MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread
Jan 27, 2014
38
5
28
S6edge dotOS 3.1.1 android 9 not working
Magisk 22.0, Magisk hide, hide props config, safetynet fix 1.1.1
Anyone know of a fix?
 

Attachments

  • 20210306_120251.jpg
    20210306_120251.jpg
    631.8 KB · Views: 69

thunderteaser

Senior Member
Jul 22, 2010
819
285
93
Aversa
CTS still false on my Redmi Note 7 (lavender) on stock MIUI 10.3.6.0 (Android 9). Evaluation type returns BASIC, but still can't pass CTS profile. I also tried with Props Config by setting OnePlus 6 and Pixel 3a to no avail. I can't quite understand why it seems to pass on more recent models (Note 7 Pro on MIUI 11, Note 8 Pro and 9S for example) but not on my lavender with MIUI 10. Does anybody have a clue?

EDIT: SOLVED!
After 2 days spent troubleshooting this issue, I've finally realized that the culprit is a MAGISK MODULE that changes the DNS servers. I can easily reproduce the cts fail by reactivating the module. You can try yourself with the Cloudflare DNS module from the magisk repo. I was using an older Google DNS module and I also tried the Cloudflare one, but both DNS changes were detected by SafetyNet. Since I'm stuck on Magisk 19.3, I don't know if current stable or canary already have DNS change obfuscations, so this problem might have happened to me and me alone and you have no reason to worry. But if you're on Magisk v22 or canary and SafetyNet fix doesn't work for you, then check if you have any DNS modules active and deactivate or uninstall them. If CTS profile is now green, it means SafetyNet added some more checks for the cts profile that now include our DNS configs.


dnscts.jpg


EDIT 2: Apparently there was a more native way to change DNS on Android 9, but it was hidden on MIUI 10 so I have just installed a 3rd party app to access the Private DNS menu and set it to dns.google . Everything is fine now.
 
Last edited:

adm1jtg

Senior Member
Jul 26, 2010
2,765
868
138
Georgia
Have a safety net question not related to the magisk module. Is there a way to pass safety net WITHOUT ROOT and keep your bootloader unlocked. So far I have not found a way. CTS always fails.

Btw even with the module and passing safety net my banking app still knows I am rooted. Betting it is checking that same bootloader status.

Used to be long long ago you could hide your bootloader status with a custom kernel hack.

Any ideas would be much appreciated

UPDATE: no longer working for me even WITH magisk module. Still fails CTS. I read march update is responsible. It now checks bootloader status.
 
Last edited:

jcmm11

Recognized Contributor
Feb 10, 2012
3,572
3,585
263
Have a safety net question not related to the magisk module. Is there a way to pass safety net WITHOUT ROOT and keep your bootloader unlocked. So far I have not found a way. CTS always fails.

Btw even with the module and passing safety net my banking app still knows I am rooted. Betting it is checking that same bootloader status.

Used to be long long ago you could hide your bootloader status with a custom kernel hack.

Any ideas would be much appreciated

UPDATE: no longer working for me even WITH magisk module. Still fails CTS. I read march update is responsible. It now checks bootloader status.
What phone? What rom? (You may need Magiskhide Props Config) Custom kernel should stop bootloader check
 

adm1jtg

Senior Member
Jul 26, 2010
2,765
868
138
Georgia
What phone? What rom? (You may need Magiskhide Props Config) Custom kernel should stop bootloader check

Pixel 3axl
los 17.1
I think the issue is like you alluded to that the los default kernel does not have the unlocked bootloader fix and on my phone there are no other kernels that work properly on los 17.1
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    working in Xiaomi redmi note 7 MIUI 12 Android 10

    if in magisk it says it passes the check, but in the store it still detects the root you also need to "clear all data" of these following apps:

    - Google Play store
    - Google Play services
    - Google Service Framework

    Then reboot your device. :)

    If Google Pay still not working, "clear all data" of this app too.
    2
    ok so I didn't know the app itself could be hidden and that was triggering certain Bank applications to close automatically I don't have TWRP folders but I don't know how to enable the biometrics using magisk hide props config what is is that exactly?
    Magisk Manager (since v22 only called Magisk) can be hidden and renamed in it's own settings.
    For further information check this great guide by @Didgeridoohan :
    You'll find information about MagiskHide Props Config there too. That all depends only detecting root by other apps, as said above I can't help you with your Samsung related problems.
    Someone with a Sammy may answer that or is able to give you some tips.
    2
    Test2 is confirmed to fix biometrics for S20, S20+, S21 Exynos.
    https://github.com/kdrag0n/safetynet-fix/pull/13#issuecomment-767863635 PW
    It works, you guys are seriously awesome!

    Just installed edXposed and it still passes!
    2
    I'm on DP2 and I couldn't get safetynet test2 to work.
    This one is working
    1
    Gentlemen.
    Does anyone have original fingerprint for Samsung Galaxy A41 (Android 10) or know from where to get it?
    Magic Hide Props doesn't have this model on list.

    I've read that I may extract it from original OS, from system.img.
    I have downloaded SM-A415F_PRT_A415FXXU1BUA1_fac.zip, unpacked, there are tar files AP_*, BL_*, CP_OMC_OXM* and HOME_CSC_OMC_OXM* but nowhere inside them I see system.img.
    Any advice will be appreciated.
    inside AP_*
  • 156
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    19
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    13
    Universal SafetyNet Fix v1.1.1 is now available.

    Changes
    • Removed security patch fixup to fix CTS profile mismatches on some devices

    Download

    Some devices will now need to use MagiskHide Props Config in addition to this module in order to pass CTS profile checks as part of basic attestation. Altering the CTS profile is no longer in scope for this module as it breaks more devices than it fixes.

    If this module helped you, please consider a recurring donation for sustainable support, or alternatively buy me a coffee. Everything helps, but a recurring donation is the best way to keep the project alive in the long term.

    Issues on heavy OEM skins
    This is a reminder that heavy OEM skins are not officially supported. They may happen to work depending on your luck and the particular ROM in question, but nothing is guaranteed. Please do not report problems on such ROMs. It's surprising that it works at all on them; I wouldn't expect everything to be fully working. I will not provide more support for issues related to heavy OEM skins.

    The compatibility issue does not lie in the SafetyNet fix itself, but rather how the Magisk module is built. It's possible to make the Magisk module version of the fix slightly more portable, but I have no interest in supporting heavy OEM skins, nor do I have any devices running such ROMs.

    You will always have the best luck with a ROM not too far from AOSP, e.g. most custom ROMs and Pixel stock ROMs.
    6
    Everyone having issues passing basic attestation after installing the module, please try the attached versions.

    There have been quite a few reports of fingerprint unlocking in apps breaking on One UI. This is not something that is planned to be fixed, because One UI is a heavy OEM skin that is not officially supported. It's surprising that it works on One UI to begin with.
    4
    There is no need to delete the whole Data, but go to Settings, Apps and delete Data for Google Play, Google Play Services, Google Services Framework, and probably Google Pay (not using, hence cannot tell for sure).
    Go to Airplane mode before deleting, after deleting reboot and turn Airplane off
    Deleting data of Google services framework acts as a partial factory reset and it might cause late/missing notifications of many apps. I would definitely advise to avoid doing it. 🙂

    It is enough to wait a little, Google play store should "recertify" device after some time automatically if it meets the criteria. Cache or data cleaning of Google play store app should speed up this process, but it's not mandatory in my experience.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone