Zygisk failing with GrapheneOS 14 build 2024031400

[yitzhaq]

Device: Google Pixel 6 Pro
Android version: GrapheneOS 14 build 2024031400
Magisk version name: R65C33E4F-kitsune (D)
Magisk version code: 27001

Since updating to latest OTA GrapheneOS 14 build 2024031400, Zygisk has started failing. It is enabled, but no longer activating. Both Magisk and Zygisk were working fine with R65C33E4F-kitsune when running on the previous OTA build.

I've tried dis/re-enabling Zygisk, disabling all modules, reinstalling Magisk, all to no avail. Full debug log is attached.
magisk_log_2024-03-17T14.55.55.log

Thanks in advance for looking at this, and many thanks for your efforts to keep Magisk working on GrapheneOS!

[yitzhaq]

Possibly relevant part of log - same errors are shown in non-debug log:

03-17 14:49:33.683   825   825 D : ^@zygisk64: JNIEnv->RegisterNatives [com/android/internal/os/Zygote]
03-17 14:49:33.683   825   825 E : ^@zygisk64: unknown signature of com/android/internal/os/Zygote#nativeForkAndSpecialize: (II[II[[IILjava/lang/String;Ljava/lang/String;[I[IZLjava/lang/String
;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)I
03-17 14:49:33.683   825   825 I : ^@zygisk64: replaced com/android/internal/os/Zygote#nativeForkSystemServer
03-17 14:49:33.683   825   825 E : ^@zygisk64: unknown signature of com/android/internal/os/Zygote#nativeSpecializeAppProcess: (II[II[[IILjava/lang/String;Ljava/lang/String;ZLjava/lang/String;
Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)V

[...]

03-17 14:49:33.790   826   826 D : ^@zygisk32: JNIEnv->RegisterNatives [com/android/internal/os/Zygote]
03-17 14:49:33.790   826   826 E : ^@zygisk32: unknown signature of com/android/internal/os/Zygote#nativeForkAndSpecialize: (II[II[[IILjava/lang/String;Ljava/lang/String;[I[IZLjava/lang/String
;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)I
03-17 14:49:33.790   826   826 I : ^@zygisk32: replaced com/android/internal/os/Zygote#nativeForkSystemServer
03-17 14:49:33.790   826   826 E : ^@zygisk32: unknown signature of com/android/internal/os/Zygote#nativeSpecializeAppProcess: (II[II[[IILjava/lang/String;Ljava/lang/String;ZLjava/lang/String;
Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)V

[lbdroid]

Looks like the grapheneos adjustment needs to be updated;

KitsuneMagisk/Magisk@0a200be

[yitzhaq]

Looking at the frequency of GrapheneOS builds lately, I'm pretty sure I wasn't on the previous one before updating to 2024031400, though I'm not entirely sure which one I was running. From reading the changelog, my guess would be a recent build prior to 2024030600, and that this is the build where it broke, probably due to the Android 14 QPR2 changes.

This release is a massive overhaul of the OS almost as large as the migration from Android 13 QPR3 to Android 14 despite fewer user facing changes. This release includes a large part of the migration to Android 15.

https://grapheneos.org/releases#2024030600

So once this gets fixed, hopefully there won't be major breaking changes again for a while..

[lbdroid]

Upstream AOSP made a change in QPR2, and GrapheneOS's prior change was maintained. The issue is that the combination of the upstream and GOS changes have a unique signature. The third "Z" in "ZZZ" whereas the older was just "ZZ". They added a boolean ("Z") parameter "mount_sysprop_overrides" to forkAndSpecialize ("fas") and specializeAppProcess ("spec").

This is the upstream Magisk change for QPR2;
topjohnwu/Magisk@685a2d2

So all that's needed now is to alter the prior GOS patch (as I linked to above) for kitsunemask in the same manner.
There's really no point in maintaining the earlier revision since GOS doesn't maintain older releases.

[lbdroid]

This should about do it (untested):

diff --git a/native/src/core/zygisk/gen_jni_hooks.py b/native/src/core/zygisk/gen_jni_hooks.py
index 20a47b920..6d7620dfc 100644
--- a/native/src/core/zygisk/gen_jni_hooks.py
+++ b/native/src/core/zygisk/gen_jni_hooks.py
@@ -215,11 +215,11 @@ server_samsung_q = ForkServer('samsung_q', [uid, gid, gids, runtime_flags, Anon(
 
 fas_grapheneos_u = ForkAndSpec('grapheneos_u', [uid, gid, gids, runtime_flags, rlimits, mount_external,
     se_info, nice_name, fds_to_close, fds_to_ignore, is_child_zygote, instruction_set, app_data_dir, 
-    is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, Anon(jlongArray)])
+    is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, mount_sysprop_overrides, Anon(jlongArray)])
 
 spec_grapheneos_u = SpecApp('grapheneos_u', [uid, gid, gids, runtime_flags, rlimits, mount_external,
     se_info, nice_name, is_child_zygote, instruction_set, app_data_dir, is_top_app, pkg_data_info_list,
-    whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, Anon(jlongArray)])
+    whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, mount_sysprop_overrides, Anon(jlongArray)])
 
 hook_map = {}
 
diff --git a/native/src/core/zygisk/jni_hooks.hpp b/native/src/core/zygisk/jni_hooks.hpp
index 48c75ddc2..f6ecb90ca 100644
--- a/native/src/core/zygisk/jni_hooks.hpp
+++ b/native/src/core/zygisk/jni_hooks.hpp
@@ -127,7 +127,7 @@ void *nativeForkAndSpecialize_orig = nullptr;
     ctx.nativeForkAndSpecialize_post();
     return ctx.pid;
 }
-[[clang::no_stack_protector]] jint nativeForkAndSpecialize_grapheneos_u(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jintArray fds_to_close, jintArray fds_to_ignore, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs, jlongArray _13) {
+[[clang::no_stack_protector]] jint nativeForkAndSpecialize_grapheneos_u(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jintArray fds_to_close, jintArray fds_to_ignore, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs, jboolean mount_sysprop_overrides, jlongArray _13) {
     AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
     args.fds_to_ignore = &fds_to_ignore;
     args.is_child_zygote = &is_child_zygote;
@@ -139,7 +139,7 @@ void *nativeForkAndSpecialize_orig = nullptr;
     HookContext ctx(env, &args);
     ctx.nativeForkAndSpecialize_pre();
     reinterpret_cast<decltype(&nativeForkAndSpecialize_grapheneos_u)>(nativeForkAndSpecialize_orig)(
-        env, clazz, uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, fds_to_close, fds_to_ignore, is_child_zygote, instruction_set, app_data_dir, is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, _13
+        env, clazz, uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, fds_to_close, fds_to_ignore, is_child_zygote, instruction_set, app_data_dir, is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, mount_sysprop_overrides, _13
     );
     ctx.nativeForkAndSpecialize_post();
     return ctx.pid;
@@ -197,7 +197,7 @@ const JNINativeMethod nativeForkAndSpecialize_methods[] = {
     },
     {
         "nativeForkAndSpecialize",
-        "(II[II[[IILjava/lang/String;Ljava/lang/String;[I[IZLjava/lang/String;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZ[J)I",
+        "(II[II[[IILjava/lang/String;Ljava/lang/String;[I[IZLjava/lang/String;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)I",
         (void *) &nativeForkAndSpecialize_grapheneos_u
     },
 };
@@ -266,7 +266,7 @@ void *nativeSpecializeAppProcess_orig = nullptr;
     );
     ctx.nativeSpecializeAppProcess_post();
 }
-[[clang::no_stack_protector]] void nativeSpecializeAppProcess_grapheneos_u(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs, jlongArray _14) {
+[[clang::no_stack_protector]] void nativeSpecializeAppProcess_grapheneos_u(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs, jboolean mount_sysprop_overrides, jlongArray _14) {
     AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
     args.is_child_zygote = &is_child_zygote;
     args.is_top_app = &is_top_app;
@@ -277,7 +277,7 @@ void *nativeSpecializeAppProcess_orig = nullptr;
     HookContext ctx(env, &args);
     ctx.nativeSpecializeAppProcess_pre();
     reinterpret_cast<decltype(&nativeSpecializeAppProcess_grapheneos_u)>(nativeSpecializeAppProcess_orig)(
-        env, clazz, uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, is_child_zygote, instruction_set, app_data_dir, is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, _14
+        env, clazz, uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, is_child_zygote, instruction_set, app_data_dir, is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, mount_sysprop_overrides, _14
     );
     ctx.nativeSpecializeAppProcess_post();
 }
@@ -309,7 +309,7 @@ const JNINativeMethod nativeSpecializeAppProcess_methods[] = {
     },
     {
         "nativeSpecializeAppProcess",
-        "(II[II[[IILjava/lang/String;Ljava/lang/String;ZLjava/lang/String;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZ[J)V",
+        "(II[II[[IILjava/lang/String;Ljava/lang/String;ZLjava/lang/String;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)V",
         (void *) &nativeSpecializeAppProcess_grapheneos_u
     },
 };

[lbdroid]

Give this a try! I have NOT tested it. Make sure to uninstall the existing magisk/kitsune application and not just patch the boot. Also rename .zip --> .apk

kitsune-debug.zip

[MordorMinion]

Thank you @lbdroid! Tested and working for me on GrapheneOS 2024031400.

[lbdroid]

Excellent!

I've created a PR for the update to KitsuneMagisk repository here;
KitsuneMagisk/Magisk#5

[educongo]

Hello. Shouldn'd the PR be done here https://github.com/HuskyDG/magisk-files/pulls?
Thank you.

[rikita93]

@lbdroid. Thanks a million for this. Working on 2024032100.

[lbdroid]

Hello. Shouldn'd the PR be done here https://github.com/HuskyDG/magisk-files/pulls? Thank you.

No, this repository does not contain source code, just compiled binaries. In reality, what is housed in THIS repository should be hooked up to the "releases" component of where I made the PR.

[educongo]

Ahh! OK. Sorry for the noise. Thank you and HuskyDG for the time you put on your great work.

[yitzhaq]

I can also confirm that this fixes the issue as originally reported. Big thanks for your efforts, LGTM!

[Lyuu17]

Looking at the frequency of GrapheneOS builds lately, I'm pretty sure I wasn't on the previous one before updating to 2024031400, though I'm not entirely sure which one I was running. From reading the changelog, my guess would be a recent build prior to 2024030600, and that this is the build where it broke, probably due to the Android 14 QPR2 changes.

This release is a massive overhaul of the OS almost as large as the migration from Android 13 QPR3 to Android 14 despite fewer user facing changes. This release includes a large part of the migration to Android 15.

https://grapheneos.org/releases#2024030600

So once this gets fixed, hopefully there won't be major breaking changes again for a while..

I confirm this same issue in LineageOS now with a March build, so not a GrapheneOS issue

[lbdroid]

I confirm this same issue in LineageOS now with a March build, so not a GrapheneOS issue

As far as I can tell, LineageOS should be able to run on upstream Magisk version 27.0, unless they've added their own changes to zygote that create a unique signature.

It is unlikely that changes for GrapheneOS would be applicable there, unless they, I think that project calls it "kanged", changes from GrapheneOS.

In any case, if it doesn't work with upstream Magisk 27.0, you should file a bug report upstream here: https://github.com/topjohnwu/Magisk/issues

[senposage]

kitsune is dead HuskyDG is no longer maintaining this project the telegram channel was abandoned months ago
rip

[yitzhaq]

I'm now having a different issue with this build. After a reboot, my renamed manager app no longer shows, and has reverted to "Kitsune Mask". When trying to open that, it queries the usual "Upgrade to full Magisk to finish the setup. Download and install?", as if it had not been fully set up before. Choosing OK brings up a "Downloading Kitsune Mask" dialog, but this never finishes, it just sits there. Several tries, same result, nothing appears to be downloaded (or at least the process never completes or proceeds).

I have tried flashing the boot image anew, with the same result. Android build has AFAICT not changed - it's still on 2024031400, as when I originally flashed it, and before the reboot.

Anyone seeing anything similar? Or can think of why Kitsune Mask would fail to download?

[probablypablito]

I've had this issue happen on normal Magisk. I was able to redownload the APK from GitHub (same APK you flashed) and installing it over the current one. @yitzhaq

[yitzhaq]

I've had this issue happen on normal Magisk. I was able to redownload the APK from GitHub (same APK you flashed) and installing it over the current one. @yitzhaq

Indeed, after sideloading latest OTA, uninstalling the app and re-installing the APK, and re-patching (plus flashing) the updated boot image, things seem to be back to normal now. Thanks for the pointer, @probablypablito! And sorry for raising the apparently off-topic issue here.

[olemmer]

Looks like the grapheneos adjustment needs to be updated;
Give this a try! I have NOT tested it. Make sure to uninstall the existing magisk/kitsune application and not just patch the boot. Also rename .zip --> .apk

kitsune-debug.zip

Thx a lot.
This works for me on GrapheneOS Build 2024042100.

[yitzhaq]

Hey the thing you have sent, where do I need to add it?
I am not experienced in these things.
Thanks!

Just use the APK from here instead of the regular one: #129 (comment)

[rawpie2]

Does not work anymore latest build pixel 6 pro

[lbdroid]

Does not work anymore latest build pixel 6 pro

The problem with speaking in absolutes is that it can be very misleading. When you say "Does not work", people will assume that it does not work at all, when in reality, all that can really be ascertained is that it is just not working for you.

For example, right here in my hand I have a Pixel 6 Pro. Same phone even, imagine that! And its running grapheneos build 2024070201, which is the latest build available as I'm typing this message, and guess what? Kitsune Mask build that I attached to this thread up above on March 19th is working just fine still.

What that tells me is that you made an error installing it. Please try again. If it still doesn't work for you, provide more details.

[olemmer]

Does not work anymore latest build pixel 6 pro

The problem with speaking in absolutes is that it can be very misleading. When you say "Does not work", people will assume that it does not work at all, when in reality, all that can really be ascertained is that it is just not working for you.

For example, right here in my hand I have a Pixel 6 Pro. Same phone even, imagine that! And its running grapheneos build 2024070201, which is the latest build available as I'm typing this message, and guess what? Kitsune Mask build that I attached to this thread up above on March 19th is working just fine still.

What that tells me is that you made an error installing it. Please try again. If it still doesn't work for you, provide more details.

Just to confirm that the above attached version of Magisk on Mar 19 does still work perfectly on Pixel 7 with latest Graphene OS Build #2024070201

Thx alot !

[yitzhaq]

I can also confirm that it's still working fine for me (OP) on a Pixel 6 Pro running 2024070201.

@HuskyDG Does closing this mean that https://github.com/HuskyDG/magisk-files/blob/main/app-release.apk (and debug) now contains this patch? It's a bit unclear from the changelog.

[SCrid2000]

I can also confirm that it's still working fine for me (OP) on a Pixel 6 Pro running 2024070201.

@HuskyDG Does closing this mean that https://github.com/HuskyDG/magisk-files/blob/main/app-release.apk (and debug) now contains this patch? It's a bit unclear from the changelog.

I installed the update and it seems to be working with GrapheneOS again.

[rawpie2]

Does not work anymore latest build pixel 6 pro

The problem with speaking in absolutes is that it can be very misleading. When you say "Does not work", people will assume that it does not work at all, when in reality, all that can really be ascertained is that it is just not working for you.

For example, right here in my hand I have a Pixel 6 Pro. Same phone even, imagine that! And its running grapheneos build 2024070201, which is the latest build available as I'm typing this message, and guess what? Kitsune Mask build that I attached to this thread up above on March 19th is working just fine still.

What that tells me is that you made an error installing it. Please try again. If it still doesn't work for you, provide more details.

No need to be so aggressive.
Anyways, every time I install it it always bootloops, I patch latest boot.img and flash and get bootloop every time. Regular magisk I do not get a boot loop

This includes the new apk posted on the github
No modules running when I boot from flashing

Product revision: raven MP1.0 B1
Android 14
Pixel 6 Pro latest Graphene OS install

[silverwings15]

has anyone found a working version of LSposed that is compatible with Husky's Kitsune Magisk on GrapheneOS?

[sabamdarif]

try this:-

https://github.com/sabamdarif/zygisk-for-grapheneos

PerformanC/ReZygisk#53