MAGISK MODULE ❯ Universal SafetyNet Fix 1.1.0

Search This thread

paxar331

Member
Mar 13, 2020
36
3
Thank you, that worked.

Unfortunately I'm getting attestation failed.





Edit: I'll try MagiskHide Props config a shot, as noted here

Edit: I followed additional instructions here, including typing 'su' before hand in the terminal, and was able to pass.

Thank you to the programmers involved.

qezCgVk.png
 
Last edited:

Lolinajdi

Member
Feb 9, 2019
13
1
hello i have issues when i use the latest version of safetynet fix but issues is after applying the safetynet fix module the device some time's rebooting randomly i don't know what is problem.

my device info:

samsung galaxy s9+

android 10

rom is official rom not custom rom.
 

zgfg

Senior Member
Oct 10, 2016
7,168
4,622
hello i have issues when i use the latest version of safetynet fix but issues is after applying the safetynet fix module the device some time's rebooting randomly i don't know what is problem.

my device info:

samsung galaxy s9+

android 10

rom is official rom not custom rom.
Details missing - what exactly is your Magisk version, USNF version and are you using Riru?

USNF 2.2.1 must be used ONLY with Zygisk (that requires some version of the NEW Magisk 2301x, and NO USE of Riru)

OTHERWISE, use USNF 2.1.3 (as stated in the earlier posts and on the Github)
 
  • Like
Reactions: rhewins2268

Lolinajdi

Member
Feb 9, 2019
13
1
Details missing - what exactly is your Magisk version, USNF version and are you using Riru?

USNF 2.2.1 must be used ONLY with Zygisk (that requires some version of the NEW Magisk 2301x, and NO USE of Riru)

OTHERWISE, use USNF 2.1.3 (as stated in the earlier posts and on the Github)
Magisk version:23.0
Riru version:26.1.3
USNF VERSION;2.1.3
 

kramer04

Senior Member
Jan 15, 2011
597
230
France
See screenshots
 

Attachments

  • Screenshot_20220125-202711.jpg
    Screenshot_20220125-202711.jpg
    178 KB · Views: 187
  • Screenshot_20220125-202956.jpg
    Screenshot_20220125-202956.jpg
    294.7 KB · Views: 179
  • Screenshot_20220125-202937.jpg
    Screenshot_20220125-202937.jpg
    306.5 KB · Views: 179
  • Screenshot_20220125-203021.jpg
    Screenshot_20220125-203021.jpg
    272.9 KB · Views: 176
  • Screenshot_20220125-203129.jpg
    Screenshot_20220125-203129.jpg
    261.3 KB · Views: 183
Last edited:

Dior DNA

Senior Member
Aug 17, 2015
1,535
656
I am on Magisk v24.1 now and on safetynet-fix v2.2.1 and new to this addon.
Device (1+8T LOS 18.1) is certified, cool and thanks.
Q: Is there a separate app somewhere to perform a SafetyNet test
(as Magisk app no longer seems to include one)?
Have a nice day!
 

Lughnasadh

Senior Member
Mar 23, 2015
3,327
3,294
Google Nexus 5
Huawei Nexus 6P
I am on Magisk v24.1 now and on safetynet-fix v2.2.1 and new to this addon.
Device (1+8T LOS 18.1) is certified, cool and thanks.
Q: Is there a separate app somewhere to perform a SafetyNet test
(as Magisk app no longer seems to include one)?
Have a nice day!
You can use YASNAC or SafetyNet Checker. Both can be found on the Play Store.
 
  • Like
Reactions: Dior DNA

Alexium2022

Member
Jan 29, 2022
9
0
Hi from Romania ! It worked on my Xiaomi Note 8 Ginkgo. After I unlocked the bootloader and had root access my McDonald's app was not working and after this universal fix works. I do not have a banking app to tell if it works. But with Magisk v 23 in hide superuser menu my Carrefour deal app was working. So is in Magisk v 24 in the DenyList. But the MikeyDees was stubborn til now. Hope it lasts to enjoy my bigmac offers. I am no programming or coding person. But I am stubborn. Thank you kdrag0n !
 

Attachments

  • index.jpg
    index.jpg
    124.5 KB · Views: 54
Last edited:

juliotec

Member
Aug 22, 2013
45
71
Ok i have:

- Poco X3 Pro Global
- Lineage OS 18.1
- Magisk 24.1 (Zygisk beta enabled)
- Lucky patcher (installed all patches)

To work safetynet you need install these modules:
- Universal Safetynet Fix (Zygisk lastest version)
AND
- Magiskhide Props Config (lastest version)

you will not pass if dont install both
 

Attachments

  • Screenshot_20220129-133409_Magisk.png
    Screenshot_20220129-133409_Magisk.png
    132.8 KB · Views: 104
  • Screenshot_20220129-133356_SafetyNet_Check.png
    Screenshot_20220129-133356_SafetyNet_Check.png
    206 KB · Views: 91
  • Screenshot_20220129-133900_Actualizador.png
    Screenshot_20220129-133900_Actualizador.png
    84.3 KB · Views: 94
  • Screenshot_20220129-135034_Lucку-Patcher.png
    Screenshot_20220129-135034_Lucку-Patcher.png
    312.4 KB · Views: 85
  • Screenshot_20220129-135414_Lucкy_Рatcher.png
    Screenshot_20220129-135414_Lucкy_Рatcher.png
    224.1 KB · Views: 98
Last edited:

jekiDlemot

Member
Apr 10, 2016
36
10
I tried using the zygisk, usnf, and magiskhideprop method, but this is what i got.
I wonder why did it fail from the request part on the green app one and is fine in the other, banking app still detect the phone rooted state though. Can anybody help?
 

Attachments

  • Screenshot_20220130-075231_SafetyNet Test.png
    Screenshot_20220130-075231_SafetyNet Test.png
    130.7 KB · Views: 98
  • Screenshot_20220130-075431_Magic.png
    Screenshot_20220130-075431_Magic.png
    188.3 KB · Views: 94
  • Screenshot_20220130-075419_Magic.png
    Screenshot_20220130-075419_Magic.png
    224.1 KB · Views: 94
  • Screenshot_20220130-075235_SafetyNet Check.png
    Screenshot_20220130-075235_SafetyNet Check.png
    261.8 KB · Views: 106

zgfg

Senior Member
Oct 10, 2016
7,168
4,622
I tried using the zgisk,
Ok, what is the problem?
First screenshot shows that you are passing SafetyNet

On the second Screenshot there is also no Basic Integrity neither CTS Profile failure

Be aware that every SafetyNet checker has a quota (given by Google) how many attestations can be done per day

Since the new Magisk was released, people test like crazy, checkers go over quota, and report API orGoogle Play Services errors (depending how developers formatted the error text)

Use another SN checker and/or be patient and try another time
 

ipdev

Recognized Contributor
Feb 14, 2016
1,747
1
2,955
Google Nexus 10
Nexus 7 (2013)
I tried using the zygisk, usnf, and magiskhideprop method, but this is what i got.
I wonder why did it fail from the request part on the green app one and is fine in the other, banking app still detect the phone rooted state though. Can anybody help?
A while back, Google changed things up and SafetyNet checks require a unique key per app/developer.
The free version of the key is allowed 10,000 (ten thousand) checks per day.

In the last few days, people have been updating Magisk and figuring out how to setup it up to pass SafetyNet.
The SafetyNet checker apps have been getting bombarded with them checking SafetyNet so apps are hitting their daily limit.

That is why you see an error message about connecting to the SafetyNet servers.
  • Can't access Google Play Services.
  • Google Play Services API error
    7: NETWORK_ERROR​

The SafetyNet Check app is less used because it is a Paid for app.
They might also buy the the next level from Google.
Checks per day are bumped up and/or removed.

Just checked the official versions downloaded from Magisk's github.
Magisk v24.0 has been downloaded 57,253 times.
Magisk v24.1 has been downloaded 15,944 times.​
So you can imagine how many are checking SaftyNet. 🙃

This has nothing to do with apps detecting an insecure device by other means.
Apps that go beyond SafetyNet to find a compromised device.​

Cheers. :cowboy:
 
Last edited:

jekiDlemot

Member
Apr 10, 2016
36
10
A while back, Google changed things up and SafetyNet checks require a unique key per app/developer.
The free version of the key is allowed 10,000 (ten thousand) checks per day.

In the last few days, people have been updating Magisk and figuring out how to setup it up to pass SafetyNet.
The SafetyNet checker apps have been getting bombarded with them checking SafetyNet so apps are hitting their daily limit.

That is why you see an error message about connecting to the SafetyNet servers.
  • Can't access Google Play Services.
  • Google Play Services API error
    7: NETWORK_ERROR​

The SafetyNet Check app is less used because it is a Paid for app.
They might also buy the the next level from Google.​
Checks per day are bumped up and/or removed.

Just checked the official versions downloaded from Magisk's github.
Magisk v24.0 has been downloaded 57,253 times.​
Magisk v24.1 has been downloaded 15,944 times.​
So you can imagine how many are checking SaftyNet. 🙃

This has nothing to do with apps detecting an insecure device by other means.
Apps that go beyond SafetyNet to find a compromised device.​

Cheers. :cowboy:
So based on the blue app one, i could safely say that the safetynet passed then. Thank you that was news for me.
And i also want to ask about the apps/modules johnwu said to be able to perform just the same like magiskhide because the only thing that i could find is shamiko, and it's still not letting me into my bank app.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    Added to the list
    google play services for AR
    google pay
    google play store
    google play services

    universal safety fix module 2.2.1 active


    something that i saw... every restart google play services go out of denied list.
    Hiding Magisk app is irrelevant for Google apps (it may help only to some banking apps - those apps try to explore various methods to find or even guess about the root, eg, you may have locked Bootloader with stock firmware but if you just install Magisk APK they will falsely guess that your phone is rooted bcs why otherwise would one install Magisk APK)

    Google apps use SafetyNet where SafetyNet is the API provided by Google Play Services (aka GMS), hence no use of putting Services for AR or Playstore to DenyList - it's enough to put GMS, all Google apps use GMS

    But finally, USNF takes care of the Google Play Services and it removes GMS from DenyList - that was discussed and mentioned many times here, in the USNF thread and in the Magisk thread (old Magisk thread and the new Magisk+Zygisk thread)

    But cannot help you with Google Pay - check in the Magisk threads
    3
    Oh, and don't worry about GPS getting out of deny list with every restart. This has been the default behavior for me since Magisk 24, but it works.
    We usually rather call Google Play Services as GMS, due to it's package name (you see that package name when you add to DenyList):
    com.google.android.gms

    Disappearing from DenyList has nothing to do with Magisk v24 but this module USNF = Universal SafelyNet Fix removes GMS from DenyList (already mentioned in this thread couple of times)

    Go to:
    /data/adb/modules/safetynet-fix
    (where USNF installs - open eg module.prop text file)

    And open service.sh to find there:
    Code:
    # Remove Play Services from DenyList, otherwise the Zygisk module won't load
    magisk --denylist rm com.google.android.gms
    1
    anybody managed to run it on oneplus 8 pro android 12 (stock)? my fingerprint reader is not working when 2.2.1 module is installed.
    You can find a discussion in March (scroll back) with some hints for fix
    1
    You can find a discussion in March (scroll back) with some hints for fix
    hmm, indeed. I flashed the modified .zip for 8T from post #1698 and it works, thanks!
    1
    Hello
    i have a LG G4 with A11 Havoc..

    Magisk app 24.3(24300) (27)
    package fyhmut.go
    Zygisk yes

    Magisk hided

    Added to the list
    google play services for AR
    google pay
    google play store
    google play services

    universal safety fix module 2.2.1 active

    removed data of google play services, google play store and google pay
    restarted...

    but no luck with google pay :(

    something that i saw... every restart google play services go out of denied list.

    Any suggestion or help?

    Thanks
    Had the same problem - all of a sudden yesterday - with Google Pay on my OnePlus 9 Pro. Did everything you did and more, even installing older versions, no luck for 3 hours.

    Finally, turns out it's the latest version of Google Play Services (I was naive enough to opt-in the beta testing program). Google Pay kept showing something like "Checking for updates, this may take few minutes".

    Uninstall Google Play Services updates, opt out of beta program if you're in, then re-apply the Google Pay process, and you'll be good to go.

    Oh, and don't worry about GPS getting out of deny list with every restart. This has been the default behavior for me since Magisk 24, but it works.
  • 255
    Universal SafetyNet Fix
    Magisk module​

    This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    Passing basic attestation is mostly out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Nonetheless, it features a few basic attempts at helping pass basic attestation on some devices, especially older devices and devices running stock ROMs.

    No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.

    Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module. The ROM changes for it are linked above for ROM developers to use.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Telegram group
    Source code

    If this helped you, please consider donating to support development: recurring donation for sustainable support or buy me a coffee. Thank you for your support!
    28
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    22
    I managed to fix the 3rd party app fingerprint issue on my Samsung w/ Android 10 (commented on this Github issue too). Basically the AOSP keystore is not fully compatible with the Samsung one so I decided to binary patch the one on my phone and ended up with this module. Now both fingerprint and SafetyNet works.
    Notes:
    - This disables key attestation for every app, idk if it breaks anything, nothing broke so far
    - Only change is the replaced system_sdk29/bin/keystore with the Samsung one (8 bytes modified)
    - Only works on Android 10
    - Might or might not work for you, use at your own risk.
    21
    It's in progress.

    Worth noting when @kdrag0n does publish the new Zygisk rewrite of USNF then gms and unstable will actually need to be removed from the DenyList for the module to function correctly, not added like some people are doing now to get previous USNF versions working.
    18
    v2.1.0 is officially released and open sourced now, so everyone can stop being ****ing babies. 😏👍