• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread

Pippolepippa

Member
Sep 16, 2010
7
7
Hi guys, Samsung S10 here with stock rom. Discard the below and sorry for the noise. After installing the (paid) 2.0.0 version from @kdrag0n, I now pass both basicIntegrity and ctsProfile (with evalType BASIC).


I have tried both the xprivacylua route and the safetynetfix route (I actually have both at the moment).

I'm passing basicintegrity, have evalType=Basic (yeah!) but I'm failing ctsProfile.
 
Last edited:
  • Like
Reactions: pndwal

F308

Senior Member
Feb 25, 2013
357
57
EU
My LSPosed on Galaxy A41, Android 11, said it was not fully activated because it could not modify selinux configuration then xprivacylua neither worked.
BTW:
I observed the same behavior when I tried to change selinux status from terminal about 2 months ago, running command as root of course.

Still seeking for solution, reading XDA forum too.
 

pndwal

Senior Member
Hi guys, Samsung S10 here with stock rom. Discard the below and sorry for the noise. After installing the (paid) 2.0.0 version from @kdrag0n, I now pass both basicIntegrity and ctsProfile (with evalType BASIC).


I have tried both the xprivacylua route and the safetynetfix route (I actually have both at the moment).

I'm passing basicintegrity, have evalType=Basic (yeah!) but I'm failing ctsProfile.
Actually, I wondered if that may fix/help! Thanks for confirming.

I had seen XDA Editor in chiefs response to John Wu here:
www.twitter.com/topjohnwu/status/1433496852054216738
but wasn't sure, and didn't get a response...

Worth $6 USD!... Love to know if this is a universal fix...

Link for any interested:
https://kdrag0n.dev/patreon/safetynet-fix/v2.0.0?utm_source=github PW
 

lordmd

Member
Dec 30, 2017
8
3
For my POCO X3 Pro (EEA latest stock rom update) the method with XPrivacyLua worked fine. Showed the device as certified again - in play store.

Only for the safetynet check in Magisk Manager I needed (which I forgot first and it threw me still the failure) to also force stop (to make it restart) the play services.

I only blocked the tracking in XPrivacyLua. Also Netflix showing in play store. (I think I did not even get to see Netflix there - usually not checking this since I do not use Netflix - before ... when weeks ago the safety net check still worked.)

Since I already used Riru and LSPosed for other stuff - this was on big deal for me to add/change ... at my phone. Let's see what Google is trying next. (My banking software though ... did not even check safetynet. Hiding in MagiskHide was enough. So I still have some leeway ... only used 1 other software that made problem. From my public health insurance some app to store personal data about the health. And data protection laws in my country are very strict forcing them to do a lot of checks lol.)
 

Courtrick

Member
Dec 12, 2019
41
5
I'm on galaxy a71, magiskhide working until a few days ago but no longer works.

Tried downloading safetynet fix 2.0.0 but it didn't work

Currently passing basicIntegrity but not ctsProfile with eval type basic

does anyone have any idea on how to fix


fixed using device simulation
 
Last edited:

jumpers

Senior Member
Nov 11, 2010
274
46
31
Charleroi
Hi everyone,

i found nothing with the search function, but the search since XDA changed is board system is totaly weird, so i'm asking.

I'm running an Exynos Galaxy S10+ with Android 11 (oneUI 3.0), and i'm getting soft-reboots something like everyday since i have the fix installed.
the fix seems working for "safetynet checking apps", but those reboots are a bit annoying. (notification loss, randomness of those reboots, etc.)

is this a known issue ? and is there a workaround ? (it seems something that 2.0.0 fixes, because it's supporting heavy modified systems, but i'm not sure it's related to my reboots)

have a nice day.
 

Lord Sithek

Senior Member
Hi everyone,

i found nothing with the search function, but the search since XDA changed is board system is totaly weird, so i'm asking.

I'm running an Exynos Galaxy S10+ with Android 11 (oneUI 3.0), and i'm getting soft-reboots something like everyday since i have the fix installed.
the fix seems working for "safetynet checking apps", but those reboots are a bit annoying. (notification loss, randomness of those reboots, etc.)

is this a known issue ? and is there a workaround ? (it seems something that 2.0.0 fixes, because it's supporting heavy modified systems, but i'm not sure it's related to my reboots)

have a nice day.
Most probably I was facing the same on my Tab S5e. You need the variant with shiming keystore: https://github.com/kdrag0n/safetynet-fix/pull/13#issuecomment-767863635
 
  • Like
Reactions: Philnicolls89

Philnicolls89

Senior Member
Jun 28, 2019
654
289
32
A.C.T
Samsung Galaxy S10+
Hi everyone,

i found nothing with the search function, but the search since XDA changed is board system is totaly weird, so i'm asking.

I'm running an Exynos Galaxy S10+ with Android 11 (oneUI 3.0), and i'm getting soft-reboots something like everyday since i have the fix installed.
the fix seems working for "safetynet checking apps", but those reboots are a bit annoying. (notification loss, randomness of those reboots, etc.)

is this a known issue ? and is there a workaround ? (it seems something that 2.0.0 fixes, because it's supporting heavy modified systems, but i'm not sure it's related to my reboots)

have a nice day.
Here is the shim variant that I use for my s10+, is working fine with no random reboots or other issues.
 

Attachments

  • safetynet-fix-shim-MOD.zip
    96.6 KB · Views: 110
  • Like
Reactions: Lord Sithek

InsaneMF

Member
Jan 6, 2014
41
12
Gliwice
Redmi 9 Power
Redmi 9T (lime), Android 11, Miui 12.6 (xiaomi.eu 21.9.1)

Unfortunately, SafetyNet doesn't go through (API error).
Both the safetynet-fix-shim-MOD.zip method and the Telegram method do not work. The only thing that remains is waiting.
 

pndwal

Senior Member
Right, I forgot we need a modded version to pass SN right now
To be precise however, seems 'we' don't.

Some (like me; RN8T, & Mi Pad 4,) are still unaffected with previous measures only.

Those with the issue report a number of fixes incl XPrivacyLua method, latest 'early release' USNF module (weeks or so old now, and not created specifically for this Google change) and various methods of altering one or more of the several model props to cause the fallback to basic attestation (the modded USNF modules were simply created as a convenient single-fix solution for many, but old USNF still works when combined with old HardwareOff module, MHPC module configured to Force Basic attestation (seems that's actually what's needed despite it being "under-the-hood" use of Hardware attestation that occurs despite evalType = Basic) or for Device Simulation or simply set to 'delete' ro.product.model prop, or a simple boot script applied.

So really there's a arsenal of fixes aside from modded versions of this (USNF) module. 😜

Various alternatives (w/ links) here:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85582201 🤠 PW
 
Last edited:

jumpers

Senior Member
Nov 11, 2010
274
46
31
Charleroi

InsaneMF

Member
Jan 6, 2014
41
12
Gliwice
Redmi 9 Power
Thats not a fail...

If evalType = N/A, check your internet / network access, firewalls, adblocker etc. 😜 PW
I do not know what's wrong.

Installs a fresh ROM (clean install). I enable developer options and install Magisk. Nothing seems to be blocking.
Access to WiFi and GSM network is available, I do not use firewall and adblocker. Nothing else is installed on the system so far, even no configured accounts.

I will keep trying .... Thanks a lot for the response (y)
 

pndwal

Senior Member
I do not know what's wrong.

Installs a fresh ROM (clean install). I enable developer options and install Magisk. Nothing seems to be blocking.
Access to WiFi and GSM network is available, I do not use firewall and adblocker. Nothing else is installed on the system so far, even no configured accounts.

I will keep trying .... Thanks a lot for the response (y)
Have you tried w/ WiFi off to use mobile network data? (Could be a WiFi network setting.) PW
 
  • Like
Reactions: InsaneMF

Phil21185

New member
Jun 10, 2018
2
1
logged in from an ancient account to say that the paid version of kdrag0n's module worked fine for me, when other methods didnt (xprivacylua, etc)

S10e, android 9, unlokced bootload, magisk.

Edit: Scratch that - removed riru and xprivacylua and SN reverts to hardware and fails CTS. funny how it wouldnt pass without USNF though.

EDIT edit: Thats because im dumb and it needs riru to work. Facepalm...


Edit #3: now my Hlaifax app wont work. All other banking apps are fine, and this one was before I started, wiht MagiskHide active on the Halifax app, but Manager itself not hidden. I did update manager to the latest version though...?
 
Last edited:
  • Like
Reactions: pndwal

Top Liked Posts

  • There are no posts matching your filters.
  • 9
    i don't understand which is why i ask
    can explain it like...erm....i'm 5?
    Hardware attestation can't be fooled, but kdrag0n figured out how to make it fall back to basic, which can be fooled. That's what this module does.
    7
    Wasn't aware of any Updates. Would be nice to get an Updated Thread Title from time to time...
    4
    I flashed this Magisk module on my OnePlus 5T running on Android 10 with Oxygen OS. I'm still not able to pass safetynet check. What should I do?
    OnePlus 5T and 6T are old enough that they do not need this module.
    They do not have the hardware to support hardware attestation

    Make sure MagiskHide is running.
    If it is on, toggle it off and on to restart it.

    Since you are running stock OxygenOS, MagiskHide is enough to pass SafetyNet.

    If you still have problems, it would be better to ask in the Magisk General Support / Discussion - xdaThread - Link

    Cheers. :cowboy:

    PS.
    I double checked on my 5T running OOS 10.0.1 ;)
    4
    Pull request is beyond me ATM, so I submitted as an issue... 😜 PW
    Login to GitHub, go to README, press edit, it'll do the rest for you pretty much.
    3
    Ah, alright. Thanks for the heads up. I did find this post regarding the fingerprint issue, it also uses MSM. I'll give that a try. Thanks again!
    Alright. I didn't even have to use MSM or do any factory reset. Following the steps of replacing the data and engineermode folders from a dumped persist.img restored my fingerprint. Huzzah!

    I did install USNF 2.1.1 after it, now I know how to fix it. It didn't break my fingerprint this time.

    So for anyone that might come across this error and this post in the future, following the instructions in the video provided in that post I linked regarding dumping persist, calibrating and replacing the data and engineermode worked for me.
  • 216
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    28
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    22
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    18
    v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍

    17
    Anyone who installs Riru, deserves everything that happens to them.

    Anyone who pays a clown for broken amateur hour nonsense, also deserves everything that happens to them.

    This project has dramatically veered into a wall, and the torrent of mockery that is sure to follow, is well deserved.
    You're way off, and have cited no proof!

    I'll mention what we know - with no citations either as these will no doubt be lost on you also. - It may help those facing issues however.

    This fix seems to be working well on all but some custom ROMs like Pixel Experience etc. that already manipulate props in custom utils; these will apparently need fixing by their devs internally, and @Displax has already supplied a needed commit on GitHub. This and other issues may in part be why official LineageOS and many other custom OS's don't manipulate / spoof etc as a matter of policy... And who knows?, dev may also find an external solution for this yet!

    Other custom ROM users should find this works fine, but will likely need to set a certified fingerprint in MagiskHide Props Config module in addition.

    Riru's inject into zygote ability allows USNF to be more powerful, eg to target only Google Play Services with changed props to trigger the needed fallback to basic attestation, and not make the change global, which is causing many issues for users of other fixes that change model props etc, such as loss of device / OEM specific functionality (Galaxy Store, backup solutions, camera functions etc etc).

    In any case, it seems Riru is just a stop-gap solution and that this dev will move to John's new Zygisk asap or practical.

    The dev, @kdrag0n has clearly invested much time and effort in these S/N fixes. Most have been using them for a good while for free and would be pretty much up the creek without a paddle w/o them. No-one made him supply them as Magisk modules for all either; They were originally developed for his Proton ROMs...

    The new 'early releases' for his Patreon supporters will clearly generate only token recompense for his effort, and have so far become public and free in short order in any case.

    If you took the time to check facts, you would discover that these fixes are not only the best of the bunch, but are professionally coded and avoid the issues of most if not all others. A boon for the modding community.

    @kdrag0n deserves accolades and thanks from any modders worth their salt... He has mine.

    Sorry if this seems like a torrent of retorts, but I think they are well deserved... and I ain't mocking...

    It would be big of you to take back your .......... words. PW