Related
PetNoire's SafetyNet Spoofer
This module tries to pass SafetyNet on devices/roms that don't.
This started when i put LineageOS on my phone and couldn't play Pokemon GO anymore. much sadness was had.
i searched around for a fix and found universal-safetynet-fix. Awesome! it let me play pokemon again but it broke everything else root related while it was enabled.
So, i worked on updating it to be compatible with magisk 17. and i got it! (download at the bottom)
but, well.. there was a lot in that code that didn't need to be there anymore. (does anyone even use magisk 12?!)
and worse still, my phones stock image used a thumbprint, not a fingerprint. with it in usnf, it didnt even pass basic integrity!
so i got to work and PetNoire's SafetyNet Spoofer was born!
Disclaimer:
I am not responsible for bricked devices, dead SD cards,
thermonuclear war, or you getting fired because the alarm app failed.
I also do not support hacking/altering any other apps with your root powers.
i made this purely to legitimately play a game on a customized system.
Information
Features:
Resets system props to a factory state
spoofs the device fingerprint or thumbprint
has a friendly command tool to change finger/thumbprint settings
Use:
Flash it with TWRP or MM.
by default, it spoofs the same device that unsf did which is enough for most uses. Congrats, you're done!
you can also use the pnss command as root to change, reset, or disable the fingerprint spoofing.
run the 'pnss' command from terminal for usage information
example command:
Code:
su
pnss set thumb MyDeviceThumbprint/8.1/etc/etc
Requeriments
Magisk v17
Installation
Flash the .ZIP from TWRP or MM Module page
Reboot
Known issues
thumbprint mode is only passing BasicIntegrity, not CTS
Donations
If you feel I helped you, you can buy me a coffee here
Credits
@Deic - the original creator of universal-safetynet-fix here
@PetNoire - porting it to magisk 17, breaking it further, and adding thumbprint support
Download
Please DO NOT share the module itself or the download link, share the thread only.
vv
@PetNoire May I ask a favour (as I've done to other users that hav updated @Deic's module to the current template in the past)? If you're going to re-release the module with the current template, at least please fix it so that it no longer replaces Magisk's internal Busybox with it's own. Really bad practice and we never did get @Deic to fix that before he disappeared...
If you need a specific module Busybox, place it in the module folder instead and call the commands from there, or make sure that the users know that they have to install @osm0sis Busybox, or if you're really in a pinch just use the internal Magisk Busybox then, but at least don't replace it with one that have the possibility to mess up Magisk's internal functions.
Also, it would be a good idea if you gave @Deic a bit more credit than you're doing right now (a tiny, tiny link at the top of your post just isn't enough), no matter that he's MIA. All you've really done is to transfer his module to the current template and added a check for the current Magisk version and it's paths. I'd suggest you make that more apparent so you don't risk being accused of passing someone else's work off as your own.
Didgeridoohan said:
@PetNoire May I ask a favour (as I've done to other users that hav updated @Deic's module to the current template in the past)? If you're going to re-release the module with the current template, at least please fix it so that it no longer replaces Magisk's internal Busybox with it's own. Really bad practice and we never did get @Deic to fix that before he disappeared...
If you need a specific module Busybox, place it in the module folder instead and call the commands from there, or make sure that the users know that they have to install @osm0sis Busybox, or if you're really in a pinch just use the internal Magisk Busybox then, but at least don't replace it with one that have the possibility to mess up Magisk's internal functions.
Also, it would be a good idea if you gave @Deic a bit more credit than you're doing right now (a tiny, tiny link at the top of your post just isn't enough), no matter that he's MIA. All you've really done is to transfer his module to the current template and added a check for the current Magisk version and it's paths. I'd suggest you make that more apparent so you don't risk being accused of passing someone else's work off as your own.
Click to expand...
Click to collapse
Thanks for the tip on busybox. I thought it was pretty weird that it replaced it like that for 2 commands but was more concerned about getting it to work at all. I'll look into fixing that soon.
update: i think i almost have it working on magisk's busybox but still working out some bugs.
And I'll edit it to give him some more credit right away.
PetNoire said:
Thanks for the tip on busybox. I thought it was pretty weird that it replaced it like that for 2 commands but was more concerned about getting it to work at all. I'll look into fixing that soon.
Click to expand...
Click to collapse
That would be great.
I thought I'd give some insight into what the module actually does, for those that are wondering, since it might get lost in translation between the different updates to the module by others than @Deic.
The USNF module is made up of two parts. For one, it changes the device fingerprint to a certified one to pass the ctsProfile check (the in-built one is a Xiaomi print, but IIRC you can also use the device stock fingerprint if it's already certified). This is also something that can be done with a Magisk boot script (post-fs-data.d or service.d) and the resetprop tool:
Code:
resetprop ro.build.fingerprint <certified fingerprint value>
There are also Magisk modules available that do the same thing (apart from USNF).
Device Spoofing Tool by @Dreamer(3MF) is one (although it also changes a whole lot of other props to simulate a OnePlus 2).
And there's also my MagiskHide Props Config that changes the build fingerprint to one of your choice.
Or, if you don't care about the systemlessness, you can directly edit your build.prop file and change the current ro.build.fingerprint to a certified one.
So, for the device fingerprint and passing the ctsProfile there are a few options.
The second part of USNF is the custom MagiskHide (as described in the OP). The thing here though, is that for the majority of devices it is not necessary anymore, since (as it also says in the OP) @topjohnwu have fixed most of those issues. From what it seems, from user reports in different threads, this is only necessary on some MIUI releases (Xiaomi devices). The module actually started out as a "Xiaomi SafetyNet fix" (check the module id), but the build fingerprint part turned out to be useful for other devices, so @Deic changed the name to "Universal". All other devices should be good with only changing the device fingerprint.
So far, it doesn't seem like the custom MagiskHide from the module is interfering in any way with the real thing. But, considering that it hasn't been updated in over a year, who knows.
Class dismissed.
Is there any reason to keep the code for old magisk? Does anyone still use 12-14?
Seems to have helped on my S8 with KingROM
My Magisk updated to 17.1 and then GooglePay started getting upset that I had rooted, mucked around with various things including the 'MagiskHide Props Config' module which my S8 never seems happy with (random reboots when installed) but this seems to do the trick.
I installed via Magisk Manager but it seemed to kill the Magisk install when I rebooted, reinstalled Magisk and now all seems ok so a big thumbs up from me
I wonder how the magiskhide part (at least the "add", etc. scripts) can work, because you use the old outdated "/magisk"-folder, that is no longer supported since 16.3 (or so).
Oberth said:
My Magisk updated to 17.1 and then GooglePay started getting upset that I had rooted, mucked around with various things including the 'MagiskHide Props Config' module which my S8 never seems happy with (random reboots when installed) but this seems to do the trick.
I installed via Magisk Manager but it seemed to kill the Magisk install when I rebooted, reinstalled Magisk and now all seems ok so a big thumbs up from me
Click to expand...
Click to collapse
For some reason it doesn't always work the first time. Usually just rebooting fixes it.
jenslody said:
I wonder how the magiskhide part (at least the "add", etc. scripts) can work, because you use the old outdated "/magisk"-folder, that is no longer supported since 16.3 (or so).
Click to expand...
Click to collapse
I thought I changed it all. You sure there isnt some kind of version check? I'll look at it later
Again first goal was to get it working. Next goal is to make it awesome
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
winzzzzz said:
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
Click to expand...
Click to collapse
In-Case Of Facing A Bootloop/Bootscreen Issue Due To Flashing A Module, Download CoreOnlyMode4Magisk From This Thread https://forum.xda-developers.com/apps/magisk/module-core-mode-bootloop-solver-modules-t3817366 Then Flash It Thru TWRP Recovery.
winzzzzz said:
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
Click to expand...
Click to collapse
Does it boot after disabling the module?
From twrp>advanced>terminal:
HTML:
Mount -o loop /data/adb/magisk.img /mnt
Touch /mnt/universal-safetynet-fix/disable
The reboot
so.. i kind of deleted the whole magiskhide clone from the module and just left the prop configs and its totally passing safetynet now. so i guess the normal magiskhide is enough and is just missing some prop resets.
@PetNoire I still failed to pass safetynet, When I flashed the module, my magisk was erased, but then I just saw from this thread that a reboot is needed. After reboot my magisk came back, but It' says "Requires Additional Setup" I ignore it and then checked if safetynet will pass, It failed.
I'm using stock CM FLARE S4 ROM android 5.1.
Sorry for my English.
Thankyou for the reviving this module. :good:
Godbless you.
PetNoire said:
so.. i kind of deleted the whole magiskhide clone from the module and just left the prop configs and its totally passing safetynet now. so i guess the normal magiskhide is enough and is just missing some prop resets.
Click to expand...
Click to collapse
That was kind of the point of my longish text above... All you need to pass on a device that doesn't fully pass SafetyNet (ctsProfile fails while basicIntegrity passes), is usually just to change ro.build.fingerprint to a certified fingerprint (and there are several ways to go about that, but the Magisk way always involves the resetprop tool somehow). Custom ROMs, developer versions of OEM firmwares (Oneplus 6 beta, for example), and otherwise uncertified devices can usually pass SafetyNet like this.
Didgeridoohan said:
That was kind of the point of my longish text above... All you need to pass on a device that doesn't fully pass SafetyNet (ctsProfile fails while basicIntegrity passes), is usually just to change ro.build.fingerprint to a certified fingerprint (and there are several ways to go about that, but the Magisk way always involves the resetprop tool somehow). Custom ROMs, developer versions of OEM firmwares (Oneplus 6 beta, for example), and otherwise uncertified devices can usually pass SafetyNet like this.
Click to expand...
Click to collapse
This was just the first one that gave me any success so I initially assumed it was because of the hiding. I wasn't even able to pass basic integrity without this one and most others didn't help either. I tries yours at one point with no success. Do you change all the "dangerous props" that this one does?
PetNoire said:
This was just the first one that gave me any success so I initially assumed it was because of the hiding. I wasn't even able to pass basic integrity without this one and most others didn't help either
Click to expand...
Click to collapse
Basic integrity passing has nothing to do with the device fingerprint or other props. With Magisk, that usually means that MagiskHide isn't working (for whatever reason, most of the times it just needs a restart) or you have something installed that MagiskHide can't hide (like Xposed, remnants of other kinds of root, etc).
Edit: Scroll down a little here for a table of examples of what will cause a true or false cts profile or basic integrity response.
https://developer.android.com/training/safetynet/attestation#compat-check-response
iamcurseal said:
@PetNoire I still failed to pass safetynet, When I flashed the module, my magisk was erased, but then I just saw from this thread that a reboot is needed. After reboot my magisk came back, but It' says "Requires Additional Setup" I ignore it and then checked if safetynet will pass, It failed.
I'm using stock CM FLARE S4 ROM android 5.1.
Sorry for my English.
Thankyou for the reviving this module. :good:
Godbless you.
Click to expand...
Click to collapse
I don't know what Tue additional setup does, but I always do it and its been working. Also your device may have thumbprint props instead of fingerprint.
Run this in a terminal and let me know what you get
Code:
getprop | grep print
PetNoire said:
I tries yours at one point with no success. Do you change all the "dangerous props" that this one does?
Click to expand...
Click to collapse
My module changes all the common fingerprint props, but as far as I know, it's only ro.build.fingerprint that is important for the ctsProfile check.
Didgeridoohan said:
Basic integrity passing has nothing to do with the device fingerprint or other props. With Magisk, that usually means that MagiskHide isn't working (for whatever reason, most of the times it just needs a restart) or you have something installed that MagiskHide can't hide (like Xposed, remnants of other kinds of root, etc).
Edit: Scroll down a little here for a table of examples of what will cause a true or false cts profile or basic integrity response.
https://developer.android.com/training/safetynet/attestation#compat-check-response
Click to expand...
Click to collapse
I wiped all partitions, installed lineage 15, installed magisk and enabled hide and it wouldn't pass basic at any point. Even still its never passed it without this module. It didn't even pass it on the clean install, before magisk
I'm new to Magisk, and one thing I'm confused about is the role of the various systemless modules.
1. Essentially, is there anything that I *can't* do normally with Magisk (that I would be able to do if it were rooted any other way) that I *have to* have a module for?
For example, when you have modules to have systemless hosts or systemless Busybox - does that mean that when you use Magisk, you *can't* install or work with these things without those modules, or does it mean that you still could do it normally, but the modules just give you an option to do it without actually modifying anything?
2. If the answer is that I can still do everything normally, but the modules just give me the *option* to do it without actually modifying /system, then why does it matter?
For example, I've never minded having an adblock application actually modify the hosts file when I've rooted in the past before Magisk, so what advantage is there to redirecting them to a fake hosts file? If anything, I would think it increases the chance that something will go wrong or that there will be an incompatibility somewhere along the way.
Everything that Magisk does systemlessly can be done in the old and normal way of modifying system files.
The main advantage for me to use Magisk modules is that all the modifications are still there after a system update (since they'll be in the Magisk image which is kept in /data/adb). I won't have to redo them like I used to before Magisk...
For those that care about updating their device through an OTA, systemless modifications will also make sure that will still work, sort of. You'll still have to keep a stock recovery and restore your stock boot image before updating, but with newer devices that's getting a lot easier. More details here: https://topjohnwu.github.io/Magisk/tutorials.html#ota-installation
Didgeridoohan said:
Everything that Magisk does systemlessly can be done in the old and normal way of modifying system files.
The main advantage for me to use Magisk modules is that all the modifications are still there after a system update (since they'll be in the Magisk image which is kept in /data/adb). I won't have to redo them like I used to before Magisk...
For those that care about updating their device through an OTA, systemless modifications will also make sure that will still work, sort of. You'll still have to keep a stock recovery and restore your stock boot image before updating, but with newer devices that's getting a lot easier. More details here: https://topjohnwu.github.io/Magisk/tutorials.html#ota-installation
Click to expand...
Click to collapse
Gotcha! It's not obvious for people new to Magisk whether using a systemless root forces you to do everything in a systemless manner afterwards or not, so I really appreciate your clarifying this.
Haphim said:
Gotcha! It's not obvious for people new to Magisk whether using a systemless root forces you to do everything in a systemless manner afterwards or not, so I really appreciate your clarifying this.
Click to expand...
Click to collapse
No worries. Just want to point out that systemless root isn't Magisk specific. SuperSU and phh's superuser are two examples of root solutions that were systemless long before MagiskSU was a thing...
Hello. I have unlocked bootloader with TWRP installed with default Stock Kernel. Also I have Magisk 20.4 with Edxposed installed and I can't pass the Safety Net. Until before 2-3 months the problem was due to Edxposed. If I deactivate the Riru core from Magisk then I passed the Safety Net. Now something very strange happens and the Edxposed is not only the Suspicious. If I disable it then again I Failed the Safety Net. I tried in safe mode in which disables Magisk, Edxposed and all extra apps (it leaves only the Play Store and some default apps like Duo if I remember well) etc ... and I can't pass the Safety Net again. I tried to Reflash the rom via TWRP so that to have the default boot.img and default boot recovery but again can't pass the Safety Net. How can detect what is which makes the Safety Net to be failed ?
Note 1 : I know that if I make format so that to erase not only the system partition but and data with internal partition and flash the rom from beginning then I would pass the Safety Net as new user but all this process is NOT solution because I should install all the apps with settings and transfer all personal data from the beginning.
Also the sense is to understand for which reason something happens and NOT to make format to resolve all the problems because you will never become better and the unique solution would be the format which is some process, time consuming.
Note 2: The Valid Pass in Safety Net is NOT always from Magisk but from some other third party software like Root Checker which can do the same job. The reason is that the most usual to check Safety Net is from Magisk which make someone to make Magisk to Pass Safety Net but ONLY VISUAL. What I mean ? If you install the HiddenCore Module from Edxposed then the Magisk show that you Pass the Safety Net while any other similar software like Root Checker shows as result failed and if you go to search Netflix or Revolut in Google Play which is some quick way to check if you really pass or fail the Safety Net then you can't find them as result due to failing in Safety Net.
Johnn78 said:
Note 1: I know that if I make format so that to erase not only the system partition but and data with internal partition and flash the rom from beginning then I would pass the Safety Net as new user but all this process is NOT solution because I should install all the apps with settings and transfer all personal data from the beginning.
Click to expand...
Click to collapse
I don't have the solution for your issue specifically, but I have a tip for you in case you would need to reinstall the whole system in the end: you can use titanium backup, or oendbackup (this one you find at f-droid), or another root backup solution (either free, or paid like swift backup) to save your apps + data, so you can recover it later without having to go through the whole annoying process of doing/installing/configuring everything again. Making it a lot easier.
abacate123 said:
I don't have the solution for your issue specifically, but I have a tip for you in case you would need to reinstall the whole system in the end: you can use titanium backup, or oendbackup (this one you find at f-droid), or another root backup solution (either free, or paid like swift backup) to save your apps + data, so you can recover it later without having to go through the whole annoying process of doing/installing/configuring everything again. Making it a lot easier.
Click to expand...
Click to collapse
If I have the app which makes the perfect restore then I wouldn't have problem to make format so that to make restoring later. In past I had tried the twrp which has option for backup but the restore in system and data partition is not good. I couldn't restore the apps such it was when I had made the backup. C an the titanium or oandbackup restore the apps such it was when Imake the backup ?
If you boot into Android Safe Mode, Magisk and modules are still active (unless you use the current Canary, 20411+, in which case Magisk will disable all modules). It's just the Manager and other apps that are disabled.
First thing you should check is if MagiskHide is even enabled, and if it is you should toggle it off and on again.
Second thing is to see if it works. Add a root app or an app like Rootbeer to the Hide list and see if it detects root.
And more: https://www.didgeridoohan.com/magisk/MagiskHide#hn_SafetyNet
Didgeridoohan said:
If you boot into Android Safe Mode, Magisk and modules are still active (unless you use the current Canary, 20411+, in which case Magisk will disable all modules). It's just the Manager and other apps that are disabled.
First thing you should check is if MagiskHide is even enabled, and if it is you should toggle it off and on again.
Second thing is to see if it works. Add a root app or an app like Rootbeer to the Hide list and see if it detects root.
And more: https://www.didgeridoohan.com/magisk/MagiskHide#hn_SafetyNet
Click to expand...
Click to collapse
I don't know if finally happens something with hide of Magisk. I had until now the Root Checker to check about rooting and SafetyNet. If I run Root Checker then it tells me that I am rooted (and failed SafetyNet) and if I hide It then it refers that I am unrooted such the first image shows. But question is, is that correct or happens such with Magisk that may refers that you pass the Safety Net while is reality is NOT truth ? I say this, because I run the Root beer which you told me but if I hide it or not then in both situations, it refers that I am rooted (image 2 & 3). The hide isn't seem to not doing anything because If I don't hide Root beer then such you can see I have 6 "X" while if I hide it then I have only one in "Root Management Apps". Whats means this result ? I tried to turn off and on again from the settings of Magisk the hide but not any result.
That likely means that MagiskHide is working but that you haven't repackaged the Magisk Manager with a random package name. There's an option for that in the Manager settings.
That also means that the SafetyNet failure is because of your setup. Something is triggering it and you're going to have to figure out what. Use the information in the link I posted earlier to help you on your way.
Didgeridoohan said:
That likely means that MagiskHide is working but that you haven't repackaged the Magisk Manager with a random package name. There's an option for that in the Manager settings.
That also means that the SafetyNet failure is because of your setup. Something is triggering it and you're going to have to figure out what. Use the information in the link I posted earlier to help you on your way.
Click to expand...
Click to collapse
Now I saw this setting in settings about repacking with random name. Is this new setting in Magisk ? Because I don't remember to have seen it again in previous Magisk versions. If I go to repackage it, it has as default name "Manager". Should I leave this name or to change this to someother random name ?
Johnn78 said:
Now I saw this setting in settings about repacking with random name. Is this new setting in Magisk ? Because I don't remember to have seen it again in previous Magisk versions. If I go to repackage it, it has as default name "Manager". Should I leave this name or to change this to someother random name ?
Click to expand...
Click to collapse
It's not a new feature... I had to go back and check, but John showcased the first version of hiding the Manager in August 2017 and it was then included in the release of Magisk v14.0 in September 2017. The hiding mechanism has improved a lot since then, but the concept has been around for a while.
Some root detection methods actually do look for "Manager" in the app label (stupid way of detecting root, but hey), so renaming it to something else could be a good idea. It won't hurt, that's for sure.
Didgeridoohan said:
It's not a new feature... I had to go back and check, but John showcased the first version of hiding the Manager in August 2017 and it was then included in the release of Magisk v14.0 in September 2017. The hiding mechanism has improved a lot since then, but the concept has been around for a while.
Some root detection methods actually do look for "Manager" in the app label (stupid way of detecting root, but hey), so renaming it to something else could be a good idea. It won't hurt, that's for sure.
Click to expand...
Click to collapse
I repacked it with different name and the rootbeer appears as result not rooted but the safety net remained sa failed. After I unistalled completly the EdXposed with its modules, LuckyPatcher & Magisk. Also I run and the Magisk Unistaller via twrp and the Edxposed unistaller (this failed because it couldn't detect the edxposed as install due to unistallation of edxposed before) and safety Net remained as Failed. I tried and in safe Mode but the problem persists. Overmore I restore the original boot.img so that to unistall the twrp and go back to original recovery but the Failing in safety Net remains either I go from normal boot either from safe mode. The only which I haven't tried is to lock again the bootloader but I don't believe that this is the problem because in past I always have it unlocked and had passed the Safety Net. I have read that the snet is the process of play store service which decides if mobile will pass the safetynet or not. Can't we unistall this service ?
& something else if you know it, the result of safety Net is "decided" only one time in every boot ? Because If it is some process which make the safety net to be failed and I kill the process then will I get immediate the pass in safety Net or I should restart the mobile as result the process will come again because it will be located in boot list ?
SafetyNet doesn't check for the Manager. That was just for you to fully hide Magisk from other detection methods.
If you uninstall Magisk you can't pass SafetyNet with an unlocked bootloader (unless you are using a custom kernel that masks the bootloader state). MagiskHide helps hiding the unlocked bootloader, so uninstalling it will trigger SN.
If you want to figure things out you have to leave Magisk installed with MagiskHide active (or lock the bootloader, but that's likely not advisable since it can brick your device unless you first restore it to completely stock).
Edit: you can of course go without Google services, but if you are using the stock OEM ROM this could prove troublesome and not worth the effort. If you do, you can of course not use any apps or services that depend on SafetyNet. What is your reason for wanting to pass SafetyNet anyway? Do you actually need it?
Didgeridoohan said:
SafetyNet doesn't check for the Manager. That was just for you to fully hide Magisk from other detection methods.
If you uninstall Magisk you can't pass SafetyNet with an unlocked bootloader (unless you are using a custom kernel that masks the bootloader state). MagiskHide helps hiding the unlocked bootloader, so uninstalling it will trigger SN.
If you want to figure things out you have to leave Magisk installed with MagiskHide active (or lock the bootloader, but that's likely not advisable since it can brick your device unless you first restore it to completely stock).
Edit: you can of course go without Google services, but if you are using the stock OEM ROM this could prove troublesome and not worth the effort. If you do, you can of course not use any apps or services that depend on SafetyNet. What is your reason for wanting to pass SafetyNet anyway? Do you actually need it?
Click to expand...
Click to collapse
Now with default boot, I will go to install Magisk so that via hiding to hide the the unlcking of bootloader. Do you consider some Magisk version as best ? Stable or canary or something else ?
Lately I want to istall the Revolut & the Google Play store can't find it as result. After from many days I couldn't find etflix. Later I learnt that was due to failing in safety net. I found them as apk & installed them successfully but can't get updates from play store for these two apps because mark my device as failed in safety Net. Also if I go to update the os via fota (and with stock boot img) I got error & I suppose that is due to safety Net. In past I could update os only if I have boot stock img & passing the safety Net.
@Didgeridoohan hello bro. I resolved the problem. I cleared the data and cache of Google Play Store, Google Play Services and Google Framework Services and after from restarting I passed the Safety Net with Edxposed installed and activated. Thanks for your help !
Several banking and security apps discover system modifications that Magisk injects through the init.rc file. These modifications can be successfully hidden with MomoHider (https://github.com/canyie/Riru-MomoHider), however, that module requires the Riru framework, which is incompatible with the upcoming Zygisk version of Magisk (e.g. Canary 23015). Therefore, I made a module that exclusively runs the init.rc hiding code from MomoHider without requiring Riru. See the attached file.
Just flash the module through the Magisk app. There are no configuration options. If the module is active, the init.rc hiding code is run.
I use the module to hide my custom Android ROM and Magisk from a recent app developed by the Danish Agency for Digitisation.
mrspeccy said:
Several banking and security apps discover system modifications that Magisk injects through the init.rc file. These modifications can be successfully hidden with MomoHider (https://github.com/canyie/Riru-MomoHider), however, that module requires the Riru framework, which is incompatible with the upcoming Zygisk version of Magisk (e.g. Canary 23015). Therefore, I made a module that exclusively runs the init.rc hiding code from MomoHider without requiring Riru. See the attached file.
Just flash the module through the Magisk app. There are no configuration options. If the module is active, the init.rc hiding code is run.
I use the module to hide my custom Android ROM and Magisk from a recent app developed by the Danish Agency for Digitisation.
Click to expand...
Click to collapse
Thanks a lot. I have been searching for a while since I moved to use Zygisk and finally found this post.
However, do you know if there is any reliable detector about init.rc hiding? I've been using MagiskDetector. While it correctly showed that init.rc was not modified after installing your module, after a day or two it would suddenly report modified init.rc. I've read posts saying MagiskDetector is not accurate as it sometimes reports this even if magisk is not installed. I just want to make sure init.rc has been correctly hidden. Thanks.
You're welcome. My module just runs the same code as riru-momohider for hiding init.rc modficiations. The sudden detection you mention may be a false positive of MagiskDetector. Since I installed the module (under Magisk Zygisk) the security app that checks for init.rc modifications never reported "root found" again. I do not know of any other detectors for init.rc modifications.
mrspeccy said:
You're welcome. My module just runs the same code as riru-momohider for hiding init.rc modficiations. The sudden detection you mention may be a false positive of MagiskDetector. Since I installed the module (under Magisk Zygisk) the security app that checks for init.rc modifications never reported "root found" again. I do not know of any other detectors for init.rc modifications.
Click to expand...
Click to collapse
I see. Thanks for your reply.
Hi, I begin to think it is not a false positive from MagiskDetector when it shows init.rc is modified by Magisk. Because the work profile in my phone has very strong root detection logic, and I just now it detected root and wiped out my work profile automatically
While other bank apps, root checkers, and even Momo could not detect at that moment, MagiskDetector did report init.rc modified.
I saved the logs from MagiskDetector when 1) it did not report init.rc modified and 2) it reported init.rc modified and compared the details. What I found is that there is a line in the log from 2) which is not there in 1) :
svc name init.svc.mdnsd
Any idea what this service is and is it supposed to be hidden by InitRcHider?
mrspeccy said:
....The sudden detection you mention may be a false positive of MagiskDetector.......I do not know of any other detectors for init.rc modifications.
Click to expand...
Click to collapse
dohanin said:
....I begin to think it is not a false positive from MagiskDetector when it shows init.rc is modified by Magisk....What I found is that there is a line in the log from 2) which is not there in 1): svc name init.svc.mdnsd...
Click to expand...
Click to collapse
i installed the module. it didn't work on reboot. i mean, MagiskDetector app reported 'modified'. i then cleared cache and data for MagiskDetector and ran the app; it asked me to 'reboot and try', which i did. now, it says 'not modified'. thanks!
mrspeccy said:
Several banking and security apps discover system modifications that Magisk injects through the init.rc file. These modifications can be successfully hidden with MomoHider (https://github.com/canyie/Riru-MomoHider), however, that module requires the Riru framework, which is incompatible with the upcoming Zygisk version of Magisk (e.g. Canary 23015). Therefore, I made a module that exclusively runs the init.rc hiding code from MomoHider without requiring Riru. See the attached file.
Just flash the module through the Magisk app. There are no configuration options. If the module is active, the init.rc hiding code is run.
I use the module to hide my custom Android ROM and Magisk from a recent app developed by the Danish Agency for Digitisation.
Click to expand...
Click to collapse
It works, thanks.
yes, clearing data and cache of MagiskDetector sometimes work, but sometimes I had to re-install initrchider module in Magisk as well.
still puzzled on why after it worked, after a day or two, MagiskDetector would suddenly report Init.rc modified, without me changing anything or even reboot
dohanin said:
yes, clearing data and cache of MagiskDetector sometimes work, but sometimes I had to re-install initrchider module in Magisk as well.
still puzzled on why after it worked, after a day or two, MagiskDetector would suddenly report Init.rc modified, without me changing anything or even reboot
Click to expand...
Click to collapse
Apparently does this without magisk even installed which is why canyie commented that test in MagiskDetector is broken... When asked by @osm0sis if will be fixed vvb2060 said MD is deprecated / he she is working on Momo now... PW
mrspeccy said:
Several banking and security apps discover system modifications that Magisk injects through the init.rc file. These modifications can be successfully hidden with MomoHider (https://github.com/canyie/Riru-MomoHider), however, that module requires the Riru framework, which is incompatible with the upcoming Zygisk version of Magisk (e.g. Canary 23015). Therefore, I made a module that exclusively runs the init.rc hiding code from MomoHider without requiring Riru. See the attached file.
Just flash the module through the Magisk app. There are no configuration options. If the module is active, the init.rc hiding code is run.
I use the module to hide my custom Android ROM and Magisk from a recent app developed by the Danish Agency for Digitisation.
Click to expand...
Click to collapse
On Android 11+, there maybe also init.svc_debug_pid.******
need resetprop --delete init.svc_debug_pid.$1
Work this Samsung Android 8.0, 9.0 Pie ?
This module does not work on Samsung Galaxy S7 edge Custom Pie 9.0 Rom, module active and magisk detector app and momo app shows nothing hidden
Zygisk - Shamiko lastest version now includes hiding init
huskydg said:
Zygisk - Shamiko lastest version now includes hiding init
Click to expand...
Click to collapse
Magisk Detector Test still show "init.rc has been modified by Magisk". Any configue.
z1022 said:
Magisk Detector Test still show "init.rc has been modified by Magisk". Any configue.
Click to expand...
Click to collapse
Detect modified init.rc is not always correct, so i think nearly there are no app detect it
Magisk detector shows once hidden init.rc and over time shows modified. The most reliable application detecting system modifications is MOMO 4.0.1 APP, it always shows if init.rc is modified, and if not it does not.
Spartacus500 said:
Magisk detector shows once hidden init.rc and over time shows modified. The most reliable application detecting system modifications is MOMO 4.0.1 APP, it always shows if init.rc is modified, and if not it does not.
Click to expand...
Click to collapse
I use MOMO 4.0.1 APP, it shows init.rc is modified. How can I fix it ? If I have already used Shamiko and InitRChider.
z1022 said:
I use MOMO 4.0.1 APP, it shows init.rc is modified. How can I fix it ? If I have already used Shamiko and InitRChider.
Click to expand...
Click to collapse
What phone model do you have ? I have Samsung Galaxy S7 edge 9.0 Pie and on Shamiko module it doesn't hide init.rc.
Just ignore because detect init.rc not always correct. I don't use initrc hider but momo don't detect it
mrspeccy said:
Several banking and security apps discover system modifications that Magisk injects through the init.rc file. These modifications can be successfully hidden with MomoHider (https://github.com/canyie/Riru-MomoHider), however, that module requires the Riru framework, which is incompatible with the upcoming Zygisk version of Magisk (e.g. Canary 23015). Therefore, I made a module that exclusively runs the init.rc hiding code from MomoHider without requiring Riru. See the attached file.
Just flash the module through the Magisk app. There are no configuration options. If the module is active, the init.rc hiding code is run.
I use the module to hide my custom Android ROM and Magisk from a recent app developed by the Danish Agency for Digitisation.
Click to expand...
Click to collapse
Hi @mrspeccy,
is your module source somewhere public? The Module is not working on my Device (AL10 Oreo 8.0.0) so I would like to look into it. Also it seems to be a good starting point for another Module Project. Injecting custom *.rc and fstab files without editing the ramdisk image.
Cheers
NewBit
Been out of the rooting scene since the Droid RAZR HD, had a chance on my Pixel 1 but passed it up. Now im getting back into it and theirs a LOT of changes and some things dont have full guides or are missing pieces. Steps so far: Unlock Bootloader -> Patch image with Magisk -> Flash patched image to gain root -> Enabled Zygote to setup bypassing safety net check/basic integreity/CTS profile match ( is it worth it if i only use one app affected by it?). Currently looking at Magisk modules and wondering if i also want LSposed or EDsposed which requires RIRU, correct? If i have Zygisk enabled this makes RIRU incompatible, correct? So no Xposed/EDsposed/LSposed modules unless i use Magisk 25.1 Delta version, (Comes with Zygote bootloop protecion) that re-enables magisk hide and can make RIRU work again? Still hazy on the a/b slots with no official TWRP to use and how to flash ROMS and update them without breaking things, Google really messed things up with project treble, geez. Also, anything else i want to take care of at the moment? Thanks.
C00ljoe said:
Been out of the rooting scene since the Droid RAZR HD, had a chance on my Pixel 1 but passed it up. Now im getting back into it and theirs a LOT of changes and some things dont have full guides or are missing pieces. Steps so far: Unlock Bootloader -> Patch image with Magisk -> Flash patched image to gain root -> Enabled Zygote to setup bypassing safety net check/basic integreity/CTS profile match ( is it worth it if i only use one app affected by it?). Currently looking at Magisk modules and wondering if i also want LSposed or EDsposed which requires RIRU, correct? If i have Zygisk enabled this makes RIRU incompatible, correct? So no Xposed/EDsposed/LSposed modules unless i use Magisk 25.1 Delta version, (Comes with Zygote bootloop protecion) that re-enables magisk hide and can make RIRU work again? Still hazy on the a/b slots with no official TWRP to use and how to flash ROMS and update them without breaking things, Google really messed things up with project treble, geez. Also, anything else i want to take care of at the moment? Thanks.
Click to expand...
Click to collapse
this does work
https://forum.xda-developers.com/t/...ootloader-update-root-pass-safetynet.4356221/
unlock the spoiler at the bottom to pass safetynet.
download the two modules from the github.
place them on the phone.
in magisk enable zygisk and deny list
load the modules inside magisk 25.1
i did them one at a time rebooting after each.
go back into magisk enable enforcing deny list.
top right show system apps
check mark any banking/gpay
check mark google store and play services.
reboot. it should pass safetynet and be certified. i have only tested this with google pixel experience rom.
to load a custom rom. you fastboot -w (from factory rom) then fastboot boot twrp.img. go to advanced and adb sideload. then adb sideload the custom rom you want. ignore errors that print in twrp and reboot. all of the aosp roms have their own custom recovery that they load. so you can use their recovery to adb sideload magisk.apk or rename it to zip and flash it.
note all screen locks/pin locks/swipe locks/finger print locks/face locks must be disabled before starting this process. twrp can't remove them. due to decryption not fully functional yet in twrp
Okay thanks. What about RIRU and Xposed/Edsposed/LSposed modules or have you not messed with them? After i flash LineageOS, will I loose root or retain it? Will flashing a new ROM with mess anything up besides the lock screen issue you mentioned? By " loading the modules in magisk 25.1" do you mean the safety net fix and cts profile spoof modules? What are you most used or most recommended apps that require root. Thanks
LSPosed has both zygisk and Riru variants. Not sure on compatibility with the XPosed modules though.