Magisk v11.1

Bugfixes

Magisk Manager v4.1

manager-v4.1

Several fixes

Magisk Manager v4.0

manager-v4.0

Bump version

Magisk v11.0

Came back from Chinese New Year holiday with some significant updates!

Introducing MagiskSU

Magisk officially becomes its own rooting solution! Initially I just want to add root management features into Magisk Manager, but ended up updating lots of code. Since the changes are quite significant, and no longer compatible with older versions, I'll just name it MagiskSU instead of phh Superuser. The code is based on phh's approach to update the CM Superuser. I spent quite some effort to achieve SuperSU standards, so far the functionality should be nearly equivalent, my only concern now is compatibility, which is what I will focus on in future releases.

Please note, Magisk is still fully compatible and functional with the latest SuperSU (tested against v2.79-SR3)

The Fully Re-factored sepolicy-inject tool

To accompany with the fresh new MagiskSU, I also spent a ton of effort re-factoring the tool sepolicy-inject. The tool now accepts policy statements, you can get more info about it from from this section of Chainfire's wonderful How-To SU documentation. Basically I aimed to follow the same syntax as SuperSU's supolicy tool, as it is straight forward and same as the .te policy sources. I added a few additional features in sepolicy-inject, you can directly execute the binary with no options to refer to the help info. See all changes in the changelog

(I named it "sepolicy-inject" instead of "supolicy", since it still differs in many ways (e.g the built-in rules) even though the syntax is now nearly identical. Root app developers might want to handle this difference when live patching sepolicies)

Pseudo SELinux Enforce Mode

Thanks to the new sepolicy-tool, pseudo enforced mode is now possible (the status shows enforced, but actually is permissive). In some versions of Google Play Services, setting SELinux to permissive causes Safety Net to fail; however some custom ROMs require the system to be in permissive to be fully functional (although it should be considered as a bad practice). This shall be the perfect solution. This will not be as a switchable option within Magisk Manager, since Google has a history of pulling apps from the Play Store when related to SELinux (see the tragic example of developer @flar2's awesome app, and there are still more incidents). MagiskHide binary is now updated to detect the permissive state, patch the current sepolicy to pseudo enforced mode, then switch back to enforced. ROM developers don't have to change anything, just simply set to permissive on boot with a bundled app or a boot script as usual. If a user decided to enable MagiskHide, it will handle everything itself.

General Purpose Boot Scripts

I removed this feature in Magisk v4 and favored the per-module scripts. Now I decided to bring it back again. The scripts should be placed in /magisk/.core/post-fs-data.d and /magisk/.core/service.d. The directory name should be self-explanatory. If you have no idea which to choose, the post-fs-data.d will be a nice bet. So Magisk will now execute script named post-fs-data.sh in each module, and all files within post-fs-data.d. The same applies to service.

Future

Thank you for everyone providing translations to Magisk Manager, and huge thanks to all donated. I appreciate all the support, and that is my motivation to continue pumping stuffs out! I will be maintaining MagiskSU continually; support won't end, at least in the near future. Magic Mount features and better Magisk Module support are also on my list. I spent zero time on adding more support to devices in v11, all the effort were put in MagiskSU and MagiskManager and major bug fixes. The whole project is now in the state I consider "feature-packed" enough, most users/developers haven't used the full potential of the features. I'll stop adding major new features and instead focusing on bringing Magisk to more devices that currently isn't supported. And yes, that means I will postpone the long planned but never worked on Multi-ROM feature (I barely spent time on it after the POC video)

Hope you all will enjoy the update :)

(P.S. It's 9 AM here and I haven't slept. I'll update documentations after some sleep)

Magisk Manager v3.1

manager-v3.1

Bump version 3.1

Magisk v10.1

Hotfixes

Magisk v10

Happy New Year! What is a better way to celebrate 2017 than a Magisk update :). Another massive update!

Official Icon

Instead of using the picture grabbed online, the official Icon for Magisk is now live!

Magisk Hide Back On Stage

This is the most awaited fix, isn't it?

The issue of losing root is haunting since day 1 of the release of Magisk Hide, although it can be temporary recovered with a reboot, it is still quite annoying. I spend a lot of time trying to identify the reason, and soon found out that the issue is caused by MagiskHide reacting "too fast". Most processes starts from Zygote, and it requires a small period of time to isolate the mount namespace apart from Zygote. When MagiskHide reacts too quickly, it will unmount all mounts in the Zygote namespace, which literally means that all processes will lose the mounts (including root).

After adding checks and retries before switching namespaces, it leads to another issue: MagiskHide reacting "too slow". When critical files like framework is Magic Mounted, and the unmounting doesn't happen in time, it will break the SafetyNet checking process (Google Play Service FC), and can never recover until a reboot (or full restart of Google Play Service). I added tons of safety precautions (I won't go into the details here, it will be another few hundred of words), and I can "almost" eliminate all possible breakages.

Due to the fact that Magisk Hide DOES NOT hijack app_process (Zygote), it can only react passively, so there is a limitation to the effectiveness. The best practice is to NOT add a lot of apps in the blacklist of MagiskHide (managed in Magisk Manager), so that the MagiskHide daemon has the time to react. Personally I only hide SafetyNet (the preset), and it passes all excessive tests without any issue. However my tester still managed to break it a few times when adding 6 additional apps, and having 10+ accounts syncing at the background all the time. So I guess it is good for most users lol

Magic Mount With No Limits

I'm glad to announce that starting from this update, Magic Mount can do ANYTHING! Thanks to the new mirror implementation and some workarounds in the algorithm, it can now handle adding files to /system root (and /vendor root if separate partition). Also thanks to the new MagiskHide, all mounting combinations can pass SafetyNet!

Magisk Powered Custom ROM: One Click to Custom ROM, Another Click You're Back to Stock

I am a member of an HTC custom ROM developer team - Team Venom, and without too much effort, The world's first Magisk Powered Custom ROM was born!

The advantage over traditional full packaged custom rom is that we ROM developers no longer need to port carrier features (Wi-Fi calling, VOLTE etc.) to our ROMs. Users can install Magisk on their stock devices, load the Custom ROM module, reboot and BOOM all done, along with 100% fully working carrier features. Also, it is just cool to load a custom ROM fully systemless, isn't it!

Developers in the HTC 10 community soon realized the "power of Magisk", and currently trying to push out more and more Magisk Custom ROM Modules. I hope all developers feel the excitement, and port all stock modified custom ROM to be implemented with Magisk! For ROM developers interested, please check the link and download the zip to get an idea how to create your own Magisk Custom ROM Module!

Magisk Can Now Root Your Device

I decided to fork the phh Superuser and start doing modifications. From Magisk v10 and after, Magisk will root your device with the bundled root if

1. No root installed
2. Root that isn't Systemless SuperSU or older Magisk phh versions installed

Right now you still have to install the phh Superuser application, however the root management should move to Magisk Manager soon, please stay tuned. Currently it is nearly the same as official phh root with only a few tweaks, but I might add more in the future.

Magisk Manager Now On Play Store

It seems that some already found out that Magisk Manager is now available on Play Store! All future updates will be pushed through Play Store. Download links will still be posted here, since there are still places where Play Store isn't available.

Documentations Updated, Module Template Updated, New Repo Requests

The documentations here on XDA is pretty outdated, I updated them with more info to assist developers and users to create their own modules. Module template is updated for an addition option to load a prop file. Repo requests are also updated, please check out the new instructions!

Magisk Manager v3.0

manager-v3.0

Bump version code and small fixes

Magisk v9

This release comes with significant updates and changes, doing adjustments to pave the road for the next major update v10: the update with Multirom support!

The End of Cache (post-fs) Modules

This shall be the biggest change for this update. One of Magisk's cool feature is that it can mount files before data and build.prop is loaded (post-fs). Most modules only uses this advantage to modify read-only props (e.g. DPI, fake device model etc.) without modifying build.prop, however with a new tool included in this release (will be introduced in the next section), dealing things in post-fs is not needed anymore.

Instead of having both "Cache Modules" and "Normal Modules" at the same time, confusing both developers and users, creating complexity in module management, the decision is made that "Cache Modules" are no longer supported after this update.

How about some features that require mounting in post-fs mode (known: Changing Boot Animation)? No worries, post-fs mode is still there (as Multirom will depend on this), I only removed the interface for modules. Magisk no longer let you install cache modules, you have to manually add the files you want to replace, which is actually super easy. You can place your new files into the corresponding location under /cache/magisk_mount, Magisk will automagiskally manage selinux contexts, permissions and the mounting for you.

For example, you want to replace /system/media/bootanimation.zip, copy your new boot animation zip to /cache/magisk_mount/system/media/bootanimation.zip with any root explorer, Magisk will mount your files in the next reboot.

Magisk v9 will remove all installed cache modules under /cache/magisk, which is the previous path where cache modules locate. Further more, to push developers to upgrade their cache modules, the latest Magisk Manager (v2.5) will filter out cache modules, which means cache modules available in the Magisk repo are NOT shown under the "Download" section in Magisk Manager.

New Badass Tool - resetprop

To be honest, this tool itself deserves a new thread on XDA, as it is super powerful and super cool.

"resetprop", originally named "xsetprop", was initially developed by @nkk71 to bypass the crazy tough detections for Safety Net. Developers found method to bypass the check by modifying the kernel source code, which served the need but the solution is far from perfect as it requires the source code to be available and kernel compiling.

The tool was originally made to directly modify the system prop database. With seeing the potential of this tool, I contacted @nkk71 and start collaborating together, which brings the original simple tool into a full-fledged, all-in-one prop management tool. The new tool - resetprop can modify/delete any system prop, including read-only props (prop names starting with "ro."). You can also read a whole build.prop, overwriting all existing props. The binary will be installed to /data/magisk/resetprop.

Here are some examples for cache module developers to adapt to the new changes:

# Set any prop (with trigger)
/data/magisk/resetprop ro.sf.lcd_density 480

# Set any prop (without trigger)
/data/magisk/resetprop -n ro.crypto.state encrypted

# Delete any prop
/data/magisk/resetprop --delete magisk.version

# Read props from a prop file
/data/magisk/resetprop --file /magisk/somemod/new_build.prop

The tool is originally built with AOSP source, I spent some time to make it much more portable. Here is the link to the NDK-buildable source of the resetprop used in Magisk: https://github.com/topjohnwu/resetprop

Magisk Hide - Greatly Improved

Another update to pass SN, please grab it before it expires lol. People started to panic when Google device to check boot loader / boot-verity etc. As stated in the previous section, resetprop fixes the issue easily with setting all detecting props to the valid values. However, more detection has been added. One of those is that simply adding Magisk directories into PATH will break Safety Net. Not sure if I should be glad because the word "magisk" is now officially on the tech giant's blacklist...... So in order to hide root (here I'm only referring Magisk phh superuser, as SuperSU users shall always rely on CF's suhide, not MagiskHide), I had to change the way things works. For the new changes that are required to NOT modify PATH, the phh's superuser has to be upgraded. Please make sure your phh superuser is upgraded to r266-2 (or any version higher). Older version will NOT work with Magisk v9, please upgrade phh's su before upgrading. Also, along with the new Magisk Manager v2.5, we finally had an GUI to add/remove apps from the MagiskHide list!

Development

I added build.sh into the main Magisk repo, you can call the script and it will guide you with help messages. Custom version names are supported, both in Magisk and Magisk Manager (if using custom name, update will disable) So feel free to clone the repo and develop Magisk yourself! Pull requests are appreciated! For Magisk Manager, you can provide translations for the app, just translate the strings, create a pull request, and I'll merge it into the main app, many thanks!

Those Pixels

I stated before that the new Google Pixel devices are using a complete different partition structure, as the ramdisk is now stored along with the system partition, and a kernel modification is inevitable.

Without much surprise, our mighty developer Chainfire had released a systemless root for Pixel devices. What it does in a nutshell is bringing back the ramdisk to the boot image, and still do modifications in the ramdisk (rootfs). However it still requires 1. custom init binary 2. binary patch directly to the kernel. If I decide to use the provided closed source solution, it shall not be difficult to port Magisk to the Pixels and start all the systemless craziness, but still I need an device to test and debug. In addition, I would love to see if I can create an open source tool to achieve similar results to make Pixel (which means maybe all future devices) running Magisk.

But the huge issue is: I live in Taiwan, and there is no sign that the Pixels will be available for purchase here, well at least not possible in 2016. I could ask my buddy studying in the US to bring me one when he comes back at the Christmas vacations (which is still quite some time from now, but still better late than nothing.....), however the problem is that Pixel XLs (the model I prefer) are currently out of stock on the online Google Store, and I will never know if ordering now will make the package show up in my friend's place in time before he comes back to Taiwan. If anyone seeing this post has access/can purchase brand new Pixel XLs (anywhere should be OK), and possible to deliver them to Taiwan in a reasonable time and a reasonable shipping fee, please contact me and I'll be very happy.

Lastly, I just bought my new HTC 10 within a year. I'm just an university student, the money I earn from tuition could afford me the super expensive Pixel device, but any additional donation to support my open source development is highly appreciated :D:D. I'd be really happy that many people love my work!

Magisk v8

This release is aimed for bug fixes, and most importantly the ability to hide itself from Safety Net's detection.

Template Cache Module Fix

Due to a bug in the template script, if your module is a cache module, your scripts might not be executed correctly, also flashing in Magisk Manager will cause the UI to break.

This particular commit is the fix, only cache modules are needed to be updated, other modules are working fine.

Search Bar in Download Section

Magisk Manager 2.1 brings search bar to the "Downloads Section", so that it's easier to find a module once the list gets too long.

SuperSU Integration

In the previous release (v7), I decided to automatically convert SuperSU into a Magisk module while installing Magisk. In this release (v8), I make Magisk 100% compatible with SuperSU out of box, not needed to modify how SuperSU work in anyway. For v8 and future releases, Magisk will detect SuperSU patched boot image, and only add the required additional patches to the boot image.

Also, I created further integration for Magisk and SuperSU: Magisk will create a script placed in /data/custom_ramdisk_patch.sh when SuperSU detected. What this means is that the next time you upgrade SuperSU by flashing SuperSU zip in custom recovery, Magisk will automatically be injected. You can also apply OTA updates with FlashFire, and enable SuperSU injection, which will also inject Magisk on-the-go!

For users that was using v7 with SuperSU along with the Helper Module, please manually restore your boot image (should be stored in /data/stock_boot.img), and flash the latest SuperSU, then flash Magisk-v8.

Magisk Hide

This feature should've been released a few weeks ago, but university is killing me lately; overwhelming schoolwork prevents me to finalize the tool, so please pardon my absence and lack of support. But it's still better late than nothing :p.

In the weeks I have been inactive, Safety Net got a couple updates, each makes bypassing more of an hassle. Magisk v8 introduce "Magisk Hide", the tool to properly hide Magisk, preventing Magisk to break Safety Net features. What it can do is hide all Magisk modules' files and mounts from target processes (e.g. Safety Net), including Magisk compatible phh root maintained by myself.

It cannot hide SuperSU, it cannot hide Xposed. If you want to hide any of them, please use suhide developed by Chainfire.

It should not cause issues as I have been testing quite some while, but if you replace some files with Magisk (known: /system/etc/customize/ACC/default.xml), Google Play Service will constantly crash. Due to this fact, this feature is not enabled by default. You have to manually enable it in the settings of Magisk Manager v2.1 after you upgraded to Magisk v8, and reboot to apply the settings.

Right now, you can manage your own hide list with ways similar to suhide, no GUI:

(All commands should be run in a root shell)

# Show current list
/magisk/.core/magiskhide/list

# Add new process (the package name should work fine)
/magisk/.core/magiskhide/add <process name or package name>

# Remove a process (might need a reboot to make an effect)
/magisk/.core/magiskhide/rm <process name or package name>

The process com.google.android.gms.unstable (Safety Net) will always automatically be added to the list if Magisk Hide is enabled, so if you just want to bypass Safety Net, just enable in Magisk Manager and you're good to go.

Safety Net - The Already Lost Cat-And-Mouse Game

Keep in mind, in the latest update of Safety Net that just happened in a few hours, Google seems to step up the game, and it might got to the point that no modifications are allowed, and might be impossible to bypass.

Currently on my HTC 10, no matter what I did to the boot image, even just a repack of 100% stock boot image, Safety Net will not pass under any circumstances. On the other hand, my Nexus 9 running stock Nougat seems bypass without issues, with root and modules all enabled and working fine. The boot verification might vary from one OEM to another, HTC's implementation might just be one of the first included into Safety Net, but eventually all major OEMs' method will be included, and at that time I think any Android "mod", including custom kernels, will pretty much break Safety Net. These verification should be coded deep into the bootloader, which is not that easy to crack. So the conclusion is that I will not spend that much time bypassing Safety Net in the future.