MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread

pndwal

Senior Member
Jun 23, 2016
2,203
1,412
Sydney
Xiaomi Redmi Note 7
Last edited:
  • Like
Reactions: lukjod

Lamantin001

Member
Jul 29, 2015
24
3
Hey guys! Thank you for the fix of the API issue. Now, 3rd party SN checkers show "passed" for me, magisk still shows failure messages, and my main concern is that my banking app still doesn't work. :/ I tried deleting the app completely, rebooting, and still upon opening the app, it immediately redirects me to a webpage saying my device is rooted so I can't use the app. It was working fine a few days ago before the API error. It's an app called MitNykredit, it's a Danish banking app. None of the other apps detect root. I have MagiskHide+props config and kdrag0n's safetynet fix (1.1.1). Poco f1, running latest stable stock rom (miui 12.0.3)

Thank you for the help! 🙏
 

Wolfcity

Recognized Contributor
Apr 26, 2013
4,289
2,674
Moto G 2014
Moto G5 Plus
Hey guys! Thank you for the fix of the API issue. Now, 3rd party SN checkers show "passed" for me, magisk still shows failure messages, and my main concern is that my banking app still doesn't work. :/ I tried deleting the app completely, rebooting, and still upon opening the app, it immediately redirects me to a webpage saying my device is rooted so I can't use the app. It was working fine a few days ago before the API error. It's an app called MitNykredit, it's a Danish banking app. None of the other apps detect root. I have MagiskHide+props config and kdrag0n's safetynet fix (1.1.1). Poco f1, running latest stable stock rom (miui 12.0.3)

Thank you for the help! 🙏
Just read the last few pages, it has been discussed very often. The problem is fixed in the latest Canary build so you can change to canary branch or wait a bit until the fix arrives to the stable builds.
Changelogs and download links can be found a few posts above yours.
For example:
 

Lamantin001

Member
Jul 29, 2015
24
3
Just read the last few pages, it has been discussed very often. The problem is fixed in the latest Canary build so you can change to canary branch or wait a bit until the fix arrives to the stable builds.
Changelogs and download links can be found a few posts above yours.
For example:
Thank you for the reply!
I've downloaded already the canary .bin file, bit I'm not quite sure what to do with it. :D I read sg like Magsik -> settings -> update channel -> canary. For me, under update channel I have stable, beta and custom, i clicked custom, typed in canary, but nothing happened. Can you help me out with that please? :D
 

zgfg

Senior Member
Oct 10, 2016
5,112
2,414
Thank you for the reply!
I've downloaded already the canary .bin file, bit I'm not quite sure what to do with it. :D I read sg like Magsik -> settings -> update channel -> canary. For me, under update channel I have stable, beta and custom, i clicked custom, typed in canary, but nothing happened. Can you help me out with that please? :D
Camary bin - what is that?!

You need to download and install Canary Magisk APK 22103 (latest)
 
  • Like
Reactions: lukjod

Vulkroniid

Member
Oct 29, 2018
14
3
Hi !
The module (V1.1.0) make the device (redmi S2) unusable ! ("soft-brick"
on the MIUI 12 "start screen).
I used Orangefox Recovery to remove the module.

Do you have a solution to make the module work?

Thank you !
 

falal

New member
Nov 27, 2012
1
0
Hey guys! Thank you for the fix of the API issue. Now, 3rd party SN checkers show "passed" for me, magisk still shows failure messages, and my main concern is that my banking app still doesn't work. :/ I tried deleting the app completely, rebooting, and still upon opening the app, it immediately redirects me to a webpage saying my device is rooted so I can't use the app. It was working fine a few days ago before the API error. It's an app called MitNykredit, it's a Danish banking app. None of the other apps detect root. I have MagiskHide+props config and kdrag0n's safetynet fix (1.1.1). Poco f1, running latest stable stock rom (miui 12.0.3)

Thank you for the help! 🙏
My opinion is, it is not about root anymore. But its because you have unlocked bootloader. So even you uninstalled magisk and delete root, your banking app still wouldnt work unless you locked bootloader. Its happen to me also. I have bank app and its impossible to run. Top johnwu says there is no way to hide unlocked bootloader but i dont know maybe in the next day i hope hw figure it out. I need root and also in same time i need bank apps. ☹️☹️
 

windre

Member
Jan 6, 2012
21
0
Yes I'm Bout Install a New Rom, I didn't see any steps on how to install everything, should i go MH and then safetynet and then systemless hosts and the rest of mods i use on Magisk? Also I use Edxposed Just a of Mods (MinMin & statusbar downloader) its a older version can anybody tell me if they work latest versions EDxposed, Riru Core.
 

pndwal

Senior Member
Jun 23, 2016
2,203
1,412
Sydney
Xiaomi Redmi Note 7
Hey guys! Thank you for the fix of the API issue. Now, 3rd party SN checkers show "passed" for me, magisk still shows failure messages, and my main concern is that my banking app still doesn't work. :/ I tried deleting the app completely, rebooting, and still upon opening the app, it immediately redirects me to a webpage saying my device is rooted so I can't use the app. It was working fine a few days ago before the API error. It's an app called MitNykredit, it's a Danish banking app. None of the other apps detect root. I have MagiskHide+props config and kdrag0n's safetynet fix (1.1.1). Poco f1, running latest stable stock rom (miui 12.0.3)

Thank you for the help! 🙏
Check device is certified (PlayStore Settings)

If not, Clear PlayStore data and play services cache or data.

Unless you have latest Magisk 22103 or up, you will have SafetyNet errors in Magisk App SafetyNet Check, but it's not failing if PlayProtect shows Certified.

Toggle MagiskHide off, then on again in Magisk App settings. Ensure your app is toggled on to hide root in MagiskHide list. Reboot.

Clear Data for Bank app. (Will need to set up (cards etc) again, but this must be done AFTER toggling on in MagiskHide.)

App should no longer detect root now if it was working previously. If still detects root (ie. uses custom means / doesn't rely on SafetyNet API), see wiki here:
https://www.didgeridoohan.com/magisk/MagiskHideHidingRoot# 🤠 PW
 

fireplayer

Senior Member
Aug 26, 2010
362
12
ok, I feel like i tried everything.

Samsung A20e - running stock rom Android 10 - rooted w Magisk 22.1.

First of all device was not even certified using official unaltered stock.

So first i flashed 1.10 fix. The place i found it in said to flash it in TWRP so I did. This caused bootloops galore and I had to reflash Magisk. Which I did.

So then tried the same fix via Magisk, again causing bootloops. Great. Another clean flash of Magisk.

Next try. MagiskHide Props - and 1.11 fix.

Well, my device's fingerprint is not in the list. Not certified in any way.

So I try a fix specific for A50, found on XDA, and change my props to A50…

Well, 2 bootloops and then the phone starts. ok 👌, I can live w that…

But phone remains not certified and Safetynet Check in Magisk says as follows:

Basicintegrity - fail

CTSProfile - fail

and

Evaltype - N/A.

i have set Magiskhide on.

but it won't allow me to rename Manager, just fails no matter what I do.

So I return to my official A20e fingerprint in Props. Safetynet results still the same.

And I am back to Square One.

Am I missing something? any ideas?
 

pndwal

Senior Member
Jun 23, 2016
2,203
1,412
Sydney
Xiaomi Redmi Note 7
ok, I feel like i tried everything.

Samsung A20e - running stock rom Android 10 - rooted w Magisk 22.1.

First of all device was not even certified using official unaltered stock.

So first i flashed 1.10 fix. The place i found it in said to flash it in TWRP so I did. This caused bootloops galore and I had to reflash Magisk. Which I did.

So then tried the same fix via Magisk, again causing bootloops. Great. Another clean flash of Magisk.

Next try. MagiskHide Props - and 1.11 fix.

Well, my device's fingerprint is not in the list. Not certified in any way.

So I try a fix specific for A50, found on XDA, and change my props to A50…

Well, 2 bootloops and then the phone starts. ok 👌, I can live w that…

But phone remains not certified and Safetynet Check in Magisk says as follows:

Basicintegrity - fail

CTSProfile - fail

and

Evaltype - N/A.

i have set Magiskhide on.

but it won't allow me to rename Manager, just fails no matter what I do.

So I return to my official A20e fingerprint in Props. Safetynet results still the same.

And I am back to Square One.

Am I missing something? any ideas?
You probably need this Test module to fix SafetyNet on your device, due to Samsungs 'heavy skin' (ie. customised keystore incompatible with AOSP keystore).
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-84693353

The recent SafetyNet test API key revoked problems are discussed here and in Magisk General Support thresd:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-84876653 👍 PW
 
Last edited:
  • Like
Reactions: Wolfcity

fireplayer

Senior Member
Aug 26, 2010
362
12
Test module does nothing, still nothing passes. Any other ideas?

or actually - all the sudden the unit shows as certified, but that is the only change, still no luck w safetynet / cta or even basic integrity.

if i want to update a patched boot to magisk canary do i need to reflash magisk or is there an easier way to do it?
 

zgfg

Senior Member
Oct 10, 2016
5,112
2,414
or actually - all the sudden the unit shows as certified, but that is the only change, still no luck w safetynet / cta or even basic integrity.

if i want to update a patched boot to magisk canary do i need to reflash magisk or is there an easier way to do it?
It's only the fix in Magisk app, not in Magisk itself.
You just need to install Magisk-fb8000b5(22104).apk from Magisk Github

But it's only the fix in the built-in SN checker in Magisk app (update of the key or so, used when checking SN, causing API error).
You don't need to use the built-in checker in Magisk app (use 3rd pty SN checkers instead) and then you don't need to update Magisk apk to Canary.
Soon, the same fix will be released in the next Stable Magisk app
 

fireplayer

Senior Member
Aug 26, 2010
362
12
hmm, the canary version at least got me somewhere.
Basicintegrity now passed, cts still a no-go and evaltype now shows as hardware - wasn't there a way to set that to basic somehow?
 
Last edited:

pndwal

Senior Member
Jun 23, 2016
2,203
1,412
Sydney
Xiaomi Redmi Note 7
hmm, the canary version at least got me somewhere.
Basicintegrity now passed, cts still a no-go and evaltype now shows as hardware - wasn't there a way to set that to basic somehow?
Do you now have ONLY latest Canary Magisk, and safetynet-fix-v2.0.0-test2 module?

MagiskHide Props Config changed fingerprint you mentioned is generally ONLY needed for uncertified (Chinese etc) Stock, and many (not all) custom ROMs. A changed fingerprint may be causing your issues... PW
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    I already tried this procedure on my Galaxy Note 9 but it didn't work.
    have your clear your Google Play services and Google Play Store apps data?

    great indication of your device being SafetyNet Certified is if you can search Netflix on Play Store and Install if not that means your device fingerprint in incorrect

    if you are sure that you have done all steps correctly there a chance that the device fingerprint provided by props config is incorrect you can also file a report via props config main thread


    edit: install this samsung version of safetynet fix by kdragon https://github.com/kdrag0n/safetynet-fix/files/5846085/safetynet-fix-v1.1.1-samsungmod.zip
    3
    On twitter, @topjohnwu says it is his API key that needs updating (or something to that effect). Will be in a future update, apparently.
    3
    As far as I remember there is a limit in calling the SafetyNet API with a specific key. I suppose too many people are using Magisk's built-in SafetyNet-Check and now the contingent of calls is exceeded. That's also the reason the result of the call is 'error' and not 'failed'.
    2
    how did you update it? did you receive a push notification? that it still doesn't work for me
    Canary Channel was updated. He'll push to Beta & Stable after a few more bug fixes.
    2
    Hi,
    I'd need some help to bypass SafetyNet check.

    … and yet I can't bypass the SafetyNet check:
    "SafetyNet API Error:
    basicIntegrity Ꝋ
    ctsProfile Ꝋ
    evalType: N/A".

    What am I missing?
    Seems you're missing today's posts before yours, debating about the same SafetyNet API error (supposing you're talking about Magisk's integrated SafetyNet check), and testing with the alternative
    SN checker(s) instead 🥸
  • 171
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    21
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    13
    Universal SafetyNet Fix v1.1.1 is now available.

    Changes
    • Removed security patch fixup to fix CTS profile mismatches on some devices

    Download

    Some devices will now need to use MagiskHide Props Config in addition to this module in order to pass CTS profile checks as part of basic attestation. Altering the CTS profile is no longer in scope for this module as it breaks more devices than it fixes.

    If this module helped you, please consider a recurring donation for sustainable support, or alternatively buy me a coffee. Everything helps, but a recurring donation is the best way to keep the project alive in the long term.

    Issues on heavy OEM skins
    This is a reminder that heavy OEM skins are not officially supported. They may happen to work depending on your luck and the particular ROM in question, but nothing is guaranteed. Please do not report problems on such ROMs. It's surprising that it works at all on them; I wouldn't expect everything to be fully working. I will not provide more support for issues related to heavy OEM skins.

    The compatibility issue does not lie in the SafetyNet fix itself, but rather how the Magisk module is built. It's possible to make the Magisk module version of the fix slightly more portable, but I have no interest in supporting heavy OEM skins, nor do I have any devices running such ROMs.

    You will always have the best luck with a ROM not too far from AOSP, e.g. most custom ROMs and Pixel stock ROMs.
    6
    Everyone having issues passing basic attestation after installing the module, please try the attached versions.

    There have been quite a few reports of fingerprint unlocking in apps breaking on One UI. This is not something that is planned to be fixed, because One UI is a heavy OEM skin that is not officially supported. It's surprising that it works on One UI to begin with.
    4
    There is no need to delete the whole Data, but go to Settings, Apps and delete Data for Google Play, Google Play Services, Google Services Framework, and probably Google Pay (not using, hence cannot tell for sure).
    Go to Airplane mode before deleting, after deleting reboot and turn Airplane off
    Deleting data of Google services framework acts as a partial factory reset and it might cause late/missing notifications of many apps. I would definitely advise to avoid doing it. 🙂

    It is enough to wait a little, Google play store should "recertify" device after some time automatically if it meets the criteria. Cache or data cleaning of Google play store app should speed up this process, but it's not mandatory in my experience.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone