• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread
Sep 20, 2021
8
5
Ah, alright. Thanks for the heads up. I did find this post regarding the fingerprint issue, it also uses MSM. I'll give that a try. Thanks again!
Alright. I didn't even have to use MSM or do any factory reset. Following the steps of replacing the data and engineermode folders from a dumped persist.img restored my fingerprint. Huzzah!

I did install USNF 2.1.1 after it, now I know how to fix it. It didn't break my fingerprint this time.

So for anyone that might come across this error and this post in the future, following the instructions in the video provided in that post I linked regarding dumping persist, calibrating and replacing the data and engineermode worked for me.
 

creeve4

Senior Member
Jan 5, 2011
2,824
568
Bountiful
I found an unintended side affect of the new bypass methods introduced in 2.1.0: my Pixel is no longer recognized as a Pixel by Google Assistant and thus "Hey Google" is no longer available when the screen is off:

Screenshot_20210920-121626.png
 
  • Like
Reactions: osm0sis

osm0sis

Senior Recognized Developer / Contributor
Mar 14, 2012
14,814
33,488
Halifax
GT-i9250
Nexus 7 (2013)

Lu5ck

Senior Member
Dec 18, 2013
151
39
can someone tell me what this module suppose to do?
is it meant to change "Basic" to "hardware"?
if it is not showing as "hardware" in my magisk safetynet test, does it mean is not working?
 

eeeemc

Senior Member
Jan 12, 2011
132
13
Hardware attestation can't be fooled, but kdrag0n figured out how to make it fall back to basic, which can be fooled. That's what this module does.
My Samsung A71 is okay with success passed all requires field and in blue color.

However , on BANKING APPS are kicking me out say detecting device is rooted.

is there a recent solution to that please ? On shopping site in my region used to block me due to safetynet issue is now okay to enter those site but not when using BANKING APPS.

Thank you very much., edmond
 

EViollet

Senior Member
Aug 9, 2010
1,836
710
My Samsung A71 is okay with success passed all requires field and in blue color.

However , on BANKING APPS are kicking me out say detecting device is rooted.

is there a recent solution to that please ? On shopping site in my region used to block me due to safetynet issue is now okay to enter those site but not when using BANKING APPS.

Thank you very much., edmond
This may or may not work for you, but with the following modules installed, Samsung Pay is now working again on my watch:
  • Riru
  • Riru - Enhanced mode for Magisk hide
  • Universal Safety net fix
And, of course, hiding the Magisk app.
My phone is still triggering Momo, but at least i can correctly use my phone and watch again

Regards
 
  • Like
Reactions: eeeemc

eeeemc

Senior Member
Jan 12, 2011
132
13
This may or may not work for you, but with the following modules installed, Samsung Pay is now working again on my watch:
  • Riru
  • Riru - Enhanced mode for Magisk hide
  • Universal Safety net fix
And, of course, hiding the Magisk app.
My phone is still triggering Momo, but at least i can correctly use my phone and watch again

Regards
Thank you so much !!

I have all of them except " Riru - Enhanced mode for Magisk hide "

I can see with-in my Magisk Modules Riru - Enhanced mode for Storage Isolation., I search for it and no result to the one above.

Where I can separately download that Riru - Enhanced mode for Magisk hide ?

Thank you very much., edmond
 

EViollet

Senior Member
Aug 9, 2010
1,836
710
  • Like
Reactions: eeeemc

eeeemc

Senior Member
Jan 12, 2011
132
13
Done it ! ( without success )

Installed from internal storage follow by a device restart.

Riru - Enhanced mode for Magisk hide is in the modules list when device restart.

Click Magisk Hide + Hide te Magisk ( given it another apps name ) and yea I've put the BANKING APPS into the hide list.

BANKING APPS remain kicking me out, but safetynet form Magisk all passed.

nevermind as I will looking forward to any updates on safetynet fix.

Thanks again !!!
 

pndwal

Senior Member
Done it ! ( without success )

Installed from internal storage follow by a device restart.

Riru - Enhanced mode for Magisk hide is in the modules list when device restart.

Click Magisk Hide + Hide te Magisk ( given it another apps name ) and yea I've put the BANKING APPS into the hide list.

BANKING APPS remain kicking me out, but safetynet form Magisk all passed.

nevermind as I will looking forward to any updates on safetynet fix.

Thanks again !!!
Just in case you haven't cleared bank apps data, you need to do this after every failure / new countermeasure (eg added app to hidelist) is introduced.

... Also, you could give Riru-MomoHider a crack:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85125319 PW
 
Last edited:
  • Like
Reactions: EViollet

mwahahaa

Senior Member
Jun 27, 2015
133
21
Google Pixel 4a 5G
I am now passing safetynet basic but Netflix is still not showing up in the play store. I cleared data for both Netflix and Google Play store. Is there anything else I need to do?

Edit: nvm, Netflix is showing up again after a reboot.
 

sliding_billy

Senior Member
Apr 23, 2012
1,766
615
North Texas
The instructions have got pretty confused for me since 1.1.1 is working fine for me (every app including GPay) on Pixal 3XL and Pixel 3. I was going to update to 2.1.1 in advance of Android 12, until seeing that RIRU is a hard requirement. So, my questions are: 1) is the module even ready for A12, and is 1.1.1 specifically working with A12? If 1.1.1 is OK with A12, I have no need to upgrade to 2.1.1. If not, is 2.1.1 ready for A12, and what other modules are needed to install. Hopefully. the page 1 instructions will be updated if additional modules need added.
 

osm0sis

Senior Recognized Developer / Contributor
Mar 14, 2012
14,814
33,488
Halifax
GT-i9250
Nexus 7 (2013)
The instructions have got pretty confused for me since 1.1.1 is working fine for me (every app including GPay) on Pixal 3XL and Pixel 3. I was going to update to 2.1.1 in advance of Android 12, until seeing that RIRU is a hard requirement. So, my questions are: 1) is the module even ready for A12, and is 1.1.1 specifically working with A12? If 1.1.1 is OK with A12, I have no need to upgrade to 2.1.1. If not, is 2.1.1 ready for A12, and what other modules are needed to install. Hopefully. the page 1 instructions will be updated if additional modules need added.
Probably. No. No. Riru is the only requirement.
 
  • Like
Reactions: sliding_billy

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    I flashed this Magisk module on my OnePlus 5T running on Android 10 with Oxygen OS. I'm still not able to pass safetynet check. What should I do?
    OnePlus 5T and 6T are old enough that they do not need this module.
    They do not have the hardware to support hardware attestation

    Make sure MagiskHide is running.
    If it is on, toggle it off and on to restart it.

    Since you are running stock OxygenOS, MagiskHide is enough to pass SafetyNet.

    If you still have problems, it would be better to ask in the Magisk General Support / Discussion - xdaThread - Link

    Cheers. :cowboy:

    PS.
    I double checked on my 5T running OOS 10.0.1 ;)
    4
    Pull request is beyond me ATM, so I submitted as an issue... 😜 PW
    Login to GitHub, go to README, press edit, it'll do the rest for you pretty much.
    3
    GitHub link from OP:
    Android versions 7–12 are supported, including OEM skins such as Samsung One UI and MIUI. This is a Riru module, so Riru must be installed in order for it to work.
    https://github.com/kdrag0n/safetynet-fix#universal-safetynet-fix

    Releases:
    v2.1.1
    Latest release
    kdrag0n released this 18 days ago

    Changes
    Fixed under-display fingerprint on OnePlus devices (@osm0sis)
    ...

    v2.1.0
    kdrag0n released this 20 days ago

    Changes
    Fixed new SafetyNet CTS profile failures as of September 2, 2021
    Added MagiskHide features that will be removed in future versions of Magisk
    ...

    v2.0.0
    kdrag0n released this 27 days ago

    Changes
    Added support for heavy OEM skins (One UI, MIUI, etc.)
    Added support for Android 12 Beta 4 and future versions
    ...
    Android 12: Fixed face unlock on Pixel 4 series
    Added support for Android 7.0 and 7.1
    Rewritten as a Riru module

    ...

    v1.1.0

    kdrag0n released this on 14 Jan

    Changes
    Added support for Android 8.0, 8.1, 9, and 10
    Increased chances of passing SafetyNet on older devices
    https://github.com/kdrag0n/safetynet-fix/releases

    👍 PW
    3
    The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels. MagiskHide is required as a result.

    Passing basic attestation is out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Use MagiskHide Props Config to spoof your CTS profile if you have trouble passing basic attestation. This is a common issue on old devices and custom ROMs.
    https://github.com/kdrag0n/safetynet-fix#universal-safetynet-fix

    @kdrag0n, others -

    Just a heads up. - GitHub README.md is a bit misleading. 😜

    Devices passing basicIntegrity often lack a passing (certified) fingerprint (eg. my Mi Pad 4 w/ unofficial LOS 18.1), therefore 'basic attestation' (basicIntegrity) pass is NOT the only requirement to allow USNF to fix failed ctsProfile (work).

    Actually, 'basic attestation' (basicIntegrity) often does NOT require a valid combination including build fingerprints and security patch levels (but apparently such may be required for some devices), but this IS an additional requirement for passing ctsProfile / SafetyNet.

    While passing 'basic attestation' (basicIntegrity) is out-of-scope for this module, passing ctsProfile is ALSO out-of-scope when a valid combination including build fingerprints and security patch levels is lacking.

    And contrary to the last suggestion above, @Didgeridoohan's MHPC GitHub home page states:
    If... the CTS profile check fails while basic integrity passes, that means MagiskHide is working on your device but Google doesn't recognise your device as being certified (if basic integrity fails there is generally nothing this module can do...).
    https://github.com/Magisk-Modules-R...ices-fingerprint-to-pass-the-ctsprofile-check

    The last statement should therefore read:

    "Use MagiskHide Props Config to spoof a certified (passing) fingerprint if you have trouble passing ctsProfile after enabling Riru, this module (USNF) and MagiskHide (in Magisk settings), and have passing basicIntegrity. This is a common issue on custom and uncertified stock (China etc) ROMs."

    Hope this helps / README.md can be made clearer. 😃 PW
    3
    Hey @kdrag0n I noticed that your module breaks At a glance on Android 12 and it seems to mess up with Continued conversation and maybe other Google Assistant things. Can you please look into that? Thanks!
    Pretty sure he's already aware of the issue as it was mentioned on his GitHub issue tracker 3 days ago https://github.com/kdrag0n/safetynet-fix/issues/108. No response from OP yet on GitHub or XDA but I'm sure he's aware and brainstorming possible solutions. We might just need to wait a few more days.
  • 219
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    28
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    22
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    18
    v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍

    17
    Anyone who installs Riru, deserves everything that happens to them.

    Anyone who pays a clown for broken amateur hour nonsense, also deserves everything that happens to them.

    This project has dramatically veered into a wall, and the torrent of mockery that is sure to follow, is well deserved.
    You're way off, and have cited no proof!

    I'll mention what we know - with no citations either as these will no doubt be lost on you also. - It may help those facing issues however.

    This fix seems to be working well on all but some custom ROMs like Pixel Experience etc. that already manipulate props in custom utils; these will apparently need fixing by their devs internally, and @Displax has already supplied a needed commit on GitHub. This and other issues may in part be why official LineageOS and many other custom OS's don't manipulate / spoof etc as a matter of policy... And who knows?, dev may also find an external solution for this yet!

    Other custom ROM users should find this works fine, but will likely need to set a certified fingerprint in MagiskHide Props Config module in addition.

    Riru's inject into zygote ability allows USNF to be more powerful, eg to target only Google Play Services with changed props to trigger the needed fallback to basic attestation, and not make the change global, which is causing many issues for users of other fixes that change model props etc, such as loss of device / OEM specific functionality (Galaxy Store, backup solutions, camera functions etc etc).

    In any case, it seems Riru is just a stop-gap solution and that this dev will move to John's new Zygisk asap or practical.

    The dev, @kdrag0n has clearly invested much time and effort in these S/N fixes. Most have been using them for a good while for free and would be pretty much up the creek without a paddle w/o them. No-one made him supply them as Magisk modules for all either; They were originally developed for his Proton ROMs...

    The new 'early releases' for his Patreon supporters will clearly generate only token recompense for his effort, and have so far become public and free in short order in any case.

    If you took the time to check facts, you would discover that these fixes are not only the best of the bunch, but are professionally coded and avoid the issues of most if not all others. A boon for the modding community.

    @kdrag0n deserves accolades and thanks from any modders worth their salt... He has mine.

    Sorry if this seems like a torrent of retorts, but I think they are well deserved... and I ain't mocking...

    It would be big of you to take back your .......... words. PW