Related
THIS IS CURRENTLY NOT WORKING
A newer version is available here: https://forum.xda-developers.com/apps/supersu/suhide-lite-t3653855
suhide is an experimental (and officially unsupported) mod for SuperSU that can selectively hide root (the su binary and package name) from other applications.
Pros
- Hides root on a per-app base, no need to globally disable root
- Doesn't need Xposed
- Even supports SuperSU's ancient app compatibility mode (BINDSYSTEMXBIN)
- Passes SafetyNet attestation by default on stock ROMs (last officially tested on 2016.10.07)
Cons
- Ultimately a losing game (see the next few posts)
- No GUI (at the moment) - Unofficial GUI by loserskater
Requirements
- SuperSU v2.78 SR1 or newer (link)
- SuperSU installed in systemless mode
- Android 6.0 or newer
- TWRP (3.0.2 or newer, with access to /data - link!) or FlashFire (link)
Xposed
Xposed is not currently officially supported, but if you want to use it directly, you must be using @topjohnwu 's systemless xposed v86.2 exactly (attached at the bottom). It seems to mostly work during my non-extensive testing, but there are still some performance issues (both boot-time and run-time). Proceed with caution, expect bootloop.
Alternatively, there are some reports that the latest Magisk version + the latest systemless xposed (for Magisk) also works. I have not personally tested this.
CyanogenMod
I've personally tested with CM13 on i9300 without issue, however, several users are reporting it doesn't work for them. Proceed with caution, expect bootloop. Also, aside from just flashing SuperSU, you need to make sure /system/bin/su and /system/xbin/su are removed, or CM's internal root will still be used.
Usage
Install/Upgrade
- Make sure you have the latest SuperSU version flashed in systemless mode
- Make sure you are using the latest TWRP or FlashFire version
- Remove any and all Xposed versions
- If you have been having issues, flash suhide-rm-vX.YY.zip first, and note that your blacklist has been lost.
- Flash the attached suhide-vX.YY.zip
- If you are upgrading from suhide v0.16 or older, reflash SuperSU ZIP, and note that your blacklist has been lost.
- Optionally, flash the Xposed version linked above, and pray
At first install SafetyNet is automatically blacklisted.
If you have just flashed a ROM, it is advised to let it fully boot at least once before installing suhide.
Uninstall
- Flash the attached suhide-rm-vX.YY.zip. The version may appear older, the uninstall script doesn't change very often.
Blacklisting an app
You need the UID (10000 to 99999, usually 10xxx) of the app, which can be tricky to find, or the process name. There may be a GUI for this at some point.
(Note that all commands below need to be executed from a root shell)
If you know the package name, ls -nld /data/data/packagename will show the UID - usually the 3rd column.
Similarly, for running apps, ps -n | grep packagename will also show the UID - usually the 1st column.
Note that the process name is often the same as the package name, but this is not always the case. UID is more reliable for identifying a specific app, and it is also faster than blocking based on process names.
When you know the UID or process name:
Add to blacklist: /su/suhide/add UID or /su/suhide/add processname
Remove from blacklist: /su/suhide/rm UID or /su/suhide/rm processname
List blacklist: /su/suhide/list
All running processes for that UID or process name need to be killed/restarted for su binary hiding. For SuperSU GUI hiding, the device needs to be restarted. I recommend just (soft-)rebooting your device after making any changes.
Please keep in mind that many apps store their rooted state, so you may need to clear their data (and then reboot).
Integration into SuperSU
This mod isn't stable, and probably will never be (see the next few posts). As SuperSU does aim to be stable, I don't think they're a good match. But who knows, it all depends on how things progress on the detection side.
Detections
This mod hides the su binary pretty well, and does a basic job of hiding the SuperSU GUI. The hiding is never perfect, and suhide itself is not undetectable either. This will never be a perfectly working solution.
Debugging bootloops
- Get your device in a booting state
- Make sure you have TWRP or a similar recovery
- Install LiveBoot (link)
- If you are not a LiveBoot Pro user, enable the Freeload option
- Enable the Save logs option
- Recreate the bootloop
- In TWRP, get /cache/liveboot.log , and ZIP+attach it to a post here.
Download
Attached below.
Any rm version should work to uninstall any suhide version.
There may be multiple versions of suhide attached, please look carefully which one you are downloading!
YOU ARE EXPLICITLY NOT ALLOWED TO REDISTRIBUTE THESE FILES
(pre-v0.51: 17410 downloads)
Hiding root: a losing game - rant du jour
Most apps that detect root fall into the payment, banking/investing, corporate security, or (anit cheating) gaming category.
While a lot of apps have their custom root detection routines, with the introduction of SafetyNet the situation for power users has become worse, as developers of those apps can now use a single API to check if the device is not obviously compromised.
SafetyNet is of course developed by Google, which means they can do some tricks that others may not be able to easily do, as they have better platform access and control. In its current incarnation, ultimately the detection routines still run as an unprivileged user and do not yet use information from expected-to-be-secure components such as the bootloader or TPM. In other words, even though they have slightly more access than a 3rd party app, they still have less access than a root app does.
Following from this is that as long as there is someone who is willing to put in the time and effort - and this can become very complex and time consuming very quickly - and SafetyNet keeps their detection routines in the same class, there will in theory always be a way to beat these detections.
While reading that may initially make some of you rejoice, this is in truth a bad thing. As an Android security engineer in Google's employ has stated, they need to "make sure that Android Pay is running on a device that has a well documented set of API’s and a well understood security model".
The problem is that with a rooted device, it is ultimately not possible to guarantee said security model with the current class of SafetyNet tamper detection routines. The cat and mouse game currently being played out - SafetyNet detecting root, someone bypassing it, SafetyNet detecting it again, repeat - only serves to emphasize this point. The more we push this, the more obvious this becomes to all players involved, and the quicker SafetyNet (and similar solutions) will grow beyond their current limitations.
Ultimately, information will be provided and verified by bootloaders/TrustZone/SecureBoot/TIMA/TEE/TPM etc. (Samsung is already doing this with their KNOX/TIMA solutions). Parts of the device we cannot easily reach or patch, and thus there will come a time when these detection bypasses may no longer viable. This will happen regardless of our efforts, as you can be sure malware authors are working on this as well. What we power-users do may well influence the time-frame, however. If a bypass attains critical mass, it will be patched quickly.
More security requires more locking down. Ultimately these security features are about money - unbelievably large amounts of money. This while our precious unlocked bootloaders and root solutions are more of a developer and enthusiast thing. While we're all generally fond of shaking our fists at the likes of Google, Samsung, HTC, etc, it should be noted that there are people in all these companies actively lobbying to keep unlocked/unlockable devices available for us to play with, with the only limitation being that some financial/corporate stuff may not work if we play too hard.
It would be much easier (and safer from their perspective) for all these parties to simply plug that hole and fully lock down the platform (beyond 3rd party apps using only the normal APIs). Bypassing root checks en masse is nothing less than poking the bear.
Nevertheless, users want to hide their roots (so do malware authors...) and at least this implementation of suhide is a simple one. I still think it's a bad idea to do it. Then again, I think it's a bad idea to do anything financial related on Android smartphone that isn't completely clean, but that's just me.
Note that I have intentionally left out any debate on whether SafetyNet/AndroidPay/etc need to be this perfectly secure (most people do their banking on virus ridden Windows installations after all), who should get to decide which risk is worth taking, or even if Google and cohorts would be able to design the systems more robustly so the main app processor would not need to be trusted at all. (the latter could be done for Android Pay, but wouldn't necessarily solve anything for Random Banking App). While those are very interesting discussion points, ultimately it is Google who decides how they want this system to work, regardless of our opinions on the matter - and they want to secure it.
--- reserved ---
Changelogs
2016.10.10 - v0.55 - RELEASE NOTES
- Some code cleanup
- Support for blocking based on process name
- Should fix some crashes (requires uninstall/reinstall to activate)
2016.10.07 - v0.54 - RELEASE NOTES
- Fix for latest SafetyNet update
2016.09.19 - v0.53 - RELEASE NOTES
- Haploid container (monoploid)
2016.09.18 - v0.52 - see v0.51 release notes below
- Fix root loss on some firmwares
2016.09.18 - v0.51 - RELEASE NOTES
- Complete redesign
- Zygote proxying (haploid)
- Binder hijacking (diploid)
- su.d instead of ramdisk modification
- Xposed supported (-ish)
2016.09.04 - v0.16 - RELEASE NOTES
- Fix some SELinux access errors
- Should now work on devices that ask for a password/pattern/pin immediately at boot - for real this time!
- Binderjacking improvements for Nougat
2016.08.31 - v0.12 - RELEASE NOTES
- Fix some issues with suhide-add/rm scripts
- Fix not working at all on 32-bit devices
- Should now work on devices that ask for a password/pattern/pin immediately at boot
- Rudimentary GUI hiding
- No longer limited to arm/arm64 devices: support for x86/x86_64/mips/mips64 devices added
2016.08.29 - v0.01
- Initial release
As always thank you Chainfire! I will try and edit this post.
Edit @Chainfire this seems to work for enabling Android Pay! I didn't get the chance to actually pay yet. But it did let me add my card and did not display the message about a failed authorization of Android check! Before I couldn't even get past that first screen.
Edit 2: @Chainfire It seems to of had an adverse effect on Snapchat. I cleared cache on the app, uninstalled and reinstalled and restarted. It kept Force closing after a photo no matter what. I used suhide-rm and it seems to have fixed the app from any issues. Thanks again and hopefully we'll get you some more reports. Either way your solution works!
Tested on stock rooted 7.0 Nexus 6p.
@Chainfire
What was your reason for doing this project?
Sent from my Nexus 6P using XDA-Developers mobile app
Ofthecats said:
What was your reason for doing this project?
Click to expand...
Click to collapse
For building it, curious if the method I came up with would work well. For releasing, if others are doing it, join them or be left behind.
I'm assuming with custom ROM android pay still won't work right?
HamsterHam said:
I'm assuming with custom ROM android pay still won't work right?
Click to expand...
Click to collapse
I'd just give it a try. It's spoofing the specific app, not the entire ROM that matters. It's fairly simple to try.
Installed on LG G4 w/ V20g-EUR-XX update and rerooted with TWRP 3.0.2-0 and SuperSU-v2.76-2016063161323. seems to be working fine, for the moment. Thank you for the update.
So far so good, I was able to add card to android pay. I would try using it during lunch and report back. Again, thanks for the continuous hard work.
djide said:
So far so good, I was able to add card to android pay. I would try using it during lunch and report back. Again, thanks for the continuous hard work.
Click to expand...
Click to collapse
What was the UID or process you found to blacklist it with?
Sent from my ONEPLUS A3000 using Tapatalk
how to install it? which file should I flash ? Both?
I can't see to add an app using terminal.
I'm typing in
/data/adb/suhide-add 10284
Says file not found. Can someone help, cheers.
Joshmccullough said:
What was the UID or process you found to blacklist it with?
Click to expand...
Click to collapse
Android Pay comes blacklisted out-of-the-box
HamsterHam said:
I can't see to add an app using terminal.
I'm typing in
/data/adb/suhide-add 10284
Says file not found. Can someone help, cheers.
Click to expand...
Click to collapse
Are you in Android or TWRP ?
ls -l /data/adb/
Chainfire said:
Android Pay comes blacklisted out-of-the-box
Click to expand...
Click to collapse
Derp. That's what I get for not reading the entire sentence under 'Install' in the OP......thanks!
PedroM.CostaAndrade said:
how to install it? which file should I flash ? Both?
Click to expand...
Click to collapse
Please don't quote a large post like that just to ask a single question.
Please read the first post, so you know what to do.
OnePlus 2 here, stock 6.0.1, systemless rooted with SuperSU Pro v2.76, flahed using Flashfire.
Passes SafetyNet check, does not pass my bank's root check, propably for the reasons the OP states above.
thdervenis said:
OnePlus 2 here, stock 6.0.1, systemless rooted with SuperSU Pro v2.76, flahed using Flashfire.
Passes SafetyNet check, does not pass my bank's root check, propably for the reasons the OP states above.
Click to expand...
Click to collapse
You need to blacklist the UID for your bank. Directions are in the OP.
Hello, everyone.
Few days ago, I found Hanabank app (com.hanabank.ebk.channel.android.hananbank) detects Magisk hide. I ran strace against Hanabank app, and I got some suspicious openat(2) returns -EACCES and even some files are not filtered by Magisk Hide (returns file descriptor successfully)
Here are openat(2) calls which don't look good.
Code:
[pid 27855] openat(AT_FDCWD, "/sbin_orig/magisk", O_RDONLY|O_LARGEFILE) = 91
[pid 27855] openat(AT_FDCWD, "/dev/magisk/mirror/system", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied)
[pid 27855] openat(AT_FDCWD, "/magisk", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied)
[pid 27855] fstatat64(AT_FDCWD, "99-magisk.sh", {st_mode=S_IFREG|0755, st_size=2011, ...}, 0) = 0
Full strace log of Hanabank app:
Code:
https://pastebin.com/BUiViAbK
I think they should return -ENOENT to pass that magisk detection routine.
I'm using Magisk v14.0
BTW, why Magisk Github issue tracker is disabled?
Having the same issue but with another app.
https://forum.xda-developers.com/showpost.php?p=73968022&postcount=19348
How did you run strace? I used strace -f -p PID-o /sdcard/strace.txt but no reference to Magisk is shown.
olivercervera said:
Having the same issue but with another app.
https://forum.xda-developers.com/showpost.php?p=73968022&postcount=19348
How did you run strace? I used strace -f -p PID-o /sdcard/strace.txt but no reference to Magisk is shown.
Click to expand...
Click to collapse
First, sorry for late reply. I was on vacation.
I used this script to attach strace to fresh app process.
Code:
while true; do
while ! ps | grep -q -i $1; do :; done;
ps | grep -i $1 | while read a b c; do
strace -e open -f -e trace=file,ptrace -p $b 2>&1;
done;
done
For example, if you saved this script as /sdcard/strace.sh, The procedure I take to attach strace to the app is;
1. use killall command to kill all app process. Android pre-forks app, so we need to kill that first.
2. run script using sh /sdcard/strace.sh <app_process_name>. This will attach strace to the app and redirects strace's stderr output to stdout.
2-1. Do whatever you want (use tee or just redirect it to file, etc..) with stdout stream.
3. Analyze collected result.
That's all.
perillamint said:
First, sorry for late reply. I was on vacation.
I used this script to attach strace to fresh app process.
Click to expand...
Click to collapse
Hi
Just now I realised that I responded in the other thread. However your script never worked
I ran the script in a shell with root permission using
Code:
sh /sdcard/strace.sh com.barclays.android.barclaysmobilebanking
Unfortunately this is what I get when I try to run the script
Code:
/sdcard/strace.sh[5]: syntax error: 'done' unexpected
What have I done wrong?
EDIT: I've done this test on another device, a Nexus 5X stock 7.1.2 + Magisk v14. If I run strace it is not found, I have installed busybox but nothing! WAT??? I'll test with the other device later which has strace (Nexus 5).
EDIT2: Nope, I get the same error on the device which has strace.
olivercervera said:
Hi
Just now I realised that I responded in the other thread. However your script never worked
I ran the script in a shell with root permission using
Code:
sh /sdcard/strace.sh com.barclays.android.barclaysmobilebanking
Unfortunately this is what I get when I try to run the script
Code:
/sdcard/strace.sh[5]: syntax error: 'done' unexpected
What have I done wrong?
EDIT: I've done this test on another device, a Nexus 5X stock 7.1.2 + Magisk v14. If I run strace it is not found, I have installed busybox but nothing! WAT??? I'll test with the other device later which has strace (Nexus 5).
EDIT2: Nope, I get the same error on the device which has strace.
Click to expand...
Click to collapse
Hmm, I used sh which included in LineageOS.... I think Android's default sh couldn't handle that script's syntax properly. Default sh is quite crippled compared to GNU/Linux's one (bash, zsh, etc..)
Could you try running this script using bash instead of sh? If you don't have bash on your Android system, this Magisk module could inject bash binary into your system. https://forum.xda-developers.com/apps/magisk/module-magisk-bash-shell-t3609988
perillamint said:
Hmm, I used sh which included in LineageOS.... I think Android's default sh couldn't handle that script's syntax properly. Default sh is quite crippled compared to GNU/Linux's one (bash, zsh, etc..)
Could you try running this script using bash instead of sh? If you don't have bash on your Android system, this Magisk module could inject bash binary into your system. https://forum.xda-developers.com/apps/magisk/module-magisk-bash-shell-t3609988
Click to expand...
Click to collapse
Thanks for your suggestion. In the end I installed LOS on my test device and ran the script.
The funny thing is that I can't find a single reference to Magisk or Root...
The output is attached.
olivercervera said:
Thanks for your suggestion. In the end I installed LOS on my test device and ran the script.
The funny thing is that I can't find a single reference to Magisk or Root...
The output is attached.
Click to expand...
Click to collapse
Indeed. However the app dies shortly after reading the two property files:
/dev/__properties__/ubject_r:default_prop:s0
/dev/__properties__/ubject_r:logd_prop:s0
I would try to get the output of getprop with and without Magisk installed and see if there are any properties being leaked that could give a hint that Magisk is installed.
Fif_ said:
Indeed. However the app dies shortly after reading the two property files:
/dev/__properties__/ubject_r:default_prop:s0
/dev/__properties__/ubject_r:logd_prop:s0
I would try to get the output of getprop with and without Magisk installed and see if there are any properties being leaked that could give a hint that Magisk is installed.
Click to expand...
Click to collapse
You are the man! You definitely spotted the method being used by this app. Thanks.
I had to leave LOS ROM because even without Magisk it would not run, so I installed another ROM. I verified the app runs, got props, installed Magisk and got new props.
There are all changes:
1. [ro.build.selinux]: [1] is changed to [ro.build.selinux]: [0] when Magisk is installed
2. [ro.runtime.firstboot] shows different values but I believe it's fine
3. The following are entirely missing when Magisk is installed
[selinux.reload_policy]: [1]
[service.adb.tcp.port]: [-1]
[sys.retaildemo.enabled]: [0]
[init.svc.clear-bcb]: [stopped]
I have the feeling that [ro.build.selinux]: [1] and [selinux.reload_policy]: [1] are key elements and Magisk is not hiding them properly. I would suppose these elements show that SELinux is not enforcing anymore. I tried changing these values, but at reboot they don't change.
I know obviously Magisk does not enforce SELinux, but hides that got set to Permissive. System thinks that is enforcing, and using command getenforce i get as a result Enforcing, but Barclays (and possibly other apps) are reading that SELinux is not actually being enforced.
Interesting. Will post these finding in the main thread.
Do you have anything to add that could be helpful?
olivercervera said:
You are the man! You definitely spotted the method being used by this app. Thanks.
I had to leave LOS ROM because even without Magisk it would not run, so I installed another ROM. I verified the app runs, got props, installed Magisk and got new props.
There are all changes:
1. [ro.build.selinux]: [1] is changed to [ro.build.selinux]: [0] when Magisk is installed
2. [ro.runtime.firstboot] shows different values but I believe it's fine
3. The following are entirely missing when Magisk is installed
[selinux.reload_policy]: [1]
[service.adb.tcp.port]: [-1]
[sys.retaildemo.enabled]: [0]
[init.svc.clear-bcb]: [stopped]
I have the feeling that [ro.build.selinux]: [1] and [selinux.reload_policy]: [1] are key elements and Magisk is not hiding them properly. I would suppose these elements show that SELinux is not enforcing anymore. I tried changing these values, but at reboot they don't change.
I know obviously Magisk does not enforce SELinux, but hides that got set to Permissive. System thinks that is enforcing, and using command getenforce i get as a result Enforcing, but Barclays (and possibly other apps) are reading that SELinux is not actually being enforced.
Interesting. Will post these finding in the main thread.
Do you have anything to add that could be helpful?
Click to expand...
Click to collapse
If you use "resetprop ro.build.selinux 1" in a root shell, does the app start?
That will disappear at reboot of course, but it's easy to add to /magisk/.core/props to make it stick until Magisk is fixed.
Now, I don't think Magisk disables SELinux, why do you have it disabled?
Fif_ said:
If you use "resetprop ro.build.selinux 1" in a root shell, does the app start?
That will disappear at reboot of course, but it's easy to add to /magisk/.core/props to make it stick until Magisk is fixed.
Now, I don't think Magisk disables SELinux, why do you have it disabled?
Click to expand...
Click to collapse
Yes, Magisk changes SELinux to Permissive and hides this status.
Although my findings would be legit and those props should be hidden, in my Bank's case is not the issue.
I have discovered that if I uninstall Magisk Manager (but not uninstall root, just the app) my bank app works. However it does not work if I use "Hide Magisk".
Since the hidden app is called Unhide Magisk Manager, probably this app is looking for Magisk keyword.
For whatever reason when I run strace the app does crash and always reports that message (crash after reading prop).
I will post these findings in the support thread.
I don't know how to do it, but I would recompile Magisk Manager changing package ID and name, in theory should work.
I am having the same issue on my Galaxy S8 with the Barclays Mobile Banking app. I have tried using every option in Magisk but nothing seems to be working. In fact, the Barclays app actually asked for SU permissions when I first ran it which is odd to me.
Did anyone find a workaround for this? I read the posts in this thread but I am not savvy enough to understand all the codes and technical information written, so please excuse my ignorance in the matter. Is reverting to a completely stock ROM my only option at this point? I really need to start using this application as soon as possible.
Thank you.
Quick update guys!
The great Topjohnwu is working on a new update that includes a key feature for us: reinstalling Magisk Manager with a random package ID.
These changes are in his Github Repo. On this thread you can find unofficial versions of Magisk compiled from Github.
I have tested Magisk-v14.4-20171102-091345.zip: HELL IT WORKS!
In Magisk Manager: go to settings and you will have the option to reinstall Magisk Manager with a random package ID
Install Barclays from Play Store
Add Barclays to Magisk Hide
Open Barclays, it will behave correctly and will work!
This solves my problem, so I will be able to use the latest version of this app very soon (will wait for public beta).
On a side note, this update should als hide /Magisk partition, which was detected by @perillamint banking app, so might be worth trying it.
I have installed this Hanabank app (hopefully is the right one!) and added it to Magisk Hide. The app opens up correctly but I can't understand anything. I see some stuff moving on screen and on the upper left I see a lock icon (to login?)
If I don't add the app to Magisk Hide it shows an incomprehensible message and closes.
Hope you find this helpful.
Please see photos below.
@olivercervera
What are your exact steps? I installed the latest version from this thread, and added barclays to magisk hide, and then in settings, clicked in hide magisk manager. When I clicked in unhide magisk manager, it asked me for root permision for something with a random name, so I guess it worked, but I couldn't get the Barclays app to run. Is that a fresh install of your phone? I remember that if it detected your root once, it would be blocked forever, until you get a new ID. Did you call barclays to get your app working again?
On top of that, I clicked on hide magisk manager again, and now I can't unhide it, the app does nothing when I click on it... :crying:
Thanks for your help in any case, and thanks for the tip regading the new functionality!
mundodisco8 said:
@olivercervera
What are your exact steps? I installed the latest version from this thread, and added barclays to magisk hide, and then in settings, clicked in hide magisk manager. When I clicked in unhide magisk manager, it asked me for root permision for something with a random name, so I guess it worked, but I couldn't get the Barclays app to run. Is that a fresh install of your phone? I remember that if it detected your root once, it would be blocked forever, until you get a new ID. Did you call barclays to get your app working again?
On top of that, I clicked on hide magisk manager again, and now I can't unhide it, the app does nothing when I click on it... :crying:
Thanks for your help in any case, and thanks for the tip regading the new functionality!
Click to expand...
Click to collapse
Yes, a fresh start from a stock Nexus 5X I have at work. I did not register the app with my account during the test, all I needed to do was to get to the Welcome Screen: if Barclays detects root you don't get anything. Probably you need to reinstall Barclays App.
Once Magisk Manager is hidden with the new ID you can't go back to the original: you don't have any option. So if you still have it means there is a problem.
mundodisco8 said:
@olivercervera
What are your exact steps? I installed the latest version from this thread, and added barclays to magisk hide, and then in settings, clicked in hide magisk manager. When I clicked in unhide magisk manager, it asked me for root permision for something with a random name, so I guess it worked, but I couldn't get the Barclays app to run. Is that a fresh install of your phone? I remember that if it detected your root once, it would be blocked forever, until you get a new ID. Did you call barclays to get your app working again?
On top of that, I clicked on hide magisk manager again, and now I can't unhide it, the app does nothing when I click on it... :crying:
Thanks for your help in any case, and thanks for the tip regading the new functionality!
Click to expand...
Click to collapse
He's talking about a new Hide Manager feature that is much improved from the current implementation. It's not yet available officially, so you'll have to build yourself from the GitHub repo, or download from the unofficial snapshots thread that @olivercervera linked.
Didgeridoohan said:
He's talking about a new Hide Manager feature that is much improved from the current implementation. It's not yet available officially, so you'll have to build yourself from the GitHub repo, or download from the unofficial snapshots thread that @olivercervera linked.
Click to expand...
Click to collapse
I didn't even consider the possibility he didn't realise I was using the unofficial/self compiled version... I even linked it!!!
Thanks
olivercervera said:
I didn't even consider the possibility he didn't realise I was using the unofficial/self compiled version... I even linked it!!!
Thanks
Click to expand...
Click to collapse
It's actually quite apparent that he's talking about the current implementation, since the updated, unreleased, feature doesn't have anything named "unhide" to click.
With the new implementation you unhide the hidden Manager by reinstalling and opening it.
Hi guys,
Yes, I installed the latest version, following the link OliverCervera linked. I hid it using the usual method of going to options/hide magisk, and I got a new app, as usual. clicking on it to unhide prompted for root permissions for an app with a random ID (as expected). The next time, I wasn't that lucky, and the whole thing crashed. Anyway, it's a nightly, so I won't complain, and I will check it later, as sadly I don't have time to do it now.
In any case, my app was marked, because I opened it with the official release of Magisk and it detected root, and once it does, it keeps the "this phone is rooted" status until you do a factory reset. I think you can call them to tell them that it was a mistake, and they can unlock it but I'm not 100% sure about this last point.
Thanks for the work, anyway!
mundodisco8 said:
Hi guys,
Yes, I installed the latest version, following the link OliverCervera linked. I hid it using the usual method of going to options/hide magisk, and I got a new app, as usual. clicking on it to unhide prompted for root permissions for an app with a random ID (as expected). The next time, I wasn't that lucky, and the whole thing crashed. Anyway, it's a nightly, so I won't complain, and I will check it later, as sadly I don't have time to do it now.
In any case, my app was marked, because I opened it with the official release of Magisk and it detected root, and once it does, it keeps the "this phone is rooted" status until you do a factory reset. I think you can call them to tell them that it was a mistake, and they can unlock it but I'm not 100% sure about this last point.
Thanks for the work, anyway!
Click to expand...
Click to collapse
If you install the correct version of the Manager you won't have an unhide app after hiding the Manager. That's changed...
Your problem is probably that the unofficial Manager has a different signature, so it won't install over the official Manager. Solution: Uninstall the official Manager before installing the unofficial snapshot.
Have you tried just clearing all data for the app after it detects root? That usually works for an app that "remembers" root. But, I've never tested the app in question so...
Didgeridoohan said:
If you install the correct version of the Manager you won't have an unhide app after hiding the Manager. That's changed...
Your problem is probably that the unofficial Manager has a different signature, so it won't install over the official Manager. Solution: Uninstall the official Manager before installing the unofficial snapshot.
Have you tried just clearing all data for the app after it detects root? That usually works for an app that "remembers" root. But, I've never tested the app in question so...
Click to expand...
Click to collapse
I think they keep your signature and store it on their servers. Barclays is really focused when it comes to not allowing people to use their app on rooted phones, but as I said, I would need to double check. And I kind of get why they do it, as they went all the way to avoid to pay Android to use Android Pay and they developed their own platform to pay over NFC (not judging here, it's up to them if they think it's the best solution). At the end of the day, root is exploited through a security flaw, and "the bad guys could get your moneys", and even though they could display a message at launch that says "hey, you are rooted, the bad guys could get AAAALLL of the moneys, it's up to you" people would still want to sue them if they mess up... but it's funny that they allow you to get into the online banking web on a rooted phone, where the bad guys could see your password...
I highly recommend @JamFlux's work instead. Currently, this has got way more complicated than it should be (in the past 24 hours, only 40% users have managed to accurately follow the procedure, and even less for the latest beta). However, I will continue working on this project in order to make it compatible across more devices. The app is now open-source and you can visit the GitHub repo here. Thanks for using UpdateEngine Interface and I hope to see you folks again soon.
I've created the UpdateEngine Interface, a tool to install OTAs that haven't been assigned to your device. It talks to Android's update_engine binary to flash the block-based updates just the way the original updater does, ensuring that your data is preserved and your system partition's signature doesn't change.
TLDR: It allows you to install Oreo without using someone else's TWRP backup or losing data.
Now has the latest build (20th December)
Installation:
Install Magisk
Install the attached Magisk module (named UpdateEngine_1.2.zip) and reboot
Open the newly installed UpdateEngine app and press start
Wait for the installation to complete and restart your device to boot into Android O
If you wish to update to the latest beta, use Magisk to install UpdateEngine_1.3.zip afterwards
Note: If you're a FlashFire user, please uninstall it and reboot before continuing.
Note #2: You must install Oreo via v1.2 before installing the latest beta (via v1.3).
XDA:DevDB Information
UpdateEngine User Interface, Device Specific App for the Xiaomi Mi A1
Contributors
ur0
Version Information
Status: Stable
Current Stable Version: 1.1
Created 2017-12-19
Last Updated 2017-12-19
Does it need a virgin /system?
I love you! thats what we need.
konradit said:
Does it need a virgin /system?
Click to expand...
Click to collapse
Yeah. It requires that the system hasn't been modified since the December OTA (just like the original updater) since the updates are applied block-by-block.
Which beta does it have currently? THE first one or newer?
jazzthe#1 said:
Which beta does it have currently? THE first one or newer?
Click to expand...
Click to collapse
I only have the first build, since that's the only one that people captured (I'm not in the beta, so I can't get the newer ones myself).
Okay
@ur0 wow, thats awesome, thank you bro)
This looks interesting, although I'm waiting for Xposed Oreo. A question though, I've heard the leaked Oreo build is rooted, does this method install untouched boot.img?
@Filip013 yes, this installs the untouched boot.img.
@rostifaner and @TerQQ, You're welcome!
so this tool can install android O ota beta without twrp ? and without losing data ? and how to install this tool ? sorry for many question .
is possible to add feature "choose ota file from device" or something similar ?
TerQQ said:
is possible to add feature "choose ota file from device" or something similar ?
Click to expand...
Click to collapse
I'm looking into adding this -- the only problem is that it also requires a bit of metadata (which is inconvenient to type manually). I'll look into defining a format which the app can read directly.
It doesn't seem to be working for me. When I press Start, it opens FlashFire app & nothing happens. Even if I come back to this app, there will two buttons Pause & Stop, but nothing will be happening. Also can you please make it open source?
ghpranav said:
It doesn't seem to be working for me. When I press Start, it opens FlashFire app & nothing happens. Even if I come back to this app, there will two buttons Pause & Stop, but nothing will be happening. Also can you please make it open source?
Click to expand...
Click to collapse
That's weird -- can you please post the logcat outputs after this happens (maybe after restarting and trying again)?
I'm sure that it's something with flashfire since the app doesn't use it or depend on it.
I'm definitely going to open-source this after I fix a few hacks I made to get the initial version working.
Any chance of posting your work to github? would be interesting to see the source if possible
How to install?
How to install magisk and update engine. Will we have to root and flash these file from TWRP? Please give the tutorial in detail.
for me its working great.
I don't understand what purpose this tool serves. You're saying that using this we can install the oreo update without someone's twrp bakup?
I keep getting a crash when i press start, then the app won't open again until I reboot and even then no download... am i missing something?
I have magisk 15.6 and i disabled all my other modules just in case...
EDIT:
12-19 11:32:16.564 3121-3267/? E/DatabaseUtils: Writing exception to parcel
java.lang.SecurityException: Permission Denial: reading com.android.providers.media.MediaProvider uri content://media/external/fs_id from pid=9022, uid=10111 requires android.permission.READ_EXTERNAL_STORAGE, or grantUriPermission()
at android.content.ContentProvider.enforceReadPermissionInner(ContentProvider.java:608)
at android.content.ContentProvider$Transport.enforceReadPermission(ContentProvider.java:483)
at android.content.ContentProvider$Transport.query(ContentProvider.java:212)
at android.content.ContentProviderNative.onTransact(ContentProviderNative.java:112)
at android.os.Binder.execTransact(Binder.java:565)
I think you need to add the read/write premission to your app. not sure how its working for others
EDIT 2: Selinux is denying your app.. had to use a selinux disabler app to get it not to crash... might want to look into that..
EDIT 3: Not working... Nothing happens when i click start...
Copying instructions that were in the miscellaneous thread while we were waiting for a proper sub forum. Keep in mind that the program to get TWRP onto the phone is in Chinese and will trigger an antivirus warning. Also TWRP will be in Chinese so users have to press the button on the right in the 1st screen to enable English.
TWRP is working for Nubia Z20 Chinease, Europe and American version
Download TWRP from this link
[Mod Edit] Download link removed due to GPL incompliance
Installing TWRP steps:
1. Enable usb debugging in nubia z20
2. Connect your mobile to the computer
3. Disable Anti-virus on your computer
4. Copy paste TWRP application to C:/adb
5. Click the only button on the TWRP interface
6. On the next screen, click the only button (fastboot twrp) on the screen
7. mobile will reboot to bootloader
8. reboot to recovery
9. if you have security code, input your security pin.
10. change language by clicking right side button
11. In twrp, you can flash global rom and magisk for root
For Rooting Nubia (all version)
1. Install TWRP from the above link
2. From TWRP, you can install magisk manager (latest) and reboot to system.
3. From Magisk application, download riru modules (core & hook) install and reboot.
4. Insatll Edxposed for xposed modules
Custom modules working for Nubia:
1. Gravity Box (working only for global roms)
2. Face unlock (Magisk module)
3. Instant Face unlock (Xposed module)
4. Pixelify (Magisk module0
5. Force touch enabler (Xposed module)
6. Xposed edge (Xposed module)
7. AR core patcher (Magisk module)
8. Google cam (Gcam shared earliet posts with attached xml scripts)
9. Youtube vanced
10. Whatsapp emojis
11. L Tweaks
Linux?
What should Linux users do?
Cheako said:
What should Linux users do?
Click to expand...
Click to collapse
Switch to windows? Seriously...at least for a short time. I'm a Linux user myself but always have a Windows machine handy for flashing
n1tro said:
Switch to windows? Seriously...at least for a short time. I'm a Linux user myself but always have a Windows machine handy for flashing
Click to expand...
Click to collapse
Thanks! I haven't used Windows since the late 90s and every time I try what you're suggesting I have a horrible time. It's not worth any amount of effort to have Windows for running this one application that does something ultimately resulting in Malware. That is to say running this program is analogous to running an application that, I not only don't have the source too, but indeed can't even explain what it does. That's the vary definition of malicious software, running software that has no explainable purpose.
It piss me off why every nubia TWRP is a .exe can you just install it yourself and make a backup of your recovery partition and send us the img ?
its here ***
[Mod Edit] Download link removed due to GPL incompliance
GPL Violation.
This program is obviously linked with a compiled image of TWRP, witch is GPL. The exe is encrypted, a form of UPX. Regardless it's against copyright to distribute without source.
RomanLeFrais said:
It piss me off why every nubia TWRP is a .exe can you just install it yourself and make a backup of your recovery partition and send us the img ?
its here ***
[Mod Edit] Download link removed due to GPL incompliance
Click to expand...
Click to collapse
Looks like a boot image, but triggers the same error on my device. From another thread we are discussing the differences of V1.x(NON-EU) and phones from the EU that are V2.x. The images I've found and have been using are V2.x and the phone is from US Amazon, not that you can't purchase EU phones from there. It's unknown what version my phone is.
I've been pointing out everywhere the GPL violations and that also applies here.
Tell me if I'm wrong but the only difference beteween eu and non-eu are the radio frequency and maybe some minor adjustement that don't affect the way TWRP work, and the only difference between 1.x and 2.x are the system update it also don't affect the way TWRP need to be compiled except for the included magisk install ect in the advanced tabs that Scarlet-glass added
If you want to have your own clean version you can always compile TWRP yourself to not deal with a GPL issue (Isn't it the GNU Free software license ?) Scarlet-glass released the device tree
UPX is a compression algorithm lol, to check if its obfuscated run Detect-it-Easy on it, I did and its not obfuscated take a look at my binwalk output
https://pastebin.com/7Ut6E5Zz
The executable maybe came from the person that make the "Global" ROM for all the aliexpress seller by removing the chinese app and installing google, they left their "weibo VIP channel" in /etc on the system part but I don't know how to join.
So anyway I doubt they copyrighted their TWRP image and its normal that the recovery image appear as a boot image because it is one lol
Apparently this device is not the same for EU users as America or China, that is to say one model for EU and another model for NON-EU(presumably China, India, Japan, Canada, US, ect). I was using V2.x(EU) files, but my phone is V1.x(NON-EU). The major version numbers are more like part of the model number than like a version indicator. Here is the full dump where I got the boot and recovery images, it's 2.2GB compressed
https://www.filehosting.org/file/details/835328/NX627J_NubiaEmergencyDownload_V103.7z
I'll try and post just the boot/recovery images here: https://mikemestnik.net/archives/
Code:
SHA256 (NX627J_NubiaEmergencyDownload_V103.7z) = bd412eeab191c001a4ee5b11bda8a2ec7273257ccd2e1d024e60e8c6a1bd174b
SHA256 (NX627J-stock-1_03.7z) = f53a120dc7e8029bf2bb0fb7a462d027376d63bb39e4b7f2ae2f55ae2bcba9ae
RomanLeFrais said:
Tell me if I'm wrong but the only difference beteween eu and non-eu are the radio frequency and maybe some minor adjustement that don't affect the way TWRP work, and the only difference between 1.x and 2.x are the system update it also don't affect the way TWRP need to be compiled except for the included magisk install ect in the advanced tabs that Scarlet-glass added
If you want to have your own clean version you can always compile TWRP yourself to not deal with a GPL issue (Isn't it the GNU Free software license ?) Scarlet-glass released the device tree
UPX is a compression algorithm lol, to check if its obfuscated run Detect-it-Easy on it, I did and its not obfuscated take a look at my binwalk output
https://pastebin.com/7Ut6E5Zz
The executable maybe came from the person that make the "Global" ROM for all the aliexpress seller by removing the chinese app and installing google, they left their "weibo VIP channel" in /etc on the system part but I don't know how to join.
So anyway I doubt they copyrighted their TWRP image and its normal that the recovery image appear as a boot image because it is one lol
Click to expand...
Click to collapse
The file you are talking about and the one that is currently posted are nothing alike.
Code:
[email protected]:~/Downloads$ binwalk nubia\ Z20-for\ Android\ P-TWRP-3.3.1.exe
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 Microsoft executable, portable (PE)
372399 0x5AEAF SHA256 hash constants, little endian
4642204 0x46D59C MySQL ISAM compressed data file Version 10
13113062 0xC816E6 gzip compressed data, last modified: 2019-08-30 09:47:28
42228777 0x2845C29 End of Zip archive, footer length: -25518
42279022 0x285206E PARity archive data - file number 7950
42571120 0x2899570 XML document, version: "1.0"
This reminds me to add checksums to my uploads!
Cheako said:
The file you are talking about and the one that is currently posted are nothing alike.
This reminds me to add checksums to my uploads!
Click to expand...
Click to collapse
I first decompressed with upx
Code:
upx -d nubia\ Z20-for\ Android\ P-TWRP-3.3.1.exe
Edit: I downloaded 1.03 and 2.03 and try to look for diff in some files with
Code:
vimdiff <(xxd "EUROPE-ASIA/file" ) <(xxd "US/file" )
and they are a little different I didn't try the android files (system,vendor,boot etc) because they are too big though
RomanLeFrais said:
I first decompressed with upx
Code:
upx -d nubia\ Z20-for\ Android\ P-TWRP-3.3.1.exe
Edit: I downloaded 1.03 and 2.03 and try to look for diff in some files with
Code:
vimdiff <(xxd "EUROPE-ASIA/file" ) <(xxd "US/file" )
and they are a little different I didn't try the android files (system,vendor,boot etc) because they are too big though
Click to expand...
Click to collapse
help me please i am some speak english. my nubia z20 brick . i need stock rom my phone global en v203 i want to chinese rom but my phone brick.
i need rom i need help
Not working for me.....
Not able to install TWRP.
Have also tried to install img.
Have typed in "adb reboot bootloader" in command window, and the phone reboot.
But when typing "fastboot flash recovery recovery.img", it get stuck on "waiting for device".
Anyone have the correct USB driver?
Or is the problem windows 10?
Btw, USb debugging is on, and OEM unlocking is on.
Ui is CNCommon_V2.17.
The China special with no update function, beside update by usb-c OTG, wich don't work.
Why can not create backup from TWRP, both to the internal memory and to the flash card via OTG, writes an error.
Olfoss said:
Not able to install TWRP.
Have also tried to install img.
Have typed in "adb reboot bootloader" in command window, and the phone reboot.
But when typing "fastboot flash recovery recovery.img", it get stuck on "waiting for device".
Anyone have the correct USB driver?
Or is the problem windows 10?
Btw, USb debugging is on, and OEM unlocking is on.
Ui is CNCommon_V2.17.
The China special with no update function, beside update by usb-c OTG, wich don't work.
Click to expand...
Click to collapse
please answer me
n1tro said:
Copying instructions that were in the miscellaneous thread while we were waiting for a proper sub forum. Keep in mind that the program to get TWRP onto the phone is in Chinese and will trigger an antivirus warning. Also TWRP will be in Chinese so users have to press the button on the right in the 1st screen to enable English.
TWRP is working for Nubia Z20 Chinease, Europe and American version
Download TWRP from this link
https://drive.google.com/file/d/1rpyehWTPdzzNLhZVqvOuaPmoZ0bG0gak/view?usp=sharing
Installing TWRP steps:
1. Enable usb debugging in nubia z20
2. Connect your mobile to the computer
3. Disable Anti-virus on your computer
4. Copy paste TWRP application to C:/adb
5. Click the only button on the TWRP interface
6. On the next screen, click the only button (fastboot twrp) on the screen
7. mobile will reboot to bootloader
8. reboot to recovery
9. if you have security code, input your security pin.
10. change language by clicking right side button
11. In twrp, you can flash global rom and magisk for root
For Rooting Nubia (all version)
1. Install TWRP from the above link
2. From TWRP, you can install magisk manager (latest) and reboot to system.
3. From Magisk application, download riru modules (core & hook) install and reboot.
4. Insatll Edxposed for xposed modules
Custom modules working for Nubia:
1. Gravity Box (working only for global roms)
2. Face unlock (Magisk module)
3. Instant Face unlock (Xposed module)
4. Pixelify (Magisk module0
5. Force touch enabler (Xposed module)
6. Xposed edge (Xposed module)
7. AR core patcher (Magisk module)
8. Google cam (Gcam shared earliet posts with attached xml scripts)
9. Youtube vanced
10. Whatsapp emojis
11. L Tweaks
Click to expand...
Click to collapse
please can you improve twrp for android 11 this way
I can't. I'm not a developer. The information above was done by someone else before the forum was created. I only copied the content over.
This phone has almost no support unless you are using the Chinese version. Nubia does not care about the global market as they make enough money selling phones within China in my opinion.
n1tro said:
I can't. I'm not a developer. The information above was done by someone else before the forum was created. I only copied the content over.
This phone has almost no support unless you are using the Chinese version. Nubia does not care about the global market as they make enough money selling phones within China in my opinion.
Click to expand...
Click to collapse
i will never buy a nubia phone again.
I upgraded to android 11 beta for nubia z20, it installed without issue, but I was not satisfied with the upgrade because I could not access my contacts. I tried to reinstall the standard ROM back, it loads the nubia logo and then shows the warning “Device is corrupted. It can't be trusted and won't boot. " I have flashed the Nubia z20 unbrick tool v1.03 and this does not help either, please help
Hey everyone,
after some trial and error, I was able to pass Safety Net.
I just want to mention what I did in the process to get there. May have been a combination of things or just one...
1. I followed this guide, but make sure you notice that It's for the Pixel 5 not 5a. But the process is similar. This process didn't fix the issue. However, it's also a good how-to on how to root. I did also modify the props to the 3a.
How to Root the Pixel 5 & Still Pass SafetyNet — Full Guide for Beginners & Intermediate Users
The Pixel 5 is a great value proposition in this era of $1,500 phones. With its reasonable price tag, fully open-sourced software, and unlockable bootloader, it's also an ideal phone for rooting.
android.gadgethacks.com
2. When that didn't work, I followed this video, and hid all my banking apps besides the Google Play Services:
3. When that didn't work, I installed these both using Magisk from this post:
Magisk General Support / Discussion
This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases. All information, including troubleshoot guides and notes, are in the Announcement Thread
forum.xda-developers.com
4. Cleared my data and cache with Google Play and GPay + any other banking apps.
That worked for me!
EDIT: IF GOOGLE MAPS reports the wrong location, its likely XPrivacy-LUA, Google Services. Uncheck some of them.
Oh man....the only thing holding me back is the safety net thing, and it looks like we have a work around tell someone has an actual method made for this phone. Not sure if I'm ready to actually mess with this yet...but thanks for the post, bro!
anubis2k3 said:
Oh man....the only thing holding me back is the safety net thing, and it looks like we have a work around tell someone has an actual method made for this phone. Not sure if I'm ready to actually mess with this yet...but thanks for the post, bro!
Click to expand...
Click to collapse
Didnt think it was that big of a deal to me. But it was fun with a new phone with nothing on it.
This was the Magisk module that worked to pass safety net for me. I didn't need any others.
Releases · kdrag0n/safetynet-fix
Google SafetyNet attestation workarounds for Magisk - kdrag0n/safetynet-fix
github.com
Google Pay "appears" to be working too. Haven't gone out and tried it yet though.
joemommasfat said:
Google Pay "appears" to be working too. Haven't gone out and tried it yet though.
Click to expand...
Click to collapse
That's the part that I use the most, and the reason I haven't rooted yet. Please let us know if it works. Much appreciated!
I can confirm that using google pay (newer GPay app) on my rooted 5a works at merchants. I've already used it several times over the last week or so with no problems.
Deadmau-five said:
3. When that didn't work, I installed these both using Magisk from this post:
Click to expand...
Click to collapse
Why? Isn't the shim version just for Samsungs? Either way, it's the same mod, just different versions.
Someone who actually knows what they're doing needs to write up a tutorial. Following instructions posted by people who have no idea what they're doing but "it works" for them is dangerous.
borxnx said:
Why? Isn't the shim version just for Samsungs? Either way, it's the same mod, just different versions.
Someone who actually knows what they're doing needs to write up a tutorial. Following instructions posted by people who have no idea what they're doing but "it works" for them is dangerous.
Click to expand...
Click to collapse
You're absolutely correct about the dangers in following instructions posted by who knows who. I'll go further and say when it comes to root and associated items stay away from anything posted on a site other than XDA. In many cases even if the instructions were correct at some point in time they may well be outdated now.
I haven't rooted yet for a few reasons yet but will, hopefully sometime very soon. In the meantime I can state the following:
They're is no need to modify props. Modifying props to identify as a different phone would only be required for custom ROMs that don't handle it themselves (or some non-certified Chinese phones, which doesn't apply here). If you're running stock just leave that portion alone. And, if I'm not mistaken (although not 100% certain) I think safetynet-fix takes care of that for you in any case.
You will definitely need kdragOn/safetynet-fix.
Hopefully that's all you need.
I'm not sure which version of Magisk you'll need. Unless you know what you're doing and how to get out of trouble I recommend staying away from the current alphas, they're extremely cutting edge and you can expect problems.
Best best is to check the following threads and see what's going on:
Actually see this post and the 2 posts immediately following
Magisk General Support / Discussion
This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases. All information, including troubleshoot guides and notes, are in the Announcement Thread
forum.xda-developers.com
That should pretty much cover things for the moment. If nobody else (@hfam ?) has done it by the time I get around to rooting I'll write something up specific for the 5a.
I only mentioned what works for me since there was no step-by-step guide.
Dangerous how? Doing any mods to your phone is "dangerous". I fail to see how this is more so than others. Modifying your phone is risky.
If it didn't work I wouldn't have posted this guide. I only mentioned the steps that I took. It's not really a guide, just how I passed safety net.
But, my 5a has still been working great since then. GPay included.
jcmm11 said:
You're absolutely correct about the dangers in following instructions posted by who knows who. I'll go further and say when it comes to root and associated items stay away from anything posted on a site other than XDA. In many cases even if the instructions were correct at some point in time they may well be outdated now.
I haven't rooted yet for a few reasons yet but will, hopefully sometime very soon. In the meantime I can state the following:
They're is no need to modify props. Modifying props to identify as a different phone would only be required for custom ROMs that don't handle it themselves (or some non-certified Chinese phones, which doesn't apply here). If you're running stock just leave that portion alone. And, if I'm not mistaken (although not 100% certain) I think safetynet-fix takes care of that for you in any case.
You will definitely need kdragOn/safetynet-fix.
Hopefully that's all you need.
I'm not sure which version of Magisk you'll need. Unless you know what you're doing and how to get out of trouble I recommend staying away from the current alphas, they're extremely cutting edge and you can expect problems.
Best best is to check the following threads and see what's going on:
Actually see this post and the 2 posts immediately following
Magisk General Support / Discussion
This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases. All information, including troubleshoot guides and notes, are in the Announcement Thread
forum.xda-developers.com
That should pretty much cover things for the moment. If nobody else (@hfam ?) has done it by the time I get around to rooting I'll write something up specific for the 5a.
Click to expand...
Click to collapse
Just a quick note to say I just finished with everything (new Pixel 5a 5G, rooted + Safety net, restored all my apps, etc) and it's a flawless victory, ALL banking apps work great, SafetyNet passes, no hiccups.
I'd be happy to craft up a step by step and post it if there's some interest. It's not often I get to give back to this outstanding community, so it's the least I can do jumping on the opportunity. UFC 266 Main card is just starting, so I'll get started right after the fight and post it here in this thread.
Great to see ya again @jcmm11! Coming back to root a new phone feels like a family reunion, so great to see many of you active folks still here helping out!!
hfam
Alright, as promised, here is my writeup for a step-by-step tutorial for rooting your new Pixel 5a and getting SafetyNet up and going. I know it looks like a book, but I wanted to put it into plain language and attempt to explain the process for everyone, even absolute first timers. I know when I first started I really appreciated when the person helping didn't presume I had any knowledge, so for those that may have some experience, sorry for the wordiness. I'll also include how I apply updates when a new Android security update is pushed out. I understand that there are now elegant ways to accept OTA updates, but that is out of the scope of this tutorial as I have always had issues with OTA, and have to catch up on how that works myself. I can attest to years of using this method though (using a full factory image) to perform the "monthly" security updates, and I have never had anything but full success, so I'll share that here below the rooting tutorial.
*Disclaimer and heads-up* this is for an UNLOCKED PIxel 5a purchased directly from Google Store. At the time of this writing that is the only place I'm aware of which currently offers the PIxel 5a. Once carriers like Verizon, etc, offer this device, there may be some changes to the process, so just know up front this is for the unlocked Pixel 5a*
*WARNING*! When you unlock the bootloader on your phone it WILL WIPE YOUR PHONE and reset it to factory. If you've already used your phone and set it up, you're going to lose that setup. If you can't bear it, then the rest of this isn't for you, as root cannot be achieved without unlocking the bootloader.
First, you'll need a few things
- https://developers.google.com/android/images
and download the latest FACTORY IMAGE for "barbet", which is the Pixel 5a. You want to download the SAME VERSION that is currently installed on your device. At the time of this writing, it's the September release.
From that same page, you will need the ADB+Fastboot platform tools which will allow you to perform the required tasks, download from this link:
- https://developer.android.com/studio/releases/platform-tools.html
I use Windows 10, and extract this tools download to a folder in the root of C: called "platform-tools". You will then need to add "c:\platform-tools" to your environment path.
On the Pixel 5a, you need to enable developer options. Go into Settings/About Phone/and tap "Build Number" 7 times. This enables developer options and it will let you know when you've unlocked this as you tap 7 times. Once developer options is unlocked, go back to Settings/System/Advanced, and you'll see Developer Options is now available.
Select Developer Options, and enable "USB Debugging" and also enable "OEM Unlocking".
(**NOTE** For now at least, until you decide how you want to proceed with handling updates in future (more on that later), I strongly recommend turning OFF "Automatic System Updates" as well, just a few items below "OEM Unlocking". This prevents any updates happening automatically on a phone reboot. You don't want to wake up and find an OTA update pushed out and removed root, or worse. You can always turn it back on later.)
Plug your phone into a USB port on your PC. Allow the PC to do it's thing. You can open up Computer Management on the PC (right click the windows menu button icon lower left of your toolbar and select "Computer Management". Select "Device Manager" on the left panel. You should see "Android ADB Device" appear at the top of the right pane list of devices. if not, then visit:
Install OEM USB drivers | Android Studio | Android Developers
Discover links to the web sites for several original equipment manufacturers (OEMs), where you can download the appropriate USB driver for your device.
developer.android.com
and download the appropriate USB driver for your system and retry the above directions.
First thing we have to do is unlock the bootloader.
On the PC, open a command prompt and change directory to "C:\platform-tools" as discussed above.
Now, type in "adb reboot bootloader". The phone will reboot into bootloader. (you may receive a dialog on the phone which says something to the effect of not recognizing the PC. Go ahead and allow it, check the box to allow it in the future, and proceed.
Phone is now at the bootloader, and shows you some info letting you know it's so, including that the bootloader is locked. Also, look at the Device Manager we opened earlier and confirm that you see Android ADB Device (or similar) which confirms your PC recognizes the phone and setup for ADB commands .
To unlock the bootloader, in the command prompt type:
fastboot flashing unlock
This will unlock the bootloader, you will likely see a warning that it's going to wipe the phone. Proceed and allow the unlock. The phone will then reboot and take you to your wiped phone just as you received it out of the box, except the bootloader is now unlocked and Developer Options are still available. Let the phone continue through it's first-time setup, and leave the phone plugged into the PC. If you unplugged no biggie, but we're going right back to the PC shortly and it will need to be plugged back in before the next step to accept the file we're going to push to it.
Now, you want to open a browser on the phone and go to (at the time of this writing, v23.0 is the current stable Magisk):
Release Magisk v23.0 · topjohnwu/Magisk
This release is focused on fixing regressions and bugs. Note: Magisk v22 is the last major version to support Jellybean and Kitkat. Magisk v23 only supports Android 5.0 and higher. Bug Fixes [App]...
github.com
Scroll down and under "Assets" select that Magisk 23.apk file, download and install it. Open Magisk if it doesn't open on install, and just let it sit, we're coming back to it shortly.
PATCHING THE BOOT.IMG FILE
On the PC, go back to the Factory Image you downloaded, and extract it to a temporary directory. You will see 6 files; a few "flash-all" files, a radio image, a bootloader image, and a ZIP file called "image-barbet-XXXXXXXXXXX.zip (the xxx's are whatever the version number is you've downloaded). Double click that ZIP file and you will see a dozen files. The one we need to root the device is "boot.img".
Copy (don't move!!) this file to c:\platform-tools. Now, go back to your command prompt (still pointing to c:\platform-tools) and type in:
adb push boot.img /sdcard/Download
Now back on the phone, within the Magisk app we left open, at the top where it says Magisk, choose to install. A dialog box will open, select Patch Boot File Image. Point the process to your /sdcard/Download, and select the boot.img file we just pushed there. Now allow it to patch the boot.img and Magisk will show you it's patching it, and in a moment tell you it was successful. Close the Magisk app, open "Files" and direct it to sdcard/Download. Note the name of the patched boot file, which is called "magisk_patched-XXXXX_xxxxx.img (the X's are the Magisk version, and the x's are 5 random chars). Feel free to leave it there as you go back to the PC...
Back on the PC, in the command prompt, now type:
adb pull /sdcard/Download/magisk_patched-XXXXX_xxxxx.img
make certain you get the name exact or it won't go, no worries, just get it correct. The file now resides in the "c:\platform-tools" directory along with the unpatched "boot.img" and your ADB+Fastboot tools.
Just about done rooting, here we go!
Now, in the command prompt type:
adb reboot bootloader
The phone reboots into bootloader. Now type:
fastboot flash boot magisk_patched-XXXXX_xxxxx.img (again, use the numbers and letters in YOUR patched file!)
Lastly, type:
fastboot reboot
Your phone reboots, and you should be rooted!! Unplug your phone from the PC, open up Magisk App and confirm, the Magisk entry at the top of the main Magisk App screen should now show you the version you installed, etc!
Time to get your banking apps (and any others that may detect unlocked bootloaders/root/etc) working!
In the Magisk App, on the bottom of the screen is a 4 item menu bar. Select the right-most icon, which is "Modules". At the top of the screen select "sorting order" and sort alphabetically. Scroll down to "riru" and select the module that is JUST "RIRU", (not any of the other "riru _______" modules). Choose to download it, then choose to install it. You'll be prompted to reboot the phone, so reboot the phone.
Next, we're going to install drag0n's Universal SafetyNet fix (at the time of this writing it's currently v 2.1.1) You will need to download this via a browser on your phone, so open a web browser and go to:
GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
On the right-hand side, you'll find "Releases", and v2.1.1 is the latest. Select that, then scroll down to "Assets" and download "safetynet-fix-v2.1.1.zip" By default this will download to sdcard/Download.
Go back into the Magisk App, select the "Modules" menu as above, and at the very top select the "Install from Storage" bar. Point to the file we just downloaded and install it (don't extract it, etc, it requires the zip exactly as downloaded and will do it's thing). Again, it will install the module and prompt you to reboot. Reboot.
Almost there!
At this point, if you havent installed your banking apps, do so. DON'T RUN THEM, just install them. I also have a Nintendo Switch Online app which failed because of root, so if you also have or want this app, install it now, again, do NOT run it yet, just install. Same with any other apps you are aware which have root/bootloader unlocked issues, get them installed, but don't run 'em.
Now, we're going to use MagiskHide to hide these apps and complete the process for passing SafetyNet and running apps which may not run due to root.
in the Magisk App, at that 4 item menu bar at the bottom, select the 2nd from left, or "MagiskHide". Select the MagiskHide item and it will open to a scan of all the apps on your system. By default I believe Magisk sets up to hide Google Play Services. You will see it selected, and all the other apps on your system unselected. Select each of the banking apps, the Nintendo Switch Online (if you have it), and any other apps that YOU ARE SURE will complain about unlocked bootloaders and/or root. Any onilne gaming that's popular are good choices, but again, it's easiest to NOT RUN them PRIOR to hiding them via MagiskHide. Pokemon GO comes to mind as one I've seen that needs hiding, etc, so make it easy on yourself and do a little research on any suspect apps prior to running them, then hide them if needed.
Anyhow, select your banking apps to hide them.
Now, we're going to check SafetyNet to make sure youll now pass.
On the Home menu in the Magisk App, select "Check SafetyNet". You will be prompted to download some proprietary SafetyNet shhhhhhhtuff....so let it download. Once done, SafetyNet check will open, and you should show a blue screen which says SUCCESS, and "basicintegrity" and "ctsProfile" will be checkmarked, evalType will show BASIC.
You're good to go, rooted, SafetyNet works perfect, and you can now open your banking apps and should open right up!!
If you find any specific issues about specific apps not working, or detecting root, etc, the best place to get help is in the Magisk General Discussion forum:
Magisk General Support / Discussion
This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases. All information, including troubleshoot guides and notes, are in the Announcement Thread
forum.xda-developers.com
I owe those folks eternally for showing me what I know, and always having the answers for any issues I've ever had. Some of the nicest, smartest people Ive had the pleasure of knowing, they're always helpful, and even maintain fantastic sites for FAQ and chock full of great info about every aspect of Magisk.
BONUS ITEM: As I indicated above, I'd share the method I know, trust, and have used many many times, trouble free, to apply a system update to the phone without overwriting anything, and not hitting any issues many encounter using the OTA method (though I understand that's been vastly improved, I haven't educated myself as to that process and will likely continue to use this method).
Security Update (monthlies) Process using Full System Image
As above, download the newest Full Factory Image from the site. Extract this full image to a directory inside C:\platform-tools
In this directory, if you're on Windows, open the "flash-all.bat" file (don't run it, open it with Notepad or something similar, I really like Notepad++ as it's free, has a LOT of great functionality and, like the native Notepad, doesn't do any goofy formatting/fonting/etc when modifying and saving a file.)
In flash-all.bat, look for the "-w" entry in the fastboot command near the end of the file and REMOVE ONLY THE "-w", leaving the line correctly formatted (don't leave an extra space or something goofy), then save the file over the top of the original with the same name. This will remove the overwriting of your data when pushing the image, the "-w" tells the process to overwrite, so we remove it.
Open up a Windows Explorer and go to your c:\platform-tools directory. Delete (or move to another location) any "boot.img" files along with any "magisk_patched-XXXXX_xxxxx.img" files from previous operations. Also note and confirm that you have correctly extracted the latest Full System Image to it's own directory, residing in c:\platform-tools.
Now, connect your phone to the PC. Open your command prompt and point to "C:\platform-tools" again. Type: cd <name of Full system Image directory>
In command prompt, type:
adb reboot bootloader
The phone is now in bootloader. In command prompt, confirm you're pointing to "C:\platform-tools\<Full System Image extract dir>" Type:
flash-all
This will do a full factory image push to your phone, you'll see a couple quick writes and phone reboots, then begins writing the rest of the image to your phone, but since we removed the "-w" from "flash-all.bat", it's NOT overwriting your data, just the necessary system files to update it to the latest version!
Reboot your phone, let it do any optimizing and updating it needs to do, and don't run anything yet, we're not quite done, just let the phone settle in and finish booting and doing it's thing.
Now, go back and perform the steps above listed under "PATCHING THE BOOT.IMG FILE" to patch the newest boot.img from the Full System Image we just updated the phone with (push the boot.img to sdcard/Download, patch with Magisk App, pull magisk_patched-XXXXX_xxxxx.img to your PC, blast it back using fastboot), and you've now rerooted the phone.
Lemme just say again that I know this was a friggin' book, and I tried to make it as clear and plain language as I could to help even a first timer, so my apologies if it seems like an onerous process. It's really not, and once you've done this once or twice, it's a cakewalk and takes about 10 minutes of your time from start to finish to do the whole system update and reroot. Again, the newer methods to take OTA without losing root may be something you'd like to look into, i definitely will, but I'm very confident in sharing this method as I know it works like a champ and is foolproof if you take your time the first few times and make sure you do what's required (remove the "-w" from the flash-all.bat, etc)
Lastly, I've been using this method since the Pixel 2, and just performed it on my new 5a, it worked exactly as it has for years for me on the P2, so you can be confident moving forward that, if you follow instructions and take your time until it's all familiar, you'll be successful in rooting, passing SafetyNet, and applying system updates without screwing up the A/B slots or overwriting your data in the process.
I hope this helps even one person, and since I rarely find myself able to give back to the community in any real meaningful way (many of these folks are WAAAY beyond my modest skills and know so much!!), I hope that this provides some folks with a useful and meaningful tutorial, providing confidence that anyone can root their P5a (or about any Pixel it seems) without being a Magisk/Android prodigy.
@Didgeridoohan, @pndwal, @zgfg, @jcmm11, and so many others over the years have been so helpful, I couldn't have done any of this without their selfless help, so give those folks a big thanks also if this is any help to you.
Best of luck,
hfam
Thanks for the write-up @hfam, it's good to know that some of the steps that i tried aren't really necessary, like using props config or hiding the actual magisk app.
Appreciate you!
nsoult said:
Thanks for the write-up @hfam, it's good to know that some of the steps that i tried aren't really necessary, like using props config or hiding the actual magisk app.
Appreciate you!
Click to expand...
Click to collapse
Awww, thanks! Glad to do it and really hope it helps some folks tackle rooting their phones and passing SN!
Rooted with magisk v.23 - flashed zip as a module
So has anyone installed the October update yet?
GrandAdmiral said:
So has anyone installed the October update yet?
Click to expand...
Click to collapse
Yep, good to go. I used the same method I shared above.
Is this working with Android 12? Which Magisk version to use?
This method did not work for Android 12. I updated my rooted phone to android 12 OTA. It returned to stock. I followed the method above to patch the factory boot.img file with magisk. After flashing my phone in bootloader with the patched boot.img, my phone will not reboot. says:
failed to load/verify boot images
Any advice? My Magisk is v23. Do I need to use a beta version?
Poking around in this thread, it seems that android 12 root is a much more involved process, requiring factory wipe and additional steps.
[Guide] Flash Magisk on Android 12
Trying to root the Pixel 5 running Android 12 by flashing a magisk-patched boot image results in the phone only booting to fastboot mode ("failed to load/verify boot images") Some users have reported that booting (instead of flashing) the patched...
forum.xda-developers.com
tintn00+xda said:
This method did not work for Android 12. I updated my rooted phone to android 12 OTA. It returned to stock. I followed the method above to patch the factory boot.img file with magisk. After flashing my phone in bootloader with the patched boot.img, my phone will not reboot. says:
failed to load/verify boot images
Any advice? My Magisk is v23. Do I need to use a beta version?
Click to expand...
Click to collapse
As you stated, you are correct. You need to perform a full wipe or flash the factory image with a wipe and then root works fine and phone boots. Tried myself and works fine.