Magisk General Support / Discussion

Search This thread
By:
Advanced…
P

pndwal

Senior Member
Jun 23, 2016
5,497
6,045
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
c3k said:
Yesterday I've updated my S21 to Android 13.
Switching to Magisk canary was necessary since the firmware patched with the stable version didn't boot.
Now when I open Magisk it asks for additional setup but, after confirmation, instead of reboot it goes in the install page.

Is the right / safe way to select select "direct install"?

Everithing seems to work btw (battery drain apart...)
Click to expand...
Click to collapse
Yes, it's part of the new changes that enforce app (apk) certificate check and same/newer version than that of running Magisk daemon. These will reject and forcefully uninstall any non-matching/old Magisk apps and force users to update the app.

It seems from your screenshots that you actually had Debug 25205 Magisk mask/core installed (nb. This is NOT Canary which is now built as release) but still had Stable 25.2 App (which is actually an older version)...

Normally you would update App first to ensure correct package is installed for updating Magisk mask/core... Did you install via custom recovery as .zip installer? Other?... or later downgrade App to stable?...

Nb. Debug Magisk mask/core will bypass the certificate/version enforcement mentioned above, but it seems daemon still ensures you are prompted to update older Apps...

👀 PW
 
  • Like
Reactions: J.Michael, ipdev and c3k
c3k

c3k

Senior Member
Sep 13, 2009
616
516
pndwal said:
Yes, it's part of the new changes that enforce app (apk) certificate check and same/newer version than that of running Magisk daemon. These will reject and forcefully uninstall any non-matching/old Magisk apps and force users to update the app.

It seems from your screenshots that you actually had Debug 25205 Magisk mask/core installed (nb. This is NOT Canary which is now built as release) but still had Stable 25.2 App (which is actually an older version)...

Normally you would update App first to ensure correct package is installed for updating Magisk mask/core... Did you install via custom recovery as .zip installer? Other?... or later downgrade App to stable?...

Nb. Debug Magisk mask/core will bypass the certificate/version enforcement mentioned above, but it seems daemon still ensures you are prompted to update older Apps...

👀 PW
Click to expand...
Click to collapse
Yes, you're right, I've patched the firmware with another device (since mine wasn't booting patched with stable), but I had and still have the stable apk on my device.

I'm not familiar with canary, here's the download link I use, found on XDA article: https://raw.githubusercontent.com/topjohnwu/magisk-files/canary/app-debug.apk

I now need to understand the difference between debug and canary before move on.

What you suggest?
 
c3k

c3k

Senior Member
Sep 13, 2009
616
516
I think I have to switch to canary release, but I don't know if signature verification could bring any problem in current situation.

Should I have to update the apk (and then a direct install if prompted?) or maybe is better than I flash again the firmare, but patched with the canary release (and then update the apk)?
 
P

pndwal

Senior Member
Jun 23, 2016
5,497
6,045
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
c3k said:
Yes, you're right, I've patched the firmware with another device (since mine wasn't booting patched with stable), but I had and still have the stable apk on my device.

I'm not familiar with canary, here's the download link I use, found on XDA article: https://raw.githubusercontent.com/topjohnwu/magisk-files/canary/app-debug.apk

I now need to understand the difference between debug and canary before move on.

What you suggest?
Click to expand...
Click to collapse
So Canary and Debug are both produced in same Canary branch as they build the same commits, just with different build flags...

Canary used to be built as debug, but recently separate Debug builds were provided as many users simply want latest commits for various reasons and use Canary for daily use, as a release build (despite limited testing).

Debug builds include verbose logging and latest Debug is required for GitHub issues for this reason as Devs don't want to wait for users to install and supply proper logs... They are used also but those doing Magisk development... They can also produce a performance hit on older devices... Debug builds also bypass signature (key) and version checks and enforcement as I mentioned...

app-debug.apk is now Debug build.
app-release.apk is now Canary build.

You can find older builds in GitHub repos, but since it is assumed that users will generally need only the latest builds John simply provides (correct) links to these under Downloads on main Magisk GitHub page; just click:
IMG_20221123_093245.jpg

🤠 PW
 
  • Like
Reactions: c3k
P

pndwal

Senior Member
Jun 23, 2016
5,497
6,045
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
c3k said:
I think I have to switch to canary release, but I don't know if signature verification could bring any problem in current situation.
Click to expand...
Click to collapse
You'll have not problem direct installing any build from Debug as I've explained...
c3k said:
Should I have to update the apk (and then a direct install if prompted?)
Click to expand...
Click to collapse
Yup...
c3k said:
or maybe is better than I flash again the firmare, but patched with the canary release (and then update the apk)?
Click to expand...
Click to collapse
No need...

Just be aware that if you ever wish downgrade you'll need fully uninstall Magisk or install a Debug build to Direct install...

Moving back to Stable after the next release would be an upgrade however (and it will include all current tested Canary changes)... If you want to do that, just set Update Channel to Stable (or Beta) now to avoid Canary updates and seamlessly move back to Stable builds when available...

🤠 PW
 
  • Like
Reactions: c3k
P

pndwal

Senior Member
Jun 23, 2016
5,497
6,045
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
pndwal said:
FWIW, LoveSy (Shana) has made a pull request for Zygisk v5 Api already merged in her Metagisk ('The Meta Magic Mask for Android') Magisk fork... The commit Add inode plt hook APIs includes this comment:

John has requested new XHook API use with Zygisk be deferred (stay w/ v4 for now) and Shana suggested fixing v4 Zygisk compatibility (Zygisk crashes whenever a module uses v4 api, see fixes #6402 and #6396) issue before revisiting this PR (it's been marked as draft for now)... This may also explain some recent Zygisk issues... Watch this space...

I have no idea about inode plt hook or what benefits it will bring... Any coders w/ XHook experience care to edify us? 😃

CI Metagisk build is in Artifacts here (for mavericks):
Add inode plt hook APIs Magisk Build #2276...

👀 PW
Click to expand...
Click to collapse
Zygisk V4 fixes now merged... PR for v6 (Add inode plt hook APIs) is now marked Ready for review... 👀 PW
 
M

mcpite

New member
Dec 22, 2015
3
5
Hello guys, thanks for the replies!

J.Michael, zgfg, pndwal: Uninstalled both Magisk apps(the new was 'empty', the old did not really started, just told I should install magisk again), but after restarts root was lost. Next time I should'nt do this with hided Magisk. :)

The modifications not worked, and root checker also told there is no root. Seems like when I installed from the hided magisk app magisk again, it created a new, empty one, and after restart this magisk was 'stronger', se all modules are 'lost'. (Not sure this was the reason, but seemed like the fresh magisk manager had nothing, and after restart every mod was off.)
After uninstalled both magisk app, and made the flash and install again with pixelflasher (let ota to update, because I already had the november img -for my wife's phone- on my computer, and was easier to flash with that), after reboot the magisk find the setups, so modules was there, worked, and I had may deny list.

Now i know what I did wrong with magisk, I'll take care of it :).

But would be also good to know, what can I do, when my phone will not seee the updates again?
I guess for the solution I need to uninstall/restore the magisk. When I see ota update (now it was not enough, it didnt find it) then clear how to continue. But should I continue the steps without the ota anyway? Once I made the opdate (the october ota) succesfully, wouldbe good the make this from the phones, and not flashing them on every month if it is not a must :).​

Thanks for your helps!
 
  • Like
Reactions: J.Michael, pndwal and zgfg
P

pndwal

Senior Member
Jun 23, 2016
5,497
6,045
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
mcpite said:
Hello guys, thanks for the replies!

J.Michael, zgfg, pndwal: Uninstalled both Magisk apps(the new was 'empty', the old did not really started, just told I should install magisk again), but after restarts root was lost. Next time I should'nt do this with hided Magisk. :)

The modifications not worked, and root checker also told there is no root. Seems like when I installed from the hided magisk app magisk again, it created a new, empty one, and after restart this magisk was 'stronger', se all modules are 'lost'. (Not sure this was the reason, but seemed like the fresh magisk manager had nothing, and after restart every mod was off.)
Click to expand...
Click to collapse
Maybe you took the in-app Uninstall Magisk option at some point?... That is not the same as uninstalling a Magisk App; it flashes backed up unpatched images and root is lost in that case...
mcpite said:
After uninstalled both magisk app, and made the flash and install again with pixelflasher (let ota to update, because I already had the november img -for my wife's phone- on my computer, and was easier to flash with that), after reboot the magisk find the setups, so modules was there, worked, and I had may deny list.

Now i know what I did wrong with magisk, I'll take care of it :).
But would be also good to know, what can I do, when my phone will not seee the updates again?​
Click to expand...
Click to collapse
This may vary per device but I believe OTA updates are seen w/ Magisk root for most devices; Nb. OEMs often stagger update rollouts...

You should apparently disable Automatic system updates in developer options on Pixel devices "so it won't install OTAs without your acknowledgement":
https://github.com/topjohnwu/Magisk/blob/master/docs/ota.md#prerequisites
mcpite said:
I guess for the solution I need to uninstall/restore the magisk. When I see ota update (now it was not enough, it didnt find it) then clear how to continue. But should I continue the steps without the ota anyway? Once I made the opdate (the october ota) succesfully, wouldbe good the make this from the phones, and not flashing them on every month if it is not a must :).​
Click to expand...
Click to collapse
As I said:
pndwal said:
Yes, Install to inactive slot method used to work but it's broken at least for P6 and P7 series after late A12 updates... See this issue:
https://github.com/topjohnwu/Magisk/issues/5959
vv points to an article stating that as part of a Chrome/Android Update Engine change for A/B devices, after reboot the update_verifier program now runs and reads all dm-verity devices to make sure the partitions aren't corrupted... A fix would involve partition digest being re-calculated and overwriten to account for Magisk binaries in the newly flashed slot.
https://android.googlesource.com/platform/system/update_engine/
...

I'd fix first, then restore images before taking update (if you mean a delta OTA), but you'll need to reboot and fastboot flash Magisk again since preserve root through OTA method is broken...

Nb. Since updating with Magisk App hidden often fails it is advisable to take Restore the Magisk app before a Magisk update...
Click to expand...
Click to collapse
... Clearly with every Update you will need to restore unpatched images (use in-App Uninstall Magisk, Restore Images option) then take update, either OTA or full ROM, but you'll need to obtain new boot image from full ROM for patching (unless you use a custom recovery etc to obtain boot.img from a backup) in any case... Next, set up Magisk per instructions for a fresh install...

Unfortunately you have no other option until a fix for Install to inactive slot method (bypass for new partition digest checking) is found...
mcpite said:
Thanks for your helps!
Click to expand...
Click to collapse
🙂 PW
 
  • Like
Reactions: J.Michael and 73sydney
zgfg

zgfg

Senior Member
Oct 10, 2016
8,199
5,831
Xiaomi Mi 11
Xiaomi Mi 11 Lite 5G
mcpite said:
Hello guys, thanks for the replies!

J.Michael, zgfg, pndwal: Uninstalled both Magisk apps(the new was 'empty', the old did not really started, just told I should install magisk again), but after restarts root was lost. Next time I should'nt do this with hided Magisk. :)

The modifications not worked, and root checker also told there is no root. Seems like when I installed from the hided magisk app magisk again, it created a new, empty one, and after restart this magisk was 'stronger', se all modules are 'lost'. (Not sure this was the reason, but seemed like the fresh magisk manager had nothing, and after restart every mod was off.)
After uninstalled both magisk app, and made the flash and install again with pixelflasher (let ota to update, because I already had the november img -for my wife's phone- on my computer, and was easier to flash with that), after reboot the magisk find the setups, so modules was there, worked, and I had may deny list.

Now i know what I did wrong with magisk, I'll take care of it :).
But would be also good to know, what can I do, when my phone will not seee the updates again?​
I guess for the solution I need to uninstall/restore the magisk. When I see ota update (now it was not enough, it didnt find it) then clear how to continue. But should I continue the steps without the ota anyway? Once I made the opdate (the october ota) succesfully, wouldbe good the make this from the phones, and not flashing them on every month if it is not a must :).​

Thanks for your helps!
Click to expand...
Click to collapse
Since (AFAIK) you have Pixel, you can consider using a tool for OTA updating, Magisk reinstalling, etc:
forum.xda-developers.com

📳🔥 PixelFlasher, a GUI tool for flashing / updating / rooting / managing Pixel phones.

DESCRIPTION As the name suggests this is an application to flash (update) Pixel™ phones (possibly all Google™ made phones/tablets, YMMV.) PixelFlasher at its core is a UI layer (with bells and whistles) on top of adb / fastboot commands, hence...
forum.xda-developers.com forum.xda-developers.com

I don't have Pixel but the tool has a number of happy users and the author provides a great support👍

Regarding the tool, you can ask the questions in the corresponding thread
 
Last edited:
  • Like
Reactions: badabing2003 and J.Michael
M

mcpite

New member
Dec 22, 2015
3
5
pndwal:
"use in-App Uninstall Magisk, Restore Images option" - yes, I've used this. And the install was also started from magisk (but when it was hided!). The resore unpatched images way worked earlier (what was linked) - just earlier there was able to update, and I followed the instruction step by step. Now the update was not available - and I want to install back magisk on the wrong way.

I read what you linked about inactive slot problem; but now it didn't started (you are up to date, no update is avaiable).

OK, I can turn off auto updates when I cant do in the easy way.

zgfg: Thanks, I used the Pixelflasher; but only for the initial steps, for ota I tried to use again the magisk restore, install to inactive partition method.
 
  • Like
Reactions: pndwal and J.Michael
Anonymous V

Anonymous V

Senior Member
Jan 16, 2021
100
16
15
Phillippines
Good day everyone i have a problem in disabling my dm-verity using magisk, im trying to disable the dm-verity of my phone using magisk and after i flashed it i always ended up in bootloop it will only boot if the forcencryption option is enabled any solution how to solve this? Im still amatuer.


Device name: Oppo A71 CPH1717
Color Os: 3.1.0
Android version: 7.1.1
Magisk installed: Magisk 25.2 latest
Bootloader unlocked
 
M

martyfender

Senior Member
Mar 9, 2017
3,312
1,807
Indianapolis, IN
Anonymous V said:
Good day everyone i have a problem in disabling my dm-verity using magisk, im trying to disable the dm-verity of my phone using magisk and after i flashed it i always ended up in bootloop it will only boot if the forcencryption option is enabled any solution how to solve this? Im still amatuer.


Device name: Oppo A71 CPH1717
Color Os: 3.1.0
Android version: 7.1.1
Magisk installed: Magisk 25.2 latest
Bootloader unlocked
Click to expand...
Click to collapse
When disabling forced encryption, you usually have to delete data or factory reset so a new, unencrypted data partition is created. At least that is what I had to do when I used it on older, Android 6 devices I used to have.
 
  • Like
Reactions: ipdev and J.Michael
Anonymous V

Anonymous V

Senior Member
Jan 16, 2021
100
16
15
Phillippines
martyfender said:
When disabling forced encryption, you usually have to delete data or factory reset so a new, unencrypted data partition is created. At least that is what I had to do when I used it on older, Android 6 devices I used to have.
Click to expand...
Click to collapse
thank you for answering me sir, how am i going to factory data reset if im not able to boot up should i use stock recovery or twrp recovery?
 
  • Like
Reactions: ipdev
P

PolyDave

New member
Dec 2, 2022
3
2
Help needed

I tried to update magisk from 23.0 to current latest version but failed (boot image extra was patched by old magisk, or something like that) , so i decided to update step by step. Went to 24.x just fine which i proceeded to go to 25.0. After a "successful" install i rebooted and now the device goes to fast boot instead, im unable to boot to the rom/system. Any suggestions? I don't wanna flash the rom from scratch.

Edit: i have twrp already installed if that helps.
 
Last edited:
P

pndwal

Senior Member
Jun 23, 2016
5,497
6,045
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
PolyDave said:
Help needed

I tried to update magisk from 23.0 to current latest version but failed (boot image extra was patched by old magisk, or something like that) , so i decided to update step by step. Went to 24.x just fine which i proceeded to go to 25.0. After a "successful" install i rebooted and now the device goes to fast boot instead, im unable to boot to the rom/system. Any suggestions? I don't wanna flash the rom from scratch.

Edit: i have twrp already installed if that helps.
Click to expand...
Click to collapse
Likely something is messed up in Magisk configuration; consider deleting everything in /data/adb (using twrp) and seeing if you can boot... This will remove all Magisk modules and settings so you'll need to set these (incl. SuperUser permissions, denylist etc) again in Magisk App...

Nb. If you can boot but see Magisk Installed: N/A, you likely still have a hidden (stub) Magisk App installed and need to locate and uninstall it...

If you still can't boot, say if you use a custom kernel or ROM... You may need to restore and re-patch vbmeta in this case, or simply restore stock vbmeta if on stock ROM due to refactoring of Magiskinit injection from 25.0... May need to dirty flash whole ROM if vbmeta restoration fails, and do initial boot image patch/flash Magisk installation again... PW
 
  • Like
Reactions: ipdev, IronTechmonkey, J.Michael and 2 others
D

Drahy

Senior Member
Apr 27, 2012
509
85
pndwal said:
L1 is good; means root is hidden properly to whatever key attestation widevine polls (there are several possibilities) and HD video / streaming is supported since attestation is indicating video decryption and processing is occurring in TEE (Trusted Execution Environment).

May not be bogus; seems this (network error message) may be your best clue to me...

I see you are Errorguy1991 on GitHub, and made this issue:
https://github.com/kdrag0n/safetynet-fix/issues/176
8 days ago... Yes, @kdrag0n will get to it, but he develops many projects / ROMs, utilities etc... and has a personal life... Please be patient!

It is possible this issue is USNF related, but you really need to demonstrate this... Have you checked behaviour of Netflix w/ USNF disabled (despite SafetyNet failing) for instance? Also, perhaps symptoms can be demonstrated to be comparable with issues currently getting attention (or lack of it) like this one?:
https://github.com/kdrag0n/safetynet-fix/issues/154

Other likely causes:

Not sure why you've added so many Google services in denylist! - This may well be causing issues; I am aware hiding Chrome broke webview for instance... Not sure what issues occur with your selection, but why do you need / risk anything Google other than GPay??

Also, selecting Netflix (without opening process view) selects only one default process for me (but I'm on Android 10), and this works fine! (*.playcore_missing_splits_activity processes aren't selected by default for me.)... You seem to have selected all possible processes for other apps too... Why?... Please deselect all but what you know you need!

Are you using any firewall, adblocker, VPN mods like wireguard or other network security protocols or mods (modules, apps) on your device?... These often block specific server access...

Have you tried disabling all modules except USNF (assuming OOS 12.1 is stock)?

Also, are you 100% sure your boot image (incl. kernel importantly) matches your current ROM? ... Those who take OTAs, then re-flash original Magisk-patched boot image sometimes have many issues especially with comms and other hardware, but sometimes only minor issues with mobile networks, wifi, bt etc...

This is doubtful; it doesn't affect other users.

He hasn't commented here in years... Highly unlikely he will comment now especially where methods to 'spoof/alter/manipulate non-Magisk related signals or traces to circumvent device state detection' are involved.

Hope this helps you. 🙂 PW
Click to expand...
Click to collapse
I would like to continue with this thread here...

I am using Samsung Galaxy Note 20 Ultra 5G, Android 13 November update - original firmware rooted with Magisk + Universal Safetynet + Zygisk ...

I can install apps like Netflix, Disney+ etc no problem (I pass safetynet checks, device is authorized in GooglePlay etc all seems ok) BUT only Disney and HBO cannot play any streams (Netflix is ok) unless I install this: https://forum.xda-developers.com/t/...rm-protected-content-netflix-my5-etc.3794393/

It works then and only then - But it goes to L3 with bad quality streams. I tried MagiskHide to change fingerprint - no success, I tried Shamiko - same result still cannot play streams - I can open the apps - update them on Google Play but cannot play anything once I open the apps it just goes black with loading screen (location in EU) - I tried to disable Adblock if that can somehow blokc it but streaming works with Liboemcrypto modul instaled (on bad L3 quality) with adblock active so it must be somewhere else - anyone experienced anything like this and has any working solution?

Thank you!
 
Last edited:
P

PolyDave

New member
Dec 2, 2022
3
2
pndwal said:
Likely something is messed up in Magisk configuration; consider deleting everything in /data/adb (using twrp) and seeing if you can boot... This will remove all Magisk modules and settings so you'll need to set these (incl. SuperUser permissions, denylist etc) again in Magisk App...

Nb. If you can boot but see Magisk Installed: N/A, you likely still have a hidden (stub) Magisk App installed and need to locate and uninstall it...

If you still can't boot, say if you use a custom kernel or ROM... You may need to restore and re-patch vbmeta in this case, or simply restore stock vbmeta if on stock ROM due to refactoring of Magiskinit injection from 25.0... May need to dirty flash whole ROM if vbmeta restoration fails, and do initial boot image patch/flash Magisk installation again... PW
Click to expand...
Click to collapse
Thanks for the help, however removing magisk and its module in data/adb, but didn't seem to work, my phone still goes black after the logo and goes to fastboot.

My custom rom doesn't have a vbmeta file that i can restore.

I may try dirty flashing, (not sure what dirty flashing is, but i assume it's flashing my custom rom in its current state of my phone without wiping) but i want to ask, does dirty flashing usually delete all of the data, apps etc?
 
You must log in or register to reply here.

Similar threads

T
  • Locked
  • Sticky
Magisk - The Magic Mask for Android
Replies
56
Views
6M
T
topjohnwu
T
  • Locked
[CLOSED][BETA][2018.7.19] Magisk v16.7 (1671)
Replies
7K
Views
3M
T
topjohnwu
Heisenberg
[Discussion] PokeMon Go Magisk Discussion Thread
Replies
5K
Views
633K
djkrish5610
djkrish5610
yochananmarqos
  • Sticky
Collection of Magisk Modules v2
Replies
1K
Views
1M
J
jacomail95
Didgeridoohan
[Discussion] Google Pay Magisk Discussion Thread
Replies
3K
Views
506K
B
bizkit_120

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 8
    P
    pndwal
    Didge says Bye...

    I was very sorry to see yesterday's MHPC commits:
    1. Update FUNDING.yml
      Didgeridoohan committed yesterday

    2. Bye.
      Didgeridoohan committed yesterday
    and the update of @Didgeridoohan's OP in [MODULE] [DEPRECATED] MagiskHide Props Config - SafetyNet, prop edits, and more - v6.1.2 thread:
    Didgeridoohan said:
    MagiskHide Props Config v6.1.2

    Note: This project is dead, and has been for some time. I have not been involved in the Android modding scene for some time and I no longer have the energy to take it up again.

    If anyone feels like taking over give me a holler.
    Click to expand...
    Click to collapse
    This project was a mainstay of Magisk modification, giving John Wu's Magisk applet resetprop, an advanced system property manipulation utility, the terminal based UI that made prop manipulation accessible to Magisk users in general...

    Each option has been elegantly implemented to make what would otherwise be an arduous exercise involving user creation of custom boot scripts the no-brainer that we know so well!

    What a project, what a plethora of uses...

    @Didgeridoohan's Last post in that thread was back in February:
    Didgeridoohan said:
    Just popping in and letting everyone know I'm still alive.

    There are simply too many things going on outside the world of Android tinkering for me to be able to give XDA much attention at all. Once things settle down, and if I'm not entirely burnt out by then, I've got quite a lot of catching up to do. Can't give any kind of ETA, but I'm hoping for things clearing up before the end of February.

    Huge thanks to everyone answering questions and helping out...
    Click to expand...
    Click to collapse
    ... well clearly no clearing has occurred in Feb. or later... 🙁

    @Didgeridoohan's last XDA post, only weeks later, was a response regarding his officially endorsed comprehensive Magisk Troubleshooting Wiki:
    Wolfcity said:
    Everything about Magisk install and more can be found in this great guide by @Didgeridoohan .
    https://www.didgeridoohan.com/magisk/Magisk
    Click to expand...
    Click to collapse
    Didgeridoohan said:
    Thank you... With the slight caveat that it needs a serious update after the v24 release. I've just been too swamped IRL the past few months. Hopefully soon™.
    Click to expand...
    Click to collapse
    So no further updates to that either, but whatawiki!!! - Still a principle go-to for any non-lazy Magisk user w/ any issue!...

    ... So as a foreigner living in Didgeridooland, I'd like to wish the Didgeridoo man from Sweden all the very best with real life, and to thank him for such elegant contributions to the Magisk modding community...

    I hope you can visit Didgeridooland soon Sir! ... I have a boomerang with your name on it... 👍👏 PW
    View
    6
    Lughnasadh
    Lughnasadh
    Lughnasadh said:
    kdragon has released an updated version (v2.4.0) of his USNF mod for his Patreon members. Hopefully will go public in a week or two.

    v2.4.0 (early access)

    Repository: kdrag0n/safetynet-fix · Tag: v2.4.0-ea · Commit: 2f18d85 · Released by: kdrag0n

    Highlights​

    • Play Integrity bypass without breaking device checks or causing other issues
    • Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)

    Other changes​

    • Updated instructions for newer Android and Magisk versions
    • Better debugging for future development
    It's taken a while to find way to bypass Play Integrity that doesn't require spoofing the build fingerprint permanently, but I wanted to make sure this module doesn't cause any unnecessary breakage. Just like the original goal of Universal SafetyNet Fix, this minimizes adverse effects by spoofing dynamically at runtime only when necessary. Enjoy!
    Click to expand...
    Click to collapse
    Public release now available.

    Release v2.4.0 · kdrag0n/safetynet-fix

    Highlights Play Integrity bypass without...
    github.com github.com
    View
    6
    M
    martyfender
    Lughnasadh said:
    Think you might be quoting the wrong person. The person I was responding to couldn't root their phone because their bootloader was locked.
    Click to expand...
    Click to collapse
    Sorry, it was @TheNixck . I am going through chemo therapy and I think I have one of the side effects: chemo brain lol!







    View
    6
    zgfg
    zgfg
    treier57lol said:
    Hello, I need some help with spoofing sys.oem_unlock_allowed to 0.

    My banking app (Estonian Swedbank app "Swedbank Eestis," package name "com.swedbank") detects sys.oem_unlock_allowed if it is set to 1 and disables specific options in the app (like biometric login). I can confirm that it is sys.oem_unlock_allowed because setting it temporarily with resetprop -n sys.oem_unlock_allowed 0 and deleting the app data allowed me to use the blocked features. The app doesn't complain about root; hiding root with Zygisk works without issue.

    However, I am unsure what method I should use to safely spoof this value without bricking my device. Is it safe to use resetprop -n? Does it persist after a reboot? Should I use a different method entirely?

    I'm running:
    LineageOS 20-20230105-NIGHTLY-kebab on a OnePlus 8T KB2003
    Magisk 25.2
    Universal SafetyNet Fix 2.4.0
    Swedbank version 21440
    Passing SafetyNet with YASNAC
    I am also spoofing device fingerprint with MagiskHide Props Config to pass SafetyNet.

    I really appreciate any help you can provide.
    Click to expand...
    Click to collapse
    Ok, so as guessed in my yesterday's post/answer #54234, it seems that you could more-or-less achieve your wanted functionality - could you try please:

    1) Install the following module and reboot - all thanks to @huskydg for his interesting and excellent module:

    GitHub - HuskyDG/zygisk_proc_monitor: A Magisk/Zygisk module allows user to run script whenever app process start

    A Magisk/Zygisk module allows user to run...
    github.com github.com

    2) Go to:
    /data/adb/modules/magisk_proc_monitor

    and rename the original (dummy/template) dynmount.sh script to dynmount.bak,
    and replace that dynmount.sh with my customized script:

    1.9 KB file on MEGA

    mega.nz mega.nz

    My changes (customizations) in the script can be recognized as commented by CAPS LOCK comments

    How it works:

    myAPP=com.swedbank defines the package name for your Estonian Swedbank app

    myPROP=sys.oem_unlock_allowed defines the property you want to 'hide'/'un-hide'(corresponding to your Developer Options, OEM Unlock disable/enable switch)

    hidePROP=0 defines the 'hidden' property value (OEM Unlock disabled)
    unhidePROP=1 defines the 'un-hidden' property value (OEM Unlock enabled)

    You can redefine those variables (lines 24-32) if you need

    Eg, I did my own non-intrusive tests (still commented out in the script if somebody else wants to play) with MiXPlorer instead of your banking app:
    myAPP=com.mixplorer

    and by playing with a dummy prop:
    myPROP=my.test

    a)
    When module recognizes that your banking app $myAPP is pre-initializing,
    it will 'hide' $myPROP 'by setting to $hidePROP (lines 39-46)

    and you will see the notification like:
    "Hide my prop / com.swedbank, sys.oem_unlock_allowed=0"

    For this event to happen, the banking app $myAPP must be started, not brought back from background (kill and restart your app)

    b)
    Whenever the module recognizes that any other user app is pre-initializing AND that $myPROP was still 'hidden',
    it will 'un-hide' the prop by setting it back to $unhidePROP (lines 51-60)

    and you will see the notification like:
    "Un-hide my prop / com.xda.labs.play, sys.oem_unlock_allowed=1"

    All the $myPROP sitches are systemless - when you reboot, the prop will be back to its original/default value

    Issue/question:

    Of course, instead of monitoring while any other user app is initializing (case b),
    it would be better if the module could directly recognize when your banking app $myAPP gets closed (killed) and to 'un-hide' then the $myPROP property back

    However, I did not find how to recognize in the dynmount.sh script when an app is really closing and that's why I put the case b as described above

    Maybe the module's developer @huskydg could better customize the script dynmount.sh to more closely cover the original functionality as you needed:
    - 'hide' the $myPROP property only for the $myAPP application

    ---

    The really good and interesting thing with his module is that user can customize the provided default dynmount.sh script
    to catch-up events when particular app(s) are starting to dynamically apply certain changes (redefine certain properties, do particular mounts)

    Otherwise, one would need to develop his own Zygisk module, but there the Zygisk part must be coded in C (and recompiled),
    it cannot be made simply by scripting as here with his simple dynmount.sh script
    View
    6
    Lughnasadh
    Lughnasadh
    V0latyle said:
    The caveat to this is if OEM Unlocking is enabled in Developer Options. I'm not sure if this is a bug; the Pixel devices can be flashed this way even on a locked bootloader.
    Click to expand...
    Click to collapse
    Are you referring to when using Android Flash Tool to flash? If this is the case, Android Flash Tool actually unlocks the bootloader (with the prerequisite that OEM Unlocking is enabled) during the process so it can flash the image. If, however, you flash an image via flash-all, for example, with OEM Unlocking enabled but with the bootloader still locked, you won't be able to flash the image.
    View
  • 1089
    T
    topjohnwu
    This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases.
    All information, including troubleshoot guides and notes, are in the Announcement Thread
    View
    156
    T
    topjohnwu
    Hello, I haven't given much support on XDA lately. It can be resulted from
    • University started and I have limited free time. In fact, I mostly develop during midnight
    • I live in Taiwan, which has large time zone differences between my European/American contributors/testers, which usually forces me to stay up late at night to discuss/test stuffs.
    • The new version is about to come, I don't want to spend effort on supporting old releases
    The planned update is delayed again and again, to some point I think I'll shed some light about what has been happening lately, also along with some announcements.

    New Forum!
    As you might have already discovered, Magisk got its own subforum on XDA! Many thanks to all the support you gave me, and much more information/features/support is about to come!
    **For developers supporting all the devices that are not using standard Android boot format, feel free to create threads in this section (actually, PLEASE do so) for your favorite devices after v7 is out. As I currently know, Asus devices require signing the boot image before flashing, and is model dependant; Sony devices seems to use ELF kernel that is unpatchable, or some has two ramdisks (inner + outer), both requires different workarounds; LG bootloader locked devices has to manually "BUMP" the boot image after flashing Magisk..... and there may be lots of other crazy boot image formats that haven't come up to my attention yet.
    It is impossible for me to support all these non-standard boot images, and I hope the community can collaborate to make Magisk running across all the devices. Overall, community collaboration is what XDA about :D

    The Pixel Phone
    Some of you might already know this news, that the next Pixel Phone right around the corner seems like it does not have ramdisk in boot image, which pretty much wrecked Magisk in all ways. However, it pretty much doomed root itself too. Kernel modifications is inevitable IMO, so I'll try to migrate my scripts to C programs that could possibly be included into the kernel itself. Note that I'm not familiar with linux kernel, I'm not even sure if my idea and concept is correct or not. But once the device is available, I think developers will find a way to bypass all the difficulties, and I'll do my best to learn things ;)

    Current Progress
    In the past month, I've spent quite some time learning SELinux, so that I can avoid using SuperSU's sepolicy patches. Thanks to the helps and tips from @phhusson and @Chainfire, I finally have a much clearer understanding of how SELinux works. The Magisk core parts (the scripts, boot image patches, new features, more supports) are actually done some time ago. What is causing all the delays is the Magisk Manager.
    To be completely honest, although I can code in Java without much issues, Magisk Manager is actually my first Android application, I had to reach out for assistance, and fortunately awesome developers like @DVDandroid and @digitalhigh contributed a lot, which makes the current Manager awesome.
    After the repo system and module management is mostly done, I was about to do some adjustments and release, but what we really done is decided to add another feature: auto-unroot with per-app settings. I decided to wait for it to be finished, and then do my adjustments. Due to reasons that'll be mentioned later, this feature will likely not be available for the next release (should come in future updates)

    Safety Net Disaster
    Those who are using Magisk for Safety Net bypass purposes must have known that Google recently updated the detection method of my Systemless Xposed. I still have no idea what Safety Net is detecting, so currently I cannot fix it on my side (also because I'm busy working on the next update). However, suhide developed by @Chainfire is able to hide Xposed and worked fine.
    However, only my Systemless Xposed v86.2, which is based on SuperSU's su.d, is supported using that method. v86.2 and v86.5 (latest, Magisk based) have nearly identical binaries, and the only difference is the path where the binaries are stored.
    I'm still not sure what's the real issue for it not being supported, I just hope it is not done intentionally.

    Conclusion
    Due to the fact that my Safety Net bypass is not 100% perfect now, I do not want to spend any more time waiting for auto-unroot to be polished. What I'm doing now is finishing up all the things I'd like to change in Magisk Manager (it has been a while since I last contributed to Manager, my fellow developers are doing all the heavy job), which might take a little more time, after that, packed with tons of information to be announced in Magisk Section, I'll release the long awaited update.

    Hope this lengthy post gives you the idea of the whole situation, and again thanks for all your support!!
    View
    121
    Chainfire
    Chainfire
    Ah, some Chainfire bashing, I hope it is not too late for me to exercise additional villainy.

    First, let me make clear I have nothing against @topjohnwu, nor against Magisk. Magisk is an interesting project and it certainly displays @topjohnwu ingenuity and persistence. I don't doubt we will see more interesting things from his hands.

    -------------------------

    What has happened here is not all that dark and complicated, from either end. I returned from holidays, and someone pointed me at Magisk. My first thought: interesting!

    Among other things, the thread lists some issues with SuperSU, which in combination with the phrase The developer also requests users to not bug Chainfire with compatibility requests for SuperSU with Magisk from the portal article, raised my left eyebrow by nigh half an inch. The popular systemless xposed mod is apparently now based on it, and apparently it now no longer works with SuperSU, and apparently I'm not supposed to fix that, nor any of the other found issues. I found that a bit weird. So yes, I have told @topjohnwu that I was a bit surprised he was posting about issues with SuperSU without notifying me about them (I can't fix or help fix issues I'm not aware of, after all).

    He's also spreading a modified version of the SuperSU package, which is not all that uncommon, nor necessarily a problem. I have not looked into what he modified, I only ran a few quick tests on one of my devices, and found some commonly used commands run as root to be broken. I have informed him of this as well.

    It appears the tool of choice for Magisk is phh's Superuser, because of some of the mentioned issues with SuperSU. That's fine by itself, but fixing issues in that superuser by incorporating SuperSU's binaries into it is a somewhat questionable practise. After all, SuperSU is a commercial closed-source package that helps pay for my dinner, and superuser is a direct competitor. I have informed him that I was surprised he did this without asking for permission. I have expressed similar surprise on him spreading a modified version of LiveBoot (which helps pay for a snack now and then).
    @topjohnwu has also stated that Magisk's scripts are largely influenced by mine (I have not checked). Scripts based on mine are used all over the place on XDA, some people have crafted amazing things based on them, I have never made an issue of this (otherwise I would have just made them binaries). But yes, I have also stated to him that I don't think it's very nice to base something on one program, and then using that to (almost exclusively) push something directly competing with that program.

    tl;dr Towards @topjohnwu, I have:
    - expressed surprise he has issues getting Magisk to work with SuperSU, and has chosen not to inform me about those
    - expressed surprise he is using SuperSU binaries in a competing superuser without permission
    - expressed surprise he is posting a modified LiveBoot without permission
    - informed him of issues with the modified SuperSU he has posted
    - let him know I thought it wasn't very nice to be applying my scripts to benefit seemingly exclusively that same competing superuser

    To be crystal clear:
    - I have not asked for an apology
    - I have not asked for Magisk to be abandoned, neither the root hiding nor systemless module parts, and certainly not systemless xposed
    - I have not made an issue of any of this anywhere, until this post
    - I have not even specifically asked for anything to be taken down (though obviously in my opinion the other superuser package mixed with SuperSU's binaries, as well as the LiveBoot package, should go)
    - I have not reported this thread to XDA moderators for copyright violations or otherwise

    While my conversation with @topjohnwu may not win any awards for being friendly (though it may win some for brevity), I think all things considered my response has been rather mild. To be perfectly honest, until the apology post, I thought this was over with already. I think the apology post was triggered because I haven't replied to his last PM for a while - I was in the zone, it happens.

    To emphasize again, I have nothing against @topjohnwu, Magisk, or systemless xposed, and it is certainly not my goal to see any of them go. If it can be made to work together with SuperSU, great.

    I get it though: you think of something, you want to see if you can make it work, you finally get it to work, you publish it, it takes off - enthusiasm gets the better of you. Maybe in the rush some mistakes are made. That doesn't mean you have to just drop it and run. None of my stuff would make it past 0.1 if I stopped at the first big mistake :)

    Aside from said being in the zone coding, I usually regret actually responding to these sort of things the day after, which has made me hesitant to reply. Surprise me.
    View
    76
    nathanchance
    nathanchance
    Thread temporarily closed so everyone sees this.

    The flood of "SafetyNet isn't working for me either!" posts are not helpful, at all. Please refrain from posting further, it will be looked into. Please do not forget that not passing SafetyNet is 100% NORMAL AND INTENDED when you have an unlocked booloader or running custom firmware. These are workarounds and they will be worked around in turn.

    The Flash
    Forum Moderator

    EDIT: Thread is reopened... I will be cleaning any SafetyNet posts for a while to keep the thread clean for real issues.
    View
    75
    T
    topjohnwu
    Hello everyone!

    I am aware that Google has updated Safety Net that makes Magisk itself a no go for Android Pay. In fact, I witnessed the change live while I am developing the new magiskhide, which should hide all Magisk modules and Magisk installed root.

    Google is serious about Safety Net now, clearly hunting down all possibility to run Xposed with Safety Net passed. I spend quite some time examining the new security measures last midnight, and fortunately it seems that it is possible to run Magisk and root along with Safety Net if no Xposed is running. I'm glad I removed the old root toggle at the right time lol, that is no longer feasible with the latest detection.

    So stay tuned for the next update, it will come with bug fixes, along with the new magiskhide to bypass that Safety Net.

    Google, how will a few systemless mods do any harm :p:p
    View

New posts