Root won't die! ...
Rooting enables a user to have administrator-level permissions to the operating system environment, allows normal users to install custom Roms, alternative software kernels, update to the latest version of Android OS on an older phone, run root apps, remove or bypass bloatware, etc etc. It is also a very important tool for development / developers / software/hardware testing / pen-testers etc etc...
Thank you so much!! It works for me.So, here is my modification of USNF with Play Integrity API bypass.
It changes fingerprint to old
220.127.116.11 (LOL) and apply it only for GMS SafetyNet process (by Zygisk injection), so your original prints/security path level does not change. This avoids many side effects/problems with global props changing.
Drop fingerprint to lowest possible (6.0) to ensure that no one use same Android version
1. Delete/disable/reset MagiskHidePropsConfig (if installed).
2. Just install it over old Universal SafetyNet Fix and reboot device.
Many thanks to @1nikolas for integrity checker.
Source code: https://github.com/Displax/safetynet-fix/tree/integrity
the one that's hot atm: https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-3-1.4217823/post-87198517
This module is largely for fixing SafetyNet by causing falback from HARDWARE to BASIC evaluation (attestation) type... This is generally only needed w/ Android 8+ w/ Keymaster 3... (Google haven't invoked Hardware Evaluation type using early hardware Keymaster 1 or 2).
I have flashed this mod and because of this mod I am stuck on boot logo now, I have xposed installed, can that be the reason?This module is largely for fixing SafetyNet by causing falback from HARDWARE to BASIC evaluation (attestation) type... This is generally only needed w/ Android 8+ w/ Keymaster 3... (Google haven't invoked Hardware Evaluation type using early hardware Keymaster 1 or 2).
Please say what isn't working; do you have have BASIC evaluation type in YASNAC?...
USNF 2.3.1 did restore compatibility w/ A7 however, since it was removed from 2.1.3... This will adjust sensitive props for A7 which may help with S/N, but attestation type fallback using Zygisk is disabled...
If you mean an AOSP custom ROM (stock Samsung is also AOSP), @Displax's unofficial USNF should be a good way to pass CTS Profile match instead of using a fingerprint prop configured in MagiskHide Props Config module... It should also allow new Play Integrity Meets_Device_Integrity verdict...
So this mod may well solve your A7 woes... See here:
Haven't heard reports of issues like that w/ this, but thinking about it now there may well be issues for A7 (probably not xposed related however):
I also deleted module from twrp manually, but still device is stuck on boot logo
everyone should have this bookmarked
Well I reflashed the rom now, but still my device is not certified on play store, as you said its not needed on devices below A10, I am not using any safetynet module now. But still thinking, what can be done for my old device now?Haven't heard reports of issues like that w/ this, but thinking about it now there may well be issues for A7 (probably not xposed related however):
Official versions disable Zygisk parts (fallback to BASIC triggers targeting the gms attestation process specifically) to re-enable A7 support...
It could be that @Displax's modded version doesn't properly disable the added fix which adds old A6 fingerprint prop targeting same gms attestation process (using Zygisk), and failure to run this may be causing your issues...
I hadn't thought that part through for your A7 device, and clearly the old fingerprint prop won't be applied in any case, so modded (unofficial) version won't benefit you anyway...
The solution for your custom setup to pass S/N & PI is will most likely be the traditional use of MHPC w/ configured fingerprint... You may need to spoof an older print to allow new PI API's MEETS_DEVICE_INTEGRITY but usually this isn't needed for Android 10 and less AFAIK...
@Displax / others may be able to expand on this observation... PW
I didn't say that... And you haven't said exactly what 'wasn't working' after your initial efforts ...I also deleted module from twrp manually, but still device is stuck on boot logo
Well I reflashed the rom now, but still my device is not certified on play store, as you said its not needed on devices below A10, I am not using any safetynet module now. But still thinking, what can be done for my old device now?
"And you know that notion just crossed my mind."
Had a quick look at mHide SafetyNet project though...
Just from this:
Module to help pass SafetyNet on devices that do not support hardware attestation...
This module will
Requires Zygisk to be enabled in Magisk.
- Generate a list of 'sensitive' properties on the device and set the values to the 'safe' setting(s) during boot.
- Check and adjust some 'sensitive' properties during boot.
- Set Magisk's Denylist to enforcing.
- Add part of PlayServices to the DenyList.
That is the idea (attempt).
• Do adjustments to sensitive props target only com.google.android.gms.unstable?
• Can we not set Denylist to enforcing (for use with Shamiko etc)?
• Can we do targeted hiding of root from com.google.android.gms.unstable process instead of adding this to denylist (like USNF)?
(I'm assuming Magisk path is always in /sbin in legacy ramdisk booting devices; is this correct?)
• Can we do com.google.android.gms.unstable targeted spoofing of the same old A6 fingerprint prop as @Displax's USNF mod uses to fix CTS Profile Match in uncertified ROMs? (Possibly this could be enabled as an option if there's any benefit leaving original fingerprint as is where ROM is stock... I'm not sure there is however...)
Yes; purchase an Asus ROG Phone 3!Hi all,
Does anyone know if there is any fix for the "MEETS_STRONG_INTEGRITY" ?
From what I've read, the "MEETS_DEVICE_INTEGRITY" and "MEETS_BASIC_INTEGRITY" are fixable using Displax's fix on the USNF (thank you so much for this).
However, i didn't found anything related the strong integrity.
Is this correct, or have I missed some step?
I'm facing this on a OnePlus 5 and a Nothing 1
That's what I have... (But Xiaomi device w/ A10)...
... Better remove everything from there except bank apps etc... PW
As the use of Play Integrity (and its likely descendants) continues to spread, more and more apps will cease to function fully (or at all) on a rooted/modded device.
Sure, rooting will still be possible, but rooted devices will become more and more crippled for normal use as time goes on.
Please make 'Universal Play Integrity Fix' ... #204
Fixes to expand 'Universal SafetyNet Fix' to become a 'Universal Play Integrity Fix' are needed.
The SafetyNet Attestation API is deprecated and has been replaced by the Play Integrity API.
New Play Integrity API is rolling out from June 2022, and evidently Google Play Store and Google Pay/Wallet are already using its verdict.
June 2023 is the Migration Deadline for app developers. This will also allow their older app versions to continue working with SafetyNet API for a limited time.
June 2024 is the End of life for SafetyNet API; its attestation will no longer work for any app version, and apps will receive an error.
The new Integrity API has more strict requirements for passing attestation, and this seems to be enforced in Android 11+ particularly.
Currently (evidently due to this), device security issues are detected by
I'm guessing that the 'passing' messages based on the old SafetyNet API are likely to realigned soon.
- Google Pay/Wallet, which may state "You can't pay contactless with this device...(Your phone doesn't meet software standards)" on updating or attempting to add a card despite in-app Contactless setup stating "You're ready to pay contactless with your phone (Your phone meets security requirements)", and
- Google Play Store, which may no longer show apps like Netflix w/ Android 11+ (developers can 'exclude devices from their app's distribution based on their device integrity . Device exclusion is based on the latest device integrity verdict that the Play Store app receives from the Play Integrity API') despite in-app settings showing Play Protect 'Device is certified' result.
A workaround that evidently allows Play Integrity API attestation to pass (and solve Wallet / Play Store issues also) has been discovered. It involves spoofing an earlier certified ROM, generally by using MagiskHide Props Config module to change fingerprint prop to one for Android 10 or earlier.
Undoubtedly other apps will begin to detect broken TEE etc / fail as they migrate or begin integrating the Play Integrity API.
A 'Universal Play Integrity Fix' will evidently require more understanding / research into how the fingerprint prop is used, and possibly other new behaviours.