Skip to content

Releases: topjohnwu/Magisk

Magisk v26.3

04 Sep 07:05
Compare
Choose a tag to compare
  • [General] Fix device information detection script
  • [General] Update BusyBox to 1.36.1
  • [General] Update toolchain that produces broken arm32 executables
  • [App] Fix root service unable to bind on OnePlus devices

Full Changelog: here

Magisk v26.2

28 Aug 08:12
Compare
Choose a tag to compare
  • [MagiskBoot] Support extracting boot image from payload.bin
  • [MagiskBoot] Support cpio files containing character files
  • [MagiskBoot] Support listing cpio content
  • [MagiskBoot] Directly handle AVB 1.0 signing and verification without going through Java implementation
  • [Daemon] Make daemon socket a fixed path in MAGISKTMP
  • [resetprop] Support printing property context
  • [resetprop] Support only printing persistent properties from storage
  • [resetprop] Properly support setting persistent properties bypassing property_service
  • [MagiskSU] Support -g and -G options
  • [MagiskSU] Support switching mount namespace to PID with -t
  • [MagiskPolicy] Fix patching extended permissions
  • [MagiskPolicy] Support more syntax for extended permissions
  • [MagiskPolicy] Support printing out the loaded sepolicy rules
  • [App] Support patching boot image from ROM zips
  • [App] Properly preserve boot.img when patching Samsung firmware with init_boot.img

Full Changelog: here

Magisk v26.1

11 Apr 09:06
Compare
Choose a tag to compare

Changes from v26.0

  • [App] Fix crashing when revoking root permissions
  • [MagiskInit] Always prefer ext4 partitions over f2fs when selecting the pre-init partition
  • [General] Restore module files' context/owner/group from mirror. This is a regression introduced in v26.0

(The following is the same as v26.0 release notes)

Hey! Long time no see!

Bumping Minimum Android Version to 6.0

Magisk's support for Android Lollipop has been pretty broken for a while without it being noticed. Also, none of the active developers of Magisk have actual hardware to run Android Lollipop. We rely on using the official Android emulator for regression testing on older platforms, however Google never shipped a Lollipop emulator image with SELinux support, leaving us with no option but to drop Lollipop support since we don't feel comfortable supporting Android Lollipop without adequate testing.

New Magic Mount Implementation

Magic Mount, the feature that make modules modify partitions, has gone through a major rewrite. The existing implementation doesn't work well with OEMs injecting overlays into their system using overlayfs. The new implementation fundamentally changes how filesystem mirrors are created, giving us a more accurate clone of the unmodified filesystem.

New sepolicy.rule Implementation

Magisk allows modules to provide custom SELinux patches by including the file sepolicy.rule. Due to the complicated nature of SELinux patching, the compatibility of this functionality has been pretty spotty; many devices are not supported. In this release, a brand new pre-init partition detection mechanism has been designed to support even more devices. Due to complicated reasons, this detection mechanism cannot be performed in a custom recovery environment.

This means that any installation of Magisk v26+ using custom recovery will be incomplete; a subsequent re-installation through the Magisk app after booting up is required.

Zygisk Updates

The new Zygisk API v4 is now live! It comes with new features and a refined PLT function hook API. The implementaton of Zygisk has also gone through some major refactoring, including new code loading/unloading mechanisms and a new PLT function hook implementation.

Head over to the Zygisk Module Sample repository to check out the new API and documentation!

Full Changelog: here

Magisk v26.0

05 Apr 18:05
Compare
Choose a tag to compare

Hey! Long time no see!

Bumping Minimum Android Version to 6.0

Magisk's support for Android Lollipop has been pretty broken for a while without it being noticed. Also, none of the active developers of Magisk have actual hardware to run Android Lollipop. We rely on using the official Android emulator for regression testing on older platforms, however Google never shipped a Lollipop emulator image with SELinux support, leaving us with no option but to drop Lollipop support since we don't feel comfortable supporting Android Lollipop without adequate testing.

New Magic Mount Implementation

Magic Mount, the feature that make modules modify partitions, has gone through a major rewrite. The existing implementation doesn't work well with OEMs injecting overlays into their system using overlayfs. The new implementation fundamentally changes how filesystem mirrors are created, giving us a more accurate clone of the unmodified filesystem.

New sepolicy.rule Implementation

Magisk allows modules to provide custom SELinux patches by including the file sepolicy.rule. Due to the complicated nature of SELinux patching, the compatibility of this functionality has been pretty spotty; many devices are not supported. In this release, a brand new pre-init partition detection mechanism has been designed to support even more devices. Due to complicated reasons, this detection mechanism cannot be performed in a custom recovery environment.

This means that any installation of Magisk v26+ using custom recovery will be incomplete; a subsequent re-installation through the Magisk app after booting up is required.

Zygisk Updates

The new Zygisk API v4 is now live! It comes with new features and a refined PLT function hook API. The implementaton of Zygisk has also gone through some major refactoring, including new code loading/unloading mechanisms and a new PLT function hook implementation.

Head over to the Zygisk Module Sample repository to check out the new API and documentation!

Full Changelog: here

Magisk v25.2

21 Jul 03:15
Compare
Choose a tag to compare

Maintenance release fixing various issues.

  • [MagiskInit] Fix a potential issue when stub cpio is used
  • [MagiskInit] Fix reboot to recovery when stub cpio is used
  • [MagiskInit] Fix sepolicy.rules symlink for rootfs devices
  • [General] Better data encryption detection
  • [General] Move the whole logging infrastructure into Rust

Full Changelog: here

Magisk v25.1

19 Jun 10:01
Compare
Choose a tag to compare

v25.1 fixes some minor bugs over v25.0. The following are the same as v25.0 release notes.

Another major release! A lot of the changes aren't visible at the surface, but v25 is actually a really substantial upgrade!

MagiskInit Rewrite

A significant portion of magiskinit (the critical software that runs before your device boots up) is completely rewritten from scratch. Ever since Android introduced Project Treble in Android 8.0, Magisk has been constantly fighting against the increasingly complex partitioning and early mount setups of all kinds of devices, sometimes with weird OEM specific implementations. It got to a point that magiskinit had become so complicated that few people (including myself!) were aware of every detail, and maintaining this piece of software like this was clearly not sustainable. After many months of planning (yes, this whole re-architecture has been in my head for a long time) and some help from external contributors, a whole new sepolicy injection mechanism is introduced into Magisk, solving the "SELinux Problem" once and for all.

Since this is a full paradigm shift on how Magisk hot-patch the device at boot, several behaviors that many developers implicitly relied on might not exist. For example, Magisk no longer patches fstabs in most scenarios, which means AVB will remain intact; some custom kernels rely on AVB being stripped out for them by Magisk.

MagiskSU Security Enhancements

The superuser functionality of Magisk has not seen much changes ever since its introduction. v25 focuses on making root permission management more accurate and secure:

  • Add a whole new package tracking system to ensure malicious UID reuse attack cannot be performed
  • Properly support and implement the UX in the Magisk app for packages using sharedUserId
  • Enforce root manager APK signature verification to combat the rampant unofficial Magisk app "mods"

Many might not realize, but using a trusted, unmodified Magisk app is really important. Magisk's root daemon treats the Magisk app differently and gives it blanket root access without any restrictions. A modded Magisk app can potentially backdoor your device.

And in case some of you are about to put on your tin foil hats, this is not designed to "vendor lock-in"; the goal is to make sure your root management app comes from the same developer of the underlying root implementation. Magisk's build system allows custom distributors to use its own signing keys, and in addition, I am also providing official debug builds which skips any signature verification for development.

Full Changelog: here

Magisk v25.0

07 Jun 10:23
Compare
Choose a tag to compare

Another major release! A lot of the changes aren't visible at the surface, but v25 is actually a really substantial upgrade!

MagiskInit Rewrite

A significant portion of magiskinit (the critical software that runs before your device boots up) is completely rewritten from scratch. Ever since Android introduced Project Treble in Android 8.0, Magisk has been constantly fighting against the increasingly complex partitioning and early mount setups of all kinds of devices, sometimes with weird OEM specific implementations. It got to a point that magiskinit had become so complicated that few people (including myself!) were aware of every detail, and maintaining this piece of software like this was clearly not sustainable. After many months of planning (yes, this whole re-architecture has been in my head for a long time) and some help from external contributors, a whole new sepolicy injection mechanism is introduced into Magisk, solving the "SELinux Problem" once and for all.

Since this is a full paradigm shift on how Magisk hot-patch the device at boot, several behaviors that many developers implicitly relied on might not exist. For example, Magisk no longer patches fstabs in most scenarios, which means AVB will remain intact; some custom kernels rely on AVB being stripped out for them by Magisk.

MagiskSU Security Enhancements

The superuser functionality of Magisk has not seen much changes ever since its introduction. v25 focuses on making root permission management more accurate and secure:

  • Add a whole new package tracking system to ensure malicious UID reuse attack cannot be performed
  • Properly support and implement the UX in the Magisk app for packages using sharedUserId
  • Enforce root manager APK signature verification to combat the rampant unofficial Magisk app "mods"

Many might not realize, but using a trusted, unmodified Magisk app is really important. Magisk's root daemon treats the Magisk app differently and gives it blanket root access without any restrictions. A modded Magisk app can potentially backdoor your device.

And in case some of you are about to put on your tin foil hats, this is not designed to "vendor lock-in"; the goal is to make sure your root management app comes from the same developer of the underlying root implementation. Magisk's build system allows custom distributors to use its own signing keys, and in addition, I am also providing official debug builds which skips any signature verification for development.

Full Changelog: here

Magisk v24.3

10 Mar 08:33
Compare
Choose a tag to compare

For those coming from v24.1, check the full changelog for changes introduced in v24.2.

  • [General] Stop using getrandom syscall
  • [Zygisk] Update API to v3, adding new fields to AppSpecializeArgs
  • [App] Improve app repackaging installation workflow

Full Changelog: here

Magisk v24.2

02 Mar 07:40
Compare
Choose a tag to compare

Maintenance release fixing various issues.

  • [MagiskSU] Fix buffer overflow
  • [MagiskSU] Fix owner managed multiuser superuser settings
  • [MagiskSU] Fix command logging when using su -c <cmd>
  • [MagiskSU] Prevent su request indefinite blocking
  • [MagiskBoot] Support lz4_legacy archive with multiple magic
  • [MagiskBoot] Fix lz4_lg compression
  • [DenyList] Allow targeting processes running as system UID
  • [Zygisk] Workaround Samsung's "early zygote"
  • [Zygisk] Improved Zygisk loading mechanism
  • [Zygisk] Fix application UID tracking
  • [Zygisk] Fix improper umask being set in zygote
  • [App] Fix BusyBox execution test
  • [App] Improve stub loading mechanism
  • [App] Major app upgrade flow improvements
  • [General] Improve commandline error handling and messaging

Full Changelog: here

Magisk v24.1

28 Jan 11:47
Compare
Choose a tag to compare

For those coming from v24.0, v24.1 only has some minor app improvements. The following are copied from v24.0 release notes.

It has been a while since the last public release, long time no see! A personal update for those unaware: I am now working at Google on the Android Platform Security team. Without further ado, let's jump right into it!

MagiskHide Removal

I have lost interest in fighting this battle for quite a while; plus, the existing MagiskHide implementation is flawed in so many ways. Decoupling Magisk from root hiding is, in my opinion, beneficial to the community. Ever since my announcement on Twitter months ago, highly effective "root hiding" modules (much MUCH better than MagiskHide) has been flourishing, which again shows that people are way more capable than I am on this subject. So why not give those determined their time to shine, and let me focus on improving Magisk instead of drowning in the everlasting cat-and-mouse game 😉.

Sunsetting Magisk-Modules-Repo

Due to lack of time and maintenance, the centralized Magisk-Modules-Repo was frozen, and the functionality to download modules from the repo is removed in v24.0. As a supplement, module developers can now specify an updateJson URL in their modules. The Magisk app will use that to check, download, and install module updates.

Introducing Zygisk

Zygisk is Magisk in Zygote, the next big thing for Magisk! When this feature is enabled, a part of Magisk will run in the Zygote daemon process, allowing module developers to run code directly in every Android apps' processes. If you've heard of Riru, then Zygisk is inspired by that project and is functionally similar, though the implementation is quite different internally. I cannot wait to see what module developers can achieve using Zygisk!

Documentation

For developers, details about updateJson and building Zygisk modules can all be found in the updated documentation.

Full Changelog: here