[Discussion] Google Pay Magisk Discussion Thread

[zgfg]

There are many gpay threads any idea what it's called? I am using USNF 2.3.1 ZYGISK

Oops (I overlooked, thought you are in Magisk thread) - this is the GPay thread

Look for "USNF v2.3.1-mod" (as I mentioned in the previous answer - must have that MOD in the name), from Displax (from him, not from the OP poster in the USNF thread). Might be here but also in the USNF thread

It's been month and more when that MOD version of the module was posted, and the whole story about Wallet, Play Integrity API discussion started here and in that USNF thread - info can be found by reading the posts

 

[brambles1234]

Below

 

[brambles1234]

Whenever I come to XDA and ask a question I'm normally receive a really unhelpful reply, along the lines of "if you search you will find your answer" This is can be very annoying, especially after I have spent an hour looking and I still can't find the answer? Hence the reason I ask a question.

The reason I say this is because I have got Google wallet working and I will share what I did.

Samsung Galaxy S21 rooted Beyond Rom

1. Uninstalled Google wallet
2. Deleted both cache and data from play store
3. Updated Xprivacy Lua
4. Reinstalled UNSF
5. Changed fingerprint using su / props
6. Restarted phone

It is pertinent to say here that I fail all api integrity checks using the app on playstore. However Google wallet contactless payment works better than before.

I will keep this updated if I have as any issues.

 

[CSX321]

Below

Tap-to-pay is still working for me as of an hour ago. No pending app updates showing.

• Pixel 6 with A13 September update
• Magisk 25201 (slightly outdated, I know)
• 3 Modules: "Systemless Hosts", "Universal SafetyNet Fix" v2.3.1 mod version, "OnePlus Oxygen OS 11 - Two-Button Navigation (Standard Height)"

 

[zgfg]

Whenever I come to XDA and ask a question I'm normally receive a really unhelpful reply, along the lines of "if you search you will find your answer" This is can be very annoying, especially after I have spent an hour looking and I still can't find the answer? Hence the reason I ask a question.

The reason I say this is because I have got Google wallet working and I will share what I did.

1. Uninstalled Google wallet
2. Deleted both cache and data from play store
3. Updated Xprivacy Lua
4. Reinstalled UNSF
5. Changed fingerprint using su / props
6. Restarted phone

It is pertinent to say here that I fail all api integrity checks using the app on playstore. However Google wallet contactless payment works better than before.

I will keep this updated if I have as any issues.

Fine that it works, and nice that you described your process

Feel free to help/answer to the others writing them complete instructions (or searching yourself to give them links to exact this or that post)

 

[m0han]

.... you need to have Zygisk, therefore Magisk v25 (not Magisk v23 and Riru - if you are still on Riru)...

just for info: latest gpay works fine with the latest magisk delta and riru. modules as in screenshot.

 

[73sydney]

Whenever I come to XDA and ask a question I'm normally receive a really unhelpful reply, along the lines of "if you search you will find your answer" This is can be very annoying, especially after I have spent an hour looking and I still can't find the answer? Hence the reason I ask a question.

The reason I say this is because I have got Google wallet working and I will share what I did.

1. Uninstalled Google wallet
2. Deleted both cache and data from play store
3. Updated Xprivacy Lua
4. Reinstalled UNSF
5. Changed fingerprint using su / props
6. Restarted phone

It is pertinent to say here that I fail all api integrity checks using the app on playstore. However Google wallet contactless payment works better than before.

I will keep this updated if I have as any issues.

Please understand that someone asking the same question over and over (and often expecting to be spoonfed) can be taxing.

And yes the search system can sometimes take a bit of learning to fully utilize properly....but really, heres the key.....if its a recent issue, then the issue is very likely not just affecting you, and so the solution will often be found in the last 5-10 pages of a thread. People get really tired of people who rock up create a new post at the end of the thread, when the answer is maybe 3 pages back, and they seem to think thats too much effort. Standard Operating Procedure on any thread should be to read the last 5-10 pages before creating a new post. That would earn the average person who thinks theyre catching a tough break because theyve touched a nerve that been tugged at by 50 people before them a lot of respect....consider trying the last 5-10 pages of a thread method in future, it will often not only giver you the solution, but the context, which can be just as important, and often you may be able to provide some input or insight no one else has, which everyone can benefit from. Also if people just rock up and expect an answer in 5 minutes everytime (theres plenty do it, some people might have been registered for 3, sometimes many more, years and never post until they need something, happens all the time), then they dont learn anything, and they also dont contribute....

As for your steps above:

3. Updated Xprivacy Lua <-thats not required and is a personal choice, and has no real bearing ion the issue)

Usually one would do:

1. Install USNF Mod (the Mod is important as already stated)
2. Integrity Test
3. Test contactless menu in Wallet

If contactless fails:
4. Delete both cache and data from play store and reboot
5. Test contactless menu in Wallet

Note

Step 4 has been known to take days to return a positive contactless setup, in some cases


Note #2:

5. Changed fingerprint using su / props <- this should be largely unnecessary except in the case of chinese ROM's or other edge cases as far as i remember

 

[brambles1234]

just for info: latest gpay works fine with the latest magisk delta and riru. modules as in screenshot.

Did you get magisk delta from telegram?

 

[zgfg]

Did you get magisk delta from telegram?

I dunno for Delta Telegram but simple google searches "XDA Magisk Delta" and "GitHub Magisk Delta" provide by no mistake the links (top choices) to the corresponding discussion here about Magisk Delta and to the GitHub project with instructions, download links, etc

 

[pndwal]

... Note #2:

5. Changed fingerprint using su / props <- this should be largely unnecessary except in the case of chinese ROM's or other edge cases as far as i remember

... And with @Displax USNF_mod it is not needed even for ROMs not passing CTS Profile match (China region, Beta, Developer, many custom ROMS) in most cases. (There may rare be exceptions where this modded module doesn't work.)

Technical:

This mod actually adjusts the fingerprint prop to achieve the mismatch needed along with device prop mismatch to trigger bypassing of hardware based attestation enforcement in Play Integrity (different from the actual Evaluation type fallback triggered by the exception caused when trying to use key attestation with an injected 'fake' keystore provider registered)...

All these mods, official and unofficial, target the gms attestation process (one process within Google Play Services) only. The prop changes are not globally applied, so issues with OEM specific functions (eg Galaxy Store, special camera functions etc) caused by model prop changes and issues with Play Store (eg. YouTube not updating as expected) etc caused by fingerprint prop changes are successfully avoided...

Issues with unmatched security patch prop dates are also avoided with this solution...

The @Displax mod also kills a second bird (or rabbit ), ie. allowing ROMs not passing CTS Profile match to pass as mentioned above, simply because the fingerprint prop used for HA bypass trigger must also be properly certified for CTS...

--> This makes this USNF build a true 'Universal' fix, encompassing both old S/N API and new PI API, as well as the whole range of certified stock and uncertified China region, Beta, Developer and custom ROMS...

PW

 

[m0han]

Did you get magisk delta from telegram?

Don't remember when/where I got it first from, but as of now I keep getting in-app updates.

 

[Nekromantik]

Pixel 6 Pro September Update stock ROM so A13
i was on latest stable Magisk with kdragon USNF and DenyList UnMount and got the your device does not meet security message this morning. Tried the Integrity test and it failed all 3 on version 1. So installed USNF mod and then it passed first 2 but not strict. Did cache and data wipe of Google Play and rebooting but contactless menu still says does not meet requirements but I not tried to actually use it.
Should I pass all 3 in the integrity test?

 

[shadowstep]

Should I pass all 3 in the integrity test?

No. You cannot pass the strong integrity check. Conditions for MEETS_STRONG_INTEGRITY to be true are:

• Hardware attestation is working
• Bootloader is locked
• Google Play is certified
• ROM must be production build

 

[Nekromantik]

No. You cannot pass the strong integrity check. Conditions for MEETS_STRONG_INTEGRITY to be true are:

• Hardware attestation is working
• Bootloader is locked
• Google Play is certified
• ROM must be production build

Ah ok thanks

 

[cescman]

I am using a pixel 6 pro rooted with magisk and usnf 2.3.1 installed. Play store and wallet and play service all in deny list. Google pay has been working fine for months until yesterday when I got a pop up message that my device doesn't meet requirement for contactless payment. YASNAC showed basic integrity and CTS match both pass and evaluation type basic.
I tried clearing play store data and cache and rebooted as described in a post above but it doesn't work. Any one has the same problem or any solution?

 

[zgfg]

I am using a pixel 6 pro rooted with magisk and usnf 2.3.1 installed. Play store and wallet and play service all in deny list. Google pay has been working fine for months until yesterday when I got a pop up message that my device doesn't meet requirement for contactless payment. YASNAC showed basic integrity and CTS match both pass and evaluation type basic.
I tried clearing play store data and cache and rebooted as described in a post above but it doesn't work. Any one has the same problem or any solution?

First, instead of the 'official' USNF 2.3.1 use the "2.3.1-mod" from Displax (mentioned in every 'second' post)

Second, there is no use of putting Playstore to DenyList - it relies on Google Play Services and that's managed by USNF 2.3.1-mod

 

[pndwal]

@brambles1234, @Nekromantik, @cescman, others searching, here's a little Summary / Guide:

Current fixes needed for Google Pay / Wallet

These days we need passing deviceIntegrity in new Play Integrity API. (Don't worry about strong integrity; few if any apps will use this at present as that would exclude users/customers using any device launched with Android 7 or earlier even if on latest Android as well as a number of newer devices with broken keymaster implementations.) Nb. While Safety net API is already depreciated, it's attestation must all be passing and Evaluation type showing BASIC for PI deviceIntegrity to pass since the same signals (plus more) are used by PI...

To check these, use YASNAC (S/N) and Play Integrity API Checker (PI) from Play Store...

Many devices passing S/N CTS Profile match, especially those running Android 11+, won't pass PI deviceIntegrity verdict with current official Universal SafetyNet Fix alone. @Displax's safetynet-fix-xxxx-MOD is the current solution:
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-3-1.4217823/post-87198517
- See my notes in post above for technical details, incl. why this solution also negates the need for setting a fingerprint in MagiskHide Props Config module for ROMs not passing CTS Profile match (China region, Beta, Developer, many custom ROMS)...
- Also note Usage: Delete/disable/reset MHPC (if installed / spoofing fingerprint).
- Note that Zygisk should be enabled and working, and only Google Pay/Wallet needs to be in denylist whether enforced or disabled with Shamiko etc active; no need for Play Store, Google Play Services processes etc when using any Zygisk-USNF builds...

Once PI deviceIntegrity is restored / passing, Google Pay/Wallet security requirements may pass again after some days (could take a week!) if simply left... Clearing Google Play Services and Google Pay/Wallet data should fix this immediately but you will need to set up cards again... Nb. Be sure to reboot immediately after clearing Google Pay/Wallet data (before opening app) to avoid issues (eg. app works but Activity list fails to populate).

Clearing Play Store data may be needed to restore Play Protect 'Device is certified' in Play Store Settings, About... This will affect whether Google Pay and other apps calling S/N or PI APIs appear in the Store...

Related Issues:

A number of users have experienced contactless payment failure with Google Pay / Wallet stating "Your phone does not meet the security requirements" irrespective of SafetyNet or Play Integrity status. (Several of us experienced this suddenly, and it predated both new Wallet upgrade an Play Integrity implementation.)...

Further, in tackling this I experienced two issues restoring a working setup;
- Issue where 'Google Pay/Wallet is currently updating' fails to complete, and
- After restoring app, Activity list fails to populate.

I put steps to fix these here:
Initial fix:
https://forum.xda-developers.com/t/...agisk-discussion-thread.3906703/post-86981221
Resolved Activity list won't populate:
https://forum.xda-developers.com/t/...agisk-discussion-thread.3906703/post-86991951
Summary (scroll to 'In short...'):
https://forum.xda-developers.com/t/...agisk-discussion-thread.3906703/post-86992241

Hope this helps those concerned. PW

 

[Goooober]

Like many people Google Wallet is now broken for me. I've been using it without issue on my Poco F3 running Crdroid for a few months now using the latest Magisk, Zygisk and the SafetyNet Mod Fix by Displax but it not longer seems to work.

I've tried the usual clearing storage for Play Services, Play Store, Wallett App without success, I can't even add a card to the Wallet app now.

My YASNAC still passes but Google Play Integrity API Checker now fails on MEETS_DEVICE_INTEGRITY when it used to pass.

 

[Nekromantik]

@Goooober see post above yours
you need to use the UNSF MOD instead of official

 

[Goooober]

@Goooober see post above yours
you need to use the UNSF MOD instead of official

As I said in my most I am already using the UNSF mod by Displax. I assume that's the one you're referring to unless there is another one?