MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread
Hi,
Installed Ritu and USNF 2.1.2 and unfortunately it's still the same
Did you use props config? Or just install it because just installing it does nothing.
Screenshot_20211201-055808.jpg
 
  • Like
Reactions: smegbat

pndwal

Senior Member
Many thanks for your help. Props Config is just installed so I haven't changed anything. I'll have a read of the attachment to see what to do unless you have any tips? Thanks again 👍
For ROMs that don't include certified fingerprint or spoof one (many Custom ROMs, China region stock etc) you need only MHPC module option to set certified fingerprint configured in addition to USNF module... PW
 

Jimjimbo

Member
Aug 30, 2017
10
0
I am using Magisk 23
Beyond Rom S20 ultra
Riru
Lsposed

I have flashed USN 2.2 but still fail integrity and profile Evaltype basic.

Am I missing something?

I must admit I have not read all 75 pages however I have scanned a lot of comments.
 

zgfg

Senior Member
Oct 10, 2016
7,166
4,618
I am using Magisk 23
Beyond Rom S20 ultra
Riru
Lsposed

I have flashed USN 2.2 but still fail integrity and profile Evaltype basic.

Am I missing something?

I must admit I have not read all 75 pages however I have scanned a lot of comments.
Again (handful of similar posts earlier) - old Magisk 23 and new USNF 2.2 for Zygisk?!
USNF 2.1.2 is for Riru
 
Yes you are right. I have seen that now 🤦 the problem is I got confused with reading so many posts. That said 2.1.2 did not work for me.
Oh I didn't even see what your problem is, if you're failing basic integrity this can't help you. That means your system partition has been altered or there is evidence of tampering going on. As for eval type basic, that is what you want. If I had to guess a Xposed module altered /system or it's doing something obvious and easy to detect.

Also should mention if you're using an Xposed module like HiddenCore you're actually failing both ctsProfile and Integrity even if ctsProfile claims it's passing.
 
Last edited:

pndwal

Senior Member
I am using Magisk 23
Beyond Rom S20 ultra
Riru
Lsposed

I have flashed USN 2.2 but still fail integrity and profile Evaltype basic.

Am I missing something?

I must admit I have not read all 75 pages however I have scanned a lot of comments.
Beyond Rom is custom?

So you likely need MHPC w/ passing fingerprint configured in addition to USNF 2.1.2 + Riru modules as I said here:
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/post-86029605

Nb. Users / punters should read main GitHub page (linked from OP here) and release notes (click Releases, read all of them) to avoid confusion / understand additional out-of-scope fixes needed. The OP itself is not up to date... PW

Edit:
I see Beyond Rom may be set up to pass on its own (incorporate USNF / spoof passing fingerprint) so you may have other issues.

Could be ROM only bundles older USNF (Nb. newer fix addresses post September Google server end changes), ROM manipulates props (eg in pre-built utils) and this is incompatible with later USNF, incompatible modules as mentioned above, or other issue...
 
Last edited:

ReservedName

Member
Oct 29, 2014
35
42
just got the notification my device isn't ok to use NFC but Google pay still loads the cards. checked and failed safety net, I have no idea when that started. I haven't updated anything in a while and avoided updating magisk because it was going to lose magiskhide. no idea why this suddenly changed but I decided to update magisk after anyway just to see. still no good. I have riru and lsposed so maybe I have to tweak that. what changed? should I upgrade to Android 12 and then try fixing this after? pixel 4a here.

edit: seems like I don't have lsposed now. probably because of the update to magisk
 

pndwal

Senior Member
just got the notification my device isn't ok to use NFC but Google pay still loads the cards. checked and failed safety net, I have no idea when that started. I haven't updated anything in a while and avoided updating magisk because it was going to lose magiskhide. no idea why this suddenly changed but I decided to update magisk after anyway just to see. still no good. I have riru and lsposed so maybe I have to tweak that. what changed? should I upgrade to Android 12 and then try fixing this after? pixel 4a here.

edit: seems like I don't have lsposed now. probably because of the update to magisk
Lite on detail.

Assume you have public (stable) Magisk 23.0. MagiskHide changes have only hit debug (Canary) TJW builds as yet, but this fix addresses new builds W/ Zygisk / denylist also.

So current stable Magisk should be no different; Google made new server end changes in September however, and many devices now need 2.1+ USNF to pass.

You need 2.1.2 for current stable Magisk & Riru is required also. 2.2.0 is for current canary + builds with Zygisk going forward... PW
 
Last edited:

ReservedName

Member
Oct 29, 2014
35
42
Lite on detail.

Assume you have public (stable) Magisk 23.0. MagiskHide changes have only hit debug (Canary) TJW builds as yet, but this fix addresses new builds W/ Zygisk / denylist also.

So current stable Magisk should be no different; Google made new server end changes in September however, and many devices now need 2.1+ USNF to pass.

You need 2.1.2 for current stable Magisk & Riru is required also. 2.2.0 is for current canary + builds with Zygisk going forward... PW
so I got 23015 the alpha apk and uninstalled the other magisk apk. I got 2.2.0 usnf and flashed that. I enabled zygisk and denylist. I can pass safetynet and use biometrics on my banking app. the legacy Google pay app still warns me about my device but the newer gpay app doesn't and the NFC payments still work. Lsposed and privacylua don't load now so I guess I can remove them?

I'm a little concerned about the legacy Google pay app warning and I don't think I need it so I just uninstalled it. YASNAC app says I pass safetynet (integrity, cts pass, basic eval).
 
so I got 23015 the alpha apk and uninstalled the other magisk apk. I got 2.2.0 usnf and flashed that. I enabled zygisk and denylist. I can pass safetynet and use biometrics on my banking app. the legacy Google pay app still warns me about my device but the newer gpay app doesn't and the NFC payments still work. Lsposed and privacylua don't load now so I guess I can remove them?

I'm a little concerned about the legacy Google pay app warning and I don't think I need it so I just uninstalled it. YASNAC app says I pass safetynet (integrity, cts pass, basic eval).
Did you clear cache/data from google play store, gpay and google play services? Sometimes if you don't pass safetynet it'll remember that until you do, check play store settings then about and at the bottom see if your device says it's certified or not. Clearing cache/data once safetynet passes should fix it.
 
  • Like
Reactions: ReservedName

zgfg

Senior Member
Oct 10, 2016
7,166
4,618
so I got 23015 the alpha apk and uninstalled the other magisk apk. I got 2.2.0 usnf and flashed that. I enabled zygisk and denylist.... Lsposed and privacylua don't load now so I guess I can remove them?
Instead of Riru-LSPosed, you need to use Zygisk-LSPosed because Riru is not compatible with Zygisk.
Go to the Modules tab in Magisk app and Riru itself should dynamically show there some error (when working ok it says that it is loaded and displays how many Riru modules are loaded, like Riru-LSPosed)

Not sure can you download:
LSPosed-v1.6.3-6267-zygisk-release.zip
from Github, but you can from LSPosed-Arcives TG channel (however, posting URLs to TG channels are not allowed here on XDA).
With Zygisk-LSPosed you should be able to continue using LSPosed modules like XPrivacyLua, etc

PS: From the Github LSPosed page you can find a link to LSPosed TG channel. In that channel you will find the link to LSPosed-Archives TG channel where they daily (and sometimes more ofthen) push Riru and Zygisk, Release and Debug LSPosed builds
 
Last edited:
  • Like
Reactions: ReservedName

ReservedName

Member
Oct 29, 2014
35
42
Instead of Riru-LSPosed, you need to use Zygisk-LSPosed because Riru is not compatible with Zygisk.
Go to the Modules tab in Magisk app and Riru itself should dynamically show there some error (when working ok it says that it is loaded and displays how many Riru modules are loaded, like Riru-LSPosed)

Not sure can you download:
LSPosed-v1.6.3-6267-zygisk-release.zip
from Github, but you can from LSPosed-Arcives TG channel (however, posting URLs to TG channels are not allowed here on XDA).
With Zygisk-LSPosed you should be able to continue using LSPosed modules like XPrivacyLua, etc
I'm on the regular lsposed tg I don't know where that archive is. last post says they won't release the zygisk lsposed yet
 

ReservedName

Member
Oct 29, 2014
35
42
Just updated my previous post. Read the PS there to solve the TG labyrinth - actually see the screenshot below
thanks I was able to find and flash it. only thing is I didn't place the shortcut on reboot, where can I find the APK? (ok so on reboot I got another chance to place the shortcut, but I don't know where else to find it)

I rebooted to get systemless hosts going for AdAway which is working again now. do I even need lsposed anymore? the only module I had was privacylua and I think I don't need it now?

(thanks for all the help by the way)
 
Last edited:

zgfg

Senior Member
Oct 10, 2016
7,166
4,618
thanks I was able to find and flash it. only thing is I didn't place the shortcut on reboot, where can I find the APK?
Look under:
/data/adb/lspd
I have (albeit using Riru-LSposed) the manager.apk there

They call that parasitic manager. You can uninstall the apk but still use shortcut (you must create it).
If you uninstalled the manager and didn't/couldn't create the shortcut, you can still open the LSPosed manager by dialing a secret code:
*#*#LSPosed#*#*
L=5, etc
You can even create a shortcut for the dialer, for that 'number' on the Home screen
 
  • Like
Reactions: ReservedName

zgfg

Senior Member
Oct 10, 2016
7,166
4,618
I rebooted to get systemless hosts going for AdAway which is working again now. do I even need lsposed anymore? the only module I had was privacylua and I think I don't need it now?
Interesting - you needed LSPosed/XLua for AdAway?
Maybe something specific for a particular phone with 12 - sorry I was not aware of, maybe you could elborate
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    Added to the list
    google play services for AR
    google pay
    google play store
    google play services

    universal safety fix module 2.2.1 active


    something that i saw... every restart google play services go out of denied list.
    Hiding Magisk app is irrelevant for Google apps (it may help only to some banking apps - those apps try to explore various methods to find or even guess about the root, eg, you may have locked Bootloader with stock firmware but if you just install Magisk APK they will falsely guess that your phone is rooted bcs why otherwise would one install Magisk APK)

    Google apps use SafetyNet where SafetyNet is the API provided by Google Play Services (aka GMS), hence no use of putting Services for AR or Playstore to DenyList - it's enough to put GMS, all Google apps use GMS

    But finally, USNF takes care of the Google Play Services and it removes GMS from DenyList - that was discussed and mentioned many times here, in the USNF thread and in the Magisk thread (old Magisk thread and the new Magisk+Zygisk thread)

    But cannot help you with Google Pay - check in the Magisk threads
    3
    Oh, and don't worry about GPS getting out of deny list with every restart. This has been the default behavior for me since Magisk 24, but it works.
    We usually rather call Google Play Services as GMS, due to it's package name (you see that package name when you add to DenyList):
    com.google.android.gms

    Disappearing from DenyList has nothing to do with Magisk v24 but this module USNF = Universal SafelyNet Fix removes GMS from DenyList (already mentioned in this thread couple of times)

    Go to:
    /data/adb/modules/safetynet-fix
    (where USNF installs - open eg module.prop text file)

    And open service.sh to find there:
    Code:
    # Remove Play Services from DenyList, otherwise the Zygisk module won't load
    magisk --denylist rm com.google.android.gms
    1
    anybody managed to run it on oneplus 8 pro android 12 (stock)? my fingerprint reader is not working when 2.2.1 module is installed.
    You can find a discussion in March (scroll back) with some hints for fix
    1
    You can find a discussion in March (scroll back) with some hints for fix
    hmm, indeed. I flashed the modified .zip for 8T from post #1698 and it works, thanks!
    1
    Hello
    i have a LG G4 with A11 Havoc..

    Magisk app 24.3(24300) (27)
    package fyhmut.go
    Zygisk yes

    Magisk hided

    Added to the list
    google play services for AR
    google pay
    google play store
    google play services

    universal safety fix module 2.2.1 active

    removed data of google play services, google play store and google pay
    restarted...

    but no luck with google pay :(

    something that i saw... every restart google play services go out of denied list.

    Any suggestion or help?

    Thanks
    Had the same problem - all of a sudden yesterday - with Google Pay on my OnePlus 9 Pro. Did everything you did and more, even installing older versions, no luck for 3 hours.

    Finally, turns out it's the latest version of Google Play Services (I was naive enough to opt-in the beta testing program). Google Pay kept showing something like "Checking for updates, this may take few minutes".

    Uninstall Google Play Services updates, opt out of beta program if you're in, then re-apply the Google Pay process, and you'll be good to go.

    Oh, and don't worry about GPS getting out of deny list with every restart. This has been the default behavior for me since Magisk 24, but it works.
  • 255
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    28
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    22
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    21
    It's in progress.

    Worth noting when @kdrag0n does publish the new Zygisk rewrite of USNF then gms and unstable will actually need to be removed from the DenyList for the module to function correctly, not added like some people are doing now to get previous USNF versions working.
    18
    v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍