Magisk root hide 24.1 zygisk manager

How to root an android device with magisk 24.1?

Magisk installation without recovery (On already flashed devices)

Rooting an android is not an easier process. Because, when it comes to the current situation of the technology world, new trends and security improvements are released to protect the system partitions from rooting. One method is locked bootloader and manufacturers are not providing the bootloader unlocking codes. It’s because they are highly considering the protection of the data of their users. Other than that, unlocking the bootloader will allow the users to install new custom ROMs on their devices. That means users can be upgraded with new android OSes without purchasing another device. So, this leads to reducing the mobile phone demand. Other than that, manufacturers have so many reasons to avoid root.

So let’s see how we can root smartphones with magisk manager in TWRP or recovery mode

• Firstly unlock bootloader
• Then install a custom recovery for your device
• Download the latest magisk apk file from their website
• Now put it on your internal or external storage
• Now boot into recovery mode (The booting to recovery is so different from one device to another. So, you need to find it)
• Now swipe allow system modifications (If it asks)
• Goto install option and select magisk apk file
• Swipe to flash and wait until complete the process
• Then reboot

 Download magisk latest version

How to bypass root detection and how to bypass the safety net test with magisk?

Video tutorial – only if you need

1. After completely booting your device,
2. Open magisk manager application
3. Then go to settings of magisk and find,
4. Systemless host and enable it (click once then the module will be added)
5. Enable Zygisk (beta)
6. Enable enforce deny list
7. Enable tapjacking protection
8. Reboot your device
9. After completing the process again open magisk and click on hide magisk manager on magisk setting
10. Wait till completed – give permissions to magisk manager for install 3^rd party apps
11. Again, open magisk setting and goto configure deny list
12. Click on the 3 dots that appeared above of right-hand side
13. Click show system apps
14. Now find the play services app and click on it
15. Then open (enable) all tics under play services
16. Then again find the apps that you need to hide the root
17. And do the same (Including safety net test app)
    • Download safetynet test app (checks the safety net test status)
18. Now your root hide will work properly with any app

Magisk 24.3 will work any android 5.1 or 5.0 device with root and modules .But it also not support for hide root. So you need to install 21.4 version if you want root hiding also.

How to install magisk on android 5.1 or lower devices

These latest releases of magisk will not work (Magisk 24.3 update will work on lollipop as mentioned) properly on 5.1 (Lollipop) or lower versions of android devices. You can install it and gain root. But you can’t enable any magisk special features like ROOT hide, Bypass safety net tests, Modules, or even granted root cannot be removed. So, only working and perfectly working version of magisk for a lollipop or lower devices is magisk 21.4 version and its application file. Don’t try to upgrade it to the latest version.

Downloadmagisk 21.4 for lollipop

Downloadmagisk manager application for lollipop

(Flash the zip file through the recovery and install the apk)

How to fix soft bricks errors after rooting a device using the Magisk

How to uninstall magisk 24.1

• Power off your device (you can restart the phone from pressing all the keys together until screen goes to black and then as soon as you need to press the recovery booting keys to boot into recovery)
• Then open goto advance and select file manager
• Now goto storage or external storage and find magisk apk
• Then rename it as uninstall.zip and flash it through recovery
• This will restore back your original files again and device will start normally

• If the boot loop happened because of flashing a magisk module you can fix it without uninstalling the magisk again
• Download one of following module and flash it through recovery
  • Magisk ModuleRemover– This will remove all magisk modules
  • MagiskModule Disabler– This will disable only the modules. You can enable the necessary modules after the restarting of your phone.

WHAT IS ROOT?

Gaining root privileges on android means to run a system command with all the Linux features. So, that privileged process can bypass all kernel permission checks.

• Superuser or root privileges are gained usually by executing a binary on
  • set-user-ID-root bit set on it – SUID
• This is how ‘su’ and ‘sudo’ work on Linux in traditional UNIX DAC. Non-privileged users execute these binaries to gain root permissions.
  • File capabilities set on it – setgid,setuid+ep
• This is the less common method used.

What is magisk?

Magisk manager is an Android rooting enabler that comes in the form of a ZIP file which is used to enable functions on Android devices. It was developed in 2016 by the developer topjohnwu as an alternative way to root Android devices other than the SuperSU, Kingroot, Kingoroot, and One-click root apps.

Magisk comes with enabling special functions for android

• System less root – Magisk runs on a mirrored system that helps to remove all magisk system modifications and module modifications easily to fix boot loop problems
• Magisk modules will help you to gain more functions to your device that manufacture doesn’t enabled (Google camera, Pixel themes sounds, Dolbly atoms system integration and much more)
• Root hide function that helps people to hide the root status from various detections including bank apps, games, or system modification detective apps
• Bypass safety net test from detect the system modifications and root

How Magisk works

Magisk requires a device with an unlocked bootloader (Some devices can be easily unlocked this bootloader from the setting, some devices need an additional set up with the support of your PC, and some devices can’t be unlocked because manufacturers are not providing the bootloader unlocking codes). So, that boot.img could be modified with the support of custom recovery or creating a pre-modified boot.img with the support of magisk manager application. Then it could be flashed through TWRP mode or fast boot mode.

Once the device boots with magisk patched boot.img, Magisk daemon runs from the very start of booting process. When an app needs access to root, it executes Magisk’s /sbin/su or /bin/su binary, then it just connects to the daemon through a UNIX socket and asks from the device owner (Popup message) to provide the requesting app to access through root shell with all functions. According to users decision on grant or deny su requests from the apps. Magisk daemon with the Magisk Manager app can display user interface prompt message and it will save this data in a database that locates /data/adb/magisk.db to further use.

Why do people need an alternative to Super SU or those One click root apps

It’s because of all these rooting applications were modified the system partition of your phone in the process of enabling the root on android. So, before the time that Magisk starting fire on android as a system less module, so many people were suffered with soft brick issues of android phones. Therefor Magisk comes to the industry as a system less module.

Booting Process with magisk

Android device kernel starts init with SE Linux in permissive mode on startup. Init loads /sepolicy before starting of services/daemons/processes,etc sets it enforcing and then switches to its own context. Then, even init is not allowed by policy to revert to permissive mode, neither the policy can be modified even by root or administrator user. Therefore Magisk replaces /init file with a custom init file which patches the SELinux policy rules with SUPER CONTEXT (u:r:magisk:s0) and it defines the service to launch Magisk daemon with this modified init file. Then the original init is executed to continue the booting process of your device.

How Magisk Systemless Work?

Since the init file is built in boot.img (boot kernel), modifying it is unavoidable, and /system modification isn’t needed anymore. That’s the point where the systemless root was born. The main reason was flashing boot.img is less harmful than re-flashing system partitions again and it’s a very safe method for saving the data partition from wiping. Blocked and highly secured firmware on a modified /system partition will fail because it enables the use of dm-verity to cryptographically sign the system partition to identify whether it’s modified or not. Then it will block the system in the booting process. That’s the thing that you all are known as soft-bricked devices.

System partition as root

On newer Android devices are using the system as root, the kernel doesn’t load the ramdisk from the boot. Its uses system img to load ramdisk. So, system.img/init needs to be replaced with Magisk’s modified init. Also, Magisk will modify/init.rc and placed the modified file with its own files on /root and /sbin paths of your device. It means system.img is to be modified with magisk zip, but Magisk’s approach is not to modify the system partition on a device.

When it comes to A/B devices, the normal boot skip_initramfs option is passed from bootloader in kernel cmdline as boot.img it contains ramdisk for the recovery partition. Therefore Magisk patches kernel to always ignore to skip_initramfs that is boot in recovery, and places Magisk init binary in recovery ramdisk inside of boot.img. In the boot process when kernel boots to recovery, if there’s no skip_initramfs i.e. user intentionally booted to recovery mode, then Magisk init simply executes recovery init. Otherwise, system.img is mounted at /system_root by Magisk init, contents of ramdisk are then copied to / cleaning everything previously existing, files are added/modified in rootfs /, /system_root/system is bind-mounted to /system, and finally /system/init is executed.

These system modifications again needed to be updated with the android Q, from then /system is mounted at / but the files to be added or modified like /init, /init.rc and /sbin are overlaid with bind mount.

On non-A/B system-as-root devices, Magisk needs to be installed to recovery ramdisk to retain a systemless approach. Because of boot.img contains no ramdisk (android 4/5/6 devices)