• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread

masamunecyrus

Member
Jan 12, 2012
31
35
Hello,

I wasn't even aware this thread existed, otherwise I'd have posted here.

Anyways, when enabled together with Google Assistant's "Hey Google" feature, Universal SafetyNet Fix 2.1.1 is causing a microphone bug on Pixel 5s where everything recorded by the microphone is affected by a ~7.5k kHz low pass filter.

See this reddit thread I posted for images and a video.
reddit.com/r/GooglePixel/comments/q5rqrg/psa_universal_safetynet_fix_currently_causes_bad/

This is on a freshly factory reset October 2021 stock ROM with nothing but Magisk v23, Riru, and USNF 2.1.1.
 
  • Like
Reactions: pndwal and osm0sis

pndwal

Senior Member
Hello,

I wasn't even aware this thread existed, otherwise I'd have posted here.

Anyways, when enabled together with Google Assistant's "Hey Google" feature, Universal SafetyNet Fix 2.1.1 is causing a microphone bug on Pixel 5s where everything recorded by the microphone is affected by a ~7.5k kHz low pass filter.

See this reddit thread I posted for images and a video.
reddit.com/r/GooglePixel/comments/q5rqrg/psa_universal_safetynet_fix_currently_causes_bad/

This is on a freshly factory reset October 2021 stock ROM with nothing but Magisk v23, Riru, and USNF 2.1.1.
Good diagnosis.

Suggest you open an issue on USNF GitHub for @kdrag0n's attention. Link in OP here. 👍 PW
 
  • Like
Reactions: osm0sis

Slowking

Member
Jul 26, 2011
43
11
Am I supposed to see a difference with this in Magisk's Safetynet check?
With or without it I get:

Success!
---
basicIntegrity: check
ctsProfile: check
evalType: BASIC

Basically everything works but NFC in Google pay doesn't.
So should I be seeing something else and could this be the problem with Google Pay or do I have to look somewhere else?

Edit: I think I understand now that this is actually just meant to force basic authentication instead of hardware authentication. It's quite possible that the rom I'm using has it already included.
What helped me fix google Pay was this post: https://forum.xda-developers.com/t/...cussion-thread.3906703/page-120#post-85633343
 
Last edited:

archz2

Senior Member
Jan 25, 2013
284
43
New Delhi
I flashed this Magisk module on my OnePlus 5T running on Android 10 with Oxygen OS. I'm still not able to pass safetynet check. What should I do?
 

ipdev

Recognized Contributor
Feb 14, 2016
1,609
1
2,158
Google Nexus 10
Nexus 7 (2013)
I flashed this Magisk module on my OnePlus 5T running on Android 10 with Oxygen OS. I'm still not able to pass safetynet check. What should I do?
OnePlus 5T and 6T are old enough that they do not need this module.
They do not have the hardware to support hardware attestation

Make sure MagiskHide is running.
If it is on, toggle it off and on to restart it.

Since you are running stock OxygenOS, MagiskHide is enough to pass SafetyNet.

If you still have problems, it would be better to ask in the Magisk General Support / Discussion - xdaThread - Link

Cheers. :cowboy:

PS.
I double checked on my 5T running OOS 10.0.1 ;)
 
Last edited:

eeeemc

Senior Member
Jan 12, 2011
135
14
My Samsung A71 get passed all safertynet check also showing "BLUE" pass.

But when going into my Local Bank Apps, apps warn & kick me out saying detected device is rooted.

Needless to say , I made all necessary procedures such as TERMUX su -props choose Nexus 6P ..... Magisk Module Riru and others all installed relate to safetynet stuffs...... every steep between restart device...... finally Magisk Hide , give it another name instead of Magisk Manager .... hide all Banking apps.

Appreciate if any member shed some light on solution.

Thank you very much., edmond.
 

Andrologic

Senior Member
Apr 29, 2016
182
1
79
Huawei Mate 20 X
ASUS ROG Phone 3
My Samsung A71 get passed all safertynet check also showing "BLUE" pass.

But when going into my Local Bank Apps, apps warn & kick me out saying detected device is rooted.

Needless to say , I made all necessary procedures such as TERMUX su -props choose Nexus 6P ..... Magisk Module Riru and others all installed relate to safetynet stuffs...... every steep between restart device...... finally Magisk Hide , give it another name instead of Magisk Manager .... hide all Banking apps.

Appreciate if any member shed some light on solution.

Thank you very much., edmond.

Are you running on the latest SafetyNet fix? And have you tried adding the banking app(s) itself in LSPosed/Xprivacy and block tracking (important). Some banking apps have become smarter in detecting unlocked/rooted device, it's not enough to have a SafetyNet pass.

Also, some apps have started registering the SSAID assigned to the app and banning your device. The good news is, with root access, you can spoof it and "un-ban" yourself easily.

The above has helped me pass all banking apps that were able to detect me.
 

eeeemc

Senior Member
Jan 12, 2011
135
14
Are you running on the latest SafetyNet fix? And have you tried adding the banking app(s) itself in LSPosed/Xprivacy and block tracking (important). Some banking apps have become smarter in detecting unlocked/rooted device, it's not enough to have a SafetyNet pass.

Also, some apps have started registering the SSAID assigned to the app and banning your device. The good news is, with root access, you can spoof it and "un-ban" yourself easily.

The above has helped me pass all banking apps that were able to detect me.
Genius !!!

Thank you for solving my problem since several bothering me.

The main causes as I noticed was as you said :

tried adding the banking app(s) itself in LSPosed/Xprivacy and block tracking (important)

My Banking Apps are up & running now right after applying to above procedure.
 
  • Like
Reactions: Andrologic

archz2

Senior Member
Jan 25, 2013
284
43
New Delhi
OnePlus 5T and 6T are old enough that they do not need this module.
They do not have the hardware to support hardware attestation

Make sure MagiskHide is running.
If it is on, toggle it off and on to restart it.

Since you are running stock OxygenOS, MagiskHide is enough to pass SafetyNet.

If you still have problems, it would be better to ask in the Magisk General Support / Discussion - xdaThread - Link

Cheers. :cowboy:

PS.
I double checked on my 5T running OOS 10.0.1 ;)
Thanks. I have always had magiskhide running. I toggled it off and then on. Still facing the same trouble. Could it be that I have also installed edexposed on my phone?

I'll create a post in the thread link you've posted also.
 
  • Like
Reactions: ipdev

Top Liked Posts

  • There are no posts matching your filters.
  • 13
    Here I am, again. Some more cleaning of the thread was necessary.

    I'm only say this once: do not start any drama in the thread.

    users that do not want to or are not capable of paying what the pre-releases cost should just sit tight and wait. Until the pre-release becomes public (usually within a few weeks) whomever doesn't have/want access to it will have to use the currently publicly available releases. That might mean you need to use experimental releases of Magisk (of which there are a few), or the latest stable official Magisk release. Or you just suck it up and wait.

    That's it. It's that simple.

    No more drama or discussion of what is or isn't warez will be tolerated.

    Have a great day.
    10
    Hi everyone. A general announcement requires your attention:

    Let me direct your attention to the form rules, and in particular rule #6:
    If a piece of software requires you to pay to use it, then pay for it.

    There's currently a pre-release of USNF, available for @kdrag0n's Patreon supporters. It'll most likely eventually make it's way to the general public, like all the previous releases, but until then it requires you to pay... It might take a week, it might take a month, but the important part is that if you can't/won't pay for the software you wait and use the releases that are currently available to you.

    End of story.

    If you have anything to add or any questions my inbox is always open.

    Best regards
    Didgeridoohan
    Senior Moderator/Developer Committee/Developer Relations
    7
    When will the latest versions be released to GitHub?

    I thought 1 week of paid-only downloads was the standard.

    Dev Rule #1 :

    Never ask for an ETA
    6
    Sadly, I've now managed to install both the Riru module and Universal SafetyNet Fix module, and even with both working, my phone doesn't pass either stage of the SafetyNet test built into Magisk. So weird... I feel like I'm missing something really obvious here, but I've tried everything suggested so far, without luck.

    Interesting, that about Canary. Doesn't sound too enticing to me - I'm far too much of a non-techie user to be dwelling into a basically alpha program. Maybe if it turns out to be the only chance I have to pass SN, I could give it a try... But I'd much rather stay in regular Magisk for now, tbh.

    And yeah, I imagined it had something to do with Google updating SN or something like that. And yes, sadly, one of the main things I was reading up on is how the "root scene", or at least the root-hiding scene, is coming to an abrupt ending with these hardware verification methods, and now Magisk creator going over to the "dark side" and working with the enemy. Sad times, I guess.

    I know for a fact, though, that Magisk is working (or should be working) right now, and I'd love to use it as long as I possibly can...
    Must say I completely disagree with your assessment of John's current employer as 'the dark side' / 'the enemy'... His previous appointment was with Apple.... I suppose they're the light side / our friends in your book? 😝😜😬

    I could argue Google are our benefactors, building in easy unlocking / modifying ability (that only certain manufacturers circumvent), and even knowingly allowing modding community (which their reps even describe as 'White Hat') to 'subvert their security model' and bypass SafetyNet until now... (Does the competition do this?) but sure, patching this obvious 'hole' is clearly on the agenda (to thwart 'black Hat' crooks / hackers / thieves / scammers / swindlers / fraudsters...), only it seems because their corporate partners (many having their own requirements as GPay & Samsung Pay partners for example) are demanding it & G risks loosing market share to their major competitor... and they have already...

    I've mentioned before that many government / security concious entities already ban Android devices at work and often purchase / issue iPhones as a security measure... I think we just need to 'get real' here... I don't believe G will suddenly become anti-root anytime soon however...

    Android will likely remain the only competitive out-of-the-box mod-able platform for some time despite tightening attestation to TEE (which really only safeguards proprietary software / interests), and this is largely thanks to Google and the Open Handset Alience they established having an inclusive vision re. custom mods incl many open source projects... They create all the major milestones that make Android what it is / keeps it innovative, usually in closed-shop builds for their own flagship devices before releasing AOSP code...

    Xiaomi then takes this vanilla experience and gives you Mocha MIUI which you loathe having developed Sudden Chocolate Taste Aversion, so you tip the mug out and fill it with a more pure AOSP experience again... courtesy of...
    ...
    GOOGLE!

    Want more detail? Here:
    https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85140701
    and here:
    https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85142363

    Sorry for the OT folks!

    Back to the subject, I missed that you run a custom ROM. This likely means you'll need Magisk Hide Props Config module w/ a certified fingerprint configured in addition to USNF as spoofing Compatibility Test Suite certified ROM is out of scope for USNF as mentioned in USNF GitHub instruction page.

    Further, please say what Magisk App Check SafetyNet says for evalType. Are you seeing Basic, N/A or other? (If this check is no longer working, you can alternatively use new YASNAC checker).

    Nb. Try toggling MagiskHide off then on again in settings to pass and then clear Google Play Services and Google Play Store data to get Play Protect (check in Play Store settings) device certification pass.

    Nb. Several modules (eg EDXposed) break SafetyNet, so ensure all but Riru and USNF 2.1.2 are disabled initially.

    If you still have issues, please give more details, eg what custom ROM? (Just remembered, some ROMs themselves, eg Pixel Experience, are themselves incompatible with new USNF solutions due to their manipulation of props in custom utils; swap to cleaner ROMs like LOS or petition ROM Dev to fix internally...)

    🤠 PW

    Edit:

    Bit further re. you inability to hide Magisk App and / or use Check SafetyNet; this would indicate that something may be borked in Magisk setup, or you may have network issues (I believe public builds still have use online stub APK). Do you use a firewall / adblocker etc, or similar on modem / router if using a hotspot? (Try with mobile data if previously using wifi).
    6
    Yes looks like 2.1.x will continue to be for Riru and 2.2.x will be for Zygisk until Magisk v24 goes stable with Zygisk.
  • 228
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    28
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    22
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    21
    It's in progress.

    Worth noting when @kdrag0n does publish the new Zygisk rewrite of USNF then gms and unstable will actually need to be removed from the DenyList for the module to function correctly, not added like some people are doing now to get previous USNF versions working.
    18
    v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍