MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0

Search This thread

kdrag0n

Senior Member
Feb 19, 2016
696
2,023
kdrag0n.dev
Universal SafetyNet Fix
Magisk module​

Magisk module to work around Google's SafetyNet attestation.

This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS profile attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

If you still have trouble passing SafetyNet with this module, use MagiskHide Props Config to spoof a certified device profile. This is a common issue on old devices, custom ROMs, and stock ROMs without GMS certification (e.g. Chinese ROMs).

Android versions up to 13 Beta 3 are supported, including OEM skins such as Samsung One UI and MIUI.

How does it work?
The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module. See the ProtonAOSP website for more information.

Downloads
Downloads and changelogs can be found on GitHub. The topmost release is the latest.

Latest release
v2.4.0

Highlights
  • Play Integrity bypass without breaking device checks or causing other issues
  • Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)
Other changes
  • Updated instructions for newer Android and Magisk versions
  • Better debugging for future development
This version only supports Zygisk (Magisk 24 and newer).

It's taken a while to find a way to bypass Play Integrity that doesn't require spoofing the build fingerprint permanently, but I wanted to make sure this module doesn't cause any unnecessary breakage. Just like the original goal of Universal SafetyNet Fix, this minimizes adverse effects by spoofing dynamically at runtime only when necessary. Enjoy!

If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support.
Alternatively, you can also buy me a coffee. All support is appreciated ❤️

Source code
 
Last edited by a moderator:

tylerdurden

Senior Member
Oct 13, 2010
301
643
Hamburg
Tested succesfully on Pixel 4a 5G, but Google Pay says "Your phone doesn't meet security requirements" even though PayPal can be set up.
Magisk Hide is activated.
 

zgfg

Senior Member
Oct 10, 2016
8,490
6,195
Xiaomi Mi 11 Lite 5G
Thank you a lot, Universal SafetyNet Fix v1.1.0 working excellent on Xiaomi Mi 9T, Xiaomi.eu 21.1.6, MIUI 12.5 / Android 11 Beta

Device certified but not using Google Pay
 
Last edited:

thomas140

Senior Member
Jul 3, 2018
652
142
Johor
Xiaomi Poco F1
Safety net fix 1.0.2 worked for miui Eu 12.0.3.0 Android 10 for Poco F1.
Only that the ocbc bank Singapore app still able to detect the root and became unusable.
But I know that this doesn't relate to safetynet fix here because the issue already existed before the CTS false.
 

MoL_82

Senior Member
Aug 16, 2019
90
45
Tested on Samsung S9:
- 1.0.2 worked in MM, but Root Checker said 'cannot access GPS'.
- 1.1.0 fails ctsProfile in MM, but Root Checker now can access GPS, also returns ctsProfile fail.
 
  • Like
Reactions: ngodinhhoi

shchukax

Member
Jun 12, 2019
6
5
Massive thanks for this. Version 1.1.0 confirmed working on my device:
- Pixel 3, stock room
- Magisk 21.2, magisk manager 8.0.5
- Magisk hide enabled and magisk manager renamed

All banking apps and google pay work correctly, including contactless payments.
 

Drahy

Senior Member
Apr 27, 2012
509
85
I tried this on my Samsung Galaxy A6 (official samsung firmware patched with magisk) - and even version 1.1.0 causes bootloop when using zip inside Magisk Manager - Android 10
 

Antonio200

Member
Nov 26, 2020
17
0
Good morning. Working on Redmi Note 9 Pro xiaomi.eu 12.0.1 Android 10. No MagiskHide Props Config needed: basicIntegrity passed, ctsProfile passed, evalType BASIC.
Thank you so much
 
Last edited:

purgy

Senior Member
Aug 29, 2013
150
39
Sydney
Works on pixel 3a, last A10 patch, using magisk hide props config to force basic attestation. Was already using mhpc so not sure if it works without it. Fixed my CTS issue though, so thanks!
 

dr4go

Senior Member
Dec 17, 2010
473
395
Vienna
@kdrag0n Thank you so much for this awesome masterpiece!

I find it a bit interesting, that I experience a problem which nobody else seems to have reported so far. I'm using a Galaxy S10 (Exynos, G973F), rooted with latest canary Magisk, no EdXposed or whatsoever...

If I enable this module, no bootloop, basic attestation, CTS passes. "Yes", so I thought...

The problem now... My bank app tries to access the keystore and crashes. This does not happen without having this module enabled... I have attached a fully logcat and hope that you have some insights... 🙏🏻

EDIT1: re-attached file, didn't work on the first go.

EDIT2: oh... search for "easybank" or "keystore"

EDIT3: Android 11, One UI 3
 

Attachments

  • logcat_01-14-2021_11-15-06.zip
    70.1 KB · Views: 1,206
Last edited:

BenDavid

Member
Sep 29, 2016
27
8
POCO F1 user here. After flashing the module the phone stucks on the Google logo at boot.
The MHPC module didn't solve the problem either.

ROM: Pixel Experience 11 Beta (20201223)/Encrypted
 
  • Like
Reactions: srdrhl146

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    For those using Canary builds

    Please be aware that in 25207+ major refactoring (of selinux rule patching) has broken many modules etc... This is likely the cause of issues with hiding using recent builds as Shamiko is affected... Please see discussion in Magisk Discussion thread...

    You could revert to 25206 or wait for fixes hopefully in 25211... 👀 PW
    3
    I'm on a similar setup although just "2.4.0", I need to look around for "2.4.0_MOD_1.2" in particular to try that out.
    3
    Yes. Device and basic passes.

    I use the phone for 2 hrs

    I run the checker again and device and basic integrity fails.

    Reboot. It then starts passing again

    Edit: restarting gms fixes it too.

    Thanks @pndwal
    Ok, so NOT intermittently passing only basicIntegrity verdict...

    Sounds like the same issues w/ official 2.4.0... Are you sure you actually have v2.4.0-MOD_1.2 @Displax build?

    If so, please say device/ROM... Also, suggest reverting to v2.3.1-MOD_3.0... There may possibly still be issues with 2.4.0 builds... Please report your mileage with that if you do... PW
    3
    I have a strange behavior. After rebooting the phone I have everything pass in YASNAC. But after opening the bank application YASNAC shows that CTS profile fail. Cannot find in this thread anything related to this problem. Any ideas?

    crDroid9 13Android
    OnePlus 6t
    Magisk hided and seftynet installed
    This module has issues with builds that offer a fix for new Play Integrity deviceIntegrity...

    As mentioned above, you need to pass that now as SafetyNet is depreciated, but you will need to be passing old ctsProfileMatch in order to pass deviceIntegrity...

    @Displax posted links to his working (forked/fixed) builds in a new thread a couple of pages back here:
    https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-4-0.4217823/post-88149057

    We're hoping that official USNF may get needed attention soon, but it appears @kdrag0n is busy with other matters...

    🙂 PW
    3
    would you be able to share the new displax 2.4.0 1.2 for me I am unable to find it easily. I would appreciate that
  • 311
    Universal SafetyNet Fix
    Magisk module​

    Magisk module to work around Google's SafetyNet attestation.

    This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS profile attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    If you still have trouble passing SafetyNet with this module, use MagiskHide Props Config to spoof a certified device profile. This is a common issue on old devices, custom ROMs, and stock ROMs without GMS certification (e.g. Chinese ROMs).

    Android versions up to 13 Beta 3 are supported, including OEM skins such as Samsung One UI and MIUI.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module. See the ProtonAOSP website for more information.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Latest release
    v2.4.0

    Highlights
    • Play Integrity bypass without breaking device checks or causing other issues
    • Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)
    Other changes
    • Updated instructions for newer Android and Magisk versions
    • Better debugging for future development
    This version only supports Zygisk (Magisk 24 and newer).

    It's taken a while to find a way to bypass Play Integrity that doesn't require spoofing the build fingerprint permanently, but I wanted to make sure this module doesn't cause any unnecessary breakage. Just like the original goal of Universal SafetyNet Fix, this minimizes adverse effects by spoofing dynamically at runtime only when necessary. Enjoy!

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support.
    Alternatively, you can also buy me a coffee. All support is appreciated ❤️

    Source code
    213
    So, here is my modification of USNF with Play Integrity API bypass.

    It changes fingerprint to old 7.1.2 6.0 (LOL) and apply it only for GMS SafetyNet process (by Zygisk injection), so your original prints/security path level does not change. This avoids many side effects/problems with global props changing.

    Updated 3.0:
    No words needed, you understand everything yourself 😜

    Updated 2.1:
    Hide "Enable OEM Unlock" setting

    Updated 2.0:
    Bypassing DEVICE_INTEGRITY for devices that shipped with Android 13+ (Pixel`s 7 )

    Updated:
    Drop fingerprint to lowest possible (6.0) to ensure that no one use same Android version

    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Many thanks to @1nikolas for integrity checker.

    Source code: https://github.com/Displax/safetynet-fix/tree/integrity
    58
    So, here is my new modification of USNF with Play Integrity API bypass.

    It is now based on top of original v2.4.0 codebase instead of v2.3.1, with adding new hiding algorithm for current realities and some code refreshing.

    Changelog:

    Version 1.2
    * Fix crash and endless tests loop/failing on Android < 9.0 (bug from original version 2.4.0).
    * Do not unpatch (revert) changes. To prevent possible tests failing after a while on some ROMs (cross conflicts).

    Version 1.1
    * Fix KeyStore hook desynchronization (tests randomly failing problem).


    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Source code: https://github.com/Displax/safetynet-fix/tree/dev
    31
    Folks, the SafetyNet API was depreciated last Month with 'full turndown' slated for June 2024 and the introduction of the new Play Integrity API. It has also become clear that Google apps are simply the first to adopt the long foretold Play Integrity API; all responsible banks are bound to follow suit in short order, and at least before the June 2023 migration deadline.

    This means (assuming fully deployed Hardware Key Attestation doesn't come first 😬) that the need for a 'Universal Play Integrity Fix' has become quite urgent.

    We currently have workarounds involving using older fingerprint props by means of MHPC module (similar to fix needed for uncertified ROMs), but success/mileage varies per device and users of regular bank apps / gamers etc on stock devices will all soon be forced to experiment with MHPC prints also... This is hardly ideal.

    So I've made an issue report/request on USNF GitHub as follows. This information may be insightful to users here also...

    Please let me know here if I have missed anything important, or add any technically relevant details there...

    PLEASE DON'T spam that issue with unimportant details or queries... (The previous issue is already burgeoning w/ OT.) That's what this thread is for... 😛 :

    Please make 'Universal Play Integrity Fix' ... #204

    Fixes to expand 'Universal SafetyNet Fix' to become a 'Universal Play Integrity Fix' are needed.

    The SafetyNet Attestation API is deprecated and has been replaced by the Play Integrity API.
    https://developer.android.com/training/safetynet/deprecation-timeline

    New Play Integrity API is rolling out from June 2022, and evidently Google Play Store and Google Pay/Wallet are already using its verdict.

    June 2023 is the Migration Deadline for app developers. This will also allow their older app versions to continue working with SafetyNet API for a limited time.

    June 2024 is the End of life for SafetyNet API; its attestation will no longer work for any app version, and apps will receive an error.

    The new Integrity API has more strict requirements for passing attestation, and this seems to be enforced in Android 11+ particularly.

    Currently (evidently due to this), device security issues are detected by

    1. Google Pay/Wallet, which may state "You can't pay contactless with this device...(Your phone doesn't meet software standards)" on updating or attempting to add a card despite in-app Contactless setup stating "You're ready to pay contactless with your phone (Your phone meets security requirements)", and
    2. Google Play Store, which may no longer show apps like Netflix w/ Android 11+ (developers can 'exclude devices from their app's distribution based on their device integrity . Device exclusion is based on the latest device integrity verdict that the Play Store app receives from the Play Integrity API') despite in-app settings showing Play Protect 'Device is certified' result.
    I'm guessing that the 'passing' messages based on the old SafetyNet API are likely to realigned soon.

    A workaround that evidently allows Play Integrity API attestation to pass (and solve Wallet / Play Store issues also) has been discovered. It involves spoofing an earlier certified ROM, generally by using MagiskHide Props Config module to change fingerprint prop to one for Android 10 or earlier.

    Undoubtedly other apps will begin to detect broken TEE etc / fail as they migrate or begin integrating the Play Integrity API.

    A 'Universal Play Integrity Fix' will evidently require more understanding / research into how the fingerprint prop is used, and possibly other new behaviours.

    Here's hoping... 🙃 PW
    28
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe