[UNOFFICIAL][2016-Nov-02]Xposed build that passes SafetyNet while enabled and active

Search This thread

josephcsible

Senior Member
Nov 3, 2016
225
92
UPDATE: Not even 24 hours and it fails SafetyNet now. I'm currently working on another solution.

Hi all. Long time lurker, first time developer. I created a modified version of the Xposed Framework that doesn't cause you to fail SafetyNet, even while it's enabled and active. Instructions:
  1. Remove any existing Xposed versions
  2. Get your phone in a state where it passes SafetyNet without Xposed (install a custom kernel to hide an unlocked bootloader, hide root with RootSwitch, etc.)
  3. Install the Xposed Installer app if you don't already have it
  4. Go to https://github.com/josephcsible/Xposed/releases/tag/v86a and download xposed-v86a-safetynet-josephcsible-sdk23-arm.zip
  5. Flash xposed-v86a-safetynet-josephcsible-sdk23-arm.zip from recovery
  6. Wipe cache and dalvik
  7. Reboot
You should now have Xposed installed and enabled, with all of your modules working, without failing SafetyNet. Notes:
  • Do not turn off Xposed with RootSwitch with this build. It will probably break things because of differences in how app_process sits, and the entire point of this build is that you don't need to do this.
  • The only build I made was for ARM and Marshmallow, because that's all I have to test on
  • The official uninstaller won't work right with this version, so use my version of the uninstaller instead
  • This passes SafetyNet as of November 2nd. It probably won't for very long.
Technical details:
  • I made this build by compiling my own app_process, then editing it into the stock installer zip. I didn't recompile anything else or use the tools to make the zip.
  • app_process32 is now a regular file instead of a symlink to app_process32_xposed.
  • XposedBridge.jar is now called YqptfeBridge.jar (since SafetyNet checks the classpath for a file called XposedBridge.jar)
  • I obfuscated many of the strings in the app_process binary with a simple Caesar cipher. The source for this is in the GitHub with the download link.
Enjoy it while it lasts!
 
Last edited:

josephcsible

Senior Member
Nov 3, 2016
225
92
Yeah, but I'm not overly concerned since I expect at best a few weeks before it gets patched and I have to redo it all anyway.
 

josephcsible

Senior Member
Nov 3, 2016
225
92
Status update: My app_process is still not detected at all. It's now detecting something that's happening in Java (XposedBridge).
 

Devilouned

Member
May 2, 2017
11
0
Hi is there an other way to use Xposed modules while passing safatynet check ? Its usefull on POGO !
Regards, Devilo !
 

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    UPDATE: Not even 24 hours and it fails SafetyNet now. I'm currently working on another solution.

    Hi all. Long time lurker, first time developer. I created a modified version of the Xposed Framework that doesn't cause you to fail SafetyNet, even while it's enabled and active. Instructions:
    1. Remove any existing Xposed versions
    2. Get your phone in a state where it passes SafetyNet without Xposed (install a custom kernel to hide an unlocked bootloader, hide root with RootSwitch, etc.)
    3. Install the Xposed Installer app if you don't already have it
    4. Go to https://github.com/josephcsible/Xposed/releases/tag/v86a and download xposed-v86a-safetynet-josephcsible-sdk23-arm.zip
    5. Flash xposed-v86a-safetynet-josephcsible-sdk23-arm.zip from recovery
    6. Wipe cache and dalvik
    7. Reboot
    You should now have Xposed installed and enabled, with all of your modules working, without failing SafetyNet. Notes:
    • Do not turn off Xposed with RootSwitch with this build. It will probably break things because of differences in how app_process sits, and the entire point of this build is that you don't need to do this.
    • The only build I made was for ARM and Marshmallow, because that's all I have to test on
    • The official uninstaller won't work right with this version, so use my version of the uninstaller instead
    • This passes SafetyNet as of November 2nd. It probably won't for very long.
    Technical details:
    • I made this build by compiling my own app_process, then editing it into the stock installer zip. I didn't recompile anything else or use the tools to make the zip.
    • app_process32 is now a regular file instead of a symlink to app_process32_xposed.
    • XposedBridge.jar is now called YqptfeBridge.jar (since SafetyNet checks the classpath for a file called XposedBridge.jar)
    • I obfuscated many of the strings in the app_process binary with a simple Caesar cipher. The source for this is in the GitHub with the download link.
    Enjoy it while it lasts!