[Discussion] Magisk - The Age of Zygisk.
- Thread starter ipdev
- Start date
There are separated threads for Magisk Alpha and Magisk Delta.
Simply use search in XDA (top/right on the page) or google for eg: XDA Magisk Delta, and you'll find yourself both
no twrp folder in (storage),all root app in the template...
Hmm, I always pass all (screenshot).
Make sure that in HMA template, you list Magisk app (I don't rename/hide the Magisk app), HMA module itself and all the other LSPosed modules you may have.
If you have deleted LSPosed app and you only have its shortcut - you cannot and don't list LSPosed itself
I have even the folder TWRP (storage) but renamed to TWRP.bak
Attachments
so you say I can't use lsposed as a shortcut and reinstall original magisk app and add it into denylist?!(i added magisk with it's spoofed name).
I say that I don't (need to) rename/hide Magisk app, I just put it to HMA
And that if you let LSPosed to remove its app, there is no more LSPosed app and you don't put to HMA templste
If you keep LSPosed app, you must have it in HMA template
And you must have HMA itself in it's template
And I don't understand where do you have TWRP folder if not on storage. But I had simply renamed it to TWRP.bak
Attachments
check if twrp folder is remaining in /data/media/0/. if so, delete from there too.
now i have only magisk module indication red hope u have any idea
OMG from 2650 pages in old magisk thread to 112 pages in this new thread. Is there an option in xda to add a sticky post like in TGram that tells the visitor for example : Step1 through StepN to bypass SNet for bank apps? (sorry if I appear lazy)
73sydney
Account currently disabled
you appear lazy
most people manage to read the first page of the thread which gets you better than 99% of the way for 99% of people. The rest, and up to date fixes for any current or emerging issue (in any thread) will always be found in the last 5-10 pages, as makes sense. Dig in
uhh..its been over an year since but I still haven't used the device yet, my backs turned hump now, hurts too coz been just bending over on the PC screen and flashing this and that and GSIs and ROMs then reflashing stock factory image then TWRP for the hundreth time now maybe lol but I've still not managed to get the bank app to run
. Will it even work with an unlocked bootloader on samsung? maybe one last good try then I'll give up and move to Net-Banking instead perhaps. Magisk is a great program though. Any pointers would be welcome. TIAHave you checked the forums for the device?
uhh..its been over an year since but I still haven't used the device yet, my backs turned hump now, hurts too coz been just bending over on the PC screen and flashing this and that and GSIs and ROMs then reflashing stock factory image then TWRP for the hundreth time now maybe lol but I've still not managed to get the bank app to run
Have you searched XDA for the bank app?
73sydney
Account currently disabled
uhh..its been over an year since but I still haven't used the device yet, my backs turned hump now, hurts too coz been just bending over on the PC screen and flashing this and that and GSIs and ROMs then reflashing stock factory image then TWRP for the hundreth time now maybe lol but I've still not managed to get the bank app to run
No idea which device you have but as for Samsung, i run an S20+ 5G (bootloader unlocked etc) and have 0 issues with any banking app ive ever used. Just to give you hope. And giving hope goes against my central edicts....as does spoonfeeding
As for tips :
When in doubt, start with stock ROM....
The next could have been harvested from the last 5-10 pages...you should practice reading the last few pages of a thread, its a good habit as XDA isnt your own personal helpdesk where you only post when you have a crisis - without reading the room, because often its not just you having the issue, and we collaborate to fix issues....
You'll almost certainly need (along with reading the first page of this thread) this:
Thats currently the best option to deal with the recent (as in last few weeks) change from SafetyNet to Integrity Check, and you should bookmark that thread for any future changes.
And you'll want to check you can pass this (top 2 out of 3 green is good enough)
Play Integrity API Checker - Apps on Google Play
Get info about your Device Integrity through the Play Intergrity API
And thus you have reached the extent of my pity....i now return you to the normal programming from me, which is pure unadulterated indifference to the plight of man as a whole. Enjoy.
I NVM...yup youre right I am a manNo idea which device you have but as for Samsung, i run an S20+ 5G (bootloader unlocked etc) and have 0 issues with any banking app ive ever used. Just to give you hope. And giving hope goes against my central edicts....as does spoonfeeding
As for tips :
When in doubt, start with stock ROM....
The next could have been harvested from the last 5-10 pages...you should practice reading the last few pages of a thread, its a good habit as XDA isnt your own personal helpdesk where you only post when you have a crisis - without reading the room, because often its not just you having the issue, and we collaborate to fix issues....
You'll almost certainly need (along with reading the first page of this thread) this:
Thats currently the best option to deal with the recent (as in last few weeks) change from SafetyNet to Integrity Check, and you should bookmark that thread for any future changes.
And you'll want to check you can pass this (top 2 out of 3 green is good enough)
Play Integrity API Checker - Apps on Google Play
Get info about your Device Integrity through the Play Intergrity APIplay.google.com
And thus you have reached the extent of my pity....i now return you to the normal programming from me, which is pure unadulterated indifference to the plight of man as a whole. Enjoy.
Had done all that (safetynet-fix-v2.3.1.zip) and microG and GSI_certifier zip and spoofs & modules. I was trying 24.2 & 25.1 on Galaxy M21 2021 Edition SM-M215G Android 11 OneUI 3.1, It didn't work on Android 12 GSIs either (i mean bank apps didnt work), 25.2 bootloops so maybe I'm too tired of all this & don't want to install 5 different apps like lsposed & lua n stuff (lua & magisk together? how?) on my phone just to run a bank app when actually all these addon apps could easily spy from within my phone with root privilege on them.
I have a hunch that the bank app I'm using probably isn't even checking root rather its checking with the OEM servers on open BL devices list during device initialization , as easy as that because we have a Local Samsung Phone Manufacturing Plant in my country itself where M215G is also made, but thanks for your pity anyway I can still use 24.2 to add some modules and as for banking net-banking is available and quite secure with OTPs, enough headache with applying all this mods alrready, I can't probably give more time to android as theres other things to do. Thanks anyway. One year not entirely fruitless. I'll finally put the SIM-Card in for the first time in 14 months lol.
Last edited:
New theory. Never heard of (checking through the vendors side for users who had unlocked the Bootloaders)
Maybe they can rather use some Samsung API and check the real status of Knox on the phone
73sydney
Account currently disabled
I NVM...yup youre right I am a man
Had done all that (safetynet-fix-v2.3.1.zip) and microG and GSI_certifier zip and spoofs & modules. I was trying 24.2 & 25.1 on Galaxy M21 2021 Edition SM-M215G Android 11 OneUI 3.1, It didn't work on Android 12 GSIs either (i mean bank apps didnt work), 25.2 bootloops so maybe I'm too tired of all this & don't want to install 5 different apps like lsposed & lua n stuff (lua & magisk together? how?) on my phone just to run a bank app when actually all these addon apps could easily spy from within my phone with root privilege on them.
I have a hunch that the bank app I'm using probably isn't even checking root rather its checking with the OEM servers on open BL devices list during device initialization , as easy as that because we have a Local Samsung Phone Manufacturing Plant in my country itself where M215G is also made, but thanks for your pity anyway I can still use 24.2 to add some modules and as for banking net-banking is available and quite secure with OTPs, enough headache with applying all this mods alrready, I can't probably give more time to android as theres other things to do. Thanks anyway. One year not entirely fruitless. I'll finally put the SIM-Card in for the first time in 14 months lol.
Also running MicroG is just making your life harder, i will still never get why people want to introduce another level of possible fail....
As far as I know (without xposed & other such modules on) It's most likely A SURE FAIL with microG on Stock OSes 9, 10, 11 if not GSIs but still people prefer to pm-uninstall built-in Gapps then install microG instead because they hope that a handful more of GSF- Dependent apps might agree to run with microG rather than not having both Gapps nor microG on the device which means GSF-Dependents won't run at all. In countries that disguise themselves as democratic but are really deeply autocratic by nature, introduction of systems like Guugle have already been devastating in many scenarios so the ones who are not in their governments good-books may even face danger or be forced to shut-shop.
Last edited:
Maybe they do check knox even for ROMs that have nuked-knox but the prior scenario seems to be an easier and affirmative option for the banks logically speaking, also when I had 24.2 running on an A10 older samsung with the older version of the bank app running it worked flawlessly untill a month ago when i upgraded the app and suddenly the number of services within the bank app had jumped to 390 from mere 60-70 if i remember correctly and it refused to run, a few of the new services in the upgraded version seemed to be designed just to sniff out root, so i ran the same upgraded version on two phones of the same model (SM-M215G), one with just BL unlocked and original factory stock running and the other with Magisk 24.2 /25.1 + BL obviously unlocked but the bank app INSTANTLY detected jailbreak on the one with just the BL unlocked, thats raised my suspicion that the bank app had a method to check unlocked BLs too regardless of whether magisk was present or absent. It obviously detected jailbreak on the other one with magisk instantaneously but I knew that would happen coz I didn't follow this threads instructions and install the xposed modules etc. along with magisk. I tried it on a nuked-knox OneUI ROM and the result was the same.
Similar threads
Top Liked Posts
-
4
You're GREAT!!
Thanks a lot!
It's NOT necessary to change all lineage strings!
It just ONLY looks in build.prop for the existence of "ro.lineage.build.version". If the name of this prop is changed to "ro.whateveryouwant.build.version", then Payback works again.
Thanks a lot again.
samhhmobil4
You can try the following - to avoid possibly breaking OTA
If you eg use Systemless hosts, then go to its folder (by root explorer like MixPlorer):
/data/adb/modules/hosts
And create there a file:
system.prop
containing:
ro.lineage.build.version=
Reboot, and the given prop shall be systemlessly removed (unless the ROM enforces the prop only after booting is completed)
When you want to do OTA, rename that system.prop to eg system.bak and reboot - you will again have the original ROMs prop(s)
You can similarly (miss)use any other module's folder and if it already has the system.prop, just add your lines in and reboot22
@zgfg
Nice try, but... it doesn't work.
It creates an empty prop "ro.lineage.build.version“, but the prop itself exists.
And payback does not check the value of that prop, but checks if it exists.
So, renaming it in build.prop seems to be the safe way.
samhhmobil1 -
4
You can try the following - to avoid possibly breaking OTA
If you eg use Systemless hosts, then go to its folder (by root explorer like MixPlorer):
/data/adb/modules/hosts
And create there a file:
system.prop
containing:
ro.lineage.build.version=
Reboot, and the given prop shall be systemlessly removed (unless the ROM enforces the prop only after booting is completed)
When you want to do OTA, rename that system.prop to eg system.bak and reboot - you will again have the original ROMs prop(s)
You can similarly (miss)use any other module's folder and if it already has the system.prop, just add your lines in and reboot4
You're GREAT!!
Thanks a lot!
It's NOT necessary to change all lineage strings!
It just ONLY looks in build.prop for the existence of "ro.lineage.build.version". If the name of this prop is changed to "ro.whateveryouwant.build.version", then Payback works again.
Thanks a lot again.
samhhmobil3
I would bet a small fortune on that is what triggers it. Many other banking and multimedia / DRM protected app is triggered simply by having "linage" in the list of props (build.prop for example). Try this: mount /system read-write and remove a single char from all prop values that contains lineage in it (ex. lineage -> lineag) then reboot and likely it won't be triggered anymore. It will break the OTA process since the updater will not detect the build properly.. many banking apps are triggered like this (when using crDroid, LineageOS, etc..) and some of these apps are triggered by simpl using Xiaomi.EU for sure (but eliminating every xiaomieu and xiaomi.eu will cause an unbootable state - at least according to my experiments.. YMMV)..2
Welcome on board!
At first: If you use lsposed, zygisk may be detectable again.
Without(!) lsposed the following are my results:
Payback is not detecting zygisk!
(1) Payback IS(!) working with unlocked bootloader, StockRom(!), no root, but due to the unlocked bootloader no Device-Integrity.
(2) Payback IS(!) working with unlocked bootloader, StockRom(!), Magisk 27(hidden), active zygisk, Shamiko 1.0.1 (Google GMS, Payback — and other apps — on denylist, denylist not enforced), PlayIntegrityFix 15.9.7 by Chiteroman.
In THESE two configurations Payback works!
But...
(3) Same device: unlocked bootloader, CustomRom (LineageOS 17/18/19 or 20), NOT rooted, nothing else installed, and: Payback does NOT work.
(4) Changed to the second (rooted) scenario, but only changed from StockRom to CustomRom, and: Payback does NOT work.
So... Payback does not check the status of the bootloader.
Payback even does NOT check Device-Integrity (It works with StockRom and unlocked bootloader without root and without Device-Integrity).
With the usual way (hidden-magisk, active zygisk, denylist, shamiko, playintegrityfix, but NO lsposed) Payback CANNOT detect root or zygisk (tested with use of a StockRom).
But: Payback detects the existence of a CustomRom, even without root, and refuses to work.
So, if you (or somebody else) have a solution to hide the use of a CustomRom, feel free to post the solution here. (Even Momo detects the CustomRom... and... BTW, Momo detects zygisk again, when I use lsposed.)
samhhmobil
EDIT (2024-04-19):
Due to the hint of @crok.bic below I changed just only in /system/build.prop the name of "ro.lineage.build.version" to "ro.whateveryouwant.build.version" (set whateveryouwant to any word you want, for example "hide" or "donaldduck" or "strange" or... ...)
With this small spoof Payback works not just only in the scenarios (1) and (2), but now even in (3) and (4).
Thanks again to @crok.bic2
@zgfg
Nice try, but... it doesn't work.
It creates an empty prop "ro.lineage.build.version“, but the prop itself exists.
And payback does not check the value of that prop, but checks if it exists.
So, renaming it in build.prop seems to be the safe way.
samhhmobil -
145This is a discussion and help thread for the newer versions of Magisk.
The main goal of this thread is to help users migrate to Magisk v24+
- SafetyNet
Basic integrity Pass
CTS profile match Pass
- Play Protect certification
Device is certified
Feel free to discuss or give links to other Magisk related issues.
Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds.
Please read John's State of Magisk (medium.com)
Starting with the Magisk 23 (23010) canary builds.
- MagiskHide is removed.
MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
You still have the option to Hide the Magisk app under setting.
- Magisk Module online Repo is removed.
The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.
- Everything SafetyNet is removed.
This includes the SafetyNet check that was incorporated into the Magisk app.
- Zygisk is introduced.
Zygote + Magisk = Zygisk
- The Deny list replaces the Hide list.
The Hide list (more or less) hid Magisk from the process on the list.
The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.
Starting with the Magisk 23 (23017) canary builds.
- Magisk supports update channels per module.
Each module can include it's own update link.
- Hide Magisk offline.
You do not need internet connection to rename (repackage) the Magisk app.
What does this mean?
Not much.
It is just the next step in Magisk's development.
Zygisk is a big step forward.
Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share.
Jump to PostMagisk - Modules - Apps - Force Basic Attestation - Basic Attestation - Adjust Prop values - Notes - Points of Interest
This is post will be updated once Magisk v24 is released.74MagiskThe Magic Mask for Android.
Magisk Links:
GitHub
- Installation Instruction
- Frequently Asked Questions
- Magisk Documentation
- Magisk Troubleshoot Wiki (by Didgeridoohan)
Download Links:
Stable and Beta releases.
Canary
- GitHub
Thenotes.mdfile is the change log.
Theapp-debug.apkis Magisk canary.
Click onapp-debug.apkand choose View Raw or click on the Download option.
Credits:
topjohnwu
All who contribute and support this project.62Modules
MagiskHide Props Config
This module allows you to add, change and adjust prop values systemlessly using Magisk.
MagiskHide Props Config Links:
Download Links:
Credits:
Didgeridoohan
All who contribute and support this project.
Universal SafetyNet Fix
It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
This 'trick' has been implemented properly into quite a few custom roms.
For custom roms that do not include it and/or stock roms, he turned it into a module.
Universal SafetyNet Fix Links:
Download Links:
Credits:
kdrag0n
All who contribute and support this project.58Apps
Fox's Magisk Module Manager
This app allows you to manage and install Magisk modules.
Including from an online repo.
Fox's Magisk Module Manager Links:
Download Links:
Credits:
Fox2Code
All who contribute and support this project.
Play Intergrity API Checker
This app shows info about your device integrity as reported by Google Play Services.
If any of this fails could mean your device is rooted or tampered in a way (for example you have an unlocked bootloader).
Development:
Download Links:
Credits:
1nikolas
All who contribute and support this project.
YASNAC - Yet Another SafetyNet Attestation Checker
YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.
YASNAC Links:
Download Links:
Credits:
RikkaW
All who contribute and support this project.49Force Basic Attestation
Newer devices are designed to support hardware attestation.
Currently there is no way to hide the sensitive device properties when checked using hardware attestation.
To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
SafetyNet will then fall back to check using basic attestation.
Note:
This method will work for devices that support hardware attestation and devices that do not.
- Enable Zygisk.
- Install the USNF module.
- Reboot
To keep posts short, the instructions are hid by spoiler tags.
If you have not installed Magisk.
Follow the installation link in the Magisk post.
Download the Universal SafetyNet Fix module.
Download link is in the Modules post.
- Enable Zygisk
- Open the Magisk app.
- Go to Settings.
- Scroll down to the Magisk section.
- Toggle Zygisk on.
- Go back to the Magisk Home screen.
- Go to Modules.
- Select Install from storage.
- Navigate to the Universal SafetyNet Fix module zip file and select it.
- Reboot.
The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
Depending on the device and system (ROM) configuration, you might need to adjust a few more.
See the Adjust Prop values post. - SafetyNet
