Magisk A51

[Lilliana Adames]

Magisks support for Android Lollipop has been pretty broken for a while without it being noticed. Also, none of the active developers of Magisk have actual hardware to run Android Lollipop. We rely on using the official Android emulator for regression testing on older platforms, however Google never shipped a Lollipop emulator image with SELinux support, leaving us with no option but to drop Lollipop support since we don't feel comfortable supporting Android Lollipop without adequate testing.

Magic Mount, the feature that make modules modify partitions, has gone through a major rewrite. The existing implementation doesn't work well with OEMs injecting overlays into their system using overlayfs. The new implementation fundamentally changes how filesystem mirrors are created, giving us a more accurate clone of the unmodified filesystem.

Magisk allows modules to provide custom SELinux patches by including the file sepolicy.rule. Due to the complicated nature of SELinux patching, the compatibility of this functionality has been pretty spotty; many devices are not supported. In this release, a brand new pre-init partition detection mechanism has been designed to support even more devices. Due to complicated reasons, this detection mechanism cannot be performed in a custom recovery environment.

The new Zygisk API v4 is now live! It comes with new features and a refined PLT function hook API. The implementaton of Zygisk has also gone through some major refactoring, including new code loading/unloading mechanisms and a new PLT function hook implementation.

A significant portion of magiskinit (the critical software that runs before your device boots up) is completely rewritten from scratch. Ever since Android introduced Project Treble in Android 8.0, Magisk has been constantly fighting against the increasingly complex partitioning and early mount setups of all kinds of devices, sometimes with weird OEM specific implementations. It got to a point that magiskinit had become so complicated that few people (including myself!) were aware of every detail, and maintaining this piece of software like this was clearly not sustainable. After many months of planning (yes, this whole re-architecture has been in my head for a long time) and some help from external contributors, a whole new sepolicy injection mechanism is introduced into Magisk, solving the "SELinux Problem" once and for all.

Since this is a full paradigm shift on how Magisk hot-patch the device at boot, several behaviors that many developers implicitly relied on might not exist. For example, Magisk no longer patches fstabs in most scenarios, which means AVB will remain intact; some custom kernels rely on AVB being stripped out for them by Magisk.

Many might not realize, but using a trusted, unmodified Magisk app is really important. Magisk's root daemon treats the Magisk app differently and gives it blanket root access without any restrictions. A modded Magisk app can potentially backdoor your device.

And in case some of you are about to put on your tin foil hats, this is not designed to "vendor lock-in"; the goal is to make sure your root management app comes from the same developer of the underlying root implementation. Magisk's build system allows custom distributors to use its own signing keys, and in addition, I am also providing official debug builds which skips any signature verification for development.

I'm working on react native project that require SSL Pinning and Root Detection to be implemented, i've tried using the SSL pinner factory in okhttp method and android security config method for the SSL Pinning, as for the root detection i've tried jail-monkey in js side and rootbeer in native side, but despite all of that the SSL still can be bypassed using this frida script and shows that TrustManager (Android By using this, Frida scripts and also tracing can be detected (only in non-stalker mode, if I'm not wrong), so SSL Pinning bypass shouldn't perform on the device. The main drawback you can find in this example is that there's a lot readable and also patchable. So you must do some work to "avoid" easy patching (integrity checks on the NDK side, obfuscation, or some sort).

Aside from Frida, Magisk Hide and Zygisk deny list can be detected through his method as well: Magisk Hide detector. By using Isolated Processes you could test for Magisk and Zygisk. Although, I think Zygisk can be bypassed if you don't use ZygotePreload while spawning the Isolated Process.

There are a few different ways to install Magisk. If you're already rooted and you just want access to Magisk modules, you can use Magisk Manager to install the Magisk framework. Or, if you want to pass SafetyNet on a rooted device, you can switch from SuperSU to Magisk SU. But the best way to do it is to start fresh by installing Magisk on a non-rooted phone using TWRP.

The main reason we prefer this method is because it's the cleanest. No need to remove old root binaries, just flash the Magisk ZIP and you'll be good to go. In doing so, you'll actually root your phone and install Magisk in one shot, plus you're far more likely to pass SafetyNet's CTS Profile check this way.

This method works by flashing the Magisk ZIP in TWRP, so you'll need to install the custom recovery before you begin. Much like Magisk itself, there are multiple ways to install TWRP. If you're rooted, you can use this method, but note that you'll have to do a full unroot in SuperSU after you're done.

If your phone does not have a Fastboot interface, the instructions for installing TWRP will vary. We've covered many of these methods in separate tutorials that are linked out in the following guide, so this is a perfect place to start:

Once you've got TWRP installed successfully, boot into Android and install the Magisk Manager app. This isn't the Magisk framework, which provides root access and the ability to install Magisk modules. It's simply an app for downloading and updating the Magisk framework and managing modules.

The Magisk Manager app is no longer available on the Play Store, so you'll need to have "Unknown Sources" enabled to install it. Other than that, just head to the following link, which will show you all available versions of the Magisk Manager app. Download the newest version, then when that's finished, tap the Download complete notification to launch the APK. Finally, press "Install" when prompted.

Next, open the Magisk Manager app. You'll get a popup asking if you'd like to install the Magisk framework. Tap "Install" here, then hit "Download Zip Only" on the subsequent popup. Wait until you see a message at the bottom of the app's main menu stating that the file has been downloaded.

Next, boot your phone into recovery mode, then tap the "Install" button in TWRP's main menu. From there, navigate to your device's Download folder, then select the Magisk ZIP. After that, just swipe the slider at the bottom of the screen to install Magisk, then tap "Reboot System."

Next, go ahead and open the Magisk Manager app. If everything went off without a hitch, you'll see a message towards the top of the screen that says "MAGISKSU (topjohnwu)" with a green check mark next to it. This means your phone is now officially rooted, and since it was done with Magisk, it's a systemless root.

Aside from that, the main advantage of Magisk is that you can have root without tripping SafetyNet. To verify that your phone still passes Google's SafetyNet check, press the corresponding button towards the top of the screen. If you see two extra green check marks after this test is run, you're all set to go!

When I unroot with supersu, I am unable to then boot into twrp (just get the andoid bot with red triangle). Probably because it needs root to boot. I'm stuck......Was able to flash Supersu and twrp from adb and get root back. If you unroot though now, how to you get to twrp recovery?

I'm guessing after I flash TWRP with adb I need to boot to TWRP right away (and flash Magisk) where in this instruction it said to reboot phone. It did not work when I went to boot to TWRP to flash magisk, it did not boot to recovery (darn bot with red triangle). We'll see.

This sounds like you're having problems with permanently installing TWRP. Some new devices require you to temporarily boot off of a TWRP image file (IMG), then use the booted TWRP to permanently flash a separate TWRP ZIP file. You can see if that's required by looking at the install instructions for your device on its TWRP download page (at twrp.me). After doing that, make sure to swipe the slider to allow modifications (make TWRP your permanent recovery... otherwise the stock recovery with the red triangle will take back over after a reboot).

3a8082e126