MagiskHide - issue in mount namespace hiding for isolated processes #2406
Comments
|
Yea I just built the app myself and gave it a test and it successfully found magisk on the latest canary build. |
|
yea i tested in latest release and detect magisk |
|
Go ahead @kam821 and discuss! This ticket discuss a novel technique of Magisk-busting, with a reproducibile case and is focused on the anti-root approach. There is a huge difference between the two kinds of issues. |
|
@djechelon Unfortunately, at the moment I am not familiar enough with all the Magisk and Android mechanisms, so I can't do anything more than report it :( |
|
@topjohnwu Are you aware of that issue? Looks like HCE has already this check implemented, and I see other apps using the same check for detecting Magisk - so, this becomes as common detection method that breaks Hide in the root |
osm0sis
added
regression
topjohnwu
removed
the
regression
|
Why removed? The problem is still here. I can't use government application, because it detects Magisk. |
|
@Kovur removing the "bug" label doesn't mean "the bug is removed from code". Means that @topjohnwu confirmed the issue and might be working on it. Also, even if you disclosed your "government app"'s name:
So, please, do not comment on this post basing that "one app is detecting root", because #1152 |
|
Sorry, my bad. |
|
That is ok. You shall wait at least until the issue is marked closed. When the author releases a new version of Magisk, they will tag this issue in the change log. Until then, your Ukrainian app won't still work because a patch for this has not been released. |
|
Can confirm the DKB Tan2go app also manages to detect root on the latest versions. |
|
@mthnry That's got nothing to do with the method described here. I've tested v2.5.1 of DKB Tan2go and Magisk can hide from it just fine. You've got something else going on, but this is not the place for it. |
|
For what I've seen so far is there are other users experiencing problems with Tan2go 2.5.1. It worked fine until the latest update to the app, so I'm not blaming my configuration. |
|
The issue is still present. Is maintainer aware of it and doing something or still ignoring? |
Such a trolly way of getting a response... But I'll bite. The issue is still marked as open, which means it's still on the to-do list. It'll get addressed one way or another at some point, not a moment sooner. Cheers. |
|
@mthnry S-pushTan is detecting Magisk 20.4 (propably using this method) |
It doesn't detect Magisk canary, at least DKB doesn't. |
|
FYI for all those are concerned: hiding isolated process is non-trivial, and don't expect to see a fix for this in the near future. I do have big plans which makes hiding isolated processes possible, but that is still in the early planning stages. |
If only right 🙃 Sent from my Pixel 3 XL using FastHub |
|
I have a Magisk branch that solves this problem. Magisk Lite only has SU and no Magisk module function. If your banking apps detected Magisk, and you don't use Magisk module, you can try this branch. Download: https://github.com/vvb2060/magisk_files Test detection app: https://github.com/vvb2060/MagiskDetector/releases/latest |
Tested and working! After install your magisk lite version, app can start with no problem. Can you also upload the uninstaller.zip please? I can't flash back to the 20.4 version now. |
|
@vvb2060 the magisk you mentioned in new repo without modules seems not working with my Huawei emui 9 device, i could flash it but it is not booting into magisk system, rather it boots to recovery or system without magisk |
|
@zx900930 Did you have to turn on magisk hide for epic seven as well? I can't get magisk hide to keep the on switch for the game. |
|
@tnguyenseo keep it OFF for epic seven. keep it ON for the apps need root. |
|
@zx900930 Lite version is sync with the Canary version, uninstaller.zip can directly uses official uninstaller.zip. see https://github.com/vvb2060/magisk_files/blob/master/lite.json @Santhu195 Lite version is sync with the Canary version, it did not modify what you said. |
Sorry, but you wrong. I found that post about detection details on 4pda forum. The post is in Russian language, so I've translated it for everyone. That's all. |
I misunderstood it, I was thinking you are referring to app description on play store or something… |
|
My bank app "C6 Bank" appears to be using this exploit to detect root even with hide + package rename https://play.google.com/store/apps/details?id=com.c6bank.app I'm using latest Magisk Canary on my Mi 9T Pro Edit: On manifest file have a declaration of an isolated process "hj.Oj" Edit 2: Maybe we will have great news soon 8e61080 |
|
vvb2060@ed3fb0c |
|
With the canary build installed Sky Go can still detect root, despite magisk detecting the isolated process and hiding everything.
They updated their lib/drm last year and now it circumvents MagiskHide and detects /sbin/su. I know that because if I launch a file manager with root and temporarily rename the su binary then Sky Go lets me watch live TV and movies again. |
I think this feature (hiddind root from isolated process) is not yet fully implemented |
|
Anyone can confirm magiskhide now successfully hides root from isolated
process?
Pada tanggal Sen, 18 Jan 2021 00.28, jh0bc <notifications@github.com>
menulis:
… With the canary build installed Sky Go can still detect root, despite
magisk detecting the isolated process and hiding everything.
hide_list add:
[isolated/com.bskyb.skygo:vgdrm_helper:com.nds.vgdrm.impl.generic.VGDRMHelperService]
hide_list add: [com.bskyb.skygo/com.bskyb.skygo]
[image: 2021-01-16]
<https://user-images.githubusercontent.com/54548942/104815891-6f4cf400-580f-11eb-9d84-f1340fada49d.png>
They updated their lib/drm last year and now it circumvents MagiskHide and
detects /sbin/su. I know that because if I launch a file manager with root
and temporarily rename the su binary then Sky Go lets me watch live TV and
movies again.
I think this feature (hiddind root from isolated process) is not yet fully
implemented
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#2406 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AI2MEN5TVUMGX4SOWHQO32LS2MM3VANCNFSM4KQZJLQQ>
.
|
It looks like it should be functioning, but maybe there's still issues that need to be worked out. I do see this in the log...
But there's no mention of the isolated process other than it being added to the hide list. |
Does Magisk Lite's Magisk Manager support hiding itself via repack/rename? EDIT: It works, but download speed is slow (60 KB/s ~ 80 KB/s) when hiding. |
Is there anyway we can use Riru Module with your Magisk? |
|
https://github.com/vvb2060/riru-unshare/actions |
|
Hi, my app suddenly detect my rooted device and it is not functioning anymore. I tested MagiskDetector and found out Magisk Hide is not working. Still showing Magisk Hide is not working in detector. Please kindly suggest solution and assist, thank you.
|
Just a little feedback Flashed latest Canary (22002) + Riru Core (v. 23.9) + Riru Unshare Module and boom! Now Magisk fully hide from any root detection! Including Isolated Process 😏 Many thanks my friend! 😁😁😁 |
|
@jh0bc can you guide me on how to install riru unshare module? I have searched on magisk manager module, but I can't get it |
Flash latest Magisk Canary Install the Riru core module v. 23.9 from Magisk repo. Now download the zip from the link below: https://github.com/vvb2060/riru-unshare/releases Flash the zip trough Magisk Manager Enable Magisk Hide for the app including their isolated process (if you don't know what is the correct one just mark all) Enjoy! ;) |
|
I successfully bypassed root detection using this method !!! Thanks buddy 😀 Now I have some doubts :- I was using a edxposed module before to bypass some other detections like usb debugging , developer options enabled or not ,etc .. I don't want to disable these settings while app is running I have another fix for these settings without xposed but I need my exposed module working for that app for some other hooks But now the problem is : after hiding, my xposed module doesn't work ( it doesn't trigger loadPackage) So what I have assumed , magisk hidden apps can't use xposed coz thats also may be a workaround to check root using stack trace or something (just assumption , definately there would be other reasons ) At last my question is , can I somehow use xposed module on app which has magisk hide on ? I know java and android so I was capable of building my own xposed but not magisk modules , but just imagine if I was able to build magisk modules , then can there be a solution to fake that Settings ?? Coz I think magisk hide unmounts all that redirected/fake paths for that app n it means we can't use fake props for that app ?? What I need is either make xposed work or magisk module that may do this .. Before that main question is , Is that possible ? |
Hello Thanks for the Extension Here is the app if anyone is curious |
|
@TheOnlyZii |
What this URL means? I'm also having problem while hiding root. My phone is OnePlus8Pro (Android 11+ Riru-unshare + Safetynet passed) installed. If you are interested My banking app (Yapı Kredi Mobil) And I'm going to share my own story about it, If you someone want any logs or infos about this spesific root detection method I free I can share everything with some dev: Device: OnePlus 8 Pro / OOS11_OB7(Android 11) / Magisk Canary (f152b4c,22005) / Kernel( Omega & Official stock both tried. ) Installed Magisk Modules: "ADB&Fastboot for Android NDK / MagiskHide Props Config / OOS Native Call Recording Enabler / Systemless Host / Riru / Riru - Enchand mode for Magisk Hide / Riru - LSPosed" LSPosed modules: xPrivacyLua (Disabled app listing for Yapıkredi Mobil) About the app: "Yapı Kredi Mobil" it is a well known Turkish bank. Google Play URL SafetyNet is passed, "Rootbeer Sample" app is passing all tests. I tried App made by VD171@xda-forum called "VD Infos xda page" and app given this output to me. Output: If it is not releated or is my bad I'm sorry I can delete my comment after that. Thanks. |
|
@emirefek for my particular case the fix is already been made just need to be implemented in the next releases by the dev im not a dev i cant comment about your issue. |
|
Hi All, |
You realize your screenshots are taking too much space? |
|
I imagine this is resolved with MagiskHide's replacement with DenyList, which is powered by Zygisk? Try again in 23013. |
osm0sis
changed the title
|
@vvb2060 I also see the init.rc modification detection is the only Magisk Detector test which fails on 23013 on modern devices/Android with DenyList. Any fix for that? |
|
@osm0sis Magisk Detector has been archived, I am currently working on momo: https://www.coolapk.com/apk/io.github.vvb2060.mahoshojo |
vvb2060
changed the title
|
MagiskHide has been removed |
and others
First of all, I would like to say that I am aware of the fact that raising the issue of MagiskHide is usually irritable and I will understand if my thread will be ignored.
I recently read an article:
https://darvincitech.wordpress.com/2019/11/04/detecting-magisk-hide/
It describes issue in MagiskHide mount points hiding for isolated processes - and detect Magisk by exploiting this issue.
I tested it on my own by activating MagiskHide for Brave and all subprocesses.
For every sandboxed_processX, the mount list looks like MagiskHide is off, other processes (like main/privileged_processX) are property hidden.
Main process - mountstats:
https://pastebin.com/6t1p1wxs
Sandboxed_process - mountstats:
https://pastebin.com/YasyF3tV
Magisk/Magisk Manager: 20.4-ed58cf95.
Xiaomi Mi 8 / Android 10 / xiaomi.eu 20.1.21
Regards.
The text was updated successfully, but these errors were encountered: