[Discussion] Google Pay Magisk Discussion Thread

Search This thread

TraderJack

Senior Member
Oct 5, 2008
533
344
Google Pixel 3 XL
Yes, you're right.
Lygisk is a fork of Magisk (just rebuilds with some patches) which can survive after OTA updates.

Interesting. According to why I see on the Telegram Channel, it is built using the latest Magisk so it is 25.1/2 and uses the Zygisk deny and not the old Magisk hide mechanism.

I can only surmise that the particular fingerprint for your device is still in the databases as only being valid for basic attestation despite it being a 12 OS. Again, I would expect that sooner or later (most likely sooner) you will being to see an issue. Once that happens though I'm not sure how safe any of us will be using different fingerprints. I see no reason for instance that the Pixel 3 XL 9 fingerprint works when the 12 doesn't, as that device should support HA even on 9.
 
  • Like
Reactions: helgi1507

Lada333

Senior Member
Feb 7, 2016
1,567
536
23
Budapest
OnePlus 3T
Google Pixel 6a
I format all device in recovery before installing, so, yes.
Fwiw, I just dirty flashed v8.7 and it looks like contactless still works for me. I have yet to actually try it out though, I'm going off by Wallet telling me that my device is set up for contactless payments.

EDIT: Yup, still working as expected.
 
Last edited:
  • Like
Reactions: helgi1507

zgfg

Senior Member
Oct 10, 2016
10,688
9,203
Redmi K20 / Xiaomi Mi 9T
Xiaomi Mi 11
Please be aware that this app is not 100% accurate. The api has 2 more readings you can get (which are pretty important) but Google gives them to you only if you upload the app on Play Store. So I made a better app and uploaded it to Play Store. Now I'm just waiting for Google to verify my identity and it will be up. (Oh and by the way the app is 100% open source, I'll link everything once it's up)
Do you have an info about the availability of your app on Google Play - so far I could not find yet

Could you provide more details, something like in YASNAC, to see the relevant data when eg failing

Also, I pass on Xiaomi Mi 9T although it runs MIUI 12.5/A11 (it's also in the fingerprint), hence I believe it doesn't use TEE but kind of Basic attestation and gets tricked by USNF functionality built into the Xiaomi.eu ROM - would like to see what's really going on there 😁
 

zgfg

Senior Member
Oct 10, 2016
10,688
9,203
Redmi K20 / Xiaomi Mi 9T
Xiaomi Mi 11
I was waiting for Google to verify my identity now they just need to approve it (should take less than 24 hours). Keep in mind that I've never fully tested it. I can't test it until it's up on Play Store 🥲
"Is this the verdict for my Does not meet device integrity", or I should look for something else in logcat:

07-25 19:26:40.410 W/IntegrityServic(27680): type=1400 audit(0.0:208304): avc: denied { write } for name="tasks" dev="cgroup" ino=21 scontext=u:r:untrusted_app:s0:c232,c256,c512,c768 tcontext=u:eek:bject_r:cgroup:s0 tclass=file permissive=0 app=gr.nikolasspyr.integritytest
 

1nikolas

Senior Member
Jul 28, 2015
202
131
Heraklion, Greece
"Is this the verdict for my Does not meet device integrity", or I should look for something else in logcat:

07-25 19:26:40.410 W/IntegrityServic(27680): type=1400 audit(0.0:208304): avc: denied { write } for name="tasks" dev="cgroup" ino=21 scontext=u:r:untrusted_app:s0:c232,c256,c512,c768 tcontext=u:eek:bject_r:cgroup:s0 tclass=file permissive=0 app=gr.nikolasspyr.integritytest
The old app can't get you more info so looking at logcat won't help. Just wait till the new app is out
 
  • Like
Reactions: zgfg

zgfg

Senior Member
Oct 10, 2016
10,688
9,203
Redmi K20 / Xiaomi Mi 9T
Xiaomi Mi 11

Attachments

  • Screenshot_2022-07-25-21-58-14-926_gr.nikolasspyr.integritytest.jpg
    Screenshot_2022-07-25-21-58-14-926_gr.nikolasspyr.integritytest.jpg
    89 KB · Views: 89
Last edited:

letm

Member
May 21, 2007
18
5
Redmi 9 Power
After 4 days to try, Ok for me. I tested it today 2 times with success.

My phone >> Redmi 9T-M2010J19SY-RKQ1.201004.002/V12.5.8.0.RJQEUXM under android 11

my modules run under magisk stable V 25.2 (25200)
busybox for android ndk 1.34.1
denylist Unmount V0.4
Gpay sqlite ver V2.8
Magiskhide propos config V6.12-V137
SQLite universal binaries V1.4
Universal Safetynet fic V2.3.1
Zygisk LSPosed V1.83

If you use lucky patcher, you need to hide it >> tools box >> xposed >> check all and apply
Hide Zygisk LSPosed V1.83 if you use it >> Parameters >> Create the shortcut

uninstall G(oogle) Pay, install wallet via google play.
In magisk 25 : Hide in exclusion list >> wallet, google play, play services.

Now go to "Magiskhide props config" in terminal to reset it to default >>type su >>type props >> option "r" to reset and reboot.

after restarted go to "Magiskhide props config" >>type su >>type props >> option 1 (fingerprint) >> option f >> option 7 google >> option 26 pixel 5 >> choose 11 or 12 (depend of your version) >> type yes >> after dont reboot type N (no) and no terminal exit.
//I you have a Redmi 9T under android 10 use pixel 4.. (not tested) Don't test redmi 9T fingerprints They don't work.//

Active airplaine mode and Clear cache and data for wallet, google play, play services. Reboot.
After reboot de-active airplaine mode, wait 5 minutes and launch wallet. Link a payment card to try it and it should be ok, like the attached screenshot.

Note : Before use wallet, you can test that wallet passed all security with the apk @1nikolas >> https://xdaforums.com/t/discussion-...cussion-thread.3906703/page-130#post-87182459
 

Attachments

  • 1658941562871.jpg
    1658941562871.jpg
    96.5 KB · Views: 36
  • Love
Reactions: palopaxo

zgfg

Senior Member
Oct 10, 2016
10,688
9,203
Redmi K20 / Xiaomi Mi 9T
Xiaomi Mi 11
After 4 days to try, Ok for me. I tested it today 2 times with success.

My phone >> Redmi 9T-M2010J19SY-RKQ1.201004.002/V12.5.8.0.RJQEUXM under android 11

my modules run under magisk stable V 25.2 (25200)
busybox for android ndk 1.34.1
denylist Unmount V0.4
Gpay sqlite ver V2.8
Magiskhide propos config V6.12-V137
SQLite universal binaries V1.4
Universal Safetynet fic V2.3.1
Zygisk LSPosed V1.83

If you use lucky patcher, you need to hide it >> tools box >> xposed >> check all and apply
Hide Zygisk LSPosed V1.83 if you use it >> Parameters >> Create the shortcut

uninstall G(oogle) Pay, install wallet via google play.
In magisk 25 : Hide in exclusion list >> wallet, google play, play services.

Now go to "Magiskhide props config" in terminal to reset it to default >>type su >>type props >> option "r" to reset and reboot.

after restarted go to "Magiskhide props config" >>type su >>type props >> option 1 (fingerprint) >> option f >> option 7 google >> option 26 pixel 5 >> choose 11 or 12 (depend of your version) >> type yes >> after dont reboot type N (no) and no terminal exit.
//I you have a Redmi 9T under android 10 use pixel 4.. (not tested) Don't test redmi 9T fingerprints They don't work.//

Active airplaine mode and Clear cache and data for wallet, google play, play services. Reboot.
After reboot de-active airplaine mode, wait 5 minutes and launch wallet. Link a payment card to try it and it should be ok, like the attached screenshot.

Note : Before use wallet, you can test that wallet passed all security with the apk @1nikolas >> https://xdaforums.com/t/discussion-...cussion-thread.3906703/page-130#post-87182459
Just few comments:

With USNF v2.3.2 (posted here few days ago - specifically for Wallet and Play Integrity), you should be able to pass without MHPC (since you have the rooted but stock ROM)

Even if you put Google Play Services to DenyList, USNF will remove it (open the list again and check)

Also, Google Play app should be checking through Google Play Services hence Google Play app should not need to be added to DenyList
 
  • Like
Reactions: 73sydney

Top Liked Posts

  • There are no posts matching your filters.
  • 63
    The new Google Play services update caused this.

    Temporary workaround:

    1. Disable Google Pay/Find My Device as Device Administrators in Settings > Security & location > Device Administrators.

    2. Search "Google Play services" in the Settings search bar.

    3. Press the three dots and press "Uninstall previous updates".

    4. Download this update - https://www.apkmirror.com/apk/google-inc/google-play-services/google-play-services-14-7-99-release/
    Pick your needed edition (arm or arm64, etc.), download it and install it.

    5. Disable Background data access for Google Play Services and Google Play in their respective App Info pages.

    6. Download Google Pay from the Play Store.

    7. Set up your cards. Enjoy!

    Never EVER update Google Play services manually, until a Magisk update is available that bypasses the upgraded SafetyNet. Note that Google Play services is responsible for adding/verifying the card, not the Google Pay app! Hence why there seems to be an overlay when adding a card/verifying an existing one.

    Tested Google Pay versions:

    2.79.x-2.83.235070858 - working

    Tested Google Play services versions:

    14.7.99, 16.0.86 - working with Magisk 18.1

    14.8.49-16.x- working with Magisk 18.2 Canary
    34
    This thread is inspired by the PoGo Magisk discussion thread. It's meant to keep the clutter of "Google Pay doesn't work" posts out of the main Magisk threads.

    Please use this to discuss issues with Google Pay and possible solutions.


    There's a working solution here:
    https://xdaforums.com/t/magisk-module-universal-safetynet-fix-2-3-1.4217823/post-87198517


    For general tips on first getting SafetyNet to pass fully, check here:
    https://www.didgeridoohan.com/magisk/MagiskHide#hn_SafetyNet
    29
    Ok. I tried this and it worked on gms 17.1.22, allowing one to add cards and pay in store. Warning YMMV, but this is the process I did to get this working. One caveat is that Google pay does not register the "recent transactions" on the Google pay app. Another caveat is that I suspect users will have to reverse some step if gms is updated and then reapply, but this still needs to be confirmed

    Without further ado, here is my process:

    1) download a SQL database editor. I used

    https://play.google.com/store/apps/details?id=com.tomminosoftware.sqliteeditor&hl=en_US

    2) download a terminal emulator program. I used terminus but any terminal emulator should work.

    3) make sure Google pay is forced close, if it is open.

    4) open SQL editor. Navigate to /data/data/com.google.android.gms/databases

    5) open dg.db

    6) change any value that lists "attest" in the name (first column) to 0 in the third column. Mine was showing a value of 10 in the third column for each of these values. (Column c for sqlite databse editor I used)

    7) open the terminal emulator.

    8) get root access (su)

    9) cd /data/data/com.google.android.gms/databases

    10) type: chmod 440 dg.db
    This makes dg.db read only (for owner and group, and no access for world.)

    11) reboot

    I suspect when gms is updated, one will have to go back to steps 10 and 11 and chmod 660 dg.db to allow new keys to be written to the database, and then go back and redo all these steps to reset the attestation values back to 0.

    If there is still an error, verify in sqlite database editor that all attest release keys values in dg.db are 0 when dg.db is read only (owner and group).

    Again, YMMV but this worked for me, so I give it back to the community now.

    Edit: recent activities did show up soon afterwards for the payment method.

    Cheers,
    B.D.
    28
    The app is finally public! (thanks Google for taking a week to approve this 🤦)
    I made it beta testing since I haven't tested it on much devices. If you find any problem, please open an issue here and I'll take a look at them once I return from vacation.


    Source code:

    If you are curious, the possible outcomes I've seen are:
    • 3 ticks (unrooted samsung)
    • tick/tick/x (unrooted redmi note 4 with unlocked bootloader)
    • x/tick/x (my rooted a11 op7t)
    23
    UPDATE 1/8/2022
    This app is officially discontinued in favor of a new app I published on Play Store. Read more here:

    ====================
    ORIGINAL MESSAGE:

    I just made this simple app which tells you if your device passes the new Play Integrity API (which is presumably what Google Pay and Play Store use to detect root now). If you don't trust random apks from the internet feel free not to use this. I'll upload the source code at a later time since it's very junk now (probably on github).
    You can use it to play around and see if you manage to get it to pass without having to mess with Google Pay. There are screenshots of the 2 possible outputs (pass screenshot is from an online emulator).
    Also I didn't test it much since I don't have many devices that can pass. Hope it works fine 🤞

    Hope this helps someone find a solution :)

    EDIT:
    Here is a quote from Google of what exactly "Does not meet device integrity" mean:
    The app is running on a device that has signs of attack (such as API hooking) or system compromise (such as being rooted), or the app is not running on a physical device (such as an emulator that does not pass Google Play integrity checks).
    ...
    If you are having problems with your testing device meeting device integrity, make sure the factory ROM is installed (for example, by resetting the device) and that the bootloader is locked.