• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread

crok.bic

Senior Member
Dec 22, 2010
452
274
Debrecen
Added BDO in magiskhide. Renamed magisk app into something else. Rebooted. No dice.

BDO app refuses to work. What's different with your setup comapared to mine that you're able to make it run?

I used to "freeze" the hidden Magisk app, too.. works for me (you app does indirect discovery I guess). I "freeze" the hidden Magisk app with AirFrozen after I set up everything I wanted to be set up in Magisk and my banking app (myRaiffeisen Hungary) works. Here's my "method" I wrote on Xiaomi.EU forum.. I got the idea from Didgeridoohan's Magisk help page.
 
  • Like
Reactions: pndwal

pndwal

Senior Member
  • Like
Reactions: rhewins2268

Nikishek

Senior Member
May 24, 2007
81
18
pndwal:
Sorry, I have it somehow connected mainly with edXposed and LSPosed (which are only on Android 8 and later)
But anyway, in the first post of this forum is Android versions 8–11 are supported which is a bit confusing.
 

pndwal

Senior Member
Never fear, i did link the kiddie to my automatic modded version of Momo-Hider, here: https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/post-85630515

As well as linking to the HP of Momo-Hider (containing the manual method of adding those files) back a page in response to his original post

Yours,

Nigel :)
Ah, sure, but could help others reading / trying / thinking it does nothing when it does... 😐

I don't doubt the ability of mice like you to give computing / coding advice to the Arthur Dents of this world. (Like him we're all kiddies really.)

After all, any who've read the Guide to the Galaxy know that mice built the thing to compute what Ultimate question had originally been asked to result in Deep Thought's most satisfying conclusion: 42.

But I'm 30 billion times more intelligent than a live mattress and even I get a headache thinking about it...

I don't know why you Liked this, but I think you ought to know that for devices where Magisk does not reside in /sbin (eg. running Android 11) com.google.android.gms is needed in hidelist in addition to com.google.android.gms.unstable, and that I'm feeling very depressed.

I'm going now, to solve the major mathematical, physical, chemical, biological, sociological, philosophical, etymological, meteorological and psychological problems of the Universe, excepting my own, three times over, and compose a number of lullabies. I won't enjoy it.

Marvin ☹️
 
Last edited:
  • Like
  • Haha
Reactions: paul c and 73sydney

pndwal

Senior Member
pndwal:
Sorry, I have it somehow connected mainly with edXposed and LSPosed (which are only on Android 8 and later)
But anyway, in the first post of this forum is Android versions 8–11 are supported which is a bit confusing.
Still says "Universal SafetyNet Fix 1.1.0" too... Clearly OP doesn't update on XDA much and hasn't even announced later releases here.

His GitHub on the other hand seams to be an up-to-date source. PW
 

christantoan

Senior Member
Oct 9, 2015
215
93
OnePlus 3T
OnePlus 7 Pro
To those who are bored, can you try if you can prevent this banking app from detecting root? This banking app is the only one that's refusing to work on my device. Other banking apps work with just "magiskhiding" it. Some of my apps work if put them inside Island. Just this one app that refuses to work no matter what.

If you ever want to try "breaking" it to not detect root, the name of the app is BDO Digital Banking (by BDO Unibank, Inc.)
Disclaimer: I'm not (yet) using this module but interested in its development.

What works for me (until login screen) is using MagiskHide and (renaming TWRP folder in /sdcard OR using Storage Isolation on the app)
 
  • Like
Reactions: onoakino

onoakino

Senior Member
Sep 25, 2015
268
58
Manila
I used to "freeze" the hidden Magisk app, too.. works for me (you app does indirect discovery I guess). I "freeze" the hidden Magisk app with AirFrozen after I set up everything I wanted to be set up in Magisk and my banking app (myRaiffeisen Hungary) works. Here's my "method" I wrote on Xiaomi.EU forum.. I got the idea from Didgeridoohan's Magisk help page.
Thank you. I tried AirFrozen and it was able to freeze my renamed magisk app, but I get the same error, unfortunately.
 

Attachments

  • Screenshot_2021-09-15-22-13-05-971_www.mobile.bdo.com.ph.jpg
    Screenshot_2021-09-15-22-13-05-971_www.mobile.bdo.com.ph.jpg
    230.4 KB · Views: 52

onoakino

Senior Member
Sep 25, 2015
268
58
Manila
I used to "freeze" the hidden Magisk app, too.. works for me (you app does indirect discovery I guess). I "freeze" the hidden Magisk app with AirFrozen after I set up everything I wanted to be set up in Magisk and my banking app (myRaiffeisen Hungary) works. Here's my "method" I wrote on Xiaomi.EU forum.. I got the idea from Didgeridoohan's Magisk help page.
Thank you for this suggestion. I tried AirFrozen, but it didn't work. But I love how AirFrozen freezes (makes renamed magisk app disappear from system tray). Maybe this will work with other apps so I'll definitely try this in the future.
 

onoakino

Senior Member
Sep 25, 2015
268
58
Manila
Disclaimer: I'm not (yet) using this module but interested in its development.

What works for me (until login screen) is using MagiskHide and (renaming TWRP folder in /sdcard OR using Storage Isolation on the app)
Finally, this solved the issue for me!

What I did:

1. Added BDO app to magiskhide.
2. Added BDO to Storage Isolation

You are also correct in saying that as an alternative to #2, renaming the TWRP folder also does the trick.

Apparently, the app gets triggered when it "sees" TWRP folder on the sdcard and trips the "rooted, jailed, bootloader unlocked" stop error.

Thank you, @christantoan



ps:
@Chandru123
Thank you for the suggestion of upgrading to Alpha Magisk. I didn't try it because I am happy with Magisk 23 stable channel right now though. But thanks for the suggestion.
 

Attachments

  • Screenshot_2021-09-15-22-45-03-802_www.mobile.bdo.com.ph.jpg
    Screenshot_2021-09-15-22-45-03-802_www.mobile.bdo.com.ph.jpg
    183.5 KB · Views: 53

osm0sis

Senior Recognized Developer / Contributor
Mar 14, 2012
14,813
33,480
Halifax
GT-i9250
Nexus 7 (2013)
Only to try LSPosed / PrivacyLua solution, or petition ROM dev to merge commit linked here:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85580011 👍
That frameworks_base repo and commit are missing now, perhaps @Displax can repost somewhere using gist for just the example diff/patch? Then @kdrag0n might be interested in adding it to the USNF README as another "out of scope" example.

Edit: Actually, scratch that, looks like @kdrag0n will make a patch himself when he has time for ROM stuff next: https://github.com/kdrag0n/safetynet-fix/issues/88#issuecomment-917729677

Should still probably be linked in the README though, since there seem to be a lot of confused custom ROM users always asking for help...
 
Last edited:
  • Like
Reactions: pndwal

pndwal

Senior Member
That frameworks_base repo and commit are missing now, perhaps @Displax can repost somewhere using gist for just the example diff/patch? Then @kdrag0n might be interested in adding it to the USNF README as another "out of scope" example.

Edit: Actually, scratch that, looks like @kdrag0n will make a patch himself when he has time for ROM stuff next: https://github.com/kdrag0n/safetynet-fix/issues/88#issuecomment-917729677
Not sure this is actually referring to ROMs like PixelExperience (with "prebuilded utils, which manipulate the props values. Need to fix inside there").

He used to give two fairly comprehensive methods on main page for normal ROM Integration. Now there's just this:
https://github.com/kdrag0n/safetynet-fix#rom-integration with a note that "the following patches have not been updated for the new September 2 changes yet" and a link for old (January) Android 11 framework fix only. (A post there says to cherry pick the commit.)

Seems he just meant he'll update standard AOSP framework fixes (from old 1.x series non Riru solution) with his Proton ROM updates.

Some specific fix example for ROM devs manipulating props would still be useful...
Should still probably be linked in the README though, since there seem to be a lot of confused custom ROM users always asking for help...
Agree. PW
 
  • Like
Reactions: osm0sis

eNVy

Senior Member
Dec 11, 2010
347
98
Bangalore
OnePlus 5
Google Pixel 4a
Hi, I have a Pixel 4a with magisk stable v23 and safetneyfix v2.1.1.
SafetyNet is a success and I have hidden all of my banking apps and it is working fine.
I'm from India and there is one banking app (Axis Mobile) and it is able to detect root and thus I can't use the app.

Is anyone else facing the same issue. Were you able to fix it ?
Can anyone help in maybe some way I haven't thought of. (like: some people have suggested in the past having twrp folder can also cause root detection. PS: I don't have the folder.)
 

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    I flashed this Magisk module on my OnePlus 5T running on Android 10 with Oxygen OS. I'm still not able to pass safetynet check. What should I do?
    OnePlus 5T and 6T are old enough that they do not need this module.
    They do not have the hardware to support hardware attestation

    Make sure MagiskHide is running.
    If it is on, toggle it off and on to restart it.

    Since you are running stock OxygenOS, MagiskHide is enough to pass SafetyNet.

    If you still have problems, it would be better to ask in the Magisk General Support / Discussion - xdaThread - Link

    Cheers. :cowboy:

    PS.
    I double checked on my 5T running OOS 10.0.1 ;)
    4
    Pull request is beyond me ATM, so I submitted as an issue... 😜 PW
    Login to GitHub, go to README, press edit, it'll do the rest for you pretty much.
    3
    The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels. MagiskHide is required as a result.

    Passing basic attestation is out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Use MagiskHide Props Config to spoof your CTS profile if you have trouble passing basic attestation. This is a common issue on old devices and custom ROMs.
    https://github.com/kdrag0n/safetynet-fix#universal-safetynet-fix

    @kdrag0n, others -

    Just a heads up. - GitHub README.md is a bit misleading. 😜

    Devices passing basicIntegrity often lack a passing (certified) fingerprint (eg. my Mi Pad 4 w/ unofficial LOS 18.1), therefore 'basic attestation' (basicIntegrity) pass is NOT the only requirement to allow USNF to fix failed ctsProfile (work).

    Actually, 'basic attestation' (basicIntegrity) often does NOT require a valid combination including build fingerprints and security patch levels (but apparently such may be required for some devices), but this IS an additional requirement for passing ctsProfile / SafetyNet.

    While passing 'basic attestation' (basicIntegrity) is out-of-scope for this module, passing ctsProfile is ALSO out-of-scope when a valid combination including build fingerprints and security patch levels is lacking.

    And contrary to the last suggestion above, @Didgeridoohan's MHPC GitHub home page states:
    If... the CTS profile check fails while basic integrity passes, that means MagiskHide is working on your device but Google doesn't recognise your device as being certified (if basic integrity fails there is generally nothing this module can do...).
    https://github.com/Magisk-Modules-R...ices-fingerprint-to-pass-the-ctsprofile-check

    The last statement should therefore read:

    "Use MagiskHide Props Config to spoof a certified (passing) fingerprint if you have trouble passing ctsProfile after enabling Riru, this module (USNF) and MagiskHide (in Magisk settings), and have passing basicIntegrity. This is a common issue on custom and uncertified stock (China etc) ROMs."

    Hope this helps / README.md can be made clearer. 😃 PW
    3
    GitHub link from OP:
    Android versions 7–12 are supported, including OEM skins such as Samsung One UI and MIUI. This is a Riru module, so Riru must be installed in order for it to work.
    https://github.com/kdrag0n/safetynet-fix#universal-safetynet-fix

    Releases:
    v2.1.1
    Latest release
    kdrag0n released this 18 days ago

    Changes
    Fixed under-display fingerprint on OnePlus devices (@osm0sis)
    ...

    v2.1.0
    kdrag0n released this 20 days ago

    Changes
    Fixed new SafetyNet CTS profile failures as of September 2, 2021
    Added MagiskHide features that will be removed in future versions of Magisk
    ...

    v2.0.0
    kdrag0n released this 27 days ago

    Changes
    Added support for heavy OEM skins (One UI, MIUI, etc.)
    Added support for Android 12 Beta 4 and future versions
    ...
    Android 12: Fixed face unlock on Pixel 4 series
    Added support for Android 7.0 and 7.1
    Rewritten as a Riru module

    ...

    v1.1.0

    kdrag0n released this on 14 Jan

    Changes
    Added support for Android 8.0, 8.1, 9, and 10
    Increased chances of passing SafetyNet on older devices
    https://github.com/kdrag0n/safetynet-fix/releases

    👍 PW
    2
    https://github.com/kdrag0n/safetynet-fix#universal-safetynet-fix

    @kdrag0n, others -

    Just a heads up. - GitHub README.md is a bit misleading. 😜

    Devices passing basicIntegrity often lack a passing (certified) fingerprint (eg. my Mi Pad 4 w/ unofficial LOS 18.1), therefore 'basic attestation' (basicIntegrity) pass is NOT the only requirement to allow USNF to fix failed ctsProfile (work).

    Actually, 'basic attestation' (basicIntegrity) often does NOT require a valid combination including build fingerprints and security patch levels (but apparently such may be required for some devices), but this IS an additional requirement for passing ctsProfile / SafetyNet.

    While passing 'basic attestation' (basicIntegrity) is out-of-scope for this module, passing ctsProfile is ALSO out-of-scope when a valid combination including build fingerprints and security patch levels is lacking.

    And contrary to the last suggestion above, @Didgeridoohan's MHPC GitHub home page states:

    https://github.com/Magisk-Modules-R...ices-fingerprint-to-pass-the-ctsprofile-check

    The last statement should therefore read:

    "Use MagiskHide Props Config to spoof a certified (passing) fingerprint if you have trouble passing ctsProfile after enabling Riru, this module (USNF) and MagiskHide (in Magisk settings), and have passing basicIntegrity. This is a common issue on custom and uncertified stock (China etc) ROMs."

    Hope this helps / README.md can be made clearer. 😃 PW
    You should submit a Pull Request on GitHub to update the README. 👍
  • 219
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    28
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    22
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    18
    v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍

    17
    Anyone who installs Riru, deserves everything that happens to them.

    Anyone who pays a clown for broken amateur hour nonsense, also deserves everything that happens to them.

    This project has dramatically veered into a wall, and the torrent of mockery that is sure to follow, is well deserved.
    You're way off, and have cited no proof!

    I'll mention what we know - with no citations either as these will no doubt be lost on you also. - It may help those facing issues however.

    This fix seems to be working well on all but some custom ROMs like Pixel Experience etc. that already manipulate props in custom utils; these will apparently need fixing by their devs internally, and @Displax has already supplied a needed commit on GitHub. This and other issues may in part be why official LineageOS and many other custom OS's don't manipulate / spoof etc as a matter of policy... And who knows?, dev may also find an external solution for this yet!

    Other custom ROM users should find this works fine, but will likely need to set a certified fingerprint in MagiskHide Props Config module in addition.

    Riru's inject into zygote ability allows USNF to be more powerful, eg to target only Google Play Services with changed props to trigger the needed fallback to basic attestation, and not make the change global, which is causing many issues for users of other fixes that change model props etc, such as loss of device / OEM specific functionality (Galaxy Store, backup solutions, camera functions etc etc).

    In any case, it seems Riru is just a stop-gap solution and that this dev will move to John's new Zygisk asap or practical.

    The dev, @kdrag0n has clearly invested much time and effort in these S/N fixes. Most have been using them for a good while for free and would be pretty much up the creek without a paddle w/o them. No-one made him supply them as Magisk modules for all either; They were originally developed for his Proton ROMs...

    The new 'early releases' for his Patreon supporters will clearly generate only token recompense for his effort, and have so far become public and free in short order in any case.

    If you took the time to check facts, you would discover that these fixes are not only the best of the bunch, but are professionally coded and avoid the issues of most if not all others. A boon for the modding community.

    @kdrag0n deserves accolades and thanks from any modders worth their salt... He has mine.

    Sorry if this seems like a torrent of retorts, but I think they are well deserved... and I ain't mocking...

    It would be big of you to take back your .......... words. PW