FORUMS

[Guide] Bypass Safetynet on MM with Custom ROM & Kernel (Looking for testers)

118 posts
Thanks Meter: 66
 
By xJovs, Senior Member on 9th January 2017, 07:29 AM
Post Reply Email Thread

I would first like to say that I cannot guarantee if this works on ALL devices. I was able to get this to work on the Galaxy S6 and posted it on the Galaxy S6 forums, however I am looking for people with other devices to see if it works for them as well (because why not share the bypass love to everyone ) If it works, please post a screenshot to confirm so I can post it on the thread here. Thanks.


(Please note that I am not responsible if your phone bricks etc. Please use at your own risk! Myself and others who have also tested this bypass have had no reported issues of this bypass causing some sort of brick etc., but I cannot guarantee anything.)

*This is a copy and paste of a thread I made on another forums and I felt like sharing it here. If there is any mistakes in the post, please tell me so I can fix it. Thanks.*

__________________________________


Since October 2016, Google has (yet again) changed their way on how SafetyNet works and how they can now easily figure out if your phone is rooted or not. This caused many issues for rooted Android users who wanted to play games such as PKMNGO and use apps such as Snapchat. However, there is still ways to bypass SafetyNet.

Tested Devices:
- Samsung Galaxy S6
- Samsung Galaxy S5

*Looking for people with other devices to try and see if it works for themselves so I can add the device to the list.*

__________________________________

Requirements:
- Basic Understanding on how to use Custom Recovery, flashing zip files etc.
- Running on Android 6.0 (Looking for anyone with Android 7 to see if this works for them as well.)
- Phone has a custom recovery (I suggest TWRP) and on a Custom ROM. (Stock roms "should" work too.)
- Rom should have November 1st Security update or older updates. (Have not tested with roms with November 5th Security update and higher.)
- Magisk V10.2 & Magisk Manager 3.0
- SafetyNet Checker
- Phh Super User APK. PlayStore or 2.0 Beta
- Root File Explorer. I suggest Root Browser
- Kernel Adiutor
- Root Checker

(I have had issues trying Xposed on Magisk V9, however it may work on V10.2)
Tutorial
**WARNING: BIG IMAGES** (Had no time to resize them, but will soon.)

Before we begin, I suggest that you make a Nandroid backup through your preferred Custom Recovery. I suggest you use TWRP however CWM "should" work, but I have not tried myself.

Step 1:
Clean Install

The first step 'is' optional, however it is recommended that you do a clean install. I will be using Alexis Rom 8.0 Beta 2 for my Galaxy S6, but any rom should work. (Other than certain GraceUX ports, but am able to get it to work with other ported rom like CoreUi (a MIUI port) for the Galaxy S6). You should also flash a kernel now as well. I use to personally use Arter97 as SuperSU is not installed in this kernel, however Arter97 is slowly starting to become unstable as it hasn't been updated and there is better kernels out there. For this tutorial, I will be using Twisted Kernel.

Step 2:
Removing SuperSU

This step is 'also' optional, but ONLY if your rom/kernel does not automatically install SuperSU for you. In my case, it is automatically installed.

What you will need to do is to go to the SuperSU app, go to settings.


Scroll down until you see "Full unroot" and click it.

A popup will come up and click "Continue", then followed by another popup and click "NO".


Once you click no, your phone will freeze and then reboot. You should then install Root Checker to verify if your phone is unrooted.


(If for some reason, you are unable to use the SuperSU app but you know SuperSU is installed, I'd suggest you download UPDATE-unSU-signed.zip and flash it as it will manually remove SuperSU.)

Step 3:
Installing required APKs.

You will now need to install MagiskManager 3.0, SafetyNet Helper Sample, PHH Super User APK, Root Browser and Kernel Adiutor.


Step 4:
Flashing MagiskV10.2

You will need to reboot into your custom recovery and flash "Magisk-v10.2.zip", followed by rebooting. If you receive ERROR: 1 in TWRP when it is trying to mount SU, I suggest reflashing a kernel (and re-remove SuperSU), uninstalling Magisk with MagiskUninstaller (in Magisk thread) and reinstall Magisk V10.2, or reinstalling your rom.

Once you have flashed the file, reboot into System and open Magisk Manager to verify you have installed Magisk. A little pop up will open to allow Magisk to have root. Make sure to click allow and set it so it has root for "Forever".



If it states that root isn't properly installed, manually flash PHH Super User V266-2.

Step 5:
Enabling Magisk Hide

In Magisk Manager, go to the side menu and go to "Settings." You will see an unchecked box that says "Enable Magisk Hide." Select it and reboot. Re-open Magisk Manager and verify that it is now check marked. If the App crashes when you select "Enable Magisk Hide", reboot your phone and retry.



Step 6:
Set Permissions

In Root Browser, go to the directory "/sys/fs/selinux" and find the file "enforce" and the file "policy". On the file "enforce", change the permissions of the file from "644" to "640", and for the file "enforce", change the permissions of the file from "444" to "440". If Phh Super User pops up and asks for root access, click "Allow."



Once you are done, open up SafetyNet Helper Sample and it 'should' pass. If you are getting "Response Validation Failed" and the background is blue, uninstall Magisk by flashing Magisk Uninstaller, flash UPDATE-unSU-signed.zip, then reflash Magisk V10.2. Then, go back to Step 5 and enable Magisk Hide.


Step 7:
Use Kernel Adiutor to automatically set permissions in init.d

This last step is 'optional', however it automates the permission setting as every time you reboot your system, the file permissions will reset. Open up Kernel Adiutor, go to the sidebar and scroll down until you see 'Init.d'. Click it and make sure "Emulate Init.d" is enabled.
Then click the plus button, set the name to "Permissions" and then add the following script:

"chmod 640 /sys/fs/selinux/enforce" and "chmod 440 /sys/fs/selinux/policy" and save the files.

Also allow root access to Kernel Adiutor!




Step 8:
Reboot

Reboot your device, let Kernel Adiutor do its countdown (you will see in the notifications drop down) and once it says "Applying settings completed!", open up Safetynet and you should be passing!

Credits:

topjohnwu - Main developer of Magisk and Magisk Supported Phh Super User
This XDA thread - Helped me figure out how to do this bypass in the first place.
CoreUi Telegram Chat - Helped me test this bypass to see if it worked on different S6 models. Join here!

If I forgot to credit anyone, please tell me.

__________________________________

If there is any mistakes I made, spelling, phrasing etc., please tell me so I can fix it. Thanks.
The Following 5 Users Say Thank You to xJovs For This Useful Post: [ View ] Gift xJovs Ad-Free
9th January 2017, 10:06 PM |#2  
Junior Member
Thanks Meter: 7
 
More
Finally I can play again since they added the SafetyNet check! It's been way too long.

Worked perfectly on my Galaxy S5! I'm using the Resurrection Remix KLTE 6.0 for my Galaxy S5 so it came with it's own root. I just searched Root in settings, disabled it, flashed the unroot zip and then I was unrooted. Except for that everything worked the way you described! I forgot to reboot after Magisk Hide so I unrooted and reflashed Magisk but I'm not sure that was needed to be honest. Is SafetyNet Checker really needed? Magisk Manager also has a SafteyNet checker.
When I get more time I will do a backup and flash the 7.1.1 rom too and test if it works.


Complete package with everything needed in the guide for the lazy:
https://mega.nz/#!R18XRZQB!pgGx2LgNV...GVR3-a9r3TJaEA
9th January 2017, 10:13 PM |#3  
OP Senior Member
Thanks Meter: 66
 
More
Quote:
Originally Posted by Martan404

Finally I can play again since they added the SafetyNet check! It's been way too long.

Worked perfectly on my Galaxy S5! I'm using the Resurrection Remix KLTE 6.0 for my Galaxy S5 so it came with it's own root. I just searched Root in settings, disabled it, flashed the unroot zip and then I was unrooted. Except for that everything worked the way you described! I forgot to reboot after Magisk Hide so I unrooted and reflashed Magisk but I'm not sure that was needed to be honest. Is SafetyNet Checker really needed? Magisk Manager also has a SafteyNet checker.
When I get more time I will do a backup and flash the 7.1.1 rom too and test if it works.

There 'is' a Safetynet checker in Magisk Manager, however it will always say 'CTS Profile error', while SafetyNet Checker will say if its either a CTS error, Response Validation error, Play Store error etc. Maybe it's just a bug in Magisk Manager but if it gets fixed; I'll remove SafetyNet Checker from the tutorial.
The Following User Says Thank You to xJovs For This Useful Post: [ View ] Gift xJovs Ad-Free
10th January 2017, 09:26 PM |#4  
Junior Member
Thanks Meter: 7
 
More
Quote:
Originally Posted by xJovs

There 'is' a Safetynet checker in Magisk Manager, however it will always say 'CTS Profile error', while SafetyNet Checker will say if its either a CTS error, Response Validation error, Play Store error etc. Maybe it's just a bug in Magisk Manager but if it gets fixed; I'll remove SafetyNet Checker from the tutorial.

Can confirm that this works on 7.1.1 roms too! As I mentioned in my other post I use the Resurrection Remix rom.

By the way, you could mention that instead of using root browser to change permissions you could skip that step all together and just add the modification to Kernel Auditor. And instead of rebooting to test it you can just click the "Permissions" addition to execute the script right away just to make sure it works and then do a reboot to confirm.
The Following User Says Thank You to Martan404 For This Useful Post: [ View ] Gift Martan404 Ad-Free
11th January 2017, 04:10 PM |#5  
Junior Member
Flag Çankırı
Thanks Meter: 0
 
More
Thank you so much. it worked
13th January 2017, 03:58 AM |#6  
Member
Flag krishnagiri
Thanks Meter: 5
 
More
help plse plse give steps by step for 7.1.1(RR)

---------- Post added at 02:58 AM ---------- Previous post was at 02:54 AM ----------

i tried but cts profile mismatch becomes false

Sent from my MotoG3 using Tapatalk
14th January 2017, 02:47 PM |#7  
g_BonE's Avatar
Member
Thanks Meter: 44
 
More
Running a Mi Max here and have to say: Not working!

If i fully unroot the phone (magisk uninstaller / unSU script) then safety net helper gives me a red screen (CTS profile mismatch) but after installing Magisk 10.2 i only get a blueish screen in safetynethelper saying "response validation: fail"
14th January 2017, 08:49 PM |#8  
Junior Member
Thanks Meter: 7
 
More
Quote:
Originally Posted by naveenfre

help plse plse give steps by step for 7.1.1(RR)

---------- Post added at 02:58 AM ---------- Previous post was at 02:54 AM ----------

i tried but cts profile mismatch becomes false

Sent from my MotoG3 using Tapatalk

1. Open the Settings app, and go About phone tab and spam click on Version to enable Developer Tools.
2. Do a search in the settings for "Root" and disable Root access.
3. Reboot to Recovery mode and flash this unroot https://forum.xda-developers.com/sho...php?p=63615067
4. Reboot phone and follow xJovs' guide from step 3

Note: I also used the flashable zip file from the guide to get root and did not install the APK. https://forum.xda-developers.com/app...d-pay-t3435921


Quote:
Originally Posted by g_BonE

Running a Mi Max here and have to say: Not working!

If i fully unroot the phone (magisk uninstaller / unSU script) then safety net helper gives me a red screen (CTS profile mismatch) but after installing Magisk 10.2 i only get a blueish screen in safetynethelper saying "response validation: fail"

It might be because of the Kernel but I'm just speculating. Try flashing a new one to see if it helps!
15th January 2017, 04:31 AM |#9  
OP Senior Member
Thanks Meter: 66
 
More
Quote:
Originally Posted by g_BonE

Running a Mi Max here and have to say: Not working!

If i fully unroot the phone (magisk uninstaller / unSU script) then safety net helper gives me a red screen (CTS profile mismatch) but after installing Magisk 10.2 i only get a blueish screen in safetynethelper saying "response validation: fail"

It will always return blue right after installing Magisk. You need to follow through with the whole tutorial to work. If you have, then it's probably your rom. It happened with me on GraceUX roms.
22nd January 2017, 06:41 PM |#10  
Senior Member
Flag goa
Thanks Meter: 183
 
More
Latest version of PoGo doesn't appear in magisk hide menu
6th March 2017, 03:43 PM |#11  
Junior Member
Flag Montréal
Thanks Meter: 1
 
More
It works
Thanks! Editing the permission of SElinux files works for me

Nexus 5X
GooglePixelROM v7.0.1
Android 7.1.2
NPG05D
Using Magisk 11.1

Now I can pass SafetyNet and use AndroidPay on a custom ROM
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes