[Discussion] Magisk - The Age of Zygisk.

[pndwal]

Why kdragon doesn't update it, or there are no good solution for that?

As you know, he's aware and thanked @Displax for his fix / PR... And he does clearly want to improve the solution and scope the method

to Play Integrity code by identifying methods it calls near the beginning and end of integrity checks, and adding hooks to set and restore the fingerprint ...

https://github.com/kdrag0n/safetynet-fix/pull/207#issuecomment-1195452147

He has already suggested an idea for adding an end hook, but said:

Of course, this is all theoretical as it depends on the exact order of steps in the integrity checking process. Worst case scenario, we could just sleep for 1 second or so and revert the fingerprint change in a background thread. Not sure when I'll have time to look into it myself, but feel free to try implementing this idea: ...

https://github.com/kdrag0n/safetynet-fix/pull/207#issuecomment-1200437447
- So it seems he's in no rush himself, and he's happy for other Devs to test / contribute (although none appear to have tried adding hooks etc yet)...

I guess he'll do more on this PR as time allows... If other Dev's haven't had time to test even proposed

• Set the fingerprint in the key attestation hook
• Spawn a thread to revert it after 3 seconds:

thread(daemon = true) {
Thread.sleep(3000)
/* revert */
}

idea, then he may think 'why should I rush?'... He probably has a ton of more important maintenance on his plethora of apps, utilities, Proton ROM / kernel builds, etc to do...

Meanwhile, @Displax solution seems a pretty good one to tide us over, for most devices... PW

 

[hahagu]

For a start, check devices achieve Play Integrity deviceIntegrity using Play Integrity API Checker in case app has integrated PI (SafetyNet is now deprecated) per Google's recommendation... If not, you may need modded USNF:
https://xdaforums.com/t/magisk-module-universal-safetynet-fix-2-3-1.4217823/post-87198517

PW

Did try the modded version
No luck..

 

[pndwal]

Did try the modded version
No luck..

So what Play Integrity API Checker results now? PW

 

[hahagu]

So what Play Integrity API Checker results now? PW

The modded version will pass the upper two, but not the last one, which is to be expected.

 

[pndwal]

The modded version will pass the upper two, but not the last one, which is to be expected.

Yes... That's why I said "check devices achieve Play Integrity deviceIntegrity", (not strong integrity... PW

 

[Tech = Spy-Biz]

Now 2 bank apps are working out of 3 after the recent update to the bank apps.
I used A11 GSI, PhhTreble App Signature Spoofing, TWRP, Magisk 24.3 & a couple of important modules like Hide-User-Debug, USNF Moded, Hide-Props-Config, microG Gapps module safety net : All passed, Installed the bank apps through Aurora.
For the 3rd bank app Dev Options need to be OFF & Only PlayStore Install allowed not PackageInstaller.
Needless inconvenience from banks, they can just add more steps of verifications instead like Voice Recognition IVR AI (Voice Recognition IVR AI Bots are already functional in these banks helplline numbers) so they can just use that for bank app login verifications on top of other verifications. Its none of the banks business to stop their clients from using rooted devices. Theyre just adding another hindrance to smooth banking operations thereby possibly hampering their own business by wasting both their and their clients time. Thats Stupidity!
Bank Devs did you hear? Pls discuss this with your bosses. Its like going backwards instead of forward.

 

[HippoMan]

... Needless inconvenience from banks ... its none of the banks business to stop their clients from using rooted devices. Theyre just adding another hindrance to smooth banking operations thereby possibly hampering their own business by wasting both their and their clients time. Thats Stupidity!

Bank Devs did you hear? Pls discuss this with your bosses. Its like going backwards instead of forward.

I totally agree!

And as I've mentioned here before, every desktop computer is a rooted device, and of course we don't see the banks trying to hinder us from accessing their services from our computers.

And banks gladly issue us debit cards which we keep in our wallets that are just as easy to steal as mobile devices.

Rooted Android devices are just low-hanging fruit. And the amount of fraud that's prevented by trying to fight against Android root is minuscule, given the extremely small percentage of mobile device users who want to use rooted Android devices. I wouldn't be surprised if the amount of money that banks spend for anti-Android-modding software development exceeds the maximum amount of money that could be lost via the hacking of modded Android devices.

 

[pndwal]

Tech = Spy-Biz, HippoMan​

FWIW, I'm answering this here (might be the best place...):
https://xdaforums.com/t/discussion-play-integrity-api.4479337/post-87393295

PW

 

[zgfg]

Currently, I have no info about Device Certified or not in Google Play Settings (screenshot)

I observed that yesterday night when I upgraded my Xiaomi 11 Lite 5G NE from the previous week Xiaomi.eu weekly (MIUI 13/A12) to the current.
I thought it would become Certified over the day, but it's still in limbo

Frankly, last week when I installed Xiaomi.eu Weekly (first time) I forgot to check

Everything else is ok, SafetyNet (with Basic CTS), Play Integrity (Basic Integrity), Play Protect is ok, Netflix eg running with L1, etc

I'm kind of worried to wipe Google Play Data - not knowing would it become Certified or Not

I'm pretty sure I did have similar cases in the past with previous devices, ROMs, Magisk setup, but they used to settle down by itself in

 

[m0han]

.... Everything else is ok, SafetyNet (with Basic CTS), Play Integrity (Basic Integrity), Play Protect is ok, Netflix eg running with L1, etc

I'm kind of worried to wipe Google Play Data - not knowing would it become Certified or Not...

Are you able to update apps and/or make in-app purchases on Play Store?

 

[zgfg]

Are you able to update apps and/or make in-app purchases on Play Store?

Yes, of course, I install and update apps, but I very, very rarely purchase something, hence I'm not going to try

 

[zgfg]

Currently, I have no info about Device Certified or not in Google Play Settings (screenshot)

I observed that yesterday night when I upgraded my Xiaomi 11 Lite 5G NE from the previous week Xiaomi.eu weekly (MIUI 13/A12) to the current.
I thought it would become Certified over the day, but it's still in limbo

Frankly, last week when I installed Xiaomi.eu Weekly (first time) I forgot to check

Everything else is ok, SafetyNet (with Basic CTS), Play Integrity (Basic Integrity), Play Protect is ok, Netflix eg running with L1, etc

I'm kind of worried to wipe Google Play Data - not knowing would it become Certified or Not

I'm pretty sure I did have similar cases in the past with previous devices, ROMs, Magisk setup, but they used to settle down by itself in

After wiping only the Cache for Playstore and waiting few more hours, now Certified

 

[mrjuniork]

Mod Info:

Dear people of this thread,
pls stay on topic and do not engage in world-events related discussions. This thread has seen enough of it already.

In the name of peace and prosperity,
Happy Zygisk-related posting,
Cheers everyone

 

[zgfg]

Zygisk-LSPosed update to v1.8.4 (6609) - updated on two phones, ok

Regarding to LSPosed modules:
-CustoMIUIzer13 (for MIUI 13/A 12) updated to 22.09.07
- I also use GravityBox (S) for A12

 

[sir_overthrow]

Here you have the official SafetyNet API specifcation:

SafetyNet Attestation API | App quality | Android Developers

The SafetyNet Attestation API provides services for determining whether a device running your app satisfies Android compatibility tests.

developer.android.com

You can see that no response or timeout means that somewhere in the request/response channel (call to GMS, call to Google servers, responses back) is broken.
It does not mean that CTS or Basic integrity fail (hence you cannot fix with USNF or MHPC), but there is no response (and therefore no verdict about - they might be perfectly passing if attestation channel was not broken)

If one SN checker fails to answer, it can be that that something is wrong with that checker (or they went over quota with the number of requests to Google today or so).
But if it happens to you with different SN checkers (YASNAC now works perfectly for me), the pipe is broken in your ROM or on your line

Eg, ask in the group where you took the ROM from, how they test and pass SN

It happens to me after a while of restarting the mobile. I use mokee android 11 on a moto z2 force. This same problem also happens to me on lineages 18.1 and 19.1.

Reboot, use YASNAC and it passed! but after a while the timeout appears. The funny thing is that from that moment I can not see the files of the internal memory. Although if I search it appears lol... I have used hide props magic all possible configurations, shamiko and safetynet 2.3.1 including a mod from this thread (By display) and without results. What am I doing wrong?

 

[zgfg]

It happens to me after a while of restarting the mobile. I use mokee android 11 on a moto z2 force. This same problem also happens to me on lineages 18.1 and 19.1.

Reboot, use YASNAC and it passed! but after a while the timeout appears. The funny thing is that from that moment I can not see the files of the internal memory. Although if I search it appears lol... I have used hide props magic all possible configurations, shamiko and safetynet 2.3.1 including a mod from this thread (By display) and without results. What am I doing wrong?

Have you tried without MHPC - just with USNF 2.3.1-mod

Otherwise, must be something specific to your device/ROM

 

[sir_overthrow]

It is curious because there is an unofficial version of lineageos 19.1 that works just installed yasnac. No timeout. AT the moment you use Magisk (in my case to create whatsapp mount part from internal to SD for example). It behaves as mentioned. If I don't change the fingerprint I can't use banks.

But I don't reach that level of depth. Thank you very much for answering ♥

 

[pndwal]

It is curious because there is an unofficial version of lineageos 19.1 that works just installed yasnac. No timeout. AT the moment you use Magisk (in my case to create whatsapp mount part from internal to SD for example). It behaves as mentioned. If I don't change the fingerprint I can't use banks.

But I don't reach that level of depth. Thank you very much for answering ♥

Unofficial LOS, like many custom ROMs, manipulates props (eg builds with certified fingerprint and matches security patch date) and integrates @kdragon SafetyNet fix (as per his Proton builds) so these pass SafetyNet w/o Magisk... Scores of ROMs are now building @Displax's fix for new Play Integrity deviceIntegrity verdict (Ie. adding certified but mismatched device fingerprint to bypass enforcement of a hardware based attestation verdict) into their frameworks_bases also... See the string of references at the end of this issue:
https://github.com/kdrag0n/safetynet-fix/pull/207

Official LOS will never do this due to their strict policy not to tamper security signals...

That's why @Displax modded USNF module (not official) may be needed for many bank apps to work w/ official LOS as suggested above (and no need for MHPC)...

PW

 

[sir_overthrow]

I don't know English very well (null). I understand that they are still working on the Universal Play Integrity Fix. I tried the XDA Mod from safetynet but after a while, timeout. I read the forums that you have written to me but I don't really know what I should look for. Should I wait patiently? Thank you for your patience.

 

[sir_overthrow]

Have you tried without MHPC - just with USNF 2.3.1-mod

Otherwise, must be something specific to your device/ROM

I finally got it using magisk delta (canary release) with safetynet fix displax mod. DDDDDD. Thanks to everyone who has written in this thread. Without you I wouldn't have made it. I love you!