b278d07b05
No matter if we use the old, buggy, error prone am_proc_start monitoring, or the new APK inotify method, both methods rely on MagiskHide 'reacting' fast enough to hijack the process before any detection has been done. However, this is not reliable and practical. There are apps that utilize native libraries to start detects and register SIGCONT signal handlers to mitigate all existing MagiskHide process monitoring mechanism. So our only solution is to hijack an app BEFORE it is started. All Android apps' process is forked from zygote, so it is easily the target to be monitored. All forks will be notified, and subsequent thread spawning (Android apps are heaviliy multithreaded) from children are also closely monitored to find the earliest possible point to identify what the process will eventually be (before am_proc_bound). ptrace is extremely complicated and very difficult to get right. The current code is heaviliy tested on a stock Android 9.0 Pixel system, so in theory it should work fine on most devices, but more tests and potentially fixes are expected to follow this commit.
Magisk
Downloads | Documentation | XDA Thread
Introduction
Magisk is a suite of open source tools for customizing Android, supporting devices higher than Android 4.2 (API 17). It covers the fundamental parts for Android customization: root, boot scripts, SELinux patches, AVB2.0 / dm-verity / forceencrypt removals etc.
Furthermore, Magisk provides a Systemless Interface to alter the system (or vendor) arbitrarily while the actual partitions stay completely intact. With its systemless nature along with several other hacks, Magisk can hide modifications from nearly any system integrity verifications used in banking apps, corporation monitoring apps, game cheat detections, and most importantly Google's SafetyNet API.
Bug Reports
Make sure to install the latest Canary Build before reporting any bugs! DO NOT report bugs that is already fixed upstream. Follow the instructions in the Canary Channel XDA Thread, and report a bug either by opening an issue on GitHub or directly in the thread.
Building Environment Requirements
- Python 3: run
build.pyscript - Java Development Kit (JDK) 8: Compile Magisk Manager and sign zips
- Latest Android SDK: set
ANDROID_HOMEenvironment variable to the path to Android SDK - Android NDK: Install NDK along with SDK (
$ANDROID_HOME/ndk-bundle), or optionally specify a custom pathANDROID_NDK_HOME - (Windows Only) Python package Colorama: Install with
pip install colorama, used for ANSI color codes
Building Notes and Instructions
- Clone sources with submodules:
git clone --recurse-submodules https://github.com/topjohnwu/Magisk.git - Building is supported on macOS, Linux, and Windows. Official releases are built and tested with FrankeNDK; point
ANDROID_NDK_HOMEto FrankeNDK if you want to use it for compiling. - Set configurations in
config.prop. A sample fileconfig.prop.sampleis provided as an example. - Run
build.pywith argument-hto see the built-in help message. The-hoption also works for each supported actions, e.g../build.py binary -h - By default,
build.pybuild binaries and Magisk Manager in debug mode. If you want to build Magisk Manager in release mode (via the-r, --releaseflag), you need a Java Keystore filerelease-key.jks(onlyJKSformat is supported) to sign APKs and zips. For more information, check out Google's Official Documentation.
License
Magisk, including all git submodules are free software:
you can redistribute it and/or modify it under the terms of the
GNU General Public License as published by the Free Software Foundation,
either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.