Magisk General Support / Discussion

Search This thread

asripath

Senior Member
Jul 12, 2020
269
224
Redmi K20 Pro
Samsung Galaxy Tab A8
Yeah, I removed the ref. to 'app' in quoting this above as it seems app detection isn't triggered 'root found' Alert... OEM unlocking enabled is... The question simply assumes it would be an app but that's a red herring; the app in question starts without even using HMA...

I don't either... But only because I prefer No Bank... 😁

And there may be further issues...

Maybe...

Is OEM unlocking already disabled in Developer Options?

Also, what USNF version are you using?...

Can you check /data/adb/modules/safetynet-fix/service.sh to see if the lines highlighted (at the end) here:
https://github.com/kdrag0n/safetyne...e9b5d57eb43446f4954/magisk/service.sh#L57-L60
exist?...
Don't use USNF...on custom ROM crdroid... it's inbuilt
That OEM unlock prop change in USNF was proposed and finally rejected by @kdrag0n and removed from @Displax patch set (later merged in official USNF)...

It may still exist in older or forked USNF builds, and may also have been added in other hide-solution mods...
OEM unlocking option not available in developer settings and *#*#7378423*#*# doesn't work...away from a computer so cannot check through fastboot at the moment
getprop sys.oem_unlock_allowed
0
mmm... But said 'root' detected, so seems it's per my 'Alert' screenshot... PW
User never mentioned what error he/she was getting in relation to app failure to work...you got OEM unlock alert and me accessibility and vpn
 
Last edited:

pndwal

Senior Member
Don't use USNF...on custom ROM crdroid... it's inbuilt

OEM unlocking option not available in developer settings...
Ah... Custom ROM...

Just checked my Mi Pad 4 with LineageOS Developer options, and OEM unlocking is disabled; I haven't done that... Seems disabled by default...

That would explain it on CRDroid too since it's based on LineageOS (although strange OEM unlocking doesn't appear in CRDroid Developer options)...
User never mentioned what error he/she was getting in relation to app failure to work...you got OEM unlock alert and me accessibility and vpn
No, but mentioned 'root detection', not 'an enabled accessibility permission' or 'connection to a VPN network' detected...

And I got 'device rooted' alert, not 'OEM unlock' alert:
IMG_20230326_204619.jpg


However I guess we can assume nothing since we know very little about device / setup...

If on custom LineageOS or CRDroid (or other custom ROM) the member may simply be equating 'root' detection with those other issues, who knows... The member may be wrongly reporting and you may be right. 🙃 PW
 
Last edited:
  • Like
Reactions: asripath

pndwal

Senior Member
What is it that detects me in the Ruru app 🤔
This is 'hidden space'...
IMG_20230326_214132.jpg

In MIUI it seems it may be triggered by either Dual app space or Second space which work differently...

It's easy enough to see and remove both of these data directories from /data/media if they've been created, but the Ruru detection persists for me even when these are absent... Perhaps MIUI has another even better 'hidden space' secretly stashed somewhere... Anyone know? 😬 PW
 

pndwal

Senior Member
If I correctly understand your screenshots, for Accessibility and VPN you have options to Close the app or Skip (and continue to use)?

I had a similar case with one MDM - it found Accessibility and warned but let me continue

Btw, Ruru also warns about Accessibility (screenshot)

It will be stupid if banking and similar apps prohibit the use of regular Google features like Accessibility (users with disabilities) and VPN (users may need for their work)
Yeah, funny 'skip' seems grayed out though...

FWIW, even after enabling Accessibility options and getting this Ruru result:
IMG_20230326_213128.jpg

I still couldn't get the app to produce that alert even after clearing data!... Didn't log in though; may occur after that I guess... PW
 

Robbo.5000

Senior Member
Apologies if a solution is already buried in the thread. I've tried a basic search of the thread but couldn't find anything specific.
I'm on the latest stable build of Magisk and have been for a long time. I've got everything set up fine and all financial apps working. However my main banking app detects the Magisk app, even after 'hiding', and has done for about 18 months. At the time this started happening others reported the same thing from other banks. The solution has been to freeze the Magisk app, then unfreeze when needed.
I'm just about to upgrade to LOS 20, so decided on a clean install. As I'm about to configure Magisk again, I decided to check if there is now a better solution to apps that can detect the hidden Magisk app. Would be nice if the Magisk app could remain active and undetected.
 

wugga3

Senior Member
Oct 15, 2014
139
42
Ontario
OnePlus 7T
My device:
Xiaomi RN8T stock A11 MIUI
Magisk Canary 25209
Latest Shamiko public release (for proper root hiding]
[LSPosed Hide My AppList, but not needed for this app]

This app is detecting OEM unlocking when enabled in Developer options (even if enabled with developer options disabled)... With the above setup I get:
View attachment 5872335
With OEM unlocking disabled:
View attachment 5872341
... It's not detecting USB debugging or Developer Options itself...

I have disabled OEM unlocking on my device and rebooted and all is fine... While I believe this is normally safe with the important exception of Magisk use with relocked bootloader (ie. with custom keys set to allow relocking with custom mods incl. Magisk etc), I'm not certain of this... Others may like to verify the safety of disabling OEM unlocking with normal (unlocked device) Magisk use...

The App can be used by disabling OEM unlocking before a reboot however, so you can always enable it again before a reboot...

Hope this fixes your issue! 👍 PW
Strange cause I was also OEM unlocked and got past the device rooted error so wonder what the difference is between the two?
 

pndwal

Senior Member
Strange cause I was also OEM unlocked and got past the device rooted error so wonder what the difference is between the two?
Not sure what you mean... Do you mean bootloader is unlocked, or you have OEM unlocking enabled in Developer options?... I needed to disable that...

If you can't see that in Developer options please say what ROM you use... Guessing it would be a custom one in that case... PW
 

zgfg

Senior Member
Oct 10, 2016
8,969
6,706
Redmi K20 / Xiaomi Mi 9T
Xiaomi Mi 11 Ultra
Can someone please help me in hiding the root for Yes bank app. I was able to hide the root from all the banking apps but no luck with the yes bank after recent update. I have hidden it from denylist in magisk added to hide my list, also enabled it with in lsposed app hide my list app. All the other apps are working fine except this. Is there a way to find which app is the reason for the root detection. CTS profile, playstore is certified too.

No warning or error whatsoever (Magisk Delta, Zygisk and SuList, App data isolation and Reset sensitive props - with Developer options, OEM Unlocking, USB Debugging and Accessibility enabled)

Cannot proceed (not having the account)
 

Attachments

  • Screenshot_2023-03-26-16-48-04-349_com.atomyes.jpg
    Screenshot_2023-03-26-16-48-04-349_com.atomyes.jpg
    301.6 KB · Views: 42
  • Screenshot_2023-03-26-16-51-28-141_com.android.settings.jpg
    Screenshot_2023-03-26-16-51-28-141_com.android.settings.jpg
    344.7 KB · Views: 40
Last edited:

pndwal

Senior Member
Apologies if a solution is already buried in the thread. I've tried a basic search of the thread but couldn't find anything specific.
I'm on the latest stable build of Magisk and have been for a long time. I've got everything set up fine and all financial apps working. However my main banking app detects the Magisk app, even after 'hiding', and has done for about 18 months. At the time this started happening others reported the same thing from other banks. The solution has been to freeze the Magisk app, then unfreeze when needed.
I'm just about to upgrade to LOS 20, so decided on a clean install. As I'm about to configure Magisk again, I decided to check if there is now a better solution to apps that can detect the hidden Magisk app. Would be nice if the Magisk app could remain active and undetected.
Please name the app... PW
 

pndwal

Senior Member
It's com.krungsri.kma. Though I don't believe it's particularly relevant.
No?...
IMG_20230327_021626.jpg


My device:
Xiaomi RN8T stock A11 MIUI,
Magisk Canary 25209,
Latest Shamiko public release (for proper root hiding),
LSPosed Hide My AppList module configured to hide all apps associated with root,
OEM unlocking disabled,
USB debugging disabled,
Developer options disabled...

Guessing you need Hide My Applist... 🤠 PW
 
  • Like
Reactions: Robbo.5000

wugga3

Senior Member
Oct 15, 2014
139
42
Ontario
OnePlus 7T
Not sure what you mean... Do you mean bootloader is unlocked, or you have OEM unlocking enabled in Developer options?... I needed to disable that...

If you can't see that in Developer options please say what ROM you use... Guessing it would be a custom one in that case... PW
Stock Oxygen OS latest stable (OnePlus 7T)
Official Magisk stable v25.2
Universal safetynet fix 2.3.1-MOD2.1 kdragOn mod by displax
Enforce denylist

Put Yes bank into denylist and got past the root detection (after Yes app data cleared)

Nothin else to see here other than I couldn't take screenshots of the Yes app due to the sensitive/private personal information. (LOL).
 

Attachments

  • Screenshot_2023-03-26-12-05-31-85_fc704e6b13c4fb26bf5e411f75da84f2.jpg
    Screenshot_2023-03-26-12-05-31-85_fc704e6b13c4fb26bf5e411f75da84f2.jpg
    294.6 KB · Views: 32

Robbo.5000

Senior Member
Of course it's relevant. Different banking apps use different detection techniques and require different approaches to bypassing them.
If you are lucky, someone here will work it out for you by installing it themselves and figuring out the correct method.

Edit: as @pndwal has just done as I was typing 😃
I'd already stated previously that the app is detecting the 'hidden' Magisk app. I already knew very specifically what detection technique the app was catching me out on. If I freeze the Magisk app the banking app works. So everything else I'd done within Magisk was working. I didn't need, nor ask for someone to work it out for me. I just asked specifically what is a better solution than freezing the Magisk app, when an app detects the Magisk app is installed, even after it's been hidden.
It sounds like the better solution I need is Hide My Applist.
 

Robbo.5000

Senior Member
No?...
View attachment 5873033

My device:
Xiaomi RN8T stock A11 MIUI,
Magisk Canary 25209,
Latest Shamiko public release (for proper root hiding),
LSPosed Hide My AppList module configured to hide all apps associated with root,
OEM unlocking disabled,
USB debugging disabled,
Developer options disabled...

Guessing you need Hide My Applist... 🤠 PW
Ok thanks, I'll investigate Hide My Applist.
 

zgfg

Senior Member
Oct 10, 2016
8,969
6,706
Redmi K20 / Xiaomi Mi 9T
Xiaomi Mi 11 Ultra
Ok thanks, I'll investigate Hide My Applist.
Yeah, without HMA your banking app KMA complains something on the Web, with HMA it opens (screenshot)

Unlike @pndwal (he uses HMA with the Blacklist template), I use HMA in the Whitelist mode (no templates), as on the screenshot
 

Attachments

  • Screenshot_2023-03-26-19-05-19-100_com.krungsri.kma.jpg
    Screenshot_2023-03-26-19-05-19-100_com.krungsri.kma.jpg
    329.6 KB · Views: 45
  • Screenshot_2023-03-26-19-05-04-205_com.tsng.hidemyapplist.jpg
    Screenshot_2023-03-26-19-05-04-205_com.tsng.hidemyapplist.jpg
    316.1 KB · Views: 44

Robbo.5000

Senior Member
Yeah, without HMA your banking app KMA complains something on the Web, with HMA it opens (screenshot)

Unlike @pndwal (he uses HMA with the Blacklist template), I use HMA in the Whitelist mode (no templates), as on the screenshot
Am I right I assuming?
Blacklist mode = hide apps blacklisted from every other app that asks for an applist
Whitelist mode = do not give an applist (or give an empty applist) to any app in the Whitelist
 
  • Like
Reactions: ipdev and J.Michael

Top Liked Posts

  • 2
    These posts are from 2020 magisk has evolved greatly since then.
    Please layout your question for a modern audience. State your device, magisk version android version and issue clearly.
    Thanks it'll be good to provide help to you.

    Especially since the first post you quoted refers to a post that at that time hadn't been created
    1
    Shamiko v0.7.3 (174), 06/04/2023
    What's new:
    Requires Magisk 26000+ / KernelSU 10940+
    Follow root profile on KernelSU
  • 8
    So as well as making it easier to keep root with an ota we can have the same firmware on the device one rooted and one not? So if magisk hide/safetynet/etc aren't working we can boot to the non rooted firmware to use wallet/banking apps etc and then boot back to rooted. Or is it a bit more complicated than that? Never had a pixel device before
    Others have already addressed your question, but for me, the biggest benefit here is to have a safety valve in place where your inactive slot is bootable (without first having to flash the firmware) in case you get into a hairy situation where your active slot becomes unbootable for whatever reason. May be useful in some situations.
    8
    Hello!
    How do you know?
    You must be an expert or something

    Nigerian-Meme.jpg 😜 PW
    7
    Yeah, if I want to run a custom kernel (Pixel 7) then I need to wipe. Should have sideloaded (not booted up), then gone into bootloader and run fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img to that slot. Once booted after sideload/flashing the firmware it's too late as it's enabled after booting. Don't think it matters if you do it before or after flashing the patched image, just as long as you do it before you boot up. Oh well, lol...

    Nothing to do with what we were testing, just custom kernel related. Seems to also help to avoid getting the red eio corrupt message when things may not go as expected.
    Thanks, I realize it is only needed for custom Kernel cases.
    I should add extracting vbmeta from payload.bin then in addition to boot.img / init_boot.img so that the step can be performed if the options are selected.
    6
    Update:

    On a Pixel 5 device, I managed to have both slots bootable.
    One slot rooted, and the other not, both on the same 2023-05 firmware.

    The process is as follows (which PF will support OOB in the next release)
    - Sideload full OTA
    - Reboot to bootloader
    - Flash patched image.
    - reboot to system (observe root)
    - Sideload full OTA
    - Reboot to System (no patching, observe no root)
    - Switch slot (observe root)

    With Pixel 5, one is able to make changes to boot after sideload but before reboot.
    It still needs to be tested if this works on Pixel 6, 7 * devices

    I find flashing full OTA is slower than flashing full factory, but the benefit of having both slots bootable is a big bonus.
    6
    I think it would be good to support, and I posted disambiguation due to some confusion above.

    Rather than being 'highly discouraged' (it's not; it's plum necessary 🤪) patching recovery partition is actually the only option for most A-only devices launched with Android 9 (legacy SAR, circa 2018, 2019) other than Xiaomi models!

    Hope you reconsider... 👍 PW
    Your wish is my command :)
    1684447283639.png

    1684447305575.png


    Although with one caveat,
    Yes I can tell if it is Ramdisk yes or no by running a script, but that requires unpacked Magisk, (for not rooted phone, I would need to unpack)
    And although it is true that PF eventually unpacks to create a patch, but within the workflow, that stage is much later, and that stage is dependent on choices a user makes in the above screen.

    Of course it could be worked out and workflow changed to automatically offer / not offer the choice.
    Considering that the target audience is really minute if at all existent, specially considering that the tool has Pixel in its name, and people who have Pixel phone don't need it, and people who need them wouldn't be looking to tools for Pixel Phones ... lol
    I decided the leave it up to the user the choice to have that option visible or not. (no auto detection)
    The tooltip on option suggests not to turn it on unless ...
    1684447779077.png


    I hope that should be enough.
  • 1094
    This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases.
    All information, including troubleshoot guides and notes, are in the Announcement Thread
    156
    Hello, I haven't given much support on XDA lately. It can be resulted from
    • University started and I have limited free time. In fact, I mostly develop during midnight
    • I live in Taiwan, which has large time zone differences between my European/American contributors/testers, which usually forces me to stay up late at night to discuss/test stuffs.
    • The new version is about to come, I don't want to spend effort on supporting old releases
    The planned update is delayed again and again, to some point I think I'll shed some light about what has been happening lately, also along with some announcements.

    New Forum!
    As you might have already discovered, Magisk got its own subforum on XDA! Many thanks to all the support you gave me, and much more information/features/support is about to come!
    **For developers supporting all the devices that are not using standard Android boot format, feel free to create threads in this section (actually, PLEASE do so) for your favorite devices after v7 is out. As I currently know, Asus devices require signing the boot image before flashing, and is model dependant; Sony devices seems to use ELF kernel that is unpatchable, or some has two ramdisks (inner + outer), both requires different workarounds; LG bootloader locked devices has to manually "BUMP" the boot image after flashing Magisk..... and there may be lots of other crazy boot image formats that haven't come up to my attention yet.
    It is impossible for me to support all these non-standard boot images, and I hope the community can collaborate to make Magisk running across all the devices. Overall, community collaboration is what XDA about :D

    The Pixel Phone
    Some of you might already know this news, that the next Pixel Phone right around the corner seems like it does not have ramdisk in boot image, which pretty much wrecked Magisk in all ways. However, it pretty much doomed root itself too. Kernel modifications is inevitable IMO, so I'll try to migrate my scripts to C programs that could possibly be included into the kernel itself. Note that I'm not familiar with linux kernel, I'm not even sure if my idea and concept is correct or not. But once the device is available, I think developers will find a way to bypass all the difficulties, and I'll do my best to learn things ;)

    Current Progress
    In the past month, I've spent quite some time learning SELinux, so that I can avoid using SuperSU's sepolicy patches. Thanks to the helps and tips from @phhusson and @Chainfire, I finally have a much clearer understanding of how SELinux works. The Magisk core parts (the scripts, boot image patches, new features, more supports) are actually done some time ago. What is causing all the delays is the Magisk Manager.
    To be completely honest, although I can code in Java without much issues, Magisk Manager is actually my first Android application, I had to reach out for assistance, and fortunately awesome developers like @DVDandroid and @digitalhigh contributed a lot, which makes the current Manager awesome.
    After the repo system and module management is mostly done, I was about to do some adjustments and release, but what we really done is decided to add another feature: auto-unroot with per-app settings. I decided to wait for it to be finished, and then do my adjustments. Due to reasons that'll be mentioned later, this feature will likely not be available for the next release (should come in future updates)

    Safety Net Disaster
    Those who are using Magisk for Safety Net bypass purposes must have known that Google recently updated the detection method of my Systemless Xposed. I still have no idea what Safety Net is detecting, so currently I cannot fix it on my side (also because I'm busy working on the next update). However, suhide developed by @Chainfire is able to hide Xposed and worked fine.
    However, only my Systemless Xposed v86.2, which is based on SuperSU's su.d, is supported using that method. v86.2 and v86.5 (latest, Magisk based) have nearly identical binaries, and the only difference is the path where the binaries are stored.
    I'm still not sure what's the real issue for it not being supported, I just hope it is not done intentionally.

    Conclusion
    Due to the fact that my Safety Net bypass is not 100% perfect now, I do not want to spend any more time waiting for auto-unroot to be polished. What I'm doing now is finishing up all the things I'd like to change in Magisk Manager (it has been a while since I last contributed to Manager, my fellow developers are doing all the heavy job), which might take a little more time, after that, packed with tons of information to be announced in Magisk Section, I'll release the long awaited update.

    Hope this lengthy post gives you the idea of the whole situation, and again thanks for all your support!!
    121
    Ah, some Chainfire bashing, I hope it is not too late for me to exercise additional villainy.

    First, let me make clear I have nothing against @topjohnwu, nor against Magisk. Magisk is an interesting project and it certainly displays @topjohnwu ingenuity and persistence. I don't doubt we will see more interesting things from his hands.

    -------------------------

    What has happened here is not all that dark and complicated, from either end. I returned from holidays, and someone pointed me at Magisk. My first thought: interesting!

    Among other things, the thread lists some issues with SuperSU, which in combination with the phrase The developer also requests users to not bug Chainfire with compatibility requests for SuperSU with Magisk from the portal article, raised my left eyebrow by nigh half an inch. The popular systemless xposed mod is apparently now based on it, and apparently it now no longer works with SuperSU, and apparently I'm not supposed to fix that, nor any of the other found issues. I found that a bit weird. So yes, I have told @topjohnwu that I was a bit surprised he was posting about issues with SuperSU without notifying me about them (I can't fix or help fix issues I'm not aware of, after all).

    He's also spreading a modified version of the SuperSU package, which is not all that uncommon, nor necessarily a problem. I have not looked into what he modified, I only ran a few quick tests on one of my devices, and found some commonly used commands run as root to be broken. I have informed him of this as well.

    It appears the tool of choice for Magisk is phh's Superuser, because of some of the mentioned issues with SuperSU. That's fine by itself, but fixing issues in that superuser by incorporating SuperSU's binaries into it is a somewhat questionable practise. After all, SuperSU is a commercial closed-source package that helps pay for my dinner, and superuser is a direct competitor. I have informed him that I was surprised he did this without asking for permission. I have expressed similar surprise on him spreading a modified version of LiveBoot (which helps pay for a snack now and then).
    @topjohnwu has also stated that Magisk's scripts are largely influenced by mine (I have not checked). Scripts based on mine are used all over the place on XDA, some people have crafted amazing things based on them, I have never made an issue of this (otherwise I would have just made them binaries). But yes, I have also stated to him that I don't think it's very nice to base something on one program, and then using that to (almost exclusively) push something directly competing with that program.

    tl;dr Towards @topjohnwu, I have:
    - expressed surprise he has issues getting Magisk to work with SuperSU, and has chosen not to inform me about those
    - expressed surprise he is using SuperSU binaries in a competing superuser without permission
    - expressed surprise he is posting a modified LiveBoot without permission
    - informed him of issues with the modified SuperSU he has posted
    - let him know I thought it wasn't very nice to be applying my scripts to benefit seemingly exclusively that same competing superuser

    To be crystal clear:
    - I have not asked for an apology
    - I have not asked for Magisk to be abandoned, neither the root hiding nor systemless module parts, and certainly not systemless xposed
    - I have not made an issue of any of this anywhere, until this post
    - I have not even specifically asked for anything to be taken down (though obviously in my opinion the other superuser package mixed with SuperSU's binaries, as well as the LiveBoot package, should go)
    - I have not reported this thread to XDA moderators for copyright violations or otherwise

    While my conversation with @topjohnwu may not win any awards for being friendly (though it may win some for brevity), I think all things considered my response has been rather mild. To be perfectly honest, until the apology post, I thought this was over with already. I think the apology post was triggered because I haven't replied to his last PM for a while - I was in the zone, it happens.

    To emphasize again, I have nothing against @topjohnwu, Magisk, or systemless xposed, and it is certainly not my goal to see any of them go. If it can be made to work together with SuperSU, great.

    I get it though: you think of something, you want to see if you can make it work, you finally get it to work, you publish it, it takes off - enthusiasm gets the better of you. Maybe in the rush some mistakes are made. That doesn't mean you have to just drop it and run. None of my stuff would make it past 0.1 if I stopped at the first big mistake :)

    Aside from said being in the zone coding, I usually regret actually responding to these sort of things the day after, which has made me hesitant to reply. Surprise me.
    76
    Thread temporarily closed so everyone sees this.

    The flood of "SafetyNet isn't working for me either!" posts are not helpful, at all. Please refrain from posting further, it will be looked into. Please do not forget that not passing SafetyNet is 100% NORMAL AND INTENDED when you have an unlocked booloader or running custom firmware. These are workarounds and they will be worked around in turn.

    The Flash
    Forum Moderator

    EDIT: Thread is reopened... I will be cleaning any SafetyNet posts for a while to keep the thread clean for real issues.
    75
    Hello everyone!

    I am aware that Google has updated Safety Net that makes Magisk itself a no go for Android Pay. In fact, I witnessed the change live while I am developing the new magiskhide, which should hide all Magisk modules and Magisk installed root.

    Google is serious about Safety Net now, clearly hunting down all possibility to run Xposed with Safety Net passed. I spend quite some time examining the new security measures last midnight, and fortunately it seems that it is possible to run Magisk and root along with Safety Net if no Xposed is running. I'm glad I removed the old root toggle at the right time lol, that is no longer feasible with the latest detection.

    So stay tuned for the next update, it will come with bug fixes, along with the new magiskhide to bypass that Safety Net.

    Google, how will a few systemless mods do any harm :p:p