet-fix/pull/207#issuecomment-1200437447
    - So it seems he's in no rush himself, and he's happy for other Devs to test / contribute (although none appear to have tried adding hooks etc yet)...

    I guess he'll do more on this PR as time allows... If other Dev's haven't had time to test even proposed
    • Set the fingerprint in the key attestation hook
    • Spawn a thread to revert it after 3 seconds:
    thread(daemon = true) {
    Thread.sleep(3000)
    /* revert */
    }
    idea, then he may think 'why should I rush?'... He probably has a ton of more important maintenance on his plethora of apps, utilities, Proton ROM / kernel builds, etc to do...

    Meanwhile, @Displax solution seems a pretty good one to tide us over, for most devices... PW
  • 125
    This is a discussion and help thread for the newer versions of Magisk.

    The main goal of this thread is to help users migrate to Magisk v24+
    • SafetyNet
      Basic integrity Pass
      CTS profile match Pass
    • Play Protect certification
      Device is certified

    Feel free to discuss or give links to other Magisk related issues.
    Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
    Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds. 🙃

    Please read John's State of Magisk (medium.com)

    Starting with the Magisk 23 (23010) canary builds.
    • MagiskHide is removed.
      MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
      Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
      You still have the option to Hide the Magisk app under setting.​
    • Magisk Module online Repo is removed.
      The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.​
    • Everything SafetyNet is removed.
      This includes the SafetyNet check that was incorporated into the Magisk app.​
    • Zygisk is introduced.
      Zygote + Magisk = Zygisk​
    • The Deny list replaces the Hide list.
      The Hide list (more or less) hid Magisk from the process on the list.
      The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.​

    Starting with the Magisk 23 (23017) canary builds.
    • Magisk supports update channels per module.
      Each module can include it's own update link.​
    • Hide Magisk offline.
      You do not need internet connection to rename (repackage) the Magisk app.​

    What does this mean?
    Not much.
    It is just the next step in Magisk's development.
    Zygisk is a big step forward. ;)

    Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share. :D

    Jump to Post


    This is post will be updated once Magisk v24 is released.
    66
    Magisk
    The Magic Mask for Android.

    Magisk Links:
    GitHub
    Release Notes

    Download Links:
    Stable and Beta releases.
    Canary
    • GitHub
      The notes.md file is the change log.
      The app-debug.apk is Magisk canary.
      Click on app-debug.apk and choose View Raw or click on the Download option.​

    Credits:
    topjohnwu
    All who contribute and support this project.
    58
    Modules

    MagiskHide Props Config
    This module allows you to add, change and adjust prop values systemlessly using Magisk.​

    MagiskHide Props Config Links:

    Download Links:

    Credits:
    Didgeridoohan
    All who contribute and support this project.


    Universal SafetyNet Fix
    It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
    This 'trick' has been implemented properly into quite a few custom roms.
    For custom roms that do not include it and/or stock roms, he turned it into a module.​

    Universal SafetyNet Fix Links:

    Download Links:

    Credits:
    kdrag0n
    All who contribute and support this project.
    54
    Apps

    Fox's Magisk Module Manager
    This app allows you to manage and install Magisk modules.
    Including from an online repo.​

    Fox's Magisk Module Manager Links:

    Download Links:

    Credits:
    Fox2Code
    All who contribute and support this project.

    Play Intergrity API Checker
    This app shows info about your device integrity as reported by Google Play Services.
    If any of this fails could mean your device is rooted or tampered in a way (for example you have an unlocked bootloader).​

    Development:

    Download Links:

    Credits:
    1nikolas
    All who contribute and support this project.

    YASNAC - Yet Another SafetyNet Attestation Checker
    YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.​

    YASNAC Links:

    Download Links:

    Credits:
    RikkaW
    All who contribute and support this project.
    46
    Force Basic Attestation

    Newer devices are designed to support hardware attestation.
    Currently there is no way to hide the sensitive device properties when checked using hardware attestation.​

    To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
    SafetyNet will then fall back to check using basic attestation.

    Note:
    This method will work for devices that support hardware attestation and devices that do not.
    • Enable Zygisk.
    • Install the USNF module.
    • Reboot

    To keep posts short, the instructions are hid by spoiler tags.
    If you have not installed Magisk.
    Follow the installation link in the Magisk post.​

    Download the Universal SafetyNet Fix module.
    Download link is in the Modules post.​

    1. Enable Zygisk
      • Open the Magisk app.
      • Go to Settings.
      • Scroll down to the Magisk section.
      • Toggle Zygisk on.
      • Go back to the Magisk Home screen.
    2. Go to Modules.
      • Select Install from storage.
      • Navigate to the Universal SafetyNet Fix module zip file and select it.
    3. Reboot.

    The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
    Depending on the device and system (ROM) configuration, you might need to adjust a few more.
    See the Adjust Prop values post.​