• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread

NafNuf

Member
Feb 22, 2015
5
0
37
Minsk
Pixel 3, Android 11, screen lock protected by password, Magisk and Universal SafetyNet Fix 1.2 installed, SafetyNet passes.

After reboot Android doesn't "load" all applications (some icons are empty on desktop and in the application list), apps don't start, reboot menu appears - but does nothing.

But,

when I enable airplane mode before entering password after reboot, everything works fine.

Looks like some internet request breaks Android boot sequence when Universal SafetyNet Fix is installed.
 

Danblotter

Member
Sep 4, 2018
8
1
Xiaomi Redmi Note 7 Pro
Yep, it's pretty much all you need with certified stock ROM at present!

Alternatively, you could keep China ROM, root with Magisk and use MagiskHide Props Config module configured to spoof a certified fingerprint in addition this module and sideload GApps.

For custom ROMs, you can also add device to Google's whitelist to allow use of GApps. (I think that this will, in practice, also allow China stock ROM to use GApps, but I'm doubtful whitelisting will help with bootloader locked; perhaps it does.)

Be aware that you will likely brick device if you try to lock bootloader w/ non-China ROM incl. any non-stock partitions (this can possibly be overcome by applying signing keys to images, but this entails risk of hard brick / problems with OTA updates, etc), so enjoy passing SafetyNet while you can!

When / if Google finish / fully roll out hardware TEE attestation (meaning forced fallback to basic attestation using solutions like USNF module can no longer be achieved), there are (as yet) no options for passing with Google's SafetyNet API on non-certified devices. PW
Yes. Since I've switched to the indian official rom (the closer we get to an International version), I had to unlock the bootloader and I shall keep it like this. I have also installed the Orangefox recovery and rooted with Magisk + applyied safetynet fix. So far, it is all perfect. I only hope that I can still get the OTA updates.
 
Last edited:

pndwal

Senior Member
Yes. Since I've switched to the indian official rom (the closer we get to an International version), I had to unlock the bootloader and I shall keep it like this. I have also installed the Orangefox recovery and rooted with Magisk + applyied safetynet fix. So far, it is all perfect. I only hope that I can still get the OTA updates.
You'll need to restore images incl. boot and recovery to stock before OTA, but should get notification.
https://github.com/topjohnwu/Magisk/blob/master/docs/ota.md

For Magisk modified boot image, you can use Magisk App Uninstall Magisk, Restore Images function. This preserves settings and modules. PW
 
Last edited:

Bootload٠

Member
Jul 20, 2021
21
1
1
Universal SafetyNet Fix
Magisk module​

This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

How does it work?
The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

Downloads
Downloads and changelogs can be found on GitHub. The topmost release is the latest.

Telegram group
Source code

If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
The founder of Magisk is working with google now. I'm pretty sure he is trying to find a workaround. I think this is the best bypass since google updated its API .
I tried to use it to send a feedback but I'm using android SDK 25 (not supported). A lot of people still prefer android 7.*
 

pndwal

Senior Member
My Moto G7 Plus (XT1965-3) with TWRP (3.5.2_9-0-lake), LineageOS 18.1 and MagiskHide (23.0) did not work.
Then I went searching and found this video and changed the fingerprint to model XT1962-5 and now it works.
Yup, you need to spoof passing fingerprint on custom ROMs that don't spoof (incl. all official LOS) and uncertified (China etc) stock ROMs in addition to using Universal SafetyNet Fix module.

MagiskHide Props Config module is the best solution for this as mentioned in the GitHub main page for this module linked from OP here. PW
 
  • Like
Reactions: victorsv

pndwal

Senior Member
SaftyNet Passed BUT GooglePay NOT WORK
Check Playstore settings for PlayProtect 'Device is certified' (clear Google Play Services and Google Play Store data if not), check Google Pay (latest from Playstore) is selected in Magisk Manager Hide list, toggle MagiskHide off then on again in Magisk settings, clear data for Google Pay app and reboot, then try setting up with card(s) again. PW
 
Last edited:

ahamedlaheer

New member
Nov 2, 2015
2
0
This is what worked for me after several hours of testing with magiskhide & other cloning apps such as island and etc. My device is a POCO F1 and I'm on MIUI global 12.0.3, BL Unlocked & rooted. Thank you very much for this file.
 

etacarinnae

Member
Nov 11, 2018
10
1
I'm having a problem in my Redmi 7 with xiaomi.eu: SafetyNet passes in all options, but in Play Store device is still not certified. I tried MagiskHide, hide Magisk app, clear caches, restart, etc. But no solution. Anyone knows what it might be?
 

NTClarity

New member
Jul 20, 2021
4
3
Xiaomi Poco F3
I just installed Universal Safety Fix (v1.2.0) and it worked like a charm! SafetyNet passes without errors and also Google Pay works perfectly.
-Poco F3 , Magisk v23.0 , MIUI Global 12.5.3 Stable RKHEUXM
 

pndwal

Senior Member
I'm having a problem in my Redmi 7 with xiaomi.eu: SafetyNet passes in all options, but in Play Store device is still not certified. I tried MagiskHide, hide Magisk app, clear caches, restart, etc. But no solution. Anyone knows what it might be?
Cleared Google Play Services and Google Play Store data? PW
 
  • Like
Reactions: etacarinnae

73sydney

Senior Member
Jul 21, 2018
1,863
1,610
Sydney
Google Pixel 2 XL
Yes. "Device is certified" But GPay still not work :(

So did you check Google Pay (latest from Playstore) is selected in Magisk Manager Hide list and, after that, clear data for Google Pay app and reboot, then try setting up with card(s) etc again? PW

Standard disclaimer applies: clearing data for Google Pay may (alomsot certainly will) remove any loyalty cards you may have attached

(soz @pndwal, just wanted to cover your butt - i learned the hard way when my module did that step and someone had 5 loyalty cards in their GP :) )
 
  • Like
Reactions: pndwal

amit_coolcampus

Senior Member
Mar 30, 2013
273
35
Delhi
Samsung Galaxy Note 9
I have samsung note 9.
Safetynet passed, device is certified.
Almost every app works except one. SC mobile india. Thats a banking app from Standard chartered. This app was upgraded recently and I get an error with the latest version unfortunately I dont have the backup of previous app so I can't roll back. I think this app is detecting something else like direct root check method or through some other app. Is there a way to get it to work?

Screenshot of error attached.

Playstore link to the app- https://play.google.com/store/apps/details?id=air.app.scb.breeze.android.main.in.prod
 

Attachments

  • Screenshot_20210802-004924_SC Mobile.jpg
    Screenshot_20210802-004924_SC Mobile.jpg
    302.4 KB · Views: 36

BobbyHoggatt

Member
Feb 14, 2021
16
3
39
Grants pass or
OnePlus 8 Pro
I have samsung note 9.
Safetynet passed, device is certified.
Almost every app works except one. SC mobile india. Thats a banking app from Standard chartered. This app was upgraded recently and I get an error with the latest version unfortunately I dont have the backup of previous app so I can't roll back. I think this app is detecting something else like direct root check method or through some other app. Is there a way to get it to work?

Screenshot of error attached.

Playstore link to the app- https://play.google.com/store/apps/details?id=air.app.scb.breeze.android.main.in.prod

must go into magisk click on the shield looking icon then click on magisk hide then select your banking app then you should be good to go
 

Top Liked Posts

  • There are no posts matching your filters.
  • 27
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    17
    Anyone who installs Riru, deserves everything that happens to them.

    Anyone who pays a clown for broken amateur hour nonsense, also deserves everything that happens to them.

    This project has dramatically veered into a wall, and the torrent of mockery that is sure to follow, is well deserved.
    You're way off, and have cited no proof!

    I'll mention what we know - with no citations either as these will no doubt be lost on you also. - It may help those facing issues however.

    This fix seems to be working well on all but some custom ROMs like Pixel Experience etc. that already manipulate props in custom utils; these will apparently need fixing by their devs internally, and @Displax has already supplied a needed commit on GitHub. This and other issues may in part be why official LineageOS and many other custom OS's don't manipulate / spoof etc as a matter of policy... And who knows?, dev may also find an external solution for this yet!

    Other custom ROM users should find this works fine, but will likely need to set a certified fingerprint in MagiskHide Props Config module in addition.

    Riru's inject into zygote ability allows USNF to be more powerful, eg to target only Google Play Services with changed props to trigger the needed fallback to basic attestation, and not make the change global, which is causing many issues for users of other fixes that change model props etc, such as loss of device / OEM specific functionality (Galaxy Store, backup solutions, camera functions etc etc).

    In any case, it seems Riru is just a stop-gap solution and that this dev will move to John's new Zygisk asap or practical.

    The dev, @kdrag0n has clearly invested much time and effort in these S/N fixes. Most have been using them for a good while for free and would be pretty much up the creek without a paddle w/o them. No-one made him supply them as Magisk modules for all either; They were originally developed for his Proton ROMs...

    The new 'early releases' for his Patreon supporters will clearly generate only token recompense for his effort, and have so far become public and free in short order in any case.

    If you took the time to check facts, you would discover that these fixes are not only the best of the bunch, but are professionally coded and avoid the issues of most if not all others. A boon for the modding community.

    @kdrag0n deserves accolades and thanks from any modders worth their salt... He has mine.

    Sorry if this seems like a torrent of retorts, but I think they are well deserved... and I ain't mocking...

    It would be big of you to take back your .......... words. PW
    17
    v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍

    12
    Hi, I install ver. 2.1.0 and riru only in magisk 23. Safetynet check in magisk pass basic. Google Play in about tell me is certifed device, but Google pay not work with contactless card. Other bank app tell me the device is rooted

    You need to force stop and clear all data on Play Services, Play Store and Pay, then all will work again once you set it up.

    Can confirm that latest version breaks fingerprint reader for me on OP7T 11.0.3.1

    Does that mean it will work in a later version? I can't tell if that post just mentions the issue or resolves it.

    Should do - pull request contains solution but requires reviews etc, however my hunch is the OP may push a build with a fix quickly due to issue found... Here's hoping! PW

    While we wait for @kdrag0n to merge my PR, I developed and tested it on my 8T with OOS and it's working well, so you can download my updated service.sh and system.prop from my PR GitHub and update the v2.1.0 files in /data/adb/modules/safetynet-fix to get it working in the meantime.

    Simply "View file" then "View raw" to download from here: https://github.com/kdrag0n/safetynet-fix/pull/90/files

    ...

    Riru hooks zygote, Magisk will directly replace Riru soon too with Zygisk, and there will always be tinfoil hatted people about stuff like that, probably best to ignore them going forward.

    Open source and code review is good, especially for things that hook this deeply, but a developer can also build up trust and keep such things closed, for example Chainfire and SuperSU. kdrag0n's credentials are solid as a ROM, kernel and mod developer in my opinion, so there shouldn't be any worry, especially where this isn't actually closed.

    Some people are just anti-closed source and will freak out, but the early pre-release sponsored testers scheme here isn't overly problematic. I mean, think it through.. It wouldn't be a very solid business model to identity theft or Bitcoin mine only your private paid sponsors/testers then release a clean free version publicly. 🙄😄
  • 214
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    27
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    22
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    17
    Anyone who installs Riru, deserves everything that happens to them.

    Anyone who pays a clown for broken amateur hour nonsense, also deserves everything that happens to them.

    This project has dramatically veered into a wall, and the torrent of mockery that is sure to follow, is well deserved.
    You're way off, and have cited no proof!

    I'll mention what we know - with no citations either as these will no doubt be lost on you also. - It may help those facing issues however.

    This fix seems to be working well on all but some custom ROMs like Pixel Experience etc. that already manipulate props in custom utils; these will apparently need fixing by their devs internally, and @Displax has already supplied a needed commit on GitHub. This and other issues may in part be why official LineageOS and many other custom OS's don't manipulate / spoof etc as a matter of policy... And who knows?, dev may also find an external solution for this yet!

    Other custom ROM users should find this works fine, but will likely need to set a certified fingerprint in MagiskHide Props Config module in addition.

    Riru's inject into zygote ability allows USNF to be more powerful, eg to target only Google Play Services with changed props to trigger the needed fallback to basic attestation, and not make the change global, which is causing many issues for users of other fixes that change model props etc, such as loss of device / OEM specific functionality (Galaxy Store, backup solutions, camera functions etc etc).

    In any case, it seems Riru is just a stop-gap solution and that this dev will move to John's new Zygisk asap or practical.

    The dev, @kdrag0n has clearly invested much time and effort in these S/N fixes. Most have been using them for a good while for free and would be pretty much up the creek without a paddle w/o them. No-one made him supply them as Magisk modules for all either; They were originally developed for his Proton ROMs...

    The new 'early releases' for his Patreon supporters will clearly generate only token recompense for his effort, and have so far become public and free in short order in any case.

    If you took the time to check facts, you would discover that these fixes are not only the best of the bunch, but are professionally coded and avoid the issues of most if not all others. A boon for the modding community.

    @kdrag0n deserves accolades and thanks from any modders worth their salt... He has mine.

    Sorry if this seems like a torrent of retorts, but I think they are well deserved... and I ain't mocking...

    It would be big of you to take back your .......... words. PW
    17
    v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍