• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread

eeeemc

Senior Member
Jan 12, 2011
135
14
I have installed LSPosed and xpricavy, still can't login with bank app using fingerprints
First thing first , your device must be rooted.
From Magisk Manager > Plug-ins > you should have:
Magisk hide Props
Riru
From LSPosed, choose your bank apps > check-marked it so to hide it. ( This was the step I forgot to do until Andrologic told me to )

All my banking apps kicks me out when my Safetynet is passed in Blue. Other website required Safetynet check pass are okay and let me in except banking apps ( as I forgot this step )

Finalize it by Magisk Hide + hide Magisk with new name instead of Magisk Manager.

Every steps require each time restart device. ( so I turn tasker off during fixing safetynet )

Thank you very much., edmond
 
  • Like
Reactions: CC90
First thing first , your device must be rooted.
From Magisk Manager > Plug-ins > you should have:
Magisk hide Props
Riru
From LSPosed, choose your bank apps > check-marked it so to hide it. ( This was the step I forgot to do until Andrologic told me to )

All my banking apps kicks me out when my Safetynet is passed in Blue. Other website required Safetynet check pass are okay and let me in except banking apps ( as I forgot this step )

Finalize it by Magisk Hide + hide Magisk with new name instead of Magisk Manager.

Every steps require each time restart device. ( so I turn tasker off during fixing safetynet )

Thank you very much., edmond

But, that's the thing, from the lsposed menu i can't select anything. i installed the module xprivacy.lua and in there i could select my bank app.

That didn't help though, i still can't use fingerprints.
 

eeeemc

Senior Member
Jan 12, 2011
135
14
But, that's the thing, from the lsposed menu i can't select anything. i installed the module xprivacy.lua and in there i could select my bank app.

That didn't help though, i still can't use fingerprints.
Here's mine.............
LSPosed > Modules > XPrivacyLua
From there, you can scroll to seach your Bank Apps Name.

** note : I'm not using any sort of finger print methods for opening Banking Apps. I just open Banking Apps in normal way.

I've seen else where on finger prints fix for safetynet. Try search keyword safetynet and getdroidips

Screenshot - 10_21_2021 , 7_35_13 PM.png
 

Dark_Eyes_

Recognized Developer / Recognized Contributor
Sep 19, 2013
2,719
10,658
Hey @kdrag0n I noticed that your module breaks At a glance on Android 12 and it seems to mess up with Continued conversation and maybe other Google Assistant things. Can you please look into that? Thanks!
 

bradical711

Senior Member
Aug 26, 2017
432
267
Google Pixel 4 XL
Hey @kdrag0n I noticed that your module breaks At a glance on Android 12 and it seems to mess up with Continued conversation and maybe other Google Assistant things. Can you please look into that? Thanks!
Pretty sure he's already aware of the issue as it was mentioned on his GitHub issue tracker 3 days ago https://github.com/kdrag0n/safetynet-fix/issues/108. No response from OP yet on GitHub or XDA but I'm sure he's aware and brainstorming possible solutions. We might just need to wait a few more days.
 

sliding_billy

Senior Member
Apr 23, 2012
1,776
618
North Texas
Running 2.1.1 on a Pixel 3XL. I have Magisk canary (which was updated last night) running currently with Riru module. MagiskHide is turned on. The canary notes mention that (as expected) hide is gone now. I didn't install when the notification showed up, but I suspect Magisk will move to stable without hide very quickly. Ignoring the update, but also wondering if anyone tried it. Did the Safetynet fix break, and does anyone have a method to fix if so. If not, any plans?
 

Qnorsten

Senior Member
Mar 14, 2012
192
86
Running 2.1.1 on a Pixel 3XL. I have Magisk canary (which was updated last night) running currently with Riru module. MagiskHide is turned on. The canary notes mention that (as expected) hide is gone now. I didn't install when the notification showed up, but I suspect Magisk will move to stable without hide very quickly. Ignoring the update, but also wondering if anyone tried it. Did the Safetynet fix break, and does anyone have a method to fix if so. If not, any plans?
There are a lot of mention about this in the general magisk thread https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/page-2432#post-85825005

But be aware that you can't use riru and riru modules with newest canary magisk that use zygisk. So you can't use USNF 2.0 with it, until it gets rewritten to use zygisk instead of riru.


For some devices there are still ways to pass saftey net, by using USNF 1 instead.

I am passing saftey net fine with my oneplus 8T and latest magisk canary, but that device was never affected by googles latest server side changes.

The steps I did was
Enable agisk deny list for com.google.android.gms and com.google.android.gms.unstable
Togheter with either
UNSF 1.2.0
or
spoofing magisk hide props with MHPC (https://github.com/Magisk-Modules-R...README.md#setreset-magiskhide-sensitive-props)

But that might not be enough for all devices in that case you might need to stay on stable magisk until this module is rewritten to use zygisk instead of riru.

So either wait or try it out. You can always downgrade magisk again if needed.
 

Qnorsten

Senior Member
Mar 14, 2012
192
86
No real need to update until kdrag0n rewrite it for zygisk, which I am sure he will do eventually. I guess there will be a while before there are any other zygisk modules that make it worth while updating. Unless you are like me and just like to live on the edge.
 

j1gga84

Senior Member
Jun 21, 2012
4,617
2,730
Bremen
www.android-hilfe.de
Hello,

Today I installed new Magisk 23010 with removed magisk hide but my banking payment app is still not working..
Also rootbeer fresh shows the device now as rooted after the update...
In magisk I choose Zygisk and enforce deny list and set the same apps like with magisk hide before but it will not work.
I had Universal SafetyNetFix 1.1.1 installed. I removed that and installed newest 2.1.1 together with Riru module but in rootbeer fresh Root is still present as you can see..
What else can I do now?

Regards
 

Attachments

  • Screenshot_20211025-232547_RootbeerFresh.jpg
    Screenshot_20211025-232547_RootbeerFresh.jpg
    378.2 KB · Views: 105

Qnorsten

Senior Member
Mar 14, 2012
192
86
Hello,

Today I installed new Magisk 23010 with removed magisk hide but my banking payment app is still not working..
Also rootbeer fresh shows the device now as rooted after the update...
In magisk I choose Zygisk and enforce deny list and set the same apps like with magisk hide before but it will not work.
I had Universal SafetyNetFix 1.1.1 installed. I removed that and installed newest 2.1.1 together with Riru module but in rootbeer fresh Root is still present as you can see..
What else can I do now?

Regards
Have you enabled deny list for com.google.android.gms and com.google.android.gms.unstable?
You also can't use Riru or any Riru modules with zygisk. So you need to install V1 universal safety fix. Also might need to use MPHC to reset magisk sensitive props
 

j1gga84

Senior Member
Jun 21, 2012
4,617
2,730
Bremen
www.android-hilfe.de
Have you enabled deny list for com.google.android.gms and com.google.android.gms.unstable?
You also can't use Riru or any Riru modules with zygisk. So you need to install V1 universal safety fix. Also might need to use MPHC to reset magisk sensitive props
I have enabled it, also other apps and I uninstalled V2 and install V1.2.0 but still the same.. What do you mean with MPHC?

Regards
 
  • Like
Reactions: j1gga84

klemi71

Senior Member
Jun 6, 2018
207
54
Google Pixel 3
@kdragon: are you planning to offer a Zygisk version of your fantastic module? I don't want to push you or something like that. I just want to know if you're interested at all.
Otherwise I'll have to switch to magisk alpha or have to try SU. Many users trust in you and hope you will help us out as John's job is difficult for this hide and seek game. Your abilities keep Android alive from being different to iOS. We just rely on you.
Best regards.
 
Last edited:

_litz

Senior Member
Oct 29, 2011
601
269
Alpharetta, GA
Well that's just nuts. New version released tonight to Patreon users ...

And Patreon had apparently changed something in their website that breaks Google logins on Pixels.

I had to use Firefox to download the new version *on Google's own phone*.

Anyways, will try it after I update to A12.

Thanks kdrag0n for the quick work!

Yes for those asking, this newest version includes zygote as well.

My question is, with MagiskHide being removed from the Manager app in Canary, how do we manage the apps that are blocked from seeing root without that GUI?
 

pndwal

Senior Member
Latest kdrag0n
Universal SafetyNet Fix Changelog:
· v 2.2.0

Changes since 2.1.1:

• Ported module to Zygisk
• Fixed screen-off Voice Match in Google Assistant
• Fixed poor microphone quality with Voice Match enabled on Pixel 5
• Fixed At a Glance weather display on Android 12
• Fixed At a Glance settings on Android 12

This version only supports Zygisk (latest Magisk Canary). See v2.1.2 for a Riru version.

Download

This version is currently only available to early access supporters. (Pledge now to get access or purchase one-time access.)

https://kdrag0n.dev/patreon/safetynet-fix/v2.2.0

👍😛 PW
 
Last edited:

Top Liked Posts

  • 4
    Sadly, I've now managed to install both the Riru module and Universal SafetyNet Fix module, and even with both working, my phone doesn't pass either stage of the SafetyNet test built into Magisk. So weird... I feel like I'm missing something really obvious here, but I've tried everything suggested so far, without luck.

    Interesting, that about Canary. Doesn't sound too enticing to me - I'm far too much of a non-techie user to be dwelling into a basically alpha program. Maybe if it turns out to be the only chance I have to pass SN, I could give it a try... But I'd much rather stay in regular Magisk for now, tbh.

    And yeah, I imagined it had something to do with Google updating SN or something like that. And yes, sadly, one of the main things I was reading up on is how the "root scene", or at least the root-hiding scene, is coming to an abrupt ending with these hardware verification methods, and now Magisk creator going over to the "dark side" and working with the enemy. Sad times, I guess.

    I know for a fact, though, that Magisk is working (or should be working) right now, and I'd love to use it as long as I possibly can...
    Must say I completely disagree with your assessment of John's current employer as 'the dark side' / 'the enemy'... His previous appointment was with Apple.... I suppose they're the light side / our friends in your book? 😝😜😬

    I could argue Google are our benefactors, building in easy unlocking / modifying ability (that only certain manufacturers circumvent), and even knowingly allowing modding community (which their reps even describe as 'White Hat') to 'subvert their security model' and bypass SafetyNet until now... (Does the competition do this?) but sure, patching this obvious 'hole' is clearly on the agenda (to thwart 'black Hat' crooks / hackers / thieves / scammers / swindlers / fraudsters...), only it seems because their corporate partners (many having their own requirements as GPay & Samsung Pay partners for example) are demanding it & G risks loosing market share to their major competitor... and they have already...

    I've mentioned before that many government / security concious entities already ban Android devices at work and often purchase / issue iPhones as a security measure... I think we just need to 'get real' here... I don't believe G will suddenly become anti-root anytime soon however...

    Android will likely remain the only competitive out-of-the-box mod-able platform for some time despite tightening attestation to TEE (which really only safeguards proprietary software / interests), and this is largely thanks to Google and the Open Handset Alience they established having an inclusive vision re. custom mods incl many open source projects... They create all the major milestones that make Android what it is / keeps it innovative, usually in closed-shop builds for their own flagship devices before releasing AOSP code...

    Xiaomi then takes this vanilla experience and gives you Mocha MIUI which you loathe having developed Sudden Chocolate Taste Aversion, so you tip the mug out and fill it with a more pure AOSP experience again... courtesy of...
    ...
    GOOGLE!

    Want more detail? Here:
    https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85140701
    and here:
    https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85142363

    Sorry for the OT folks!

    Back to the subject, I missed that you run a custom ROM. This likely means you'll need Magisk Hide Props Config module w/ a certified fingerprint configured in addition to USNF as spoofing Compatibility Test Suite certified ROM is out of scope for USNF as mentioned in USNF GitHub instruction page.

    Further, please say what Magisk App Check SafetyNet says for evalType. Are you seeing Basic, N/A or other? (If this check is no longer working, you can alternatively use new YASNAC checker).

    Nb. Try toggling MagiskHide off then on again in settings to pass and then clear Google Play Services and Google Play Store data to get Play Protect (check in Play Store settings) device certification pass.

    Nb. Several modules (eg EDXposed) break SafetyNet, so ensure all but Riru and USNF 2.1.2 are disabled initially.

    If you still have issues, please give more details, eg what custom ROM? (Just remembered, some ROMs themselves, eg Pixel Experience, are themselves incompatible with new USNF solutions due to their manipulation of props in custom utils; swap to cleaner ROMs like LOS or petition ROM Dev to fix internally...)

    🤠 PW

    Edit:

    Bit further re. you inability to hide Magisk App and / or use Check SafetyNet; this would indicate that something may be borked in Magisk setup, or you may have network issues (I believe public builds still have use online stub APK). Do you use a firewall / adblocker etc, or similar on modem / router if using a hotspot? (Try with mobile data if previously using wifi).
  • 21
    It's in progress.

    Worth noting when @kdrag0n does publish the new Zygisk rewrite of USNF then gms and unstable will actually need to be removed from the DenyList for the module to function correctly, not added like some people are doing now to get previous USNF versions working.
    13
    Here I am, again. Some more cleaning of the thread was necessary.

    I'm only say this once: do not start any drama in the thread.

    users that do not want to or are not capable of paying what the pre-releases cost should just sit tight and wait. Until the pre-release becomes public (usually within a few weeks) whomever doesn't have/want access to it will have to use the currently publicly available releases. That might mean you need to use experimental releases of Magisk (of which there are a few), or the latest stable official Magisk release. Or you just suck it up and wait.

    That's it. It's that simple.

    No more drama or discussion of what is or isn't warez will be tolerated.

    Have a great day.
    10
    Hi everyone. A general announcement requires your attention:

    Let me direct your attention to the form rules, and in particular rule #6:
    If a piece of software requires you to pay to use it, then pay for it.

    There's currently a pre-release of USNF, available for @kdrag0n's Patreon supporters. It'll most likely eventually make it's way to the general public, like all the previous releases, but until then it requires you to pay... It might take a week, it might take a month, but the important part is that if you can't/won't pay for the software you wait and use the releases that are currently available to you.

    End of story.

    If you have anything to add or any questions my inbox is always open.

    Best regards
    Didgeridoohan
    Senior Moderator/Developer Committee/Developer Relations
    10
    A friendly Announcement (Not)

    Okay, sadly for the second time in a few days i have been personally PM'd, asking for a copy of the latest
    Universal SafetyNet Fix

    Just now, by some newbie with a total of 3 posts, probably only signed up to try a grab a copy of it

    Heres the message i replied with, and anyone else considering badgering other members for paid content should read and absorb

    Why are you asking me?

    Its a paid version, which will be released freely in a week or so

    Asking for paid content for free is the same as asking for Warez, and is banned on here

    DO NOT ASK AGAIN


    For starters, im not a patreon member of @kdrag0n s, i get my copy the same time as most people do when its graciously released after early adopters have a crack at it, and even if i did get it early, i wouldnt share it

    So stop asking

    Any further PM's i get or hear of, asking for a copy of an early release, will be forwarded to admin same as if you asked for warez on here...simple

    Update:

    Seems the 2nd guy didnt get the message:

    Follow up mesasage: "Sorry, I come from a poor country and cannot pay, please share the module link, thanks"

    Reported to admin
    7
    Latest kdrag0n
    Universal SafetyNet Fix Changelog:
    · v 2.2.0

    Changes since 2.1.1:

    • Ported module to Zygisk
    • Fixed screen-off Voice Match in Google Assistant
    • Fixed poor microphone quality with Voice Match enabled on Pixel 5
    • Fixed At a Glance weather display on Android 12
    • Fixed At a Glance settings on Android 12

    This version only supports Zygisk (latest Magisk Canary). See v2.1.2 for a Riru version.

    Download

    This version is currently only available to early access supporters. (Pledge now to get access or purchase one-time access.)

    https://kdrag0n.dev/patreon/safetynet-fix/v2.2.0

    👍😛 PW
  • 228
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    28
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    22
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    21
    It's in progress.

    Worth noting when @kdrag0n does publish the new Zygisk rewrite of USNF then gms and unstable will actually need to be removed from the DenyList for the module to function correctly, not added like some people are doing now to get previous USNF versions working.
    18
    v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍