Whitelist (I don't have a template) as on my screenshot
Blacklist, with Blacklist template, as described in the HMA Guide thread (actually, it's OP post #1 now points to the HMA Guide on GitHub)
Magisk General Support / Discussion
- Thread starter topjohnwu
- Start date
Blacklist, with Blacklist template, as described in the HMA Guide thread (actually, it's OP post #1 now points to the HMA Guide on GitHub)
Ok thanks and thanks to @pndwal also. I've installed it and got it configured. Everything's working fine and no more freezing and unfreezing apps.
OEM Unlocked and OEM Locked on Samsung S7 9.0 nothing helps for Yes bank, it seems to detect invalid certificateMy device:
Xiaomi RN8T stock A11 MIUI
Magisk Canary 25209
Latest Shamiko public release (for proper root hiding]
[LSPosed Hide My AppList, but not needed for this app]
This app is detecting OEM unlocking when enabled in Developer options (even if enabled with developer options disabled)... With the above setup I get:
View attachment 5872335
With OEM unlocking disabled:
View attachment 5872341
... It's not detecting USB debugging or Developer Options itself...
I have disabled OEM unlocking on my device and rebooted and all is fine... While I believe this is normally safe with the important exception of Magisk use with relocked bootloader (ie. with custom keys set to allow relocking with custom mods incl. Magisk etc), I'm not certain of this... Others may like to verify the safety of disabling OEM unlocking with normal (unlocked device) Magisk use...
The App can be used by disabling OEM unlocking before a reboot however, so you can always enable it again before a reboot...
Hope this fixes your issue!PW
Attachments
No, I said same as you. As long as no patched boot.img is active, the contents of /data/adb/ are not mounted.
Did you install a certificate some time ago? Open settings menu and type "certificate" in the searchbar. You should see an overview of your installed certificates.OEM Unlocked and OEM Locked on Samsung S7 9.0 nothing helps for Yes bank, it seems to detect invalid certificate
Are you using an adblock app or sth else with VPN?
So, disabling the oem unlocking worked for me. Will that the be an issue if I reboot my device?My device:
Xiaomi RN8T stock A11 MIUI
Magisk Canary 25209
Latest Shamiko public release (for proper root hiding]
[LSPosed Hide My AppList, but not needed for this app]
This app is detecting OEM unlocking when enabled in Developer options (even if enabled with developer options disabled)... With the above setup I get:
View attachment 5872335
With OEM unlocking disabled:
View attachment 5872341
... It's not detecting USB debugging or Developer Options itself...
I have disabled OEM unlocking on my device and rebooted and all is fine... While I believe this is normally safe with the important exception of Magisk use with relocked bootloader (ie. with custom keys set to allow relocking with custom mods incl. Magisk etc), I'm not certain of this... Others may like to verify the safety of disabling OEM unlocking with normal (unlocked device) Magisk use...
The App can be used by disabling OEM unlocking before a reboot however, so you can always enable it again before a reboot...
Hope this fixes your issue!
Installing safetynet sensitive prop module worked for me. Thanks all for the help!
I believe that is wrong: "/data/adb" isn't mounted, it just is.
If you believe that "/data/adb" is mounted, then from where do you believe it is mounted?
Magisk Magic Mask (overlay) works when "module files are magic mounted".
https://topjohnwu.github.io/Magisk/details.html#post-fs-data
Modules are mounted as /system overlays to function... Specifically module directories as
system <--- This folder will be mounted if skip_mount does not existhttps://topjohnwu.github.io/Magisk/guides.html#magisk-modules
Other files are mounted too:
https://topjohnwu.github.io/Magisk/details.html#paths-in-magisk-tmpfs-directory
So if content in /data/adb is not mounted, Magisk (Mask) is not working...
Use
Magisk --path to print Magisk tmpfs mount pathIncidentally, much refactoring of Magisk mount is being done ATM... We recently got:
Refactor magic mount to support overlayfs
and other commits will ensure better module compatibility incl. proper ability to systemlessly remove directories etc...
PW
Last edited:
Some systems (ROMs) may sanitize this location much as they do with/system files at boot time, but most do not AFAIK...
/data/adb content is generally preserved even with stock boot.img loaded, and many of us rely on this for module and configuration survival... Booting a stock boot.img will generally not result in an empty /data/adb folder...
PW~ $ mount | grep adb
adb on /dev/usb-ffs/adb type functionfs (rw,relatime)
/dev/block/dm-0 on /apex/com.android.adbd type ext4 (ro,relatime,seclabel)
/dev/Zcr/.magisk/block/system_root on /system/bin/badblocks type ext4 (ro,relatime,seclabel)
~ $
So that would explain it anyway... Something is forcing sys.oem_unlock_allowed = 0 regardless of Developer option setting...
On my device I get sys.oem_unlock_allowed = 1 as soon as OEM unlocking is enabled in Developer options...
As I mentioned, this forced prop was considered for USNF but rejected due to producing misleading Developer option state:
https://github.com/kdrag0n/safetynet-fix/pull/240#issuecomment-1368867689
@huskydg originally cautioned against this, but some module may be doing that, what he suggested here
https://github.com/kdrag0n/safetynet-fix/pull/240#issuecomment-1368497042
or other...
One instance where such a misleading Developer option state could be disastrous is if a user (especially Pixel or OnePlus) re-locks bootloader with custom mods and custom keys, eg using avbroot script w/ Magisk... Whether mislead by false Developer options or not, you know of this case where a member recently hardbricked Pixel 6 Pro with no known way to recover:
https://forum.xda-developers.com/t/...third-party-magisk-fork.4460555/post-88327781
PW
Magisk Delta with SuList, no need to prepare anything before testing
Finding only ReVanced YT (module) - first screenshot, second with RV disabled
Edit: Download from Magikisune
Finding only ReVanced YT (module) - first screenshot, second with RV disabled
Edit: Download from Magikisune
Attachments
Last edited:
I use Magisk to hide the rooted status for an app, on my samsung a21s, after the process my sim card shows emergency calls only
sus.apk, download from TG channel as on the screenshot in my quoted post #55033
Actually, the same apk on GitHub:
GitHub - HuskyDG/Sample_Detector: ???
??? Contribute to HuskyDG/Sample_Detector development by creating an account on GitHub.
github.com
Last edited:
Stock Android?... Did you flash all 4 binaries w/ Odin?... Did you transfer files using ADB pull (not MTP)?... PW
Is there any way to test whether it can really make an emergency call without actually making an emergency call?
Did you add the name of the app to a list, like Hide List, Deny List,...? Are you using HMA? Did you add the app to HMA's list?
What I am really working towards is, did you maybe add other, especially system, apps to a list? You probably shouldn't.
Similar threads
Top Liked Posts
-
4https://forum.xda-developers.com/t/...r-root-pixel-7-pro-cheetah-safetynet.4502805/
VERY IMPORTANT - On the Pixel 7/Pro, we use Magisk to patch init_boot.img, NOT boot.img AND we flash the patched init_boot to the init_boot partition - do not flash it to the boot partition.
2
Apparently, there was also a change in the $MAGISKTMP variable (available during the Installation of Magisk modules):"New magisk tmp dir: /debug_ramdisk"
Magisk - [GitHub] - commit
Example: Pixel 3a Lineage 19.1
Not sure if it helps but, that was the change.
¯\_(ツ)_/¯
Cheers.
In Magisk v26 it points to magisk --path (the new path), in the older Magisk versions it pointed to the subfolder .magisk of the old magisk --path
Nevertheless, I made the modifications that both AML and JamesDSP modules can now work also on Magisk v26 (zip installations attached in the quoted post):
https://forum.xda-developers.com/t/jamesdsp-audio-manager-mmt-ex.3607970/post-88598223 -
87
You might be interested in this.
If you are using the current Magisk canary build, addon.d support was fixed.
A few weeks ago, I tested it on my Pixel 3a and made a post in The Age of Zygisk thread.
Post #3,128
Since I did not install Magisk via recovery, I made a module that overlays Magisk's addon.d script into the system/addon.d directory.
The module is not necessary after the first OTA.
- The OTA updater will actually restore the Magisk script into system with the others.
Magisk Survival Module - [GitHub] - Link
Please read all of the readme if you decide to use it.
- This only works with addon.d-v2 (A/B slot devices).
Cheers.
PS.
I have updated my 3a using the OTA updater 4/5 times now and Magisk is retained each time.
No need to manually patch and flash the new boot image after update.7
Thanks, I realize it is only needed for custom Kernel cases.
I should add extracting vbmeta from payload.bin then in addition to boot.img / init_boot.img so that the step can be performed if the options are selected.7
Others have already addressed your question, but for me, the biggest benefit here is to have a safety valve in place where your inactive slot is bootable (without first having to flash the firmware) in case you get into a hairy situation where your active slot becomes unbootable for whatever reason. May be useful in some situations.7
I believe "needing to call other functions first to set up environment variables" is exactly why he is getting a different result from the app.
I could gut out all the relevant bits for him to run, but, not trying to offend here, I kind of don't see what the point of all this has been, so I don't think I can justify putting in that amount of effort when I've got my own stuff to be doing... 🫤
Edit: One final thought. It could also be that he needs to use Magisk's busybox and busybox ash env for some of the commands like Magisk would be to get the intended output.
The boot.img contains the ramdisk.cpio.gz/.lz4/.lzma/.xz and while text strings may get stored as-is in a compression format, that isn't guaranteed and the compression might find something it thinks it can "optimize" for space savings. That's why `magiskboot cpio <file> sha1` is run on the uncompressed ramdisk.cpio.
-
1094This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases.
All information, including troubleshoot guides and notes, are in the Announcement Thread156Hello, I haven't given much support on XDA lately. It can be resulted from
- University started and I have limited free time. In fact, I mostly develop during midnight
- I live in Taiwan, which has large time zone differences between my European/American contributors/testers, which usually forces me to stay up late at night to discuss/test stuffs.
- The new version is about to come, I don't want to spend effort on supporting old releases
New Forum!
As you might have already discovered, Magisk got its own subforum on XDA! Many thanks to all the support you gave me, and much more information/features/support is about to come!
**For developers supporting all the devices that are not using standard Android boot format, feel free to create threads in this section (actually, PLEASE do so) for your favorite devices after v7 is out. As I currently know, Asus devices require signing the boot image before flashing, and is model dependant; Sony devices seems to use ELF kernel that is unpatchable, or some has two ramdisks (inner + outer), both requires different workarounds; LG bootloader locked devices has to manually "BUMP" the boot image after flashing Magisk..... and there may be lots of other crazy boot image formats that haven't come up to my attention yet.
It is impossible for me to support all these non-standard boot images, and I hope the community can collaborate to make Magisk running across all the devices. Overall, community collaboration is what XDA about
The Pixel Phone
Some of you might already know this news, that the next Pixel Phone right around the corner seems like it does not have ramdisk in boot image, which pretty much wrecked Magisk in all ways. However, it pretty much doomed root itself too. Kernel modifications is inevitable IMO, so I'll try to migrate my scripts to C programs that could possibly be included into the kernel itself. Note that I'm not familiar with linux kernel, I'm not even sure if my idea and concept is correct or not. But once the device is available, I think developers will find a way to bypass all the difficulties, and I'll do my best to learn things
Current Progress
In the past month, I've spent quite some time learning SELinux, so that I can avoid using SuperSU's sepolicy patches. Thanks to the helps and tips from @phhusson and @Chainfire, I finally have a much clearer understanding of how SELinux works. The Magisk core parts (the scripts, boot image patches, new features, more supports) are actually done some time ago. What is causing all the delays is the Magisk Manager.
To be completely honest, although I can code in Java without much issues, Magisk Manager is actually my first Android application, I had to reach out for assistance, and fortunately awesome developers like @DVDandroid and @digitalhigh contributed a lot, which makes the current Manager awesome.
After the repo system and module management is mostly done, I was about to do some adjustments and release, but what we really done is decided to add another feature: auto-unroot with per-app settings. I decided to wait for it to be finished, and then do my adjustments. Due to reasons that'll be mentioned later, this feature will likely not be available for the next release (should come in future updates)
Safety Net Disaster
Those who are using Magisk for Safety Net bypass purposes must have known that Google recently updated the detection method of my Systemless Xposed. I still have no idea what Safety Net is detecting, so currently I cannot fix it on my side (also because I'm busy working on the next update). However, suhide developed by @Chainfire is able to hide Xposed and worked fine.
However, only my Systemless Xposed v86.2, which is based on SuperSU's su.d, is supported using that method. v86.2 and v86.5 (latest, Magisk based) have nearly identical binaries, and the only difference is the path where the binaries are stored.
I'm still not sure what's the real issue for it not being supported, I just hope it is not done intentionally.
Conclusion
Due to the fact that my Safety Net bypass is not 100% perfect now, I do not want to spend any more time waiting for auto-unroot to be polished. What I'm doing now is finishing up all the things I'd like to change in Magisk Manager (it has been a while since I last contributed to Manager, my fellow developers are doing all the heavy job), which might take a little more time, after that, packed with tons of information to be announced in Magisk Section, I'll release the long awaited update.
Hope this lengthy post gives you the idea of the whole situation, and again thanks for all your support!!121Ah, some Chainfire bashing, I hope it is not too late for me to exercise additional villainy.
First, let me make clear I have nothing against @topjohnwu, nor against Magisk. Magisk is an interesting project and it certainly displays @topjohnwu ingenuity and persistence. I don't doubt we will see more interesting things from his hands.
-------------------------
What has happened here is not all that dark and complicated, from either end. I returned from holidays, and someone pointed me at Magisk. My first thought: interesting!
Among other things, the thread lists some issues with SuperSU, which in combination with the phrase The developer also requests users to not bug Chainfire with compatibility requests for SuperSU with Magisk from the portal article, raised my left eyebrow by nigh half an inch. The popular systemless xposed mod is apparently now based on it, and apparently it now no longer works with SuperSU, and apparently I'm not supposed to fix that, nor any of the other found issues. I found that a bit weird. So yes, I have told @topjohnwu that I was a bit surprised he was posting about issues with SuperSU without notifying me about them (I can't fix or help fix issues I'm not aware of, after all).
He's also spreading a modified version of the SuperSU package, which is not all that uncommon, nor necessarily a problem. I have not looked into what he modified, I only ran a few quick tests on one of my devices, and found some commonly used commands run as root to be broken. I have informed him of this as well.
It appears the tool of choice for Magisk is phh's Superuser, because of some of the mentioned issues with SuperSU. That's fine by itself, but fixing issues in that superuser by incorporating SuperSU's binaries into it is a somewhat questionable practise. After all, SuperSU is a commercial closed-source package that helps pay for my dinner, and superuser is a direct competitor. I have informed him that I was surprised he did this without asking for permission. I have expressed similar surprise on him spreading a modified version of LiveBoot (which helps pay for a snack now and then).
@topjohnwu has also stated that Magisk's scripts are largely influenced by mine (I have not checked). Scripts based on mine are used all over the place on XDA, some people have crafted amazing things based on them, I have never made an issue of this (otherwise I would have just made them binaries). But yes, I have also stated to him that I don't think it's very nice to base something on one program, and then using that to (almost exclusively) push something directly competing with that program.
tl;dr Towards @topjohnwu, I have:
- expressed surprise he has issues getting Magisk to work with SuperSU, and has chosen not to inform me about those
- expressed surprise he is using SuperSU binaries in a competing superuser without permission
- expressed surprise he is posting a modified LiveBoot without permission
- informed him of issues with the modified SuperSU he has posted
- let him know I thought it wasn't very nice to be applying my scripts to benefit seemingly exclusively that same competing superuser
To be crystal clear:
- I have not asked for an apology
- I have not asked for Magisk to be abandoned, neither the root hiding nor systemless module parts, and certainly not systemless xposed
- I have not made an issue of any of this anywhere, until this post
- I have not even specifically asked for anything to be taken down (though obviously in my opinion the other superuser package mixed with SuperSU's binaries, as well as the LiveBoot package, should go)
- I have not reported this thread to XDA moderators for copyright violations or otherwise
While my conversation with @topjohnwu may not win any awards for being friendly (though it may win some for brevity), I think all things considered my response has been rather mild. To be perfectly honest, until the apology post, I thought this was over with already. I think the apology post was triggered because I haven't replied to his last PM for a while - I was in the zone, it happens.
To emphasize again, I have nothing against @topjohnwu, Magisk, or systemless xposed, and it is certainly not my goal to see any of them go. If it can be made to work together with SuperSU, great.
I get it though: you think of something, you want to see if you can make it work, you finally get it to work, you publish it, it takes off - enthusiasm gets the better of you. Maybe in the rush some mistakes are made. That doesn't mean you have to just drop it and run. None of my stuff would make it past 0.1 if I stopped at the first big mistake
Aside from said being in the zone coding, I usually regret actually responding to these sort of things the day after, which has made me hesitant to reply. Surprise me.76Thread temporarily closed so everyone sees this.
The flood of "SafetyNet isn't working for me either!" posts are not helpful, at all. Please refrain from posting further, it will be looked into. Please do not forget that not passing SafetyNet is 100% NORMAL AND INTENDED when you have an unlocked booloader or running custom firmware. These are workarounds and they will be worked around in turn.
The Flash
Forum Moderator
EDIT: Thread is reopened... I will be cleaning any SafetyNet posts for a while to keep the thread clean for real issues.75Hello everyone!
I am aware that Google has updated Safety Net that makes Magisk itself a no go for Android Pay. In fact, I witnessed the change live while I am developing the new magiskhide, which should hide all Magisk modules and Magisk installed root.
Google is serious about Safety Net now, clearly hunting down all possibility to run Xposed with Safety Net passed. I spend quite some time examining the new security measures last midnight, and fortunately it seems that it is possible to run Magisk and root along with Safety Net if no Xposed is running. I'm glad I removed the old root toggle at the right time lol, that is no longer feasible with the latest detection.
So stay tuned for the next update, it will come with bug fixes, along with the new magiskhide to bypass that Safety Net.
Google, how will a few systemless mods do any harm
PW
