• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread

amit_coolcampus

Senior Member
Mar 30, 2013
271
35
Delhi
Samsung Galaxy Note 9
It's already selected bro.
Updated fingerprint as welll using magiskhide config module. Magisk is renamed too. Have been using other apps and this app for last couple of years.
Its just issue with this particular app. And this app also started detecting root with the latest update.
 

BobbyHoggatt

Member
Feb 14, 2021
16
3
39
Grants pass or
OnePlus 8 Pro
What app is it?
It's already selected bro.
Updated fingerprint as welll using magiskhide config module. Magisk is renamed too. Have been using other apps and this app for last couple of years.
Its just issue with this particular app. And this app also started detecting root with the latest update.
What bank app is it.? I install it on my phone so you know if it's a app problem or your device problem
 

zgfg

Senior Member
Oct 10, 2016
5,719
3,168
I think this app is bypassing magisk hide and detecting root using some other method.
There are other methods to detect root. E.g., test with Magisk Detector:

Set it for Magisk Hide but most likely you will fail by 1 and 5 (as attached)

It's not everything in Magisk Hide and SafetyNet
 

Attachments

  • IMG_20210721_081432.jpg
    IMG_20210721_081432.jpg
    341.9 KB · Views: 68

amit_coolcampus

Senior Member
Mar 30, 2013
271
35
Delhi
Samsung Galaxy Note 9
There are other methods to detect root. E.g., test with Magisk Detector:

Set it for Magisk Hide but most likely you will fail by 1 and 5 (as attached)

It's not everything in Magisk Hide and SafetyNet
I think you're right. Attached is the screenshot from my device.
What can I do to solve it?
 

Attachments

  • SmartSelect_20210802-023014_Magisk Detector.jpg
    SmartSelect_20210802-023014_Magisk Detector.jpg
    260.9 KB · Views: 60

zgfg

Senior Member
Oct 10, 2016
5,719
3,168
I think you're right. Attached is the screenshot from my device.
What can I do to solve it?
Search in the General Magisk thread on XDA. There was a long discussion, and some ways to pass (1) and (5)

E g., if you use Magisk Lite (instead of Stable/Canary) from the same author as that Magisk Detecror (vvb2060) you should pass (1)

Also, a riru solution was discussed to pass (5)
 

amit_coolcampus

Senior Member
Mar 30, 2013
271
35
Delhi
Samsung Galaxy Note 9
Search in the General Magisk thread on XDA. There was a long discussion, and some ways to pass (1) and (5)

E g., if you use Magisk Lite (instead of Stable/Canary) from the same author as that Magisk Detecror (vvb2060) you should pass (1)

Also, a riru solution was discussed to pass (5)
I see... I will try to locate the thread and find out the solution (if exists). By any chance if you land on the same, please share. Thank you very much.
 

amit_coolcampus

Senior Member
Mar 30, 2013
271
35
Delhi
Samsung Galaxy Note 9
Search in the General Magisk thread on XDA. There was a long discussion, and some ways to pass (1) and (5)

E g., if you use Magisk Lite (instead of Stable/Canary) from the same author as that Magisk Detecror (vvb2060) you should pass (1)

Also, a riru solution was discussed to pass (5)
Thanks for giving me a direction bro.
I found a solution and I am sharing it here if someone needs it.

Install riru and riru unshare modules.
Use Magisk hide and magisk rename.
Then install 3C toolbox.
Go to app which is detecting magisk, click manage and disable the ¨detect magisk¨ service..usually the lastone in the list.. Voila
 

pndwal

Senior Member
I see... I will try to locate the thread and find out the solution (if exists). By any chance if you land on the same, please share. Thank you very much.
I see you've fixed issue for now, but here is a link / tips in the Magisk General Support / Discussion thread:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85300227

Nb. I've now swapped riru-unshare module for riru-MomoHider module as it seems to be even more effective at the present time. PW
 

amit_coolcampus

Senior Member
Mar 30, 2013
271
35
Delhi
Samsung Galaxy Note 9
I see you've fixed issue for now, but here is a link / tips in the Magisk General Support / Discussion thread:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85300227

Nb. I've now swapped riru-unshare module for riru-MomoHider module as it seems to be even more effective at the present time. PW
Thank you bro. Yes I had read about this option too. Had tried this a few days ago. Momo hider module didn't work for me.
 
  • Like
Reactions: pndwal

pndwal

Senior Member
  • Like
Reactions: amit_coolcampus

amit_coolcampus

Senior Member
Mar 30, 2013
271
35
Delhi
Samsung Galaxy Note 9
  • Like
Reactions: pndwal

Tianhe

Senior Member
Mar 16, 2011
669
162

Tianhe

Senior Member
Mar 16, 2011
669
162
  • Like
Reactions: pndwal

pndwal

Senior Member
Yep, Magiskhide itself is enough to hide permissive SELinux for passing Safety Net, unfortunately it cannot hide this status from some apps which then assume that the device is rooted.
Can you say how the app identifies permissive SELinux when SafetyNet is hiding it properly?

Note: You may want to reconsider running such a ROM / environment, ESPECIALLY with root access:

"We should stop the toxic and irresponsible mentality of releasing SELinux permissive ROMs/kernels in this community. You should never, *EVER* switch to permissive unless actually doing development/debugging." - John Wu
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-84458833

😮 PW
 
Last edited:
  • Like
Reactions: amit_coolcampus

Top Liked Posts

  • 3
    Ah, alright. Thanks for the heads up. I did find this post regarding the fingerprint issue, it also uses MSM. I'll give that a try. Thanks again!
    Alright. I didn't even have to use MSM or do any factory reset. Following the steps of replacing the data and engineermode folders from a dumped persist.img restored my fingerprint. Huzzah!

    I did install USNF 2.1.1 after it, now I know how to fix it. It didn't break my fingerprint this time.

    So for anyone that might come across this error and this post in the future, following the instructions in the video provided in that post I linked regarding dumping persist, calibrating and replacing the data and engineermode worked for me.
    2
    I found an unintended side affect of the new bypass methods introduced in 2.1.0: my Pixel is no longer recognized as a Pixel by Google Assistant and thus "Hey Google" is no longer available when the screen is off:

    View attachment 5414715
    Sounds like https://github.com/kdrag0n/safetynet-fix/issues/93. Please add your report there. (y)
    1
    If you've uninstalled USNF then it's kind of out of our hands here. Yeah, just start piecing your way back to full stock..

    Your report reminds of when I originally fixed this for MagiskHide. We fixed it correctly (as evidenced by any Magisk version after 20414 working for you), but there were some 8 Pros that worked immediately and some that were still broken because something went weird with their fp firmware/calibration data: https://github.com/topjohnwu/Magisk/issues/2803
    MagiskHide did work indeed, thanks for that. Also thanks for helping me figure out I'm pretty much at a loss ;)

    I'll just be reinstalling OOS completely clean, then root it again. Might give another go at USNF, might not. Thanks anyways!
    1
    Not necessarily.. search xda for MSM and your device and you'll find the packages. It's what OnePlus tech support installs for you to fully restore your device back to locked factory.
    Ah, alright. Thanks for the heads up. I did find this post regarding the fingerprint issue, it also uses MSM. I'll give that a try. Thanks again!
    1
    I found an unintended side affect of the new bypass methods introduced in 2.1.0: my Pixel is no longer recognized as a Pixel by Google Assistant and thus "Hey Google" is no longer available when the screen is off:

    Screenshot_20210920-121626.png
  • 27
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    17
    Anyone who installs Riru, deserves everything that happens to them.

    Anyone who pays a clown for broken amateur hour nonsense, also deserves everything that happens to them.

    This project has dramatically veered into a wall, and the torrent of mockery that is sure to follow, is well deserved.
    You're way off, and have cited no proof!

    I'll mention what we know - with no citations either as these will no doubt be lost on you also. - It may help those facing issues however.

    This fix seems to be working well on all but some custom ROMs like Pixel Experience etc. that already manipulate props in custom utils; these will apparently need fixing by their devs internally, and @Displax has already supplied a needed commit on GitHub. This and other issues may in part be why official LineageOS and many other custom OS's don't manipulate / spoof etc as a matter of policy... And who knows?, dev may also find an external solution for this yet!

    Other custom ROM users should find this works fine, but will likely need to set a certified fingerprint in MagiskHide Props Config module in addition.

    Riru's inject into zygote ability allows USNF to be more powerful, eg to target only Google Play Services with changed props to trigger the needed fallback to basic attestation, and not make the change global, which is causing many issues for users of other fixes that change model props etc, such as loss of device / OEM specific functionality (Galaxy Store, backup solutions, camera functions etc etc).

    In any case, it seems Riru is just a stop-gap solution and that this dev will move to John's new Zygisk asap or practical.

    The dev, @kdrag0n has clearly invested much time and effort in these S/N fixes. Most have been using them for a good while for free and would be pretty much up the creek without a paddle w/o them. No-one made him supply them as Magisk modules for all either; They were originally developed for his Proton ROMs...

    The new 'early releases' for his Patreon supporters will clearly generate only token recompense for his effort, and have so far become public and free in short order in any case.

    If you took the time to check facts, you would discover that these fixes are not only the best of the bunch, but are professionally coded and avoid the issues of most if not all others. A boon for the modding community.

    @kdrag0n deserves accolades and thanks from any modders worth their salt... He has mine.

    Sorry if this seems like a torrent of retorts, but I think they are well deserved... and I ain't mocking...

    It would be big of you to take back your .......... words. PW
    17
    v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍

    12
    Hi, I install ver. 2.1.0 and riru only in magisk 23. Safetynet check in magisk pass basic. Google Play in about tell me is certifed device, but Google pay not work with contactless card. Other bank app tell me the device is rooted

    You need to force stop and clear all data on Play Services, Play Store and Pay, then all will work again once you set it up.

    Can confirm that latest version breaks fingerprint reader for me on OP7T 11.0.3.1

    Does that mean it will work in a later version? I can't tell if that post just mentions the issue or resolves it.

    Should do - pull request contains solution but requires reviews etc, however my hunch is the OP may push a build with a fix quickly due to issue found... Here's hoping! PW

    While we wait for @kdrag0n to merge my PR, I developed and tested it on my 8T with OOS and it's working well, so you can download my updated service.sh and system.prop from my PR GitHub and update the v2.1.0 files in /data/adb/modules/safetynet-fix to get it working in the meantime.

    Simply "View file" then "View raw" to download from here: https://github.com/kdrag0n/safetynet-fix/pull/90/files

    ...

    Riru hooks zygote, Magisk will directly replace Riru soon too with Zygisk, and there will always be tinfoil hatted people about stuff like that, probably best to ignore them going forward.

    Open source and code review is good, especially for things that hook this deeply, but a developer can also build up trust and keep such things closed, for example Chainfire and SuperSU. kdrag0n's credentials are solid as a ROM, kernel and mod developer in my opinion, so there shouldn't be any worry, especially where this isn't actually closed.

    Some people are just anti-closed source and will freak out, but the early pre-release sponsored testers scheme here isn't overly problematic. I mean, think it through.. It wouldn't be a very solid business model to identity theft or Bitcoin mine only your private paid sponsors/testers then release a clean free version publicly. 🙄😄
  • 214
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    27
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    22
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    17
    Anyone who installs Riru, deserves everything that happens to them.

    Anyone who pays a clown for broken amateur hour nonsense, also deserves everything that happens to them.

    This project has dramatically veered into a wall, and the torrent of mockery that is sure to follow, is well deserved.
    You're way off, and have cited no proof!

    I'll mention what we know - with no citations either as these will no doubt be lost on you also. - It may help those facing issues however.

    This fix seems to be working well on all but some custom ROMs like Pixel Experience etc. that already manipulate props in custom utils; these will apparently need fixing by their devs internally, and @Displax has already supplied a needed commit on GitHub. This and other issues may in part be why official LineageOS and many other custom OS's don't manipulate / spoof etc as a matter of policy... And who knows?, dev may also find an external solution for this yet!

    Other custom ROM users should find this works fine, but will likely need to set a certified fingerprint in MagiskHide Props Config module in addition.

    Riru's inject into zygote ability allows USNF to be more powerful, eg to target only Google Play Services with changed props to trigger the needed fallback to basic attestation, and not make the change global, which is causing many issues for users of other fixes that change model props etc, such as loss of device / OEM specific functionality (Galaxy Store, backup solutions, camera functions etc etc).

    In any case, it seems Riru is just a stop-gap solution and that this dev will move to John's new Zygisk asap or practical.

    The dev, @kdrag0n has clearly invested much time and effort in these S/N fixes. Most have been using them for a good while for free and would be pretty much up the creek without a paddle w/o them. No-one made him supply them as Magisk modules for all either; They were originally developed for his Proton ROMs...

    The new 'early releases' for his Patreon supporters will clearly generate only token recompense for his effort, and have so far become public and free in short order in any case.

    If you took the time to check facts, you would discover that these fixes are not only the best of the bunch, but are professionally coded and avoid the issues of most if not all others. A boon for the modding community.

    @kdrag0n deserves accolades and thanks from any modders worth their salt... He has mine.

    Sorry if this seems like a torrent of retorts, but I think they are well deserved... and I ain't mocking...

    It would be big of you to take back your .......... words. PW
    17
    v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍