• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread

osm0sis

Senior Recognized Developer / Contributor
Mar 14, 2012
14,801
33,446
Halifax
GT-i9250
Nexus 7 (2013)
v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍

 

Fif_

Senior Member
Jun 5, 2013
1,104
1,135
Google Nexus 10
Google Nexus 4
v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍

While it makes SN pass on a OnePlus 8T running OOS 11.0.10.10, it breaks the fingerprint sensor with "hardware is temporarily unavailable" shown on the lock screen.
So sticking with just resetprop ro.product.model KB2005_SN for now.
 

osm0sis

Senior Recognized Developer / Contributor
Mar 14, 2012
14,801
33,446
Halifax
GT-i9250
Nexus 7 (2013)
While it makes SN pass on a OnePlus 8T running OOS 11.0.10.10, it breaks the fingerprint sensor with "hardware is temporarily unavailable" shown on the lock screen.
So sticking with just resetprop ro.product.model KB2005_SN for now.
😉
 

Fif_

Senior Member
Jun 5, 2013
1,104
1,135
Google Nexus 10
Google Nexus 4
  • Like
Reactions: osm0sis

vladigg

Member
Nov 21, 2010
11
4
Hi, I install ver. 2.1.0 and riru only in magisk 23. Safetynet check in magisk pass basic. Google Play in about tell me is certifed device, but Google pay not work with contactless card. Other bank app tell me the device is rooted
Screenshot_2021-09-14-09-46-46-450_lleo.hd.wso.t.jpg
Screenshot_2021-09-14-09-47-13-220_com.android.vending.jpg
Screenshot_2021-09-14-09-46-59-631_lleo.hd.wso.t.jpg
Screenshot_2021-09-14-09-45-11-281_com.google.android.gms.jpg
 

73sydney

Senior Member
Jul 21, 2018
1,892
1,651
Sydney
Google Pixel 2 XL
Hi, I install ver. 2.1.0 and riru only in magisk 23. Safetynet check in magisk pass basic. Google Play in about tell me is certifed device, but Google pay not work with contactless card. Other bank app tell me the device is rooted

I would suggest trying Riru-Momohider

from here:


or for even easier automatic setup, my mod of it here (attached to post):


Note: You *may* want/need to clear data of Google Play afterwards (be aware that this will remove cards/loyalty cards)
 
  • Like
Reactions: ghoulie

73sydney

Senior Member
Jul 21, 2018
1,892
1,651
Sydney
Google Pixel 2 XL
And if that had happened before now, the code review could have happened sooner, and patches &etc could have been tested.

My number one concern here is that Riru is a vector for unwanted payloads, and so it is *vital* that the code is properly audited by many eyes - PRIOR TO ANY RELEASE WHATSOEVER.

There are actually also concerns that the release model being applied here is in direct contravention of the terms of service at Github, before we even get into anything else.

I have no problem with rewarding ingenuity, but this model of "Access to Pre-releases for Patrons" is troubling, to say the least.

Reasonable people would realise that these are legitimate concerns. And if the language is robust, then perhaps it is required, to wake people from their slumber.

Take your conspiracy poison elsewhere, please and thank you

No one is interested
 

vladigg

Member
Nov 21, 2010
11
4
I would suggest trying Riru-Momohider

from here:


or for even easier automatic setup, my mod of it here (attached to post):


Note: You *may* want/need to clear data of Google Play afterwards (be aware that this will remove cards/loyalty cards)
Hi, thank you for your answer, I try installing this module via magisk, clear google play all data and google pay all data, but same error., also my banking app A1 Wallet recognize my phone is rooted
 

osm0sis

Senior Recognized Developer / Contributor
Mar 14, 2012
14,801
33,446
Halifax
GT-i9250
Nexus 7 (2013)
Hi, I install ver. 2.1.0 and riru only in magisk 23. Safetynet check in magisk pass basic. Google Play in about tell me is certifed device, but Google pay not work with contactless card. Other bank app tell me the device is rooted

You need to force stop and clear all data on Play Services, Play Store and Pay, then all will work again once you set it up.

Can confirm that latest version breaks fingerprint reader for me on OP7T 11.0.3.1

Does that mean it will work in a later version? I can't tell if that post just mentions the issue or resolves it.

Should do - pull request contains solution but requires reviews etc, however my hunch is the OP may push a build with a fix quickly due to issue found... Here's hoping! PW

While we wait for @kdrag0n to merge my PR, I developed and tested it on my 8T with OOS and it's working well, so you can download my updated service.sh and system.prop from my PR GitHub and update the v2.1.0 files in /data/adb/modules/safetynet-fix to get it working in the meantime.

Simply "View file" then "View raw" to download from here: https://github.com/kdrag0n/safetynet-fix/pull/90/files

...

Riru hooks zygote, Magisk will directly replace Riru soon too with Zygisk, and there will always be tinfoil hatted people about stuff like that, probably best to ignore them going forward.

Open source and code review is good, especially for things that hook this deeply, but a developer can also build up trust and keep such things closed, for example Chainfire and SuperSU. kdrag0n's credentials are solid as a ROM, kernel and mod developer in my opinion, so there shouldn't be any worry, especially where this isn't actually closed.

Some people are just anti-closed source and will freak out, but the early pre-release sponsored testers scheme here isn't overly problematic. I mean, think it through.. It wouldn't be a very solid business model to identity theft or Bitcoin mine only your private paid sponsors/testers then release a clean free version publicly. 🙄😄
 
Last edited:

73sydney

Senior Member
Jul 21, 2018
1,892
1,651
Sydney
Google Pixel 2 XL
Hi, thank you for your answer, I try installing this module via magisk, clear google play all data and google pay all data, but same error., also my banking app A1 Wallet recognize my phone is rooted
MomoHide is usually a easy way to try and get around those issue’s and is what i use for both my banking and GPay issues, though sadly it doesnt work for everyone, but requires the least amount of addons and fiddling when it works

Perhaps i assumed you had already done the following, i assume *some* are already done to pass SN:

1) toggle magiskhide on

2) added com.google.android.gms.unstable to Magiskhide list

in new magisk needed to do via root terminal prompt from what i remember:

Code:
magiskhide add com.google.android.gms.unstable

3) add banking app to MagiskHide list (if youre at the root terminal from last command):
Code:
magiskhide add bg.a1.wallet

4) Hide (rename) magisk app (from Settings menu)

5) Reboot

6) Clear data of Google Pay, Google Play, Google Play Services and A1 Wallet and retest.

Failing this you might want to look into Riru-Lsposed and XprivacyLUA

Riru - Lsposed: https://github.com/LSPosed/LSPosed/releases/latest
XprivacyLUA: https://repo.xposed.info/module/eu.faircode.xlua

1) Install Riru-Lsposed
2) Reboot
3) Install XprivacyLUA
4) Reboot
5) Open XprivacyLUA, locate A1 Wallet and tick Get Applications
6) Test

I believe thats the general method, others may care to add with better knowledge

Id like to tell you there was a 100% single solution for everyone...ironically i had to go through the riru-lsposed method a couple of months ago before i found the riru- momohider method worked for me :)

Sadly i couldnt test A1 Wallet from here, i got as far as the first screen where it wants a telephone number...my country (Australia) not even supported :)
 
Last edited:

Top Liked Posts

  • 4
    I flashed this Magisk module on my OnePlus 5T running on Android 10 with Oxygen OS. I'm still not able to pass safetynet check. What should I do?
    OnePlus 5T and 6T are old enough that they do not need this module.
    They do not have the hardware to support hardware attestation

    Make sure MagiskHide is running.
    If it is on, toggle it off and on to restart it.

    Since you are running stock OxygenOS, MagiskHide is enough to pass SafetyNet.

    If you still have problems, it would be better to ask in the Magisk General Support / Discussion - xdaThread - Link

    Cheers. :cowboy:

    PS.
    I double checked on my 5T running OOS 10.0.1 ;)
    1
    My Samsung A71 get passed all safertynet check also showing "BLUE" pass.

    But when going into my Local Bank Apps, apps warn & kick me out saying detected device is rooted.

    Needless to say , I made all necessary procedures such as TERMUX su -props choose Nexus 6P ..... Magisk Module Riru and others all installed relate to safetynet stuffs...... every steep between restart device...... finally Magisk Hide , give it another name instead of Magisk Manager .... hide all Banking apps.

    Appreciate if any member shed some light on solution.

    Thank you very much., edmond.

    Are you running on the latest SafetyNet fix? And have you tried adding the banking app(s) itself in LSPosed/Xprivacy and block tracking (important). Some banking apps have become smarter in detecting unlocked/rooted device, it's not enough to have a SafetyNet pass.

    Also, some apps have started registering the SSAID assigned to the app and banning your device. The good news is, with root access, you can spoof it and "un-ban" yourself easily.

    The above has helped me pass all banking apps that were able to detect me.
    1
    Are you running on the latest SafetyNet fix? And have you tried adding the banking app(s) itself in LSPosed/Xprivacy and block tracking (important). Some banking apps have become smarter in detecting unlocked/rooted device, it's not enough to have a SafetyNet pass.

    Also, some apps have started registering the SSAID assigned to the app and banning your device. The good news is, with root access, you can spoof it and "un-ban" yourself easily.

    The above has helped me pass all banking apps that were able to detect me.
    Genius !!!

    Thank you for solving my problem since several bothering me.

    The main causes as I noticed was as you said :

    tried adding the banking app(s) itself in LSPosed/Xprivacy and block tracking (important)

    My Banking Apps are up & running now right after applying to above procedure.
  • 9
    i don't understand which is why i ask
    can explain it like...erm....i'm 5?
    Hardware attestation can't be fooled, but kdrag0n figured out how to make it fall back to basic, which can be fooled. That's what this module does.
    7
    Wasn't aware of any Updates. Would be nice to get an Updated Thread Title from time to time...
    5
    That frameworks_base repo and commit are missing now, perhaps @Displax can repost somewhere using gist for just the example diff/patch?
    Already merged, actually: https://github.com/PixelExperience/frameworks_base/commit/993e10547c7329657e48610c5a10cb99943b13c7
    4
    Everything works except Gpay
    Poco X3 NFC
    Do I need to take some settings in one of the modules?
    Or should it work ootb?

    Google Pay - Usual fix:

    Toggle airplane mode on
    Clear data of Google Pay, Google Play, Google Play Services
    Reboot
    Toggle airplane mode back off
    Wait 5 minutes for store to recertify

    Still not working?

    Remove card and readd
    4
    Pull request is beyond me ATM, so I submitted as an issue... 😜 PW
    Login to GitHub, go to README, press edit, it'll do the rest for you pretty much.
  • 216
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    28
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    22
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    18
    v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍

    17
    Anyone who installs Riru, deserves everything that happens to them.

    Anyone who pays a clown for broken amateur hour nonsense, also deserves everything that happens to them.

    This project has dramatically veered into a wall, and the torrent of mockery that is sure to follow, is well deserved.
    You're way off, and have cited no proof!

    I'll mention what we know - with no citations either as these will no doubt be lost on you also. - It may help those facing issues however.

    This fix seems to be working well on all but some custom ROMs like Pixel Experience etc. that already manipulate props in custom utils; these will apparently need fixing by their devs internally, and @Displax has already supplied a needed commit on GitHub. This and other issues may in part be why official LineageOS and many other custom OS's don't manipulate / spoof etc as a matter of policy... And who knows?, dev may also find an external solution for this yet!

    Other custom ROM users should find this works fine, but will likely need to set a certified fingerprint in MagiskHide Props Config module in addition.

    Riru's inject into zygote ability allows USNF to be more powerful, eg to target only Google Play Services with changed props to trigger the needed fallback to basic attestation, and not make the change global, which is causing many issues for users of other fixes that change model props etc, such as loss of device / OEM specific functionality (Galaxy Store, backup solutions, camera functions etc etc).

    In any case, it seems Riru is just a stop-gap solution and that this dev will move to John's new Zygisk asap or practical.

    The dev, @kdrag0n has clearly invested much time and effort in these S/N fixes. Most have been using them for a good while for free and would be pretty much up the creek without a paddle w/o them. No-one made him supply them as Magisk modules for all either; They were originally developed for his Proton ROMs...

    The new 'early releases' for his Patreon supporters will clearly generate only token recompense for his effort, and have so far become public and free in short order in any case.

    If you took the time to check facts, you would discover that these fixes are not only the best of the bunch, but are professionally coded and avoid the issues of most if not all others. A boon for the modding community.

    @kdrag0n deserves accolades and thanks from any modders worth their salt... He has mine.

    Sorry if this seems like a torrent of retorts, but I think they are well deserved... and I ain't mocking...

    It would be big of you to take back your .......... words. PW