[Fix]Magisk manager 20.3 ctsProfile : False (Gpay and banking apps )

[ai5g]

I have tried to work this guide, but it didn't work on my Xiaomi mi 9 (EU).

Magisc Manager was at V 7.?? when I installed busybox and Magisk HideProps config. At first, when calling props I got a not found error . I have then unchecked the "Magisk Core Only Mode" option in Magisk manager and rebooted. Props then worked I have done the procedure in post#1. However, ctsProfile still failed. Then I have upgraded magisk manager to V 8.0.2, which detailed that SafetyNet check failed after to evaltype HARDWARE. Thus, I wanted to try m555888's method from post #41, but upon calling props I got the same "props: inaccessible or not found" error as before. But in the new version 8.0.2 of magisc manager there is no "core option" anymore.
oes anybody have an idea to solve it? From my point of view, making "props" run again would be the next step.

Edit: The solution to this problem is here: https://xdaforums.com/showpost.php?p=83884429&postcount=4491

 

[DiegoHache]

Stop working

Now I moved to Piexel Experience Plus (Android 10) and it's not working any more

I changed the ROM, I moved to crDroid 6.8 (Android 10) and it worked too!

---------- Post added at 11:00 AM ---------- Previous post was at 10:43 AM ----------

This solved it, thx!
Now the phone passes the SaftyNet but some streaming apps (like Disney+) are still not working (keeps loading forever...)

This worked for me on a Moto G7 Power (with it defaulting to a G6 option) when I did props from shell.

This was the method I was using before (March 2020 update) http://droidholic.com/fix-cts-profile-mismatch-errors/

But just doing the Force Basic Key Attestation works without all that additional steps in installing Xposed/Riru etc.

Now if I can just get it to get past the WF Dimensions app detection (passes safety check, just not that app).

 

[baxxter106]

This trick worked for me, too - well, partially. i have now safetynet passed successfully on my Pixel 2XL with Lineage 17.1, my banking app ING works well, and i was able to re-register my banking card and paypal to gpay. BUT when i now start gpay it shows my cards but on top the NFC sign is crossed with "no set up" under it. Is there another trick to pass? I liked gpay very much and for my wife it would be a No-Go. (I just first want to test anything before change the OS of my wifes phone, because of the lag of updates on stock rom after this year)

 

[Mew789]

I exactly have the same thing. I've updated my rom (pixel experience plus) réinstaller magisk and my banking apps are working, gpay not...

 

[exnokiafan]

hey @Didgeridoohan I have rooted my Galaxy Tab S4 that's running the latest android 10 release. The safetynet check passes flawlessly, while cstprofile it triggered by the hardware check.

I use this tablet just to play a couple of games and to stream contents to my Chromcast. Should I worry about cstprofile not being verified or your tool can help me to overcome the issue?

Thank you or anyone else who would like to answer

EDIT: I have tried the guide reported in the first post but with no luck. It still does not pass. Someone suggested to force the BASIC method, but the module says that I might lose some functions like the samsung app store.

 

[roberto_1986]

@Didgeridoohan im put my redmi note 8 pro to stock firmware but like u said the fingerprint didnt changed and still google nexus why????

 

[Didgeridoohan]

@roberto_1986 Results from external programs/apps/services can easily be cached and not necessarily reflect the current state of your device.

If you've reset everything you should be able to verify the stock prop values using the getprop command or a device information app, on the device.

If you believe there's an issue with the module it's better if you provided the module logs for troubleshooting.

 

[roberto_1986]

@roberto_1986 Results from external programs/apps/services can easily be cached and not necessarily reflect the current state of your device.

If you've reset everything you should be able to verify the stock prop values using the getprop command or a device information app, on the device.

If you believe there's an issue with the module it's better if you provided the module logs for troubleshooting.

Well i belive u but just asked because i used the google nexus fingerprint that why sons weird

 

[roberto_1986]

For everyone that's struggling with trying to pass CTS:
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Unlocked_bootloader_3

tryed to change fingeprint with redmi note 8 pro A9 and A10 but my CTS keep give me false....what to do?

 

[Didgeridoohan]

tryed to change fingeprint with redmi note 8 pro A9 and A10 but my CTS keep give me false....what to do?

From the link you quoted you'd find that it might not be the fingerprint the you need to change, but the model (if you have evalType=HARDWARE, that is). In my module that's the "Force BASIC key attestation" option.

 

[roberto_1986]

From the link you quoted you'd find that it might not be the fingerprint the you need to change, but the model (if you have evalType=HARDWARE, that is). In my module that's the "Force BASIC key attestation" option.

I have RN8P EEA A9 and yes i have "evalType=HARDWARE" so if i "Force BASIC key attestation" it will fix it? also after ROOT my bootloader is locked again.

 

[Didgeridoohan]

I have RN8P EEA A9 and yes i have "evalType=HARDWARE" so if i "Force BASIC key attestation" it will fix it? also after ROOT my bootloader is locked again.

Did you lock the bootloader? If you didn't, it'll be unlocked still (but it's possible that whatever you're using to check the bootloader state is fooled by MagiskHide). If you did lock it, that's a risky move... Having an altered device with a locked bootloader means you won't be able to fix it when things go wrong.

And lastly yes, if evalType is hardware you will not be able to pass CTS with an unlocked bootloader (which on the vast majority of devices is a requirement for being able to root in the first place). Forcing it to basic attestation is likely going to help (if there aren't more issues).

 

[roberto_1986]

Did you lock the bootloader? If you didn't, it'll be unlocked still (but it's possible that whatever you're using to check the bootloader state is fooled by MagiskHide). If you did lock it, that's a risky move... Having an altered device with a locked bootloader means you won't be able to fix it when things go wrong.

And lastly yes, if evalType is hardware you will not be able to pass CTS with an unlocked bootloader (which on the vast majority of devices is a requirement for being able to root in the first place). Forcing it to basic attestation is likely going to help (if there aren't more issues).

sry my english is not very good...
Like u can see my phone is rooted BUT my bootloader is locked!
i need to leave locked???
also to fix CTS profile i need to "Force BASIC key attestation" with a trusted fingerprint???

sry could u explain better what i need to do pls?

 

[Didgeridoohan]

@roberto_1986 I think you're making things more complicated than they need to be...

I wouldn't be surprised if that Mi Unlock Status thingy is looking for the props that MagiskHide changes to make it look like your bootloader is locked.

But, with hardware attestation you cannot fool SafetyNet, which is why you're failing CTS.

Solution: enable "Force BASIC key attestation". And I suggest that you pick a device manually (as close as possible to your actual device, but not it) rather than going with the default.

If you want to test the status of your bootloader for real you can disable MagiskHide and reboot. After that I'm guessing that the Mi Unlock Status will show something else...

 

[xflier]

This worked for me on latest build of havoc os, might work for other Roms too.

Step 1 :
Open Magisk manager, download and install both
MagiskHide Props Config (link) and Busybox for android NDK modules from downloads, after installing reboot your phone.

Step 2:
Install terminal emulator from playstore(link)

Step 3:
open terminal emulator
enter command :

su

Grant superuser access when prompted

Step 4:
type in command:

props

Step 6 :
and follow the on screen options
select option 1 - edit device fingerprint
by typing : 1
then type in f to Pick a certified fingerprint
from the list pick your mobile manufacturer
select your mobile model
select the latest available android version
finally reboot your phone by typing in

reboot

this should fix the ctsProfile issue,
to use banking or wallet apps, hide magisk by using magisk hide option and select the app you want to hide root access from

thanks to this awesome dev Didgeridoohan for making this possible
https://xdaforums.com/member.php?u=4667597

for people who want a video to look at the process here is the video

credits :
Thread link for magisk hide props config module: https://xdaforums.com/apps/magisk/module-magiskhide-props-config-t3789228
DEV for magisk hide props config module : Didgeridoohan
you can donate him at : https://www.paypal.me/didgeridoohan

I used cpu monitor to check the cpu usage before and after installed the MagiskHide Props Config. I noticed the cpu usage has a big difference after installed it. is there any other way to pass the safetynet ?

 

[Didgeridoohan]

I used cpu monitor to check the cpu usage before and after installed the MagiskHide Props Config. I noticed the cpu usage has a big difference after installed it. is there any other way to pass the safetynet ?

MagiskHide Props Config is nothing but a couple of scripts that run at boot (and doesn't have anything persistent running), and uses resetprop to change different prop values (together with a bunch of module specific scripting).

You can easily make your own scripts that only change the particular props you need.

 

[xflier]

MagiskHide Props Config is nothing but a couple of scripts that run at boot (and doesn't have anything persistent running), and uses resetprop to change different prop values (together with a bunch of module specific scripting).

You can easily make your own scripts that only change the particular props you need.

Thanks for your reply! I will keep an eye on it more.

 

[ai5g]

Hi. The trick worked for a while, but today it suddently stopped working. GPay doesn't work anymore and safetynet reports fail due to ctsProfile again (evalType BASIC). I have tried the trick from post 1 again, but safetynet still fails. I have installed the latest updates to magisk and repeatet the procedure, but still no success. I neither understand why it stopped working today, nor do I have an idea to make it work again. Can you help me - once gain ?

Thanks!!!

 

[Didgeridoohan]

Hi. The trick worked for a while, but today it suddently stopped working. GPay doesn't work anymore and safetynet reports fail due to ctsProfile again (evalType BASIC). I have tried the trick from post 1 again, but safetynet still fails. I have installed the latest updates to magisk and repeatet the procedure, but still no success. I neither understand why it stopped working today, nor do I have an idea to make it work again. Can you help me - once gain ?

Thanks!!!

Changing the fingerprint (as is described in the OP) works if you have a custom ROM. If you have a device that uses hardware attestation you now need to use this:
https://xdaforums.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/

 

[roberto_1986]

Hi. The trick worked for a while, but today it suddently stopped working. GPay doesn't work anymore and safetynet reports fail due to ctsProfile again (evalType BASIC). I have tried the trick from post 1 again, but safetynet still fails. I have installed the latest updates to magisk and repeatet the procedure, but still no success. I neither understand why it stopped working today, nor do I have an idea to make it work again. Can you help me - once gain ?

Thanks!!!

After i read your post im checked my phone and yes me too like u got attestation failed...>.<