• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Magisk General Support / Discussion

Search This thread
Thank you, dear!
Nice, decent, people like you are always a pleasure to deal with, make up the heart of a welcoming community!


But I haven't: Magisk (20418) is dealing with my files in a manner that I cannot edit files in place. A question "Which file do I have to edit (in a Magisk 20418 environment) to make permanent changes to /a/b/c/d.xml ist clearly a Magisk-related question.




Have a great day, dear fried!
You either may edit a overlay (in /data/adb/modules/any-name/system/ or edit the file in filemanager of TWRP.
You may also flash your ROM again (dirty flashing should be enough).
 
  • Like
Reactions: xdarasc

ms_office_95

Member
Nov 2, 2019
33
3
RIP
My bank doesnt even care about root only the Google Pay portion.
McDonalds on the other hand nope cant have rooted Big Macs
Hardware level for me.. Samsung Note 9 (SM-N9600) Snapdragon
 

pndwal

Senior Member
Interesting ZDNet article re EncroChat criminal encrypted chat use. Didn't see connection with dual boot phones, but I'm guessing these were issued to subscribers?

Of course, my query is whether there is any potential for a phone to boot both stock ROM with locked bootloader, and a custom OS with SU privileges / rooted (using dual bootloaders or other mechanism) in order to satisfy Googles security model and allow users to have an environment for apps requiring SafetyNet pass, as well as an OS with root privileges granted on the one device. It had no relation to encryption use or misuse, either end to end, or on device. But thanks for the info. :good: PW

Edit: Googling 'aquaris bq dual boot' turns up info re forensic investigation of these devices w/ dual OSs, one requiring special key combo to boot, and the other apparently a 'cover' to hide the existence of the first. As one investigator said, "something stinks", despite being unable to get past lock at that point... Interesting, if OT.
 
Last edited:
  • Like
Reactions: dr4go

zgfg

Senior Member
Oct 10, 2016
5,730
3,181
Thank you, dear!
Nice, decent, people like you are always a pleasure to deal with, make up the heart of a welcoming community!


But I haven't: Magisk (20418) is dealing with my files in a manner that I cannot edit files in place. A question "Which file do I have to edit (in a Magisk 20418 environment) to make permanent changes to /a/b/c/d.xml ist clearly a Magisk-related question.




Have a great day, dear fried!
Thank you, you are indeed nice and polite.
I don't see how is it Magisk fault but anyway

- If you debloated by ADB, you can try to re-enable it. Depending on did you disable or uninstall WebView for default user, one of the two adb commands should work:
>> adb shell pm enable com.google.android.webview
or
>> adb shell cmd package install-existing com.google.android.webview

- If you debloated by some other tool/method, ask its developer how to revert (usually they don't care and will point you to their termonuclear war disclaimer).
People tend to debloat apps and services not knowing what for are they used by system or other apps

- There was a Magisk module for disabling WebWiew. Not only that it caused me a bootloop when I tried long ago, but uninstalling the module did not reinstall WebWiew (but that is not Magisk fault) - I had to 'update' my firmware to get the WebView back

- Data partition is not restricted by SAR, but system maybe overwrites/updates the given XML file on boot, and thus you loose your manual changes

Btw, you can try to install/update Android System WebView from Playstore or ApkMirror (it will install as user app, not the system app, but it should work)
 
  • Like
Reactions: xdarasc

zgfg

Senior Member
Oct 10, 2016
5,730
3,181
Interesting ZDNet article re EncroChat criminal encrypted chat use. Didn't see connection with dual boot phones...
First link was wrong and I have corrected in the mean-time to:
https://news.sky.com/story/encrocha...criminals-get-their-encrypted-phones-12019678

I was also not sure what dual-boot had with (criminals used that 'criminal' boot for their criminal activities) but it was described in those or other related articles: normal boot served to avoid suspicion if they had to give the phone to an officer for inspection

Btw, their 'business' boot seems it was developed on Ubuntu, being fully Google-free
 

pndwal

Senior Member
First link was wrong and I have corrected in the mean-time to:
https://news.sky.com/story/encrocha...criminals-get-their-encrypted-phones-12019678

I was also not sure what dual-boot had with (criminals used that 'criminal' boot for their criminal activities) but it was described in those or other related articles: normal boot served to avoid suspicion if they had to give the phone to an officer for inspection
Yes, I gathered /read that after googled your terms. See my last post edit (at end). Will check your sky news link too.
Btw, their 'business' boot seems it was developed on Ubuntu, being fully Google-free
Interesting... PW

Edit: Sky News article is interesting too...The dual boot devices seem relatively old however.

Not sure if new partition regimes (dynamic) lend themselves to dual bootloaders also, for our purposes.
 
Last edited:

xdarasc

Member
Nov 13, 2017
24
6
>> adb shell pm enable com.google.android.webview
>> adb shell cmd package install-existing com.google.android.webview
Thank you!
These methods fail same as replacing (or vi-ing) the file - they don't survive a reboot


you can try to install/update Android System WebView from Playstore or ApkMirror (it will install as user app, not the system app, but it should work)
This fails bc. tha app is "disabled" - so no [INSTALL]-button.


So, unfortunately, the actual question remains:
How to edit or replace a file in the /data/system path (and subfolders) after booting into a Magisk-ed Android Pie (so that the change survives a reboot)?

I've got some Linux-CL experience - so any working procedure is welcome.



P.S. I've got the standard boot loader, can't (don't like to) install TWRP bc that required a different kernel (my device uses dm-verity).

edit: P.P.S. I used Titanium Backup to freeze it. But actually it's really just to edit that single file - if Magisk only let me ;)
 
Last edited:

akhil093

Senior Member
Jun 22, 2013
211
275
Los Angeles C.A
One interesting thing I noticed, magisk hide doing it's job greatly. Cts failing due to hardware backed attestation but banking apps still working "as long as they are included in magisk hide list". I tried removing them from magisk hide list and those apps knows safteynet status that it's failing and they refuse to work but once I put them in magisk hide list, they works. I guess magisk hides is a kind of another layer of "security" for us which hides root status from all apps even if safteynet fails (though it can't hide that from google play services itself). I wonder if in coming days, these apps will still works under "magisk hide" or as some people saying google will flick some kind of switch that will expose our status even for apps under magisk hide.
 

bunklung

Senior Member
Mar 20, 2011
519
105
Response from the second phone will not match the challenge from the first.
The method is by far from being so primitive/easy to break

I'm not using GPay (and my banking app is not affected) hence I'm not that much concerned about, but once CTS Profile started to fail, soon I obtainef Device not certified in Playstore

It can take time to sync. If you want Device not certified faster, you can provoje it by deleting Data for Google Play Store and Services ?

If the devices goes uncertified, will apps stop working/updating?

Will we be able to apply for an exception here:
https://www.google.com/android/uncertified/
 
  • Like
Reactions: HippoMan

zgfg

Senior Member
Oct 10, 2016
5,730
3,181
Thank you!
These methods fail same as replacing (or vi-ing) the file - they don't survive a reboot



This fails bc. tha app is "disabled" - so no [INSTALL]-button.


So, unfortunately, the actual question remains:
How to edit or replace a file in the /data/system path (and subfolders) after booting into a Magisk-ed Android Pie (so that the change survives a reboot)?

I've got some Linux-CL experience - so any working procedure is welcome.

P.S. I've got the standard boot loader, can't (don't like to) install TWRP bc that required a different kernel (my device uses dm-verity).

edit: P.P.S. I used Titanium Backup to freeze it. But actually it's really just to edit that single file - if Magisk only let me ;)
I have SAR Android 10, Magisk, and Hiper Scientific Calc app installed.
With MiXPlorer I made a copy package-restrictions.bak, and in the original package-restrictions.xml changed the line:
<pkg name="cz.hipercalc" ceDataInode="9136" />

to:
<pkg name="cz.hipercalc" ceDataInode="9136" inst="false" stopped="true" nl="true" />

When I rebooted the bak file was still in /data/system/users/0 as well as the xml file with my change!!!

And indeed, the application HiperCalc (calculator from Playstore) was lost from the home screen and app drawer as well as from Settings/Apps - just like if I would have used ADB:
>> adb shell pm uninstall -k --user 0 cz.hipercalc

Then I removed xml file with my change, and renamed the bak copy to xml and rebooted

Then I edited the xml file to made a change:
<pkg name="cz.hipercalc" ceDataInode="9136" inst="true" stopped="false" nl="false" />

Rebooted and Hiper Scientific Calc was again present in the drawer (I had to put it back also th Home screen)

Interestingly, when I opened xml I found that the line was auto-corrected to the original form (un-needed three attributes with default values removed):
<pkg name="cz.hipercalc" ceDataInode="9136" />

All in all, changes properly survive reboot and HiperCalc was 'reinstalled/uninstalled' accordingly

IMO, you either made a mistake while editing, or something is wrong with your root explorer/editor or Titanium made more changes making the WebView not available

You can try all without Titanium, for some other app, and by using MiXPlorer

---------- Post added at 04:54 PM ---------- Previous post was at 04:30 PM ----------

If the devices goes uncertified, will apps stop working/updating?

Will we be able to apply for an exception here:
https://www.google.com/android/uncertified/
User certification (if still available) applies to custom ROMs - if you have one, you can try

Stock ROMs must be certified by vendors. But I don't see it could help, CTS is failing due to hardware attestation finding bootloader unlocked

Eg, I have regular stock firmware, certified (hence Basic Integrity passing), but since of the recent change on Google side, CTS is failing
 
  • Like
Reactions: xdarasc

JudgeDread11

Senior Member
Aug 17, 2014
881
500
Ao Nang, Krabi
One interesting thing I noticed, magisk hide doing it's job greatly. Cts failing due to hardware backed attestation but banking apps still working "as long as they are included in magisk hide list". I tried removing them from magisk hide list and those apps knows safteynet status that it's failing and they refuse to work but once I put them in magisk hide list, they works. I guess magisk hides is a kind of another layer of "security" for us which hides root status from all apps even if safteynet fails (though it can't hide that from google play services itself). I wonder if in coming days, these apps will still works under "magisk hide" or as some people saying google will flick some kind of switch that will expose our status even for apps under magisk hide.
It depends on what the app looks for.
If they don't use safety net and just look for root then Magisk will be able to hide that. But if the app uses safety net Magisk won't be able to hide it.
My banking app doesn't use safety net and only checks for root. I have no been paying safety net for a long time, before it's was hardware backed. But my banking app just works.
 

xdarasc

Member
Nov 13, 2017
24
6
You can try all without Titanium, for some other app, and by using MiXPlorer
Thank you again for your help and especially the time you invested!

I tried Titanium, SD-Maid and SystemSettings|App_Management to Defreeze by app as well as Total Commander to replace the file as well as 'vi' in shell to directly edit it. All to no success.

I tried this MiXPlorer - a nice one (especially allowed editing, what TC doesn't). Unfortunately to no success.



So yeah, maybe my system is ****ed up (though it's a stock Xiaomi that I only Magisk-ed).
Anyway: Many thanks for your tries to help!
 

papoy1019

Senior Member
Jan 19, 2018
165
39
Anybody has the same problem with me? I wanted to hide magisk manager, but it says it failed. Im on android 10 miui. Canary build by the way.

Any workaround?
 

zgfg

Senior Member
Oct 10, 2016
5,730
3,181
So yeah, maybe my system is ****ed up (though it's a stock Xiaomi that I only Magisk-ed).
Anyway: Many thanks for your tries to help!
Strange, mine is also Xiaomi (Mi 9T), stock MIUI 11 (global-eu), with Canary Magisk

NP, I just learnt how adb shell pm uninstall -k --user 0 ... reflects to /data/system/users/0/package-restrictions.xml

I'd similarly like to learn how/where to adb shell pm disable-user ... makes its changes

---------- Post added at 05:58 PM ---------- Previous post was at 05:43 PM ----------

Anybody has the same problem with me? I wanted to hide magisk manager, but it says it failed. Im on android 10 miui. Canary build by the way.

Any workaround?
You disabled Play Protect before hiding (you can re-enable later)?
 

J.Michael

Recognized Contributor
Jan 20, 2018
850
709
Samsung Galaxy Tab A series
Thank you again for your help and especially the time you invested!

I tried Titanium, SD-Maid and SystemSettings|App_Management to Defreeze by app as well as Total Commander to replace the file as well as 'vi' in shell to directly edit it. All to no success.

I tried this MiXPlorer - a nice one (especially allowed editing, what TC doesn't). Unfortunately to no success.



So yeah, maybe my system is ****ed up (though it's a stock Xiaomi that I only Magisk-ed).
Anyway: Many thanks for your tries to help!

Does the way you edit leave a ".bak" file? @zgfg's experience *could* be explained by the file being reverted in the absence of a ".bak" file. (The automatic deletion of unnecessary attributes could also have been the complete reversion of the file.)

Magisk has some facility for running scripts during boot. If one of the options is between the /data filesystem being accessible, and the point at which this .xml file is processed, you might be able to squeeze in an update.

I have Android System WebView in my Apps, under Settings. It is labelled "disabled", with a grayed out "Enable" button, and an apparently available "Force stop" button. (I don't know what it is. I don't remember why I might have disabled it. I don't have the nerve to see what happens if I stop it.)
 
  • Like
Reactions: xdarasc

zgfg

Senior Member
Oct 10, 2016
5,730
3,181
Does the way you edit leave a ".bak" file? @zgfg's experience *could* be explained by the file being reverted in the absence of a ".bak" file. (The automatic deletion of unnecessary attributes could also have been the complete reversion of the file.)

Magisk has some facility for running scripts during boot. If one of the options is between the /data filesystem being accessible, and the point at which this .xml file is processed, you might be able to squeeze in an update.

I have Android System WebView in my Apps, under Settings. It is labelled "disabled", with a grayed out "Enable" button, and an apparently available "Force stop" button. (I don't know what it is. I don't remember why I might have disabled it. I don't have the nerve to see what happens if I stop it.)
Read my post, I first tested with making a bak file (where package was not disabled) and making a change in xml file, rebooting kept both xml and bak exactly as I left them (different one to another) before rebooting

Later I moved bak to Internal mem, Download and tested more - leaving bak file or not on Data did not matter for my results
 

GirishSharma

Senior Member
Feb 19, 2015
537
118
Ajmer, Rajasthan
I was running Mi 9 Cepheus MIUI 11.0.9 with locked boot loader. I Unlocked bootloader. Installed TWRP because I was not getting OTA. After unlocking bootloader and installing TWRP, by chance very next day I got OTA. I downloaded OTA, tried to install OTA with TWRP, but custom recovery do not flash stock ROM, so it failed to install OTA. Installed magisk 20.04 and installed boot image by removing root. OTA flashed successfully and now I am running MIUI 12.0.1 but I lost root and twrp. Again I flashed twrp, magisk. Everything works fine but now ctsprofile is false. Earlier ctsprofile and basicIntegrity both were true. So, this is my history.

Now, I don't how do I make ctsprofile true.
 
Last edited by a moderator:

zgfg

Senior Member
Oct 10, 2016
5,730
3,181
I was running Mi 9 Cepheus MIUI 11.0.9 with locked boot loader. I Unlocked bootloader. Installed TWRP because I was not getting OTA. After unlocking bootloader and installing TWRP, by chance very next day I got OTA. I downloaded OTA, tried to install OTA with TWRP, but custom recovery do not flash stock ROM, so it failed to install OTA. Installed magisk 20.04 and installed boot image by removing root. OTA flashed successfully and now I am running MIUI 12.0.1 but I lost root and twrp. Again I flashed twrp, magisk. Everything works fine but now ctsprofile is false. Earlier ctsprofile and basicIntegrity both were true. So, this is my history.

Now, I don't how do I make ctsprofile true.


Check your post - everything is double. Edit/delete

CTS is failing because Google has changed CTS attestation method. You can't do anything - Google detects that Bootloader is unlocked and CTS Profile then fails

Read more in the general Magisk thread
 
Last edited by a moderator:

Top Liked Posts

  • 3
    I'm not noticing any problems either. Was just making a PSA for anybody who does use Riru that it's not going to work anymore, and it's not a bug -- it was intentionally disabled. People are freaking out in the alpha Telegram over the "bug," and I wanted to head that off over here
    Yup, looks like w/ a0fe78a7-alpha (maverick 😜) users needing any Riru solutions are out of luck.

    I'm guessing many of these modules will move to Zygisk base in due course.

    Those using needing USNF 2.x for September Google server end change can move back to 1.2.0 and older fixes changing model props. MagiskHide Props Config module Force Basic attestation option with similar late 'device selected from list' matching OEM configured is probably the best of these option. PW

    Screenshot_2021-09-25-09-21-04-544_com.topjohnwu.magisk.png
    Screenshot_2021-09-25-09-25-37-464_com.topjohnwu.magisk.jpg
    2
    Tried newest alpha, zygisk = No, ramdisk = yes, denylist(s) active and running (weird)
    Reverted to 0ab31ab0-alpha, zygisk = Yes...
    For now i'm happy with 9bf835e8-alpha
    Interestingly, I had such issues with 0ab31ab0-alpha with Riru enabled, but issue is gone for me in 61783ffc-alpha...

    You could try disabling Riru & USNF 2.x, rebooting, checking Zygisk status / settings, then enabling again; I needed this initially - actually uninstalled USNF, disabled Riru and rebooted before installing again... No issue since on RN8T.

    Of course this may be a per device issue.

    John and vvb2060 are still busy with implementation of Zygisk; this may help in next builds:
    https://github.com/topjohnwu/Magisk/pull/4720
    ... merged with Commits on Sep 24, 2021:
    https://github.com/vvb2060/Magisk/commits/app_zygote
    ... there'll be more too. PW
    2
    Interestingly, I had such issues with 0ab31ab0-alpha with Riru enabled, but issue is gone for me in 61783ffc-alpha...

    You could try disabling Riru & USNF 2.x, rebooting, checking Zygisk status / settings, then enabling again; I needed this initially - actually uninstalled USNF, disabled Riru and rebooted before installing again... No issue since on RN8T.

    Of course this may be a per device issue.

    John and vvb2060 are still busy with implementation of Zygisk; this may help in next builds:
    https://github.com/topjohnwu/Magisk/pull/4720
    ... merged with Commits on Sep 24, 2021:
    https://github.com/vvb2060/Magisk/commits/app_zygote
    ... there'll be more too. PW
    I have tried w/o any modules
    Toggled the zygisk button to enable, reboot, zygisk = No, but the button in settings stayed as toggled on, checked the logs, no trace of zygisk

    Tried toggled on and added denylist, reboot, zygisk = No, checked the logs, still no trace of zygisk, but the denylist ran and active.

    Reverting to 0ab31ab0-alpha, boom!!! zygisk = Yes, checked the logs, zygisk xhook was there.

    Tried all alpha before 0ab31ab0-alpha too (with zygisk in it), all the same result with zygisk xhook ran.

    ...running weirdly? or it is weird that they are running?
    It was weird they were running but with no zygisk
    2
    For me everything ok (I don't use and need riru): root, SN, V4A, WebView, you name it
    I'm not noticing any problems either. Was just making a PSA for anybody who does use Riru that it's not going to work anymore, and it's not a bug -- it was intentionally disabled. People are freaking out in the alpha Telegram over the "bug," and I wanted to head that off over here
    1
    So guys after tests I have to find out how I add squashfs support on twrp, cause I can't do much, what I saw is that when I rebooted to system magisk was not working like the first place, tried to boot to twrp and guess what, it booted to stock recovery, how? I didn't flash the stock recovery, I searched and I find out that when it booting to system everything I has flash goes back to stock, for this magisk don't work when I trying to boot with combo key, everything goes back to stock without flashing, so the patched recovery from magisk goes back to stock while booting, I will make more research!
    Behaviour is pretty standard w/ stock ROMs (eg MIUI):
    Note many devices will replace your custom recovery automatically during first boot. To prevent this, use Google to find the proper key combo to enter recovery. After typing fastboot reboot, hold the key combo and boot to TWRP. Once TWRP is booted, TWRP will patch the stock ROM to prevent the stock ROM from replacing TWRP. If you don't follow this step, you will have to repeat the install.
    https://twrp.me/xiaomi/xiaomimi9tpro.html

    Nb. as mentioned, installing Magisk zip installer from TWRP will only succeed if bootloader contains 'boot' ramdisk support to allow basic ramdisk added by Magisk to be utilised... Of course you may be considering other custom recovery tricks. 😛 PW
  • 44
    OK. AIO solution. Modded "Universal SafetyNet Fix" module. Just added "model" props.
    17
    So, new layer of HARDWARE detection is here.
    SafetyNet failed on devices, where must bee HARDWARE detection. GMS no longer check system response of evaluation type, and force check HW. USNF doesn't work in this cause.
    Hm, funny things happening. I was thinking this is upgrade of HW attestation, but it is DOWNGRADE actually. 😄

    Remember my old first simple digging into HW?
    It`s..... working again.

    Looks like a temporary solution or just "combo" of old and new methods from Google.
    This explains the fact that dirty hack with Xposed-s working now.

    So, this current environment may be temporary or preparation for something BIGGER.

    In conclusion: in this time to passing SafetyNet you need just my old "hardware_off" module from link above or "MagiskHidePropsConf" with any "BASIC" print with model simulation and kdrag0n-s "Universal SafetyNet Fix".

    No ***-posed-s need!
    16
    Few Headsups:

    1) There are reports that Danny's (@kdrag0n) new early release Universal SafetyNet Fix 2.0.0 (combines AOSP Keystore and shim Keystore solutions) is restoring ctsProfile for some. It just may work for all, but not enough reports as yet. Also, it requires a payment at this stage:
    https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/post-85581909

    https://github.com/kdrag0n/safetynet-fix/pull/13#issuecomment-904209677

    2) There are reports that simply using MagiskHide Props Config module to 'delete' ro.product.model prop fixes ctsProfile on custom ROMs where other methods have failed. Eg:
    https://github.com/kdrag0n/safetynet-fix/issues/78#issuecomment-912885628

    3) New MagiskHide Props Config module 6.0.0 just released with all the sensitive prop values that MagiskHide changed up to and including Magisk v23 set by default, "Force BASIC key attestation" re-enabled (for Googles latest changes), and various other fixes.
    https://forum.xda-developers.com/t/...p-edits-and-more-v6-0-0.3789228/post-85581939

    I have to agree that this module's name does suddenly seem very apt, and as always, it proves elegant in its versatility. 😛👍

    4) Another elegant solution that some may have relegated to a bygone era seems to be coming back in fashion to!

    Those with Google Pay problems persisting after fixing ctsProfile are reporting in GPay threads, here and elsewhere, that GPay-SQLite-Fix + SQLite binary modules from stylemessiah (a connoisseur at least in digital fashion ... or perhaps just lucky, our @73sydney, - original solution from @BostonDan ) is fixing these for them once again. 😜 Eg:
    https://github.com/kdrag0n/safetynet-fix/issues/78#issuecomment-912798412

    WOT 😉 to read if interested:
    https://forum.xda-developers.com/t/...s-of-gms-17-1-22-on-pie.3929950/post-79643248

    🤠 PW
    15
    ro.product.model was enough for my OP8T, but I didn't like how Google Play Services started referring to my device as "OnePlus BASIC" with the "hardware off" module, so I knocked together this module really quickly to just append _SN to the real model name. WFM. 🤘
    14
    Removed the @Displax safety net mod fix and applied the latest USNF 2.1.0 from @kdrag0n.

    Attestation is passed and device is compliant in company portal too with my original device name 1+8 Pro and not Pixel.

    This is done over the latest Alpha Magisk.

    Update: My In-display fingerprint hardware is not working anymore, I think the fix is already committed. Hopefully it will be resolved in the next version.
    Yep, I have sent a Pull Request with the fix like an hour after v2.1.0 was released. 🤠

    See my post here in the official USNF thread for getting it working in the meantime until it's merged and a new release is made: https://forum.xda-developers.com/t/...tynet-fix-1-1-0.4217823/page-59#post-85631613

    Also may be worth everyone reading my comments at the end of that post about people doubting the sponsored testing closed-then-open development.

    And then here on this GitHub issue about how it's not meant to replace MagiskHide so you can't just turn Hide off: https://github.com/kdrag0n/safetynet-fix/issues/91#issuecomment-919264624
  • 1064
    This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases.
    All information, including troubleshoot guides and notes, are in the Announcement Thread
    156
    Hello, I haven't given much support on XDA lately. It can be resulted from
    • University started and I have limited free time. In fact, I mostly develop during midnight
    • I live in Taiwan, which has large time zone differences between my European/American contributors/testers, which usually forces me to stay up late at night to discuss/test stuffs.
    • The new version is about to come, I don't want to spend effort on supporting old releases
    The planned update is delayed again and again, to some point I think I'll shed some light about what has been happening lately, also along with some announcements.

    New Forum!
    As you might have already discovered, Magisk got its own subforum on XDA! Many thanks to all the support you gave me, and much more information/features/support is about to come!
    **For developers supporting all the devices that are not using standard Android boot format, feel free to create threads in this section (actually, PLEASE do so) for your favorite devices after v7 is out. As I currently know, Asus devices require signing the boot image before flashing, and is model dependant; Sony devices seems to use ELF kernel that is unpatchable, or some has two ramdisks (inner + outer), both requires different workarounds; LG bootloader locked devices has to manually "BUMP" the boot image after flashing Magisk..... and there may be lots of other crazy boot image formats that haven't come up to my attention yet.
    It is impossible for me to support all these non-standard boot images, and I hope the community can collaborate to make Magisk running across all the devices. Overall, community collaboration is what XDA about :D

    The Pixel Phone
    Some of you might already know this news, that the next Pixel Phone right around the corner seems like it does not have ramdisk in boot image, which pretty much wrecked Magisk in all ways. However, it pretty much doomed root itself too. Kernel modifications is inevitable IMO, so I'll try to migrate my scripts to C programs that could possibly be included into the kernel itself. Note that I'm not familiar with linux kernel, I'm not even sure if my idea and concept is correct or not. But once the device is available, I think developers will find a way to bypass all the difficulties, and I'll do my best to learn things ;)

    Current Progress
    In the past month, I've spent quite some time learning SELinux, so that I can avoid using SuperSU's sepolicy patches. Thanks to the helps and tips from @phhusson and @Chainfire, I finally have a much clearer understanding of how SELinux works. The Magisk core parts (the scripts, boot image patches, new features, more supports) are actually done some time ago. What is causing all the delays is the Magisk Manager.
    To be completely honest, although I can code in Java without much issues, Magisk Manager is actually my first Android application, I had to reach out for assistance, and fortunately awesome developers like @DVDandroid and @digitalhigh contributed a lot, which makes the current Manager awesome.
    After the repo system and module management is mostly done, I was about to do some adjustments and release, but what we really done is decided to add another feature: auto-unroot with per-app settings. I decided to wait for it to be finished, and then do my adjustments. Due to reasons that'll be mentioned later, this feature will likely not be available for the next release (should come in future updates)

    Safety Net Disaster
    Those who are using Magisk for Safety Net bypass purposes must have known that Google recently updated the detection method of my Systemless Xposed. I still have no idea what Safety Net is detecting, so currently I cannot fix it on my side (also because I'm busy working on the next update). However, suhide developed by @Chainfire is able to hide Xposed and worked fine.
    However, only my Systemless Xposed v86.2, which is based on SuperSU's su.d, is supported using that method. v86.2 and v86.5 (latest, Magisk based) have nearly identical binaries, and the only difference is the path where the binaries are stored.
    I'm still not sure what's the real issue for it not being supported, I just hope it is not done intentionally.

    Conclusion
    Due to the fact that my Safety Net bypass is not 100% perfect now, I do not want to spend any more time waiting for auto-unroot to be polished. What I'm doing now is finishing up all the things I'd like to change in Magisk Manager (it has been a while since I last contributed to Manager, my fellow developers are doing all the heavy job), which might take a little more time, after that, packed with tons of information to be announced in Magisk Section, I'll release the long awaited update.

    Hope this lengthy post gives you the idea of the whole situation, and again thanks for all your support!!
    121
    Ah, some Chainfire bashing, I hope it is not too late for me to exercise additional villainy.

    First, let me make clear I have nothing against @topjohnwu, nor against Magisk. Magisk is an interesting project and it certainly displays @topjohnwu ingenuity and persistence. I don't doubt we will see more interesting things from his hands.

    -------------------------

    What has happened here is not all that dark and complicated, from either end. I returned from holidays, and someone pointed me at Magisk. My first thought: interesting!

    Among other things, the thread lists some issues with SuperSU, which in combination with the phrase The developer also requests users to not bug Chainfire with compatibility requests for SuperSU with Magisk from the portal article, raised my left eyebrow by nigh half an inch. The popular systemless xposed mod is apparently now based on it, and apparently it now no longer works with SuperSU, and apparently I'm not supposed to fix that, nor any of the other found issues. I found that a bit weird. So yes, I have told @topjohnwu that I was a bit surprised he was posting about issues with SuperSU without notifying me about them (I can't fix or help fix issues I'm not aware of, after all).

    He's also spreading a modified version of the SuperSU package, which is not all that uncommon, nor necessarily a problem. I have not looked into what he modified, I only ran a few quick tests on one of my devices, and found some commonly used commands run as root to be broken. I have informed him of this as well.

    It appears the tool of choice for Magisk is phh's Superuser, because of some of the mentioned issues with SuperSU. That's fine by itself, but fixing issues in that superuser by incorporating SuperSU's binaries into it is a somewhat questionable practise. After all, SuperSU is a commercial closed-source package that helps pay for my dinner, and superuser is a direct competitor. I have informed him that I was surprised he did this without asking for permission. I have expressed similar surprise on him spreading a modified version of LiveBoot (which helps pay for a snack now and then).
    @topjohnwu has also stated that Magisk's scripts are largely influenced by mine (I have not checked). Scripts based on mine are used all over the place on XDA, some people have crafted amazing things based on them, I have never made an issue of this (otherwise I would have just made them binaries). But yes, I have also stated to him that I don't think it's very nice to base something on one program, and then using that to (almost exclusively) push something directly competing with that program.

    tl;dr Towards @topjohnwu, I have:
    - expressed surprise he has issues getting Magisk to work with SuperSU, and has chosen not to inform me about those
    - expressed surprise he is using SuperSU binaries in a competing superuser without permission
    - expressed surprise he is posting a modified LiveBoot without permission
    - informed him of issues with the modified SuperSU he has posted
    - let him know I thought it wasn't very nice to be applying my scripts to benefit seemingly exclusively that same competing superuser

    To be crystal clear:
    - I have not asked for an apology
    - I have not asked for Magisk to be abandoned, neither the root hiding nor systemless module parts, and certainly not systemless xposed
    - I have not made an issue of any of this anywhere, until this post
    - I have not even specifically asked for anything to be taken down (though obviously in my opinion the other superuser package mixed with SuperSU's binaries, as well as the LiveBoot package, should go)
    - I have not reported this thread to XDA moderators for copyright violations or otherwise

    While my conversation with @topjohnwu may not win any awards for being friendly (though it may win some for brevity), I think all things considered my response has been rather mild. To be perfectly honest, until the apology post, I thought this was over with already. I think the apology post was triggered because I haven't replied to his last PM for a while - I was in the zone, it happens.

    To emphasize again, I have nothing against @topjohnwu, Magisk, or systemless xposed, and it is certainly not my goal to see any of them go. If it can be made to work together with SuperSU, great.

    I get it though: you think of something, you want to see if you can make it work, you finally get it to work, you publish it, it takes off - enthusiasm gets the better of you. Maybe in the rush some mistakes are made. That doesn't mean you have to just drop it and run. None of my stuff would make it past 0.1 if I stopped at the first big mistake :)

    Aside from said being in the zone coding, I usually regret actually responding to these sort of things the day after, which has made me hesitant to reply. Surprise me.
    76
    Thread temporarily closed so everyone sees this.

    The flood of "SafetyNet isn't working for me either!" posts are not helpful, at all. Please refrain from posting further, it will be looked into. Please do not forget that not passing SafetyNet is 100% NORMAL AND INTENDED when you have an unlocked booloader or running custom firmware. These are workarounds and they will be worked around in turn.

    The Flash
    Forum Moderator

    EDIT: Thread is reopened... I will be cleaning any SafetyNet posts for a while to keep the thread clean for real issues.
    75
    Hello everyone!

    I am aware that Google has updated Safety Net that makes Magisk itself a no go for Android Pay. In fact, I witnessed the change live while I am developing the new magiskhide, which should hide all Magisk modules and Magisk installed root.

    Google is serious about Safety Net now, clearly hunting down all possibility to run Xposed with Safety Net passed. I spend quite some time examining the new security measures last midnight, and fortunately it seems that it is possible to run Magisk and root along with Safety Net if no Xposed is running. I'm glad I removed the old root toggle at the right time lol, that is no longer feasible with the latest detection.

    So stay tuned for the next update, it will come with bug fixes, along with the new magiskhide to bypass that Safety Net.

    Google, how will a few systemless mods do any harm :p:p