• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Magisk General Support / Discussion

Search This thread

pndwal

Senior Member

Latest @vvb2060 Magisk Alpha build (July 24, 2021) changelog:​

Skipped a few due to rapid-fire! (This guy's a bit like Jorrit!)

Chinese Translated:

alpha update log​

Magisk (1eb83ad8-alpha-25)​

  • Based on 1eb83ad8, please refer to the upstream update log for related modifications
  • Properly process any data from magiskd
  • Support SharedUserId
  • Delete the backup file after restoring the boot image
  • Built-in current version update log
  • Use the local version when the stub cannot be downloaded, now Magisk can be used completely offline
  • Support bootimg v4 format
  • Support bootconfig
  • Detect /data/adb/magisk/ not updated and prompt to repair
  • Remove the disabled and pending deletion marks when upgrading the module, and it is not allowed to mark as pending deletion before restarting
  • Fix that it cannot be flashed in some TWRP
  • Modify the search order of the module sepolicy location, fix the problem that some devices do not load the module sepolicy
  • Listen to the PACKAGE_FULLY_REMOVED broadcast to remove completely uninstalled apps from magiskhide
  • Display the modal waiting pop-up window when hiding/restore the Magisk application
  • App adapted to Android 12
  • Android 12+ super user hides the screen overlay when the window pops up
Edit: New changes since 1eb83ad8-alpha-19
  • For devices supported by the kernel, MagiskSU uses proprietary devpts to bypass some application detection
  • Rewrite MagiskSU's logic to open pty and delete extra sepolicy rules
  • Fix incorrect signal sending in MagiskHide
  • Add untrusted_app_30
https://github.com/vvb2060/Magisk/b...ecefa63e8b4/app/src/main/res/raw/changelog.md

My earlier notes:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85098469

Current notes:

Check 'earlier notes' for installation method / details.

Alpha build users won't yet see Update button notice in Magisk App for this build as VersionCode has (again) NOT changed from 23001.

I'm not sure if this behaviour will be addressed, but users will observe the 'Latest' and 'Installed' version suffix now differs.

Latest in GitHub magisk_files repo is 1eb83ad8-alpha-25

Latest available from Telegram group is
1eb83ad8-alpha-25

https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85229385

Interestingly, in Magisk Documentation, @vvb2060 has updated "Internal Details" and "Deployment" since John did.
https://github.com/vvb2060/Magisk/tree/alpha/docs

🤠 PW
 
Last edited:

pndwal

Senior Member
you and pndwal and the rest of the contributors on this forum do a great job teaching the way of magisk to new and old users just wanted to say
also here's the apk for that one guy who don't like telegram
Nb. I only posted (Chinese) Telegram links here as a recent build was only uploaded there, but most have also been available on @vvb2060's GitHub as is 1eb83ad8-alpha-25. Please see my 'earlier notes' linked with changelogs. PW
 
Last edited:

pndwal

Senior Member
@73sydney Although, I intend to jump on the bandwagon and flash Alpha. Is it safe to say that the best way to update Alpha would be to simply install the apk on top of the current version?
Since you are asking about updating Alpha (and I'm speaking about after an Alpha Magisk App has been installed and Alpha channel set; before this you may need to remove older App) I'll add that direct update from App has worked fine for some builds with no initial changes even with hidden App. However w/ App update, other builds have failed to find and replace hidden App, and required that to be removed later from device settings, Apps to restore functionality.

I recommend you Restore (unhide) Magisk App before updating for this reason. PW
 
Last edited:

xAxB

Member
Mar 9, 2017
25
7
Hello, I hope that this is the right thread for general support.

I am trying to use Magisk (tried both v23.0 and Canary) to root my Samsung Tab S4 (Android 10, security patch March 2021) following the Samsung (System-as-root) guide posted here: https://topjohnwu.github.io/Magisk/install.html

1. When I click "Install" there is the option to tick / untick "Preserve force encryption" - What should I do with this?

2. Regardless of whether I tick it or not, selecting "Next" would let me "Select and Patch a file". However, and this is my main problem, I am unable to select the AP_[device_model_sw_ver].tar.md5 file. I can find it, but not select it. It doesn't matter if I put it on the internal storage, or microSD card, everything is just greyed out.

Is there a solution to this problem? Thanks.
 

zgfg

Senior Member
Oct 10, 2016
5,727
3,180
Hello, I hope that this is the right thread for general support.

I am trying to use Magisk (tried both v23.0 and Canary) to root my Samsung Tab S4 (Android 10, security patch March 2021) following the Samsung (System-as-root) guide posted here: https://topjohnwu.github.io/Magisk/install.html

1. When I click "Install" there is the option to tick / untick "Preserve force encryption" - What should I do with this?

2. Regardless of whether I tick it or not, selecting "Next" would let me "Select and Patch a file". However, and this is my main problem, I am unable to select the AP_[device_model_sw_ver].tar.md5 file. I can find it, but not select it. It doesn't matter if I put it on the internal storage, or microSD card, everything is just greyed out.

Is there a solution to this problem? Thanks.
Which Magisk Manager/App version do you use - in v23 there should be no more Preserve force encryption option (removed long ago)?
Download the latest Magisk App from Magisk Github

How big is your md5 file? If 32 bytes or so, it would be just a textual file containing MD5 checksum of the ROM file
 
Last edited:

pndwal

Senior Member
Hello, I hope that this is the right thread for general support.
Yup!
I am trying to use Magisk (tried both v23.0 and Canary) to root my Samsung Tab S4 (Android 10, security patch March 2021) following the Samsung (System-as-root) guide posted here: https://topjohnwu.github.io/Magisk/install.html

1. When I click "Install" there is the option to tick / untick "Preserve force encryption" - What should I do with this?
This is a per-device setting (doesn't show for many. I think only on older devices). Generally, these are correctly set; only change if you have issues.

In this instance, I think you'll only need it if you wish to decrypt device (for custom ROM, TWRP etc?), and some devices may bootloop if not checked. That said, if it's off by default, I'd leave it that way...
2. Regardless of whether I tick it or not, selecting "Next" would let me "Select and Patch a file". However, and this is my main problem, I am unable to select the AP_[device_model_sw_ver].tar.md5 file. I can find it, but not select it. It doesn't matter if I put it on the internal storage, or microSD card, everything is just greyed out.

Is there a solution to this problem? Thanks.
Not a Sammy guy, [edit: this is wrong] but the install instructions seem to be in error; AFAIK, MD5 (message-digest algorithm) is only used to verify file integrity. Is there also an AP_xxxx.tar file? I'm guessing John ment to specify that... PW
 
Last edited:

J.Michael

Recognized Contributor
Jan 20, 2018
845
708
Samsung Galaxy Tab A series
Yup!

This is a per-device setting (doesn't show for many). Generally, these are correctly set; only change if you have issues.

In this instance, I think you'll only need it if you wish to decrypt device (for custom ROM etc?), and some devices may bootloop if not checked. That said, if it's off by default, I'd leave it that way...

Not a Sammy guy, but the install instructions seem to be in error; AFAIK, MD5 (message-digest algorithm) is only used to verify file integrity. Is there also an AP_xxxx.tar file? I'm guessing John ment to specify that... PW
Sometimes the .tar.md5 file is the .tar file, with the md5 of the tar file appended. That's what I got when I unpacked the zip file I downloaded, that's what I fed to the antediluvian Magisk I used. @zgfg's suggestion of checking the file size is a good start.

The talk about being unable to select a file (@xAxB said the files were all grayed out) makes me think it's some permission issue. I don't think the content of the file matters until after you've selected an inappropriate file.
 

xAxB

Member
Mar 9, 2017
25
7
Which Magisk Manager/App version do you use - in v23 there should be no more Preserve force encryption option (removed long ago)?
Download the latest Magisk App from Magisk Github

How big is your md5 file? If 32 bytes or so, it would be just a textual file containing MD5 checksum of the ROM file

I tried both Canary (23001), and 23.0 (23000) (21) (downloaded from Github and it does show. Perhaps it is as @pndwal mentioned, a per-device setting (the Tab S4 is 3 years old)?

On the plus side, I sorted out the greyed out thing. Basically you can't just tap on Galaxy Tab S4 / SD card and select the file from there (everything is greyed out), but select an external app (e.g. My File) from within Magisk, and select from there. Hope that makes sense for anyone who run into this issue (on Googling, I am not the only one who ran into this issue).

I would also like to confirm that the tar.md5 file is 4.05GB and this seems to be the way the AP are named, at least on the Tab S4.
 

pndwal

Senior Member
Hello, I hope that this is the right thread for general support.

I am trying to use Magisk (tried both v23.0 and Canary) to root my Samsung Tab S4 (Android 10, security patch March 2021) following the Samsung (System-as-root) guide posted here: https://topjohnwu.github.io/Magisk/install.html

1. When I click "Install" there is the option to tick / untick "Preserve force encryption" - What should I do with this?

2. Regardless of whether I tick it or not, selecting "Next" would let me "Select and Patch a file". However, and this is my main problem, I am unable to select the AP_[device_model_sw_ver].tar.md5 file. I can find it, but not select it. It doesn't matter if I put it on the internal storage, or microSD card, everything is just greyed out.

Is there a solution to this problem? Thanks.
Just tried this for fun:
- Downloaded SM-T830_2_20201216125534_g1kppegt0a_fac.zip (Stock Android 10 for Tab S4 Australia T830 ROM)
- Extracted on my Xiaomi RM8T (stock ROM, Alpha Magisk)
--> Result

Screenshot_2021-07-24-23-17-26-115_com.speedsoftware.rootexplorer.jpg


- Patched AP_T830XXU4CTL2_CL19646842_QB36555982_REV00_user_low_ship_MULTI_CERT_meta_OS10.tar.md5 as is
--> Result

Screenshot_2021-07-24-22-36-33-802_com.topjohnwu.magisk.jpg


magisk_patched-23001_5zUJB.tar = 4.35GB.

I love a challenge, so I was disappointed not to have as much fun as I'd hoped for... No challenge at all... But I did learn something. 😛

Seems (to me) that .tar.md5 indicates a tar with a message-digest algorithm, a Cryptographic hash function. (Attackers are forced to decipher those hash values if they want to exploit them. Hashes slow down attackers.)

Edit: see the following is sorted now. 👍
[I'm now thinking permission issue (likewise) or file browser used by Magisk App....]


Hope this helps. PW
 
Last edited:
  • Like
Reactions: xAxB

pndwal

Senior Member
Anyone willing to mirror those alphas here at least? I don't use Telegram, sorry.
Latest works fine as reported, and is on GitHub. You generally won't need Telegram as I said today:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85372219

It's best not to add unauthorised sources. (Countless are suspect.)

See 'earlier notes' here for GitHub link:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85372173

👍 PW
 
  • Like
Reactions: J.Michael and ipdev

pndwal

Senior Member
I tried both Canary (23001), and 23.0 (23000) (21) (downloaded from Github and it does show. Perhaps it is as @pndwal mentioned, a per-device setting (the Tab S4 is 3 years old)?

On the plus side, I sorted out the greyed out thing. Basically you can't just tap on Galaxy Tab S4 / SD card and select the file from there (everything is greyed out), but select an external app (e.g. My File) from within Magisk, and select from there. Hope that makes sense for anyone who run into this issue (on Googling, I am not the only one who ran into this issue).

I would also like to confirm that the tar.md5 file is 4.05GB and this seems to be the way the AP are named, at least on the Tab S4.
Great.

Did it flash / boot w/ Magisk root ok?... Also, I'm interested to know if 'Preserve force encryption' is checked or unchecked by default for your device. 👍 PW
 
  • Like
Reactions: xAxB and J.Michael

pndwal

Senior Member
Which Magisk Manager/App version do you use - in v23 there should be no more Preserve force encryption option (removed long ago)?
Download the latest Magisk App from Magisk Github
I tried both Canary (23001), and 23.0 (23000) (21) (downloaded from Github and it does show. Perhaps it is as @pndwal mentioned, a per-device setting (the Tab S4 is 3 years old)?
FWIW, here's the criteria for several options showing / reasons for hiding per device:
John Wu, Aug 24, 2020

Magisk Manager will no longer show confusing/useless installation options to the user in the following cases:

• Keep forceencrypt on FBE: does not work
• Keep verity on SAR: dangerous/does not work
• Recovery mode on devices with ramdisk: not needed

Disabling force encryption and dm-verity is only relevant in the time of past. In the spirit of backwards compatibility, these options are still there on supported legacy devices. Devices with ramdisk installing with recovery mode enabled will simply go straight to bootloops 😂

In case removing the option to disable AVB 2.0 (for direct partition rw) on SAR is controversial: on legacy SAR, system is always rw-able, other partitions require patching DTB that could cause bootloops on some devices; for logical partitions it's ... well, "complicated".

The tools for stripping AVB flags in various places (fstab in ramdisk, DT in boot, DTB/DTBO partitions) are still there in magiskboot, so for advanced users/devs, all power to you! I just no longer want to allow normal root users to break their devices with options in the app.
www.twitter.com/topjohnwu/status/1297833910320021504

So seems Keep forceencrypt requires FDE (Full Disk Encryption - legacy) support to show / work. (Newer devices use File Based Encryption.)

Devices shipping with Android 4.4+ implemented FDE as an option. From Android 7.0, it was enabled by default.

Many devices shipping with Android 9 moved to FBE. Devices shipping with Android 10+ were required to move to FBE.

Samsung Galaxy Tab S4 shipped with Android 8.1. PW
 
Last edited:

ipdev

Recognized Contributor
Feb 14, 2016
1,504
1
1,892
Google Nexus 10
Nexus 7 (2013)
@zgfg @pndwal @J.Michael @xAxB

It has been quite a while since I had Samsung.
Android 5.1.x days. ;)

Since then I have decompressed Samsung factory roms to borrow some prop(s) or ...

Samsung stock roms are always in .tar.md5 format.
OT:
If you are manually decompressing Samsung factory roms, you might run into a password protected compressed image.
Big thanks to Rick#2 for his post Here, helped saved me some time a few years ago. ;)

Cheers all. :cowboy:
 
  • Like
Reactions: pndwal and zgfg

ipdev

Recognized Contributor
Feb 14, 2016
1,504
1
1,892
Google Nexus 10
Nexus 7 (2013)
This is a per-device setting (doesn't show for many. I think only on older devices). Generally, these are correctly set; only change if you have issues.

Magisk install differs between device and system builds.
Using Magisk Canary

My OnePlus 6T is still regular A/B device.
I get the option to Install to Inactive Slot (After OTA).​

My Pixel(s) have been updated to virtual A/B devices.
No option to Install to Inactive Slot (After OTA).​

I am not sure what I recently flashed, but I had the option to Preserve force encryption.
Might have been my Nextbit Robin (Lineage 18.1).
I leave it at work for streaming music. Will double check in a few days when I go back to work. ;)


FWIW, here's the criteria for several options showing / reasons for hiding per device:

So seems Keep forceencrypt requires FDE (Full Disk Encryption - legacy) support to show / work. (Newer devices use File Based Encryption.)

Devices shipping with Android 4.4+ implemented FDE as an option. From Android 7.0, it was enabled by default.

Many devices shipping with Android 9 moved to FBE. Devices shipping with Android 10+ were required to move to FBE.

Samsung Galaxy Tab S4 shipped with Android 8.1. PW
Wonder if Preserve force encryption still shows on older devices that have been updated to FBE. :unsure:
I know all I had to do was edit the fstab to remove forceencrypt on my Nexus (5X?) that was updated to FBE.
I am back on razorloves' builds for my Nexus 5, 5x and 6p so, back to FDE.

Cheers. :cowboy:
 

Attachments

  • Screenshot_20210724-143559.jpg
    Screenshot_20210724-143559.jpg
    131.8 KB · Views: 44
  • Screenshot_20210724-143333_Magisk.png
    Screenshot_20210724-143333_Magisk.png
    63.4 KB · Views: 45
  • Like
Reactions: pndwal and zgfg

jons99

Senior Member
Nov 5, 2019
203
241
Magisk install differs between device and system builds.
Using Magisk Canary

My OnePlus 6T is still regular A/B device.
I get the option to Install to Inactive Slot (After OTA).​

My Pixel(s) have been updated to virtual A/B devices.
No option to Install to Inactive Slot (After OTA).​

I am not sure what I recently flashed, but I had the option to Preserve force encryption.
Might have been my Nextbit Robin (Lineage 18.1).
I leave it at work for streaming music. Will double check in a few days when I go back to work. ;)



Wonder if Preserve force encryption still shows on older devices that have been updated to FBE. :unsure:
I know all I had to do was edit the fstab to remove forceencrypt on my Nexus (5X?) that was updated to FBE.
I am back on razorloves' builds for my Nexus 5, 5x and 6p so, back to FDE.

Cheers. :cowboy:
I'm not sure but I think you need to first uninstall magisk from the app then apply the ota and then you'll get an option to install to the other slot personally I never tried it as I always flash everything in fastboot
 

ipdev

Recognized Contributor
Feb 14, 2016
1,504
1
1,892
Google Nexus 10
Nexus 7 (2013)
I'm not sure but I think you need to first uninstall magisk from the app then apply the ota and then you'll get an option to install to the other slot personally I never tried it as I always flash everything in fastboot
Normally I do not use the OTA updater. ;)

I normally use TWRP or fastboot to install full updates.
I only install TWRP on older devices.
I will normally boot into TWRP using fastboot boot on newer devices.
or use the custom recovery that is built/installed with the custom rom I am using.​

Recently, on my OnePlus 6T, I tried using the built in OTA update.
This was not a true OTA since I downloaded and used the full update instead of a partial update.

I was on OOS v10.3.10
No Magisk. No TWRP.

Downloaded v10.2.11 and upgraded using OnePlus's local update to install.
Copied update to /sdcard/

Installed Magisk (app), patched the v10.2.11 boot image and rebooted to bootloader.
Used fastboot to boot the patched image.
fastboot boot magisk_patched-23001_IWxOc.img
Used Magisk (app) to install using the Direct install option.
Rebooted to make sure Magisk was active.​

Downloaded v10.3.12.
Deleted the 10.3.11 version in /sdcard/
Pushed 10.3.12 to /sdcard/ and used OnePlus's local update to install.

When done, I did not reboot.
Then flashed TWRP using Magisk's Module installer.
Then installed Magisk to inactive slot and rebooted from Magisk.

OnePlus 10.3.12 booted with Magisk installed and active.
Rebooted to recovery adb reboot recovery and I booted into TWRP.
From TWRP, I rebooted to system (using the power menu in TWRP) and I was back in OOS 10.3.12

Seemed to work on my OnePlus 6T. ;)
Android 10 (SDK29) Regular A/B device.

As I mentioned a while back, osm0sis found a way to do it with virtual A/B devices.
Post #45,597

To quote one of osm0sis's post linked in my older post.
Finally figured out the right method for keeping SafetyNet passing even though the new Virtual A/B slot Incremental Google OTA process needs the updated slot to stay unrooted to pass the post-reboot checks:

Cheers. :cowboy:
Edit:
PS.
If I remember correctly, OnePlus OTA updater would detect root/modified system.
So it would download/install the full version instead of an incremental/partial update.
[/I]
 
Last edited:

jons99

Senior Member
Nov 5, 2019
203
241
Normally I do not use the OTA updater. ;)

I normally use TWRP or fastboot to install full updates.
I only install TWRP on older devices.
I will normally boot into TWRP using fastboot boot on newer devices.
or use the custom recovery that is built/installed with the custom rom I am using.




Recently, on my OnePlus 6T, I tried using the built in OTA update.
This was not a true OTA since I downloaded and used the full update instead of a partitial update.

I was on OOS v10.3.10
No Magisk. No TWRP.

Downloaded v10.2.11 and upgraded using OnePlus's local update to install.
Copied update to /sdcard/

Installed Magisk (app), patched the v10.2.11 boot image and rebooted to bootloader.

Used fastboot to boot the patched image.
fastboot boot magisk_patched-23001_IWxOc.img

Used Magisk (app) to install using the Direct install option.​

Rebooted to make sure Magisk was active.

Downloaded v10.3.12.
Deleted the 10.3.11 version in /sdcard/
Pushed 10.3.12 to /sdcard/ and used OnePlus's local update to install.

When done, I did not reboot.
Then flashed TWRP using Magisk's Module installer.
Then installed Magisk to inactive slot and rebooted from Magisk.

OnePlus 10.3.12 booted with Magisk installed and active.
Rebooted to recovery adb reboot recovery and I booted into TWRP.
From TWRP, I rebooted to system (using the power menu in TWRP) and I was back in OOS 10.3.12


Seemed to work on my OnePlus 6T. ;)
Android 10 (SDK29) Regular A/B device.

As I mentioned a while back, osm0sis found a way to do it with virtual A/B devices.
Post #45,597

To quote one of osm0sis's post linked in my older post.


Cheers. :cowboy:
 

Top Liked Posts

  • 9
    Completely factual post, must be impersonal machine, just facts. Must not smile, must not
    emote.
    Come on mate... That's not what it's about. It's the page after page of off-topic social media/Telegram style posting, that clutters the thread so much that discussions about actual Magisk stuff gets even harder to find (in this impossible to search mammoth of a thread), that is the problem.

    I'll keep an eye on things (since I pretty much live in the Magisk forum anyway) and let you guys know if it starts getting out of hand.

    Nice try at satire though... It baited me hook line and sinker. :ROFLMAO:
    7
    Hi everyone, and thanks the developers for this great app. I need help because I can't hide the magisk app, the option isn't available/clickable in the Magisk settings as I show in the screenshot. I'm running an Android 11-based AOSP custom rom (Derpfest).
    Thanks to anyone that can help ;)
    View attachment 5417127
    Requires the Update Channel to be accessible.
    (You have to be online to hide the Magisk app. 😞)

    The update channel has to be set to the Magisk app version you want to install.
    Using vvb2060's alpha builds, it will be pointing the the version released to github.
    vvb2060 [magisk_files] - GitHub - alpha - Link

    From the screenshot, it appears you set the Update Channel to Custom Channel.
    The Custom Channel is not set so no online version can be found.

    Cheers. :cowboy:
    5
    Alpha Magisk update (61783ffc-alpha)

    [General] Based on 61783ffc, the content that has been merged into the upstream is no longer listed

    [App] Correctly process any data from magiskd

    [App] Support SharedUserld

    [App] Delete the backup file after restoring the boot mirror image

    [App] Built-in current version update log

    [App] Use the local version when you cannot download the stub, now it can be used completely offline

    [Busybox] Fix the default shell path

    [App] Switch to Java 8 modern time API

    [DenyList] Deal with suspicious props

    [App] Expand and update SafetyNet, update the version of snet.jar to 18

    [Sepolicy] Sepolicy with built-in LSPosed

    [General] Add an obsolete cgroup v2 path

    [Zygisk] Fix app_zygote and webview_zygote binary


    - You update the journal From 23.0 to 61783ffc

    [General] Supports pure 64-bit devices

    [General] Support Android 12 emulator

    [Zygisk] Code injection framework

    [General] Remove MagiskHide

    [General] Support Simulator to add modules

    [MagiskBoot] Support zimage format

    [MagiskBoot] Add zopfi encoder

    [Magisklnit] Support bootconfig

    [App] The repair installation function will now check if the script under /data/adb/magisk/ has not been updated

    [Magisklnit] Support some Meizu devices

    [MagiskSU] If the kernel supports it, use isolated devpts

    [MagiskSU] Fix the pts configuration code, now no additional sepolicy rules are needed

    [MagiskBoot] Support v4 boot image header format

    [Magisklnit] Support oplus.fstab for some OnePlus and Opal devices

    [App] Restart and update modules, not allowed to be marked as pending deletion

    [App] Delete online warehouses

    [App] Add mounting information to the saved log file

    [App] Suitable for Android 12 API level

    [App] Display the waiting pop-up window that is running when hide/restore the original app

    [Stub] Open source obfuscation function

    [Script] Check and display the sepolicy rule folder of the module.

    [App] When the window pops up, hide the screen and add layers. Android 12+ is required

    [App] Delete the floating bottom bar and change it to the general bottom operation bar

    [General] Support compilation and cache

    [General] Add rejection list function

    [App] Delete DoH

    [App] Delete SafetyNet

    [App] Allow the log page to be opened when Magisk is not installed

    [App] Display Zygisk status, add restart to take effect to remind Zygisk to Fix the problem

    PW
    4
    If you mean, make the bootloader have no interest in booting recovery, that wouldn't help you. Magisk hijacked recovery, Magisk *needs* the bootloader to load "recovery", which is now really Magisk. Once Magisk gets control, Magisk chooses whether to keep control or to turn control over to the original "recovery".

    If you mean, make Magisk *always* keep control when booted as part of recovery, in theory it would be trivial: just change the "if" test. I keep hearing that Magisk is open source, so all you need to do is checkout a copy and make the change.

    In practice, I don't like my odds. I don't know your background, so I can't guess your chances. Rotsa ruck!

    News! Just created twrp, all night was working and now is ready, let's see now what I can do with magisk!
    2
    Now I'm thinking, is any way to disable recovery while holding the combo key so the combo key work only for the magisk too boot?
    It's possible to alter the device so that it boots directly to Magisk, it's been done on a few Samsung devices I believe. But, that meant manually baking Magisk into the kernel so you'd have to figure that out (I have no idea).
  • 44
    OK. AIO solution. Modded "Universal SafetyNet Fix" module. Just added "model" props.
    17
    So, new layer of HARDWARE detection is here.
    SafetyNet failed on devices, where must bee HARDWARE detection. GMS no longer check system response of evaluation type, and force check HW. USNF doesn't work in this cause.
    Hm, funny things happening. I was thinking this is upgrade of HW attestation, but it is DOWNGRADE actually. 😄

    Remember my old first simple digging into HW?
    It`s..... working again.

    Looks like a temporary solution or just "combo" of old and new methods from Google.
    This explains the fact that dirty hack with Xposed-s working now.

    So, this current environment may be temporary or preparation for something BIGGER.

    In conclusion: in this time to passing SafetyNet you need just my old "hardware_off" module from link above or "MagiskHidePropsConf" with any "BASIC" print with model simulation and kdrag0n-s "Universal SafetyNet Fix".

    No ***-posed-s need!
    16
    Few Headsups:

    1) There are reports that Danny's (@kdrag0n) new early release Universal SafetyNet Fix 2.0.0 (combines AOSP Keystore and shim Keystore solutions) is restoring ctsProfile for some. It just may work for all, but not enough reports as yet. Also, it requires a payment at this stage:
    https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/post-85581909

    https://github.com/kdrag0n/safetynet-fix/pull/13#issuecomment-904209677

    2) There are reports that simply using MagiskHide Props Config module to 'delete' ro.product.model prop fixes ctsProfile on custom ROMs where other methods have failed. Eg:
    https://github.com/kdrag0n/safetynet-fix/issues/78#issuecomment-912885628

    3) New MagiskHide Props Config module 6.0.0 just released with all the sensitive prop values that MagiskHide changed up to and including Magisk v23 set by default, "Force BASIC key attestation" re-enabled (for Googles latest changes), and various other fixes.
    https://forum.xda-developers.com/t/...p-edits-and-more-v6-0-0.3789228/post-85581939

    I have to agree that this module's name does suddenly seem very apt, and as always, it proves elegant in its versatility. 😛👍

    4) Another elegant solution that some may have relegated to a bygone era seems to be coming back in fashion to!

    Those with Google Pay problems persisting after fixing ctsProfile are reporting in GPay threads, here and elsewhere, that GPay-SQLite-Fix + SQLite binary modules from stylemessiah (a connoisseur at least in digital fashion ... or perhaps just lucky, our @73sydney, - original solution from @BostonDan ) is fixing these for them once again. 😜 Eg:
    https://github.com/kdrag0n/safetynet-fix/issues/78#issuecomment-912798412

    WOT 😉 to read if interested:
    https://forum.xda-developers.com/t/...s-of-gms-17-1-22-on-pie.3929950/post-79643248

    🤠 PW
    15
    ro.product.model was enough for my OP8T, but I didn't like how Google Play Services started referring to my device as "OnePlus BASIC" with the "hardware off" module, so I knocked together this module really quickly to just append _SN to the real model name. WFM. 🤘
    14
    Removed the @Displax safety net mod fix and applied the latest USNF 2.1.0 from @kdrag0n.

    Attestation is passed and device is compliant in company portal too with my original device name 1+8 Pro and not Pixel.

    This is done over the latest Alpha Magisk.

    Update: My In-display fingerprint hardware is not working anymore, I think the fix is already committed. Hopefully it will be resolved in the next version.
    Yep, I have sent a Pull Request with the fix like an hour after v2.1.0 was released. 🤠

    See my post here in the official USNF thread for getting it working in the meantime until it's merged and a new release is made: https://forum.xda-developers.com/t/...tynet-fix-1-1-0.4217823/page-59#post-85631613

    Also may be worth everyone reading my comments at the end of that post about people doubting the sponsored testing closed-then-open development.

    And then here on this GitHub issue about how it's not meant to replace MagiskHide so you can't just turn Hide off: https://github.com/kdrag0n/safetynet-fix/issues/91#issuecomment-919264624
  • 1062
    This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases.
    All information, including troubleshoot guides and notes, are in the Announcement Thread
    156
    Hello, I haven't given much support on XDA lately. It can be resulted from
    • University started and I have limited free time. In fact, I mostly develop during midnight
    • I live in Taiwan, which has large time zone differences between my European/American contributors/testers, which usually forces me to stay up late at night to discuss/test stuffs.
    • The new version is about to come, I don't want to spend effort on supporting old releases
    The planned update is delayed again and again, to some point I think I'll shed some light about what has been happening lately, also along with some announcements.

    New Forum!
    As you might have already discovered, Magisk got its own subforum on XDA! Many thanks to all the support you gave me, and much more information/features/support is about to come!
    **For developers supporting all the devices that are not using standard Android boot format, feel free to create threads in this section (actually, PLEASE do so) for your favorite devices after v7 is out. As I currently know, Asus devices require signing the boot image before flashing, and is model dependant; Sony devices seems to use ELF kernel that is unpatchable, or some has two ramdisks (inner + outer), both requires different workarounds; LG bootloader locked devices has to manually "BUMP" the boot image after flashing Magisk..... and there may be lots of other crazy boot image formats that haven't come up to my attention yet.
    It is impossible for me to support all these non-standard boot images, and I hope the community can collaborate to make Magisk running across all the devices. Overall, community collaboration is what XDA about :D

    The Pixel Phone
    Some of you might already know this news, that the next Pixel Phone right around the corner seems like it does not have ramdisk in boot image, which pretty much wrecked Magisk in all ways. However, it pretty much doomed root itself too. Kernel modifications is inevitable IMO, so I'll try to migrate my scripts to C programs that could possibly be included into the kernel itself. Note that I'm not familiar with linux kernel, I'm not even sure if my idea and concept is correct or not. But once the device is available, I think developers will find a way to bypass all the difficulties, and I'll do my best to learn things ;)

    Current Progress
    In the past month, I've spent quite some time learning SELinux, so that I can avoid using SuperSU's sepolicy patches. Thanks to the helps and tips from @phhusson and @Chainfire, I finally have a much clearer understanding of how SELinux works. The Magisk core parts (the scripts, boot image patches, new features, more supports) are actually done some time ago. What is causing all the delays is the Magisk Manager.
    To be completely honest, although I can code in Java without much issues, Magisk Manager is actually my first Android application, I had to reach out for assistance, and fortunately awesome developers like @DVDandroid and @digitalhigh contributed a lot, which makes the current Manager awesome.
    After the repo system and module management is mostly done, I was about to do some adjustments and release, but what we really done is decided to add another feature: auto-unroot with per-app settings. I decided to wait for it to be finished, and then do my adjustments. Due to reasons that'll be mentioned later, this feature will likely not be available for the next release (should come in future updates)

    Safety Net Disaster
    Those who are using Magisk for Safety Net bypass purposes must have known that Google recently updated the detection method of my Systemless Xposed. I still have no idea what Safety Net is detecting, so currently I cannot fix it on my side (also because I'm busy working on the next update). However, suhide developed by @Chainfire is able to hide Xposed and worked fine.
    However, only my Systemless Xposed v86.2, which is based on SuperSU's su.d, is supported using that method. v86.2 and v86.5 (latest, Magisk based) have nearly identical binaries, and the only difference is the path where the binaries are stored.
    I'm still not sure what's the real issue for it not being supported, I just hope it is not done intentionally.

    Conclusion
    Due to the fact that my Safety Net bypass is not 100% perfect now, I do not want to spend any more time waiting for auto-unroot to be polished. What I'm doing now is finishing up all the things I'd like to change in Magisk Manager (it has been a while since I last contributed to Manager, my fellow developers are doing all the heavy job), which might take a little more time, after that, packed with tons of information to be announced in Magisk Section, I'll release the long awaited update.

    Hope this lengthy post gives you the idea of the whole situation, and again thanks for all your support!!
    121
    Ah, some Chainfire bashing, I hope it is not too late for me to exercise additional villainy.

    First, let me make clear I have nothing against @topjohnwu, nor against Magisk. Magisk is an interesting project and it certainly displays @topjohnwu ingenuity and persistence. I don't doubt we will see more interesting things from his hands.

    -------------------------

    What has happened here is not all that dark and complicated, from either end. I returned from holidays, and someone pointed me at Magisk. My first thought: interesting!

    Among other things, the thread lists some issues with SuperSU, which in combination with the phrase The developer also requests users to not bug Chainfire with compatibility requests for SuperSU with Magisk from the portal article, raised my left eyebrow by nigh half an inch. The popular systemless xposed mod is apparently now based on it, and apparently it now no longer works with SuperSU, and apparently I'm not supposed to fix that, nor any of the other found issues. I found that a bit weird. So yes, I have told @topjohnwu that I was a bit surprised he was posting about issues with SuperSU without notifying me about them (I can't fix or help fix issues I'm not aware of, after all).

    He's also spreading a modified version of the SuperSU package, which is not all that uncommon, nor necessarily a problem. I have not looked into what he modified, I only ran a few quick tests on one of my devices, and found some commonly used commands run as root to be broken. I have informed him of this as well.

    It appears the tool of choice for Magisk is phh's Superuser, because of some of the mentioned issues with SuperSU. That's fine by itself, but fixing issues in that superuser by incorporating SuperSU's binaries into it is a somewhat questionable practise. After all, SuperSU is a commercial closed-source package that helps pay for my dinner, and superuser is a direct competitor. I have informed him that I was surprised he did this without asking for permission. I have expressed similar surprise on him spreading a modified version of LiveBoot (which helps pay for a snack now and then).
    @topjohnwu has also stated that Magisk's scripts are largely influenced by mine (I have not checked). Scripts based on mine are used all over the place on XDA, some people have crafted amazing things based on them, I have never made an issue of this (otherwise I would have just made them binaries). But yes, I have also stated to him that I don't think it's very nice to base something on one program, and then using that to (almost exclusively) push something directly competing with that program.

    tl;dr Towards @topjohnwu, I have:
    - expressed surprise he has issues getting Magisk to work with SuperSU, and has chosen not to inform me about those
    - expressed surprise he is using SuperSU binaries in a competing superuser without permission
    - expressed surprise he is posting a modified LiveBoot without permission
    - informed him of issues with the modified SuperSU he has posted
    - let him know I thought it wasn't very nice to be applying my scripts to benefit seemingly exclusively that same competing superuser

    To be crystal clear:
    - I have not asked for an apology
    - I have not asked for Magisk to be abandoned, neither the root hiding nor systemless module parts, and certainly not systemless xposed
    - I have not made an issue of any of this anywhere, until this post
    - I have not even specifically asked for anything to be taken down (though obviously in my opinion the other superuser package mixed with SuperSU's binaries, as well as the LiveBoot package, should go)
    - I have not reported this thread to XDA moderators for copyright violations or otherwise

    While my conversation with @topjohnwu may not win any awards for being friendly (though it may win some for brevity), I think all things considered my response has been rather mild. To be perfectly honest, until the apology post, I thought this was over with already. I think the apology post was triggered because I haven't replied to his last PM for a while - I was in the zone, it happens.

    To emphasize again, I have nothing against @topjohnwu, Magisk, or systemless xposed, and it is certainly not my goal to see any of them go. If it can be made to work together with SuperSU, great.

    I get it though: you think of something, you want to see if you can make it work, you finally get it to work, you publish it, it takes off - enthusiasm gets the better of you. Maybe in the rush some mistakes are made. That doesn't mean you have to just drop it and run. None of my stuff would make it past 0.1 if I stopped at the first big mistake :)

    Aside from said being in the zone coding, I usually regret actually responding to these sort of things the day after, which has made me hesitant to reply. Surprise me.
    76
    Thread temporarily closed so everyone sees this.

    The flood of "SafetyNet isn't working for me either!" posts are not helpful, at all. Please refrain from posting further, it will be looked into. Please do not forget that not passing SafetyNet is 100% NORMAL AND INTENDED when you have an unlocked booloader or running custom firmware. These are workarounds and they will be worked around in turn.

    The Flash
    Forum Moderator

    EDIT: Thread is reopened... I will be cleaning any SafetyNet posts for a while to keep the thread clean for real issues.
    75
    Hello everyone!

    I am aware that Google has updated Safety Net that makes Magisk itself a no go for Android Pay. In fact, I witnessed the change live while I am developing the new magiskhide, which should hide all Magisk modules and Magisk installed root.

    Google is serious about Safety Net now, clearly hunting down all possibility to run Xposed with Safety Net passed. I spend quite some time examining the new security measures last midnight, and fortunately it seems that it is possible to run Magisk and root along with Safety Net if no Xposed is running. I'm glad I removed the old root toggle at the right time lol, that is no longer feasible with the latest detection.

    So stay tuned for the next update, it will come with bug fixes, along with the new magiskhide to bypass that Safety Net.

    Google, how will a few systemless mods do any harm :p:p