• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread

pndwal

Senior Member
Hi, doesnt work for me :
View attachment 5378539
OnePlus 9 Pro, OOS 11.2.8.8 BA
As OP says, passing basic attestation (ie. basicIntegrity) is out of scope for this fix; you need to be passing that first.

Some ideas:

If ROM is an unofficial customised distribution or uncertified stock ROM (eg China variant), you likely need to spoof a certified fingerprint in addition to this module. Using MagiskHide Props Config module is the best solution currently for that.

If you are running EDXposed, as noted many times here now, this is now breaking SafetyNet. Disable / uninstall / use LSPosed (passes presently).

Disable all other modules and reboot to eliminate other modules breaking basicIntegrity. PW
 
  • Like
Reactions: Kainey

Kainey

Member
Jan 11, 2016
19
1
As OP says, passing basic attestation (ie. basicIntegrity) is out of scope for this fix; you need to be passing that first.

Some ideas:

If ROM is an unofficial customised distribution or uncertified stock ROM (eg China variant), you likely need to spoof a certified fingerprint in addition to this module. Using MagiskHide Props Config module is the best solution currently for that.

If you are running EDXposed, as noted many times here now, this is now breaking SafetyNet. Disable / uninstall / use LSPosed (passes presently).

Disable all other modules and reboot to eliminate other modules breaking basicIntegrity. PW
Thank you it was indeed EDXposed, it's now perfectly fine with LSPosed ! Sorry I'm a beginner, my 7 Pro passed after rooting but it was long time ago.
 
  • Like
Reactions: pndwal

SmolChild

New member
Aug 7, 2021
1
1
Hi, I need some help with this.

I have a Google Pixel 2xl with Android 8 and I'm using the ver. 23 of Magisk. When I try to install the SafetyNet Fix 1.2.0 module, my phone is stuck in a bootloop. Can someone guide me on how to fix this issue?
 
  • Like
Reactions: t0m0

pndwal

Senior Member
Hi, I need some help with this.

I have a Google Pixel 2xl with Android 8 and I'm using the ver. 23 of Magisk. When I try to install the SafetyNet Fix 1.2.0 module, my phone is stuck in a bootloop. Can someone guide me on how to fix this issue?
Just boot to Safe Mode (in case of incompatable module / bootloop).

For Pixel (from phone off):
1. Press your phone's power button.
2. When the animation starts, press and hold your phone's volume down button. Keep holding it until the animation ends and your phone starts in safe mode.
3. You'll see "Safe mode" at the bottom of your screen.
https://support.google.com/pixelphone/answer/2852139

On next boot to system, modules and MagiskHide will be disabled. Compatible modules can be enabled again later, others removed.

... Not sure what your issue really is however. Android 8 / Pixel should be compatible with this...

What other modules are installed?...

And, just curious, why are you still on Android 8 with Android 11 available (stock) for your phone? 🤔

🤠 PW
 
Last edited:

Qudus77

New member
Aug 13, 2020
1
0
27
Everyone having issues passing basic attestation after installing the module, please try the attached versions.

There have been quite a few reports of fingerprint unlocking in apps breaking on One UI. This is not something that is planned to be fixed, because One UI is a heavy OEM skin that is not officially supported. It's surprising that it works on One UI to begin with.
Thanks very much!! Finally it works after flashed this module v1.1 test1

Redmi Note 8 with rom Corvus 9.5
MHCP activated, and Safety Checks passed.
 

Attachments

  • Screenshot_20210808-051756_Magisk.png
    Screenshot_20210808-051756_Magisk.png
    215 KB · Views: 110
  • Screenshot_20210808-051720_Magisk.png
    Screenshot_20210808-051720_Magisk.png
    58.3 KB · Views: 107

foormea

Member
Dec 3, 2020
12
0
Hi, I have set up Magisk hide for Google Play Services and Google Pay, I have installed the props module and enabled the fingerprint for my phone, and I have installed this Universal SafetyNet Fix module.
I'm still having issues with Google Pay: I cannot enable contactless, GPay says that "Your phone doesn't meet security requirements". All other requirements (NFC on, GPay set as default, card is there, screen lock is there).
Is there anything I can do to enable contactless?
Thank you.

edit: seems like clearing cache/data for Google Play Services fixed it
 
Last edited:

Nateg900t

Member
Jan 7, 2016
36
7
Pixel 3, Android 11, screen lock protected by password, Magisk and Universal SafetyNet Fix 1.2 installed, SafetyNet passes.

After reboot Android doesn't "load" all applications (some icons are empty on desktop and in the application list), apps don't start, reboot menu appears - but does nothing.

But,

when I enable airplane mode before entering password after reboot, everything works fine.

Looks like some internet request breaks Android boot sequence when Universal SafetyNet Fix is installed.

Did you ever figure out a fix for this? I'm having lockups an a Pixel 3, recently updated to Android 11 (aug 5 21 build) with Magisk 23, and the same thing when SafetyNet Fix 1.1.1 was installed. Was able to get the module disabled by turning off wifi/data ASAP upon booting.

It looks like this issue describes the same problem, and a potential fix was to install a different kernel: https://github.com/kdrag0n/safetynet-fix/issues/60

It's been a long time since I used a different kernel though, so I need to read up on the process/compatibility of EXKM since I don't think I can boot to TWRP anymore on Android 11?
 

Nateg900t

Member
Jan 7, 2016
36
7
Did you ever figure out a fix for this? I'm having lockups an a Pixel 3, recently updated to Android 11 (aug 5 21 build) with Magisk 23, and the same thing when SafetyNet Fix 1.1.1 was installed. Was able to get the module disabled by turning off wifi/data ASAP upon booting.

It looks like this issue describes the same problem, and a potential fix was to install a different kernel: https://github.com/kdrag0n/safetynet-fix/issues/60

It's been a long time since I used a different kernel though, so I need to read up on the process/compatibility of EXKM since I don't think I can boot to TWRP anymore on Android 11?
To answer my own question, after buying EX File Manager, and downloading and saving the Kirisakura kernel (
https://forum.xda-developers.com/t/...for-pixel-3-xl-aka-bluecross.3864563/page-154 ) to my Pixel 3 on Android 11, I was able to install the kernel, reboot, then install USNF 1.2.0 from storage and reboot and so far so good (Magiskhide enabled and app hidden, no freezes/crashes at boot, SN passes, Play certified, able to re-add back a payment card in GPay).
 
  • Like
Reactions: pndwal

RushdB

Senior Member
Jul 25, 2007
66
0
Hey guys... I really need to get my phone back to pass safety net.
It's an old Moto Z2 Force, running latest lineage os.
Installed Magisk (apk first, booted into recovery and installed zip file).
Then I've installed MagiskHide Props and Universal Safety net Fix.
My CTS still fail. Any hint?
Do I have to do anything besides just install these modules, I mean, config anything?
 

Attachments

  • Screenshot_20210809-215926_Magisk.png
    Screenshot_20210809-215926_Magisk.png
    220 KB · Views: 55
  • Screenshot_20210809-215934_Magisk.png
    Screenshot_20210809-215934_Magisk.png
    97 KB · Views: 55

pndwal

Senior Member
Hey guys... I really need to get my phone back to pass safety net.
It's an old Moto Z2 Force, running latest lineage os.
Installed Magisk (apk first, booted into recovery and installed zip file).
Then I've installed MagiskHide Props and Universal Safety net Fix.
My CTS still fail. Any hint?
Do I have to do anything besides just install these modules, I mean, config anything?
Yup; (you need MHPC module if rom uses uncertified fingerprint. Some unofficial LOS spoof certified fingerprint out of the box. Official never die, due to policy.)

MHPC does nothing if props required are not configured (hence name)! 😜

Check it's docs, install a terminal emulator, type 'props', wait for menu, select change fingerprint option only, select close / same print for your device and reboot...

Thread here:
https://forum.xda-developers.com/t/...safetynet-prop-edits-and-more-v5-4-0.3789228/

🙂 PW
 

pndwal

Senior Member
To answer my own question, after buying EX File Manager, and downloading and saving the Kirisakura kernel (
https://forum.xda-developers.com/t/...for-pixel-3-xl-aka-bluecross.3864563/page-154 ) to my Pixel 3 on Android 11, I was able to install the kernel, reboot, then install USNF 1.2.0 from storage and reboot and so far so good (Magiskhide enabled and app hidden, no freezes/crashes at boot, SN passes, Play certified, able to re-add back a payment card in GPay).
Didn't see if anyone tried test module, "Shim the keystore service instead of replacing it" for this issue:
Scenarios and issues to test
32-bit ARM devices
Heavy OEM skins
Samsung One UI
MIUI
Broken biometric authentication in apps
Unstable system (i.e. rebooting and/or crashing)
From OP.

Download:
https://github.com/kdrag0n/safetynet-fix/pull/13#issuecomment-767863635 PW
 

Nateg900t

Member
Jan 7, 2016
36
7
Didn't see if anyone tried test module, "Shim the keystore service instead of replacing it" for this issue:

From OP.

Download:
https://github.com/kdrag0n/safetynet-fix/pull/13#issuecomment-767863635 PW
Thanks, didn't find that post in my searching. In reading the list of symptoms it is supposed to fix, I don't think I would have suspected the pixel 3 stock rom to qualify with the one ui and heavily skinned roms. Everything is working on 1.2.0 with custom kernel so I don't think I want to mess with it right now but will remember this if something changes!
 

pndwal

Senior Member
Thanks, didn't find that post in my searching. In reading the list of symptoms it is supposed to fix, I don't think I would have suspected the pixel 3 stock rom to qualify with the one ui and heavily skinned roms. Everything is working on 1.2.0 with custom kernel so I don't think I want to mess with it right now but will remember this if something changes!
Yup, understand.

I'm not sure if "Unstable system (i.e. rebooting and/or crashing)" fix will work for this scenario either, but could help others if instability on Pixels is related to replacing Keystore with pure AOSP version, which seems most likely. PW
 
Last edited:
  • Like
Reactions: Nateg900t

Esufrae

New member
Aug 10, 2021
2
0
United Kingdom
Olá pessoal, eu uso um app de delivery e tenho um grande problema com algum gps falso que uso gerado no sistema. mas com S8 ou S9 Android 09 não tenho esse problema.
então agora estou usando um Samsung G960F Android 10, UI 2.1. magisk instalado.
Já baixei edxposed, hide mock location, busybox, adereços config e riru 5.4.4.
esta mensagem só aparece quando ligo o GPS.
vale uma boa doação, para quem me ajuda a desvendar esse mistério.
20210811_202002.jpg
 

zgfg

Senior Member
Oct 10, 2016
5,883
3,346
Olá pessoal, eu uso um app de delivery e tenho um grande problema com algum gps falso que uso gerado no sistema. mas com S8 ou S9 Android 09 não tenho esse problema.
então agora estou usando um Samsung G960F Android 10, UI 2.1. magisk instalado.
Já baixei edxposed, hide mock location, busybox, adereços config e riru 5.4.4.
esta mensagem só aparece quando ligo o GPS.
vale uma boa doação, para quem me ajuda a desvendar esse mistério.View attachment 5383543
Please, this is English forum
 
  • Like
Reactions: Wolfcity

Rockel

Senior Member
Nov 4, 2013
67
18
37
Tilburg
Huawei MediaPad T5
Moto G8 Plus
You have to download the module's zip file from Github and install in Magisk, Modules, Install from storage and reboot

And read the OP post
Thanks! Don't know how it was possible missing this. Seems i was looking in a wrong part. Didn't understood annything of it. But now I've found the zip. Thanks!

Edit:
And this helped to fix my ctsProfile fail. (y)
Screenshot_20210812-122457.jpg
 
Last edited:
  • Like
Reactions: zgfg

Philnicolls89

Senior Member
Jun 28, 2019
657
289
32
A.C.T
Samsung Galaxy S10+
Install riru and riru unshare modules.
Use Magisk hide and magisk rename.
Then install 3C toolbox.
Go to app which is detecting magisk, click manage and disable the ¨detect magisk¨ service..usually the lastone in the list.. Voila
What is 3C toolbox, I have one particular app that is kicking my ass with detecting root. I'm willing to give anything a go at this point. I've already already tried unshare and momo hider.
 

Top Liked Posts

  • 2
    Hey @kdrag0n I noticed that your module breaks At a glance on Android 12 and it seems to mess up with Continued conversation and maybe other Google Assistant things. Can you please look into that? Thanks!
    Pretty sure he's already aware of the issue as it was mentioned on his GitHub issue tracker 3 days ago https://github.com/kdrag0n/safetynet-fix/issues/108. No response from OP yet on GitHub or XDA but I'm sure he's aware and brainstorming possible solutions. We might just need to wait a few more days.
    2
    Running 2.1.1 on a Pixel 3XL. I have Magisk canary (which was updated last night) running currently with Riru module. MagiskHide is turned on. The canary notes mention that (as expected) hide is gone now. I didn't install when the notification showed up, but I suspect Magisk will move to stable without hide very quickly. Ignoring the update, but also wondering if anyone tried it. Did the Safetynet fix break, and does anyone have a method to fix if so. If not, any plans?
    There are a lot of mention about this in the general magisk thread https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/page-2432#post-85825005

    But be aware that you can't use riru and riru modules with newest canary magisk that use zygisk. So you can't use USNF 2.0 with it, until it gets rewritten to use zygisk instead of riru.


    For some devices there are still ways to pass saftey net, by using USNF 1 instead.

    I am passing saftey net fine with my oneplus 8T and latest magisk canary, but that device was never affected by googles latest server side changes.

    The steps I did was
    Enable agisk deny list for com.google.android.gms and com.google.android.gms.unstable
    Togheter with either
    UNSF 1.2.0
    or
    spoofing magisk hide props with MHPC (https://github.com/Magisk-Modules-R...README.md#setreset-magiskhide-sensitive-props)

    But that might not be enough for all devices in that case you might need to stay on stable magisk until this module is rewritten to use zygisk instead of riru.

    So either wait or try it out. You can always downgrade magisk again if needed.
  • 4
    I flashed this Magisk module on my OnePlus 5T running on Android 10 with Oxygen OS. I'm still not able to pass safetynet check. What should I do?
    OnePlus 5T and 6T are old enough that they do not need this module.
    They do not have the hardware to support hardware attestation

    Make sure MagiskHide is running.
    If it is on, toggle it off and on to restart it.

    Since you are running stock OxygenOS, MagiskHide is enough to pass SafetyNet.

    If you still have problems, it would be better to ask in the Magisk General Support / Discussion - xdaThread - Link

    Cheers. :cowboy:

    PS.
    I double checked on my 5T running OOS 10.0.1 ;)
    4
    Pull request is beyond me ATM, so I submitted as an issue... 😜 PW
    Login to GitHub, go to README, press edit, it'll do the rest for you pretty much.
    3
    The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels. MagiskHide is required as a result.

    Passing basic attestation is out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Use MagiskHide Props Config to spoof your CTS profile if you have trouble passing basic attestation. This is a common issue on old devices and custom ROMs.
    https://github.com/kdrag0n/safetynet-fix#universal-safetynet-fix

    @kdrag0n, others -

    Just a heads up. - GitHub README.md is a bit misleading. 😜

    Devices passing basicIntegrity often lack a passing (certified) fingerprint (eg. my Mi Pad 4 w/ unofficial LOS 18.1), therefore 'basic attestation' (basicIntegrity) pass is NOT the only requirement to allow USNF to fix failed ctsProfile (work).

    Actually, 'basic attestation' (basicIntegrity) often does NOT require a valid combination including build fingerprints and security patch levels (but apparently such may be required for some devices), but this IS an additional requirement for passing ctsProfile / SafetyNet.

    While passing 'basic attestation' (basicIntegrity) is out-of-scope for this module, passing ctsProfile is ALSO out-of-scope when a valid combination including build fingerprints and security patch levels is lacking.

    And contrary to the last suggestion above, @Didgeridoohan's MHPC GitHub home page states:
    If... the CTS profile check fails while basic integrity passes, that means MagiskHide is working on your device but Google doesn't recognise your device as being certified (if basic integrity fails there is generally nothing this module can do...).
    https://github.com/Magisk-Modules-R...ices-fingerprint-to-pass-the-ctsprofile-check

    The last statement should therefore read:

    "Use MagiskHide Props Config to spoof a certified (passing) fingerprint if you have trouble passing ctsProfile after enabling Riru, this module (USNF) and MagiskHide (in Magisk settings), and have passing basicIntegrity. This is a common issue on custom and uncertified stock (China etc) ROMs."

    Hope this helps / README.md can be made clearer. 😃 PW
    3
    GitHub link from OP:
    Android versions 7–12 are supported, including OEM skins such as Samsung One UI and MIUI. This is a Riru module, so Riru must be installed in order for it to work.
    https://github.com/kdrag0n/safetynet-fix#universal-safetynet-fix

    Releases:
    v2.1.1
    Latest release
    kdrag0n released this 18 days ago

    Changes
    Fixed under-display fingerprint on OnePlus devices (@osm0sis)
    ...

    v2.1.0
    kdrag0n released this 20 days ago

    Changes
    Fixed new SafetyNet CTS profile failures as of September 2, 2021
    Added MagiskHide features that will be removed in future versions of Magisk
    ...

    v2.0.0
    kdrag0n released this 27 days ago

    Changes
    Added support for heavy OEM skins (One UI, MIUI, etc.)
    Added support for Android 12 Beta 4 and future versions
    ...
    Android 12: Fixed face unlock on Pixel 4 series
    Added support for Android 7.0 and 7.1
    Rewritten as a Riru module

    ...

    v1.1.0

    kdrag0n released this on 14 Jan

    Changes
    Added support for Android 8.0, 8.1, 9, and 10
    Increased chances of passing SafetyNet on older devices
    https://github.com/kdrag0n/safetynet-fix/releases

    👍 PW
    2
    Running 2.1.1 on a Pixel 3XL. I have Magisk canary (which was updated last night) running currently with Riru module. MagiskHide is turned on. The canary notes mention that (as expected) hide is gone now. I didn't install when the notification showed up, but I suspect Magisk will move to stable without hide very quickly. Ignoring the update, but also wondering if anyone tried it. Did the Safetynet fix break, and does anyone have a method to fix if so. If not, any plans?
    There are a lot of mention about this in the general magisk thread https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/page-2432#post-85825005

    But be aware that you can't use riru and riru modules with newest canary magisk that use zygisk. So you can't use USNF 2.0 with it, until it gets rewritten to use zygisk instead of riru.


    For some devices there are still ways to pass saftey net, by using USNF 1 instead.

    I am passing saftey net fine with my oneplus 8T and latest magisk canary, but that device was never affected by googles latest server side changes.

    The steps I did was
    Enable agisk deny list for com.google.android.gms and com.google.android.gms.unstable
    Togheter with either
    UNSF 1.2.0
    or
    spoofing magisk hide props with MHPC (https://github.com/Magisk-Modules-R...README.md#setreset-magiskhide-sensitive-props)

    But that might not be enough for all devices in that case you might need to stay on stable magisk until this module is rewritten to use zygisk instead of riru.

    So either wait or try it out. You can always downgrade magisk again if needed.
  • 219
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    28
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    22
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    18
    v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍

    17
    Anyone who installs Riru, deserves everything that happens to them.

    Anyone who pays a clown for broken amateur hour nonsense, also deserves everything that happens to them.

    This project has dramatically veered into a wall, and the torrent of mockery that is sure to follow, is well deserved.
    You're way off, and have cited no proof!

    I'll mention what we know - with no citations either as these will no doubt be lost on you also. - It may help those facing issues however.

    This fix seems to be working well on all but some custom ROMs like Pixel Experience etc. that already manipulate props in custom utils; these will apparently need fixing by their devs internally, and @Displax has already supplied a needed commit on GitHub. This and other issues may in part be why official LineageOS and many other custom OS's don't manipulate / spoof etc as a matter of policy... And who knows?, dev may also find an external solution for this yet!

    Other custom ROM users should find this works fine, but will likely need to set a certified fingerprint in MagiskHide Props Config module in addition.

    Riru's inject into zygote ability allows USNF to be more powerful, eg to target only Google Play Services with changed props to trigger the needed fallback to basic attestation, and not make the change global, which is causing many issues for users of other fixes that change model props etc, such as loss of device / OEM specific functionality (Galaxy Store, backup solutions, camera functions etc etc).

    In any case, it seems Riru is just a stop-gap solution and that this dev will move to John's new Zygisk asap or practical.

    The dev, @kdrag0n has clearly invested much time and effort in these S/N fixes. Most have been using them for a good while for free and would be pretty much up the creek without a paddle w/o them. No-one made him supply them as Magisk modules for all either; They were originally developed for his Proton ROMs...

    The new 'early releases' for his Patreon supporters will clearly generate only token recompense for his effort, and have so far become public and free in short order in any case.

    If you took the time to check facts, you would discover that these fixes are not only the best of the bunch, but are professionally coded and avoid the issues of most if not all others. A boon for the modding community.

    @kdrag0n deserves accolades and thanks from any modders worth their salt... He has mine.

    Sorry if this seems like a torrent of retorts, but I think they are well deserved... and I ain't mocking...

    It would be big of you to take back your .......... words. PW