Hi,
I have this idea and I like to know your opinion:
- At time the MagiskHide is a good method for use some Apps (wallet?) when you run in Core mode. This is a great function and really works (I hope for a long time). However, when you aren't running in Core mode, for example when Xposed is enabled, if you run one of such Apps it detects the presence of the su/root. So my idea is adding to Magisk the option to "hibernate" the Apps inside the list of MagiskHide when is not running in Core mode. And when the Core mode is on, then automatically "re-enable" the App.
The objective is quite simple: Block the execution of any "sensible" Apps when the detection can be done.
What you think?
If MagiskHide doesn't work on your device unless you activate Core Only Mode there's something wrong. It might be that that's how your device works, or there might be something else...
MagiskHide works perfectly fine, when when not in Core Only Mode.
Xposed though, that's a whole different matter. There's currently no way to hide Xposed, so it is very likely that what happens when you enable Core Only Mode is that the Xposed module gets deactivated and whatever app was triggering no longer do so (since you've deactivated Xposed).
Didgeridoohan said:
If MagiskHide doesn't work on your device unless you activate Core Only Mode there's something wrong. It might be that that's how your device works, or there might be something else...
Xposed though, that's a whole different matter. There's currently no way to hide Xposed, so it is very likely that what happens when you enable Core Only Mode is that the Xposed module gets deactivated and whatever app was triggering no longer do so (since you've deactivated Xposed).
Click to expand...
Click to collapse
Hi @Didgeridoohan,
Thank you for your comment!
However, I feel you misunderstood my suggestion. Let me explain more:
In my phone (at time, with Stock ROM and a Custom kernel), I can run Magisk in both modes: CORE and FULL. Both work like a charm! However, the SafetyNET check only pass in CORE mode (with MagiskHide enabled), not in FULL mode. Obviously, this is because in the FULL mode I run Xposed and the MagiskHide doesn't work.
So, when I like to run some wallet or banking App, I need to boot in CORE mode. This is mandatory!
And when I don't like to use such Apps, then I can boot in FULL mode.
Where is the problem? When running in FULL mode all Apps that can detect su/root are "active". You can use some Xposed modules (like BootManager) for not launching them at boot. However, if the App isn't "hibernated" it can be executed at any moment. And when it's executed, at this moment it detects the root... and fails. Moreover, it not only fails, but it can send a message to the App's provider... and insert you in a blacklist. So a full blocking of the App when running in Magisk FULL mode is necessary.
My idea is a simple "auto-hibernating" of the Apps in the MagiskHide list when running in non CORE mode.
You understand now what, when and why?
manos78 said:
So, when I like to run some wallet or banking App, I need to boot in CORE mode. This is mandatory!
Click to expand...
Click to collapse
Well... Core mode isn't necessary. You should be able to simply deactivate the Xposed module.
But yeah, I get your idea. Can't say much about it though...
Didgeridoohan said:
Well... Core mode isn't necessary. You should be able to simply deactivate the Xposed module.
Click to expand...
Click to collapse
If you want to be completly sure that SafetyNET is OK, then you really need to boot in CORE mode.
So, my idea at time is:
- Include the function "reboot in Core mode" inside the Magisk Tool. The concept is simple: one flag (for example one file like /magisk/.boot_one_shot_in_core) that forces Magisk to boot in Core mode... but only one time (the file is automatically removed after the boot).
- Create a Magisk Module that "hides Apps in the MagiskHide list". This module is as well very simple: it replaces the apks of the Apps in the list by a dummy file. So, when Magisk boots in FULL (normal) mode then the module "hides" the Apps, and you can't use them. However, when Magisk boots in CORE mode, the module is overpassed and the Apps be there (not hidden).
So, the idea is quite simple: the regular boot is booting with Magisk enabled (FULL mode); and when you like to boot in CORE mode it's only one-time... so in the next reboot. And when reboot again you return to the FULL mode.
I found this is the best and simple solution to execute/hide sensible Apps that really need to have SafetyNET enabled.
What you think?
Hi,
Regarding this idea: Create a Magisk Module that "hides Apps in the MagiskHide list. Anyone interested on work on it?
The concept is quite simple: If the module is active, it hides (aka mount fake .apk) all Apps in the MagiskHide list (or in a internal list).
You like this idea?
Related
I have a Galaxy S4 on Optimised CM14.1. I used the magisk that came with the ROM. I got safetynet to pass once, and have never been able to get it again.
Any help is appreciated!
BeastMode6 said:
I have a Galaxy S4 on Optimised CM14.1. I used the magisk that came with the ROM. I got safetynet to pass once, and have never been able to get it again.
Any help is appreciated!
Click to expand...
Click to collapse
Check to see if selinux is set to "Permissive", safetynet will fail if it detects a kernel with selinux set to permissive. To check this in the terminal type "getenforce" if it says "permissive", you can type "su" to get a root shell then type "setenforce 1" to enable Enforcing. In adb you can type the same, however you need to type "adb shell" prior to accomplish the same. Once enabled safetynet should pass. To set the selinux back to permissive type "setenforce 0" in a root shell. good luck!
Sent from my SM-T813 using Tapatalk
It says it's enforcing already.
BeastMode6 said:
It says it's enforcing already.
Click to expand...
Click to collapse
OK, make sure you have magisk-hide enabled in the magisk manager settings. I think safetynet checks for root as well, so if your rooted with magisksu, then all you should need to do is enable magisk-hide. If you don't have the magisk manager you can download it from google play.
I have hide on, still fails. I've also restarted like 5 times to no effect.
Check if Hide is working on your device by adding a root checker app to the Hide list. If it can't detect root, at least we know the Hide works.
After that, check SafetyNet with an app like SafetyNet Playground or SafetyNet Helper. Do you pass basic integrity?
Lastly, please upload a Magisk log.
When I added root checker to magisk hide, it can still detect root. The root request message pop'ed up, and I hit grant. Safetynet playground fails on absolutely everything.
BeastMode6 said:
When I added root checker to magisk hide, it can still detect root. The root request message pop'ed up, and I hit grant. Safetynet playground fails on absolutely everything.
Click to expand...
Click to collapse
if all else fails you might try uninstalling and reinstalling magisk, it might get rid of any errant files that maybe lingering around. You never really know whats really lies under the hood with pre-packed ROMs.
brians018883 said:
if all else fails you might try uninstalling and reinstalling magisk, it might get rid of any errant files that maybe lingering around. You never really know whats really lies under the hood with pre-packed ROMs.
Click to expand...
Click to collapse
I've already tried that, didn't work.
BeastMode6 said:
I've already tried that, didn't work.
Click to expand...
Click to collapse
hmm ... you might try enabling core only mode, it could be conflicting magisk modules, if it that's culprit then you would need to then re-enable each module one by one until you trigger the error. It could be an init script and unrelated to magisk. My best advice is to do a backup, do a clean install of lineage os, then install magisk, and see if that works.
(Removed)
brians018883 said:
hmm ... you might try enabling core only mode, it could be conflicting magisk modules, if it that's culprit then you would need to then re-enable each module one by one until you trigger the error. It could be an init script and unrelated to magisk. My best advice is to do a backup, do a clean install of lineage os, then install magisk, and see if that works.
Click to expand...
Click to collapse
YAY core only mode seemed to have fixed it. It's passing now with core only mode and magisk hide.
I've made an interesting discovery. When I go to magisk hide and try to enable hide for the google play store, it now no longer passes safety net (cts mismatch) until I reboot.
BeastMode6 said:
YAY core only mode seemed to have fixed it. It's passing now with core only mode and magisk hide.
I've made an interesting discovery. When I go to magisk hide and try to enable hide for the google play store, it now no longer passes safety net (cts mismatch) until I reboot.
Click to expand...
Click to collapse
good, glad you made some progress!
Best not to hide google play store, magisk hide by default hides safety net, blocking the store may screw with google play services.
Oh since you are on a cm/lineage based rom and to save you some headaches, avoid turning on magisk's busybox implementation, since cm roms use toybox a more enhanced version of busybox it confuses the OS by overlaying the busybox binaries over toybox's binaries and magisk eventually loses root until you do reboot, not mention makes the system sluggish and almost unusable. I learned that the hard way.
Happy Tweaking!
Hi! Is there a way to enable/disable a Magisk Module with a script?
I'm using a Xiaomi Mi A1 and I would like to use Measure App. It works only the first time (or so) I disable/enable the module to change device fingerprint. Is it possible to run a script that disables and re-enables the module at boot? Thanks.
Disabling and then enabling a module takes a reboot between every action. It can't be done in one boot...
But, I suspect that this might not actually be the solution you're looking for. Provide more details, please. What module are you talking about? What functionality is it that you're after? What is it that doesn't work? Logs. Etc...
Didgeridoohan said:
Disabling and then enabling a module takes a reboot between every action. It can't be done in one boot...
But, I suspect that this might not actually be the solution you're looking for. Provide more details, please. What module are you talking about? What functionality is it that you're after? What is it that doesn't work? Logs. Etc...
Click to expand...
Click to collapse
Thanks for your quick reply.
I'm using a module that changes device fingerprint to Pixel2 to be able to use Measure app. Measure works properly only one or two times after enabling the module. Then it stops finding available surfaces until I disable, re-enable module and reboot. The same problem occurs if I use your MagiskHide Props Config (great work btw). After disabling-enabling-rebooting Measure works properly again. If I simply reboot without touching the module Measure app starts but it can't find any suitable surface.
Here's a logcat, hope it helps.
Do I understand you correctly? You're talking about disabling/enabling the module in the Magisk Manager, right? And disabling and then enabling right after, with no reboot in-between? If so, that makes no sense, because the only thing disabling the module does is to create a file in the module folder named "disable". On the next boot, Magisk will detect this file and won't load the module. Enabling the module simply deletes the file again, and on the next boot the module will load (since there's no "disable" file)..
I really do believe there's something else going on...
Didgeridoohan said:
Do I understand you correctly? You're talking about disabling/enabling the module in the Magisk Manager, right? And disabling and then enabling right after, with no reboot in-between? If so, that makes no sense, because the only thing disabling the module does is to create a file in the module folder named "disable". On the next boot, Magisk will detect this file and won't load the module. Enabling the module simply deletes the file again, and on the next boot the module will load (since there's no "disable" file)..
I really do believe there's something else going on...
Click to expand...
Click to collapse
I know it makes no sense but it works that way for me and for other people with the same phone/module. I was trying to find a way to automate this process at every boot so that at least the first time (after every boot) I'll use Measure it will work well. Otherwise log keep saying "Received image measurement before corresponding IMU measurement" then app crashes.
I'm 100% sure that it's got nothing to do with creating and deleting a file named "disable" in the module directory... There's something else going on, it's just that noone's figured out what.
Didgeridoohan said:
I'm 100% sure that it's got nothing to do with creating and deleting a file named "disable" in the module directory... There's something else going on, it's just that noone's figured out what.
Click to expand...
Click to collapse
I really don't know but I can reproduce this bug every time. How can I create and delete this file? Is there a path where I can put this file or magisk.img can be mounted? Sorry if it sounds ridiculous, I am not a developer...
If you really want to try you can just place a boot script in post-fs-data.d that creates and deletes the file in the module directory. Something like:
Code:
#!/system/bin/sh
touch <path_to_module>/disable
rm -f <path_to_module>/disable
The path to the module depends on what version of Magisk you're using (although there's backwards compatibility symlinks in place). In the current stable release the modules are in /sbin/.magisk/img, but the current code (in the Canary builds and in future releases) have moved this to /data/adb/modules.
Perfectly working, thanks. I used macrodroid to run the scripts you gave me after every boot.
Hey all, I use SELinuxModeChanger apk to set Permissive mode when my device (Xperia Z5Compact) starts.
I would like to use a Magisk module to do it instead. What is the best module (simple, light on resources) to do so?
I just need the device to start in Permissive mode and that's pretty much it.
I notice all the modules that do this were removed from Magisk repo.. why is that, stability issues?
Thanks.
Because it just takes a very simple boot script, something that a Magisk module is a bit of overkill for. To keep the Magisk repo somewhat uncluttered (it's still quite messy), the decision was made to remove all modules that were just too simple.
Why do you want to change to a Magisk module? It'll do the exact same thing as your app... If you really want to skip the app, just put the following inside a file (you can name it whatever, say "selinux", doesn't even need an extension), place it in /data/adb/service.d, give it execution permission and that's it:
Code:
#!/system/bin/sh
setenforce 0
That'll change to permissive at each boot. You could do the same with an app like Tasker, etc...
Very helpful if I need to do it manually, thank you very much!
I just found this module : https://forum.xda-developers.com/apps/magisk/selinux-mode-inverter-t3775271
which I think will do the trick nicely (I like to be able to enable or disable the feature easily from within Magisk).
Didgeridoohan said:
Because it just takes a very simple boot script, something that a Magisk module is a bit of overkill for. To keep the Magisk repo somewhat uncluttered (it's still quite messy), the decision was made to remove all modules that were just too simple.
Why do you want to change to a Magisk module? It'll do the exact same thing as your app... If you really want to skip the app, just put the following inside a file (you can name it whatever, say "selinux", doesn't even need an extension), place it in /data/adb/service.d, give it execution permission and that's it:
That'll change to permissive at each boot. You could do the same with an app like Tasker, etc...
Click to expand...
Click to collapse
Nice idea, I'm using it and loving it, thanks for the info.
Thanks for the ROM. Its very stable and smooth. But i faced with one issue after last update
Any gcam is crashing except for the stock(6.2) on Pixel Experience ROM (last update10.0)I tried different cases like clean cache, removed Google photo, install other gcam mods, change SElinux. Nothing helped me. Has anyone encountered anything like this? Any solution?
seems to have something to do with EdXposed
toggling EdXposed, Riru or Magisk Core only mode won't help
these are the logs, caught using a module provided by EdXposed's developer, the first set was caught with Edxposed modules on, the second was off
https://mega.nz/#!MZkUiYxS!GzNamoD5OSeib53mogealxJ6axtHZQ0vZ94q2V1kK-I
Are you just trying to fix brick, or do you want to know what's causing it? If you're sure it was turning on stamina, seems like you could go to /data/data/ in recovery, and delete any folders having to do with stamina/battery, (there's an app called 'com.sonymobile.superstamina), and that should reset prefs.
(btw - haven't had a chance to look at the logs yet....)
Hi all,
I am using Magisk 19.5 (Canary), with EdXposed.
Magisk Manager is hidden, Magisk Hide is set for the app, and SafetyPatch module is installed - SafetyNet passes.
But my banking app (PostFinance) is still detecting root (I also tried some Xposed modules to hide root, like RootCloak etc.. But no success).. I have no clue about how root is detected. Anyways, when I reboot in "Core Only Mode", the banking app starts properly.
Now my question is, if it would be possible to quickly reboot the device only once in Core Only Mode (shortcut, switch or so) to use the banking app and then reboot to recovery (normal) again? Or has anyone an idea on how to effectively hide root from this app?
Samsung Galaxy S10 5G Exynos, rooted stock ROM.
Thanks.
ChangeToTower said:
Hi all,
I am using Magisk 19.5 (Canary), with EdXposed.
Magisk Manager is hidden, Magisk Hide is set for the app, and SafetyPatch module is installed - SafetyNet passes.
But my banking app (PostFinance) is still detecting root (I also tried some Xposed modules to hide root, like RootCloak etc.. But no success).. I have no clue about how root is detected. Anyways, when I reboot in "Core Only Mode", the banking app starts properly.
Now my question is, if it would be possible to quickly reboot the device only once in Core Only Mode (shortcut, switch or so) to use the banking app and then reboot to recovery (normal) again? Or has anyone an idea on how to effectively hide root from this app?
Samsung Galaxy S10 5G Exynos, rooted stock ROM.
Thanks.
Click to expand...
Click to collapse
If it's working in core mode that means one of your modules is interfering with the banking app...
([emoji3590]09-09-18[emoji3590])
PoochyX said:
If it's working in core mode that means one of your modules is interfering with the banking app...
([emoji3590]09-09-18[emoji3590])
Click to expand...
Click to collapse
Thanks.. I uninstalled all modules, except Riru Core and EdXposed.. Still fails to open.. So.. The only option then would be a quick reboot to "Core Only Mode" solution I guess..
ChangeToTower said:
Thanks.. I uninstalled all modules, except Riru Core and EdXposed.. Still fails to open.. So.. The only option then would be a quick reboot to "Core Only Mode" solution I guess..
Click to expand...
Click to collapse
At least you got a solution... Maybe could be the riru core... Alot of banking apps dont work with xposed period
([emoji3590]09-09-18[emoji3590])
You could try to add your banking app to the EdXposed blacklist
HurricaneXDA said:
You could try to add your banking app to the EdXposed blacklist
Click to expand...
Click to collapse
It's already blacklisted there, but still not working..