[Discussion] Google Pay Magisk Discussion Thread

Search This thread
By:
Advanced…
Q

qetuol

Senior Member
Oct 16, 2010
127
10
My Gwallet also stopped to work a few days ago despite [see attached picture].
I did not modify anything in system,it just stopped to work with "Your device doesn't meet security requirements". Any idea? Is it now gone for good?
 

Attachments

  • Screenshot_2023-01-27-09-44-29-972_gr.nikolasspyr.integritycheck.jpg
    Screenshot_2023-01-27-09-44-29-972_gr.nikolasspyr.integritycheck.jpg
    115.4 KB · Views: 43
B

bizkit_120

Senior Member
Feb 4, 2014
102
15
Same issue here , everything works fine 3 days ago,didn't update anything nor security patch update. Yesterday when I try to make a payment it tell me on the payment screen phone doesn't meet security standard. Back home Tried safety net 2.4.0 worked about an hour when i retry integrity api checker first one failed,mean time try add card to wallets failed too..😑

Downgrade to 2.3.1 straight way integrity checker failed.

Have to say goodbye to wallets for some time.. Will see you again..😢

OnePlus 9 oos13

.Screenshot_2023-01-26-20-34-42-85_c164fb607f41c6d3a88bed2bf1a99c07.jpgScreenshot_2023-01-26-19-01-14-90_f7aa348215f5d566f9e4ca860f474209.jpg
 
rodken

rodken

Senior Member
Jan 11, 2010
1,546
679
pndwal said:
Yup...

Clearly new 2.4.0 is failing intermittently for many, and Google Pay/Wallet users particularly are getting failures w/ 'Device doesn't meet Security requirements' message as Google monitors device security even when Pay/Wallet is not invoked.
Click to expand...
Click to collapse
Not to 'toot my own horn' - I might be one of the lucky few that doesn't have any issues with GPay while running 2.4.0 on the OnePlus 8 OOS 11 while passing Basic and Device Integrity.
 
P

pndwal

Senior Member
Jun 23, 2016
5,911
6,512
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
rodken said:
Not to 'toot my own horn' - I might be one of the lucky few that doesn't have any issues with GPay while running 2.4.0 on the OnePlus 8 OOS 11 while passing Basic and Device Integrity.
Click to expand...
Click to collapse
OnePlus 8?... Doesn't Momo show 'Tee broken'?... (It's actually not, but Devs mean keymaster implementation is broken)...

If so (IIRC), you don't even need main USNF functions!; neither fake keystore registration to trip fallback to Basic attestation nor prop changes to bypass hardware attestation based verdict enforcement as your broken keymaster already trips fallback to basic and Google don't enforce hardware attestation based verdict enforcement using your devices expected prop values as they know which OnePlus devices (and others) are broken...

It seems that the recent failure relates to USNF's key fake keystore registration function/timing...

You most likely only need root hiding for gms attestation (droidguard) process (com.google.android.gms.unstable) and resetting of some sensitive props to pass S/N or PI deviceIntegrity... USNF also performs these functions since we no longer have MagiskHide doing this...

👀 PW
 
  • Like
Reactions: rodken
B

bizkit_120

Senior Member
Feb 4, 2014
102
15

bizkit_120 said:
Same issue here , everything works fine 3 days ago,didn't update anything nor security patch update. Yesterday when I try to make a payment it tell me on the payment screen phone doesn't meet security standard. Back home Tried safety net 2.4.0 worked about an hour when i retry integrity api checker first one failed,mean time try add card to wallets failed too..😑

Downgrade to 2.3.1 straight way integrity checker failed.

Have to say goodbye to wallets for some time.. Will see you again..😢

OnePlus 9 oos13

.View attachment 5821021View attachment 5821023
Click to expand...
Click to collapse
Update: 😃 Finally it works... don't know how long it can lasting...🤞
 
B

bizkit_120

Senior Member
Feb 4, 2014
102
15
casouzaj said:
For me, too. Couple of days ago, Wallet complained that my device didn`t match security standards. Then, downgraded to USNF-MOD-2.1, rebooted, and Wallet is back to work! Xperia XZ2 running LineageOS 20.0. Magisk Delta Canary. Zygisk, Magiskhide and SuList are enabled.
Click to expand...
Click to collapse
You will also need to make sure wipe out Google service cache just in case if any funky residue may back to you some time later..
 
  • Like
Reactions: rodken
P

pndwal

Senior Member
Jun 23, 2016
5,911
6,512
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
shoey63 said:
@pndwal
Which is the best @Displax fork?
There's a couple of 2.31's and a 2.40
Click to expand...
Click to collapse
Ah, all 3 published ones are 3.31 based... Read spoiler notes here:
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-4-0.4217823/post-87198517

You can use any... Last 2 needed for P7 and any device launched with A13... Final build has Hide "Enable OEM Unlock" setting... Jury's out on that; I think @kdrag0n didn't want to include it...
shoey63 said:
Edit. Obviously not required for my Rog 3, but I am going to try This method on my pixel 6 to achieve locked bootloader and rooted with Magisk to try and pass "Strong Integrity"
Click to expand...
Click to collapse
Doubt you'll achieve that; Hardware will still attest to custom keys/signing used / custom root of trust set, ie. Yellow state... That's still technically a Verified Boot issue category... You'll need verified Green state to pass strongIntegrity... 😬 PW
 
  • Like
Reactions: shoey63
B

bizkit_120

Senior Member
Feb 4, 2014
102
15
pndwal said:
Did you move to @Displax forked/modded USNF?... Should last with that... Until official 2.4.0 gets fixed... PW
Click to expand...
Click to collapse
I tried 2.4, 2.3. none of them work, eventually found out this 2.3.1 mod which works perfectly fine . I was keep run integrity api checker today morning.. so far so good .. first 2 pass, Strong I haven't seen it ever show me green check mark since I rooted my phone...not sure anyone ever seen Strong pass..
pndwal said:
Did you move to @Displax forked/modded USNF?... Should last with that... Until official 2.4.0 gets fixed... PW
Click to expand...
Click to collapse
 
C

cmstlist

Senior Member
Jan 11, 2010
3,374
524
Toronto
Google Pixel 4a
Fry-kun said:
Installed Displax' usnf 2.3.1-MOD_2.1 (from GitHub) and seeing the same issue.

Edit: cleared Wallet cache and it's not complaining now... So maybe it did work.
Will test payments later
Click to expand...
Click to collapse
Just wanted to report on Pixel 6a this seems to have worked?

I removed 2.4.0, added the above mod, then before any reboots I did a force-close + cache clear on Play Store, Wallet and Play Services. Did not wipe data of any. Then reboot. On first open of Wallet app it still complained. But then after quitting and reopening the app, no further complaints.

EDIT: Yes it worked. The error appeared when I tried to make a payment at a cafe this morning. After doing the above I went grocery shopping and was able to pay again.
 
Last edited:
X

xabier-bo

Senior Member
Sep 17, 2014
150
29
pndwal said:
Did you move to @Displax forked/modded USNF?... Should last with that... Until official 2.4.0 gets fixed... PW
Click to expand...
Click to collapse
Couple of weeks ago I found strange "card rejected" messages while paying with gwallet. But immediately, after the first failing attempt it was accepted.

Then I read the posts here sharing new problems, while everything had been working fine until now.

So I checked the gwallet app (I never look at it), and discovered it was complaining with the "old" message: this device doesn't meet...

I wiped apps caché (google play and gwallet), rebooted, got a first complaint of not meeting requirements, but closing and reopening the app made it disappear.

So, I decided a more "conclusive" approach. I went to the supermarket and payed with the gwallet without any problem.

So, this is my situation: I've had to downgrade nothing, I've kept USFN v2.4.0 by kdrag0n, and I'm paying with gwallet.

Hope it's helpful for your "diagnosis"
 
P

pndwal

Senior Member
Jun 23, 2016
5,911
6,512
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
xabier-bo said:
Couple of weeks ago I found strange "card rejected" messages while paying with gwallet. But immediately, after the first failing attempt it was accepted.

Then I read the posts here sharing new problems, while everything had been working fine until now.

So I checked the gwallet app (I never look at it), and discovered it was complaining with the "old" message: this device doesn't meet...

I wiped apps caché (google play and gwallet), rebooted, got a first complaint of not meeting requirements, but closing and reopening the app made it disappear.

So, I decided a more "conclusive" approach. I went to the supermarket and payed with the gwallet without any problem.

So, this is my situation: I've had to downgrade nothing, I've kept USFN v2.4.0 by kdrag0n, and I'm paying with gwallet.

Hope it's helpful for your "diagnosis"
Click to expand...
Click to collapse
The failures with 2.4.0 may be random, often occuring with a reboot...

Google monitors device security for G Pay/Wallet full time, so whether PI deviceIntegrity fails momentarily or user removes lockscreen pattern/password and immediately restores it, Pay/Wallet will likely lock out contactless payment use even while Pay/Wallet is not in use and either require resetting (clearing data for Pay/Wallet and/or Play Services) or will be restored after some time...

We need a fix for detections in official solution, but @Displax modded USNF builds are not failing this way and are working fine for most users ATM. PW
 
  • Like
Reactions: ipdev, rodken and xabier-bo
G

Garbonzo17

Member
Oct 5, 2014
30
10
pndwal said:
Continued...

And this really sums up the whole need for
"magisk: Remove Play Services from DenyList
The Zygisk module will never load if GMS is in the DenyList..."

I did envisage issues with multiple hiding solutions operating on one process as covered above, but these haven't been demonstrated anywhere...

However while denylist does hide by virtue of 'Magisk getting out of the way', it actually prevents Magisk modifications from affecting selected processes at all, unlike. hiding solutions, so any Zygisk based injection of code into a forked zygote process that loads and runs a new app's code cannot occur for instance.

Since USNF's key function works this way it must fail when gms droidguard process is in (enforced) denylist:

I believe that the various targeted prop changes needed to trigger hardware based verdict enforcement bypasses in S/N and PI also use Zygisk, so these functions will fail also...

I have to agree that it's the nature of denylist that necessitates the removal of at least the gms droidguard process from denylist (although I still think merely instructing users is to do this manually where needed is all that is needed and would actually cause less confusion)... 🙂

Anyway, thanks for helping me properly connect modification denial with the reason for magisk: Remove Play Services from DenyList commit. 👍

😂

🤣

I didn't mean to suggest that Shamiko users were dumb enough to enforce denylist... USNF would remove gms processes on next boot anyway...

Shamiko should really note somewhere that hijacked denylist really = hidelist, if only to create an excuse to fall about laughing at the confused gringo-user posts suddenly appearing in LSP TG threads everywhere...

😭


View attachment 5782451

😋PW
Click to expand...
Click to collapse
Ok, these 2 posts cleared up ALOT of my confusion about how this works! (I think)
I had my OP9 w/oos13 working fine up until a couple of days ago, and was going bonkers trying to walk back whatever had happened... I think what I did was enabled enforcing the list so I could add kroger so I could use their shopping app, but left gps on the list??? I have removed that, gone to the USNF/displax v2.1 and not only have google wallet and kroger in the deny list. I gather there may be still overlooking something simple or doing something out of sequence... still passing basic integrity and CTS match, same as before, have cleared storage+cache for wallet, gps (and kroger for good measure) and now still having no luck with getting wallet/pay to work. I am trying some other things but if anyone can be precise with anything I am not grokking it would be much appreciated! TIA!
 
P

pndwal

Senior Member
Jun 23, 2016
5,911
6,512
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
Garbonzo17 said:
Ok, these 2 posts cleared up ALOT of my confusion about how this works! (I think)
I had my OP9 w/oos13 working fine up until a couple of days ago, and was going bonkers trying to walk back whatever had happened... I think what I did was enabled enforcing the list so I could add kroger so I could use their shopping app, but left gps on the list??? I have removed that, gone to the USNF/displax v2.1 and not only have google wallet and kroger in the deny list. I gather there may be still overlooking something simple or doing something out of sequence... still passing basic integrity and CTS match, same as before, have cleared storage+cache for wallet, gps (and kroger for good measure) and now still having no luck with getting wallet/pay to work. I am trying some other things but if anyone can be precise with anything I am not grokking it would be much appreciated! TIA!
Click to expand...
Click to collapse
USNF has issues as you'll see here... So
pndwal said:
Folks:

Clearly new 2.4.0 is failing intermittently for many, and Google Pay/Wallet users particularly are getting failures w/ 'Device doesn't meet Security requirements' message as Google monitors device security even when Pay/Wallet is not invoked... I recommend using @Displax's USNF modded fork at least until official USNF is updated... (I gave what clues I have in post above). PW
Click to expand...
Click to collapse
... Don't put gms (Play Services) in denylist for ANY USNF builds. (Only needed for custom ROMs integrating @kdrag0n's SNF or their own solutions for S/N / PI)...

Please be specific what you mean by
Garbonzo17 said:
... and now still having no luck with getting wallet/pay to work...
Click to expand...
Click to collapse

... Are you getting the "Google Pay is Currently Updating..." Screen that never goes away? Other?... PW
 
You must log in or register to reply here.

Similar threads

T
  • Sticky
Magisk General Support / Discussion
Replies
55K
Views
6M
martyfender
martyfender
T
  • Locked
  • Sticky
Magisk - The Magic Mask for Android
Replies
56
Views
6M
T
topjohnwu
T
  • Locked
[CLOSED][BETA][2018.7.19] Magisk v16.7 (1671)
Replies
7K
Views
3M
T
topjohnwu
Heisenberg
[Discussion] PokeMon Go Magisk Discussion Thread
Replies
5K
Views
635K
djkrish5610
djkrish5610
Deic
[Magisk v14.0] Universal SafetyNet Fix | Universal Hide [v2 Beta 5]
Replies
2K
Views
861K
D
Deleted member 8425317

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 2
    Fishawy
    Fishawy
    Virnik0 said:
    This is so weird. I have Galaxy S22 and Galaxy S20+, both with latest stock firmware + Magisk 25.2, I have all google apps in DenyList. Also, the ROM is heavily modified: I disable almost all Samsung Apps (except for system-critical). SafetyNetFix of latest Git-downloaded version installed, TWRP also of latest available (corsicanu's build). Everything works, but Google Wallet sometimes throws a pop-up warning about root. I usually kill the app, wipe it's cache, start it again and I can again pay without problem. Also, no matter what, contact-less payment have all checks green, despite prior toast warning. Reboot also fixes the issue (making payments possible again, in cases where cache wipe or app-kill won't work).
    Click to expand...
    Click to collapse
    If you're using the original Universal SafetyNet Fix by kdrag0n, you might wanna switch to the Displax fork linked a couple of posts above and test.

    Hope this helps.
    View
    2
    DineshValor
    DineshValor
    varunpilankar said:
    I'm using rooted android 10 with Safetynet Pass & Play Store -Certified, but I'm still not able to activate tap to pay on Paytm app.


    It's gives me a error - "This functionality is not available due to security concerns with your device."

    How can I fix it?
    Click to expand...
    Click to collapse
    Requirements:-
    - Magisk v25.2
    - LSPosed v1.8.6
    - PrivacySpace v1.3.7 (LSPosed module app)
    - Enable Zygisk (Enforce DenyList - Disabled) under Magisk (+ download some Magisk module as shown in screenshot¹)
    Screenshot_2023-03-18-17-10-02-79_9d1fb82a3633e78ac9c37e5a64e38237.jpg

    Follow below steps to fix "This functionality is not available due to security concerns with your device" in Paytm (Tap to Tay):-
    1. Download frest original Paytm app or clear data & force stop.
    2. Open PrivacySpace app/module under LSPosed.
    3. Hidden Apps > select Paytm (+ all other modules such as Lucky Patcher, etc as show in screenshot²).
    Screenshot_2023-03-18-17-20-27-10_30686f06bc9783668a8afa418b45660d.jpg
    4. Blacklist > select Paytm.
    Note: If u want to recieve Paytm app update in Play Store then select Play Store in "Connected with Others" to unhide Paytm app for Play Store.
    Screenshot_2023-03-18-17-27-19-47_30686f06bc9783668a8afa418b45660d.jpg
    5. All Set, Try your Luck Now, and do not forget to let me know if it's work for you too.
    View
    1
    Virnik0
    Virnik0
    Fishawy said:
    If you're using the original Universal SafetyNet Fix by kdrag0n, you might wanna switch to the Displax fork linked a couple of posts above and test.

    Hope this helps.
    Click to expand...
    Click to collapse
    Yes, just did so. I'm using 2.4 MOD from this thread. Will see how it works
    View
    1
    P
    pndwal
    varunpilankar said:
    I don't prefer G Pay for anything.. Will like to stick with Paytm and try to work on fixing tap to pay
    Click to expand...
    Click to collapse
    I see you said you pass SafetyNet... But of course that's deprecated; most banks have migrated to new Play Integrity API now... Are you passing PI deviceIntegrity?...If not official Universal SafetyNet Fix will likely not help as it currently has issues... You'll need @Displax's up-to-date fork with fixes...

    Also, did you install Shamiko for proper root hiding as suggested more than once above?

    🤠 PW
    View
    1
    DineshValor
    DineshValor
    m0han said:
    Does anyone happen to know why GPay 'Check bank balance' is not working? When I tap on the account on the 'Select account' screen, a line flashes above and disappears. Nothing else happens. Hope this is not OT here.
    Click to expand...
    Click to collapse
    I'm using same version GPay and didn't face such issue, probably it's your device app bug or something in your device. There no traces related magisk. Kindly confirm your side.
    View
  • 62
    JarlPenguin
    JarlPenguin
    The new Google Play services update caused this.

    Temporary workaround:

    1. Disable Google Pay/Find My Device as Device Administrators in Settings > Security & location > Device Administrators.

    2. Search "Google Play services" in the Settings search bar.

    3. Press the three dots and press "Uninstall previous updates".

    4. Download this update - https://www.apkmirror.com/apk/google-inc/google-play-services/google-play-services-14-7-99-release/
    Pick your needed edition (arm or arm64, etc.), download it and install it.

    5. Disable Background data access for Google Play Services and Google Play in their respective App Info pages.

    6. Download Google Pay from the Play Store.

    7. Set up your cards. Enjoy!

    Never EVER update Google Play services manually, until a Magisk update is available that bypasses the upgraded SafetyNet. Note that Google Play services is responsible for adding/verifying the card, not the Google Pay app! Hence why there seems to be an overlay when adding a card/verifying an existing one.

    Tested Google Pay versions:

    2.79.x-2.83.235070858 - working

    Tested Google Play services versions:

    14.7.99, 16.0.86 - working with Magisk 18.1

    14.8.49-16.x- working with Magisk 18.2 Canary
    View
    32
    Didgeridoohan
    Didgeridoohan
    This thread is inspired by the PoGo Magisk discussion thread. It's meant to keep the clutter of "Google Pay doesn't work" posts out of the main Magisk threads.

    Please use this to discuss issues with Google Pay and possible solutions.

    There's a working solution here:
    https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-3-1.4217823/post-87198517


    For general tips on first getting SafetyNet to pass fully, check here:
    https://www.didgeridoohan.com/magisk/MagiskHide#hn_SafetyNet
    View
    29
    B
    BostonDan
    Ok. I tried this and it worked on gms 17.1.22, allowing one to add cards and pay in store. Warning YMMV, but this is the process I did to get this working. One caveat is that Google pay does not register the "recent transactions" on the Google pay app. Another caveat is that I suspect users will have to reverse some step if gms is updated and then reapply, but this still needs to be confirmed

    Without further ado, here is my process:

    1) download a SQL database editor. I used

    https://play.google.com/store/apps/details?id=com.tomminosoftware.sqliteeditor&hl=en_US

    2) download a terminal emulator program. I used terminus but any terminal emulator should work.

    3) make sure Google pay is forced close, if it is open.

    4) open SQL editor. Navigate to /data/data/com.google.android.gms/databases

    5) open dg.db

    6) change any value that lists "attest" in the name (first column) to 0 in the third column. Mine was showing a value of 10 in the third column for each of these values. (Column c for sqlite databse editor I used)

    7) open the terminal emulator.

    8) get root access (su)

    9) cd /data/data/com.google.android.gms/databases

    10) type: chmod 440 dg.db
    This makes dg.db read only (for owner and group, and no access for world.)

    11) reboot

    I suspect when gms is updated, one will have to go back to steps 10 and 11 and chmod 660 dg.db to allow new keys to be written to the database, and then go back and redo all these steps to reset the attestation values back to 0.

    If there is still an error, verify in sqlite database editor that all attest release keys values in dg.db are 0 when dg.db is read only (owner and group).

    Again, YMMV but this worked for me, so I give it back to the community now.

    Edit: recent activities did show up soon afterwards for the payment method.

    Cheers,
    B.D.
    View
    27
    1nikolas
    1nikolas
    The app is finally public! (thanks Google for taking a week to approve this 🤦)
    I made it beta testing since I haven't tested it on much devices. If you find any problem, please open an issue here and I'll take a look at them once I return from vacation.

    Play Integrity API Checker - Apps on Google Play

    Get info about your Device Integrity through...
    play.google.com play.google.com

    Source code:

    GitHub - 1nikolas/play-integrity-checker-app: Get info about your Device Integrity through the Play Intergrity API

    Get info about your Device Integrity through...
    github.com github.com

    GitHub - 1nikolas/play-integrity-checker-server: Node-js server for the Play Inegrity API Checker app

    Node-js server for the Play Inegrity API...
    github.com github.com

    If you are curious, the possible outcomes I've seen are:
    • 3 ticks (unrooted samsung)
    • tick/tick/x (unrooted redmi note 4 with unlocked bootloader)
    • x/tick/x (my rooted a11 op7t)
    View
    23
    1nikolas
    1nikolas
    UPDATE 1/8/2022
    This app is officially discontinued in favor of a new app I published on Play Store. Read more here:

    [Discussion] Google Pay Magisk Discussion Thread

    This thread is inspired by the PoGo Magisk...
    forum.xda-developers.com forum.xda-developers.com

    ====================
    ORIGINAL MESSAGE:

    I just made this simple app which tells you if your device passes the new Play Integrity API (which is presumably what Google Pay and Play Store use to detect root now). If you don't trust random apks from the internet feel free not to use this. I'll upload the source code at a later time since it's very junk now (probably on github).
    You can use it to play around and see if you manage to get it to pass without having to mess with Google Pay. There are screenshots of the 2 possible outputs (pass screenshot is from an online emulator).
    Also I didn't test it much since I don't have many devices that can pass. Hope it works fine 🤞

    Hope this helps someone find a solution :)

    EDIT:
    Here is a quote from Google of what exactly "Does not meet device integrity" mean:
    The app is running on a device that has signs of attack (such as API hooking) or system compromise (such as being rooted), or the app is not running on a physical device (such as an emulator that does not pass Google Play integrity checks).
    ...
    If you are having problems with your testing device meeting device integrity, make sure the factory ROM is installed (for example, by resetting the device) and that the bootloader is locked.
    Click to expand...
    Click to collapse
    View

New posts