MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0

Search This thread
By:
Advanced…
O

oldbear3

Senior Member
Feb 4, 2011
53
3
Until the RQ3A.210605.005 update on my Pixel 3a, even with Safetynetfix 1.1.1 installed (and uninstalled and reinstalled) my CtsProfile remains false, so i don't get safetynet checked.
The evaltype is Basic with the module installed but it keeps on refusing the ctsProfile.
Do I miss something or does Google made new changes ?
 
P

pndwal

Senior Member
Jun 23, 2016
7,796
9,617
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
oldbear3 said:
Until the RQ3A.210605.005 update on my Pixel 3a, even with Safetynetfix 1.1.1 installed (and uninstalled and reinstalled) my CtsProfile remains false, so i don't get safetynet checked.
The evaltype is Basic with the module installed but it keeps on refusing the ctsProfile.
Do I miss something or does Google made new changes ?
Click to expand...
Click to collapse
I don't know for sure.

Try disabling any modules other than this one to eliminate these...

Do are you on stock ROM? Do you run any mods to System? PW
 
O

oldbear3

Senior Member
Feb 4, 2011
53
3
pndwal said:
I don't know for sure.

Try disabling any modules other than this one to eliminate these...

Do are you on stock ROM? Do you run any mods to System? PW
Click to expand...
Click to collapse
Ok, that's what i made this morning and actually it's magisk hide props which was the cause strangely. I didn't need it anyway because i'm on stock rom.
Thanks for your help.
 
  • Like
Reactions: pndwal
ReK_

ReK_

Member
Nov 8, 2010
6
0
HTC Dragon
Nexus 7
I'm having trouble with Google Pay. Magisk says SafetyNet passes with eval basic, however Google Pay won't enable contactless, saying "Your phone doesn't meet security requirements."
  • OnePlus 7 Pro GM1917
  • LineageOS 18.1 (20210606-nightly)
  • MindTheGapps 11.0.0
  • Magisk 23.0 (installed via boot.img, app renamed)
  • MagiskHide Props Config 5.4.0-v128
  • Universal SafetyNet Fix v1.1.1
I've renamed the Magisk app, turned on MagiskHide for all Google services, Google Pay and banking apps, and used the props config to emulate a Pixel 3a. This has gotten SafetyNet passing according to Magisk, and my related banking apps are working fine, but I still can't enable contactless payment in Google Pay. I've checked for the Play Protect certificate issue but it looks like the menus have changed in Google Play and I can't see anything that positively says it passes, but there's also no warning popup or anything that says it fails either.
 
ahecht

ahecht

Senior Member
Oct 23, 2010
526
315
ReK_ said:
I'm having trouble with Google Pay. Magisk says SafetyNet passes with eval basic, however Google Pay won't enable contactless, saying "Your phone doesn't meet security requirements."
  • OnePlus 7 Pro GM1917
  • LineageOS 18.1 (20210606-nightly)
  • MindTheGapps 11.0.0
  • Magisk 23.0 (installed via boot.img, app renamed)
  • MagiskHide Props Config 5.4.0-v128
  • Universal SafetyNet Fix v1.1.1
I've renamed the Magisk app, turned on MagiskHide for all Google services, Google Pay and banking apps, and used the props config to emulate a Pixel 3a. This has gotten SafetyNet passing according to Magisk, and my related banking apps are working fine, but I still can't enable contactless payment in Google Pay. I've checked for the Play Protect certificate issue but it looks like the menus have changed in Google Play and I can't see anything that positively says it passes, but there's also no warning popup or anything that says it fails either.
Click to expand...
Click to collapse
 
ReK_

ReK_

Member
Nov 8, 2010
6
0
HTC Dragon
Nexus 7

Attachments

  • Screenshot_20210613-001715_Google_Play_services.png
    Screenshot_20210613-001715_Google_Play_services.png
    141.2 KB · Views: 94
ju_one06

ju_one06

Member
May 11, 2011
20
2
mythnetworks.com
Hello,
Im have issue bypass safetynet, im install magisk by rename and install thru twrp as zip..then rename back to apk and install apk..
Phone : Redmi Note 9S
OS : Miui 12.0.2.0 Android 11
Im already try safetynet fix from 1.0 to 1.1.1 but still prob..did i miss step or do wrong?..
 
B

BattleRobot_HK47

Member
Jun 19, 2021
9
3
Hello,

I was wondering whether there is a way the module survives factory reset ? Or can it be modified to do so ? I am in a situation where I only need to bypass SafetyNet from the initial setup without being able to upgrade Magisk or access the developers options before the test.

Thanks for reading.
 
zgfg

zgfg

Senior Member
Oct 10, 2016
10,766
9,398
Redmi K20 / Xiaomi Mi 9T
Xiaomi Mi 11
BattleRobot_HK47 said:
Hello,

I was wondering whether there is a way the module survives factory reset ? Or can it be modified to do so ? I am in a situation where I only need to bypass SafetyNet from the initial setup without being able to upgrade Magisk or access the developers options before the test.

Thanks for reading.
Click to expand...
Click to collapse
No

Factory reset wipes Data partition

To the other side, Magisk database and all Magisk modules are installed to /data/adb folder - therefore, they will be all wiped by Factory reset
 
B

BattleRobot_HK47

Member
Jun 19, 2021
9
3
zgfg said:
No

Factory reset wipes Data partition

To the other side, Magisk database and all Magisk modules are installed to /data/adb folder - therefore, they will be all wiped by Factory reset
Click to expand...
Click to collapse
I mean, there is a "way" to change the app in order to obtain this result. Like Magisk-Frida, the Frida agents survive the factory reset and don't need to be reinstalled by Magisk.
 
zgfg

zgfg

Senior Member
Oct 10, 2016
10,766
9,398
Redmi K20 / Xiaomi Mi 9T
Xiaomi Mi 11
BattleRobot_HK47 said:
I mean, there is a "way" to change the app in order to obtain this result. Like Magisk-Frida, the Frida agents survive the factory reset and don't need to be reinstalled by Magisk.
Click to expand...
Click to collapse
I told you how the nodule installs. Check your /data/adb/modules and consult Magisk documentation on Github (scroll to the Magisk modules chapter):

Developer Guides

The Magic Mask for Android
topjohnwu.github.io

Otherwise, try Factory reset and report the result
 
  • Like
Reactions: BattleRobot_HK47 and Slim2none4u
B

BattleRobot_HK47

Member
Jun 19, 2021
9
3
zgfg said:
I told you how the nodule installs. Check your /data/adb/modules and consult Magisk documentation on Github (scroll to the Magisk modules chapter):

Developer Guides

The Magic Mask for Android
topjohnwu.github.io

Otherwise, try Factory reset and report the result
Click to expand...
Click to collapse
Thanks for the link. I think I have found a way to circumvent the problem. I could install the module manually from TWRP. I'm just stuck because Magisk doesn't seem to have the "full install" after the initial setup. (The Magisk icon is present after factory reset, but it needs to be installed by the user. I'm wondering whether it's possible to fully install Magisk from TWRP without having to do this)
 
P

pndwal

Senior Member
Jun 23, 2016
7,796
9,617
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
BattleRobot_HK47 said:
Thanks for the link. I think I have found a way to circumvent the problem. I could install the module manually from TWRP.
Click to expand...
Click to collapse
This module?

... Whole other can of worms. - Most got bootloops doing so.
BattleRobot_HK47 said:
I'm just stuck because Magisk doesn't seem to have the "full install" after the initial setup. (The Magisk icon is present after factory reset, but it needs to be installed by the user. I'm wondering whether it's possible to fully install Magisk from TWRP without having to do this)
Click to expand...
Click to collapse
I think mileage varies per device. Many do have App fully functional after Custom Recovery zip Installation.

A factory reset wipes all setup data as discussed. Normal App Uninstall doesn't, unlike other apps, due to separate app data location in /data/adb. PW
 
Last edited:
  • Like
Reactions: BattleRobot_HK47
B

BattleRobot_HK47

Member
Jun 19, 2021
9
3
pndwal said:
This module?

... Whole other can of worms. - Most got bootloops doing so.

I think mileage varies per device. Many do have App fully functional after Custom Recovery zip Installation. But a factory reset wipes all setup data as discussed. PW
Click to expand...
Click to collapse
So okay it's risky... Now the biggest problem is finalizing the installation of Magisk without going through the GUI. (Here Fairphone 3) After that I would have the Magisk CLI to install the module. (The purpose is to obtain the module and Magisk fully installed before the inital setup. In this way, I could have a rooted device that bypasses a MDM activation for forensic analyzes)
 
  • Like
Reactions: pndwal
B

BattleRobot_HK47

Member
Jun 19, 2021
9
3
It is all good, I have managed to completely install Magisk by enabling USB debugging from TWRP and then adb install the APK before the initial setup. From that, we can install the module with the magisk CLI and the SafetyNet of the MDM is bypassed.
 
  • Like
Reactions: pndwal
You must log in or register to reply here.

Similar threads

Chainfire
[Android 2.1+][03.10.2011][v3.2] Chainfire3D [ROOT][OpenGL ES 2.0+]
Replies
3K
Views
3M
rignfool
rignfool
apb_axel
[ZIP] Synapse + Script => Universal Kernel Manager v3.8.1
Replies
3K
Views
773K
D
Dildoman
repey6
[6.0-12.0][Magisk]Dolby Digital Plus[upd.20211005]
Replies
2K
Views
778K
M
Mradim
Chainfire
[2014.05.01][ROOT] Mobile ODIN v4.20
Replies
5K
Views
4M
Rukbat
Rukbat
DooMLoRD
[04/Jan][ROOTING/UNROOTING] DooMLoRD's Easy Rooting Toolkit [v4.0](zergRush Exploit)
Replies
927
Views
3M
B
bishoy ashraf

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 337
    kdrag0n
    kdrag0n
    Universal SafetyNet Fix
    Magisk module​

    Magisk module to work around Google's SafetyNet attestation.

    This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS profile attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    If you still have trouble passing SafetyNet with this module, use MagiskHide Props Config to spoof a certified device profile. This is a common issue on old devices, custom ROMs, and stock ROMs without GMS certification (e.g. Chinese ROMs).

    Android versions up to 13 Beta 3 are supported, including OEM skins such as Samsung One UI and MIUI.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module. See the ProtonAOSP website for more information.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Latest release
    v2.4.0
    Highlights
    • Play Integrity bypass without breaking device checks or causing other issues
    • Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)
    Other changes
    • Updated instructions for newer Android and Magisk versions
    • Better debugging for future development
    This version only supports Zygisk (Magisk 24 and newer).

    It's taken a while to find a way to bypass Play Integrity that doesn't require spoofing the build fingerprint permanently, but I wanted to make sure this module doesn't cause any unnecessary breakage. Just like the original goal of Universal SafetyNet Fix, this minimizes adverse effects by spoofing dynamically at runtime only when necessary. Enjoy!

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support.
    Alternatively, you can also buy me a coffee. All support is appreciated ❤️

    Source code
    View
    223
    Displax
    Displax
    So, here is my modification of USNF with Play Integrity API bypass.

    It changes fingerprint to old 7.1.2 6.0 (LOL) and apply it only for GMS SafetyNet process (by Zygisk injection), so your original prints/security path level does not change. This avoids many side effects/problems with global props changing.

    Updated 3.0:
    No words needed, you understand everything yourself 😜

    Updated 2.1:
    Hide "Enable OEM Unlock" setting

    Updated 2.0:
    Bypassing DEVICE_INTEGRITY for devices that shipped with Android 13+ (Pixel`s 7 )

    Updated:
    Drop fingerprint to lowest possible (6.0) to ensure that no one use same Android version

    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Many thanks to @1nikolas for integrity checker.

    Source code: https://github.com/Displax/safetynet-fix/tree/integrity
    View
    58
    Displax
    Displax
    So, here is my new modification of USNF with Play Integrity API bypass.

    It is now based on top of original v2.4.0 codebase instead of v2.3.1, with adding new hiding algorithm for current realities and some code refreshing.

    Changelog:

    Version 1.2
    * Fix crash and endless tests loop/failing on Android < 9.0 (bug from original version 2.4.0).
    * Do not unpatch (revert) changes. To prevent possible tests failing after a while on some ROMs (cross conflicts).

    Version 1.1
    * Fix KeyStore hook desynchronization (tests randomly failing problem).


    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Source code: https://github.com/Displax/safetynet-fix/tree/dev
    View
    33
    Displax
    Displax
    So, created separate thread for my mod. Welcome)

    [MODULE] [MOD] Universal SafetyNet Fix

    Universal SafetyNet Fix [MOD] Magisk module...
    xdaforums.com xdaforums.com
    View
    32
    P
    pndwal
    Folks, the SafetyNet API was depreciated last Month with 'full turndown' slated for June 2024 and the introduction of the new Play Integrity API. It has also become clear that Google apps are simply the first to adopt the long foretold Play Integrity API; all responsible banks are bound to follow suit in short order, and at least before the June 2023 migration deadline.

    This means (assuming fully deployed Hardware Key Attestation doesn't come first 😬) that the need for a 'Universal Play Integrity Fix' has become quite urgent.

    We currently have workarounds involving using older fingerprint props by means of MHPC module (similar to fix needed for uncertified ROMs), but success/mileage varies per device and users of regular bank apps / gamers etc on stock devices will all soon be forced to experiment with MHPC prints also... This is hardly ideal.

    So I've made an issue report/request on USNF GitHub as follows. This information may be insightful to users here also...

    Please let me know here if I have missed anything important, or add any technically relevant details there...

    PLEASE DON'T spam that issue with unimportant details or queries... (The previous issue is already burgeoning w/ OT.) That's what this thread is for... 😛 :

    Please make 'Universal Play Integrity Fix' ... #204

    Fixes to expand 'Universal SafetyNet Fix' to become a 'Universal Play Integrity Fix' are needed.

    The SafetyNet Attestation API is deprecated and has been replaced by the Play Integrity API.
    https://developer.android.com/training/safetynet/deprecation-timeline

    New Play Integrity API is rolling out from June 2022, and evidently Google Play Store and Google Pay/Wallet are already using its verdict.

    June 2023 is the Migration Deadline for app developers. This will also allow their older app versions to continue working with SafetyNet API for a limited time.

    June 2024 is the End of life for SafetyNet API; its attestation will no longer work for any app version, and apps will receive an error.

    The new Integrity API has more strict requirements for passing attestation, and this seems to be enforced in Android 11+ particularly.

    Currently (evidently due to this), device security issues are detected by

    1. Google Pay/Wallet, which may state "You can't pay contactless with this device...(Your phone doesn't meet software standards)" on updating or attempting to add a card despite in-app Contactless setup stating "You're ready to pay contactless with your phone (Your phone meets security requirements)", and
    2. Google Play Store, which may no longer show apps like Netflix w/ Android 11+ (developers can 'exclude devices from their app's distribution based on their device integrity . Device exclusion is based on the latest device integrity verdict that the Play Store app receives from the Play Integrity API') despite in-app settings showing Play Protect 'Device is certified' result.
    I'm guessing that the 'passing' messages based on the old SafetyNet API are likely to realigned soon.

    A workaround that evidently allows Play Integrity API attestation to pass (and solve Wallet / Play Store issues also) has been discovered. It involves spoofing an earlier certified ROM, generally by using MagiskHide Props Config module to change fingerprint prop to one for Android 10 or earlier.

    Undoubtedly other apps will begin to detect broken TEE etc / fail as they migrate or begin integrating the Play Integrity API.

    A 'Universal Play Integrity Fix' will evidently require more understanding / research into how the fingerprint prop is used, and possibly other new behaviours.
    Click to expand...
    Click to collapse

    Here's hoping... 🙃 PW
    View

New posts