Database Develop

[CLOSED] [OUTDATED] Magisk and MagiskHide installation and troubleshooting

This thread/guide is now closed and will no longer be updated. It is only kept for posterity.
The new guide is stickied at the top of the Magisk forum, right here.

This thread/guide is now closed and will no longer be updated. It is only kept for posterity.
The new guide is stickied at the top of the Magisk forum, right here.
Installing Magisk and Modules
Installation
Where to start
It’s always a good idea to read through, at least, the release thread for information about what Magisk is and how to install it. Other useful information can be found in the Magisk All-In-One Wiki and the support thread.
Known issues
There may be issues with certain devices, ROMs and/or apps and Magisk. Check the release thread for information about currently known issues. While you're there, make sure to also take a look at the FAQ. When a new release is imminent, there will also be useful information in the beta thread.
Things to keep on your device
There are a couple of things that are good to keep on your device, making it easier to recover from any problems that might arise.
Magisk zip (release thread).
Magisk Manager apk (release thread) or GitHub.
Uninstall zip (release thread).
Mount Magisk zip (Collection of Magisk Modules v2 thread).
A copy of a clean boot image for your ROM (can be flashed in TWRP in case of problems).
Module zips.
Installation
Installing Magisk is straightforward. Follow the installation instructions in the release thread. After that you can install Magisk Modules through the Manager or via custom recovery (e.g. TWRP).
Moving from another systemless root solution to MagiskSU
If you wan't to install Magisk but already have a systemless root solution installed (SuperSU, phh's superuser) you'll have to first remove that.
With SuperSU, most of the times you can simply use the full unroot option in the SuperSU app and let it restore your stock boot image, alternatively use the full unroot option and then flash the stock boot image in recovery before installing Magisk.
Otherwise, and this applies to any other root solution as well, you an use @osm0sis unSU script (in recovery) and then flash the stock boot image before installing Magisk.
If you're ROM is prerooted it's quite likely that you can still use the boot image from the ROM zip. Many ROMs simply flash a root zip at the end of the ROM installation. If this doesn't work you'll have to check with your ROM developer on how to find an unpatched boot image that work with your ROM. Also see "Boot image patched by other programs" below.
Updating
If there's an update to Magisk, you'll get a notification from the Magisk Manager (if you haven't turned it off, that is). You can update through the Manager or download the Magisk zip from the release thread and flash in recovery. Make sure to read the release notes and the changelog, both can be found in the release thread. Any modules you have installed may have to be updated to conform with possible changes to Magisk.
If you're having problems updating to a newer version. Flash the uninstaller in recovery, restore your stock boot image and start over.
Note that with an update to Magisk, the Uninstall zip may also have been updated. Always keep the latest version on your device.
Boot image patched by other programs
If the installation (or uninstallation) through recovery fails with a message about the boot image being patched by other programs you need to follow the instructions given with the message. You most likely have some other systemless root solution (SuperSU, phh's superuser) or there's something else that have added it's patches to the boot image that will interfere with Magisk and cause the installation/uninstallation to fail. If you're already rooted (not MagiskSU), first unroot ( @osm0sis unSU script is good for this).
You'll have to restore a stock boot image without any other patches before installing/uninstalling Magisk. If you're using TWRP you can simply flash the boot.img file pretty much the same way you would with a zip.
The boot image can usually be found in your device's factory image/firmware file. If you're using a custom ROM it's found in the ROM zip.
If your ROM comes pre-rooted this can be tricky, depending on how the ROM roots your device. Usually the ROM just flashes root at the end of the ROM flash and you can simply open up the zip, unroot and flash the clean boot image from the ROM zip. If the ROM comes pre-patched from the start, ask for advice in your ROM thread or you could try a custom kernel that modifies the ramdisk.
Of course, you can also use a ROM that does not come pre-rooted (the preferred way).
After installation or update
After the first installation or an update, it may be necessary to perform a reboot or two for Magisk and/or any modules you have installed to start functioning properly.
Issues
Long boot time
If your device get stuck on the splash screen for a minute or so, it might mean that the magisk daemon have crashed or that there is some SELinux issue. If it is the case that the magisk daemon crashed, the Magisk debug logging during boot will never finish, even after the device has booted. This will eventually cause the debug log to eat up all your storage space! Take a look in /data and see if the file magisk_debug.log is very large and growing. Save the log and report the issue. Try rebooting to see if this fixes things, otherwise you'll probably need to uninstall Magisk and wait for a fix. Also see "Nothing works!" below.
Bootloop
If you end up in a bootloop when installing Magisk, run the uninstaller script in recovery, flash a clean boot image (the uninstaller restores a copy of the untouched boot image, so this step is “just in case”) and start over. If the uninstaller fails, just flash your unmodified copy of the boot image and you should be good to go. There’ll probably be some leftover files and folders from Magisk laying around in /cache and /data, but these can be removed manually.
First make sure your system can boot up without Magisk.
Boot to recovery and install Magisk. Boot up your system without installing any modules. Also see "Module causing issues" below.
If your system bootloops again and you're using a custom kernel, try starting over without installing that kernel. If there's still a bootloop your system might just not be compatible. One possibility is to try finding another custom kernel that is compatible. Also see "Nothing works!" below.
Magisk Manager crashes
If you're having issues with the Magisk Manager force closing/crashing after an update, clear data for the Manager or uninstall it and install again.
The Manager crashing might also be caused by using a theme engine to theme the Manager (Substratum, etc). Disable it and reapply after an update.
If it still crashes, try reverting to an earlier version of the Manager (they're all on GitHub). But before you do, capture a logcat from the crash and post it in the support thread (with a detailed description of the problem).
There are no modules
If the list of modules under "Downloads" is empty, clear the repo cache (in settings) and/or reload the modules list (pull down).
Can't install modules
If there's an error installing a module, there's a couple of things to try.
If the error occurs when installing a module through the Downloads section of the Magisk Manager, then something is wrong. Capture a logcat and post in the support thread (with a detailed description of the problem).
If the error just states something along the lines "error when installing", try flashing the zip through recovery instead. It might also be that you're trying to flash a v4 template module on a Magisk version lower than v13.1. If you feel you need to stick with an outdated version of Magisk, check with the module developer if there is a v3 template module available.
If the error states that it's not a Magisk zip, or invalid zip in TWRP, something's gone wrong while packing the zip. Open up the zip and you'll probably see a folder (probably named something like <nameofmodule>-master). Take all the contents of that folder and repack it to the root of the zip and try flashing it again.
Module causing issues (Magisk functionality, bootloop, loss of root, etc)
If you have a working Magisk installation, but a module causes Magisk, the Magisk Manager or your device to not function properly (bootloop, loss of root, etc), here's a tip:
Boot to recovery and flash the Mount Magisk zip (see “Things to keep on your device” above). This mounts the Magisk image to /magisk and it can now be accessed as any other directory. You now have a couple of options to remove the module:
Simply delete the modules folder under /magisk and reboot.
Navigate to the modules directory under /magisk and rename the "module.prop" file to "remove".
In terminal you can type (without quotation marks) "touch /magisk/<module folder>/remove" (or “/magisk/<module folder>/disable”, depending on your preference).
If you create the "remove" or "disable" files, Magisk will take care of removing or disabling the module on the next reboot.
You can also keep a copy of the corresponding disable or remove files on your device and copy them to the module folder as needed.
If you get an error in recovery when flashing Mount Magisk it might mean your Magisk image has become corrupted. Check the recovery log for details. Easiest way to fix this is to run the uninstaller and start from the beginning. It might also be possible to use fsck in terminal in recovery or through ADB. Google it (and check the recovery log for details).
Since Magisk v12.0 and Magisk Manager 4.3.0 you can also use the "Magisk Core Only Mode" in Manager settings. This disables all modules and only keeps the core functions of Magisk active (MagiskSU, MagiskHide, systemless hosts and, for Magisk v12.0, Busybox).
Installing/disabling/uninstalling modules through the Manager or recovery
If you’re experiencing problems with installing, disabling or uninstalling a module through the Manager, simply try it through recovery instead. For disabling or uninstalling a module through recovery, see the described method above under “Module causing issues”.
Apps are force closing
If a bunch of apps suddenly start force closing after installing Magisk, your ROM might have issues with WebView. More precisely with the signatures for Chrome and Google WebView. You can take a logcat when one of the apps crash and see if there's anything about WebView in there. The reason is that MagiskHide sets ro.build.type to "user" and this enables the signature check. Ask your ROM developer to fix the signature error... Meanwhile, you can fix it temporarily by disabling MagiskHide.
It's also possible that removing and reinstalling Chrome stable, Chrome Beta or Google WebView (or simply installing one of them if it's not already) will fix the issue.
Magisk isn't working
If you can boot up, but Magisk isn't working as expected (not detecting the Magisk installation, loss of root, etc), there's a few things you can try.
First, reboot. Sometimes this helps Magisk mount everything as it should.
Second, try removing any installed modules to see if it's a faulty module causing issues. If that seems to fix it, install the modules one at a time to find which one causes issues.
If nothing else works, try starting fresh with a new installation. Also see “Asking for help” and “Nothing works!” below.
Root issues
<insert app name here> can’t detect root
Since Magisk v11 and the included MagiskSU, some apps have started having troubles detecting root. Usually this means the app in question is looking for root in a specific location and needs to be updated to work with MagiskSU.
You can try symlinking the su binary to the location where the troublesome app is looking for it. Here’s an example on how to do this in terminal (If you don’t know about symlinking, Google it.):
Code:
ln -s /sbin/su /system/xbin/su
@laggardkernel have made a Magisk module that does this completely systemlessly. Which, of course, is preferable as we're using a systemless mask... :good: You'll find it here. Please note that doing this might have the effect of MagiskHide not being able to hide root.
Tasker and MagiskSU
Any version before Tasker v5.0 will have issues detecting MagiskSU. If you by any chance feel that you cannot update to v5+, you can use this Magisk module to enable Tasker root support. Reportedly, Secure Settings will also function with MagiskSU thanks to this module.
Another way is to use “Run Shell” in Tasker and use shell commands to do what you want, prefaced by “/sbin/su -c”. Example (copy a new host file to Magisk):
Code:
/sbin/su -c cp /sdcard/hosts /magisk/.core/hosts
If the command doesn’t work, try putting quotation marks around the command, like so:
Code:
/sbin/su -c "cp /sdcard/hosts /magisk/.core/hosts”
Randomly losing root
Some devices seem to have issues with memory management where the Magisk Manager will not be kept in memory and as a result root management is lost. This can sometimes be fixed by clearing the Manager from memory (swipe it away from recent apps list) and opening it again. Make sure the Manager is removed from any battery optimisation.
Magisk but no MagiskSU
There have been a few reports of devices/ROMs where Magisk gets installed properly, but MagiskSU fails to install. This might have to do with your device/ROM not letting Magisk symlink the required binaries and files to /sbin. See the release thread for known issues. If you know of a solution that's not listed, here or in the release thread, please let me know and I'll add it.
Other things to try
Starting fresh
If you've been trying a lot of things and can't get Magisk to work properly it can be a good idea to start fresh. Start by uninstalling Magisk, flashing a clean boot image and installing Magisk again. If that doesn't work you could try wiping your device and starting out completely clean.
Older versions of Magisk
It is possible that an older version of Magisk and MagiskHide may work if the latest does not. This is a last resort and should be considered unsupported. If the latest version of Magisk doesn’t work, but an earlier version does, please help fixing the issue by reporting it with all the necessary details (see “Asking for help” and “Nothing works!” below)
Installation files back to Magisk v12 can be found in the release thread.
Please note that there’s no guarantee that an older version of Magisk will work with the current Magisk Manager. Compatible apk's can be found inside the Magisk zip.
Asking for help
If you can't fix the problem yourself, start by looking in the support thread where you might find that someone else have had this problem as well. Search for your device and/or problem. If you can't find anything (it's a big thread), provide as much information as possible (in the support thread). For example:
Detailed description of the issue and what you've tried so far.
Details about your device and ROM, custom kernel, mods, etc.
Current and previous root solution (and what you've done to remove it, if applicable)
Logs! And when providing logs, do NOT paste them into your post. Attach as a file or use a service like Pastebin.
Recovery log from installation (in TWRP, go to Advanced - Copy log).
Magisk log (from the Manager or in /cache through recovery if you don't have root access)
Logcat. Get it via ADB or an app.
If you have boot issues (stuck or long boot time), take a look in /data for a file called magisk_debug.log (access through recovery if necessary). If it's not there, try capturing a logcat through ADB during boot (see above).
Nothing works!
If nothing works and you just can't get Magisk to install/function properly on your device, check the troubleshooting section in the release thread for instructions on how to help topjohnwu fix any compatibility issues with your device. The best thing you can do if Magisk isn't compatible with your device is to open an issue on GitHub and upload logs (recovery log, Magisk log, logcat, whatever is applicable) and a copy of your boot image. No boot image, no fix.
If you're using an older release of Magisk, take a look at the Old and outdated tips and tricks for "Installing Magisk and Modules". There might be something in there that applies to you.
Beta releases
It's also possible that whatever problem you're facing has been fixed in code, but not yet released. For this you have two options. The official beta and the unofficial beta snapshot.
The official beta is for @topjohnwu to test the release before it goes out to the masses. Read the OP carefully and follow any directions given. When reporting things about the beta, provide the necessary details and logs for whatever issue you're facing. Please don't spam the thread with "useless" posts...
If you're feeling brave you can try the unofficial beta snapshot. It's built directly from source and can sometimes be unusable. Keep an eye on the thread for current issues.

Changelog
Installing Magisk and Modules - Changelog
2017-07-21
Tasker v5.0 is released. Update "Tasker and MagiskSU" to reflect this.
2017-07-19
Added some links to the Manager apk downloads on GitHub.
Updated and moved "Magisk Manager crashes".
Updated "Module causing issues".
Updated "Nothing works!".
2017-07-17
Slight update to "Boot image patched by other programs".
2017-07-14
Added a new section, "Moving from another systemless root solution to MagiskSU".
Added a new section, "Can't install modules".
Added a new section, "Apps are force closing".
2017-07-13
Added a note about using themes with the Manager under "Magisk Manager is crashing".
2017-07-12
Updated "Boot image patched by other programs".
Added a section about "Long boot time".
Added a section about "Magisk Manager crashes".
2017-07-11
Updated for Magisk v13.1
2017-06-19
Updated info about beta releases.
2017-06-18
Moved "Outdated tips and tricks" to it's own post.
2017-05-25
Some clarifications for SuperSU pre-patched boot image.
2017-05-08
Added "Magisk but no MagiskSU"
Added a link to the solution for no MagiskSU on Sony devices by @[email protected].
2017-05-06
Added some clarifying headings.
Added an index in the OP.
2017-05-01
Slight clarification under "Asking for help".
2017-04-19
Added "Starting fresh".
2017-04-14
Added a link to a Magisk module for Tasker compatibility with MagiskSU.
2017-04-09
Updated "Losing root".
2017-04-04
Added "There are no modules".
2017-03-31
Updated for Magisk v12.
Moved old and outdated tips and tricks to the bottom.
2017-03-28
Minor clarification on Module issues.
Updated link to new Modules Collection thread.
2017-03-21
Added information about updating.
Slight restructuring.
2017-03-20
Updated for Magisk v11.6
2017-03-14
Added a link to the Beta snapshot thread.
2017-03-05
Added more ways to make Tasker recognise root with MagiskSU.
2017-03-02
Changelog started.
Refinements.
2017-02-23 - 2017-03-02
Various additions.
Refinements.
2017-02-23
Initial post.

This thread/guide is now closed and will no longer be updated. It is only kept for posterity.
The new guide is stickied at the top of the Magisk forum, right here.
Hiding root and passing Safety Net
MagiskHide works, IF your system is set up correctly and is compatible.
Basics
Requirements:
A Linux kernel version of at least 3.8 or a kernel that has the necessary features (mount namespace) backported.
MagiskHide hides:
Magisk and some modules (it depends on what the module does)
MagiskSU
Unlocked bootloader
Permissive SELinux
Things that may trigger SafetyNet and apps looking for root. Can't be hidden by MagiskHide
Magisk Manager - Some apps look specifically for the Magisk Manager and there is currently no simple way of fixing this. See "Detecting Magisk Manager or apps requiring root" below.
Other known root apps - Same as above.
Remnants of previous root method, including any root management apps (a good way to remove most remnants of root is osm0sis' unSU script).
Xposed (deactivate or uninstall). It doesn't matter if it's systemless, Magisk can't hide it.
USB/ADB Debugging (disable under Developer options). This isn't necessary on all devices/ROMs.
Make sure that your device conforms to the above requirements before continuing.
Known issues
There may be devices that have issues with MagiskHide. Check the release thread for information about currently known issues. While you're there, make sure to also take a look at the FAQ. When a new release is imminent, there will also be useful information in the beta thread.
Passing SafetyNet
If everything works out, SafetyNet should pass with no further input from the user. Nothing needs to be added to the Hide list. You'll see in the Magisk Manager if it works by checking the SafetyNet status. If SafetyNet doesn't pass after enabling Hide, try rebooting (also see “Hide isn’t working” and the sections about SafetyNet below).
Hiding root from apps
If you have other apps that you need to hide root from, open MagiskHide and select the app in question. Just remember there are apps out there with their own ways of detecting root that may circumvent MagiskHide (also see “More things to try” below).
MagiskHide isn't working
If you can’t get MagiskHide to work, either for SafetyNet or any other app detecting root, there are a few things you can try:
First make sure Hide is actually working by using a root checker. Start by making sure the root checker can detect that your device is rooted. After that, add the root checker to the Hide list and see if it no longer can detect root. If that is the case, MagiskHide is working on your device.
Check the logs
Take a look in the Magisk log. In there you should see something like this (just an example, YMMV):
Code:
--------- beginning of main
I( [I]<numbers>: <numbers>[/I]) Magisk v13.3(1330) daemon started
I( [I] <numbers>: <numbers>[/I]) ** post-fs mode running
--------- beginning of system
I( [I]<numbers>: <numbers>[/I]) ** post-fs-data mode running
I( [I]<numbers>: <numbers>[/I]) * Mounting /data/magisk.img
I( [I]<numbers>: <numbers>[/I]) * Running post-fs-data.d scripts
[I]<Here you'll see scripts that are installed to /magisk/.core/post-fs-data.d running>[/I]
I( [I]<numbers>: <numbers>[/I]) post-fs-data.d: exec ************
I( [I]<numbers>: <numbers>[/I]) * Loading modules
[I]<Your installed modules will be loaded here.>[/I]
I( [I]<numbers>: <numbers>[/I]) ***********: loading [system.prop]
I( [I]<numbers>: <numbers>[/I]) ***********: constructing magic mount structure
I( [I]<numbers>: <numbers>[/I]) * Mounting system/vendor mirrors
I( [I]<numbers>: <numbers>[/I]) mount: /dev/block/bootdevice/by-name/system -> /dev/magisk/mirror/system
I( [I]<numbers>: <numbers>[/I]) link: /dev/magisk/mirror/system/vendor -> /dev/magisk/mirror/vendor
[I]<If you have modules that install files/folders to /system, you might see a lot of bind_mount entries.>[/I]
I( [I]<numbers>: <numbers>[/I]) bind_mount: **************
I( [I]<numbers>: <numbers>[/I]) * Running module post-fs-data scripts
[I]<Here you'll see scripts that are installed in modules running.>[/I]
I( [I]<numbers>: <numbers>[/I]) ************: exec [post-fs-data.sh]
I( [I]<numbers>: <numbers>[/I]) * Enabling systemless hosts file support
I( [I]<numbers>: <numbers>[/I]) bind_mount: /system/etc/hosts
I( [I]<numbers>: <numbers>[/I]) * Starting MagiskHide
I( [I]<numbers>: <numbers>[/I]) hide_utils: Hiding sensitive props
I( [I]<numbers>: <numbers>[/I]) hide_list: [com.google.android.gms.unstable]
[I]<Any other apps/processes added to the Hide list will be seen here.>[/I]
I( [I]<numbers>: <numbers>[/I]) proc_monitor: init ns=mnt:[[I]<numbers>[/I]]
I( [I]<numbers>: <numbers>[/I]) ** late_start service mode running
I( [I]<numbers>: <numbers>[/I]) * Running service.d scripts
[I]<Here you'll see scripts that are installed to /magisk/.core/service.d running>[/I]
I( [I]<numbers>: <numbers>[/I]) service.d: exec ***************
I( [I]<numbers>: <numbers>[/I]) * Running module service scripts
[I]<Here you'll see scripts that are installed in modules running.>[/I]
I( [I]<numbers>: <numbers>[/I]) ************: exec [service.sh]
I( [I]<numbers>: <numbers>[/I]) proc_monitor: zygote ns=mnt:[[I]<numbers>[/I]] [I]<possibly more zygotes and numbers>[/I]
I( [I]<numbers>: <numbers>[/I]) proc_monitor: com.google.android.gms.unstable (PID=[I]<numbers>[/I] ns=mnt:[[I]<numbers>[/I]])
I( [I]<numbers>: <numbers>[/I]) hide_utils: Re-linking /sbin
If there are no entries in the log about MagiskHide starting, take a look under "Restarting the MagiskHide daemon" and "Starting MagiskHide Manually" below.
Restarting the MagiskHide daemon
Sometimes the MagiskHide daemon needs to restart, or haven't properly started on a reboot. Fix this by toggling MagiskHide off and then on again in settings. You can also try disabling MagiskHide, rebooting and then enabling it again.
If you previously have had MagiskHide functioning on your device, but suddenly it stops working, it's a good chance the MagiskHide daemon hasn't properly started on boot. Toggle off and on (and possibly reboot) and you should be good. If not, keep reading to the next section, "Starting MagiskHide manually".
Starting MagiskHide manually
If MagiskHide just won't start when toggling it in the Magisk Manager, try starting it manually. This can be done in a terminal emulator (as su) by executing the following command:
Code:
su
magiskhide --disable
magiskhide --enable
Systemless hosts
Some users have reported issues with MagiskHide if systemless hosts is enabled in Magisk Manager settings. Try disabling it and rebooting to see if it fixes your issue.
Kernel logcat support
If your device's kernel doesn't have logcat support the MagiskHide process monitor won't be able to see when a process/package is started and therefore won't unmount the necessary folders to hide Magisk and it's core features. You can test for this by running the following command in a terminal app:
Code:
logcat -b events -v raw -t 10
If you get an error you might have a logcat issue. Ask in your kernel/ROM thread for advice or try a different kernel.
There's also a possibility that your issue can be fixed by using a kernel managing app like Kernel Adiutor. It might be enough just to install it to enable logcat support. This is untested (by me at least) and just speculation on my part from what I've seen around the forums (please confirm if you have information about this or tested it).
A huge thank you to @tamer7 for teaching me about this.
Logger buffer size
If you have turned off Logger buffer size under Developer Options, MagiskHide won't be able to monitor when a process/package is started and won't unmount the necessary folders to hide Magisk and it's core features.
Thank you to @Chaplan for the tip.
Mount namespace issues
If you see this line in the Magisk log: "proc_monitor: Your kernel doesn't support mount namespace", your device has a Linux kernel that is to old. The Linux kernel version have to be at least 3.8 (thank you @TheCech12), or otherwise have the necessary features backported. Ask in your ROM/kernel thread or try a different ROM and/or kernel.
SafetyNet
Google continuously updates SafetyNet. Currently, the only version of Magisk that will pass SafetyNet without workarounds is Magisk v13.3.
SafetyNet incompatible devices and ROMs
There are some devices/ROM’s that just won’t be able to pass SafetyNet fully. This has to do with how Google certifies devices, CTS certification (Compatiblity Test Suite). If a device hasn’t passed the Google certification process, or if the ROM alters how the device is perceived by Google, it won’t be able to fully pass SafetyNet (CTS profile mismatch). You might be able to get basic integrity to report as true (see Checking if Basic integrity passes below) and this means that MagiskHide is working as it should and it's most likely a CTS certification issue. If there is anything to be done about this it's most likely found in your device's forums. Go there and ask...
You can find out if your device/ROM has issues by checking SafetyNet with your current ROM without Magisk, any other root solution or mod (e.g. Xposed) You’ll also have to either relock your bootloader or flash a custom kernel that hides the bootloader state (disabled verified boot flag), set SELinux to enforcing (if it isn’t already) and possibly disable USB/ADB Debugging. If SafetyNet passes with a clean system, you’re good to go and can start troubleshooting MagiskHide. If it fails with a CTS profile mismatch you might be out of luck, but not necessarily. You can still give MagiskHide a go and see if you can get your device to pass, but if it doesn't it might be the ROM causing issues. If your device's stock ROM can pass SafetyNet, you could try finding a ROM that’s closer to stock and see if this helps.
It's also possible that you can match your ROM's ro.build.fingerprint and/or ro.build.description (or other props) with an official ROM for your device to make it pass SafetyNet fully. See Matching official prop values to pass SafetyNet below.
CTS profile mismatch vs Basic integrity
There are two parts to a SafetyNet check, CTS compatibility and Basic integrity. The CTS check is a server side checkup up that's difficult to spoof, while Basic integrity is done on the device side and is a lower level of security. Some apps only use the Basic integrity part of the SafetyNet API and thus can be used even if SafetyNet doesn't fully pass.
Checking if Basic integrity passes
You can use a SafetyNet checker app (SafetyNet Helper and SafetyNet Playground are two good examples) to see if you at least pass Basic integrity. If you can't pass SafetyNet, but Basic integrity shows as true, that basically means Google doesn't trust your device for some reason (also see "SafetyNet incompatible devices and ROMs" above). You should be able to fix this by matching prop values with a ROM that passes SafetyNet (see below).
Matching official prop values to pass SafetyNet
If you use an unofficial/developers ROM you'll have to match an official/stable ROM's details (usually ro.build.fingerprint and possibly ro.build.description) to pass SafetyNet. Check your device's forum for details. Also, see the section about "Sensitive props" below.
@coolguy_16 have made a guide for Moto G 2015 here. Thank you to @diegopirate for the tip.
Spoofing device fingerprint
As a last resort you could try changing your device's ro.build.fingerprint to a device's/ROM's that is known to pass SafetyNet. This can be done with a Magisk module or with boot script and the resetprop tool. See the section about "Sensitive props" below. Or you can use the Universal SafetyNet Fix module. Spoofing the device fingerprint is part of what it does.
SafetyNet check never finishes
If the SafetyNet status check never finishes (make sure to wait a while), it might mean that your Google Play Services aren’t working properly or have crashed. Try force closing Play Services, clearing data and/or rebooting the device.
You can also try updating to a newer version (take a look at APKMirror).
Device uncertified in Play store/Some apps won't install or doesn't show up
If some apps won't install or doesn't show up in the Play store, check the Play store settings. At the bottom there's a section called "Device certification". Some apps won't install if this shows "uncertified" (a couple of known apps are Netflix and Mario Run).
The solution is to make sure your device passes SafetyNet and then clear data for the Play store and reboot. If you have multiple users on your device, you might have to clear data for all users. Next time you open up the Play store, "Device certification" should show "certified" and the apps should be able to install/show up again. You might have to wait a bit before the apps show up. Some users have reported having to wait mere minutes, others several hours up to a whole day.
Some users have reported having to add the Play store to the MagiskHide list.
I still can't pass SafetyNet
First, keep reading and see if there's anything you can try below that you haven't already.
If you've tried everything and SafetyNet still doesn't pass, give the Universal SafetyNet Fix module by @Deic a try.
Other things to try
First make sure Hide is actually working by using a root checker. Start by making sure the root checker can detect that your device is rooted. After that, add the root checker to the Hide list and see if it no longer can detect root. If that is the case, MagiskHide is working on your device.
USB/ADB debugging
If you haven’t yet, try disabling USB/ADB debugging to see if this helps you use your root detecting app or pass SafetyNet.
Dependencies
There are some apps that require one or more other apps or processes being added to MagiskHide. For example, if an app is asking for extra permissions, try hiding the corresponding app/process as well. As an example: for a banking app asking for permissions to make phone calls it might be necessary to add the Phone app as well as the banking app to MagiskHide. Unfortunately it's not necessarily the case that the app or process used for finding root asks for permissions (also see "Figuring out if an app has dependencies, looks for 'sensitive props', Busybox, etc" below).
Sensitive props
Some apps trigger if they find "sensitive props". Also, on some devices SafetyNet triggers if certain props are not set to the expected values. A few props get set to "safe" values by MagiskHide by default. Currently these are ro.debuggable, ro.secure, ro.build.type, ro.build.tags and ro.build.selinux.
Some examples of props may include:
Code:
ro.build.selinux [I](careful, it might cause issues with SELinux)[/I]
ro.build.flavor
ro.build.description
ro.build.fingerprint
ro.bootimage.build.fingerprint
ro.build.oemfingerprint
etc...
Use the command "getprop" (without quotations) on the props in a terminal emulator to see what they're set to. Note that not all props used can be found in build.prop.
The props can be changed with a Magisk module or a boot script and the resetprop tool.
If you have a ROM (stock is usually a good bet) that can pass SafetyNet or use an app on without modifications, check for props on that ROM that you can change to on the ROM you're having trouble with (also see "Figuring out if an app has dependencies, looks for 'sensitive props', Busybox, etc" below).
Please note that changing prop values may have other consequences for your device than just being able to pass SafetyNet or hide root. If you're experiencing issues after changing prop values, revert them and see if that helps.
Developer options disappeared from settings
If Developer options suddenly disappeared from settings after installing Magisk, it's probably because MagiskHide changes ro.build.type from "userdebug" to "user" (known "safe" prop value). On some devices/ROMs this prop need to be set to "userdebug" to show the Developer options. A solution is to temporarily disable MagiskHide and reboot if you need access to the Developer options.
Or, there's a much better solution... You can ask your ROM developer to add this commit: https://github.com/DirtyUnicorns/an...mmit/5a647d96432abcb1276fab695600c5233e88b8d3
Busybox
Some apps detect Busybox and see this as a sign of your device being compromised (rooted). Magisk should be able to hide any Busybox installed as a Magisk module.
Figuring out if an app has dependencies, looks for "sensitiveprops", Busybox, etc
It can be tricky figuring out if an app is dependent on another app or process for detecting root, expects certain prop values, doesn't like Busybox or whatever is triggering a root warning within the app. Apart from trying one thing/prop at a time, finding this out could mean you have to decompile the apk to look at the source code. Google it...
Detecting Magisk Manager or apps requiring root
There are apps that detect the Magisk Manager or known apps that require root and refuse to work properly or even start if that is the case. This can be worked around by uninstalling or possibly freezing the Manager or root app when you need to use these apps and reinstalling/unfreezing it afterwards. Cumbersome, but it might work. There are also some Xposed modules that can hide apps from other apps, but having Xposed installed might cause other issues with tampering detection...
Samsung...
Yeah... Samsung doesn't have the mod-friendliest devices out there. But anyway...
Parts of Magisk have had a history of breaking/not working on Samsung devices. This is constantly being worked on. Check the Known issues in the release thread, the support thread and other relevant threads in the Magisk forums for information. If you can't find anything about your issue, make sure you leave as detailed a report as possible when asking for help. See "Asking for help" below.
Lineage OS...
Yeah... Cyanogenmod had a history of breaking things for many mods and it seems like Lineage OS is continuing on this legacy.
Parts of Magisk have had a history of breaking/not working on devices with Lineage OS. Check the Known issues in the release thread, the support thread and other relevant threads in the Magisk forums for information. If you can't find anything about your issue, make sure you leave as detailed a report as possible when asking for help. See "Asking for help" below.
Magisk Core Only Mode
If you can't get MagiskHide to work, try enabling the Core Only Mode in Magisk Manager settings. No modules will be loaded and any conflicts as a result of that part of Magisk will be bypassed. Note: In Magisk v13.1 there seems to be a bug with Core Only Mode where it will disable MagiskHide and Systemless hosts. Toggle MagiskHide and Systemless hosts off and on in settings to fix this.
Starting fresh
If you've been trying a lot of things and can't pass SafetyNet it can be a good idea to start fresh. Start by uninstalling Magisk, flashing a clean boot image and installing Magisk again. If that doesn't work you could try wiping your device and starting out completely clean.
Older versions of Magisk
It is possible that an older version of Magisk and MagiskHide may work if the latest does not. This is a last resort and should be considered unsupported. If the latest version of Magisk doesn’t work, but an earlier version does, please help fixing the issue by reporting it with all the necessary details (see “Asking for help” and “Nothing works!” below)
Installation files back to Magisk v12 can be found in the release thread.
Please note that there’s no guarantee that an older version of Magisk will work with the current Magisk Manager. Compatible apk's can be found inside the Magisk zip.
Asking for help
If you can't fix the problem yourself, start by looking in the support thread where you might find that someone else have had this problem as well. Search for your device and/or problem. If you can't find anything (it's a big thread), provide as much information as possible (in the support thread).
Detailed description of the issue and what you've tried so far.
Details about your device and ROM, custom kernel, mods, etc.
Logs! And when providing logs, do NOT paste them into your post. Attach as a file or use a service like Pastebin.
Recovery log from installation (in TWRP, go to Advanced - Copy log).
Magisk log (from the Manager or in /cache through recovery if you don't have root access)
Logcat. Get it via ADB or an app.
If you have boot issues (stuck or long boot time), take a look in /data for a file called magisk_debug.log (access through recovery if necessary). If it's not there, try capturing a logcat through ADB during boot (see above).
Nothing works!
If MagiskHide does not work for you even though you've tried everything, check the troubleshooting section in the release thread for instructions on how to help topjohnwu fix any compatibility issues with your device. The best thing you can do if Magisk isn't compatible with your device is to open an issue on GitHub and upload logs (recovery log, Magisk log, logcat, whatever is applicable) and a copy of your boot image. No boot image, no fix. Just remember that there are some things @topjohnwu can't fix, like if your device's kernel doesn't have mount namespace support (you need a Linux kernel version of at least 3.8) or similar.
If you're using an older release of Magisk, take a look at the Old and outdated tips and tricks for "Hiding root and passing Safety Net". There might be something in there that applies to you.
And, if nothing else works you could try the Universal SafetyNet Fix module by @Deic.
Beta releases
It's also possible that whatever problem you're facing has been fixed in code, but not yet released. For this you have two options. The official beta and the unofficial beta snapshot.
The official beta is for @topjohnwu to test the release before it goes out to the masses. Read the OP carefully and follow any directions given.
If you're feeling brave you can try the unofficial beta snapshot. It's built directly from source and can sometimes be unusable. Keep an eye on the thread for current issues.

Changelog
Hiding root and passing SafetyNet - Changelog
2017-07-19
Updated "Check the logs".
Updated "Nothing works!".
2017-07-14
Added a link to a commit that fixes the disappearing Developer options issue on some ROMs with ro.build.type set to "user". Thank you @The Flash.
Moved "SafetyNet never finishes" to a more logical location.
2017-07-11
Updated for Magisk v13.1.
2017-07-06
Updated the section about "Magisk Manager" being detected. Renamed to "Detecting Magisk Manager or apps requiring root".
Removed duplicate information about SafetyNet being updated.
2017-06-27
Updated info about "Spoofing device fingerprint".
Small update to "Dangerous props".
2017-06-19
Updated info about beta releases.
2017-06-18
Updated info about the latest SafteyNet update and how to bypass it.
Updated info about the Universal SafetyNet fix module by @Deic.
Added section about "Spoofing ro.build.fingerprint".
Moved "Outdated tips and tricks" to it's own post.
2017-06-16
Added notes about the update to SafetyNet and how to bypass it.
2017-06-01
Removed "Unlocked bootloader, permissive SELinux and Samsung KNOX".
Moved "Samsung KNOX".
Added "Magisk Manager".
2017-05-26
Some more clarifications on "Magisk Hide isn't unmounting...".
Added info about multiuser under "Device uncertified...".
2017-05-25
Added some info about setns support under "Magisk Hide isn't unmounting folders as it should".
2017-05-19
Added "some Moto device" to known devices that need official prop values added to custom ROMs to pass SafetyNet.
Added a link to the guide to pass SafetyNet on Moto G 2015 by @coolguy_16.
Some clarifications about Samsung KNOX.
Minor clarifications on Play store certification.
2017-05-14
Minor clarifications.
2017-05-09
Added a new section, "Magisk v12 can't hide root (but v11.6 could)".
2017-05-06
Added some more tips under "Magisk Hide isn't unmounting folder as it should" (Xiaomi devices).
Added some clarifying headings.
Added an index in the OP.
2017-05-03
Added a section about matching official ROM prop values to pass SafetyNet.
Added a link to Xiaomi SafetyNet fix module by @Deic.
2017-05-02
Slightly update information regarding SafetyNet incompatibility, CTS profile matching and Basic integrity.
Minor cosmetic changes, rearranging and typos.
2017-05-01
Another small clarification. This time under "Asking for help".
Slight clarification on issues with unmounting.
2017-04-28
Added a section about setting Logger buffer size to off breaking Magisk Hide.
2017-04-25
Added a command to test for kernel logcat support and a possible solution for a lack thereof.
2017-04-24
Moved info about busybox and systemless host issues to "Busybox conflict" and "Systemless hosts" under the section about Magisk hide not unmounting folders.
2017-04-20
Added a section about certification status in the Play store. "Some apps won't install or doesn't show up in the Play store".
Added "Check the logs".
Added "Magisk Hide isn't unmounting folders as it should". Again: thank you @tamer7.
More minor clarifications.
2017-04-19
Minor clarifications.
2017-04-16
Added a note about Core Only Mode.
2017-04-09
Added section about starting Magisk Hide manually.
Added section about Magisk built-in busybox or systemless hosts possibly causing SafetyNet to fail on some ROMs.
2017-04-07
Updated "Dangerous props".
Updated information about Samsung KNOX (Samsung pay probably won't work).
2017-03-31
Updated for Magisk v12.
Moved old and outdated tips and tricks to the bottom.
2017-03-22
Changing prop values may have undesired effect (duh).
Moved "Restarting Magisk Hide" to the beginning of the text and updated it. Might be a good thing to start with when troubleshooting.
2017-03-21
Added ro.build.flavor to "dangerous props".
Added information about what to try when a prop value isn't set properly.
More updates for Magisk v11.6 (resetprop added to PATH).
Clarifications.
2017-03-20
Updated for Magisk v11.6
Removed "ro.build.selinux" from "dangerous props" since it might cause issues with SELinux.
2017-03-15
Clarifications about finding out if you have "dangerous props" set to undesired values.
Added a new "dangerous prop" example (ro.build.selinux).
2017-03-14
Added a link to the Beta snapshot thread.
2017-03-10
Small update to the "Samsung..." section.
2017-03-06
Clarification about setting props and figuring out dependencies, etc.
2017-03-06
Added some info to "Dependencies".
Added section about how to figure out what an app is looking for to detect root.
2017-03-03
Added some information about "Dangerous props".
Updated information about SafetyNet CTS profile mismatch and Basic integrity.
2017-03-02
Changelog started.
Added Samsung SELinux tips.
Refinements.
2017-02-23 - 2017-03-02
Various additions.
Refinements.
2017-02-23
Initial post.

Old and outdated tips and tricks for "Installing Magisk and Modules"
Unmounting of folders is no longer showed in the Magisk log, since Magisk v13.1.
MagiskHide isn't unmounting folders as it should
If MagiskHide isn't unmounting as it chould for the processes/packages added to the Hide list (there are no "hide_daemon: Unmounted" entries in the log or there are entries showing that the unmount failed ("hide_daemon: Unmount Failed")), see "MagiskHide isn't unmounting folders as it should" below.
If you don't see any entries in the Magisk log for "hide_daemon: Unmounted", MagiskHide isn't functioning as it should and can't hide Magisk from apps and processes that trigger if root is found. There are a few reasons as to why this might happen. See "Kernel logcat support", "Logger buffer size", and "Mount namespace issues" below. Of course, these might not be the only reasons. If you're lucky, one of the solutions below will work for your particular case.
If there are entries in the Magisk log showing that the unmount failed ("hide_daemon: Unmount Failed"), take a look at what folder it's failing for and disable the corresponding Magisk module. If you can't work out what module is causing the issue, disable them all and enable one by one until you find the culprit. If it is one of your installed modules causing the issue, ask for advice in the module's support thread.
It might be that you have to rely on manually starting MagiskHide to make it unmount folders properly (known: some Xiaomi devices/MIUI). See "Starting MagiskHide manually" above.
Busybox is no longer bundled with Magisk since v13.1.
Randomly losing root
Some devices and/or ROMs (known: Lineage OS) have issues with losing root when using MagiskSU. This can sometimes be fixed by disabling busybox in Magisk Manager settings. Some users have also reported success by disabling systemless hosts instead/as well.
Magisk v13+ is fully compatible with stock Sony ROMs.
Sony and MagiskSU
If you're using a Sony device and have the above issue with MagiskSU, you're probably running a stock boot image or otherwise haven't disabled Sony RIC. Don't worry, @[email protected] have got the fix for you here.

Old and outdated tips and tricks for "Hiding root and passing Safety Net"
The changed prop values have been reintroduced with Magisk v13.1.
Magisk v12 can't hide root (but v11.6 could)
If you have an app that you can hide root from with Magisk v11.5/v11.6 but not after upgrading to v12, you need to take a look at the "Dangerous props" section below. In Magisk v11.5 and v11.6, Magisk Hide would alter a few build.prop values, specifically a couple of the usual suspects mentioned in "Dangerous props". These are ro.build.tags and ro.build.type. This was reverted with Magisk v12 since it has the potential to cause issues and is better left to the users discretion.
So, if you can fool an app with Magisk v11.5/v11.6, but not with v12. Try changing ro.build.tags and/or ro.build.type to "safe" values. Again, see "Dangerous props" below.
Scripts are no longer used in Magisk v13.1.
If you have a device where you find you have to start Magisk Hide manually to pass SafetyNet, try editing the enable script (found in /magisk/.core/magiskhide) and change the last line to:
Code:
(su -c $BINPATH/magiskhide --daemon)
This might make Magisk Hide work properly on your device.
Busybox is no longer bundled with Magisk since v13.1.
Busybox conflict
If you already have busybox installed or your ROM comes with it built-in, enabling Magisk busybox may cause a conflict that breaks Magisk Hide. Either use and update the existing installation or remove it if you want to use Magisk busybox.
Magisk v13.1 does note have these issues.
Since beginning of June 2017, SafetyNet has been updated. Magisk v12 and lower versions can't pass. The solution is to enable Core Only Mode in Magisk Manager settings and you might also have to disable systemless hosts. In Magisk v13.0 beta, this has been fixed (but of course, there might be other issues present). Note that this guide is written for Magisk v12 and the tips in it may not be applicable for Magisk v13 beta. I'll update the guide for v13 when it is released from beta.
For users of Magisk v12 @Deic have made a Magisk module that might make SafetyNet pass with modules active. Note that this module will also change your device's fingerprint to match a Xiaomi Mi 6 (for devices/ROMs that have no CTS certification), also see "Spoofing ro.build.fingerprint" below. @yochananmarqos have made a version of the module that leaves out the fingerprint part, for users that could pass SafetyNet before the update. See the links for details.
Module link removed from the guide since it does so much more than just editing the fingerprint.
@Deic have updated his Xiaomi SafetyNet fix module to be a Universal SafetyNet fix module that does just this. It'll change your devices fingerprint to match an official one for Xiaomi Mi 6. It'll also make Magisk v12 pass SafetyNet with modules installed.
IMO it'd be best if you could use a fingerprint that more closely matches your device (you'll find it in the build.prop file). If you're on a custom ROM that doesn't pass SafetyNet and the stock ROM does, use the stock ROM's prop values, etc. To change the fingerprint set by the module, unzip it and open up the post-fs-data.sh file in a text editor that can handle Unix line endings (on Windows this means Sublime, Atom, Notepad++ etc). Change the following two lines to match your device's stock ROM:
Code:
$RESETPROP "ro.build.fingerprint" "Xiaomi/sagit/sagit:7.1.1/NMF26X/V8.2.17.0.NCACNEC:user/release-keys"
$RESETPROP "ro.bootimage.build.fingerprint" "Xiaomi/sagit/sagit:7.1.1/NMF26X/V8.2.17.0.NCACNEC:user/release-keys"
No longer applicable.
An app still detects the original prop value
If Magisk Hide doesn't start properly at boot, it can be started by toggling Hide off and on again in settings. But, when doing this, some of the prop values changed by Magisk Hide may not get set properly. Try rebooting your device and see if Hide starts up properly. If it doesn't it might be one of your modules causing issues.
If it's a prop value you're changing yourself with a Magisk module and you're using system.prop to set the value, try moving the script to post-fs-data.sh and use resetprop instead. See here for more resetprop syntax. Example:
Code:
[I]system.prop code:[/I]
ro.build.tags=release-keys
[I]post-fs-data.sh code:[/I]
resetprop ro.build.tags release-keys
Removed from the guide since the feature doesn't seem to work anyway.
Samsung KNOX
If you're having issues with Samsung KNOX, use a KNOX checker app from the Play store to see if it reports as triggered or not. Samsung pay and other Samsung apps/services that check KNOX have been reported to still see the KNOX counter as triggered, even though it gets masked by Magisk Hide.
The module have been updated to a universal SafetyNet fix.
Deic have made a Magisk module for Xiaomi devices that does the above, Xiaomi SafetyNet fix.
Since Magisk v11.5 resetprop is added to PATH and can be called directly through shell and apps.
Code:
/data/magisk/resetprop ro.build.tags release-keys
This part is no longer necessary since Magisk v11.5. It's changed by Magisk by default. Only do this if you're using an earlier release.
Some Samsung users with custom ROMs have reported that they have had to do some modifications to the permissions for a couple of files related to SELinux to pass SafetyNet. These files are "/sys/fs/selinux/enforce" and "/sys/fs/selinux/policy". The "enforce" file should have permission 640 (rw-r-----) and the "policy" file should have permission 440 (r--r-----). This can be easily automated with Magisks General Purpose Boot Scripts (see here for details) or a Magisk module. The lines needed for the script are:
Code:
#!/system/bin/sh
chmod 640 /sys/fs/selinux/enforce
chmod 440 /sys/fs/selinux/policy
Magisk Hide uses a pseudo-enforcing SELinux state to mask a permissive kernel
Permissive SELinux
You can check if it’s SELinux causing problems by typing (without quotation marks) “getenforce” in a terminal emulator. If it reports permissive you can try temporarily setting it to enforcing by typing “setenforce 1” (this requires root access) and see if this makes SafetyNet pass. To make SELinux permissive again, use “setenforce 0” or reboot your device (if it’s permissive by default). If you want a more permanent solution it can be done with Magisks General Purpose Boot Scripts. See here for details. The lines needed for the script to set SELinux to enforcing are:
Code:
#!/system/bin/sh
setenforce 1

Check the module support thread for update.
Update 20170228
Since a little syntax error in the mounting script from Magisk v11.0-v11.1, mounting link systemless-ly won't success. Hence we choose copy but not to link the su binary for v11.0-v11.1. Don't worry, both methods are systemless.
==========
Great guide. :good:
Just made a simple module try to solve the /sbin/su not detectable problem. This module will look for existing su binary, and create a link as /magisk/su_xbin_bind/system/xbin/su pointing to the real su. The link will also be mounted as /system/xbin/su systemless-ly later.
Installation
Flash it in RECOVERY, then reboot. And you will find a link /system/xbin/su. All the work is done systemless-ly.
Uninstallation
Open Magisk Manager, go to Modules, disable or uninstall the module called "Su xbin_bind". Then it will disappear after reboot.

laggardkernel said:
Great guide. :good:
Just made a simple module try to solve the /sbin/su not detectable problem. This module will look for existing su binary, and create a link as /magisk/su_xbin_bind/system/xbin/su pointing to the real su. The link will also be mounted as /system/xbin/su systemless-ly later.
Installation
Flash it in recovery, then reboot. And you will find a link /system/xbin/su. All the work is done systemless-ly.
Uninstallation
Open Magisk Manager, go to Modules, disable or uninstall the module called "Su xbin_bind". Then it will disappear after reboot.
Click to expand...
Click to collapse
Nice! I added a mention of this in the guide. You should get this in the repo...

Great guide. Apparently this contains almost all the troubleshoot steps and known issues right from the original support thread of Magisk. However it would be complete if you had added the steps that user reported working on various custom roms that are known to not pass safetynet. One of the step is below for pre rooted custom roms :
1. Go back to recovery.
2. Flash unSU.zip by osmosis
3. Flash magisk 10.2
4. Boot to system. Install Phh superuser. Update binary.
5. Update to latest magisk from magist manager. Reboot.
6. Check safetynet, it should work.
This is reported to be working for some user, and some other reported it didn't work. But still worth a try.

iubjaved said:
Great guide. Apparently this contains almost all the troubleshoot steps and known issues right from the original support thread of Magisk. However it would be complete if you had added the steps that user reported working on various custom roms that are known to not pass safetynet. One of the step is below for pre rooted custom roms :
1. Go back to recovery.
2. Flash unSU.zip by osmosis
3. Flash magisk 10.2
4. Boot to system. Install Phh superuser. Update binary.
5. Update to latest magisk from magist manager. Reboot.
6. Check safetynet, it should work.
This is reported to be working for some user, and some other reported it didn't work. But still worth a try.
Click to expand...
Click to collapse
I hadn't seen that one before. Looks a little fishy (updating the phh's superuser binary?), but I'll do some research on that and see if I can work this into the guide somehow.

2 posts removed.
Do not discuss or post warez on XDA.
Thank you.
:good:

The Merovingian said:
2 posts removed.
Do not discuss or post warez on XDA.
Thank you.
:good:
Click to expand...
Click to collapse
Sorry

Didgeridoohan said:
I hadn't seen that one before. Looks a little fishy (updating the phh's superuser binary?), but I'll do some research on that and see if I can work this into the guide somehow.
Click to expand...
Click to collapse
These steps are from the Magisk thread, i could be wrong about binary update ( considering when installing any superuser, you will get prompt for updating binary?) but rest of the steps are exactly as it was mentioned there. I wish i could link you for reference but i have to go through the whole thread again and search for these . You can post these steps on the magisk support thread for clarification. Great work once again. Good luck!

laggardkernel said:
Great guide. :good:
Just made a simple module try to solve the /sbin/su not detectable problem. This module will look for existing su binary, and create a link as /magisk/su_xbin_bind/system/xbin/su pointing to the real su. The link will also be mounted as /system/xbin/su systemless-ly later.
Installation
Flash it in recovery, then reboot. And you will find a link /system/xbin/su. All the work is done systemless-ly.
Uninstallation
Open Magisk Manager, go to Modules, disable or uninstall the module called "Su xbin_bind". Then it will disappear after reboot.
Click to expand...
Click to collapse
Hey installed ur module, but still root checker detects no su file symlinks in xbin :crying:

Xennet said:
Hey installed ur module, but still root checker detects no su file symlinks in xbin :crying:
Click to expand...
Click to collapse
Did you reboot your phone after installation? And try to check its existence in /magisk/su_xbin_bind/system/xbin. If the su link exists here, where does it point to?

laggardkernel said:
Did you reboot your phone after installation? And try to check its existence in /magisk/su_xbin_bind/system/xbin. If the su link exists here, where does it point to?
Click to expand...
Click to collapse
Yes rebooted. It is activated in magisk. The su link exists in /magisk/su_xbin_bind/system/xbin/. Opening t link directs to su...But how to check it where it directs to..
Really dis is a great module to get t apps dat look for real root location xbin/su...
Please help

Xennet said:
Yes rebooted. It is activated in magisk. The su link exists in /magisk/su_xbin_bind/system/xbin/. Opening t link directs to su...But how to check it where it directs to..
Really dis is a great module to get t apps dat look for real root location xbin/su...
Please help
Click to expand...
Click to collapse
How about /magisk/su_xbin_bind/auto_mount, does it exist? If not, create an empty file and name it as auto_moint.

laggardkernel said:
How about /magisk/su_xbin_bind/auto_mount, does it exist? If not, create an empty file and name it as auto_moint.
Click to expand...
Click to collapse
auto_mount exists too

Xennet said:
auto_mount exists too
Click to expand...
Click to collapse
Now, I need more detail to figure it out.
1. Where does the su link point to? Does it exist in /system/xbin and /dev/magisk/dummy/system/xbin. Use a explore to check su's position and the Link's property, or use a terminal
Code:
su
ls -al /magisk/su_xbin_bind/system/xbin/su
2. What is the version of your magisk? Upload your /cache/magisk.log and /sbin_orig/magisk_mask.sh for me, please.
3. Which ROM are you using and is there any root imbedded?
I'm using an op3 with OOS 3.2.7, Magisk v11.1, and the su_xbin_bind module works well now. It seems you're using an op3 or op3t. So it's weird for me the module don't work on your device.
Much obliged if you could tell me the package name of the root checker app in your picture.

Magisk Hide - Hiding Specific Binar(ies) from specific application(s)

Hi,
We can hide root from specific applications by selecting them in magisk manager, however, it does not work well on my banking application.
After reverse engineering my banking application, i found that it was checking another binary in /system/xbin/. Is it possible to hide that binary file as well?
Can I write a module to achieve it? Or I need to modify the magisk hide source and recompile it?
Thanks.

What binary is it detecting? You can make a Magisk module to mount whatever binary it is to /system/xbin and then it should be hidden by MagiskHide.

Didgeridoohan said:
What binary is it detecting? You can make a Magisk module to mount whatever binary it is to /system/xbin and then it should be hidden by MagiskHide.
Click to expand...
Click to collapse
/system/xbin/which
Weird, huh?
Well, obviously /system/xbin/which is linked to busybox, so I think hiding the whole busybox should be better.
Do you mean by making a magisk module with that file, magisk hide will automatically hide the module (and hence the files inside the module)? I wonder doing this with busybox is a bit weird...

hopkinskong said:
/system/xbin/which
Weird, huh?
Well, obviously /system/xbin/which is linked to busybox, so I think hiding the whole busybox should be better.
Do you mean by making a magisk module with that file, magisk hide will automatically hide the module (and hence the files inside the module)? I wonder doing this with busybox is a bit weird...
Click to expand...
Click to collapse
In that case it should be easy... Uninstall whatever busybox you currently have and install the one from the Magisk Manager Downloads.

LSPosed Xposed Framework [8.1-13.0]. Simple Magisk Module

Developers: LSPosed Developers
Homepage: GitHub
✱ Requirements:
• Magisk 21+
• Android 8.1-13
• Riru(NOT NEEDED) USE ZYGISK
Description: Riru module providing ART interception framework (natively for Android Pie) that provides consistent API -interfaces with OG Xposed, using YAHFA (or SandHook) interception environment, supports Android 8.1 ~ 11.
& Installation:
• Install Riru 23+
• Install Riru - LSPosed via Magisk Manager
• Install LSPosed Manager app (Note: No Saparate App and Zip, App Will be Installed Automatically)
• Reboot your device.
Download:
For stable release, please go to Github Release page For canary build use telegram.
Go to second post for latest version Download
Notes:I'm just sharing this from github, I'm not responsible if you bricked your device.
GPay and other banking apps working fine without any issue so this xposed alternative is worth trying and safer.
Note: If anyone facing bootloop issue, don't panic, hard reboot again and it will work.
Screenshot:

Download:
Flash zip file through magisk and then install LSPosed Manager app
Update 1 March 2021
V1.2.0
V1.3.7 Updated 15.May.2021
(Note: No Saparate App and Zip, App Will be Installed Automatically)
For Newer Version Changelogs and Downloads:
LsPosed Github
Changelog
Spoiler: See
Fix manager white screen
[*]Support split-apk modules (LSPosed will choose only one apk with xposed_init to load)
[*]Fix manager crash when launching an uninstalled module from notification
[*]Load modules with SharedMemory (it can speedup app cold launch) 2
[*]New manager icon
[*]Fix incorrect update notification in the first installation
[*]Fix some apps not showing in the scope list in some rare cases
[*]Show notification of module uninstallation
[*]Prevent modules from hooking inner methods (methods from XposedBridge's classloader)
Note:
Previously LSPosed only recognize modules from the primary user. However, this strategy is not good and leads to some problems: some modules require getting installed app lists for configuration but they cannot do so across users; some require reading themselves from the hooked apps but they cannot do so from non-primary users; some users want to configure modules differently on different users which is not feasible previously. Thus LSPosed now requires every module to be installed to the user on which the apps they want to hook are installed. Some devices restrict modules from installing onto some users. In such a case, you can install them from the manager (but it's recommended).
1: For some weird devices that prevent installing apps from the root user, please install the manager from /data/adb/lspd/manager.apk or manager.apk from the zip file manually.
2: Some modules get modules' apk path using reflection of its classloader, it's not recommended and unstable since the apk path from classloader no longer exists when using SharedMemory to load modules. Please use the documented way (from IXposedHookZygoteInit.StartupParam.modulePath) instead.

Reserved 2

Why it's safer than EdXposed?

QkiZMR said:
Why it's safer than EdXposed?
Click to expand...
Click to collapse
I didn't say it's safer than edxposed. I meant xposed alternatives like taichi etc.
All banking apps works, no system slowdown, i got more free ram etc.
In edxposed the hooked apps take time to open, no such issue with LSPosed.
That's why i thought it's worth trying and safer.

And +1 is safetynet passes all the time with LSPosed but, with edxposed safetynet works for some time after every reboot even with blacklisting google framework and services.

This slowdown is caused by YAHFA hook in EdXposed. On Sandhook is much better. Which hook method you use in LSposed?
And +1 is safetynet passes all the time with LSPosed but, with edxposed safetynet works for some time after every reboot even with blacklisting google framework and services
Click to expand...
Click to collapse
SafetyNet works till google patched it no matter which xposed clone you use. Before last patch SN was working fine with EdXposed. I don't needed blacklisting framework and services because EdXposed manager is doing automatically, with special option enabled. So don't say lies about EdXposed but tell us about technical differences between LSposed and EdXposed. What you change after forking EdXposed repo?

looks working good u,till now, just its annoying sometimes to have to choos which app has the module applies. a "select all" option would be welcome in a next release

How do I pass safety net? I have universal safety fix module is installed too.

Antho02 said:
looks working good u,till now, just its annoying sometimes to have to choos which app has the module applies. a "select all" option would be welcome in a next release
Click to expand...
Click to collapse
This is what i was confused about? ive never chosen before. I dont know which ones i need things like HiddenCoreModule to apply to? Everything?

It looks like this xposed clone works only in whitelist mode...

I'm quite amazed that this edxposed alternative is running much better than edxposed itself on my android 11, aosp rom, redmi k30 pro zoom. Really glad that I came across this!
Thanks for the great and awesome work devs!

Preparedtobereckless said:
This is what i was confused about? ive never chosen before. I dont know which ones i need things like HiddenCoreModule to apply to? Everything?
Click to expand...
Click to collapse
Apply to System Framework.
Hidden core module do nothing, try no device check module. BTW safetynet passes for me by default.
darashikoh said:
How do I pass safety net? I have universal safety fix module is installed too.
Click to expand...
Click to collapse

What are LSposed module we can use in A11

Im trying to ask the scope list of my modules. Firefds minminguard hiddencore and hide mock location. Anybody can help for the whitelist ??

what does mean: "select other app for each module" ?
for example for "GravitiyBox" module, which app should be enable and why?!

mrhamed said:
what does mean: "select other app for each module" ?
for example for "GravitiyBox" module, which app should be enable and why?!
Click to expand...
Click to collapse
Android System - android
Call - com.samsung.android.incallui
Camera - com.sec.android.app.camera
Contacts - com.samsung.android.contacts
Email - com.samsung.android.email.provider
Firefds Kit - sb.firefds.r.firefdskit
Messaging - com.samsung.android.messaging
MTP Application - com.samsung.android.MtpApplication
NFC - com.android.nfc
One UI Home - com.sec.android.app.launcher
Settings - com.android.settings
Smart Capture - com.samsung.android.app.smartcapture
Software Update - com.wssyncmldm
System UI - com.android.systemui
It also depends on what firmware you are using amd what features you've enabled in gravity box. Enable these according.
What I've enabled in miui are shown in image below.

a module based selection, what to hook seems a good approach of doing what you want and at the same time saving resources. a more advanced selectiin UI would be good. filter based on words and then select in the filtered list, select deselect all. in addition I have no idea what some modules are hooking like gravity box...this is just an example...I know I can find out however maybe the manager app can support to find out or tick what is recommended

I am trying LSposed on my OnePlus 7 Pro (GM-1917), OOS 10.3.8, Magisk 21.4, xXx 12.4.
I followed these instructions from the OP ...
• Install Riru 23+
• Install Riru - LSPosed via Magisk Manager
• Install LSPosed Manager app
• Reboot your device.
Click to expand...
Click to collapse
I got into what seems to be an infinite boot loop. I waited 3-5 minutes, but the boot loop continued.
Has anyone seen this behavior? If so, is there a workaround?
Thank you in advance.
UPDATE: I must have messed up one or more of the installation steps the first time around. I retried installing, and now LSPosed works for me with no boot loop.
OnePlus 7 Pro (GM-1917)
OOS 10.3.8
Magisk 21.4
Magisk Manager 8.0.7
xXx 12.4
Riru 23.4
LSPosed-v0.5.4.0-5135-release.zip (YAHFA)
LSPosedManager-v0.5.4.0-5175-release-signed.apk
Good work!
Onward!

HippoMan said:
I am trying LSposed on my OnePlus 7 Pro (GM-1917), OOS 10.3.8, Magisk 21.4, xXx 12.4.
I followed these instructions from the OP ...
I got into what seems to be an infinite boot loop. I waited 3-5 minutes, but the boot loop continued.
Has anyone seen this behavior? If so, is there a workaround?
Thank you in advance.
Click to expand...
Click to collapse
Working fine with OnePlus 7t latest beta. There might be some other issue. LSPosed doesn't seem to cause bootloop. Share logcat.

[Help] Can't reinstall magisk

I upgraded to Magisk v23 without thinking and I am trying to reinstall 22.1 so I can continue with magisk hide, but no matter how I flash the repackaged boot.img, after reboot, installed always shows N/A. I've tried with v22 as well, and the same result.
Am I missing something about downgrading, or am I just doing something way off? Thanks in advance.

Why v22.1? Magisk v23 still has the "normal" MagiskHide...
(And just as a FYI, the new Deny list that is included in the latest Canary, 23010, works just as good to hide Magisk from what I've seen so far.)

I've tried 23 as well, I am on it as we speak, yet no matter what, I cannot get the boot to flash...
I did try the new version before rolling back and I could not add the RSA app I need for work to the deny list, rather it caught on to root and crapped out.
If I missed how to add to the deny list, I am happy to try again.

DrSeussFreak said:
I've tried 23 as well, I am on it as we speak, yet no matter what, I cannot get the boot to flash...
I did try the new version before rolling back and I could not add the RSA app I need for work to the deny list, rather it caught on to root and crapped out.
If I missed how to add to the deny list, I am happy to try again.
Click to expand...
Click to collapse
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
V0latyle said:
So Magisk Canary was released yesterday:
Magisk 23010
Someone who is temp rooting want to patch their boot image with this and see what happens?
Also, Magisk Hide is no longer, so here's what you have to do to pass Safetynet (the check is no longer in Magisk so you'll have to use an external app)
In Magisk:
Remove Universal Safetynet Fix and Riru, if you have them installed, Reboot.
Launch Magisk again
Settings > Magisk:
Enable Zygisk
Enable Enforce Denylist
Enable for Google Play Services components: (I just enabled for all subcomponents)
com.google.android.gms
com.google.android.gms.unstable
That should be enough to pass Safetynet. Don't forget to hide other apps such as banking, GPay, DRM (Netflix, Amazon Prime Video, etc)
Click to expand...
Click to collapse

V0latyle said:
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
Click to expand...
Click to collapse
Google play services is what I was missing in my earlier attempts. I cannot thank-you enough!

DrSeussFreak said:
Google play services is what I was missing in my earlier attempts. I cannot thank-you enough!
Click to expand...
Click to collapse
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).

V0latyle said:
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
Click to expand...
Click to collapse
I just went through and re-did all my financials and streaming (plus all Amazon apps). I just forgot I had enabled it for these services.

V0latyle said:
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
Click to expand...
Click to collapse
Sorry, 1 additional question I didn't get a clear answer from the forums. I have 4 modules active in Magisk, 3 of them related to safetynet, Riru, MagiskHide Props Config and Universal Safetynet Fix. I disabled them and everything is still working, and I am guessing I do not need them anymore, since it's a whole new setup.
Am I correct that I no longer need these modules anymore? Once again, I appreciate the help.

DrSeussFreak said:
Sorry, 1 additional question I didn't get a clear answer from the forums. I have 4 modules active in Magisk, 3 of them related to safetynet, Riru, MagiskHide Props Config and Universal Safetynet Fix. I disabled them and everything is still working, and I am guessing I do not need them anymore, since it's a whole new setup.
Am I correct that I no longer need these modules anymore? Once again, I appreciate the help.
Click to expand...
Click to collapse
Correct, I was using the same solution as you - I had Riru, USNF, MagiskHide Props Config, and Systemless Hosts. I removed everything and reenabled Systemless Hosts after a reboot. The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
I may end up going back to 23001 because my banking app (Navy Federal) now refuses to start.

V0latyle said:
Correct, I was using the same solution as you - I had Riru, USNF, MagiskHide Props Config, and Systemless Hosts. I removed everything and reenabled Systemless Hosts after a reboot. The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
I may end up going back to 23001 because my banking app (Navy Federal) now refuses to start.
Click to expand...
Click to collapse
Thank you for confirming and good luck with your banking app, I checked all mine, so far so good. New system news bugs

V0latyle said:
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
Click to expand...
Click to collapse
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001

pippo45454 said:
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
Click to expand...
Click to collapse
That is what i saw. I've been rooted for almost a decade and I've never seen this issue before with magisk. I don't use gpay often, so that is ok, but i appreciate the info.

pippo45454 said:
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
Click to expand...
Click to collapse
Did you use DenyList to hide both GPay, Google Play Services, and Google Play Store?
GPay works for me, but I am getting a CTS profile mismatch on Magisk 23010, so there's more work to be done. For now, I've downgraded to 23001.

I'll confirm gpay working, i hadn't checked earlier, but I'd marked it for the deny list earlier

How you downgrade to 23001?could you write entire procedure please?

I pur all exclusion, in Witch way you obtain CTS profile?

V0latyle said:
The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
Click to expand...
Click to collapse
Not quite true. 23010 introduces Zygisk that gives module developers way more options on how to create advanced modules. We'll now be able to have Xposed style Magisk mods. Really cool. Old modules still work just as fine though...
V0latyle said:
I am getting a CTS profile mismatch on Magisk 23010
Click to expand...
Click to collapse
Could be because you removed the modules that can help you pass CTS...
MagiskHide Props Config if you need a certified print on a custom ROM (no need on the stock ROM) or if you need to reapply sensitive prop changes that are no longer included in Magisk (although these are also included in Universal SafetyNet Fix v2.1+).
Universal SafetyNet Fix to get around hardware backed key attestation and spoofing model props for Play Services (although currently Magisk Canary 23010 isn't compatible with Riru, so you'll probably have to use an older USNF release for now, and spoof props with MHPC).

I passeri CTS profile with safetynet but anytime i try ti add my card on gpay the band Will block automatically mi credito card...seems that they found that the phone Is not secure do to root....how i can go back ti 23001?

pippo45454 said:
I passeri CTS profile with safetynet but anytime i try ti add my card on gpay the band Will block automatically mi credito card...seems that they found that the phone Is not secure do to root....how i can go back ti 23001?
Click to expand...
Click to collapse
Go into Magisk and tap Uninstall > Restore Images, then Uninstall Completely. Allow Magisk to reboot the phone. When it reboots, Magisk and root will be gone.
Install Magisk 23.0. Manually patch the boot image, reboot to bootloader, and flash the patched boot image. Reboot again and you should come back into root with 23.0.

Didgeridoohan said:
Not quite true. 23010 introduces Zygisk that gives module developers way more options on how to create advanced modules. We'll now be able to have Xposed style Magisk mods. Really cool. Old modules still work just as fine though...
Click to expand...
Click to collapse
Thank you for the explanation. I was under the impression that most modules would have to be rewritten to work with Zygisk.
Didgeridoohan said:
Could be because you removed the modules that can help you pass CTS...
MagiskHide Props Config if you need a certified print on a custom ROM (no need on the stock ROM) or if you need to reapply sensitive prop changes that are no longer included in Magisk (although these are also included in Universal SafetyNet Fix v2.1+).
Universal SafetyNet Fix to get around hardware backed key attestation and spoofing model props for Play Services (although currently Magisk Canary 23010 isn't compatible with Riru, so you'll probably have to use an older USNF release for now, and spoof props with MHPC).
Click to expand...
Click to collapse
Well, I tried USNF 2.0.0, CTS profile still failed, so I removed Magisk and went back to the last version that worked for me, 23001. I only use 4 modules: USNF, Riru to support it, MagiskHide Props, and Systemless Hosts. I'm on the stock ROM. I'll just wait until USNF is updated to work with Zygisk.

Please clarify how denylist works with other zygisk modules

With Magisk 24 a couple of things have changed and its got me confused maybe someone here can help me understand.
Previously, with MagiskHide I could select apps for which Magisk would be hidden. In addition, I had riru/lsposed with a couple of modules, afwall+ donate and xprivacyLua for example. I selected all user installed apps for both these modules. So I basically had hidden magisk, and magisk and lsposed modules worked on selected apps.
With Magisk 24 it seems differently, but maybe I misinterpret.
With Magisk 24, I enable zygisk with enforce deny list. The description says that selected processes will have all Magisk modifications reverted.
I installed lsposed canary version which works with zygisk on Magisk 24 (on 2/2 it will be pushed to the stable channel). I installed the same modules, afwall+ and xprivacylua. Except that now all the apps that are on the zygisk denylist are marked as such in the lsposed module list. I suspect this means lsposed as a zygisk module is also reverted on apps on the denylist.
So if thats correct, basically we cannot have Magisk hidden and still have LSPosed modules applied, such as AFWall and XprivacyLUA.
Is that correct or am I misinterpreting the denylist description?

droidvark said:
With Magisk 24 a couple of things have changed and its got me confused maybe someone here can help me understand.
Previously, with MagiskHide I could select apps for which Magisk would be hidden. In addition, I had riru/lsposed with a couple of modules, afwall+ donate and xprivacyLua for example. I selected all user installed apps for both these modules. So I basically had hidden magisk, and magisk and lsposed modules worked on selected apps.
With Magisk 24 it seems differently, but maybe I misinterpret.
With Magisk 24, I enable zygisk with enforce deny list. The description says that selected processes will have all Magisk modifications reverted.
I installed lsposed canary version which works with zygisk on Magisk 24 (on 2/2 it will be pushed to the stable channel). I installed the same modules, afwall+ and xprivacylua. Except that now all the apps that are on the zygisk denylist are marked as such in the lsposed module list. I suspect this means lsposed as a zygisk module is also reverted on apps on the denylist.
So if thats correct, basically we cannot have Magisk hidden and still have LSPosed modules applied, such as AFWall and XprivacyLUA.
Is that correct or am I misinterpreting the denylist description?
Click to expand...
Click to collapse
Your misinterpreting it, deny list just denies access to zygisk to the apps you selected, you have to use LSPosed zygisk version as Rieu will not work with it. Everything else works the same

Darkaeluz said:
Your misinterpreting it, deny list just denies access to zygisk to the apps you selected, you have to use LSPosed zygisk version as Rieu will not work with it. Everything else works the same
Click to expand...
Click to collapse
Thanks! Yes I am using the Zygisk version (and I think you meant riru, rieu sounds like an autocorrect mistake ).
Maybe I didn't explain it very well. I tested it with several apps in different situations and it works like I suspected. For example, XprivacyLua can deny apps access to the clipboard. When an app is on the denylist in Zygisk and has access to the clipboard denied in XprivacyLua, it still has access to the clipboard. Once I remove the app from the denylist, XprivacyLua starts working and selected apps are denied access to the clipboard.
In other words, LSPosed modules do not work on apps that are on the denylist. During my trials I also noticed the short popup message in LSPosed saying that it might not work on apps on the denylist.
I think this is a serious regression from previous versions.

The OP has a valid question. I hope someone can answer.

I have the same query as OP. How do we configure denylist in tandem with other modules?
If any bank app is selected in the denylist, then in XPrivacyLua the same app is given a label "On denylist"

droidvark said:
With Magisk 24 a couple of things have changed and its got me confused maybe someone here can help me understand.
Previously, with MagiskHide I could select apps for which Magisk would be hidden. In addition, I had riru/lsposed with a couple of modules, afwall+ donate and xprivacyLua for example. I selected all user installed apps for both these modules. So I basically had hidden magisk, and magisk and lsposed modules worked on selected apps.
With Magisk 24 it seems differently, but maybe I misinterpret.
With Magisk 24, I enable zygisk with enforce deny list. The description says that selected processes will have all Magisk modifications reverted.
I installed lsposed canary version which works with zygisk on Magisk 24 (on 2/2 it will be pushed to the stable channel). I installed the same modules, afwall+ and xprivacylua. Except that now all the apps that are on the zygisk denylist are marked as such in the lsposed module list. I suspect this means lsposed as a zygisk module is also reverted on apps on the denylist.
So if thats correct, basically we cannot have Magisk hidden and still have LSPosed modules applied, such as AFWall and XprivacyLUA.
Is that correct or am I misinterpreting the denylist description?
Click to expand...
Click to collapse
same here :v
so much confusion lol

droidvark said:
Thanks! Yes I am using the Zygisk version (and I think you meant riru, rieu sounds like an autocorrect mistake ).
Maybe I didn't explain it very well. I tested it with several apps in different situations and it works like I suspected. For example, XprivacyLua can deny apps access to the clipboard. When an app is on the denylist in Zygisk and has access to the clipboard denied in XprivacyLua, it still has access to the clipboard. Once I remove the app from the denylist, XprivacyLua starts working and selected apps are denied access to the clipboard.
In other words, LSPosed modules do not work on apps that are on the denylist. During my trials I also noticed the short popup message in LSPosed saying that it might not work on apps on the denylist.
I think this is a serious regression from previous versions.
Click to expand...
Click to collapse
In order to make this work before what you need to do is configure the dentist and enforce toggle on. Reboot phone. Search Magisk alpha thread on telegram. Download latest Shamiko Magisk module. Toggle the enforce toggle off then flash the Shamiko module and reboot. all will work like before
Ps riru doesn't work on zygisk yet as far as I know and there is lsposed zygisk version you will need to run attached below. Remove riru core and old lsposed prior to flashing new one
Also if you need more hiding ability use hidemyapplist xposed module for other stuff

toolhas4degrees said:
In order to make this work before what you need to do is configure the dentist and enforce toggle on. Reboot phone. Search Magisk alpha thread on telegram. Download latest Shamiko Magisk module. Toggle the enforce toggle off then flash the Shamiko module and reboot. all will work like before
Ps riru doesn't work on zygisk yet as far as I know and there is lsposed zygisk version you will need to run attached below. Remove riru core and old lsposed prior to flashing new one
Click to expand...
Click to collapse
Thanks gonna try this out.
edit: everything works fine. thanks!
looks like shamiko takes the denylist and enforces it while preserving the ability for the same list to be accessible for lsposed modules. nice thing.

EGYPT2021 said:
Thanks gonna try this out.
edit: everything works fine. thanks!
looks like shamiko takes the denylist and enforces it while preserving the ability for the same list to be accessible for lsposed modules. nice thing.
Click to expand...
Click to collapse
Been using it this way for 3 plus months
Shamiko is actually a zygisk hide itself

Thank you guys for offering a possible solution but after the tests i took i think this shamiko module is just a visual module. To share one of my test results i installed this app Device info pro and on the system tab it says root management app Magisk....
So there is no solution yet i think to have zygisk deny list configured for the some app and use for example xprivacylua lua on this app and have them both working toghether properly..

okwhateverok said:
Thank you guys for offering a possible solution but after the tests i took i think this shamiko module is just a visual module. To share one of my test results i installed this app Device info pro and on the system tab it says root management app Magisk....
So there is no solution yet i think to have zygisk deny list configured for the some app and use for example xprivacylua lua on this app and have them both working toghether properly..
Click to expand...
Click to collapse
Shamiko is not a visual mod... It hides zygisk.... Maybe read a little. Also did you turn denylist toggle off before flashing shamiko.

Exactly, if shamiko v0.4.3 was not a visual mod (at least on system level) i should not be able to see what app does provide root if i got this app enabled on the magisk denylist and got this same app completely blocked by xprivacylua using Lsposed 1.7.2 zygisk.
This means that this is a pure cosmetic mod, but thanks to the developers anyway.
I think i had done a little more than only read a little haha...

Nvm

Hi, I have a similar question. I use SeftyNet from kdrag0n, works fine with a banking app (denyList + enforce)
Can I add programs preventively? For example most of Google, all banking apps (before I run them)?
Could this slow down the system? Or make the applications will not work properly?
After reading this thread, I have a question. I wonder whether to use SeftyNet from kdrag0n, or Shamiko ?
PS I've had a lot of work lately and a long pause on Android systems, And I'm just catching up.

okwhateverok said:
Exactly, if shamiko v0.4.3 was not a visual mod (at least on system level) i should not be able to see what app does provide root if i got this app enabled on the magisk denylist and got this same app completely blocked by xprivacylua using Lsposed 1.7.2 zygisk.
This means that this is a pure cosmetic mod, but thanks to the developers anyway.
I think i had done a little than only read a little haha...
Click to expand...
Click to collapse
Did you find an answer? Lsposed modules + Denylist enforced or somehow else?

I did not find a solution nor the developers did so far...
This all while running the latest version of Shamiko v0.5.0 and Lsposed Zygisk v1.8.3.
But still i want to thank the developers for their hard work because it is actually the manufacturers android developers who does close these doors for their users to modify and control their own devices.

No delta anymore

FYI .... I found out that for some funny reason one banking app with a wierd name like /data/data/com.uniken.r2fa4a.boi will not add via GUI . If you add it to denylist via GUI it will auto uncheck. Its aint a system app why then does Magisk ( latest as I type ) refuse to add it ? Go Figure. In the meantime , found a workaround by using ---denylist add < package > on command line. So far it seemed to have worked. But dunno why GUI would'nt take my commands

huskydg said:
I have a fork that restore MagiskHide from DenyList. MagiskHide can be enabled no matter Zygis is enabled or disabled. After enable MagiskHide, zygisk module will still be loaded on denylist. I also add hide zygisk, hide for isolated process and app zygote into MagiskHide.
Where is this?
Click to expand...
Click to collapse
magiskhide is already inc in the magisk --denylist command just that there is no seperate bin for that in the new one .

Thanks @toolhas4degrees ! I also use XPrivacyLua and wanted to maintain security/privacy restrictions while also hiding root for certain apps. The Shamiko mod works!