Changelog

Magisk v25.2

  • [MagiskInit] Fix a potential issue when stub cpio is used
  • [MagiskInit] Fix reboot to recovery when stub cpio is used
  • [MagiskInit] Fix sepolicy.rules symlink for rootfs devices
  • [General] Better data encryption detection
  • [General] Move the whole logging infrastructure into Rust

Magisk v25.1

  • [MagiskBoot] Fix ramdisk backup being incorrectly skipped
  • [MagiskBoot] Add new feature to detect unsupported dtb and abort during installation
  • [Zygisk] Change binary hijack paths
  • [App] Fix incorrect recovery mode detection and installation
  • [MagiskInit] Fix config not properly exported in legacy SAR devices
  • [General] Enforce the Magisk app to always match or be newer than magiskd

Magisk v25.0

Another major release! A lot of the changes aren’t visible at the surface, but v25 is actually a really substantial upgrade!

MagiskInit Rewrite

A significant portion of magiskinit (the critical software that runs before your device boots up) is completely rewritten from scratch. Ever since Android introduced Project Treble in Android 8.0, Magisk has been constantly fighting against the increasingly complex partitioning and early mount setups of all kinds of devices, sometimes with weird OEM specific implementations. It got to a point that magiskinit had become so complicated that few people (including myself!) were aware of every detail, and maintaining this piece of software like this was clearly not sustainable. After many months of planning (yes, this whole re-architecture has been in my head for a long time) and some help from external contributors, a whole new sepolicy injection mechanism is introduced into Magisk, solving the “SELinux Problem” once and for all.

Since this is a full paradigm shift on how Magisk hot-patch the device at boot, several behaviors that many developers implicitly relied on might not exist. For example, Magisk no longer patches fstabs in most scenarios, which means AVB will remain intact; some custom kernels rely on AVB being stripped out for them by Magisk.

MagiskSU Security Enhancements

The superuser functionality of Magisk has not seen much changes ever since its introduction. v25 focuses on making root permission management more accurate and secure:

  • Add a whole new package tracking system to ensure malicious UID reuse attack cannot be performed
  • Properly support and implement the UX in the Magisk app for packages using sharedUserId
  • Enforce root manager APK signature verification to combat the rampant unofficial Magisk app “mods”

Many might not realize, but using a trusted, unmodified Magisk app is really important. Magisk’s root daemon treats the Magisk app differently and gives it blanket root access without any restrictions. A modded Magisk app can potentially backdoor your device.

And in case some of you are about to put on your tin foil hats, this is not designed to “vendor lock-in”; the goal is to make sure your root management app comes from the same developer of the underlying root implementation. Magisk’s build system allows custom distributors to use its own signing keys, and in addition, I am also providing official debug builds which skips any signature verification for development.

  • [MagiskInit] Update 2SI implementation, significantly increase device compatibility (e.g. Sony Xperia devices)
  • [MagiskInit] Introduce new sepolicy injection mechanism
  • [MagiskInit] Support Oculus Go
  • [MagiskInit] Support Android 13 GKIs (Pixel 6)
  • [MagiskBoot] Fix vbmeta extraction implementation
  • [App] Fix stub app on older Android versions
  • [App] [MagiskSU] Properly support apps using sharedUserId
  • [MagiskSU] Fix a possible crash in magiskd
  • [MagiskSU] Prune unused UIDs as soon as system_server restarts to prevent UID reuse attacks
  • [MagiskSU] Verify and enforce the installed Magisk app’s certificate to match the distributor’s signature
  • [MagiskSU] [Zygisk] Proper package management and detection
  • [Zygisk] Fix function hooking on devices running Android 12 with old kernels
  • [Zygisk] Fix Zygisk’s self code unloading implementation
  • [DenyList] Fix DenyList on shared UID apps
  • [BusyBox] Add workaround for devices running old kernels

Magisk v24.3

  • [General] Stop using getrandom syscall
  • [Zygisk] Update API to v3, adding new fields to AppSpecializeArgs
  • [App] Improve app repackaging installation workflow

Magisk v24.2

  • [MagiskSU] Fix buffer overflow
  • [MagiskSU] Fix owner managed multiuser superuser settings
  • [MagiskSU] Fix command logging when using su -c <cmd>
  • [MagiskSU] Prevent su request indefinite blocking
  • [MagiskBoot] Support lz4_legacy archive with multiple magic
  • [MagiskBoot] Fix lz4_lg compression
  • [DenyList] Allow targeting processes running as system UID
  • [Zygisk] Workaround Samsung’s “early zygote”
  • [Zygisk] Improved Zygisk loading mechanism
  • [Zygisk] Fix application UID tracking
  • [Zygisk] Fix improper umask being set in zygote
  • [App] Fix BusyBox execution test
  • [App] Improve stub loading mechanism
  • [App] Major app upgrade flow improvements
  • [General] Improve commandline error handling and messaging

Magisk v24.1

  • [App] Stability improvements

Magisk v24

It has been a while since the last public release, long time no see! A personal update for those unaware: I am now working at Google on the Android Platform Security team. Without further ado, let’s jump right into it!

MagiskHide Removal

I have lost interest in fighting this battle for quite a while; plus, the existing MagiskHide implementation is flawed in so many ways. Decoupling Magisk from root hiding is, in my opinion, beneficial to the community. Ever since my announcement on Twitter months ago, highly effective “root hiding” modules (much MUCH better than MagiskHide) has been flourishing, which again shows that people are way more capable than I am on this subject. So why not give those determined their time to shine, and let me focus on improving Magisk instead of drowning in the everlasting cat-and-mouse game 😉.

Sunsetting Magisk-Modules-Repo

Due to lack of time and maintenance, the centralized Magisk-Modules-Repo was frozen, and the functionality to download modules from the repo is removed in v24.0. As a supplement, module developers can now specify an updateJson URL in their modules. The Magisk app will use that to check, download, and install module updates.

Introducing Zygisk

Zygisk is Magisk in Zygote, the next big thing for Magisk! When this feature is enabled, a part of Magisk will run in the Zygote daemon process, allowing module developers to run code directly in every Android apps’ process. If you’ve heard of Riru, then Zygisk is inspired by that project and is functionally similar, though the implementation is quite different internally. I cannot wait to see what module developers can achieve using Zygisk!

Documentation

For developers, details about updateJson and building Zygisk modules can all be found in the updated documentation.

  • [General] MagiskHide is removed from Magisk
  • [General] Support Android 12
  • [General] Support devices that do not support 32-bit and only runs 64-bit code
  • [General] Update BusyBox to 1.34.1
  • [Zygisk] Introduce new feature: Zygisk
  • [Zygisk] Introduce DenyList feature to revert Magisk features in user selected processes
  • [MagiskBoot] Support patching 32-bit kernel zImages
  • [MagiskBoot] Support boot image header v4
  • [MagiskBoot] Support patching out skip_initramfs from dtb bootargs
  • [MagiskBoot] Add new env variable PATCHVBMETAFLAG to configure whether vbmeta flags should be patched
  • [MagiskInit] Support loading fstab from /system/etc (required for Pixel 6)
  • [MagiskInit] Support /proc/bootconfig for loading boot configurations
  • [MagiskInit] Better support for some Meizu devices
  • [MagiskInit] Better support for some OnePlus/Oppo/Realme devices
  • [MagiskInit] Support init.real on some Sony devices
  • [MagiskInit] Skip loading Magisk when detecting DSU
  • [MagiskPolicy] Load *_compat_cil_file from system_ext
  • [MagiskSU] Use isolated devpts if the kernel supports it
  • [MagiskSU] Fix root shell if isolated mount namespace is set
  • [resetprop] Deleted properties are now wiped from memory instead of just unlinking
  • [App] Build a single APK for all ABIs
  • [App] Switch to use standard bottom navigation bar
  • [App] Downloading modules from the centralized Magisk-Modules-Repo is removed
  • [App] Support user configuration of boot image vbmeta patching
  • [App] Restore the ability to install Magisk on the other slot on some A/B devices
  • [App] Allow modules to specify an update URL for in-app update + install

Magisk v23

Note: Magisk v22 is the last major version to support Jellybean and Kitkat. Magisk v23 only supports Android 5.0 and higher.

  • [App] Update snet extension. This fixes SafetyNet API errors.
  • [App] Fix a bug in the stub app that causes APK installation to fail
  • [App] Hide annoying errors in logs when hidden as stub
  • [App] Fix issues when patching ODIN tar files when the app is hidden
  • [General] Remove all pre Android 5.0 support
  • [General] Update BusyBox to use proper libc
  • [General] Fix C++ undefined behaviors
  • [General] Several sepolicy.rule copy/installation fixes
  • [MagiskPolicy] Remove unnecessary sepolicy rules
  • [MagiskHide] Update package and process name validation logic
  • [MagiskHide] Some changes that prevents zygote deadlock

Related Posts

Leave a Reply

Download