• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Magisk General Support / Discussion

Search This thread

pndwal

Senior Member
Magisk Alpha

Ok, I've updated mine.

All went fine for me.

Don't expect 'Update' notice in App as mentioned, even for Magisk (mask) after App update as version has (again) NOT been changed from "1eb83ad8-alpha". Again, I'm not sure if this is intended.

[After App update, you will notice different Release Notes Changelog in Chinese for Install Magisk (mask) and Install App. Expect Install App Changelog to be updated when release package (plus json) is pushed to GitHub repository.] It's now pushed / in sync with latest.

[At present, latest package file is still not pushed to GitHub repository.] It is now available from GitHub also.

I now understand this is often released earlier to Magisk Alpha Telegram group, and sure enough it's there! (It seems Chinese community there is more aware / informed of these builds than XDA community):
https://t.me/magiskalpha
Web based preview:
https://t.me/s/magiskalpha

Nb. See this for Devs notes also.

Nb.2. In Chrome, web based preview can be translated into English.

Magisk Lite

For anyone interested in this (those wanting basic superuser privileges, and a way to hide root from bank apps that detect isolated processes), this is released to Magisk Lite Telegram group also, but latest is unavailable as yet. 😕 :
https://t.me/magisklite
Web based preview:
https://t.me/s/magisklite

Nb. See this for Devs notes / working theory / difference with respect to standard Alpha / technical details re use, functionality etc.

Eg. Dec 4 build "restores the module function and can install a separate lite module.
Requirement: After the boot is complete, zygote and its child processes will no longer read any files mounted by the module.
(Otherwise, the mobile phone will have various inexplicable problems.)"

👍 PW
 
Last edited:

pndwal

Senior Member
Since I'm unwell presently, I've been killing time checking recent commits in Alpha that may help with device compatibility issues.

One is "Support bootimg v4 format" which has been refined again in current build.

Within the commit I found interesting information on the various ramdisk types. Thought I'd share:
The vendor ramdisk section is consist of multiple ramdisk images concatenated one after another, and vendor_ramdisk_size is the size of the section, which is the total size of all the ramdisks included in the vendor boot image.

The vendor ramdisk table holds the size, offset, type, name and hardware identifiers of each ramdisk. The type field denotes the type of its content.

The vendor ramdisk names are unique. The hardware identifiers are specified in the board_id field in each table entry. The board_id field is consist of a vector of unsigned integer words, and the encoding scheme is defined by the hardware vendor.

For the different type of ramdisks, there are:
- VENDOR_RAMDISK_TYPE_NONE indicates the value is unspecified.
- VENDOR_RAMDISK_TYPE_PLATFORM ramdisks contain platform specific bits, so the bootloader should always load these into memory.
- VENDOR_RAMDISK_TYPE_RECOVERY ramdisks contain recovery resources, so the bootloader should load these when booting into recovery.
- VENDOR_RAMDISK_TYPE_DLKM ramdisks contain dynamic loadable kernel modules.
https://github.com/vvb2060/Magisk/commit/2bdd553f03a0e3989c277332e64d3f4b24f2f396

🤓 PW
 
Last edited:
  • Like
Reactions: duttyend

zgfg

Senior Member
Oct 10, 2016
5,701
3,139
Magisk Alpha

Ok, I've updated mine.

All went fine for me.

Don't expect 'Update' notice in App as mentioned, even for Magisk (mask) after App update as version has (again) NOT been changed from "1eb83ad8-alpha". Again, I'm not sure if this is intended.

After App update, you will notice different Release Notes Changelog in Chinese for Install Magisk (mask) and Install App. Expect Install App Changelog to be updated when release package (plus json) is pushed to GitHub repository.

At present, package file is still not pushed to GitHub repository.

I now understand this is often released earlier to Magisk Alpha Telegram group, and sure enough it's there! (It seems Chinese community there is more aware / informed of these builds than XDA community):
https://t.me/magiskalpha
Web based preview:
https://t.me/s/magiskalpha

Nb. See this for Devs notes also.

Nb.2. In Chrome, web based preview can be translated into English.
Since I'm unwell presently, I've been killing time checking recent commits in Alpha that may help with device compatibility issues.

Hopefully, you are doing better (must not be that bad since you are playing with Chinese Alpha👍)

Thanks for the info. Updated also my Alpha (app and Magisk) to that June 23 build from Telegram, everything as you described

Mixed filings:
- good there are updates
- good there is a support group (although only Telegram and on Chinese)
- hoping he will update to his Magisk Repo
- hoping there will be better updating scheme in the future (updated version number, updating via Alpha channel, notifications)
- hoping there will be a Github Issues tracker or so
 
  • Like
Reactions: duttyend and pndwal

pndwal

Senior Member
Re. MagiskHide / bank apps / isolated processes, John Wu said in Aug 2020:
John Wu, Aug 26, 2020

It's no secret that services with isolatedProcess enabled can easily bypass MagiskHide. People started to find out that it's quite common to be able to bypass it by simply disabling said services. Apps like Servicely can do this, do you want Magisk Manager to natively support it?

- Yes, that would be handly - 89.5%
- Nah, no moar bloat plz - 10.5%
-1,472 votes - Final results

Note that *real* solutions for hiding isolated services require either (a) Magisk-lite, aka hide by default, mount if whitelisted, or (b) hook into zygote to alter some code.

(a) will not be officially considered since this will break some modules, (b) requires a lot of work
www.twitter.com/topjohnwu/status/1298468244596985856

So there's a tip for you MagiskHiders - try Servicely! (Controls for rooted phones.)

Among other functions, "You can also disable/enable permanently any service on your device. It's useful if you have services that tend to auto-restart and keep your device awake, or if you have games sending you never-ending notifications."
https://play.google.com/store/apps/details?id=com.franco.servicely

...And we've all heard of this Dev's (@franciscofranco's)
'Franco Kernel Manager'... And he just may need some love from XDA members ATM...

Gotta love Kernel Franco's response to that Twitter post too! 🙂

I don't think we ever got 'disable services with isolatedProcess' feature, and while John did have ambitious plans to (b) 'hook into zygote to alter some code', who knows where we're at with that now?!

That leaves (a) 'Magisk-lite, aka hide by default, mount if whitelisted', which 'will not be officially considered since this will break some modules'...

This was clearly a reference to the Magisk-lite project @vvb2060 had been working on since May 2020.

In Lite, with Magisk in whitelist mode, all applications are hidden by default and only checked applications can obtain super user permissions.

It has to be said that despite the fact builds since Dec. restore "the module function and can install a separate lite module", there are still significant problems with this. As the Dev makes clear (Chinese translated):
About modules:

The Lite version does not provide support for modules. Due to the implementation principle, many modules cannot operate normally.

Technically speaking, in Magisk-Lite, files replaced or added by modules do not exist for zygote and its sub-processes (ie application processes) after the boot is completed. If a module requires these processes to read mounted files after booting, this module will cause system problems.

In order to prevent incompatible modules from damaging the system after switching from the official version, Lite has modified the module directory and the module needs to be reinstalled.

If there is a module that cannot be installed normally, cannot run normally, or causes system problems after installation, no matter how seemingly unrelated the problems, it means that the module is not compatible.

Finally, to reiterate, the Lite version does not provide support for modules.
https://t.me/s/magisklite

So it seems a way to have our cake and eat it too (ie to hide isolated process leaks from bank apps detecting them, and have normal Magisk Module functionality) is a long way off yet... However, there are still a number of things desperate bankers can try before resorting to guns! 😜

And hopefully this clarifies a few things regarding Magisk Lite. 😷 PW
 
Last edited:

zgfg

Senior Member
Oct 10, 2016
5,701
3,139
Hopefully, you are doing better (must not be that bad since you are playing with Chinese Alpha👍)

Thanks for the info. Updated also my Alpha (app and Magisk) to that June 23 build from Telegram, everything as you described

Mixed filings:
- good there are updates
- good there is a support group (although only Telegram and on Chinese)
- hoping he will update to his Magisk Repo
- hoping there will be better updating scheme in the future (updated version number, updating via Alpha channel, notifications)
- hoping there will be a Github Issues tracker or so
One more observation. With Aplha (both Jun 23 and previous May 29 builds), I can manage Magisk Hide for com.miui.security.center (MIUU Security app) through the Magisk app

It used to work also in Canary, but since v22 or v23, TJW disabled for some system apps (it was possible only through Terminal by magiskhide add/rm/ls CLI commands)

Btw, does Netflix need to be enabled in Magisk Hide?
 

Attachments

  • IMG_20210624_100753.jpg
    IMG_20210624_100753.jpg
    259 KB · Views: 52
Last edited:
  • Like
Reactions: duttyend

handy1977

New member
Jun 23, 2021
4
0
[HELP] Google pay won't work s9 plus I installed magisk on s9 plus. It won't let me use Google pay says your phone is rooted. Anyway to get the app to work. Android 10 magisk 23.

I have enabled hide and installed props config latest still i am getting phone is rooted on Google pay app.
Cts failed Eval basic Basicintegrity pass


[URL unfurl="true"]https://ibb.co/tDC4jq0[/URL]


[URL unfurl="true"]https://ibb.co/GJhZNKX[/URL]

Here some images show my settings and safetynet test EvalType Basic
 

handy1977

New member
Jun 23, 2021
4
0
Some early news

Nb. It seems Lite builds will likely be of interest only to those wanting basic superuser privileges, and a way to hide root from bank apps that detect isolated processes, at least at this stage:

Latest @vvb2060 Magisk Lite build (June 23, 2021) change log:​

Chinese Translated:

Magisk Lite​

In Magisk in the whitelist mode, all applications are hidden by default, and only the applications ticked in Hide can obtain super user permissions. adb shell automatically has super user privileges. Module function is not available.

'magiskhide add UID package name' to add super-user application
'magiskhide rm UID package name' to remove super-user application
'magiskhide ls' lists the super-user applications

Magisk (1eb83ad8-lite)​

  • Based on 1eb83ad8, please refer to the upstream update log for related modifications
  • Properly process any data from magiskd
  • Support SharedUserId
  • Delete the backup file after restoring the boot image
  • Built-in current version update log
  • Use the local version when the stub cannot be downloaded, now Magisk can be used completely offline
  • Support bootimg v4 format
  • Support bootconfig
  • Detect /data/adb/magisk/ not updated and prompt to repair
Edit:
Following are new commits:
  • Remove the disabled and pending deletion marks when upgrading the module, and it is not allowed to mark as pending deletion before restarting
  • Fix that it cannot be flashed in some TWRP
  • Modify the search order of the module sepolicy location and fix the problem that some devices do not load the module sepolicy
  • Display the modal waiting pop-up window when hiding/restore the Magisk application
https://github.com/vvb2060/Magisk/blob/lite/app/src/main/res/raw/changelog.md

My earlier notes:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85082149

Current notes:

This seems to be only partially rolled out 1hr ago, and magisk_files repo is not yet updated with package files.

I'll be sure to update here when package files have been uploaded.

😛 PW
Hi how do we download file. I see no links on the page
 

pndwal

Senior Member
Hopefully, you are doing better (must not be that bad since you are playing with Chinese Alpha👍)
Feel lousy but panadols help. Had lite cold but still got pfizer round II... Probably a bad move. Thanks for asking. 😷
Thanks for the info. Updated also my Alpha (app and Magisk) to that June 23 build from Telegram, everything as you described

Mixed filings:
- good there are updates
Yep, best thing. 👍
- good there is a support group (although only Telegram and on Chinese)
Might need to learn Chinese... at least it's Simplified Chinese! 😃
- hoping he will update to his Magisk Repo
I'm sure he will, but probably not a priority. Seems Telegram may be his official Release medium.
- hoping there will be better updating scheme in the future (updated version number, updating via Alpha channel, notifications)
Well he recently fixed commit for that:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85194479
So it appears he wants it to work.

The explanation for it not occuring now seems to be that he has named builds for the last commit synced from John Wu's master branch each time he builds.

These have all differed untill recently, but the last of John's commits was
https://github.com/vvb2060/Magisk/commit/1eb83ad812e75e775d8cd178a7a3832029cc9607 (Update Android Studio), and this has remained static since mid May.

The first 8 digits of this, 1eb83ad8, appended with '-alpha' has predictably constituted the version code for the last 3 builds, but I'm certain he could alter this protocol easily.

I imagine he will, but don't know why he hasn't yet.
- hoping there will be a Github Issues tracker or so
Yeah, but I don't know about the propriety of (or the need for) that as long as these are unofficial builds.

Actually, @vvb2060, along with @osmosis and others, have been responding to official Issues on John's GitHub since John's gone AWOL... Of course, he actually designed aspects of it, including the auto-close bot!

I'm also sure people will continue to submit issues here for the meantime, and @vvb2060 will continue to comment, create fixes and test them in his own builds as well as implement pull requests from John's GitHub in his own just as he has been doing for a year or so now.

I don't think the fact that fixes aren't presently being merged in John's builds is a real problem. Many fixes (for MTK etc) were working for / tested by users in @vvb2060's builds long before being accepted / merged into John's.

@vvb2060's close-issue bot may be a problem; users will need to report latest Canary build to get a foot in as things stand. 🙁 ... Perhaps he could tweak that?

And pull requests can still be submitted for merging in John's... And we can still hold our breath! 😛 PW
 
Last edited:

pndwal

Senior Member
Hi how do we download file. I see no links on the page
Like I said,
magisk_files repo is not yet updated with package files.

I'll be sure to update here when package files have been uploaded.
But what good will Lite do you? It breaks modules as explained... And it's entirely unnecessary for G Pay.

G Pay detects only Play Protect certification (ctsProfile/basicIntegrity SafetyNet API) currently, certainly not Isolated process leaks.

If you want to update later than official Magisk, use Magisk Alpha. PW
 
Last edited:
  • Like
Reactions: 73sydney

zgfg

Senior Member
Oct 10, 2016
5,701
3,139
Magisk Lite

For anyone interested in this (those wanting basic superuser privileges, and a way to hide root from bank apps that detect isolated processes), this is released to Magisk Lite Telegram group also, but is unavailable as yet. 😕 :
https://t.me/magisklite
Web based preview:
https://t.me/s/magisklite

👍 PW

Hi how do we download file. I see no links on the page
In today's posts from @pndwall (above) find a link to the Llite Telegram channel:

Open in Chrome, translate, locate the post with app-release.apk from May 15, click on (it will open Telegram app) and then Save to Download (just checked, checksum is the same as when I previously downloaded directly from vvb2060's Lite Github page - link and download instructions were also in an pndwall's earlier post from the beginning of June)

Since Jun 2, I did couple of tests by installing the Lite and testing the modules with (additional tricks to make many modules to DO work, but some did not) and posted about 3-4 times here to the Magisk XDA thread

Currently I'm back to Alpha (latest from the Telegram, Jun 23 build)
 
Last edited:

pndwal

Senior Member
[HELP] Google pay won't work s9 plus I installed magisk on s9 plus. It won't let me use Google pay says your phone is rooted. Anyway to get the app to work. Android 10 magisk 23.

I have enabled hide and installed props config latest still i am getting phone is rooted on Google pay app.
Cts failed Eval basic Basicintegrity pass


[URL unfurl="true"]https://ibb.co/tDC4jq0[/URL]


[URL unfurl="true"]https://ibb.co/GJhZNKX[/URL]

Here some images show my settings and safetynet test EvalType Basic
Failed SafetyNet and Play Protect 'Device is not certified' (PlayStore Settings) is your problem, aside from far too many processes hidden (search here; this causes instability).

Assuming your ROM is stock, a SafetyNet Fix module should be all that is needed, aside from toggling off all unnecessary apps in MagiskHide list, toggle off Google Play Services too, then toggle off and on again MagiskHide in App Settings and recheck Google Play Services in Hide list (only one process should be selected now, com.google.android.gms.unstable SafetyNet process). Only that and hide Google Pay app is needed to fix GPay detection. (Don't add extra processes within apps). Also, clear data in Google Play Services, Google Play Store and Google Pay after that.

Back to initial setup:
Universal SafetyNet Fix Magisk module
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/
will probably fix ctsProfile fail and work for you, but most Sammy users have issues with it. It's probably not the best available solution for 'heavily skinned' OS's like One UI as it will most likely break biometric authentication or other functions, and destabilize system because customised Keystore has been replaced with AOSP one.

A newer (experimental) fix from the same dev (shims the keystore service instead of replacing it) is now working for Sammy users (confirmed to fix S20 issues) and others with:
- some 32-bit ARM devices
- Heavy OEM skins
- Samsung One UI
- MIUI (needed for some variants only)
- Broken biometric authentication in apps
- Unstable system (i.e. rebooting and/or crashing)

Link (read OP here):
https://github.com/kdrag0n/safetynet-fix/pull/13#issuecomment-767863635

S9 users still report problems with this, but additional working module variations for several specific devices are found in the closed issues mentioned / linked from PR thread above. I think you'll find a modified fix for your Sammy in this post or elsewhere in this long issue thread:
https://github.com/kdrag0n/safetynet-fix/issues/6#issuecomment-764129632
Be aware, these solutions use Keystores from specific OneUI versions.

Happy reading! PW
 
Last edited:

pndwal

Senior Member
Btw, does Netflix need to be enabled in Magisk Hide?
This I'm unsure of.

Seems many use sideloaded package for Netflix, and I got confused about claims re. split apks using (cloning?) Play Services, non- detection, etc. I suspect the reports vary due to many unorthodox setups.

All I know is that my PlayStore loaded Netflix shows, installs and opens fine with SafetyNet / PlayProtect passing on my setup on stock Magisk Alpha rooted RN8T (w/ Riru-MomoHider and Universal SafetyNet Fix modules), and root is NOT yet hidden from Netflix in MagiskHide list.

I don't have a subscription so haven't tested further, but I doubt (I'm guessing of course) I'd have issues.

Further, my understanding is that since Netflix 5.0, the real issue may be Widevine (DRM) TEE, a different TEE to the one SafetyNet uses. Netflix said at the time:
With our latest 5.0 release, we now fully rely on the Widevine DRM provided by Google; therefore, many devices that are not Google-certified or have been altered will no longer work with our latest app and those users will no longer see the Netflix app in the Play Store.

I just checked DRM Info app, and it's reporting Widevine CDM security is L1 for HDCP 2.3, so happily it seems that's not seeing bootloader unlock etc, and I'm good for 4K streaming! PW
 
Last edited:
  • Like
Reactions: ipdev and Wolfcity

bradical711

Senior Member
Aug 26, 2017
407
253
Google Pixel 4 XL
I have used Netflix for a year plus now with no issues and I've never once hidden Netflix in magisk hide itself. (Although I do have the magisk app hidden and pass safetynet). My Netflix app shows 'L1' meaning I can stream Full HD as well as download my shows. So hide doesn't need to be enabled for the app itself but you do need to be able to pass safetynet as well as have the specs for "L1" AKA 'HD streaming' or more so 'DRM'. If Netflix appears in your playstore (because of passing safetynet), that's all you need to run and update the app. Nextflix just wants money and that's why you can also sideload the app, not have proper DRM management (L3) and still watch Netflix in low resolution.. obviously no downloads of shows/direct updates but that's at the cost of Netflix not knowing the device is secure. My device is a Pixel 4 XL, A11 June Stock ROM with custom kernel, magisk, 9 modules and passing safetynet. But no Xposed variants in my module selection.
 
Last edited:

zgfg

Senior Member
Oct 10, 2016
5,701
3,139
This I'm unsure of.

Seems many use sideloaded package for Netflix, and I got confused about claims re. split apks using (cloning?) Play Services, non- detection, etc. I suspect the reports vary due to many unorthodox setups.

All I know is that my PlayStore loaded Netflix shows, installs and opens fine with SafetyNet / PlayProtect passing on my setup on stock Magisk Alpha rooted RN8T (w/ Riru-MomoHider and Universal SafetyNet Fix modules), and root is NOT yet hidden from Netflix in MagiskHide list.

I don't have a subscription so haven't tested further, but I doubt (I'm guessing of course) I'd have issues.

Further, my understanding is that since Netflix 5.0, the real issue may be Widevine (DRM) TEE, a different TEE to the one SafetyNet uses. Netflix said at the time:

I just checked DRM Info app, and it's reporting Widevine CDM security is L1 for HDCP 2.3, so happily it seems that's not seeing bootloader unlock etc, and I'm good for 4K streaming! PW
For my Mi 9T with Xiaomi.eu A11 weeklies, DRM L1 certificate was already supported (screenshots)

Also, USNF is built-in to the ROM (to force eval type Basic, to let it pass CTS Profile attest), hence I don't need/use any particular module to pass SafetyNet (my Magisk Alpha app is also not repackaged)

Device is Certified (and Play Protect is ok), therefore I just regularly downloaded and installed Netflix from the Google Play

Before running the app I enabled MagiskHide for Netflix and then I configured the given Netflix account

Actually, I have a shared account with Standard subscription, hence without Ultra HD 4K support (my Mi 9T screen resolution is 1080x2340 hence also less than 4K)

Streaming works fine and Netflix Playback Specification shows L1, Full HD (screenshot)

Edit:
I have used Netflix for a year plus now with no issues and I've never once hidden Netflix in magisk hide itself. (Although I do have the magisk app hidden and pass safetynet). My Netflix app shows 'L1' meaning I can stream Full HD as well as download my shows. So hide doesn't need to be enabled for the app itself but you do need to be able to pass safetynet as well as have the specs for "L1" AKA 'HD streaming' or more so 'DRM'. If Netflix appears in your playstore (because of passing safetynet), that's all you need to run and update the app. Nextflix just wants money and that's why you can also sideload the app, not have proper DRM management (L3) and still watch Netflix in low resolution.. obviously no downloads of shows/direct updates but that's at the cost of Netflix not knowing the device is secure. My device is a Pixel 4 XL, A11 June Stock ROM with custom kernel, magisk, 9 modules and passing safetynet. But no Xposed variants in my module selection.

Thanks, I have removed Netflix now from MagiskHide, and it continues to stream with L1, Full HD
 

Attachments

  • DRM_Info-Widevine_L1.jpg
    DRM_Info-Widevine_L1.jpg
    207.8 KB · Views: 52
  • Widewine_L1-Certificate.jpg
    Widewine_L1-Certificate.jpg
    169.6 KB · Views: 52
  • Netflix-PlaybackSpec.jpg
    Netflix-PlaybackSpec.jpg
    234.8 KB · Views: 52
Last edited:

pndwal

Senior Member
Let the conspiracy theories begin (again) :)

I liked you better when you were just being an awful Magisk Alpha tease a few days ago :p :p :p

Who's teasing?... But I'll bite.

👴🏻🧸👴🏻🧸👴🏻🧸👴🏻🧸👴🏻🧸👴🏻🧸

I try to stick to facts (especially those fostering any sort of hope), as that was... And up to date Magisk. 😛

Why stir? There's plenty doing that... and better ways! 😜

And this is not PlaySchool mate! PW

images (3).jpeg

Nb. Any perceived likeness to individuals depicted here is regretted, and the author is truly sorry... for the bear concerned, that is.

🐻🐻🐻🐻🐻🐻🐻🐻🐻🐻🐻🐻
 
Last edited:
  • Like
Reactions: 73sydney

73sydney

Senior Member
Jul 21, 2018
1,827
1,575
Sydney
Google Pixel 2 XL
Who's teasing?... But I'll bite.

👴🏻🧸👴🏻🧸👴🏻🧸👴🏻🧸👴🏻🧸👴🏻🧸

I try to stick to facts (especially those fostering any sort of hope), as that was... And up to date Magisk. 😛

Why stir? There's plenty doing that... and better ways! 😜

And this is not PlaySchool mate! PW

View attachment 5348045

Nb. Any perceived likeness to individuals depicted here is regretted, and the author is truly sorry... for the bear concerned, that is.

🐻🐻🐻🐻🐻🐻🐻🐻🐻🐻🐻🐻

Hehe, my bear is a little smaller...has to be to fit into the baby harness :p

We should really get a coffee one of these days...
 
  • Haha
Reactions: pndwal

Thisisanacct

Member
Jun 14, 2020
5
0
I was directed here from the main help thread.

I am failing SafetyNet again, on a rooted OnePlus 8 (Global, 11.0.7.7.IN21AA). I have Magisk Hide and EdXposed blacklist as well as hiddencore set up and updated, and it suddenly stopped passing SafetyNet a few days ago, and I cannot figure out why as it used to work. Disabling EdXposed fixed it, but I need it for things such as GravityBox. Any tips?
 

justDave

Senior Member
Nov 17, 2006
172
51
I was directed here from the main help thread.

I am failing SafetyNet again, on a rooted OnePlus 8 (Global, 11.0.7.7.IN21AA). I have Magisk Hide and EdXposed blacklist as well as hiddencore set up and updated, and it suddenly stopped passing SafetyNet a few days ago, and I cannot figure out why as it used to work. Disabling EdXposed fixed it, but I need it for things such as GravityBox. Any tips?
I had the same. Switched to lsposed today and it's passing SN again. Since you mention gravitybox, I should mention that I did have to uninstall and reinstall it to get it working after the switch.
 

Top Liked Posts

  • 5
    TJW Commits since Alpha:

    Commits on Sep 16, 2021
    - Update denylist config implementation
    Commits on Sep 15, 2021
    - Support enable/disable Zygisk
    - Enable Zygisk

    Enough said? 😛 PW
    6
    Btw, I've slso played with. There is one MIUI app that was not possible to enable for MagiskHide in Magisk v23 official - it was not showing in GUI.
    It was only possible through the Terminal, by using magiskhide command line

    Ofc, magiskhide applet is no more available (and there is no command-line applet for DenyList), but by enabling OS apps in Filter I was able to see and check-in that Security center app for DenyList

    And I tested with MagiskDetector, having the same results as with previous Alpha versions (no better or worse)
    And yeah, it says that "Maisk Hide works properly" 🤩
    Not an applet but, you can still do it by command line. :sneaky:
    Code:
    magisk --denylist add com.google.android.gms com.google.android.gms
    magisk --denylist add com.google.android.gms com.google.android.gms.unstable

    Magisk - Multi-purpose Utility
    Code:
    Usage: magisk [applet [arguments]...]
       or: magisk [options]...
    
    Options:
       -c                        print current binary version
       -v                        print running daemon version
       -V                        print running daemon version code
       --list                    list all available applets
       --remove-modules          remove all modules and reboot
       --install-module ZIP      install a module zip file
    
    Advanced Options (Internal APIs):
       --daemon                  manually start magisk daemon
       --stop                    remove all magisk changes and stop daemon
       --[init trigger]          start service for init trigger
                                 Supported init triggers:
                                 post-fs-data, service, boot-complete
       --unlock-blocks           set BLKROSET flag to OFF for all block devices
       --restorecon              restore selinux context on Magisk files
       --clone-attr SRC DEST     clone permission, owner, and selinux context
       --clone SRC DEST          clone SRC to DEST
       --sqlite SQL              exec SQL commands to Magisk database
       --path                    print Magisk tmpfs mount path
       --denylist ARGS           denylist config CLI
    
    Available applets:
        su, resetprop

    DenyList Config CLI
    Code:
    Usage: magisk --denylist [action [arguments...] ]
    Actions:
       status          Return the enforcement status
       enable          Enable denylist enforcement
       disable         Disable denylist enforcement
       add PKG [PROC]  Add a new target to the denylist
       rm PKG [PROC]   Remove target(s) from the denylist
       ls              Print the current denylist
       exec CMDs...    Execute commands in isolated mount
                       namespace and do all unmounts

    Cheers. :cowboy:
    3
    I finally updated my Xiaomi Mi 9T, running Xiaomi.eu_Stable, A11 (MIUI 12.1) to the latest Alpha b6298f86.
    Thanks @pndwal for encouraging me

    With this ROM and with the old Magisk v23 (incl. the previous Alpha versions) I didn't need any modules, spoofing or so - it was simply passing SafetyNet with MagiskHide enabled (and my SN was not affected by the recent Google move on Sep 2 or so)

    Now, cat has changed the color (Deng) but it still catches the mice - with DenyList enforced and the usual two GMS processes enlisted, it happily passes the SN again
    2
    Even i got in on the act and updated to latest Alpha, decided not to be lazy. Enable System Apps, a few ticks for that, a list of Samsung gear...my bank.

    Look Marvin, I can haz Magisk Deny and SafetyNet:)

    View attachment 5411513

    Now reinstalling modules...
    Btw, I've slso played with. There is one MIUI app that was not possible to enable for MagiskHide in Magisk v23 official - it was not showing in GUI.
    It was only possible through the Terminal, by using magiskhide command line

    Ofc, magiskhide applet is no more available (and there is no command-line applet for DenyList), but by enabling OS apps in Filter I was able to see and check-in that Security center app for DenyList

    And I tested with MagiskDetector, having the same results as with previous Alpha versions (no better or worse)
    And yeah, it says that "Maisk Hide works properly" 🤩
    3
    "CRACK"

    We have a problem Nigel!

    Same same:

    - Everything 'keeps stopping'
    - Standard clock widget broken
    - Magisk needs further setup / fails
    - No root apps open incl. Viper
    - Other apps fail too
    - Screenshot broken
    etc.

    But wadaya spect? First iteration of Zygisk on bleeding edge Alpha w/ untold TJW added-then-reverted commits...

    I'm reverting too for now...

    Still, it was worth a crack Nigel! ... just part of life!

    Nigel?...

    ...You don't like talking to me do you?

    I'm not getting you down at all am I?... I wouldn't like to think that I was getting you down...

    ... Life... Don't talk to me about life....

    It's the people you meet in this job that really get you down... The best conversation I had was over forty million years ago ... And that was with a coffee machine... Sigh.

    ☹️ Marvin.

    Edit: Revert to previous Alpha went fine for me.. Had to clear Play Store / Play Services for Device certification... Viper driver still enabled / normal...

    Coulda been a Zygisk conflict w/ Riru?...

    I'm lonely... where's that coffee machine...
  • 44
    OK. AIO solution. Modded "Universal SafetyNet Fix" module. Just added "model" props.
    17
    So, new layer of HARDWARE detection is here.
    SafetyNet failed on devices, where must bee HARDWARE detection. GMS no longer check system response of evaluation type, and force check HW. USNF doesn't work in this cause.
    Hm, funny things happening. I was thinking this is upgrade of HW attestation, but it is DOWNGRADE actually. 😄

    Remember my old first simple digging into HW?
    It`s..... working again.

    Looks like a temporary solution or just "combo" of old and new methods from Google.
    This explains the fact that dirty hack with Xposed-s working now.

    So, this current environment may be temporary or preparation for something BIGGER.

    In conclusion: in this time to passing SafetyNet you need just my old "hardware_off" module from link above or "MagiskHidePropsConf" with any "BASIC" print with model simulation and kdrag0n-s "Universal SafetyNet Fix".

    No ***-posed-s need!
    16
    Few Headsups:

    1) There are reports that Danny's (@kdrag0n) new early release Universal SafetyNet Fix 2.0.0 (combines AOSP Keystore and shim Keystore solutions) is restoring ctsProfile for some. It just may work for all, but not enough reports as yet. Also, it requires a payment at this stage:
    https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/post-85581909

    https://github.com/kdrag0n/safetynet-fix/pull/13#issuecomment-904209677

    2) There are reports that simply using MagiskHide Props Config module to 'delete' ro.product.model prop fixes ctsProfile on custom ROMs where other methods have failed. Eg:
    https://github.com/kdrag0n/safetynet-fix/issues/78#issuecomment-912885628

    3) New MagiskHide Props Config module 6.0.0 just released with all the sensitive prop values that MagiskHide changed up to and including Magisk v23 set by default, "Force BASIC key attestation" re-enabled (for Googles latest changes), and various other fixes.
    https://forum.xda-developers.com/t/...p-edits-and-more-v6-0-0.3789228/post-85581939

    I have to agree that this module's name does suddenly seem very apt, and as always, it proves elegant in its versatility. 😛👍

    4) Another elegant solution that some may have relegated to a bygone era seems to be coming back in fashion to!

    Those with Google Pay problems persisting after fixing ctsProfile are reporting in GPay threads, here and elsewhere, that GPay-SQLite-Fix + SQLite binary modules from stylemessiah (a connoisseur at least in digital fashion ... or perhaps just lucky, our @73sydney, - original solution from @BostonDan ) is fixing these for them once again. 😜 Eg:
    https://github.com/kdrag0n/safetynet-fix/issues/78#issuecomment-912798412

    WOT 😉 to read if interested:
    https://forum.xda-developers.com/t/...s-of-gms-17-1-22-on-pie.3929950/post-79643248

    🤠 PW
    15
    ro.product.model was enough for my OP8T, but I didn't like how Google Play Services started referring to my device as "OnePlus BASIC" with the "hardware off" module, so I knocked together this module really quickly to just append _SN to the real model name. WFM. 🤘
    13
    Hi all. :)

    A bit OT but..

    Since there are a few mentioning SuperSU recently.

    SuperSU was only a root solution. Nothing about it was hiding.
    Chainfire did create a separate app suhide (later suhide-lite) for hiding the su binary.​

    So by removing hide from Magisk, it will actually be more similar to SuperSU.
    Save for the awesome overlay implementation that allows the easy use of Modules.
    +1,000 points to Magisk. ;)

    Chainfire sold SuperSU to CCMT in good faith that they would continue the work..
    As far as I know, CCMT only released one update on their own.
    It was broken so Chainfire stepped in (took two days for him to fix) and a new release was pushed to PlayStore.
    I forgot they put their apology in the SuperSU OP.​

    After that, CCMT and support for SuperSU started to disappear.​

    Magisk is still fully suported.

    Quick highlight of Magisk's growth and development..
    • Magisk was originally just a Magic Mask.
      The systemless overlay that allowed us to modify systemlessly.
      Since it requires root, you had to install a root solution.
      SuperSU or superuser
    • Magisk includes a root solution.
      This starts off basic and grows into what is now the magisk su binary.​
    • Magisk can now hide itself.
      This grows into what is/was MagiskHide.​
    • The next step of growth and development. :unsure:
      Every step along the way has lead to an improvement.
      As someone who used Magisk with SuperSU.
      I am a bit anxious but, more excited to find out. :D

    Note:
    This was a quick highlight.
    I skiped A LOT.
    For a while, the official MagiskManager app was installed from PlayStore.
    I do not remember.. Did we pay for it?

    Cheers all. :cowboy:
  • 1060
    This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases.
    All information, including troubleshoot guides and notes, are in the Announcement Thread
    156
    Hello, I haven't given much support on XDA lately. It can be resulted from
    • University started and I have limited free time. In fact, I mostly develop during midnight
    • I live in Taiwan, which has large time zone differences between my European/American contributors/testers, which usually forces me to stay up late at night to discuss/test stuffs.
    • The new version is about to come, I don't want to spend effort on supporting old releases
    The planned update is delayed again and again, to some point I think I'll shed some light about what has been happening lately, also along with some announcements.

    New Forum!
    As you might have already discovered, Magisk got its own subforum on XDA! Many thanks to all the support you gave me, and much more information/features/support is about to come!
    **For developers supporting all the devices that are not using standard Android boot format, feel free to create threads in this section (actually, PLEASE do so) for your favorite devices after v7 is out. As I currently know, Asus devices require signing the boot image before flashing, and is model dependant; Sony devices seems to use ELF kernel that is unpatchable, or some has two ramdisks (inner + outer), both requires different workarounds; LG bootloader locked devices has to manually "BUMP" the boot image after flashing Magisk..... and there may be lots of other crazy boot image formats that haven't come up to my attention yet.
    It is impossible for me to support all these non-standard boot images, and I hope the community can collaborate to make Magisk running across all the devices. Overall, community collaboration is what XDA about :D

    The Pixel Phone
    Some of you might already know this news, that the next Pixel Phone right around the corner seems like it does not have ramdisk in boot image, which pretty much wrecked Magisk in all ways. However, it pretty much doomed root itself too. Kernel modifications is inevitable IMO, so I'll try to migrate my scripts to C programs that could possibly be included into the kernel itself. Note that I'm not familiar with linux kernel, I'm not even sure if my idea and concept is correct or not. But once the device is available, I think developers will find a way to bypass all the difficulties, and I'll do my best to learn things ;)

    Current Progress
    In the past month, I've spent quite some time learning SELinux, so that I can avoid using SuperSU's sepolicy patches. Thanks to the helps and tips from @phhusson and @Chainfire, I finally have a much clearer understanding of how SELinux works. The Magisk core parts (the scripts, boot image patches, new features, more supports) are actually done some time ago. What is causing all the delays is the Magisk Manager.
    To be completely honest, although I can code in Java without much issues, Magisk Manager is actually my first Android application, I had to reach out for assistance, and fortunately awesome developers like @DVDandroid and @digitalhigh contributed a lot, which makes the current Manager awesome.
    After the repo system and module management is mostly done, I was about to do some adjustments and release, but what we really done is decided to add another feature: auto-unroot with per-app settings. I decided to wait for it to be finished, and then do my adjustments. Due to reasons that'll be mentioned later, this feature will likely not be available for the next release (should come in future updates)

    Safety Net Disaster
    Those who are using Magisk for Safety Net bypass purposes must have known that Google recently updated the detection method of my Systemless Xposed. I still have no idea what Safety Net is detecting, so currently I cannot fix it on my side (also because I'm busy working on the next update). However, suhide developed by @Chainfire is able to hide Xposed and worked fine.
    However, only my Systemless Xposed v86.2, which is based on SuperSU's su.d, is supported using that method. v86.2 and v86.5 (latest, Magisk based) have nearly identical binaries, and the only difference is the path where the binaries are stored.
    I'm still not sure what's the real issue for it not being supported, I just hope it is not done intentionally.

    Conclusion
    Due to the fact that my Safety Net bypass is not 100% perfect now, I do not want to spend any more time waiting for auto-unroot to be polished. What I'm doing now is finishing up all the things I'd like to change in Magisk Manager (it has been a while since I last contributed to Manager, my fellow developers are doing all the heavy job), which might take a little more time, after that, packed with tons of information to be announced in Magisk Section, I'll release the long awaited update.

    Hope this lengthy post gives you the idea of the whole situation, and again thanks for all your support!!
    121
    Ah, some Chainfire bashing, I hope it is not too late for me to exercise additional villainy.

    First, let me make clear I have nothing against @topjohnwu, nor against Magisk. Magisk is an interesting project and it certainly displays @topjohnwu ingenuity and persistence. I don't doubt we will see more interesting things from his hands.

    -------------------------

    What has happened here is not all that dark and complicated, from either end. I returned from holidays, and someone pointed me at Magisk. My first thought: interesting!

    Among other things, the thread lists some issues with SuperSU, which in combination with the phrase The developer also requests users to not bug Chainfire with compatibility requests for SuperSU with Magisk from the portal article, raised my left eyebrow by nigh half an inch. The popular systemless xposed mod is apparently now based on it, and apparently it now no longer works with SuperSU, and apparently I'm not supposed to fix that, nor any of the other found issues. I found that a bit weird. So yes, I have told @topjohnwu that I was a bit surprised he was posting about issues with SuperSU without notifying me about them (I can't fix or help fix issues I'm not aware of, after all).

    He's also spreading a modified version of the SuperSU package, which is not all that uncommon, nor necessarily a problem. I have not looked into what he modified, I only ran a few quick tests on one of my devices, and found some commonly used commands run as root to be broken. I have informed him of this as well.

    It appears the tool of choice for Magisk is phh's Superuser, because of some of the mentioned issues with SuperSU. That's fine by itself, but fixing issues in that superuser by incorporating SuperSU's binaries into it is a somewhat questionable practise. After all, SuperSU is a commercial closed-source package that helps pay for my dinner, and superuser is a direct competitor. I have informed him that I was surprised he did this without asking for permission. I have expressed similar surprise on him spreading a modified version of LiveBoot (which helps pay for a snack now and then).
    @topjohnwu has also stated that Magisk's scripts are largely influenced by mine (I have not checked). Scripts based on mine are used all over the place on XDA, some people have crafted amazing things based on them, I have never made an issue of this (otherwise I would have just made them binaries). But yes, I have also stated to him that I don't think it's very nice to base something on one program, and then using that to (almost exclusively) push something directly competing with that program.

    tl;dr Towards @topjohnwu, I have:
    - expressed surprise he has issues getting Magisk to work with SuperSU, and has chosen not to inform me about those
    - expressed surprise he is using SuperSU binaries in a competing superuser without permission
    - expressed surprise he is posting a modified LiveBoot without permission
    - informed him of issues with the modified SuperSU he has posted
    - let him know I thought it wasn't very nice to be applying my scripts to benefit seemingly exclusively that same competing superuser

    To be crystal clear:
    - I have not asked for an apology
    - I have not asked for Magisk to be abandoned, neither the root hiding nor systemless module parts, and certainly not systemless xposed
    - I have not made an issue of any of this anywhere, until this post
    - I have not even specifically asked for anything to be taken down (though obviously in my opinion the other superuser package mixed with SuperSU's binaries, as well as the LiveBoot package, should go)
    - I have not reported this thread to XDA moderators for copyright violations or otherwise

    While my conversation with @topjohnwu may not win any awards for being friendly (though it may win some for brevity), I think all things considered my response has been rather mild. To be perfectly honest, until the apology post, I thought this was over with already. I think the apology post was triggered because I haven't replied to his last PM for a while - I was in the zone, it happens.

    To emphasize again, I have nothing against @topjohnwu, Magisk, or systemless xposed, and it is certainly not my goal to see any of them go. If it can be made to work together with SuperSU, great.

    I get it though: you think of something, you want to see if you can make it work, you finally get it to work, you publish it, it takes off - enthusiasm gets the better of you. Maybe in the rush some mistakes are made. That doesn't mean you have to just drop it and run. None of my stuff would make it past 0.1 if I stopped at the first big mistake :)

    Aside from said being in the zone coding, I usually regret actually responding to these sort of things the day after, which has made me hesitant to reply. Surprise me.
    76
    Thread temporarily closed so everyone sees this.

    The flood of "SafetyNet isn't working for me either!" posts are not helpful, at all. Please refrain from posting further, it will be looked into. Please do not forget that not passing SafetyNet is 100% NORMAL AND INTENDED when you have an unlocked booloader or running custom firmware. These are workarounds and they will be worked around in turn.

    The Flash
    Forum Moderator

    EDIT: Thread is reopened... I will be cleaning any SafetyNet posts for a while to keep the thread clean for real issues.
    75
    Hello everyone!

    I am aware that Google has updated Safety Net that makes Magisk itself a no go for Android Pay. In fact, I witnessed the change live while I am developing the new magiskhide, which should hide all Magisk modules and Magisk installed root.

    Google is serious about Safety Net now, clearly hunting down all possibility to run Xposed with Safety Net passed. I spend quite some time examining the new security measures last midnight, and fortunately it seems that it is possible to run Magisk and root along with Safety Net if no Xposed is running. I'm glad I removed the old root toggle at the right time lol, that is no longer feasible with the latest detection.

    So stay tuned for the next update, it will come with bug fixes, along with the new magiskhide to bypass that Safety Net.

    Google, how will a few systemless mods do any harm :p:p