Related
This app (https://play.google.com/store/apps/details?id=com.TMBTOUCH.PRODUCTION&hl=en) has found a way to detect magisk WITH magisk hide hide and package rename.
I don't really know how, I've just updated the app, then BOOM.
I've recheck everything, reinstall, even remove magisk doesn't help.
PS. all with latest magisk 20.3.
Well, Magisk can hide from it just fine (I just tested and had no issues). Which means it's likely something else about your device that's triggering the app.
First make sure that MagiskHide is working properly (test SafetyNet), and if it doesn't try toggling MagiskHide off and on again. More tips here:
https://didgeridoohan.com/magisk/MagiskHide#hn_Hiding_root_from_apps
No it's not.
I did hide it, also change repack name.
Attached screenshot.
As my test shows, Magisk is perfectly capable of hiding from the app. But, as I said, there's likely something about your setup/device that is triggering it.
Have you tested if MagiskHide works? Have you checked for tips in the link I posted?
Yes Magisk hide works with all other of my bank apps, 5 of them, so far.
Actually, Magisk hide worked with this app since 3 years ago, when I've started using Magisk. But a couple days ago, the app was updated, and boom!!! So, I think they find a way to bypass the hide.
Unless your device is outdated and can't utilise the full potential of Magisk's capabilities (full app obfuscation isn't available on Android versions less than 9, for example, but that info is already covered in the linked guide), the app is not circumventing MagiskHide.
There are many other ways of detecting "root" that has nothing directly to do with Magisk (again, see the linked guide).
Maybe magisk is works fine but this application has some problem in inside. "this device does not to meet the minimum security requirements for this app" it's mean security patch is older than this app require as i think, or maybe this app is broken.
UPDATE!NO MORE COMPLICATED SCRIPTS, JUST USE MAGISK 24.1 WITH DENY LIST!
1. Enable Zygisk, add the apps to the deny list
2. Hide Magisk App
3. Install SafetyNet Fix by kdrag0n (Might still need Magisk Hide Props if your device is a little older)
Working on: Poco X3 Pro + Lineage 18.1 (Android 11)
Aurora Store | F-Droid - Free and Open Source Android App Repository
A Google Playstore Client
f-droid.org
^Use aurora store to get the older version of Singapass that's likely to work, I'm using build 100.
V-Key Pte Ltd is basically a IT security technology based in Singapore I suppose.
Some softwares in Singapore, i.e. OCBC Banking, SingPass and maybe some other SEA banking softwares have v-key components which detects magisk.
This is a guide on how to use such softwares with Magisk, because I firmly believe that I get to choose what features I wish to have for my phone, and it is not fair for these banking companies to deny their services just because my device is rooted, I mean, if my banking stuff gets compromised because my phone is rooted and exploited, I'm willing to take the risk.
This guide aims to help mostly Singaporean users or anyone using such softwares with v-key components.
To make things work, the following things must be done:
1. Make sure Magisk manager is hidden
2. Make sure device fingerprint is certified by google (Check out the MagiskHide Props Config module) Please contribute fingerprints to this module for the benefit of everyone, checkout the GitHub page for more details.
3. Add the apps to Magisk Hide list.
4. Use package manager (pm) to disable the following v-key components in terminal (Using POSB Banking App as an example:
pm disable com.dbs.sg.posbmbanking/vkey.android.vos.MgService
pm disable com.dbs.sg.posbmbanking/com.vkey.android.support.permission.VGuardPermissionActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.vguard.VGDialogActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.internal.vguard.cache.ProcessHttpRequestIntentService
*Some apps may not have one or two v-key components listed above (i.e. SingPass), so getting an error on one or two components being not found should not be a big issue. If things works out you should see out puts on new states being disabled
*Attached a script that deals with OCBC, POSB and SingPass, if you have some weird errors make sure the encoding or format (Not sure of the jargon for it) is Unix or sth and not Windows
Credits:
Reddit User u/Inscythe for giving me a vague idea on the existence of v-key components
Muntashir Akon for his App Manager, allowed me to search for v-key components of apps(tried the disabling features of this app but didn't work, hence the script with pm command)
@Didgeridoohan for MagiskHide Props Config
@vurtomatic for giving me the idea of creating a guide on this.
Hi @Xanth0k1d , thanks for the guide.
I have a rooted LOS 18.1 (OnePlus 3), with magisk 22.1, magisk hide on and magisk manager hidden. All my bank apps work correctly excepts K-PLUS app, the retail bank app from Kasikorn Bank in Thailand.
I can see in the logs of magisk that some vkey components are linked to the app. I followed you guide and was able to disable 2/4 components you listed (2 didn't exist).
Unfortunately this didn't fix the issue.
Do you know how I can search in my phone if other vkey components exist that I might need to disable?
Thanks
Hey @Xanth0k1d, does this still work for you? I noticed that VGuard services are visible with App Manager for DBS but not Government apps. I could disable those services via ADB Root without the use of Magisk just fine.
Seems like GovTech has caught up to this trick :/
erOzeOz said:
Hi @Xanth0k1d , thanks for the guide.
I have a rooted LOS 18.1 (OnePlus 3), with magisk 22.1, magisk hide on and magisk manager hidden. All my bank apps work correctly excepts K-PLUS app, the retail bank app from Kasikorn Bank in Thailand.
I can see in the logs of magisk that some vkey components are linked to the app. I followed you guide and was able to disable 2/4 components you listed (2 didn't exist).
Unfortunately this didn't fix the issue.
Do you know how I can search in my phone if other vkey components exist that I might need to disable?
Thanks
Click to expand...
Click to collapse
Disabling the existing vkey components should be enough.
Did you spoof the device signature with the magisk hideprops module?
KrishvY said:
Hey @Xanth0k1d, does this still work for you? I noticed that VGuard services are visible with App Manager for DBS but not Government apps. I could disable those services via ADB Root without the use of Magisk just fine.
Seems like GovTech has caught up to this trick :/
Click to expand...
Click to collapse
All my apps are working fine, could you please be clear of your problem? i.e. what's working, what's not etc
Xanth0k1d said:
All my apps are working fine, could you please be clear of your problem? i.e. what's working, what's not etc
Click to expand...
Click to collapse
I'm using a OP6, LineageOS 17.1, latest nightly build. I can't use SingPass and Standard Chartered but I can use DBS just fine. I did not root my phone and I don't have Magisk installed either.
I just can't find V-key components in SingPass with App Manager.
KrishvY said:
I'm using a OP6, LineageOS 17.1, latest nightly build. I can't use SingPass and Standard Chartered but I can use DBS just fine. I did not root my phone and I don't have Magisk installed either.
I just can't find V-key components in SingPass with App Manager.
Click to expand...
Click to collapse
The App Mananger by Muntashir Akon?
I think I need to explain this properly, SIngapass and some apps may not work in the following situations:
You installed a custom rom without a Google approved device ID
You rooted your phone
You have Magisk
etc
For your case, Singpass does not work because you installed Lineage - a custom rom, which should not have a Google approved device prop by default. It doesn't matter if you are rooted or you have install Magisk at this point.
My suggestion to you is to install Magisk and follow my guide-hide magisk and spoof you device fingerprint so it looks like you are running a stock rom.
hi @Xanth0k1d. Have been using your method to hide singpass in the past. But the app just recently was able to detect root. As someone mentioned above, the updated app has no v-key components listed in the service. Any idea how to circumvent the situation and what services to disable?
Holy ****, I just saw the update.
Probably some dude saw this post...
I have yet updated so I can't test, if anyone's finding any solutions to this pls update as well.
Xanth0k1d said:
V-Key Pte Ltd is basically a IT security technology based in Singapore I suppose.
Some softwares in Singapore, i.e. OCBC Banking, SingPass and maybe some other SEA banking softwares have v-key components which detects magisk.
This is a guide on how to use such softwares with Magisk, because I firmly believe that I get to choose what features I wish to have for my phone, and it is not fair for these banking companies to deny their services just because my device is rooted, I mean, if my banking stuff gets compromised because my phone is rooted and exploited, I'm willing to take the risk.
This guide aims to help mostly Singaporean users or anyone using such softwares with v-key components.
To make things work, the following things must be done:
1. Make sure Magisk manager is hidden
2. Make sure device fingerprint is certified by google (Check out the MagiskHide Props Config module) Please contribute fingerprints to this module for the benefit of everyone, checkout the GitHub page for more details.
3. Add the apps to Magisk Hide list.
4. Use package manager (pm) to disable the following v-key components in terminal (Using POSB Banking App as an example:
pm disable com.dbs.sg.posbmbanking/vkey.android.vos.MgService
pm disable com.dbs.sg.posbmbanking/com.vkey.android.support.permission.VGuardPermissionActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.vguard.VGDialogActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.internal.vguard.cache.ProcessHttpRequestIntentService
*Some apps may not have one or two v-key components listed above (i.e. SingPass), so getting an error on one or two components being not found should not be a big issue. If things works out you should see out puts on new states being disabled
*Attached a script that deals with OCBC, POSB and SingPass, if you have some weird errors make sure the encoding or format (Not sure of the jargon for it) is Unix or sth and not Windows
Credits:
Reddit User u/Inscythe for giving me a vague idea on the existence of v-key components
Muntashir Akon for his App Manager, allowed me to search for v-key components of apps(tried the disabling features of this app but didn't work, hence the script with pm command)
@Didgeridoohan for MagiskHide Props Config
@vurtomatic for giving me the idea of creating a guide on this.
Click to expand...
Click to collapse
heya, I'm the reddit user... I had updated the app, but so far has no luck finding where the detection is hiding now... I might just try turning off services one-by-one with servicely, but I'll keep you all updated if I get any success.
@Xanth0k1d since you haven't updated your singpass, can you check what are the available services and listeners currently your version is using? I want to compare the difference with the latest version.
I managed to get Singapore's GPay app to work by blocking this `com.google.android.gms.gmscompliance.ui.UncertifiedDeviceActivity`. Do your devices pass SafetyNet?
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
stevenkyk said:
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
Click to expand...
Click to collapse
Thanks! Can confirm that this works!
Singpass is a really weird app.
Recently google nuke the api so magisk stopped working, can't pass the safetynet. Magisk released a canary release that fix that.
Yet, singpass continue to stop working so I thought maybe I need do more? Then I coincidently force stop the app to run it again, it magically working again! That is after I reboot twice before that. So now I learn the rebooting and force stop do different things.
I didn't apply anything from this thread, it is really a weird app.
Lu5ck said:
Singpass is a really weird app.
Recently google nuke the api so magisk stopped working, can't pass the safetynet. Magisk released a canary release that fix that.
Yet, singpass continue to stop working so I thought maybe I need do more? Then I coincidently force stop the app to run it again, it magically working again! That is after I reboot twice before that. So now I learn the rebooting and force stop do different things.
I didn't apply anything from this thread, it is really a weird app.
Click to expand...
Click to collapse
The safetynet api did not get nuked, the api changed so code that use the old api won't work, even on the latest stable build safetynet will still pass when using another checker app. While I won't go into the technical details, singpass spawns a new isolated process to check for root, exploiting the fact that isolated processes are treated differently and is difficult for magisk to hide itself. So the solution is to disable the offending process and not let it spawn. There are several other requirements necessary for singpass to run, which are largely beyond the scope of discussion in this thread.
Any idea how to bypass Citibank sg root detection? I am able to use vkey method for posb and ocbc but Citibank doesn't have a vkey service
auggie246 said:
Any idea how to bypass Citibank sg root detection? I am able to use vkey method for posb and ocbc but Citibank doesn't have a vkey service
Click to expand...
Click to collapse
The trick here is to decompile the APK using apktool and inspect the Androidmanifest.xml manually. Search for "ISOLATED" and in the same line you should be able to find the name of the service to be disabled. Of course this assumes that citibank's app used a similar tactic as the other apps.
Edit: I tried the citibank sg app, magisk hide + rename package is sufficient for me to launch the app, don't have an account so I can't test any further.
stevenkyk said:
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
Click to expand...
Click to collapse
I guess there's another update to Singpass that circumvent this circumvention as well lol
Apparently it's now using a service called o.ImmutableSetMultimap for checking root (confirmed by magiskhide entry) and it works for a few seconds after loading Singpass before failing again with different error message. I think it checks for both whether the service is active and found a root (gives error T0), or whether the service is running at all (gives error T-1). I think we need something else to block this.
I use Fairphone 3+ running Android 10.
Safety Net check is ok.
Magisk hide is configured for keytrade banking and google play services
Magisk is hided with another name
I tried Riru-MomoHider, Riru Enhanced mode for Magisk Hide...
...
Now, I really can't find any new idea.
Hi OpenWorld,
a temporary fix is to downgrade the app (you can use aptoide to do that, make sure you use a trusted source though). I got back to version 5.4.5 and it apparently did the trick. I am afraid however that sooner or later Keytrade will force us to move to the updated version, so a stable solution to this issue is still to be found.
Maybe the Magisk crew could investigate what system the Keytrade is using to spot root? No Keytrade account is needed (root is immediately identified upon opening the app, so if one manages to get to the first screen where an account must be created, this means that Magisk has not been spotted) and it could be of general interest to the Magisk community to see what trick the Keytrade app is using to spot root... I am sorry I am not knowledgeable enough to help with this.
Best, A
I upgraded to Magisk v23 without thinking and I am trying to reinstall 22.1 so I can continue with magisk hide, but no matter how I flash the repackaged boot.img, after reboot, installed always shows N/A. I've tried with v22 as well, and the same result.
Am I missing something about downgrading, or am I just doing something way off? Thanks in advance.
Why v22.1? Magisk v23 still has the "normal" MagiskHide...
(And just as a FYI, the new Deny list that is included in the latest Canary, 23010, works just as good to hide Magisk from what I've seen so far.)
I've tried 23 as well, I am on it as we speak, yet no matter what, I cannot get the boot to flash...
I did try the new version before rolling back and I could not add the RSA app I need for work to the deny list, rather it caught on to root and crapped out.
If I missed how to add to the deny list, I am happy to try again.
DrSeussFreak said:
I've tried 23 as well, I am on it as we speak, yet no matter what, I cannot get the boot to flash...
I did try the new version before rolling back and I could not add the RSA app I need for work to the deny list, rather it caught on to root and crapped out.
If I missed how to add to the deny list, I am happy to try again.
Click to expand...
Click to collapse
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
V0latyle said:
So Magisk Canary was released yesterday:
Magisk 23010
Someone who is temp rooting want to patch their boot image with this and see what happens?
Also, Magisk Hide is no longer, so here's what you have to do to pass Safetynet (the check is no longer in Magisk so you'll have to use an external app)
In Magisk:
Remove Universal Safetynet Fix and Riru, if you have them installed, Reboot.
Launch Magisk again
Settings > Magisk:
Enable Zygisk
Enable Enforce Denylist
Enable for Google Play Services components: (I just enabled for all subcomponents)
com.google.android.gms
com.google.android.gms.unstable
That should be enough to pass Safetynet. Don't forget to hide other apps such as banking, GPay, DRM (Netflix, Amazon Prime Video, etc)
Click to expand...
Click to collapse
V0latyle said:
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
Click to expand...
Click to collapse
Google play services is what I was missing in my earlier attempts. I cannot thank-you enough!
DrSeussFreak said:
Google play services is what I was missing in my earlier attempts. I cannot thank-you enough!
Click to expand...
Click to collapse
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
V0latyle said:
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
Click to expand...
Click to collapse
I just went through and re-did all my financials and streaming (plus all Amazon apps). I just forgot I had enabled it for these services.
V0latyle said:
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
Click to expand...
Click to collapse
Sorry, 1 additional question I didn't get a clear answer from the forums. I have 4 modules active in Magisk, 3 of them related to safetynet, Riru, MagiskHide Props Config and Universal Safetynet Fix. I disabled them and everything is still working, and I am guessing I do not need them anymore, since it's a whole new setup.
Am I correct that I no longer need these modules anymore? Once again, I appreciate the help.
DrSeussFreak said:
Sorry, 1 additional question I didn't get a clear answer from the forums. I have 4 modules active in Magisk, 3 of them related to safetynet, Riru, MagiskHide Props Config and Universal Safetynet Fix. I disabled them and everything is still working, and I am guessing I do not need them anymore, since it's a whole new setup.
Am I correct that I no longer need these modules anymore? Once again, I appreciate the help.
Click to expand...
Click to collapse
Correct, I was using the same solution as you - I had Riru, USNF, MagiskHide Props Config, and Systemless Hosts. I removed everything and reenabled Systemless Hosts after a reboot. The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
I may end up going back to 23001 because my banking app (Navy Federal) now refuses to start.
V0latyle said:
Correct, I was using the same solution as you - I had Riru, USNF, MagiskHide Props Config, and Systemless Hosts. I removed everything and reenabled Systemless Hosts after a reboot. The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
I may end up going back to 23001 because my banking app (Navy Federal) now refuses to start.
Click to expand...
Click to collapse
Thank you for confirming and good luck with your banking app, I checked all mine, so far so good. New system news bugs
V0latyle said:
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
Click to expand...
Click to collapse
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
pippo45454 said:
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
Click to expand...
Click to collapse
That is what i saw. I've been rooted for almost a decade and I've never seen this issue before with magisk. I don't use gpay often, so that is ok, but i appreciate the info.
pippo45454 said:
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
Click to expand...
Click to collapse
Did you use DenyList to hide both GPay, Google Play Services, and Google Play Store?
GPay works for me, but I am getting a CTS profile mismatch on Magisk 23010, so there's more work to be done. For now, I've downgraded to 23001.
I'll confirm gpay working, i hadn't checked earlier, but I'd marked it for the deny list earlier
How you downgrade to 23001?could you write entire procedure please?
I pur all exclusion, in Witch way you obtain CTS profile?
V0latyle said:
The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
Click to expand...
Click to collapse
Not quite true. 23010 introduces Zygisk that gives module developers way more options on how to create advanced modules. We'll now be able to have Xposed style Magisk mods. Really cool. Old modules still work just as fine though...
V0latyle said:
I am getting a CTS profile mismatch on Magisk 23010
Click to expand...
Click to collapse
Could be because you removed the modules that can help you pass CTS...
MagiskHide Props Config if you need a certified print on a custom ROM (no need on the stock ROM) or if you need to reapply sensitive prop changes that are no longer included in Magisk (although these are also included in Universal SafetyNet Fix v2.1+).
Universal SafetyNet Fix to get around hardware backed key attestation and spoofing model props for Play Services (although currently Magisk Canary 23010 isn't compatible with Riru, so you'll probably have to use an older USNF release for now, and spoof props with MHPC).
I passeri CTS profile with safetynet but anytime i try ti add my card on gpay the band Will block automatically mi credito card...seems that they found that the phone Is not secure do to root....how i can go back ti 23001?
pippo45454 said:
I passeri CTS profile with safetynet but anytime i try ti add my card on gpay the band Will block automatically mi credito card...seems that they found that the phone Is not secure do to root....how i can go back ti 23001?
Click to expand...
Click to collapse
Go into Magisk and tap Uninstall > Restore Images, then Uninstall Completely. Allow Magisk to reboot the phone. When it reboots, Magisk and root will be gone.
Install Magisk 23.0. Manually patch the boot image, reboot to bootloader, and flash the patched boot image. Reboot again and you should come back into root with 23.0.
Didgeridoohan said:
Not quite true. 23010 introduces Zygisk that gives module developers way more options on how to create advanced modules. We'll now be able to have Xposed style Magisk mods. Really cool. Old modules still work just as fine though...
Click to expand...
Click to collapse
Thank you for the explanation. I was under the impression that most modules would have to be rewritten to work with Zygisk.
Didgeridoohan said:
Could be because you removed the modules that can help you pass CTS...
MagiskHide Props Config if you need a certified print on a custom ROM (no need on the stock ROM) or if you need to reapply sensitive prop changes that are no longer included in Magisk (although these are also included in Universal SafetyNet Fix v2.1+).
Universal SafetyNet Fix to get around hardware backed key attestation and spoofing model props for Play Services (although currently Magisk Canary 23010 isn't compatible with Riru, so you'll probably have to use an older USNF release for now, and spoof props with MHPC).
Click to expand...
Click to collapse
Well, I tried USNF 2.0.0, CTS profile still failed, so I removed Magisk and went back to the last version that worked for me, 23001. I only use 4 modules: USNF, Riru to support it, MagiskHide Props, and Systemless Hosts. I'm on the stock ROM. I'll just wait until USNF is updated to work with Zygisk.
I just realized there was a new public Magisk release yesterday, v24, and reading through the changes I see there are two that kind of impact me: MagiskHide and the central module repository removals.
So far I had been using MagiskHide because of its ease of use, list apps, tick box, and that's it (I haven't encountered apps that detected Magisk or root status, although I know it's insufficient for some). For modules, for example, the one that moves user certs to the system store, I just searched directly from the Magisk app and it was all good as well.
But things change from now on with those things being deprecated and removed and because there isn't much to go about in the release notes I was wondering if someone could direct me to the way of doing things now.
- What's the most apt, prevalent, or recommended replacement for MagiskHide? From the release notes I gather its a module, but I'm clueless as to which one or whether there are more than one option.
- If searching for mods and directly installing them is not available through the app, is there anything like it? Or is it all manual now? I.e. look for a module around the net, download it, copy it / decompress it somewhere in the device and install it.
Thanks for everything!
KaoDome said:
I just realized there was a new public Magisk release yesterday, v24, and reading through the changes I see there are two that kind of impact me: MagiskHide and the central module repository removals.
So far I had been using MagiskHide because of its ease of use, list apps, tick box, and that's it (I haven't encountered apps that detected Magisk or root status, although I know it's insufficient for some). For modules, for example, the one that moves user certs to the system store, I just searched directly from the Magisk app and it was all good as well.
But things change from now on with those things being deprecated and removed and because there isn't much to go about in the release notes I was wondering if someone could direct me to the way of doing things now.
- What's the most apt, prevalent, or recommended replacement for MagiskHide? From the release notes I gather its a module, but I'm clueless as to which one or whether there are more than one option.
- If searching for mods and directly installing them is not available through the app, is there anything like it? Or is it all manual now? I.e. look for a module around the net, download it, copy it / decompress it somewhere in the device and install it.
Thanks for everything!
Click to expand...
Click to collapse
[Discussion] Magisk - The Age of Zygisk.
This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com
Here. First 5 post and you should know all you need
So, I read through that thread. It certainly solved a few issues for me. Like getting safety net, getting a repository, etc.
But it didn't have anything I see to replace magisk hide, even in the Fox Magisk Module Manager.
Do I just need to know other terminology now? Or is there something else I'm missing?
Quantumrabbit said:
So, I read through that thread. It certainly solved a few issues for me. Like getting safety net, getting a repository, etc.
But it didn't have anything I see to replace magisk hide, even in the Fox Magisk Module Manager.
Do I just need to know other terminology now? Or is there something else I'm missing?
Click to expand...
Click to collapse
I don't get it, Magisk Hide is good for passing SafetyNet and you said you got it. Anyway, for SafetyNet you can use the Universal SafetyNet Fix module.
If you meant the hide list, there's now the Deny list. To quote:
The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.
Click to expand...
Click to collapse
Porpet said:
I don't get it, Magisk Hide is good for passing SafetyNet and you said you got it. Anyway, for SafetyNet you can use the Universal SafetyNet Fix module.
If you meant the hide list, there's now the Deny list. To quote:
Click to expand...
Click to collapse
Yes, it's for some banking apps, Concur, and others, none of which have any business checking for root, but all check for Magisk and such in other ways, and prevent usage.
If the deny list is how to do that now, I'll give that a go. Thank you
Quantumrabbit said:
Yes, it's for some banking apps, Concur, and others, none of which have any business checking for root, but all check for Magisk and such in other ways, and prevent usage.
If the deny list is how to do that now, I'll give that a go. Thank you
Click to expand...
Click to collapse
And where did you find the deny list?
fusk said:
And where did you find the deny list?
Click to expand...
Click to collapse
Settings enforce deny list. You need to enable zygisk and reboot prior also in settings.
Also there is an add on module shamiko that has more hide features after you configure denylist
H
toolhas4degrees said:
Settings enforce deny list. You need to enable zygisk and reboot prior also in settings.
Also there is an add on module shamiko that has more hide features after you configure denylist
Click to expand...
Click to collapse
How to add modules shamiko & how to more hide features
Spartacus500 said:
H
How to add modules shamiko & how to more hide features
Click to expand...
Click to collapse
Shamiko is a flashable only need to slash magisk module. You can find it in the magisk alpha thread on telegram. You need to configure denylist first and reboot then turn off the enforce denylist toggle and flash the shamiko module.
If you are using lsposed download hide my applist xposed module and search how to use it if you want more coverage
Pm me if you want links
I'm having a lot of trouble. Duo Mobile (a 2FA app) is still able to detect that I'm rooted. Here's what I've done:
1) Installed Magisk & Manager app version 24.1 (24100)
2) Enabled Zygisk (and rebooted of course)
3) Enabled Enforce DenyList
4) Added com.duosecurity.duomobile and ALL Google Play Services submodules to the DenyList
5) Installed Universal SafetyNet Fix v2.2.1 from https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.2.1
6) Hidden the Magisk app
7) Completely uninstalled & reinstalled Duo Mobile (and verified that it's still on the DenyList
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Drakinite said:
I'm having a lot of trouble. Duo Mobile (a 2FA app) is still able to detect that I'm rooted. Here's what I've done:
1) Installed Magisk & Manager app version 24.1 (24100)
2) Enabled Zygisk (and rebooted of course)
3) Enabled Enforce DenyList
4) Added com.duosecurity.duomobile and ALL Google Play Services submodules to the DenyList
5) Installed Universal SafetyNet Fix v2.2.1 from https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.2.1
6) Hidden the Magisk app
7) Completely uninstalled & reinstalled Duo Mobile (and verified that it's still on the DenyList
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Click to expand...
Click to collapse
This is quite weird and definitely shows how different devices handle root detection. I a Samsung S10+ and just installed Magisk 24 with enforce DenyList earlier this week. Today I just installed Duo Mobile and it works fine. I do not have it in the DenyList, and Magisk is not hidden. I use a custom SafetyNet fix that was installed when I originally installed an AIO TWRP/Magisk/SafetyNet fix after unlocking my bootloader. I also fail SafetyNet checks.
Have you tried Shamiko? It didn't help me pass SafetyNet so I removed it.
Unfortunately I don't have any other fixes for you but you can check SafetyNet with apps from the play store, I use YASNAC and SafetyNet 'attest'.
What phone are you using?
Drakinite said:
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Click to expand...
Click to collapse
There are SafetyNet checker apps you can download from the Play Store or F-Droid such as YASNAC.
danbest82 said:
Have you tried Shamiko? It didn't help me pass SafetyNet so I removed it.
Unfortunately I don't have any other fixes for you but you can check SafetyNet with apps from the play store, I use YASNAC and SafetyNet 'attest'.
What phone are you using?
Click to expand...
Click to collapse
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
anonymous-bot said:
There are SafetyNet checker apps you can download from the Play Store or F-Droid such as YASNAC.
Click to expand...
Click to collapse
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Drakinite said:
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Click to expand...
Click to collapse
Get VD Infos and use it to scan your files. You can find it on XDA.
Drakinite said:
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
Click to expand...
Click to collapse
Hmm ok. Like I said shimako didn't work for me either. I'm not sure why Duo is still detecting root. For reference this is what is on my DenyList:
Drakinite said:
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Click to expand...
Click to collapse
YASNAC is the replacement for Momo it looks like since Momo is Riru based (https://github.com/canyie/Riru-MomoHider)
simplydat said:
Get VD Infos and use use to scan your files. You can find it in XDA
Click to expand...
Click to collapse
Ok so this one is more helpful, but I'm not sure how to hide these that appeared. Any idea what ro.kernel.qemu.gles is? I looked through my list of installed apps and nothing like that showed up.
Should we switch to private messages to not spam the thread? Or perhaps staying in here can be helpful for those with the same problem?
Drakinite said:
Ok so this one is more helpful, but I'm not sure how to hide these that appeared. Any idea what ro.kernel.qemu.gles is? I looked through my list of installed apps and nothing like that showed up.
Should we switch to private messages to not spam the thread? Or perhaps staying in here can be helpful for those with the same problem?
Click to expand...
Click to collapse
OMG WAIT, it finally worked! I don't know what changed, but Duo is now no longer detecting root. Gotta love when things magically start working when you don't know what changed.
Drakinite said:
OMG WAIT, it finally worked! I don't know what changed, but Duo is now no longer detecting root. Gotta love when things magically start working when you don't know what changed.
Click to expand...
Click to collapse
Awesome. Hope it stays that way!
Hi,
I've switched to the new method with the DenyList & Shamiko (v0.5.0) on OnePlus 6 recently - Magisk (v24.3), however it doesn't seem to hide root from Google Pay. Can it still be a bug with Magisk, when it can't hide system apps? In the changelog of Shamiko it mentioned that it was fixed in Magisk "24102+", I'm not sure what version is this, but I imagine it's not released yet. If so, is there a way of installing this version early?
Thank you!
antivirtel said:
Hi,
I've switched to the new method with the DenyList & Shamiko (v0.5.0) on OnePlus 6 recently - Magisk (v24.3), however it doesn't seem to hide root from Google Pay. Can it still be a bug with Magisk, when it can't hide system apps? In the changelog of Shamiko it mentioned that it was fixed in Magisk "24102+", I'm not sure what version is this, but I imagine it's not released yet. If so, is there a way of installing this version early?
Thank you!
Click to expand...
Click to collapse
Version 24102 would be v24.102. So your Magisk 24.300 is newer.