• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Magisk General Support / Discussion

Search This thread

pndwal

Senior Member
Magisk Alpha

Ok, I've updated mine.

All went fine for me.

Don't expect 'Update' notice in App as mentioned, even for Magisk (mask) after App update as version has (again) NOT been changed from "1eb83ad8-alpha". Again, I'm not sure if this is intended.

[After App update, you will notice different Release Notes Changelog in Chinese for Install Magisk (mask) and Install App. Expect Install App Changelog to be updated when release package (plus json) is pushed to GitHub repository.] It's now pushed / in sync with latest.

[At present, latest package file is still not pushed to GitHub repository.] It is now available from GitHub also.

I now understand this is often released earlier to Magisk Alpha Telegram group, and sure enough it's there! (It seems Chinese community there is more aware / informed of these builds than XDA community):
https://t.me/magiskalpha
Web based preview:
https://t.me/s/magiskalpha

Nb. See this for Devs notes also.

Nb.2. In Chrome, web based preview can be translated into English.

Magisk Lite

For anyone interested in this (those wanting basic superuser privileges, and a way to hide root from bank apps that detect isolated processes), this is released to Magisk Lite Telegram group also, but latest is unavailable as yet. 😕 :
https://t.me/magisklite
Web based preview:
https://t.me/s/magisklite

Nb. See this for Devs notes / working theory / difference with respect to standard Alpha / technical details re use, functionality etc.

Eg. Dec 4 build "restores the module function and can install a separate lite module.
Requirement: After the boot is complete, zygote and its child processes will no longer read any files mounted by the module.
(Otherwise, the mobile phone will have various inexplicable problems.)"

👍 PW
 
Last edited:

pndwal

Senior Member
Since I'm unwell presently, I've been killing time checking recent commits in Alpha that may help with device compatibility issues.

One is "Support bootimg v4 format" which has been refined again in current build.

Within the commit I found interesting information on the various ramdisk types. Thought I'd share:
The vendor ramdisk section is consist of multiple ramdisk images concatenated one after another, and vendor_ramdisk_size is the size of the section, which is the total size of all the ramdisks included in the vendor boot image.

The vendor ramdisk table holds the size, offset, type, name and hardware identifiers of each ramdisk. The type field denotes the type of its content.

The vendor ramdisk names are unique. The hardware identifiers are specified in the board_id field in each table entry. The board_id field is consist of a vector of unsigned integer words, and the encoding scheme is defined by the hardware vendor.

For the different type of ramdisks, there are:
- VENDOR_RAMDISK_TYPE_NONE indicates the value is unspecified.
- VENDOR_RAMDISK_TYPE_PLATFORM ramdisks contain platform specific bits, so the bootloader should always load these into memory.
- VENDOR_RAMDISK_TYPE_RECOVERY ramdisks contain recovery resources, so the bootloader should load these when booting into recovery.
- VENDOR_RAMDISK_TYPE_DLKM ramdisks contain dynamic loadable kernel modules.
https://github.com/vvb2060/Magisk/commit/2bdd553f03a0e3989c277332e64d3f4b24f2f396

🤓 PW
 
Last edited:
  • Like
Reactions: duttyend

zgfg

Senior Member
Oct 10, 2016
5,735
3,184
Magisk Alpha

Ok, I've updated mine.

All went fine for me.

Don't expect 'Update' notice in App as mentioned, even for Magisk (mask) after App update as version has (again) NOT been changed from "1eb83ad8-alpha". Again, I'm not sure if this is intended.

After App update, you will notice different Release Notes Changelog in Chinese for Install Magisk (mask) and Install App. Expect Install App Changelog to be updated when release package (plus json) is pushed to GitHub repository.

At present, package file is still not pushed to GitHub repository.

I now understand this is often released earlier to Magisk Alpha Telegram group, and sure enough it's there! (It seems Chinese community there is more aware / informed of these builds than XDA community):
https://t.me/magiskalpha
Web based preview:
https://t.me/s/magiskalpha

Nb. See this for Devs notes also.

Nb.2. In Chrome, web based preview can be translated into English.
Since I'm unwell presently, I've been killing time checking recent commits in Alpha that may help with device compatibility issues.

Hopefully, you are doing better (must not be that bad since you are playing with Chinese Alpha👍)

Thanks for the info. Updated also my Alpha (app and Magisk) to that June 23 build from Telegram, everything as you described

Mixed filings:
- good there are updates
- good there is a support group (although only Telegram and on Chinese)
- hoping he will update to his Magisk Repo
- hoping there will be better updating scheme in the future (updated version number, updating via Alpha channel, notifications)
- hoping there will be a Github Issues tracker or so
 
  • Like
Reactions: duttyend and pndwal

pndwal

Senior Member
Re. MagiskHide / bank apps / isolated processes, John Wu said in Aug 2020:
John Wu, Aug 26, 2020

It's no secret that services with isolatedProcess enabled can easily bypass MagiskHide. People started to find out that it's quite common to be able to bypass it by simply disabling said services. Apps like Servicely can do this, do you want Magisk Manager to natively support it?

- Yes, that would be handly - 89.5%
- Nah, no moar bloat plz - 10.5%
-1,472 votes - Final results

Note that *real* solutions for hiding isolated services require either (a) Magisk-lite, aka hide by default, mount if whitelisted, or (b) hook into zygote to alter some code.

(a) will not be officially considered since this will break some modules, (b) requires a lot of work
www.twitter.com/topjohnwu/status/1298468244596985856

So there's a tip for you MagiskHiders - try Servicely! (Controls for rooted phones.)

Among other functions, "You can also disable/enable permanently any service on your device. It's useful if you have services that tend to auto-restart and keep your device awake, or if you have games sending you never-ending notifications."
https://play.google.com/store/apps/details?id=com.franco.servicely

...And we've all heard of this Dev's (@franciscofranco's)
'Franco Kernel Manager'... And he just may need some love from XDA members ATM...

Gotta love Kernel Franco's response to that Twitter post too! 🙂

I don't think we ever got 'disable services with isolatedProcess' feature, and while John did have ambitious plans to (b) 'hook into zygote to alter some code', who knows where we're at with that now?!

That leaves (a) 'Magisk-lite, aka hide by default, mount if whitelisted', which 'will not be officially considered since this will break some modules'...

This was clearly a reference to the Magisk-lite project @vvb2060 had been working on since May 2020.

In Lite, with Magisk in whitelist mode, all applications are hidden by default and only checked applications can obtain super user permissions.

It has to be said that despite the fact builds since Dec. restore "the module function and can install a separate lite module", there are still significant problems with this. As the Dev makes clear (Chinese translated):
About modules:

The Lite version does not provide support for modules. Due to the implementation principle, many modules cannot operate normally.

Technically speaking, in Magisk-Lite, files replaced or added by modules do not exist for zygote and its sub-processes (ie application processes) after the boot is completed. If a module requires these processes to read mounted files after booting, this module will cause system problems.

In order to prevent incompatible modules from damaging the system after switching from the official version, Lite has modified the module directory and the module needs to be reinstalled.

If there is a module that cannot be installed normally, cannot run normally, or causes system problems after installation, no matter how seemingly unrelated the problems, it means that the module is not compatible.

Finally, to reiterate, the Lite version does not provide support for modules.
https://t.me/s/magisklite

So it seems a way to have our cake and eat it too (ie to hide isolated process leaks from bank apps detecting them, and have normal Magisk Module functionality) is a long way off yet... However, there are still a number of things desperate bankers can try before resorting to guns! 😜

And hopefully this clarifies a few things regarding Magisk Lite. 😷 PW
 
Last edited:

zgfg

Senior Member
Oct 10, 2016
5,735
3,184
Hopefully, you are doing better (must not be that bad since you are playing with Chinese Alpha👍)

Thanks for the info. Updated also my Alpha (app and Magisk) to that June 23 build from Telegram, everything as you described

Mixed filings:
- good there are updates
- good there is a support group (although only Telegram and on Chinese)
- hoping he will update to his Magisk Repo
- hoping there will be better updating scheme in the future (updated version number, updating via Alpha channel, notifications)
- hoping there will be a Github Issues tracker or so
One more observation. With Aplha (both Jun 23 and previous May 29 builds), I can manage Magisk Hide for com.miui.security.center (MIUU Security app) through the Magisk app

It used to work also in Canary, but since v22 or v23, TJW disabled for some system apps (it was possible only through Terminal by magiskhide add/rm/ls CLI commands)

Btw, does Netflix need to be enabled in Magisk Hide?
 

Attachments

  • IMG_20210624_100753.jpg
    IMG_20210624_100753.jpg
    259 KB · Views: 52
Last edited:
  • Like
Reactions: duttyend

handy1977

New member
Jun 23, 2021
4
0
[HELP] Google pay won't work s9 plus I installed magisk on s9 plus. It won't let me use Google pay says your phone is rooted. Anyway to get the app to work. Android 10 magisk 23.

I have enabled hide and installed props config latest still i am getting phone is rooted on Google pay app.
Cts failed Eval basic Basicintegrity pass


[URL unfurl="true"]https://ibb.co/tDC4jq0[/URL]


[URL unfurl="true"]https://ibb.co/GJhZNKX[/URL]

Here some images show my settings and safetynet test EvalType Basic
 

handy1977

New member
Jun 23, 2021
4
0
Some early news

Nb. It seems Lite builds will likely be of interest only to those wanting basic superuser privileges, and a way to hide root from bank apps that detect isolated processes, at least at this stage:

Latest @vvb2060 Magisk Lite build (June 23, 2021) change log:​

Chinese Translated:

Magisk Lite​

In Magisk in the whitelist mode, all applications are hidden by default, and only the applications ticked in Hide can obtain super user permissions. adb shell automatically has super user privileges. Module function is not available.

'magiskhide add UID package name' to add super-user application
'magiskhide rm UID package name' to remove super-user application
'magiskhide ls' lists the super-user applications

Magisk (1eb83ad8-lite)​

  • Based on 1eb83ad8, please refer to the upstream update log for related modifications
  • Properly process any data from magiskd
  • Support SharedUserId
  • Delete the backup file after restoring the boot image
  • Built-in current version update log
  • Use the local version when the stub cannot be downloaded, now Magisk can be used completely offline
  • Support bootimg v4 format
  • Support bootconfig
  • Detect /data/adb/magisk/ not updated and prompt to repair
Edit:
Following are new commits:
  • Remove the disabled and pending deletion marks when upgrading the module, and it is not allowed to mark as pending deletion before restarting
  • Fix that it cannot be flashed in some TWRP
  • Modify the search order of the module sepolicy location and fix the problem that some devices do not load the module sepolicy
  • Display the modal waiting pop-up window when hiding/restore the Magisk application
https://github.com/vvb2060/Magisk/blob/lite/app/src/main/res/raw/changelog.md

My earlier notes:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85082149

Current notes:

This seems to be only partially rolled out 1hr ago, and magisk_files repo is not yet updated with package files.

I'll be sure to update here when package files have been uploaded.

😛 PW
Hi how do we download file. I see no links on the page
 

pndwal

Senior Member
Hopefully, you are doing better (must not be that bad since you are playing with Chinese Alpha👍)
Feel lousy but panadols help. Had lite cold but still got pfizer round II... Probably a bad move. Thanks for asking. 😷
Thanks for the info. Updated also my Alpha (app and Magisk) to that June 23 build from Telegram, everything as you described

Mixed filings:
- good there are updates
Yep, best thing. 👍
- good there is a support group (although only Telegram and on Chinese)
Might need to learn Chinese... at least it's Simplified Chinese! 😃
- hoping he will update to his Magisk Repo
I'm sure he will, but probably not a priority. Seems Telegram may be his official Release medium.
- hoping there will be better updating scheme in the future (updated version number, updating via Alpha channel, notifications)
Well he recently fixed commit for that:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85194479
So it appears he wants it to work.

The explanation for it not occuring now seems to be that he has named builds for the last commit synced from John Wu's master branch each time he builds.

These have all differed untill recently, but the last of John's commits was
https://github.com/vvb2060/Magisk/commit/1eb83ad812e75e775d8cd178a7a3832029cc9607 (Update Android Studio), and this has remained static since mid May.

The first 8 digits of this, 1eb83ad8, appended with '-alpha' has predictably constituted the version code for the last 3 builds, but I'm certain he could alter this protocol easily.

I imagine he will, but don't know why he hasn't yet.
- hoping there will be a Github Issues tracker or so
Yeah, but I don't know about the propriety of (or the need for) that as long as these are unofficial builds.

Actually, @vvb2060, along with @osmosis and others, have been responding to official Issues on John's GitHub since John's gone AWOL... Of course, he actually designed aspects of it, including the auto-close bot!

I'm also sure people will continue to submit issues here for the meantime, and @vvb2060 will continue to comment, create fixes and test them in his own builds as well as implement pull requests from John's GitHub in his own just as he has been doing for a year or so now.

I don't think the fact that fixes aren't presently being merged in John's builds is a real problem. Many fixes (for MTK etc) were working for / tested by users in @vvb2060's builds long before being accepted / merged into John's.

@vvb2060's close-issue bot may be a problem; users will need to report latest Canary build to get a foot in as things stand. 🙁 ... Perhaps he could tweak that?

And pull requests can still be submitted for merging in John's... And we can still hold our breath! 😛 PW
 
Last edited:

pndwal

Senior Member
Hi how do we download file. I see no links on the page
Like I said,
magisk_files repo is not yet updated with package files.

I'll be sure to update here when package files have been uploaded.
But what good will Lite do you? It breaks modules as explained... And it's entirely unnecessary for G Pay.

G Pay detects only Play Protect certification (ctsProfile/basicIntegrity SafetyNet API) currently, certainly not Isolated process leaks.

If you want to update later than official Magisk, use Magisk Alpha. PW
 
Last edited:
  • Like
Reactions: 73sydney

zgfg

Senior Member
Oct 10, 2016
5,735
3,184
Magisk Lite

For anyone interested in this (those wanting basic superuser privileges, and a way to hide root from bank apps that detect isolated processes), this is released to Magisk Lite Telegram group also, but is unavailable as yet. 😕 :
https://t.me/magisklite
Web based preview:
https://t.me/s/magisklite

👍 PW

Hi how do we download file. I see no links on the page
In today's posts from @pndwall (above) find a link to the Llite Telegram channel:

Open in Chrome, translate, locate the post with app-release.apk from May 15, click on (it will open Telegram app) and then Save to Download (just checked, checksum is the same as when I previously downloaded directly from vvb2060's Lite Github page - link and download instructions were also in an pndwall's earlier post from the beginning of June)

Since Jun 2, I did couple of tests by installing the Lite and testing the modules with (additional tricks to make many modules to DO work, but some did not) and posted about 3-4 times here to the Magisk XDA thread

Currently I'm back to Alpha (latest from the Telegram, Jun 23 build)
 
Last edited:

pndwal

Senior Member
[HELP] Google pay won't work s9 plus I installed magisk on s9 plus. It won't let me use Google pay says your phone is rooted. Anyway to get the app to work. Android 10 magisk 23.

I have enabled hide and installed props config latest still i am getting phone is rooted on Google pay app.
Cts failed Eval basic Basicintegrity pass


[URL unfurl="true"]https://ibb.co/tDC4jq0[/URL]


[URL unfurl="true"]https://ibb.co/GJhZNKX[/URL]

Here some images show my settings and safetynet test EvalType Basic
Failed SafetyNet and Play Protect 'Device is not certified' (PlayStore Settings) is your problem, aside from far too many processes hidden (search here; this causes instability).

Assuming your ROM is stock, a SafetyNet Fix module should be all that is needed, aside from toggling off all unnecessary apps in MagiskHide list, toggle off Google Play Services too, then toggle off and on again MagiskHide in App Settings and recheck Google Play Services in Hide list (only one process should be selected now, com.google.android.gms.unstable SafetyNet process). Only that and hide Google Pay app is needed to fix GPay detection. (Don't add extra processes within apps). Also, clear data in Google Play Services, Google Play Store and Google Pay after that.

Back to initial setup:
Universal SafetyNet Fix Magisk module
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/
will probably fix ctsProfile fail and work for you, but most Sammy users have issues with it. It's probably not the best available solution for 'heavily skinned' OS's like One UI as it will most likely break biometric authentication or other functions, and destabilize system because customised Keystore has been replaced with AOSP one.

A newer (experimental) fix from the same dev (shims the keystore service instead of replacing it) is now working for Sammy users (confirmed to fix S20 issues) and others with:
- some 32-bit ARM devices
- Heavy OEM skins
- Samsung One UI
- MIUI (needed for some variants only)
- Broken biometric authentication in apps
- Unstable system (i.e. rebooting and/or crashing)

Link (read OP here):
https://github.com/kdrag0n/safetynet-fix/pull/13#issuecomment-767863635

S9 users still report problems with this, but additional working module variations for several specific devices are found in the closed issues mentioned / linked from PR thread above. I think you'll find a modified fix for your Sammy in this post or elsewhere in this long issue thread:
https://github.com/kdrag0n/safetynet-fix/issues/6#issuecomment-764129632
Be aware, these solutions use Keystores from specific OneUI versions.

Happy reading! PW
 
Last edited:

pndwal

Senior Member
Btw, does Netflix need to be enabled in Magisk Hide?
This I'm unsure of.

Seems many use sideloaded package for Netflix, and I got confused about claims re. split apks using (cloning?) Play Services, non- detection, etc. I suspect the reports vary due to many unorthodox setups.

All I know is that my PlayStore loaded Netflix shows, installs and opens fine with SafetyNet / PlayProtect passing on my setup on stock Magisk Alpha rooted RN8T (w/ Riru-MomoHider and Universal SafetyNet Fix modules), and root is NOT yet hidden from Netflix in MagiskHide list.

I don't have a subscription so haven't tested further, but I doubt (I'm guessing of course) I'd have issues.

Further, my understanding is that since Netflix 5.0, the real issue may be Widevine (DRM) TEE, a different TEE to the one SafetyNet uses. Netflix said at the time:
With our latest 5.0 release, we now fully rely on the Widevine DRM provided by Google; therefore, many devices that are not Google-certified or have been altered will no longer work with our latest app and those users will no longer see the Netflix app in the Play Store.

I just checked DRM Info app, and it's reporting Widevine CDM security is L1 for HDCP 2.3, so happily it seems that's not seeing bootloader unlock etc, and I'm good for 4K streaming! PW
 
Last edited:
  • Like
Reactions: ipdev and Wolfcity

bradical711

Senior Member
Aug 26, 2017
407
253
Google Pixel 4 XL
I have used Netflix for a year plus now with no issues and I've never once hidden Netflix in magisk hide itself. (Although I do have the magisk app hidden and pass safetynet). My Netflix app shows 'L1' meaning I can stream Full HD as well as download my shows. So hide doesn't need to be enabled for the app itself but you do need to be able to pass safetynet as well as have the specs for "L1" AKA 'HD streaming' or more so 'DRM'. If Netflix appears in your playstore (because of passing safetynet), that's all you need to run and update the app. Nextflix just wants money and that's why you can also sideload the app, not have proper DRM management (L3) and still watch Netflix in low resolution.. obviously no downloads of shows/direct updates but that's at the cost of Netflix not knowing the device is secure. My device is a Pixel 4 XL, A11 June Stock ROM with custom kernel, magisk, 9 modules and passing safetynet. But no Xposed variants in my module selection.
 
Last edited:

zgfg

Senior Member
Oct 10, 2016
5,735
3,184
This I'm unsure of.

Seems many use sideloaded package for Netflix, and I got confused about claims re. split apks using (cloning?) Play Services, non- detection, etc. I suspect the reports vary due to many unorthodox setups.

All I know is that my PlayStore loaded Netflix shows, installs and opens fine with SafetyNet / PlayProtect passing on my setup on stock Magisk Alpha rooted RN8T (w/ Riru-MomoHider and Universal SafetyNet Fix modules), and root is NOT yet hidden from Netflix in MagiskHide list.

I don't have a subscription so haven't tested further, but I doubt (I'm guessing of course) I'd have issues.

Further, my understanding is that since Netflix 5.0, the real issue may be Widevine (DRM) TEE, a different TEE to the one SafetyNet uses. Netflix said at the time:

I just checked DRM Info app, and it's reporting Widevine CDM security is L1 for HDCP 2.3, so happily it seems that's not seeing bootloader unlock etc, and I'm good for 4K streaming! PW
For my Mi 9T with Xiaomi.eu A11 weeklies, DRM L1 certificate was already supported (screenshots)

Also, USNF is built-in to the ROM (to force eval type Basic, to let it pass CTS Profile attest), hence I don't need/use any particular module to pass SafetyNet (my Magisk Alpha app is also not repackaged)

Device is Certified (and Play Protect is ok), therefore I just regularly downloaded and installed Netflix from the Google Play

Before running the app I enabled MagiskHide for Netflix and then I configured the given Netflix account

Actually, I have a shared account with Standard subscription, hence without Ultra HD 4K support (my Mi 9T screen resolution is 1080x2340 hence also less than 4K)

Streaming works fine and Netflix Playback Specification shows L1, Full HD (screenshot)

Edit:
I have used Netflix for a year plus now with no issues and I've never once hidden Netflix in magisk hide itself. (Although I do have the magisk app hidden and pass safetynet). My Netflix app shows 'L1' meaning I can stream Full HD as well as download my shows. So hide doesn't need to be enabled for the app itself but you do need to be able to pass safetynet as well as have the specs for "L1" AKA 'HD streaming' or more so 'DRM'. If Netflix appears in your playstore (because of passing safetynet), that's all you need to run and update the app. Nextflix just wants money and that's why you can also sideload the app, not have proper DRM management (L3) and still watch Netflix in low resolution.. obviously no downloads of shows/direct updates but that's at the cost of Netflix not knowing the device is secure. My device is a Pixel 4 XL, A11 June Stock ROM with custom kernel, magisk, 9 modules and passing safetynet. But no Xposed variants in my module selection.

Thanks, I have removed Netflix now from MagiskHide, and it continues to stream with L1, Full HD
 

Attachments

  • DRM_Info-Widevine_L1.jpg
    DRM_Info-Widevine_L1.jpg
    207.8 KB · Views: 52
  • Widewine_L1-Certificate.jpg
    Widewine_L1-Certificate.jpg
    169.6 KB · Views: 52
  • Netflix-PlaybackSpec.jpg
    Netflix-PlaybackSpec.jpg
    234.8 KB · Views: 52
Last edited:

pndwal

Senior Member
Let the conspiracy theories begin (again) :)

I liked you better when you were just being an awful Magisk Alpha tease a few days ago :p :p :p

Who's teasing?... But I'll bite.

👴🏻🧸👴🏻🧸👴🏻🧸👴🏻🧸👴🏻🧸👴🏻🧸

I try to stick to facts (especially those fostering any sort of hope), as that was... And up to date Magisk. 😛

Why stir? There's plenty doing that... and better ways! 😜

And this is not PlaySchool mate! PW

images (3).jpeg

Nb. Any perceived likeness to individuals depicted here is regretted, and the author is truly sorry... for the bear concerned, that is.

🐻🐻🐻🐻🐻🐻🐻🐻🐻🐻🐻🐻
 
Last edited:
  • Like
Reactions: 73sydney

73sydney

Senior Member
Jul 21, 2018
1,865
1,613
Sydney
Google Pixel 2 XL
Who's teasing?... But I'll bite.

👴🏻🧸👴🏻🧸👴🏻🧸👴🏻🧸👴🏻🧸👴🏻🧸

I try to stick to facts (especially those fostering any sort of hope), as that was... And up to date Magisk. 😛

Why stir? There's plenty doing that... and better ways! 😜

And this is not PlaySchool mate! PW

View attachment 5348045

Nb. Any perceived likeness to individuals depicted here is regretted, and the author is truly sorry... for the bear concerned, that is.

🐻🐻🐻🐻🐻🐻🐻🐻🐻🐻🐻🐻

Hehe, my bear is a little smaller...has to be to fit into the baby harness :p

We should really get a coffee one of these days...
 
  • Haha
Reactions: pndwal

Thisisanacct

Member
Jun 14, 2020
5
0
I was directed here from the main help thread.

I am failing SafetyNet again, on a rooted OnePlus 8 (Global, 11.0.7.7.IN21AA). I have Magisk Hide and EdXposed blacklist as well as hiddencore set up and updated, and it suddenly stopped passing SafetyNet a few days ago, and I cannot figure out why as it used to work. Disabling EdXposed fixed it, but I need it for things such as GravityBox. Any tips?
 

justDave

Senior Member
Nov 17, 2006
172
52
I was directed here from the main help thread.

I am failing SafetyNet again, on a rooted OnePlus 8 (Global, 11.0.7.7.IN21AA). I have Magisk Hide and EdXposed blacklist as well as hiddencore set up and updated, and it suddenly stopped passing SafetyNet a few days ago, and I cannot figure out why as it used to work. Disabling EdXposed fixed it, but I need it for things such as GravityBox. Any tips?
I had the same. Switched to lsposed today and it's passing SN again. Since you mention gravitybox, I should mention that I did have to uninstall and reinstall it to get it working after the switch.
 

Top Liked Posts

  • 10
    Latest Alpha Magisk cb4361b7-alpha

    *** For Mavericks only! ***

    Riru / Zygisk coexistence seems to be back!
    🎉🎊⚡🥝🧀

    Chinese Translated:
    alpha update log
    Magisk (cb4361b7-alpha)


    ● [General] Based on cb4361 b7, the content that has been merged upstream is no longer listed
    ● [App] Correctly process any data from magiskd
    ● [App] Support SharedUserld
    ● [App] Delete the backup file after restoring the boot image
    ● [App] Built-in current version update log
    ● [App] Use the local version when the stub cannot be downloaded, now it can be used completely offline
    ● [App] Switch to the modern time API of Java 8
    ● [DenyList] handle suspicious props
    ● [App] Update SafetyNet extension, update snet.jar version to 18
    ● [General] Add an obsolete cgroup v2 path
    ● [Sepolicy] Add execmem to allow zygote and system_server Hook
    ● [MagiskSU] If necessary, fall back to /dev/pts
    ● [Zygisk] Fix Circumstances that may not take effect
    ● [Busybox] Cancel optimization based on undefined behavior
    ● [General] No longer automatically unlock the device block
    ● [Zygisk] From the current situation, there is no crash report to prove zygisk and riru
    Incompatible, temporarily cancel the restriction, observe the situation

    Upstream update log
    From 23.0 to cb4361b7


    ● [General] supports pure 64-bit devices
    ● [General] Support Android 12 emulator
    ● [Zygisk] Code Injection Framework
    ● [General] Remove MagiskHide
    ● [General] Support special simulator loading module
    ● [MagiskBoot] Support zImage format
    ● [MagiskBoot] Add zopfli encoder
    ● [Magisklnit] Support bootconfig
    ● [App] Repair installation function will now check the script under /data/adb/magisk/ is not updated
    ● [MagiskInit] Support some Meizu devices
    ● [MagiskSU] If the kernel supports it, use isolated devpts
    ● [MagiskSU] Fix the pts configuration code, now no extra sepolicy rules
    ●[MagiskBoot] Support v4 boot image header format
    ● [MagiskInit] Support opltus.fstab for some OnePlus and Opal devices
    ● [App] Update modules to be restarted, not allowed to be marked as pending deletion
    ● [App] Delete online warehouse
    ● [App] Add mounting information to the saved log file
    ● [App] Adapt to Android 12 API level
    ● [App] Display the waiting pop-up window when the app is hidden/restored
    ● [Stub] Open source obfuscation function
    ● [Script] Check and display the sepolicy rule folder of the module
    ● [App] Hide screen overlay for pop-up window, Android 12+ is required
    ● [App] Delete the floating bottom bar and change it to the general bottom operation bar
    ● [General] Support special compilation cache
    ● [General] Add rejection list function
    ● [App]Delete DOH
    ● [App]Delete SafetyNet
    ● [App] Allow the log page to be opened when Magisk is not installed
    ● [App] Display Zygisk status, add restart reminder
    ● [Zygisk] Correctly handle child zygote
    ● [Zygisk] Disable conflicting riru modules
    ● [Sepolicy] Fix Android 8 terminal cannot get root

    👍 PW
    6
    @Didgeridoohan, @pndwal, and all the rest, THANKS for all the help!!

    It was as straightforward as indicated, and my Pixel 5a 5G is fully rooted on Magisk v23, SafetyNet fully functioning with riru+drag0n SafetyNet fix+MagiskHide. ALL banking apps work perfect, SN check passes, a rooted apps are perfect, I am SOOO happy, it went absolutely perfectly. No WAY I could have (or would have) tackled this cold on my own!

    In a P5 thread, @jcmm11 was answering some concerns and I posted that I'd post a step by step over there for any help it may provide for the new 5a 5G users, so I'll come back and update this post with a link to that when it's ready (later tonight, UFC 266 main card is just kicking off, so later tonight for sure).

    Cheers and mad respect to all you awesome selfless folks who make the Magisk world spin round, I'm so grateful.
    4
    cb4361b7-alpha report:
    w/ RN8T, Stock MIUI, Android 10

    Two reboots needed initially.

    Zygisk & Riru w/ Universal SafetyNet Fix 2.1.1, LSPosed, Un-Share all working fine.

    SafetyNet passing w/ SafetyNet Google Play Services process denied.

    ViPER4Android FX Neon driver status normal.

    With Zygisk enabled Riru-MomoHider causes instability / system crashes even when only app_zygote_magic hiding is configured. 😕

    Great progress! 👍 PW
    3
    Hey all,
    As promised, I wrote up a step-by-step tutorial for the Pixel 5a (though it applies to about all the Pixels, much of it I used on my Pixel 2 over the past 4+ years):


    I know it's a book, but I wanted to make sure I put it in everyday language and tried to make it so even a first timer could go through it and feel confident moving forward and getting root, passing SafetyNet, and update with system updates in the future with confidence.

    Anyhow, it's my attempt to give something back to the community I've gained so much from and leaned on so many times for help. If it helps even one person I'll be happy.

    Thanks again to the entire community, and particularly the folks who have been here helping tirelessly and without reserve to get everyone up and going. You all know who you are and I gave proper name attribution in the tutorial thread. I'm exhausted, so I'm gonna go grab some dinner, that took hours to write! hahahahaah!!

    Be well everyone, SO happy my P5a is fully functioning, you folks are just amazing.

    hfam
    2
    cb4361b7-alpha report:
    w/ RN8T, Stock MIUI, Android 10

    Two reboots needed initially.

    Zygisk & Riru w/ Universal SafetyNet Fix 2.1.1, LSPosed, Un-Share all working fine.

    SafetyNet passing w/ SafetyNet Google Play Services process denied.

    ViPER4Android FX Neon driver status normal.

    With Zygisk enabled Riru-MomoHider causes instability / system crashes even when only app_zygote_magic hiding is configured. 😕

    Great progress! 👍 PW
    Some have been waiting..
    Some have been using vvb2060's alpha builds..

    I have been sneaking a peak by running personal builds from John's master branch. :sneaky:
    Magisk - GitHub - Building and Development - Link

    A few days ago (23.Sep.2021), I was surprised when my OnePlus 6T passed SafetyNet. o_O
    It has been about three or four weeks since it passed SafetyNet.

    Problems I have run into..
    Every now and then, something misfires on boot and Magisk is not active (Installed N/A).
    Normally a reboot is all that is needed, occasionally I have to re-install magisk.

    I ran into an old issue on my 6T (clean install) installing Magisk.
    I had to flash a magisk patched image to both the active and inactive boot slot.
    Need to test again with another clean install.​

    Currently I have a few devices running these (sneak peak) build(s) and passing SafetyNet.

    OnePlus 5T
    Older device, does not have the hardware for hardware attestation.
    • Stock OnePlus OS 10.0.1 (SDK29)
    • Magisk (snapshot build)
    • MagiskHidePropsConf (Magisk Module)
      • Enable Zygisk
      • Enable DenyList
      • add com.google.android.gms.unstable to the DenyList.
        Magisk is in /sbin so only needed to Deny .unstable
      • Enable the MagiskHide props. option in the MagiskHidePropsConf module.
    Reboot in between steps as needed.

    OnePlus 6T
    • Stock OnePlus OS 11.0.0 (SDK30)
    • Magisk (snapshot build)
    • Universal SafetyNet Fix (Magisk Module)
      • Enable Zygisk
      • Enable DenyList
      • add com.google.android.gms.unstable to the DenyList.
      • add com.google.android.gms to the DenyList.
    Reboot in between steps as needed.

    Pixel 3a
    Custom rom that passes SafetyNet on it own.
    Installing Magisk breaks SafetyNet.

    • ABC Rom 11 (SDK30)
    • Magisk (snapshot build)
      • Enable Zygisk
      • Enable DenyList
      • add com.google.android.gms.unstable to the DenyList.
      • add com.google.android.gms to the DenyList.
    Reboot in between steps as needed.

    Earlier today, I setup an update channel so I could test a few more things.
    • Install update from online.
    • Repack (Hide/Restore) the Magisk app.
    All worked. :)
    Note:
    I will have to wait until the next commit(s) to see if I can update while the Magisk app is hidden. 🙃

    ---

    So far The next step of growth and development of Magisk is looking great. :)

    I am excited and eagerly waiting for the next canary build for proper testing. :D

    Cheers all. :cowboy:

    PS.
    Some screenshots from my 6T. ;)
  • 44
    OK. AIO solution. Modded "Universal SafetyNet Fix" module. Just added "model" props.
    17
    So, new layer of HARDWARE detection is here.
    SafetyNet failed on devices, where must bee HARDWARE detection. GMS no longer check system response of evaluation type, and force check HW. USNF doesn't work in this cause.
    Hm, funny things happening. I was thinking this is upgrade of HW attestation, but it is DOWNGRADE actually. 😄

    Remember my old first simple digging into HW?
    It`s..... working again.

    Looks like a temporary solution or just "combo" of old and new methods from Google.
    This explains the fact that dirty hack with Xposed-s working now.

    So, this current environment may be temporary or preparation for something BIGGER.

    In conclusion: in this time to passing SafetyNet you need just my old "hardware_off" module from link above or "MagiskHidePropsConf" with any "BASIC" print with model simulation and kdrag0n-s "Universal SafetyNet Fix".

    No ***-posed-s need!
    16
    Few Headsups:

    1) There are reports that Danny's (@kdrag0n) new early release Universal SafetyNet Fix 2.0.0 (combines AOSP Keystore and shim Keystore solutions) is restoring ctsProfile for some. It just may work for all, but not enough reports as yet. Also, it requires a payment at this stage:
    https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/post-85581909

    https://github.com/kdrag0n/safetynet-fix/pull/13#issuecomment-904209677

    2) There are reports that simply using MagiskHide Props Config module to 'delete' ro.product.model prop fixes ctsProfile on custom ROMs where other methods have failed. Eg:
    https://github.com/kdrag0n/safetynet-fix/issues/78#issuecomment-912885628

    3) New MagiskHide Props Config module 6.0.0 just released with all the sensitive prop values that MagiskHide changed up to and including Magisk v23 set by default, "Force BASIC key attestation" re-enabled (for Googles latest changes), and various other fixes.
    https://forum.xda-developers.com/t/...p-edits-and-more-v6-0-0.3789228/post-85581939

    I have to agree that this module's name does suddenly seem very apt, and as always, it proves elegant in its versatility. 😛👍

    4) Another elegant solution that some may have relegated to a bygone era seems to be coming back in fashion to!

    Those with Google Pay problems persisting after fixing ctsProfile are reporting in GPay threads, here and elsewhere, that GPay-SQLite-Fix + SQLite binary modules from stylemessiah (a connoisseur at least in digital fashion ... or perhaps just lucky, our @73sydney, - original solution from @BostonDan ) is fixing these for them once again. 😜 Eg:
    https://github.com/kdrag0n/safetynet-fix/issues/78#issuecomment-912798412

    WOT 😉 to read if interested:
    https://forum.xda-developers.com/t/...s-of-gms-17-1-22-on-pie.3929950/post-79643248

    🤠 PW
    15
    ro.product.model was enough for my OP8T, but I didn't like how Google Play Services started referring to my device as "OnePlus BASIC" with the "hardware off" module, so I knocked together this module really quickly to just append _SN to the real model name. WFM. 🤘
    14
    Removed the @Displax safety net mod fix and applied the latest USNF 2.1.0 from @kdrag0n.

    Attestation is passed and device is compliant in company portal too with my original device name 1+8 Pro and not Pixel.

    This is done over the latest Alpha Magisk.

    Update: My In-display fingerprint hardware is not working anymore, I think the fix is already committed. Hopefully it will be resolved in the next version.
    Yep, I have sent a Pull Request with the fix like an hour after v2.1.0 was released. 🤠

    See my post here in the official USNF thread for getting it working in the meantime until it's merged and a new release is made: https://forum.xda-developers.com/t/...tynet-fix-1-1-0.4217823/page-59#post-85631613

    Also may be worth everyone reading my comments at the end of that post about people doubting the sponsored testing closed-then-open development.

    And then here on this GitHub issue about how it's not meant to replace MagiskHide so you can't just turn Hide off: https://github.com/kdrag0n/safetynet-fix/issues/91#issuecomment-919264624
  • 1064
    This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases.
    All information, including troubleshoot guides and notes, are in the Announcement Thread
    156
    Hello, I haven't given much support on XDA lately. It can be resulted from
    • University started and I have limited free time. In fact, I mostly develop during midnight
    • I live in Taiwan, which has large time zone differences between my European/American contributors/testers, which usually forces me to stay up late at night to discuss/test stuffs.
    • The new version is about to come, I don't want to spend effort on supporting old releases
    The planned update is delayed again and again, to some point I think I'll shed some light about what has been happening lately, also along with some announcements.

    New Forum!
    As you might have already discovered, Magisk got its own subforum on XDA! Many thanks to all the support you gave me, and much more information/features/support is about to come!
    **For developers supporting all the devices that are not using standard Android boot format, feel free to create threads in this section (actually, PLEASE do so) for your favorite devices after v7 is out. As I currently know, Asus devices require signing the boot image before flashing, and is model dependant; Sony devices seems to use ELF kernel that is unpatchable, or some has two ramdisks (inner + outer), both requires different workarounds; LG bootloader locked devices has to manually "BUMP" the boot image after flashing Magisk..... and there may be lots of other crazy boot image formats that haven't come up to my attention yet.
    It is impossible for me to support all these non-standard boot images, and I hope the community can collaborate to make Magisk running across all the devices. Overall, community collaboration is what XDA about :D

    The Pixel Phone
    Some of you might already know this news, that the next Pixel Phone right around the corner seems like it does not have ramdisk in boot image, which pretty much wrecked Magisk in all ways. However, it pretty much doomed root itself too. Kernel modifications is inevitable IMO, so I'll try to migrate my scripts to C programs that could possibly be included into the kernel itself. Note that I'm not familiar with linux kernel, I'm not even sure if my idea and concept is correct or not. But once the device is available, I think developers will find a way to bypass all the difficulties, and I'll do my best to learn things ;)

    Current Progress
    In the past month, I've spent quite some time learning SELinux, so that I can avoid using SuperSU's sepolicy patches. Thanks to the helps and tips from @phhusson and @Chainfire, I finally have a much clearer understanding of how SELinux works. The Magisk core parts (the scripts, boot image patches, new features, more supports) are actually done some time ago. What is causing all the delays is the Magisk Manager.
    To be completely honest, although I can code in Java without much issues, Magisk Manager is actually my first Android application, I had to reach out for assistance, and fortunately awesome developers like @DVDandroid and @digitalhigh contributed a lot, which makes the current Manager awesome.
    After the repo system and module management is mostly done, I was about to do some adjustments and release, but what we really done is decided to add another feature: auto-unroot with per-app settings. I decided to wait for it to be finished, and then do my adjustments. Due to reasons that'll be mentioned later, this feature will likely not be available for the next release (should come in future updates)

    Safety Net Disaster
    Those who are using Magisk for Safety Net bypass purposes must have known that Google recently updated the detection method of my Systemless Xposed. I still have no idea what Safety Net is detecting, so currently I cannot fix it on my side (also because I'm busy working on the next update). However, suhide developed by @Chainfire is able to hide Xposed and worked fine.
    However, only my Systemless Xposed v86.2, which is based on SuperSU's su.d, is supported using that method. v86.2 and v86.5 (latest, Magisk based) have nearly identical binaries, and the only difference is the path where the binaries are stored.
    I'm still not sure what's the real issue for it not being supported, I just hope it is not done intentionally.

    Conclusion
    Due to the fact that my Safety Net bypass is not 100% perfect now, I do not want to spend any more time waiting for auto-unroot to be polished. What I'm doing now is finishing up all the things I'd like to change in Magisk Manager (it has been a while since I last contributed to Manager, my fellow developers are doing all the heavy job), which might take a little more time, after that, packed with tons of information to be announced in Magisk Section, I'll release the long awaited update.

    Hope this lengthy post gives you the idea of the whole situation, and again thanks for all your support!!
    121
    Ah, some Chainfire bashing, I hope it is not too late for me to exercise additional villainy.

    First, let me make clear I have nothing against @topjohnwu, nor against Magisk. Magisk is an interesting project and it certainly displays @topjohnwu ingenuity and persistence. I don't doubt we will see more interesting things from his hands.

    -------------------------

    What has happened here is not all that dark and complicated, from either end. I returned from holidays, and someone pointed me at Magisk. My first thought: interesting!

    Among other things, the thread lists some issues with SuperSU, which in combination with the phrase The developer also requests users to not bug Chainfire with compatibility requests for SuperSU with Magisk from the portal article, raised my left eyebrow by nigh half an inch. The popular systemless xposed mod is apparently now based on it, and apparently it now no longer works with SuperSU, and apparently I'm not supposed to fix that, nor any of the other found issues. I found that a bit weird. So yes, I have told @topjohnwu that I was a bit surprised he was posting about issues with SuperSU without notifying me about them (I can't fix or help fix issues I'm not aware of, after all).

    He's also spreading a modified version of the SuperSU package, which is not all that uncommon, nor necessarily a problem. I have not looked into what he modified, I only ran a few quick tests on one of my devices, and found some commonly used commands run as root to be broken. I have informed him of this as well.

    It appears the tool of choice for Magisk is phh's Superuser, because of some of the mentioned issues with SuperSU. That's fine by itself, but fixing issues in that superuser by incorporating SuperSU's binaries into it is a somewhat questionable practise. After all, SuperSU is a commercial closed-source package that helps pay for my dinner, and superuser is a direct competitor. I have informed him that I was surprised he did this without asking for permission. I have expressed similar surprise on him spreading a modified version of LiveBoot (which helps pay for a snack now and then).
    @topjohnwu has also stated that Magisk's scripts are largely influenced by mine (I have not checked). Scripts based on mine are used all over the place on XDA, some people have crafted amazing things based on them, I have never made an issue of this (otherwise I would have just made them binaries). But yes, I have also stated to him that I don't think it's very nice to base something on one program, and then using that to (almost exclusively) push something directly competing with that program.

    tl;dr Towards @topjohnwu, I have:
    - expressed surprise he has issues getting Magisk to work with SuperSU, and has chosen not to inform me about those
    - expressed surprise he is using SuperSU binaries in a competing superuser without permission
    - expressed surprise he is posting a modified LiveBoot without permission
    - informed him of issues with the modified SuperSU he has posted
    - let him know I thought it wasn't very nice to be applying my scripts to benefit seemingly exclusively that same competing superuser

    To be crystal clear:
    - I have not asked for an apology
    - I have not asked for Magisk to be abandoned, neither the root hiding nor systemless module parts, and certainly not systemless xposed
    - I have not made an issue of any of this anywhere, until this post
    - I have not even specifically asked for anything to be taken down (though obviously in my opinion the other superuser package mixed with SuperSU's binaries, as well as the LiveBoot package, should go)
    - I have not reported this thread to XDA moderators for copyright violations or otherwise

    While my conversation with @topjohnwu may not win any awards for being friendly (though it may win some for brevity), I think all things considered my response has been rather mild. To be perfectly honest, until the apology post, I thought this was over with already. I think the apology post was triggered because I haven't replied to his last PM for a while - I was in the zone, it happens.

    To emphasize again, I have nothing against @topjohnwu, Magisk, or systemless xposed, and it is certainly not my goal to see any of them go. If it can be made to work together with SuperSU, great.

    I get it though: you think of something, you want to see if you can make it work, you finally get it to work, you publish it, it takes off - enthusiasm gets the better of you. Maybe in the rush some mistakes are made. That doesn't mean you have to just drop it and run. None of my stuff would make it past 0.1 if I stopped at the first big mistake :)

    Aside from said being in the zone coding, I usually regret actually responding to these sort of things the day after, which has made me hesitant to reply. Surprise me.
    76
    Thread temporarily closed so everyone sees this.

    The flood of "SafetyNet isn't working for me either!" posts are not helpful, at all. Please refrain from posting further, it will be looked into. Please do not forget that not passing SafetyNet is 100% NORMAL AND INTENDED when you have an unlocked booloader or running custom firmware. These are workarounds and they will be worked around in turn.

    The Flash
    Forum Moderator

    EDIT: Thread is reopened... I will be cleaning any SafetyNet posts for a while to keep the thread clean for real issues.
    75
    Hello everyone!

    I am aware that Google has updated Safety Net that makes Magisk itself a no go for Android Pay. In fact, I witnessed the change live while I am developing the new magiskhide, which should hide all Magisk modules and Magisk installed root.

    Google is serious about Safety Net now, clearly hunting down all possibility to run Xposed with Safety Net passed. I spend quite some time examining the new security measures last midnight, and fortunately it seems that it is possible to run Magisk and root along with Safety Net if no Xposed is running. I'm glad I removed the old root toggle at the right time lol, that is no longer feasible with the latest detection.

    So stay tuned for the next update, it will come with bug fixes, along with the new magiskhide to bypass that Safety Net.

    Google, how will a few systemless mods do any harm :p:p