[Discussion] Magisk - The Age of Zygisk.

Search This thread

zgfg

Senior Member
Oct 10, 2016
7,793
5,193
Hi,

Don't know if this is the right place ... anyways ...


Firstly I don't have a clue why my github issue got closed by a bot.
If I remember correctly, you have to fill a template when reporting. And you have to confirm there that you use the latest Debug version.
Without all those formalities, the bot will immediately close your issue

But even if you pass the bot, your 'issue' will be sooner or later closed by developers because it's not their business if some banking app detects 'root'

Who knows how does it detect. Maybe by looking for Magisk Application (configuration of DenyList has nothing to do with that)

Maybe the app guesses about 'root' by finding TWRP folder. Maybe the app recognizes that Bootloader is unlocked (like Momo app can find on some phones) and it guesses why would somebody unlock BL if not for rooting or installing a custom ROM

It's not about detecting the 'root' but detecting that you are not running the 'safe' (read the CERTIFIED) stock firmware

And TJW has clearly departed himself and his Magisk v24+ from those detections of 'root'. New DenyList is something totally different than previous MagiskHide. Even if somebody does not understand the differences in techniques, he should see a significant difference in their NAMES

I only don't understand why TJW still keeps Hide (repackage) Magisk App option. If he really wanted to be straight about differentiating from hiding the 'root', he should have removed that option - that option (putting aside that it can be circumvented by smarter 'banking' apps) has no other purpose than to hide Magisk app from the 'banking' apps who try to look for the Magisk ('service', 'mask', whatever you call) by looking instead for (an easier task) the Magisk app. Hence TJW still stands here on the 'wrong' side, but apparently his employer does not care much (meanwhile trying to impose that apps soon will no more be able to search for the installed apps, hence hiding the Magisk app would become irrelevant)

Ie, detecting and hiding root is a game. And AFAIK, Magisk GitHub does not accept reporting any 'issues' about

Edit:
Just checked, the template/instructions when reporting an Issue (Magisk GitHub) clearly say (among others):

  • **DO NOT** open issues regarding root detection.
  • Without following the rules above, your issue will be closed without explanation.
 
Last edited:
  • Like
Reactions: asripath and ipdev

zgfg

Senior Member
Oct 10, 2016
7,793
5,193
I noticed it was because of Zygisk that even on Magisk Delta it was detecting root. So I now installed Magisk Delta without Zygisk enabled and Hide list On and it works. Is there any significant difference for Zygisk and no Zygisk?

I fail SafetyNet now
Of course there is a BIG difference. Not easy to describe in few words (specially to a newbie regarding to Zygisk).But take your time and search/read in this and Magisk general thread, you can find a lot about Zygisk, how and why it was introduced, about its still not mature status, about its name (process starting from Android Zygote!), etc

If you don't use Zygisk, and if you needed USNF (with Zygisk to pass SN), then now you need to go back to the lower version of USNF - new USNF is made for Zygisk.
Please read and find info in the USNF thread - for Delta without Zygisk, you should look for the USNF version as for the old, pre v24 Magisk

Or ask in the Delta thread - this thread here is for the official/new Magisk v24+ while Delta, with Zygisk disabled acts l(in some aspects) like Magisk v23-.
Actually, it's ba specific mix of the old and new and should not be messed with the official Magisk v24/25
 
Last edited:
  • Like
Reactions: ipdev

pndwal

Senior Member
so far i enabled app hiding feature in magisk, installed denylistunmount (and disabled "enforce denylist") and safetynetfix modules and put banking apps in denylist. Two banking apps seem to work, at least they don't complain. Not yet tried logging and everything... but gpay is showing a blank screen and seems to hang only. G-play says "device is not certified".
If YASNAC gives CTS profile match pass you should get Play Protect Device is certified if you clear Google Play Store and (sometimes) Google Play Services data... PW
 
  • Like
Reactions: J.Michael

pndwal

Senior Member
I noticed it was because of Zygisk that even on Magisk Delta it was detecting root. So I now installed Magisk Delta without Zygisk enabled and Hide list On and it works. Is there any significant difference for Zygisk and no Zygisk?
Zygisk is the new Riru, ie. XHook to inject into zygote in order to allow modules to run their codes in apps or the system server... One difference is that it's integrated in Magisk...
I fail SafetyNet now
You need Riru (framework module) and Universal Safety net Fix v2.1.3 (Riru) (module). PW
 

pndwal

Senior Member
I only don't understand why TJW still keeps Hide (repackage) Magisk App option. If he really wanted to be straight about differentiating from hiding the 'root', he should have removed that option - that option (putting aside that it can be circumvented by smarter 'banking' apps) has no other purpose than to hide Magisk app from the 'banking' apps who try to look for the Magisk ('service', 'mask', whatever you call) by looking instead for (an easier task) the Magisk app.
John may not be interested in the board-game (if you will) of Cat and Mouse any longer, but he has stated that he doesn't intend to stop others playing.

This means he's not resetting the board at this point... In fact he's even encouraged Devs 'still passionate about' the 'hiding' game to get more involved and 'start doing their job'...

The issue for him has clearly been the requirement (now that he's working with the big, if apparently lazy, cat) to take back moves where he's 'played dirty'...

This Take Back specifically means
Yes, MagiskHide will have to see its end of life... Magisk will not spoof/alter/manipulate any non-Magisk related signals or traces to circumvent any device state detection.
https://topjohnwu.medium.com/state-of-magisk-2021-fe29fdaee458

In other words, 'dirty' = a deliberate attempt to 'subvert Google's security model'.

However
It's worth noting that neither Google nor John seem to regard hiding (obfuscating) Magisk App as akin to attempts to "spoof/alter/manipulate any non-Magisk related signals or traces to circumvent any device state detection", now precluded in Magisk... Seems this is legitimate subterfuge as apps should not be employing such means of detection in any case... (Ie. Google has rules preventing both modder abuse, and proprietary app abuses)...

Hence TJW still stands here on the 'wrong' side,
Matter of perspective...

Yes, he may be hiding code the fat cats don't like, but the cat-who-counts hasn't given them clearance to enter and search!.... So who's playing dirty here?...
but apparently his employer does not care much (meanwhile trying to impose that apps soon will no more be able to search for the installed apps, hence hiding the Magisk app would become irrelevant)
Exactly... Google have rules for Banks and for users... Banks have been breaking the rules re obtaining applists and Google are (s l o w l y) addressing this abuse...
Some very interesting news re. apps that use the QUERY_ALL_PACKAGES permission (S PushTAN & many others) FINALLY being pulled into line by Google (from former XDA Editor in chief):
Mishaal Rahman, Apr 6
...
Apps that declare the QUERY_ALL_PACKAGES permission but haven't filled out the relevant permission declaration may be removed from Google Play starting June 1, 2022.
www.twitter.com/MishaalRahman/status/1511452117214679053

Reasons / excuses for the delay:
https://www.xda-developers.com/google-play-store-query-all-packages-rule/

What it means in practice:
My guess is that it will depend a lot on Google... Here's hoping... 🙃 PW
So Google clearly view deliberate subversion of API changes that prevent apps from obtaining applists as foul ('dirty') play, not efforts to hide apps from from other apps...

Ie, detecting and hiding root is a game.
And the game continues... And boundaries (rules) are being defined more clearly... Thanks to John... And Google... 😝 😊 PW
 
Last edited:
  • Like
Reactions: rodken and ipdev

zgfg

Senior Member
Oct 10, 2016
7,793
5,193
YASNAC and CTS, mean?
Both are really household terms in this thread (for anybody who here and there reads some posts). Please read OP posts on the first page

Screenshot from YASNAC app (Google Play) attached
 

Attachments

  • IMG_20220706_113553.jpg
    IMG_20220706_113553.jpg
    216.5 KB · Views: 45

Ace_Cole

Member
Jul 5, 2022
25
1
But I see now that you started by asking about App Cloner

I don't see App Cloner in the MIUI Security. If that App Cloner is a third party app, then adding Security to DenyList would have no effect/not help

Then I don't know why somebody recommended you to add MIUI Security to DenyList - my previous post was exclusively about adding Security to DenyList (since I remember that with some MIUI version and/or some Magisk version, Security was not showing in DenyList or in MagiskHide and I needed to be added through CLI in Terminal)
Can there be a solution for this "App cloner" detecting root?
 

pndwal

Senior Member
😀 Is your device rooted?
Since new! 😜
If yes
Do you see a splash screen
With warning message "Root detected"?
Nope...
If No
Please I'd like to know how you got it to work without detecting root. Thanks
App cloner 2.14.7 (1 July 2022)
Xiaomi Redmi Note 8T, stock MIUI, Android 10.
Magisk 25101, Zygisk, USNF, Shamiko.
App in denylist

IMG_20220706_234837.jpg

CTS profile match (SafetyNet) pass.
Play Protect Device is certified.

This one was easy...
👍 PW
 
  • Like
Reactions: J.Michael

Ace_Cole

Member
Jul 5, 2022
25
1
Since new! 😜

Nope...

App cloner 2.14.7 (1 July 2022)
Xiaomi Redmi Note 8T, stock MIUI, Android 10.
Magisk 25101, Zygisk, USNF, Shamiko.
App in denylist

View attachment 5653699
CTS profile match (SafetyNet) pass.
Play Protect Device is certified.

This one was easy...
👍 PW
Nice thanks
I have Xiaomi Redmi 9 (Android 10)
Magisk delta 25.1 (magisk hide enabled)
Zygisk disable, USFN riru, CTS profile match (pass)
App added to deny list
Seems I'm doing something wrong. .. I'll check with zygisk enabled and shamiko
Thanks😉
 

Top Liked Posts

  • There are no posts matching your filters.
  • 18
    Mod Info:

    Dear people of this thread,
    pls stay on topic and do not engage in world-events related discussions. This thread has seen enough of it already.

    In the name of peace and prosperity,
    Happy Zygisk-related posting,
    Cheers everyone
    8
    ... Needless inconvenience from banks ... its none of the banks business to stop their clients from using rooted devices. Theyre just adding another hindrance to smooth banking operations thereby possibly hampering their own business by wasting both their and their clients time. Thats Stupidity!
    Bank Devs did you hear? Pls discuss this with your bosses. Its like going backwards instead of forward.
    I totally agree!

    And as I've mentioned here before, every desktop computer is a rooted device, and of course we don't see the banks trying to hinder us from accessing their services from our computers.

    And banks gladly issue us debit cards which we keep in our wallets that are just as easy to steal as mobile devices.

    Rooted Android devices are just low-hanging fruit. And the amount of fraud that's prevented by trying to fight against Android root is minuscule, given the extremely small percentage of mobile device users who want to use rooted Android devices. I wouldn't be surprised if the amount of money that banks spend for anti-Android-modding software development exceeds the maximum amount of money that could be lost via the hacking of modded Android devices.
    4
    Currently, I have no info about Device Certified or not in Google Play Settings (screenshot)

    I observed that yesterday night when I upgraded my Xiaomi 11 Lite 5G NE from the previous week Xiaomi.eu weekly (MIUI 13/A12) to the current.
    I thought it would become Certified over the day, but it's still in limbo

    Frankly, last week when I installed Xiaomi.eu Weekly (first time) I forgot to check

    Everything else is ok, SafetyNet (with Basic CTS), Play Integrity (Basic Integrity), Play Protect is ok, Netflix eg running with L1, etc

    I'm kind of worried to wipe Google Play Data - not knowing would it become Certified or Not

    I'm pretty sure I did have similar cases in the past with previous devices, ROMs, Magisk setup, but they used to settle down by itself in
    After wiping only the Cache for Playstore and waiting few more hours, now Certified
    3
    Now 2 bank apps are working out of 3 after the recent update to the bank apps.
    I used A11 GSI, PhhTreble App Signature Spoofing, TWRP, Magisk 24.3 & a couple of important modules like Hide-User-Debug, USNF Moded, Hide-Props-Config, microG Gapps module safety net : All passed, Installed the bank apps through Aurora.
    For the 3rd bank app Dev Options need to be OFF & Only PlayStore Install allowed not PackageInstaller.
    Needless inconvenience from banks, they can just add more steps of verifications instead like Voice Recognition IVR AI (Voice Recognition IVR AI Bots are already functional in these banks helplline numbers) so they can just use that for bank app login verifications on top of other verifications. Its none of the banks business to stop their clients from using rooted devices. Theyre just adding another hindrance to smooth banking operations thereby possibly hampering their own business by wasting both their and their clients time. Thats Stupidity!
    Bank Devs did you hear? Pls discuss this with your bosses. Its like going backwards instead of forward.
    3
    Why kdragon doesn't update it, or there are no good solution for that?
    As you know, he's aware and thanked @Displax for his fix / PR... And he does clearly want to improve the solution and scope the method
    to Play Integrity code by identifying methods it calls near the beginning and end of integrity checks, and adding hooks to set and restore the fingerprint ...
    https://github.com/kdrag0n/safetynet-fix/pull/207#issuecomment-1195452147

    He has already suggested an idea for adding an end hook, but said:
    Of course, this is all theoretical as it depends on the exact order of steps in the integrity checking process. Worst case scenario, we could just sleep for 1 second or so and revert the fingerprint change in a background thread. Not sure when I'll have time to look into it myself, but feel free to try implementing this idea: ...
    https://github.com/kdrag0n/safetynet-fix/pull/207#issuecomment-1200437447
    - So it seems he's in no rush himself, and he's happy for other Devs to test / contribute (although none appear to have tried adding hooks etc yet)...

    I guess he'll do more on this PR as time allows... If other Dev's haven't had time to test even proposed
    • Set the fingerprint in the key attestation hook
    • Spawn a thread to revert it after 3 seconds:
    thread(daemon = true) {
    Thread.sleep(3000)
    /* revert */
    }
    idea, then he may think 'why should I rush?'... He probably has a ton of more important maintenance on his plethora of apps, utilities, Proton ROM / kernel builds, etc to do...

    Meanwhile, @Displax solution seems a pretty good one to tide us over, for most devices... PW
  • 125
    This is a discussion and help thread for the newer versions of Magisk.

    The main goal of this thread is to help users migrate to Magisk v24+
    • SafetyNet
      Basic integrity Pass
      CTS profile match Pass
    • Play Protect certification
      Device is certified

    Feel free to discuss or give links to other Magisk related issues.
    Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
    Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds. 🙃

    Please read John's State of Magisk (medium.com)

    Starting with the Magisk 23 (23010) canary builds.
    • MagiskHide is removed.
      MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
      Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
      You still have the option to Hide the Magisk app under setting.​
    • Magisk Module online Repo is removed.
      The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.​
    • Everything SafetyNet is removed.
      This includes the SafetyNet check that was incorporated into the Magisk app.​
    • Zygisk is introduced.
      Zygote + Magisk = Zygisk​
    • The Deny list replaces the Hide list.
      The Hide list (more or less) hid Magisk from the process on the list.
      The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.​

    Starting with the Magisk 23 (23017) canary builds.
    • Magisk supports update channels per module.
      Each module can include it's own update link.​
    • Hide Magisk offline.
      You do not need internet connection to rename (repackage) the Magisk app.​

    What does this mean?
    Not much.
    It is just the next step in Magisk's development.
    Zygisk is a big step forward. ;)

    Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share. :D

    Jump to Post


    This is post will be updated once Magisk v24 is released.
    66
    Magisk
    The Magic Mask for Android.

    Magisk Links:
    GitHub
    Release Notes

    Download Links:
    Stable and Beta releases.
    Canary
    • GitHub
      The notes.md file is the change log.
      The app-debug.apk is Magisk canary.
      Click on app-debug.apk and choose View Raw or click on the Download option.​

    Credits:
    topjohnwu
    All who contribute and support this project.
    58
    Modules

    MagiskHide Props Config
    This module allows you to add, change and adjust prop values systemlessly using Magisk.​

    MagiskHide Props Config Links:

    Download Links:

    Credits:
    Didgeridoohan
    All who contribute and support this project.


    Universal SafetyNet Fix
    It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
    This 'trick' has been implemented properly into quite a few custom roms.
    For custom roms that do not include it and/or stock roms, he turned it into a module.​

    Universal SafetyNet Fix Links:

    Download Links:

    Credits:
    kdrag0n
    All who contribute and support this project.
    54
    Apps

    Fox's Magisk Module Manager
    This app allows you to manage and install Magisk modules.
    Including from an online repo.​

    Fox's Magisk Module Manager Links:

    Download Links:

    Credits:
    Fox2Code
    All who contribute and support this project.

    Play Intergrity API Checker
    This app shows info about your device integrity as reported by Google Play Services.
    If any of this fails could mean your device is rooted or tampered in a way (for example you have an unlocked bootloader).​

    Development:

    Download Links:

    Credits:
    1nikolas
    All who contribute and support this project.

    YASNAC - Yet Another SafetyNet Attestation Checker
    YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.​

    YASNAC Links:

    Download Links:

    Credits:
    RikkaW
    All who contribute and support this project.
    46
    Force Basic Attestation

    Newer devices are designed to support hardware attestation.
    Currently there is no way to hide the sensitive device properties when checked using hardware attestation.​

    To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
    SafetyNet will then fall back to check using basic attestation.

    Note:
    This method will work for devices that support hardware attestation and devices that do not.
    • Enable Zygisk.
    • Install the USNF module.
    • Reboot

    To keep posts short, the instructions are hid by spoiler tags.
    If you have not installed Magisk.
    Follow the installation link in the Magisk post.​

    Download the Universal SafetyNet Fix module.
    Download link is in the Modules post.​

    1. Enable Zygisk
      • Open the Magisk app.
      • Go to Settings.
      • Scroll down to the Magisk section.
      • Toggle Zygisk on.
      • Go back to the Magisk Home screen.
    2. Go to Modules.
      • Select Install from storage.
      • Navigate to the Universal SafetyNet Fix module zip file and select it.
    3. Reboot.

    The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
    Depending on the device and system (ROM) configuration, you might need to adjust a few more.
    See the Adjust Prop values post.​