MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread

fl0wfr

Senior Member
Jan 2, 2010
81
11
28
Paris
You'll need to install the MagiscHide Props Config and to set a recognised fingerprint then. My Huawei tablet now has a P40 fingerprint, and google is happy with it...
Thanks! Now safety net passes but Google Pay keeps saying my phone is rooted. I already added Google Pay in Magisk Hide but no luck.
 

Durete

Member
Dec 15, 2006
22
3
23
Everyone having issues passing basic attestation after installing the module, please try the attached versions.

There have been quite a few reports of fingerprint unlocking in apps breaking on One UI. This is not something that is planned to be fixed, because One UI is a heavy OEM skin that is not officially supported. It's surprising that it works on One UI to begin with.
I was using 1.1.0 version and worked just fine, but after intensive testing I found some strange issues with my banking app and Amazon App (Safety Net pass and Gpay contactless OK).
My banking app ask to install a new CA certificate every time I open.
My Amazon app crashed always.

I tested version 1.1.1 Test 1 and all issues seems to be gone.
My banking app works perfect, Amazon App stopped to crash, Google Play shows Certified Device, SafetyNet pass OK and Gpay contactless seems to work fine.
I will report in case I found any new issue, but all apps seems to work perfect now.

Thank you for your work !
 
  • Like
Reactions: curiousrom

7alvoo

Senior Member
Jul 18, 2019
68
16
13
Odd, something else in your setup is tripping it then. Magisk hide works for me. Pixel 3a, Jan 2021 security patch. Modules: AccA, USNF. ElementalX kernel. Not ticking revolut in Magisk hide: root detected, flipped magisk hide for revolut, clear app data, bam, works.
probably v31 armed with root beer
 

RenVilo

Senior Member
Aug 4, 2009
255
13
38
works on S20 FE 5G (SM-G781B) ROM OneUi 3 Android 11.
no configuration required here is how I proceeded:

• activate Magisk Hide
• install MagiskHide props config
• install UniversalSafety fix v.1.1.1 test1.zip (see Page 4)
• restart and erase playstore data

(I specify that I have EdXposed installed)

thank you very much to the dev
Do you get any strage issues with banking apps or lastpass etc.
 

RenVilo

Senior Member
Aug 4, 2009
255
13
38
have the same problem with oneui2.5 ... let me know if you find a solution to this; the lack of third party biometrics access is a deal breaker as I use it to login to my pc ...
So far no luck and also gonna give up. Rather not use google pay but have my fingerprint actually working
 

wyt18

Senior Member
Jun 4, 2007
396
177
63
works on S20 FE 5G (SM-G781B) ROM OneUi 3 Android 11.
no configuration required here is how I proceeded:

• activate Magisk Hide
• install MagiskHide props config
• install UniversalSafety fix v.1.1.1 test1.zip (see Page 4)
• restart and erase playstore data

(I specify that I have EdXposed installed)

thank you very much to the dev
Are you able to have third party app access to biometrics?
 

Full House

Senior Member
Aug 25, 2018
141
32
38
Do you get any strage issues with banking apps or lastpass etc.
I don't use banking apps to be honest I never register a card because I am wary of data theft.

That said out of curiosity I opened Google Pay it seems to work (unlike Samsung Pay) it waits for the registration of the card to pay without contact ...
 

Yasumasa

New member
Jan 16, 2021
1
1
13
Everyone having issues passing basic attestation after installing the module, please try the attached versions.

There have been quite a few reports of fingerprint unlocking in apps breaking on One UI. This is not something that is planned to be fixed, because One UI is a heavy OEM skin that is not officially supported. It's surprising that it works on One UI to begin with.

Screenshot_20210116-085424.png Screenshot_20210116-090002_Google Play Store.png

SafetyNet Pass & Device Certified on Samsung A205F/DS
Flashed with safetynet-fix-v1.1.1-test1.zip
 
  • Like
Reactions: curiousrom

dragos281993

Recognized Contributor
Mar 29, 2014
2,884
4,017
203
Iasi
Thanks kdrag0n for your hard work ;-)

Feedback: With your fix, Magisk shows success when checking safetynet, but until now, the fix doesn't work for GPay in my case, neither with V1.1.0 nor with V1.1.1-test2 on Xiaomi Mi 9 with MIUI 12.

What I have done: I have cleared GPay's and PlayStore's cache and user data, uninstalled GPay, rebooted. Checked that PlayStore is checked in Magisk Hide and that Play Store indicates no problems in Play protect. Then I re-installed GPay, added it to MagiskHide and cleard GPlay's and GPay's cache and user data again. After this procedure, GPay did still know my credit card, but reported that the phone doesn't meet the security requirements. I have deleted the credit card, cleared cache and data, rebooted and added the card again, but GPay is still not working.
Try this: https://github.com/sdex/AndroidIDeditor/releases
Install it, open the app, find Gpay in the list, tap on it, press on "Set random values" and hit OK. Now exit the app and go wipe the Play services, App store and GPay's data then reboot. See if it works
 
  • Like
Reactions: dr4go

innit

Senior Member
Mar 31, 2011
383
151
73
Düsseldorf
i am facing the same problem my friend.
please can you answer 2 questions? first, where did you download the previous version from? is it safe?
second, do you believe this can be fixed with a future magisk update, or are we screwed forever?
You can find all oficial releases here. I have never encountered any security issues with files from that website but it's up to you if you trust them or not.


Only time will tell whether it will be possible again to run new versions of this app on rooted devices.
 

innit

Senior Member
Mar 31, 2011
383
151
73
Düsseldorf
Ok, thank you very much, that did the trick... for now. I wonder what kind of additional checks they are doing compared to others and if there is or will be a way to circumvent this in the future.

One crazy idea would be if it was possible to run apps in their own isolated containers chroot or vm style. Possibly unrealistic thought but who knows what the future will bring :)

Again, big thanks! Very much appreciated.
I took some time to compare last working version 7.30.3 to the two newest ones 7.31/7.32. After taking some logs I noticed that:

1. 7.30.3 - no root detection implemented in the app

2. 7.31 & 7.32 - root detection built-in

So Revolut changed this just few days ago. You can compare the screenshots.

BUT hiding magisk manager seems to do the trick and the new version is working fine now. I've just tried it so I was wrong by saying that nothing could be done. Sorry for the misinformation guys.
 

Attachments

  • 7.30.3.jpg
    7.30.3.jpg
    3.7 MB · Views: 33
  • 7.31&7.32.jpg
    7.31&7.32.jpg
    3.6 MB · Views: 33
  • Like
Reactions: rewtnull and dr4go

slutman

Senior Member
Aug 18, 2012
283
75
48
works on S20 FE 5G (SM-G781B) ROM OneUi 3 Android 11.
no configuration required here is how I proceeded:

• activate Magisk Hide
• install MagiskHide props config
• install UniversalSafety fix v.1.1.1 test1.zip (see Page 4)
• restart and erase playstore data

(I specify that I have EdXposed installed)

thank you very much to the dev
I did the same as you on my S20+ exynos Android 11 and it worked
 
  • Like
Reactions: Full House

kdrag0n

Senior Member
Feb 19, 2016
603
1,600
133
kdrag0n.dev
Universal SafetyNet Fix v1.1.1 is now available.

Changes
  • Removed security patch fixup to fix CTS profile mismatches on some devices

Download

Some devices will now need to use MagiskHide Props Config in addition to this module in order to pass CTS profile checks as part of basic attestation. Altering the CTS profile is no longer in scope for this module as it breaks more devices than it fixes.

If this module helped you, please consider a recurring donation for sustainable support, or alternatively buy me a coffee. Everything helps, but a recurring donation is the best way to keep the project alive in the long term.

Issues on heavy OEM skins
This is a reminder that heavy OEM skins are not officially supported. They may happen to work depending on your luck and the particular ROM in question, but nothing is guaranteed. Please do not report problems on such ROMs. It's surprising that it works at all on them; I wouldn't expect everything to be fully working. I will not provide more support for issues related to heavy OEM skins.

The compatibility issue does not lie in the SafetyNet fix itself, but rather how the Magisk module is built. It's possible to make the Magisk module version of the fix slightly more portable, but I have no interest in supporting heavy OEM skins, nor do I have any devices running such ROMs.

You will always have the best luck with a ROM not too far from AOSP, e.g. most custom ROMs and Pixel stock ROMs.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    working in Xiaomi redmi note 7 MIUI 12 Android 10

    if in magisk it says it passes the check, but in the store it still detects the root you also need to "clear all data" of these following apps:

    - Google Play store
    - Google Play services
    - Google Service Framework

    Then reboot your device. :)

    If Google Pay still not working, "clear all data" of this app too.
    2
    ok so I didn't know the app itself could be hidden and that was triggering certain Bank applications to close automatically I don't have TWRP folders but I don't know how to enable the biometrics using magisk hide props config what is is that exactly?
    Magisk Manager (since v22 only called Magisk) can be hidden and renamed in it's own settings.
    For further information check this great guide by @Didgeridoohan :
    You'll find information about MagiskHide Props Config there too. That all depends only detecting root by other apps, as said above I can't help you with your Samsung related problems.
    Someone with a Sammy may answer that or is able to give you some tips.
    2
    Test2 is confirmed to fix biometrics for S20, S20+, S21 Exynos.
    https://github.com/kdrag0n/safetynet-fix/pull/13#issuecomment-767863635 PW
    It works, you guys are seriously awesome!

    Just installed edXposed and it still passes!
    2
    I'm on DP2 and I couldn't get safetynet test2 to work.
    This one is working
    1
    Gentlemen.
    Does anyone have original fingerprint for Samsung Galaxy A41 (Android 10) or know from where to get it?
    Magic Hide Props doesn't have this model on list.

    I've read that I may extract it from original OS, from system.img.
    I have downloaded SM-A415F_PRT_A415FXXU1BUA1_fac.zip, unpacked, there are tar files AP_*, BL_*, CP_OMC_OXM* and HOME_CSC_OMC_OXM* but nowhere inside them I see system.img.
    Any advice will be appreciated.
    inside AP_*
  • 156
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    19
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    13
    Universal SafetyNet Fix v1.1.1 is now available.

    Changes
    • Removed security patch fixup to fix CTS profile mismatches on some devices

    Download

    Some devices will now need to use MagiskHide Props Config in addition to this module in order to pass CTS profile checks as part of basic attestation. Altering the CTS profile is no longer in scope for this module as it breaks more devices than it fixes.

    If this module helped you, please consider a recurring donation for sustainable support, or alternatively buy me a coffee. Everything helps, but a recurring donation is the best way to keep the project alive in the long term.

    Issues on heavy OEM skins
    This is a reminder that heavy OEM skins are not officially supported. They may happen to work depending on your luck and the particular ROM in question, but nothing is guaranteed. Please do not report problems on such ROMs. It's surprising that it works at all on them; I wouldn't expect everything to be fully working. I will not provide more support for issues related to heavy OEM skins.

    The compatibility issue does not lie in the SafetyNet fix itself, but rather how the Magisk module is built. It's possible to make the Magisk module version of the fix slightly more portable, but I have no interest in supporting heavy OEM skins, nor do I have any devices running such ROMs.

    You will always have the best luck with a ROM not too far from AOSP, e.g. most custom ROMs and Pixel stock ROMs.
    6
    Everyone having issues passing basic attestation after installing the module, please try the attached versions.

    There have been quite a few reports of fingerprint unlocking in apps breaking on One UI. This is not something that is planned to be fixed, because One UI is a heavy OEM skin that is not officially supported. It's surprising that it works on One UI to begin with.
    4
    There is no need to delete the whole Data, but go to Settings, Apps and delete Data for Google Play, Google Play Services, Google Services Framework, and probably Google Pay (not using, hence cannot tell for sure).
    Go to Airplane mode before deleting, after deleting reboot and turn Airplane off
    Deleting data of Google services framework acts as a partial factory reset and it might cause late/missing notifications of many apps. I would definitely advise to avoid doing it. 🙂

    It is enough to wait a little, Google play store should "recertify" device after some time automatically if it meets the criteria. Cache or data cleaning of Google play store app should speed up this process, but it's not mandatory in my experience.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone