MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0

Search This thread
By:
Advanced…
O

okij

Senior Member
Oct 24, 2012
2,028
3,934
Düsseldorf
Samsung Galaxy S10e
  • Like
Reactions: 0LDST4R and Gordietm
T

thunderace69

New member
Jan 8, 2016
2
0
Hi All, I have searched the net but cant seem to find a solution to fixing the safetynet check and pass the checks on my A95x F3 Air and my Tanix Tx6 box. please can someone please point me in the right direction. Thanks in advance
 
L

lukjod

Senior Member
Aug 12, 2004
196
25
Warsaw
Samsung Galaxy Z Flip3
after install test version 2.0 on latest dub5 samsung s20 i can get safetynet to work and all my banks app to use fingerprint safety but Google pay says card unconfigured as on screenshot. Will it work on Google pay as can't check easy now?
 

Attachments

  • Screenshot_20210221-171934_Google Play services.jpg
    Screenshot_20210221-171934_Google Play services.jpg
    358.3 KB · Views: 168
Last edited:
  • Like
Reactions: Bec07
kerpert

kerpert

Senior Member
Nov 2, 2012
214
52
Milan
GT-i9250
Moto G4 Play
AndDiSa said:
If you flash the factory / full ota package, yes. Otherwise if you would like to take the OTA I am currently doing it in the following way:
- flashing back the original kernel
- taking the update ota
- rebooting
- patching the new kernel with Magisk
- flashing the patched kernel
Click to expand...
Click to collapse
Hi, I followed your tip keeping the patched stock kernel and noticed that the freezing continues even with the only Magisk hide enabled without extensions or apps hide or systemless host, and as second attempt, even with the only systemless host enabled with all the other things at default (no extension modules, no hide at all), so dunno't but it can be some Magisk bug because keeping just Magisk with nothing other and all settings to default it worked 2 days without freezes.
 
dublea

dublea

Member
Feb 1, 2011
35
2
MS
I have a Samsung SM-T510 2019 10 inch tablet with Android 9. I have TWRP and Magisk installed w/ MagiskHide Props Config and Universal SafetyNetFix 2.0.0-test enabled and setup.

Still failing with Attestation failed, basicIntegrity (pass) ctsProfile (fail) w/ evalType HARDWARE.
 
Last edited:
N

Nuke1999

Member
Jun 20, 2018
14
3
Google Pixel 6
In case anyone has a Pixel 4a, with Android 11 still installed, the 1.1.1 ZIP will pass SafetyNet both in Magisk as well as the "older" version of Google Pay (Google Pay, not Gpay) after it is flashed via Magisk Manager. For reference, I am using the latest Magisk Canary as of time of this post.
 
  • Like
Reactions: jcp2
N

Nivan0611

Member
Mar 5, 2014
26
2
Hi All . . .
I am running a Amlogic X96Air Box with Slimrom-Android 9

Can someone plz guide me on installing Magisk for Safety Net Pass on Uncertified Google Play Store "Uncertified Device"

Firstly i installed the App Manager to access if "ramdisk" is available . . it says "No"
I then uninstalled it . . then tried to go the route to flash the zip (v22) thru TWRP . . after reboot nothing showed up in all apps (no Magisk) . . not sure if I'm doing it correctly !!! . . . However, I then reset the box and also reinstalled the rom to have a clean installation.

Any guidance on installing Magisk for Safety Net Pass on Play Store to have a certified device would be greatly appreciated, if this is at all possible
Thanks :)
 
Kingstley

Kingstley

New member
Feb 26, 2021
2
0
I had to do an account to thank you so much.
Finally i passed safetynet at mine Xiaomi mi 10 lite 5g.

Thank you sososo much. Finally i am able to install MCDonalds app and use GpAy
 
D

Demax55

Member
Jan 17, 2017
36
1
Unluckily it doesn't work for me, but maybe it's normal.

Device: Asus Zenfone Max Pro M1
OS: LineageOS 16.0-20210112-microG-X00TD (basically it's lineageOS with microG)
DroidguardHelper installed, however I cannot hide it in magisk hide. If I try, next time I check in Magisk Hide it's always not hidden.

I have Magisk Manager hidden and magisk hide active on all my banking apps and safety net checker apps.

Before installing safety net fix, banking apps and fingerprints on them would work. But it would fail attestation, and I suppose that's the reason why apps like Pokemon go wouldn't work.

I installed safety net fix 1.1.1 but attestation sfill failed. But fingerprints didn't work anymore on banking apps.

I installed safety fix 2.0 test 2 and now fingerprints work again, however attestation still fails.

I haven't found much about how to fix basic integrity, however I suspect it might be related to the ROM I'm using and/or microG.

Does anyone know why this happens and if there's any way to fix it?

Thanks in advance
 

Attachments

  • AttestationFailed.png
    AttestationFailed.png
    43.6 KB · Views: 15
Last edited:
gege2307

gege2307

New member
Feb 27, 2021
2
0
Hi all, tried safetynet fix 1.1.1 in Magisk 22.0. Now safetynet test is passed, but Google pay still doesn't work (your device doesn't meet....).

My phone is Xiaomi mi 10TPro with MIUI 12.1.2.

Any idea ?

Thank you in advance !
 
Last edited:
Uzephi

Uzephi

Inactive Recognized Contributor
Apr 20, 2012
3,439
1,892
Phoenix
Google Pixel 3a
Demax55 said:
Does anyone know why this happens and if there's any way to fix it?

Thanks in advance
Click to expand...
Click to collapse

You're failing basic integrity. This module is only to bypass hardware attestation. I would suggest checking to see what is making you fail basic integrity. A good guess would be your device fingerprint. MagiskHideProps is a good module to use a certified fingerprint.
 
D

Demax55

Member
Jan 17, 2017
36
1
Uzephi said:
You're failing basic integrity. This module is only to bypass hardware attestation. I would suggest checking to see what is making you fail basic integrity. A good guess would be your device fingerprint. MagiskHideProps is a good module to use a certified fingerprint.
Click to expand...
Click to collapse


Thanks for the tip. Unluckily I already have tried to change my fingerprint with the latest certified fingerprint for my device and it didn't work.

I don't have xposed. I tried to disable all magisk modules that I have (aurora services, systemizer), still didn't work.

I have quite a few apps that need root (Adaway, warden, and others) but I don't think they could cause problem, right?
 
You must log in or register to reply here.

Similar threads

Chainfire
[Android 2.1+][03.10.2011][v3.2] Chainfire3D [ROOT][OpenGL ES 2.0+]
Replies
3K
Views
3M
rignfool
rignfool
apb_axel
[ZIP] Synapse + Script => Universal Kernel Manager v3.8.1
Replies
3K
Views
773K
D
Dildoman
repey6
[6.0-12.0][Magisk]Dolby Digital Plus[upd.20211005]
Replies
2K
Views
778K
M
Mradim
Chainfire
[2014.05.01][ROOT] Mobile ODIN v4.20
Replies
5K
Views
4M
Rukbat
Rukbat
DooMLoRD
[04/Jan][ROOTING/UNROOTING] DooMLoRD's Easy Rooting Toolkit [v4.0](zergRush Exploit)
Replies
927
Views
3M
B
bishoy ashraf

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 337
    kdrag0n
    kdrag0n
    Universal SafetyNet Fix
    Magisk module​

    Magisk module to work around Google's SafetyNet attestation.

    This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS profile attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    If you still have trouble passing SafetyNet with this module, use MagiskHide Props Config to spoof a certified device profile. This is a common issue on old devices, custom ROMs, and stock ROMs without GMS certification (e.g. Chinese ROMs).

    Android versions up to 13 Beta 3 are supported, including OEM skins such as Samsung One UI and MIUI.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module. See the ProtonAOSP website for more information.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Latest release
    v2.4.0
    Highlights
    • Play Integrity bypass without breaking device checks or causing other issues
    • Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)
    Other changes
    • Updated instructions for newer Android and Magisk versions
    • Better debugging for future development
    This version only supports Zygisk (Magisk 24 and newer).

    It's taken a while to find a way to bypass Play Integrity that doesn't require spoofing the build fingerprint permanently, but I wanted to make sure this module doesn't cause any unnecessary breakage. Just like the original goal of Universal SafetyNet Fix, this minimizes adverse effects by spoofing dynamically at runtime only when necessary. Enjoy!

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support.
    Alternatively, you can also buy me a coffee. All support is appreciated ❤️

    Source code
    View
    223
    Displax
    Displax
    So, here is my modification of USNF with Play Integrity API bypass.

    It changes fingerprint to old 7.1.2 6.0 (LOL) and apply it only for GMS SafetyNet process (by Zygisk injection), so your original prints/security path level does not change. This avoids many side effects/problems with global props changing.

    Updated 3.0:
    No words needed, you understand everything yourself 😜

    Updated 2.1:
    Hide "Enable OEM Unlock" setting

    Updated 2.0:
    Bypassing DEVICE_INTEGRITY for devices that shipped with Android 13+ (Pixel`s 7 )

    Updated:
    Drop fingerprint to lowest possible (6.0) to ensure that no one use same Android version

    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Many thanks to @1nikolas for integrity checker.

    Source code: https://github.com/Displax/safetynet-fix/tree/integrity
    View
    58
    Displax
    Displax
    So, here is my new modification of USNF with Play Integrity API bypass.

    It is now based on top of original v2.4.0 codebase instead of v2.3.1, with adding new hiding algorithm for current realities and some code refreshing.

    Changelog:

    Version 1.2
    * Fix crash and endless tests loop/failing on Android < 9.0 (bug from original version 2.4.0).
    * Do not unpatch (revert) changes. To prevent possible tests failing after a while on some ROMs (cross conflicts).

    Version 1.1
    * Fix KeyStore hook desynchronization (tests randomly failing problem).


    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Source code: https://github.com/Displax/safetynet-fix/tree/dev
    View
    33
    Displax
    Displax
    So, created separate thread for my mod. Welcome)

    [MODULE] [MOD] Universal SafetyNet Fix

    Universal SafetyNet Fix [MOD] Magisk module...
    xdaforums.com xdaforums.com
    View
    32
    P
    pndwal
    Folks, the SafetyNet API was depreciated last Month with 'full turndown' slated for June 2024 and the introduction of the new Play Integrity API. It has also become clear that Google apps are simply the first to adopt the long foretold Play Integrity API; all responsible banks are bound to follow suit in short order, and at least before the June 2023 migration deadline.

    This means (assuming fully deployed Hardware Key Attestation doesn't come first 😬) that the need for a 'Universal Play Integrity Fix' has become quite urgent.

    We currently have workarounds involving using older fingerprint props by means of MHPC module (similar to fix needed for uncertified ROMs), but success/mileage varies per device and users of regular bank apps / gamers etc on stock devices will all soon be forced to experiment with MHPC prints also... This is hardly ideal.

    So I've made an issue report/request on USNF GitHub as follows. This information may be insightful to users here also...

    Please let me know here if I have missed anything important, or add any technically relevant details there...

    PLEASE DON'T spam that issue with unimportant details or queries... (The previous issue is already burgeoning w/ OT.) That's what this thread is for... 😛 :

    Please make 'Universal Play Integrity Fix' ... #204

    Fixes to expand 'Universal SafetyNet Fix' to become a 'Universal Play Integrity Fix' are needed.

    The SafetyNet Attestation API is deprecated and has been replaced by the Play Integrity API.
    https://developer.android.com/training/safetynet/deprecation-timeline

    New Play Integrity API is rolling out from June 2022, and evidently Google Play Store and Google Pay/Wallet are already using its verdict.

    June 2023 is the Migration Deadline for app developers. This will also allow their older app versions to continue working with SafetyNet API for a limited time.

    June 2024 is the End of life for SafetyNet API; its attestation will no longer work for any app version, and apps will receive an error.

    The new Integrity API has more strict requirements for passing attestation, and this seems to be enforced in Android 11+ particularly.

    Currently (evidently due to this), device security issues are detected by

    1. Google Pay/Wallet, which may state "You can't pay contactless with this device...(Your phone doesn't meet software standards)" on updating or attempting to add a card despite in-app Contactless setup stating "You're ready to pay contactless with your phone (Your phone meets security requirements)", and
    2. Google Play Store, which may no longer show apps like Netflix w/ Android 11+ (developers can 'exclude devices from their app's distribution based on their device integrity . Device exclusion is based on the latest device integrity verdict that the Play Store app receives from the Play Integrity API') despite in-app settings showing Play Protect 'Device is certified' result.
    I'm guessing that the 'passing' messages based on the old SafetyNet API are likely to realigned soon.

    A workaround that evidently allows Play Integrity API attestation to pass (and solve Wallet / Play Store issues also) has been discovered. It involves spoofing an earlier certified ROM, generally by using MagiskHide Props Config module to change fingerprint prop to one for Android 10 or earlier.

    Undoubtedly other apps will begin to detect broken TEE etc / fail as they migrate or begin integrating the Play Integrity API.

    A 'Universal Play Integrity Fix' will evidently require more understanding / research into how the fingerprint prop is used, and possibly other new behaviours.
    Click to expand...
    Click to collapse

    Here's hoping... 🙃 PW
    View

New posts