Magisk General Support / Discussion

[chiteroman]

Doesn't like ROG 3
View attachment 5926003

They uncomment the code finally XD.

 

[pndwal]

The old module TEE Hide just throw an exception in getCertificateChain method, so apps can't know if bootloader is locked or not. I will try to update AttestationSpoofer to bypass (again) the locked bootloader. They are using another cert class, because it doesn't call this method like previous versions.

Interesting that results vary...

Still, despite KA app adding "Support for saving and loading proofs; Save to file from the menu, send to other devices and load the proof file, thus simulating the normal server authentication process", as I said TEE Hide / AttestationSpoofer is still bypassing B/L status properly in that app on unlocked Xiaomi RN8T:



PW

 

[DaOldMan]

If I use Magisk 26.1 in my rom every app in denylist crashes.
The rom is ViperOS, Android 7.1.1, latest security patch. The log is a follows:

Spoiler: Logcat here

06-05 19:24:01.656 811 1572 I ActivityManager: START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.ideomobile.maccabi/.ui.splash.SplashActivity} from uid 10156 on display 0
06-05 19:24:01.716 811 1839 I ActivityManager: Start proc 12403:com.ideomobile.maccabi/u0a123 for activity com.ideomobile.maccabi/.ui.splash.SplashActivity
06-05 19:24:01.723 427 688 D AudioFlinger: mixer(0xb5983480) throttle end: throttle time(20)
06-05 19:24:01.730 12403 12403 I Magisk : zygisk32: [com.ideomobile.maccabi] is on the denylist
06-05 19:24:01.731 12403 12403 E Zygote : Unsupported st_mode 4480
06-05 19:24:01.731 12403 12403 F art : art/runtime/jni_internal.cc:558] JNI FatalError called: frameworks/base/core/jni/com_android_internal_os_Zygote.cpp:485: Unable to restat file descriptor table.
06-05 19:24:01.755 12403 12403 F art : art/runtime/runtime.cc:422] Runtime aborting...
06-05 19:24:01.755 12403 12403 F art : art/runtime/runtime.cc:422] Aborting thread:
06-05 19:24:01.755 12403 12403 F art : art/runtime/runtime.cc:422] "main" prio=5 tid=1 Native
06-05 19:24:01.755 12403 12403 F art : art/runtime/runtime.cc:422] | group="" sCount=0 dsCount=0 obj=0x7375c4d0 self=0xb4285400
06-05 19:24:01.755 12403 12403 F art : art/runtime/runtime.cc:422] | sysTid=426 nice=0 cgrp=default sched=0/0 handle=0xb6f6a534
06-05 19:24:01.755 12403 12403 F art : art/runtime/runtime.cc:422] | state=? schedstat=( 0 0 0 ) utm=0 stm=0 core=0 HZ=100
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | stack=0xbe76e000-0xbe770000 stackSize=8MB
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | held mutexes= "abort lock"
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] kernel: (couldn't read /proc/self/task/426/stack)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] native: (backtrace::Unwind failed for thread 426: Thread doesn't exist)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.Zygote.nativeForkAndSpecialize(Native method)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.Zygote.forkAndSpecialize(Zygote.java:97)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.ZygoteConnection.runOnce(ZygoteConnection.java:230)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.ZygoteInit.runSelectLoop(ZygoteInit.java:855)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:777)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] Dumping all threads without appropriate locks held: thread list lock mutator lock
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] All threads:
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] DALVIK THREADS (1):
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] "main" prio=5 tid=1 Runnable
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | group="" sCount=0 dsCount=0 obj=0x7375c4d0 self=0xb4285400
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | sysTid=426 nice=0 cgrp=default sched=0/0 handle=0xb6f6a534
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | state=? schedstat=( 0 0 0 ) utm=0 stm=0 core=0 HZ=100
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | stack=0xbe76e000-0xbe770000 stackSize=8MB
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | held mutexes= "abort lock" "mutator lock"(shared held)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] kernel: (couldn't read /proc/self/task/426/stack)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] native: (backtrace::Unwind failed for thread 426: Thread doesn't exist)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.Zygote.nativeForkAndSpecialize(Native method)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.Zygote.forkAndSpecialize(Zygote.java:97)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.ZygoteConnection.runOnce(ZygoteConnection.java:230)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.ZygoteInit.runSelectLoop(ZygoteInit.java:855)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:777)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422]
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422]
06-05 19:24:01.756 12403 12403 F libc : Fatal signal 6 (SIGABRT), code -6 in tid 12403 (main)
06-05 19:24:01.757 384 384 W : debuggerd: handling request: pid=12403 uid=0 gid=0 tid=12403
06-05 19:24:01.830 12417 12417 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-05 19:24:01.831 12417 12417 F DEBUG : LineageOS Version: 'unknown'
06-05 19:24:01.831 12417 12417 F DEBUG : Build fingerprint: 'samsung/hltexx/hlte:5.0/LRX21V/N9005XXSGBRI2:user/release-keys'
06-05 19:24:01.831 12417 12417 F DEBUG : Revision: '0'
06-05 19:24:01.831 12417 12417 F DEBUG : ABI: 'arm'
06-05 19:24:01.831 12417 12417 F DEBUG : pid: 12403, tid: 12403, name: main >>> zygote <<<
06-05 19:24:01.831 12417 12417 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
06-05 19:24:01.843 12417 12417 F DEBUG : Abort message: 'art/runtime/jni_internal.cc:558] JNI FatalError called: frameworks/base/core/jni/com_android_internal_os_Zygote.cpp:485: Unable to restat file descriptor table.'
06-05 19:24:01.843 12417 12417 F DEBUG : r0 00000000 r1 00003073 r2 00000006 r3 00000008
06-05 19:24:01.843 12417 12417 F DEBUG : r4 b6f6a58c r5 00000006 r6 b6f6a534 r7 0000010c
06-05 19:24:01.843 12417 12417 F DEBUG : r8 bef68e90 r9 000001e5 sl 0000000a fp b4285400
06-05 19:24:01.843 12417 12417 F DEBUG : ip 00000003 sp bef68d50 lr b6041107 pc b6043970 cpsr 60070010
06-05 19:24:01.865 12417 12417 F DEBUG :
06-05 19:24:01.865 12417 12417 F DEBUG : backtrace:
06-05 19:24:01.865 12417 12417 F DEBUG : #00 pc 0004a970 /system/lib/libc.so (tgkill+12)
06-05 19:24:01.865 12417 12417 F DEBUG : #01 pc 00048103 /system/lib/libc.so (pthread_kill+34)
06-05 19:24:01.865 12417 12417 F DEBUG : #02 pc 0001d715 /system/lib/libc.so (raise+10)
06-05 19:24:01.865 12417 12417 F DEBUG : #03 pc 00019261 /system/lib/libc.so (__libc_android_abort+34)
06-05 19:24:01.865 12417 12417 F DEBUG : #04 pc 00017128 /system/lib/libc.so (abort+4)
06-05 19:24:01.865 12417 12417 F DEBUG : #05 pc 0031c2a1 /system/lib/libart.so (_ZN3art7Runtime5AbortEPKc+328)
06-05 19:24:01.865 12417 12417 F DEBUG : #06 pc 000b52eb /system/lib/libart.so (_ZN3art10LogMessageD2Ev+1134)
06-05 19:24:01.865 12417 12417 F DEBUG : #07 pc 0026386b /system/lib/libart.so (_ZN3art3JNI10FatalErrorEP7_JNIEnvPKc+94)
06-05 19:24:01.865 12417 12417 F DEBUG : #08 pc 000dabc7 /system/lib/libandroid_runtime.so
06-05 19:24:01.865 12417 12417 F DEBUG : #09 pc 000dad59 /system/lib/libandroid_runtime.so
06-05 19:24:01.865 12417 12417 F DEBUG : #10 pc 000da7ff /system/lib/libandroid_runtime.so
06-05 19:24:01.865 12417 12417 F DEBUG : #11 pc 00019be3 /system/bin/app_process32
06-05 19:24:01.866 12417 12417 F DEBUG : #12 pc 7344f579 /data/dalvik-cache/arm/system@[email protected] (offset 0x281b000)
06-05 19:24:02.039 12403 12403 W main : type=1701 audit(0.0:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=u:r:zygote:s0 reason="memory violation" sig=6
06-05 19:24:02.046 384 384 W : debuggerd: resuming target 12403
06-05 19:24:02.048 811 12430 W ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.sendBroadcast:877 com.android.server.am.AppErrors.crashApplicationInner:387 com.android.server.am.AppErrors.crashApplication:321 com.android.server.am.ActivityManagerService.handleApplicationCrashInner:13811 com.android.server.am.NativeCrashListener$NativeCrashReporter.run:86
06-05 19:24:02.050 811 857 I BootReceiver: Copying /data/tombstones/tombstone_07 to DropBox (SYSTEM_TOMBSTONE)
06-05 19:24:02.052 426 426 I Zygote : Process 12403 exited due to signal (6)

 

[zgfg]

If I use Magisk 6.1 in my rom every app in denylist crashes.
The rom is ViperOS, Android 7.1.1, latest security patch. The log is a follows:

Spoiler: Logcat here

06-05 19:24:01.656 811 1572 I ActivityManager: START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.ideomobile.maccabi/.ui.splash.SplashActivity} from uid 10156 on display 0
06-05 19:24:01.716 811 1839 I ActivityManager: Start proc 12403:com.ideomobile.maccabi/u0a123 for activity com.ideomobile.maccabi/.ui.splash.SplashActivity
06-05 19:24:01.723 427 688 D AudioFlinger: mixer(0xb5983480) throttle end: throttle time(20)
06-05 19:24:01.730 12403 12403 I Magisk : zygisk32: [com.ideomobile.maccabi] is on the denylist
06-05 19:24:01.731 12403 12403 E Zygote : Unsupported st_mode 4480
06-05 19:24:01.731 12403 12403 F art : art/runtime/jni_internal.cc:558] JNI FatalError called: frameworks/base/core/jni/com_android_internal_os_Zygote.cpp:485: Unable to restat file descriptor table.
06-05 19:24:01.755 12403 12403 F art : art/runtime/runtime.cc:422] Runtime aborting...
06-05 19:24:01.755 12403 12403 F art : art/runtime/runtime.cc:422] Aborting thread:
06-05 19:24:01.755 12403 12403 F art : art/runtime/runtime.cc:422] "main" prio=5 tid=1 Native
06-05 19:24:01.755 12403 12403 F art : art/runtime/runtime.cc:422] | group="" sCount=0 dsCount=0 obj=0x7375c4d0 self=0xb4285400
06-05 19:24:01.755 12403 12403 F art : art/runtime/runtime.cc:422] | sysTid=426 nice=0 cgrp=default sched=0/0 handle=0xb6f6a534
06-05 19:24:01.755 12403 12403 F art : art/runtime/runtime.cc:422] | state=? schedstat=( 0 0 0 ) utm=0 stm=0 core=0 HZ=100
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | stack=0xbe76e000-0xbe770000 stackSize=8MB
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | held mutexes= "abort lock"
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] kernel: (couldn't read /proc/self/task/426/stack)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] native: (backtrace::Unwind failed for thread 426: Thread doesn't exist)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.Zygote.nativeForkAndSpecialize(Native method)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.Zygote.forkAndSpecialize(Zygote.java:97)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.ZygoteConnection.runOnce(ZygoteConnection.java:230)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.ZygoteInit.runSelectLoop(ZygoteInit.java:855)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:777)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] Dumping all threads without appropriate locks held: thread list lock mutator lock
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] All threads:
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] DALVIK THREADS (1):
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] "main" prio=5 tid=1 Runnable
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | group="" sCount=0 dsCount=0 obj=0x7375c4d0 self=0xb4285400
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | sysTid=426 nice=0 cgrp=default sched=0/0 handle=0xb6f6a534
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | state=? schedstat=( 0 0 0 ) utm=0 stm=0 core=0 HZ=100
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | stack=0xbe76e000-0xbe770000 stackSize=8MB
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] | held mutexes= "abort lock" "mutator lock"(shared held)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] kernel: (couldn't read /proc/self/task/426/stack)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] native: (backtrace::Unwind failed for thread 426: Thread doesn't exist)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.Zygote.nativeForkAndSpecialize(Native method)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.Zygote.forkAndSpecialize(Zygote.java:97)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.ZygoteConnection.runOnce(ZygoteConnection.java:230)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.ZygoteInit.runSelectLoop(ZygoteInit.java:855)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422] at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:777)
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422]
06-05 19:24:01.756 12403 12403 F art : art/runtime/runtime.cc:422]
06-05 19:24:01.756 12403 12403 F libc : Fatal signal 6 (SIGABRT), code -6 in tid 12403 (main)
06-05 19:24:01.757 384 384 W : debuggerd: handling request: pid=12403 uid=0 gid=0 tid=12403
06-05 19:24:01.830 12417 12417 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-05 19:24:01.831 12417 12417 F DEBUG : LineageOS Version: 'unknown'
06-05 19:24:01.831 12417 12417 F DEBUG : Build fingerprint: 'samsung/hltexx/hlte:5.0/LRX21V/N9005XXSGBRI2:user/release-keys'
06-05 19:24:01.831 12417 12417 F DEBUG : Revision: '0'
06-05 19:24:01.831 12417 12417 F DEBUG : ABI: 'arm'
06-05 19:24:01.831 12417 12417 F DEBUG : pid: 12403, tid: 12403, name: main >>> zygote <<<
06-05 19:24:01.831 12417 12417 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
06-05 19:24:01.843 12417 12417 F DEBUG : Abort message: 'art/runtime/jni_internal.cc:558] JNI FatalError called: frameworks/base/core/jni/com_android_internal_os_Zygote.cpp:485: Unable to restat file descriptor table.'
06-05 19:24:01.843 12417 12417 F DEBUG : r0 00000000 r1 00003073 r2 00000006 r3 00000008
06-05 19:24:01.843 12417 12417 F DEBUG : r4 b6f6a58c r5 00000006 r6 b6f6a534 r7 0000010c
06-05 19:24:01.843 12417 12417 F DEBUG : r8 bef68e90 r9 000001e5 sl 0000000a fp b4285400
06-05 19:24:01.843 12417 12417 F DEBUG : ip 00000003 sp bef68d50 lr b6041107 pc b6043970 cpsr 60070010
06-05 19:24:01.865 12417 12417 F DEBUG :
06-05 19:24:01.865 12417 12417 F DEBUG : backtrace:
06-05 19:24:01.865 12417 12417 F DEBUG : #00 pc 0004a970 /system/lib/libc.so (tgkill+12)
06-05 19:24:01.865 12417 12417 F DEBUG : #01 pc 00048103 /system/lib/libc.so (pthread_kill+34)
06-05 19:24:01.865 12417 12417 F DEBUG : #02 pc 0001d715 /system/lib/libc.so (raise+10)
06-05 19:24:01.865 12417 12417 F DEBUG : #03 pc 00019261 /system/lib/libc.so (__libc_android_abort+34)
06-05 19:24:01.865 12417 12417 F DEBUG : #04 pc 00017128 /system/lib/libc.so (abort+4)
06-05 19:24:01.865 12417 12417 F DEBUG : #05 pc 0031c2a1 /system/lib/libart.so (_ZN3art7Runtime5AbortEPKc+328)
06-05 19:24:01.865 12417 12417 F DEBUG : #06 pc 000b52eb /system/lib/libart.so (_ZN3art10LogMessageD2Ev+1134)
06-05 19:24:01.865 12417 12417 F DEBUG : #07 pc 0026386b /system/lib/libart.so (_ZN3art3JNI10FatalErrorEP7_JNIEnvPKc+94)
06-05 19:24:01.865 12417 12417 F DEBUG : #08 pc 000dabc7 /system/lib/libandroid_runtime.so
06-05 19:24:01.865 12417 12417 F DEBUG : #09 pc 000dad59 /system/lib/libandroid_runtime.so
06-05 19:24:01.865 12417 12417 F DEBUG : #10 pc 000da7ff /system/lib/libandroid_runtime.so
06-05 19:24:01.865 12417 12417 F DEBUG : #11 pc 00019be3 /system/bin/app_process32
06-05 19:24:01.866 12417 12417 F DEBUG : #12 pc 7344f579 /data/dalvik-cache/arm/system@[email protected] (offset 0x281b000)
06-05 19:24:02.039 12403 12403 W main : type=1701 audit(0.0:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=u:r:zygote:s0 reason="memory violation" sig=6
06-05 19:24:02.046 384 384 W : debuggerd: resuming target 12403
06-05 19:24:02.048 811 12430 W ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.sendBroadcast:877 com.android.server.am.AppErrors.crashApplicationInner:387 com.android.server.am.AppErrors.crashApplication:321 com.android.server.am.ActivityManagerService.handleApplicationCrashInner:13811 com.android.server.am.NativeCrashListener$NativeCrashReporter.run:86
06-05 19:24:02.050 811 857 I BootReceiver: Copying /data/tombstones/tombstone_07 to DropBox (SYSTEM_TOMBSTONE)
06-05 19:24:02.052 426 426 I Zygote : Process 12403 exited due to signal (6)

Generally, in DenyList must be only apps you want to hide Magisk from them (banking apps and so)

And GMS (Google Play Services) - although, when using Zygisk and USNF, USNF will remove GMS from DenyList

If some banking apps still crash (or complain) although in DenyList, then they require additional treatment to hide Magisk, root, unlocked BL - USNF, Shamiko, maybe HMA, etc

Hence first, which apps do crash (and before that, remove 'normal' apps from DenyList if you have them, and reboot)

 

[pndwal]

The old module TEE Hide just throw an exception in getCertificateChain method, so apps can't know if bootloader is locked or not. I will try to update AttestationSpoofer to bypass (again) the locked bootloader. They are using another cert class, because it doesn't call this method like previous versions.

I just realised that the two 1.0 apps are actually different... I just downloaded AttestationSpoofer expecting it to be an update. Instead I now have both showing in LSPosed manager...

TEE Hide gives "Bootloader Locked" on my device as stated...

AttestationSpoofer gives:

Unknown error

Detailed messages:
java.lang.NullPointerException: Attempt to get length of null array

PW

 

[klodfor]

These posts are from 2020 magisk has evolved greatly since then.
Please layout your question for a modern audience. State your device, magisk version android version and issue clearly.
Thanks it'll be good to provide help to you.
Especially since the first post you quoted refers to a post that at that time hadn't been created

To tell long story short..
My device ZTE Blade A6 (A0620) Android 7.1.1 Mifavor 4.2
Many other ZTE device users stuck on old 16.7 Magisk. Newer ver. causes Bootloop or DFU.
Problem is Magisk incorrectly patch ramdisk of stock boot.img.. It is 100% not vendor side problem.
According to CHANGELOG after 16.7 Magisk was Hotfix v17.1 where topjohnwu wrote

There was some incompatibility issues when upgrading from v16.0 to v17.0. If you are caught in a bootloop, first use the uninstaller to completely remove Magisk, then flash v17.1, I'm extremely sorry for all stuck in bootloops.

Since then flashing/patching on stock boot.img magisk newer than 16.7 don't work.
Uninstalling previous 16.7.. Flasing on stock... Patching via last Magisk-v26.1.apk.. still the same problem(
There are a lot of other feedback besides me is the net.
Pleasefix bootloop/ DFU.
I attached all possible logs and kernels + working ones on v16.7 >> Before and after incorrect ramdisk patch.

 

[J.Michael]

To tell long story short..
My device ZTE Blade A6 (A0620) Android 7.1.1 Mifavor 4.2
Many other ZTE device users stuck on old 16.7 Magisk. Newer ver. causes Bootloop or DFU.
Problem is Magisk incorrectly patch ramdisk of stock boot.img.. It is 100% not vendor side problem.
According to CHANGELOG after 16.7 Magisk was Hotfix v17.1 where topjohnwu wrote

Since then flashing/patching on stock boot.img magisk newer than 16.7 don't work.
Uninstalling previous 16.7.. Flasing on stock... Patching via last Magisk-v26.1.apk.. still the same problem(
There are a lot of other feedback besides me is the net.
Pleasefix bootloop/ DFU.
I attached all possible logs and kernels + working ones on v16.7 >> Before and after incorrect ramdisk patch.

I don't think you are going to get anything fixed by posting details here. And I don't think you will get much sympathy on github with a problem that cropped up between Magisk 16.7 and 17.1.

What problem are you hoping to fix by updating your Magisk? (I.e., why not stick with the one that works?)

 

[DaOldMan]

Generally, in DenyList must be only apps you want to hide Magisk from them (banking apps and so)

And GMS (Google Play Services) - although, when using Zygisk and USNF, USNF will remove GMS from DenyList

If some banking apps still crash (or complain) although in DenyList, then they require additional treatment to hide Magisk, root, unlocked BL - USNF, Shamiko, maybe HMA, etc

Hence first, which apps do crash (and before that, remove 'normal' apps from DenyList if you have them, and reboot)

Tnx mate for the reply.
1. I have no modules installed.
2. I have put just one app in denylist to demonstrate. Any app (all of them) in denylist will crash, so I can't use denylist at all :-( .
3. Magisk 25.2 works just fine, I don't even need to hide apps to pass safetynet. No crashes at all for apps in denylist!
Any ideas what's wrong ?

 

[zgfg]

Tnx mate for the reply.
1. I have no modules installed.
2. I have put just one app in denylist to demonstrate. Any app (all of them) in denylist will crash, so I can't use denylist at all :-( .
3. Magisk 5.2 works just fine, I don't even need to hide apps to pass safetynet. No crashes at all for apps in denylist!
Any ideas what's wrong ?

No, I have no idea.(other than what I answered earlier).
And still no idea which app you tried in DenyList that it crashed

Btw, if you want to access developers (and give them the logs), you will need to submit an Issue to Magisk GitHub

 

[pndwal]

Tnx mate for the reply.
1. I have no modules installed.
2. I have put just one app in denylist to demonstrate. Any app (all of them) in denylist will crash, so I can't use denylist at all :-( .
3. Magisk 5.2 works just fine, I don't even need to hide apps to pass safetynet. No crashes at all for apps in denylist!
Any ideas what's wrong ?

I'm confused by you Magisk versions... Old 5.2 and 6.1 don't even have denylist!... Not available till 24.0+...

Have you tried up to date Magisk? PW

 

[DaOldMan]

I'm confused by you Magisk versions... Old 5.2 and 6.1 don't even have denylist!... Not available till 24.0+...

Have you tried up to date Magisk? PW

I ment 25.2, sorry mate you are correct.
The one that crashes any app is 26.1.
Cheers

 

[pndwal]

I ment 25.2, sorry mate you are correct.
The one that crashes any app is 26.1.
Cheers

Tried Canary?...

Strange issue (may be fixed already though)...

However denylist is not really for hiding, rather it's a development/testing tool...

Suggest using a proper hiding solution like Shamiko; uses denylist as hidelist for convenience (with DenyList actually disabled)... Much better hiding (akin to/improved on MagiskHide) and doesn't break Zygisk modules that inject into apps in deny/hidelist...

Personally I'd give Canary a shot first... You can't even make a GitHub issue without trying latest builds (nb. Canary release and Debug debug are synced builds)... PW

 

[pndwal]

To tell long story short..
My device ZTE Blade A6 (A0620) Android 7.1.1 Mifavor 4.2
Many other ZTE device users stuck on old 16.7 Magisk. Newer ver. causes Bootloop or DFU.
Problem is Magisk incorrectly patch ramdisk of stock boot.img.. It is 100% not vendor side problem.
According to CHANGELOG after 16.7 Magisk was Hotfix v17.1 where topjohnwu wrote

Since then flashing/patching on stock boot.img magisk newer than 16.7 don't work.
Uninstalling previous 16.7.. Flasing on stock... Patching via last Magisk-v26.1.apk.. still the same problem(
There are a lot of other feedback besides me is the net.
Pleasefix bootloop/ DFU.
I attached all possible logs and kernels + working ones on v16.7 >> Before and after incorrect ramdisk patch.

Seems DFU is Device Firmware Upgrade mode in IOS devices... Guess you mean fastboot or download mode?

Checked, and seems nothing's been reported in GitHub issues for your device... Very little for ZTE at all...

If you want to make an official issue, Devs will likely close it if it's related to an unofficial ROM or kernel, so you'd need to have tried latest Magisk builds (they won't bother testing with older builds/logs) w/ clean Magisk configuration on stock (recommend latest available) ROM (I think your Mifavor ROM is custom?).

If you haven't already, I suggest a simple test:
Uninstall any Magisk App/Manager, wipe everything in /data/adb using file explorer in TWRP (to remove possibly corrupted Magisk configuration), dirty flash your current ROM to restore any changed images incl. /boot partition (you can keep or restore TWRP as recovery) then download latest Canary Magisk, change file extension from .apk to .zip and flash this from TWRP, boot to system and check if Magisk App or Magisk stub app has been installed an either open it and follow prompts to complete installation and re-flash Magisk from booted system (now needed to set up selinux/module rules directory), or restore package extension from .zip to .apk, install App and follow prompts to complete installation...

if it doesn't work, flash stock ROM (Preferably back up data an clean install) and try again...

if still no dice, extract the stock boot.img (must be from current ROM), patch this in App and flash using PC/fastboot and complete steps above...

If nothing works, repeat using Debug Magisk (needed for proper verbose logs when making an issue) and take logs, then make an official GitHub issue taking care to follow the prescribed template or issue may be closed...

PW

 

[klodfor]

If nothing works, repeat using Debug Magisk

I've tried everything in your list (have full experience, I'm advanced user). Please check my attached dmesg in ZIP = ZTE_magisk_xda.zip carefully!
I've attached stock/working 16.7/last patched boot.img and logs, so you can disassemble them using osm0sis AIK for example to see what is wrong.
As I can understand starting from 17+ Magisk ramdisk patch is differ from 16.7 ver.
My firmware is stock. I've also patched stock untouched boot.img (from same stock official QFIL firmware ZTE for blade a6)
in latest canary build apk/ flashed zip using TWRP >> device run into ZTE Handset Diagnostic Interface (DFU) (COM11) and nothing else.
I've repeated everything using wanted Debug Magisk procedure in app-debug.apk and here you go again:

 

[pndwal]

I've tried everything in your list (have full experience, I'm advanced user). Please check my attached dmesg in ZIP = ZTE_magisk_xda.zip carefully!
I've attached stock/working 16.7/last patched boot.img and logs, so you can disassemble them using osm0sis AIK for example to see what is wrong.
As I can understand starting from 17+ Magisk ramdisk patch is differ from 16.7 ver.
My firmware is stock. I've also patched stock untouched boot.img (from same stock official QFIL firmware ZTE for blade a6)
in latest canary build apk/ flashed zip using TWRP >> device run into ZTE Handset Diagnostic Interface (DFU) (COM11) and nothing else.
I've repeated everything using wanted Debug Magisk procedure in app-debug.apk and here you go again:

Had a quick look, but I'm only an amateur sleuth... Seems to be many Selinux context issues...

Only changes that seem possible culprits are

v17.0/17.1​

• [Script] Enable KEEPVERITY when the device is using system_root_image

... Can I assume your device does not have a separate vbmeta partition and that you see and are checking the “Patch vbmeta in boot image” option?

Also

• [MagiskInit] Move all sepolicy patches pre-init to prevent Pixel 2 (XL) boot service breakdown

but it's beyond me to know if your selinux issues are related to this change...

If you have specific information, perhaps you could say how 'ramdisk patch is different' in 17.0+...

Generally users here can only offer tips and ensure your 'i's are dotted and 't's crossed, and seems you haven't been sloppy...

I really suspect selinux issues (regression due to Pixel 2 fix?) so I'd urge you simply to open a Magisk GitHub issue and submit your logs from debug build... Be sure to follow template and include "Magisk version code: 26102" in body of first post so bot doesn't close the issue immediately...

Experienced Devs will take a look for you (I'd list all affected ZTE devices you are aware of that are similarly affected too*) and you'll be doing others a service... PW

*Edit: Many appear to be listed here:

Guys, can you help me? Post #39854. Magisk 17+ not work on next device:
- ZTE Blade V9
- ZTE Blade V9 Vita
- ZTE Blade A7 Vita
- ZTE Blave V8
- ZTE Blade V8 Mini
- ZTE Blade V8c
- ZTE Blade A6
- ZTE Blade A6 (Claro)
- ZTE Blade A6 (Movistar)
- ZTE Blade A6 Lite
- ZTE Blade A0622 (voyage)
- ZTE Blade A6 MAX
- ZTE Blade A522
- ZTE Blade A520
- ZTE Smart Fresh 5

 

[DaOldMan]

No, I have no idea.(other than what I answered earlier).
And still no idea which app you tried in DenyList that it crashed

Btw, if you want to access developers (and give them the logs), you will need to submit an Issue to Magisk GitHub

As I said it doesn't matter which app I put in the denylist. If I try to put "google play services" it will crash over and over after boot (as it's invoked a lot). If I put in there some banking app, I can't run it anymore - it will allways crash. Any app in the list crashes every time you run it. The minute I remove it from denylist or stop enforcing the denylist, the apps run just fine again. I went back to Magisk 25.2 and the denylist works normaly again, nothing crashes anymore and I can pass safetynet.
Hope it's understood.

 

[zgfg]

... [prior to Magisk v26] magisk --path ... used to point to /dev/<something> but now, with Canary 26102 it points to /debug_ramdisk

... you see the path to /dev and .. [how] I can write to the subfolder

However, on Magisk 26102 it responds with a different path and ... the subfolder is read-only...

Another consequence of that change with magisk --path and $MAGISKTMP between Magisk v25 (or earlier) and Magisk v26

With Magisk v25, /system/bin (and /system/xbin - if the latter folder was available on the particular phone/ROM) were mounted by Magisk as read-write.
Eg, (and that was useful for modules) for the service.sh scripts

Now, with Magisk v26, if a service.sh script attempts to writes to /system/bin or /system/xbin, it will fail

That was useful when service.sh scripts from some modules wanted to link or mount certain changes to the given folders (eg, to install some executable applets), usually with ln -s ... or mount -o bind. ..(there is another way to do that but at an earlier stage of booting, from post-fs-data sh scripts, but that might be too early for some modules)

Indeed, you can test with the script attached below. Put it to /data/adb/service_d folder, make it executable by chmod 755 and reboot

On Magisk v26, the script will fail to write a temporary test file to /system/(x)bin. Script prints the log service.log (in the same folder) and by the end of the log file it will be printed:

+ touch /system/xbin/testFile_123456789
touch: /system/xbin/testFile_123456789: Read-only file system
+ ls -l /system/xbin/testFile_123456789
ls: /system/xbin/testFile_123456789: No such file or directory

To the contrary, on the same phone but with Magisk v25, the same script won't fail to write and it will log:

+ touch /system/xbin/testFile_123456789
+ ls -l /system/xbin/testFile_123456789
+ CheckForTestFile='-rw-rw-rw-    1 root     root             0 Jun  6 21:33 /system/xbin/testFile_123456789'

showing how the creation of temporary test file failed on Magisk v26 vs succeeded on Magisk v25, from the script:

TestFile="$SDir/testFile_123456789"
touch $TestFile
CheckForTestFile="$(ls -l $TestFile)"

Here, $SDir points to /system/xbin or /system/bin, as defined at the beginning of the script and logged at the beginning of the log file

 

[J.Michael]

Another consequence of that change with magisk --path and $MAGISKTMP between Magisk v25 (or earlier) and Magisk v26

With Magisk v25, /system/bin (and /system/xbin - if the latter folder was available on the particular phone/ROM) were mounted by Magisk as read-write.
Eg, (and that was useful for modules) for the service.sh scripts

Now, with Magisk v26, if a service.sh script attempts to writes to /system/bin or /system/xbin, it will fail

That was useful when service.sh scripts from some modules wanted to link or mount certain changes to the given folders (eg, to install some executable applets), usually with ln -s ... or mount -o bind. ..(there is another way to do that but at an earlier stage of booting, from post-fs-data sh scripts, but that might be too early for some modules)

Indeed, you can test with the script attached below. Put it to /data/adb/service_d folder, make it executable by chmod 755 and reboot

On Magisk v26, the script will fail to write a temporary test file to /system/(x)bin. Script prints the log service.log (in the same folder) and by the end of the log file it will be printed:

+ touch /system/xbin/testFile_123456789
touch: /system/xbin/testFile_123456789: Read-only file system
+ ls -l /system/xbin/testFile_123456789
ls: /system/xbin/testFile_123456789: No such file or directory

To the contrary, on the same phone but with Magisk v25, the same script won't fail to write and it will log:

+ touch /system/xbin/testFile_123456789
+ ls -l /system/xbin/testFile_123456789
+ CheckForTestFile='-rw-rw-rw-    1 root     root             0 Jun  6 21:33 /system/xbin/testFile_123456789'

showing how the creation of temporary test file failed on Magisk v26 vs succeeded on Magisk v25, from the script:

TestFile="$SDir/testFile_123456789"
touch $TestFile
CheckForTestFile="$(ls -l $TestFile)"

Here, $SDir points to /system/xbin or /system/bin, as defined at the beginning of the script and logged at the beginning of the log file

On your device, is /system mounted rw?

I would have thought that a proper Magisk module would never try to write to /system directly. I thought one of the points of Magisk was that all changes were "systemless", so a proper module should put whatever it wants in /system in the module sub-tree, to be mounted over /system by Magisk at run-time.

 

[ipdev]

Apparently, there was also a change in the $MAGISKTMP variable (available during the Installation of Magisk modules):
In Magisk v26 it points to magisk --path (the new path), in the older Magisk versions it pointed to the subfolder .magisk of the old magisk --path

Nevertheless, I made the modifications that both AML and JamesDSP modules can now work also on Magisk v26 (zip installations attached in the quoted post):
https://forum.xda-developers.com/t/jamesdsp-audio-manager-mmt-ex.3607970/post-88598223

Another consequence of that change with magisk --path and $MAGISKTMP between Magisk v25 (or earlier) and Magisk v26

With Magisk v25, /system/bin (and /system/xbin - if the latter folder was available on the particular phone/ROM) were mounted by Magisk as read-write.
Eg, (and that was useful for modules) for the service.sh scripts

Now, with Magisk v26, if a service.sh script attempts to writes to /system/bin or /system/xbin, it will fail

That was useful when service.sh scripts from some modules wanted to link or mount certain changes to the given folders (eg, to install some executable applets), usually with ln -s ... or mount -o bind. ..(there is another way to do that but at an earlier stage of booting, from post-fs-data sh scripts, but that might be too early for some modules)

Indeed, you can test with the script attached below. Put it to /data/adb/service_d folder, make it executable by chmod 755 and reboot

On Magisk v26, the script will fail to write a temporary test file to /system/(x)bin. Script prints the log service.log (in the same folder) and by the end of the log file it will be printed:

+ touch /system/xbin/testFile_123456789
touch: /system/xbin/testFile_123456789: Read-only file system
+ ls -l /system/xbin/testFile_123456789
ls: /system/xbin/testFile_123456789: No such file or directory

To the contrary, on the same phone but with Magisk v25, the same script won't fail to write and it will log:

+ touch /system/xbin/testFile_123456789
+ ls -l /system/xbin/testFile_123456789
+ CheckForTestFile='-rw-rw-rw-    1 root     root             0 Jun  6 21:33 /system/xbin/testFile_123456789'

showing how the creation of temporary test file failed on Magisk v26 vs succeeded on Magisk v25, from the script:

TestFile="$SDir/testFile_123456789"
touch $TestFile
CheckForTestFile="$(ls -l $TestFile)"

Here, $SDir points to /system/xbin or /system/bin, as defined at the beginning of the script and logged at the beginning of the log file

I have not read the instructions in awhile.

Magisk will mount a tmpfs directory to store some temporary data. For devices with the /sbin folder, it will be chosen as it will also act as an overlay to inject binaries into PATH. From Android 11 onwards, the /sbin folder might not exist, so Magisk will randomly create a folder under /dev and use it as the base folder.​

The preset Magisk varables aparently were changed before the new /debug_ramdisk/ temp directory was set.

# In order to get the current base folder Magisk is using,
# use the command `magisk --path`.
# Binaries like magisk, magiskinit, and all symlinks to
# applets are directly stored in this path. This means when
# this is /sbin, these binaries will be directly in PATH.
MAGISKTMP=$(magisk --path)

# Magisk internal stuffs
INTERNALDIR=$MAGISKTMP/.magisk

# /data/adb/modules will be bind mounted here.
# The original folder is not used due to nosuid mount flag.
$INTERNALDIR/modules

# The current Magisk installation config
$INTERNALDIR/config

# Partition mirrors
# Each directory in this path will be mounted with the
# partition of its directory name.
# e.g. system, system_ext, vendor, data ...
$INTERNALDIR/mirror

# Root directory patch files
# On system-as-root devices, / is not writable.
# All pre-init patched files are stored here and bind mounted.
$INTERNALDIR/rootdir

Magisk.io - [github] - Paths in “Magisk tmpfs directory” - Link

Not sure if it will help on your endeavor.

Cheers.

 

[bnsmb]

On your device, is /system mounted rw?

I would have thought that a proper Magisk module would never try to write to /system directly. I thought one of the points of Magisk was that all changes were "systemless", so a proper module should put whatever it wants in /system in the module sub-tree, to be mounted over /system by Magisk at run-time.

I also thought that /system is now always mounted ro ... but I just tested it on my ASUS Zenfone 8 with OmniROM 13 and Magisk v25.2 in the boot partition

ASUS_I006D:/sdcard/Download # magisk -V
25200
                                                                                               
ASUS_I006D:/sdcard/Download # touch /system/bin/testFile_123456789                                                                                                       
ASUS_I006D:/sdcard/Download # ls -l /system/bin/testFile_123456789                                                                           -rw-r--r-- 1 root root 0 2023-06-07 07:57 /system/bin/testFile_123456789
ASUS_I006D:/sdcard/Download #   

ASUS_I006D:/sdcard/Download # mount | grep "/system/bin " 
tmpfs on /system/bin type tmpfs (rw,seclabel,relatime,size=3700224k,nr_inodes=925056)
ASUS_I006D:/sdcard/Download #

But It's mounted to tmpfs so all changes to /system/bin will be lost after the next reboot


regards

Bernd