MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0

Search This thread
By:
Advanced…
lupastro82

lupastro82

Senior Member
Jul 16, 2018
93
12
Google Pixel 7 Pro
Installed in pixel 7pro.
CTS fail here
Screenshot_20221203-220414.png


-----
Edit: ok fixed now (add with this fork module, and this in denylist)
Screenshot_20221203-225434.png

Screenshot_20221203-225613.png

Screenshot_20221203-225454.png

Screenshot_20221203-225912.png
 
Last edited:
Atharkhan101

Atharkhan101

Senior Member
Dec 1, 2013
791
75
Hyderabad
Redmi Note 9 Pro Max
Samsung Galaxy M31
SafetyNet fix worked for me and it shows my device is certified in PlayStore. However there are problems:
1. Some apps like RTO says my device is rooted and my bank app is not working. Both apps use to work on Magisk 22.1 with SafetyNet fail.
2. I forgot what this was.

Do watch the screen record I've attached.

May be its latest Magisk 25.2 issue.
 

Attachments

  • Screenrecorder-2022-12-04-14-28-00-852_0_COMPRESSED.mp4
    28.2 MB · Views: 0
Last edited:
zgfg

zgfg

Senior Member
Oct 10, 2016
8,576
6,294
Xiaomi Mi 11 Lite 5G
Atharkhan101 said:
SafetyNet fix worked for me and it shows my device is certified in PlayStore. However there are problems:
1. Some apps like RTO says my device is rooted and my bank app is not working.
2. I forgot what this was.

Do watch the screen record I've attached.

May be its latest magisk issue.
Click to expand...
Click to collapse
Applications use various other methods to look for the root (actually, to look if Bootloader is unlocked, if LSPosed is installed, Magisk app installed, if TWRP app is installed, etc - all that is NOT COVERED by SafetyNet)

You have to enable your banking apps in DenyList. You may need to install Shamiko, you may need to use Hide My Apps (HMA)

There are lot of instructions on XDA:
- search for the thread about Magisk Zygisk, read OP posts there
- search for the thread about using HMA and read the OP posts there with instructions about
- search for the Magisk general thread and the mentionef Magisk Zygisk thread, maybe somebody already commented what exact steps are required to hide 'root' for the same app you need
 
Last edited:
  • Like
Reactions: kender6 and 73sydney
Atharkhan101

Atharkhan101

Senior Member
Dec 1, 2013
791
75
Hyderabad
Redmi Note 9 Pro Max
Samsung Galaxy M31
zgfg said:
Applications use various other methods to look for the root (actually, to look if Bootloader is unlocked, if LSPosed is installed, Magisk app, etc - all that is not covered by SafewayNet)

You have to enable your banking apps in DenyList. You may need to use Hide My Apps (HMA)

There are lot of instructions on XDA:
- search for the thread about Magisk Zygisk, read OP posts there
- search for the thread about using HMA and read the Kao posts with instructions about
- search in this thread and that Magisk Zygisk thread, maybe somebody already commented what exact steps are required to hide 'root' for the same app you need
Click to expand...
Click to collapse
Please watch the screen record I've posted (Edited post by adding video). I know zygisk in Magisk and already hide root for these 2 apps and other. Still not success.

I wish there should be a separate flashable zip to spoof Bootloader to 'locked' when it's already Unlocked.

Following your advice now checking Kao post etc.
 
Atharkhan101

Atharkhan101

Senior Member
Dec 1, 2013
791
75
Hyderabad
Redmi Note 9 Pro Max
Samsung Galaxy M31
zgfg said:
Applications use various other methods to look for the root (actually, to look if Bootloader is unlocked, if LSPosed is installed, Magisk app installed, if TWRP app is installed, etc - all that is NOT COVERED by SafetyNet)

You have to enable your banking apps in DenyList. You may need to install Shamiko, you may need to use Hide My Apps (HMA)

There are lot of instructions on XDA:
- search for the thread about Magisk Zygisk, read OP posts there
- search for the thread about using HMA and read the OP posts there with instructions about
- search for the Magisk general thread and the mentionef Magisk Zygisk thread, maybe somebody already commented what exact steps are required to hide 'root' for the same app you need
Click to expand...
Click to collapse
Could you please send me the links. I couldn't find them In looking for what Kao said.

I looked for Shamiko but it is not available on github (Genuine source)

There are so many apps labelled as Hide Apps, Hide an app, not the one you mentioned HMA. Will appreciate if you give direct links.
 
zgfg

zgfg

Senior Member
Oct 10, 2016
8,576
6,294
Xiaomi Mi 11 Lite 5G
Atharkhan101 said:
Please watch the screen record I've posted (Edited post by adding video). I know zygisk in Magisk and already hide root for these 2 apps and other. Still not success.

I wish there should be a separate flashable zip to spoof Bootloader to 'locked' when it's already Unlocked.

Following your advice now checking Kao post etc.
Click to expand...
Click to collapse
I watched your video. Btw, I also edited my previous post

I don't use you RTO app and developers do not publish how they look for the 'root'. Hence no way that I can tell you what steps are needed to hide 'root' from that app - it can be ONLY found by experimenting

I gave you the hints: put it to DenyList and reboot, install Shamiko and reboot, try with HMA and reboot...

Even worse, things may differ between the phones, ROMs, Android versions. A method to hide 'root' for one particular app, that works on eg Samsung with A11 (telling arbitrary) may not be enough for Xiaomi with A12, or for the custom ROMs like LOS, etc

Usually, before retesting, clear Data for your RTO app BCS it may remember that the previous time it found the 'root', hence your new hiding will not help

Btw, this is out of topic for this thread (this thread is about passing SafetyNet and its new successor Play Integrity API).
There is also a thread about hiding the 'root' with some instructions there (but not man posts following)

Generally, search on XDA about your RTA app, maybe somebody posted.
Maybe you will need Magisk Delta fork (it hides better than the official Magisk)

Sorry, too many variables, but maybe the answer is very simple and straightforward if you find that somebody else already tweaked that app
 
  • Like
Reactions: 73sydney and Atharkhan101
zgfg

zgfg

Senior Member
Oct 10, 2016
8,576
6,294
Xiaomi Mi 11 Lite 5G
Atharkhan101 said:
Could you please send me the links. I couldn't find them In looking for what Kao said.

I looked for Shamiko but it is not available on github (Genuine source)

There are so many apps labelled as Hide Apps, Hide an app, not the one you mentioned HMA. Will appreciate if you give direct links.
Click to expand...
Click to collapse
It was typo, it should have been "OP posts" - posts by the original poster who opened the thread (a particular thread eg with the guide for using HMA)

Please use Google. Eg, Google for:
XDA Magisk general
and
XDA Magisk Zygisk
and
XDA Hides my apps guide
and
XDA Magisk Delta
etc

Btw, on XDA, top-right of the pages, there is also Search

Sorry, I really don't have time and (and don't see any need for) to do searches for you and to copy-paste the links (I'm subscribed to a dozen of interesting threads, I don't keep their links to copy/paste the handy URLs)

And sorry, I'm also not interested into the RTO app (don't know what it is and where from to install) to investigate how to hide the root from

Btw, if you post the installation link for your app, ppl with various phones, ROMs, Magisk configurations may test does the app open for them
 
Last edited:
  • Like
Reactions: Slim2none4u and 73sydney
7

73sydney

Senior Member
Jul 21, 2018
3,056
3,226
Sydney
Google Pixel 6 Pro
Samsung Galaxy Watch 4
Atharkhan101 said:
Could you please send me the links. I couldn't find them In looking for what Kao said.

I looked for Shamiko but it is not available on github (Genuine source)

There are so many apps labelled as Hide Apps, Hide an app, not the one you mentioned HMA. Will appreciate if you give direct links.
Click to expand...
Click to collapse

bookmark this thread, most files, including Shamiko can be found linked from the first page of the thread, and check the last few pages regularly to keep up with any changes

forum.xda-developers.com

[Discussion] Magisk - The Age of Zygisk.

This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com forum.xda-developers.com

Hide My Applist - theres a guide (not yet linked from that page, perhaps @ipdev wants to separate himself from the (planned) madness its devolving into) can be found here:

forum.xda-developers.com

Hide My Applist - A Brief Guide

Hide My Applist Guide As i'm no longer active on XDA, to make the guide more easily maintainable (multiple editor access etc) going forward, i have moved it offsite to github at the following address...
forum.xda-developers.com forum.xda-developers.com

But please learn to use the search too, thanks
 
  • Like
  • Haha
Reactions: bombadier, pndwal, ipdev and 2 others
zgfg

zgfg

Senior Member
Oct 10, 2016
8,576
6,294
Xiaomi Mi 11 Lite 5G
Atharkhan101 said:
SafetyNet fix worked for me and it shows my device is certified in PlayStore. However there are problems:
1. Some apps like RTO says my device is rooted and my bank app is not working. Both apps use to work on Magisk 22.1 with SafetyNet fail.
2. I forgot what this was.

Do watch the screen record I've attached.

May be its latest Magisk 25.2 issue.
Click to expand...
Click to collapse
Not sure if this is your app (I looked on Playstore but since I'm not from India, maybe I can't see all the regional apps):
play.google.com

RTO Vehicle Information - Apps on Google Play

Find vehicle Owner detail from their vehicle number. Check your driving license.
play.google.com play.google.com

First I install and opened, it reported the root

I put to DenyList and rebooted - still reported the root

I added to my Hide My Apps, hiding Magisk app, LSPosed and modules, rebooted (and cleared Cache and Data for RTO app) and there was no more root detection popup - it asked me to select language and city (screenshots)

Maybe you don't even need HMA (eg, if you don't have LSPosed installed) but simply hiding Magisk app would work instead. You must test yourself

How to look for instructions on how to use DenyList, HMA, etc - you got info in the previous posts

My config:
Xiaomi, MIUI 12.5/A11, Magisk Canary 25205, Zygisk, DenyList (configured but not enforced), Shamiko and USNF (Display mod, not only for SafetyNet but also for the new Play Integrity), LSPosed + Hide My Apps
 

Attachments

  • Screenshot_2022-12-04-12-14-32-472_com.vehicle.rto.vahan.status.information.register.jpg
    Screenshot_2022-12-04-12-14-32-472_com.vehicle.rto.vahan.status.information.register.jpg
    502.2 KB · Views: 44
  • Screenshot_2022-12-04-12-14-40-124_com.vehicle.rto.vahan.status.information.register.jpg
    Screenshot_2022-12-04-12-14-40-124_com.vehicle.rto.vahan.status.information.register.jpg
    281.2 KB · Views: 46
  • Screenshot_2022-12-04-12-00-52-768_com.vehicle.rto.vahan.status.information.register.jpg
    Screenshot_2022-12-04-12-00-52-768_com.vehicle.rto.vahan.status.information.register.jpg
    378.5 KB · Views: 44
Last edited:
  • Like
Reactions: ipdev, Atharkhan101 and 73sydney
Atharkhan101

Atharkhan101

Senior Member
Dec 1, 2013
791
75
Hyderabad
Redmi Note 9 Pro Max
Samsung Galaxy M31
zgfg said:
Not sure if this is your app (I looked on Playstore but since I'm not from India, maybe I can't see all the regional apps):
play.google.com

RTO Vehicle Information - Apps on Google Play

Find vehicle Owner detail from their vehicle number. Check your driving license.
play.google.com play.google.com

First I install and opened, it reported the root

I put to DenyList and rebooted - still reported the root

I added to my Hide My Apps, hiding Magisk app, LSPosed and modules, rebooted (and cleared Cache and Data for RTO app) and there was no more root detection popup - it asked me to select language and city (screenshots)

Maybe you don't even need HMA (eg, if you don't have LSPosed installed) but simply hiding Magisk app would work instead. You must test yourself

How to look for instructions on how to use DenyList, HMA, etc - you got info in the previous posts

My config:
Xiaomi, MIUI 12.5/A11, Magisk Canary 25205, Zygisk, DenyList (configured but not enforced), Shamiko and USNF (Display mod, not only for SafetyNet but also for the new Play Integrity), LSPosed + Hide My Apps
Click to expand...
Click to collapse
Wow you have achieved it. Yes that is the right app. However I feel we do not have to take so many steps to make few apps work. I appreciate your will though. I wish there was some simple way like I don't like to install Lsposed and other stuff just for 2 apps.

I wrote on github magisk issue page and the so called magiskbot has closed the issue right after submitting it. Lame!

I have tried hiding magisk app and still the same issue.

I installed HMA, it says not activated. Is it a Lsposed module?
 
zgfg

zgfg

Senior Member
Oct 10, 2016
8,576
6,294
Xiaomi Mi 11 Lite 5G
Atharkhan101 said:
Wow you have achieved it. Yes that is the right app. However I feel we do not have to take so many steps to make few apps work. I appreciate your will though. I wish there was some simple way like I don't like to install Lsposed and other stuff just for 2 apps.

I wrote on github magisk issue page and the so called magiskbot has closed the issue right after submitting it. Lame!

I installed HMA, it says not activated. Is it a Lsposed module?
Click to expand...
Click to collapse
HMA is LSPosed module. Please do not ask things that are described in the HMA Guide thread, please take your time and read, learn things - you were even given the link to that thread with extensive OP instructions

I wish many things but they will not materialize

Btw, TJW (author of Magisk), maybe already two years ago, was hired by Google and he clearly distanced himself from any root hiding. Magisk does not provide that option anymore and you can not report hiding issues for your app as a bug.
I'm even pretty sure that on his GitHub, Issues page, it is noted that problems with hiding the root must not be reported (not sure did you read things)

Anyway, steps I made are usually needed for 99% percent of 'banking' apps (apps that seek for 'root') and for most of them no additional steps are needed.
Hence you need to learn on this first example and in the future you will need only five minutes to hide the root from your next banking app when you step on

Again, we gave you hints what to read, study and learn - I'm pretty sure you didn't (hence sorry, I will no more waste time on answering you) because you don't follow and still ask for what is covered in those instructions.
Enough from my side, good luck
 
  • Like
Reactions: 73sydney, digger16309, ipdev and 1 other person
rg_gapa

rg_gapa

Senior Member
Dec 1, 2013
123
27
Toruń
last.fm
Samsung Galaxy S Plus I9001
Samsung Galaxy Tab S
There're some threads at Github and XDA forum about broken fingerprint scanner at OnePlus/Oppo devices, but they seem to be outdated, because (in theory) problem was fixed in recent versions of USNF.

But even with latest v2.3.1 my OnePlus 7T (OxygenOS 12.1, HD1903_11_F.17) can't recognize fingerprints. Disabling module fixes it immediately, but obviously SafetyNet is lost without module enabled.

Do you guys have any idea what might be wrong with my device props or something?

I've tried installing this fix https://github.com/wuxianlin/ColorOSMagisk along with USNF - but with no luck.
 
  • Like
Reactions: InvisibleBacon, kender6 and wfred
ipdev

ipdev

Recognized Contributor
Feb 14, 2016
2,317
1
4,627
Google Nexus 10
Nexus 7 (2013)
rg_gapa said:
Do you guys have any idea what might be wrong with my device props or something?
Click to expand...
Click to collapse
It is a OnePlus 7T. 😜

rg_gapa said:
There're some threads at Github and XDA forum about broken fingerprint scanner at OnePlus/Oppo devices, but they seem to be outdated, because (in theory) problem was fixed in recent versions of USNF.

But even with latest v2.3.1 my OnePlus 7T (OxygenOS 12.1, HD1903_11_F.17) can't recognize fingerprints. Disabling module fixes it immediately, but obviously SafetyNet is lost without module enabled.

Do you guys have any idea what might be wrong with my device props or something?

I've tried installing this fix https://github.com/wuxianlin/ColorOSMagisk along with USNF - but with no luck.
Click to expand...
Click to collapse
It has been a while and I do not remember what props set when/where broke this or that.
I know OnePlus OPPO has had some issues with props being set early or late.

Give Displax's mod version a try.
Displax USNF-Mod - [GitHub] - Releases
Besides the Play Integrity hack, it also included some updates to the props.

---

It has been awhile since the last time I tired 12 (beta 2?) on my 7T, I had major issues.
So I grabbed the fastboot downgrade and went back to 11 and it has been sitting since.
Not even rooted. 🙃

I found a download link for 7T (Global) from 11->12 OTA, currently installing.

Will see what happend on my end once I get it setup and rooted.

Cheers. :cowboy:
 
  • Like
Reactions: InvisibleBacon, galaxys, rodken and 2 others
rg_gapa

rg_gapa

Senior Member
Dec 1, 2013
123
27
Toruń
last.fm
Samsung Galaxy S Plus I9001
Samsung Galaxy Tab S
ipdev said:
It is a OnePlus 7T. 😜


It has been a while and I do not remember what props set when/where broke this or that.
I know OnePlus OPPO has had some issues with props being set early or late.

Give Displax's mod version a try.
Displax USNF-Mod - [GitHub] - Releases
Besides the Play Integrity hack, it also included some updates to the props.

---

It has been awhile since the last time I tired 12 (beta 2?) on my 7T, I had major issues.
So I grabbed the fastboot downgrade and went back to 11 and it has been sitting since.
Not even rooted. 🙃

I found a download link for 7T (Global) from 11->12 OTA, currently installing.

Will see what happend on my end once I get it setup and rooted.

Cheers. :cowboy:
Click to expand...
Click to collapse
I'll give it a try, but github says that this fork is identical to the original USNF
"There isn’t anything to compare.
kdrag0n:master and Displax:v2.3.1-MOD_2.0 are identical."

Edit:
OMG that worked, thank you! SafetyNet is passed AND fingerprint scanner works :)
 
Last edited:
  • Like
Reactions: InvisibleBacon and ipdev
P

pndwal

Senior Member
Jun 23, 2016
5,911
6,509
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
rg_gapa said:
I'll give it a try, but github says that this fork is identical to the original USNF
"There isn’t anything to compare.
kdrag0n:master and Displax:v2.3.1-MOD_2.0 are identical."
Click to expand...
Click to collapse
It's most certainly not the same!

Perhaps you're looking at Master forked branch... These often represent the clean forked commits only... Change to Integrity branch... 10 commits ahead... Can use either of two releases for most devices... Mod 2 needed only for Pixel 7 series or devices launching with A13, but does seem to address fingerprint scanners and other issues further...

This fork may well fix your fingerprint issue...

You'll find OnePlus/fingerprint/A12+ specific changes (some due to experimenting) here:
Move safetynet props to boot completed to fix fingerprint not working…
… on OOS12
here:
Bypassing forced STRONG integrity
* SafetyNet/Play Integrity (bypassing forced STRONG integrity for devices that shipped with 13+) by drop "first_api_level" to <33
* Some cosmetics/fixes
and here:
Move "ro.is_ever_orange" out of boot_completed

The last commit may be critical for you meaning Mod 2 release may be best for OnePlus users even on devices other than P7 / A13 LV devices...

Great info/discussion on @Displax's "A universal fix for SafetyNet and Play Integrity API on Android 8–13 devices with hardware attestation and unlocked bootloaders" fork/proposal for official fix in official PR here:
Play Integrity Api bypass

👀 PW
 
Last edited:
  • Like
Reactions: rg_gapa, galaxys, ipdev and 1 other person
P

pndwal

Senior Member
Jun 23, 2016
5,911
6,509
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
Atharkhan101 said:
SafetyNet fix worked for me and it shows my device is certified in PlayStore. However there are problems:
1. Some apps like RTO says my device is rooted and my bank app is not working. Both apps use to work on Magisk 22.1 with SafetyNet fail.
2. I forgot what this was.

Do watch the screen record I've attached.

May be its latest Magisk 25.2 issue.
Click to expand...
Click to collapse
I'm playing catch-up and may have missed something, but it appears you may still only be passing SafetyNet...

Just in case you aren't aware, S/N is now deprecated and apps are migrating to new Play Integrity API... They're looking for MEETS_DEVICE_INTEGRITY verdict at this stage; no apps I'm aware of using MEETS_STRONG_INTEGRITY found in the wild yet...

If you've overlooked this fundamental in the palava, you'll likely need @Displax's forked and modded USNF w/ hardware verdict enforcement bypasses for Play Integrity instead of official USNF... Just posted re. this above...

Check device passes PI deviceIntegrity with Play Integrity API Checker... 🙃 PW
 
  • Like
Reactions: 73sydney
Atharkhan101

Atharkhan101

Senior Member
Dec 1, 2013
791
75
Hyderabad
Redmi Note 9 Pro Max
Samsung Galaxy M31
@zgfg

73sydney

I found a work around (no Lsposed, HMA, shamiko needed, they did not work too).

So,
1. I have cleared data and uninstalled the RTO, Medibuddy app which were detecting root and were not working.
2. Uninstalled Magisk
3. Reboot phone
4. Installed Magisk latest 25.2 > Settings > Enabled 'Zygisk' and Checked 'Enforce DenyList'
5. Hide Magisk (need to do this before installing those root detect apps from PlayStore)
6. Reboot
7. Installed RTO and other root detect apps from PlayStore (did not open them yet).
8. Magisk > Settings > Cofigure DenyList > Checked RTO and other root detecting apps.
9. Went back back to my phone's home screen.
10. Reboot.
11. Launched those RTO and other root detect apps and they worked!

I would say most root detecting apps would work with the above method however for me out of 5 Root detecting apps, 4 worked except HDFC bank app. It was working fine on Magisk Manager v23.0 with Magisk.zip v22.1.
 
Last edited:
zgfg

zgfg

Senior Member
Oct 10, 2016
8,576
6,294
Xiaomi Mi 11 Lite 5G
Atharkhan101 said:
@zgfg

73sydney

I found a work around (no Lsposed, HMA, shamiko needed, they did not work too).

So,
1. I have cleared data and uninstalled the RTO, Medibuddy app which were detecting root and were not working.
2. Uninstalled Magisk
3. Reboot phone
4. Installed Magisk latest 25.2 > Settings > Enabled 'Zygisk' and Checked 'Enforce DenyList'
5. Hide Magisk (need to do this before installing those root detect apps from PlayStore)
6. Reboot
7. Installed RTO and other root detect apps from PlayStore (did not open them yet).
8. Magisk > Settings > Cofigure DenyList > Checked RTO and other root detecting apps.
9. Went back back to my phone's home screen.
10. Reboot.
11. Launched those RTO and other root detect apps and they worked!

I would say most root detecting apps would work with the above method however for me out of 5 Root detecting apps, 4 worked except HDFC bank app. It was working fine on Magisk Manager v23.0 with Magisk.zip v22.1.
Click to expand...
Click to collapse
Few comments:

4) If using Shamiko then must not be Enforce DenyList.
If not using Shamiko then must be Enforced.
That was many times debated in this thread and so.
Most of ppl use Shamiko, hence they have disabled Enforce

5) Fine if it worked for you just with Hide Magisk App.
However, Hide Magisk app is not enough for some other 'banking' apps and that's why I tested with HMA instead

Actually, many of us already have LSPosed installed with some modules - they are detected by banking apps and we MUST hide them by HMA.
That's why I tested with HMA, but I asked you to test by Hide Magisk app instead (since you don't have LSPosed module)

Good that you tested and that Hide Magisk app was enough for you

8) RTO or other apps you want to hide root MUST be in DenyList.
You had to have it from the beginning

Even if Enforce Denylist is disabled cos of Shamiko, those apps must be checked in DenyList.

Regarding the old Magisk v22, you probably had it:
- also Hide Magisk app
- instead of now in DenyList, you had then RTO in MagiskHide list

One must checkmark in DenyList (Magisk v24/25) all those 'banking' apps that he previously had checked in MagiskHide (Magisk v22 or earlier)
 
  • Like
Reactions: ipdev and 73sydney
You must log in or register to reply here.

Similar threads

Chainfire
[Android 2.1+][03.10.2011][v3.2] Chainfire3D [ROOT][OpenGL ES 2.0+]
Replies
3K
Views
3M
rignfool
rignfool
apb_axel
[ZIP] Synapse + Script => Universal Kernel Manager v3.8.1
Replies
3K
Views
766K
D
Dildoman
repey6
[6.0-12.0][Magisk]Dolby Digital Plus[upd.20211005]
Replies
2K
Views
737K
B
b4minee
Chainfire
[2014.05.01][ROOT] Mobile ODIN v4.20
Replies
5K
Views
3M
Zagnutty
Zagnutty
DooMLoRD
[04/Jan][ROOTING/UNROOTING] DooMLoRD's Easy Rooting Toolkit [v4.0](zergRush Exploit)
Replies
927
Views
3M
B
bishoy ashraf

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 4
    P
    pndwal
    For those using Canary builds

    Please be aware that in 25207+ major refactoring (of selinux rule patching) has broken many modules etc... This is likely the cause of issues with hiding using recent builds as Shamiko is affected... Please see discussion in Magisk Discussion thread...

    You could revert to 25206 or wait for fixes hopefully in 25211... 👀 PW
    View
    3
    osm0sis
    osm0sis
    I was on 2.3.1_MOD_3.0 on Android 12 and now 2.4.0_MOD_1.2 on Android 13 and all was now well in both setups.
    View
    3
    Nergal di Cuthah
    Nergal di Cuthah
    adrian33 said:
    I'm on a similar setup although just "2.4.0", I need to look around for "2.4.0_MOD_1.2" in particular to try that out.
    Click to expand...
    Click to collapse

    [MODULE] [MOD] Universal SafetyNet Fix

    Universal SafetyNet Fix [MOD] Magisk module...
    forum.xda-developers.com forum.xda-developers.com
    View
    3
    zgfg
    zgfg
    jasonbiggs said:
    so I'm on android 13, pixel 6a. Got Integrity ✅ and CTS match ✅ and also Play Store as Certified. Although, still no google pay or banks access. Any hints to get this working or it this fix not fully functional on 13 as of yet?

    Thanks!
    Click to expand...
    Click to collapse
    With Integrity and CTS do you refer to the deprecated SafetyNet or the 'new' Play Integrity API?

    Also, are you using USNF from this thread or the newer/better safetynet-fix-v2.4.0-MOD_1.2 from the other thread?

    Look into the other USNF thread from Displax and find more info in the thread about GPay

    Btw, banking apps do not rely only on PI API - they try many other detections od root, hence you might need (things vary from app to app) Shamiko, Hide My Applist or even the Magisk Delta fork

    The best would be to search through the Magisk related threads here on XDA, how the other user(s) solved the root detection from your particular banking or similar app
    View
    3
    jasonbiggs
    jasonbiggs
    zgfg said:
    With Integrity and CTS do you refer to the deprecated SafetyNet or the 'new' Play Integrity API?

    Also, are you using USNF from this thread or the newer/better safetynet-fix-v2.4.0-MOD_1.2 from the other thread?

    Look into the other USNF thread from Displax and find more info in the thread about GPay

    Btw, banking apps do not rely only on PI API - they try many other detections od root, hence you might need (things vary from app to app) Shamiko, Hide My Applist or even the Magisk Delta fork

    The best would be to search through the Magisk related threads here on XDA, how the other user(s) solved the root detection from your particular banking or similar app
    Click to expand...
    Click to collapse
    Yes! I was trying to find the link for that mod. This worked. Thanks!

    View
  • 315
    kdrag0n
    kdrag0n
    Universal SafetyNet Fix
    Magisk module​

    Magisk module to work around Google's SafetyNet attestation.

    This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS profile attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    If you still have trouble passing SafetyNet with this module, use MagiskHide Props Config to spoof a certified device profile. This is a common issue on old devices, custom ROMs, and stock ROMs without GMS certification (e.g. Chinese ROMs).

    Android versions up to 13 Beta 3 are supported, including OEM skins such as Samsung One UI and MIUI.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module. See the ProtonAOSP website for more information.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Latest release
    v2.4.0
    Highlights
    • Play Integrity bypass without breaking device checks or causing other issues
    • Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)
    Other changes
    • Updated instructions for newer Android and Magisk versions
    • Better debugging for future development
    This version only supports Zygisk (Magisk 24 and newer).

    It's taken a while to find a way to bypass Play Integrity that doesn't require spoofing the build fingerprint permanently, but I wanted to make sure this module doesn't cause any unnecessary breakage. Just like the original goal of Universal SafetyNet Fix, this minimizes adverse effects by spoofing dynamically at runtime only when necessary. Enjoy!

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support.
    Alternatively, you can also buy me a coffee. All support is appreciated ❤️

    Source code
    View
    215
    Displax
    Displax
    So, here is my modification of USNF with Play Integrity API bypass.

    It changes fingerprint to old 7.1.2 6.0 (LOL) and apply it only for GMS SafetyNet process (by Zygisk injection), so your original prints/security path level does not change. This avoids many side effects/problems with global props changing.

    Updated 3.0:
    No words needed, you understand everything yourself 😜

    Updated 2.1:
    Hide "Enable OEM Unlock" setting

    Updated 2.0:
    Bypassing DEVICE_INTEGRITY for devices that shipped with Android 13+ (Pixel`s 7 )

    Updated:
    Drop fingerprint to lowest possible (6.0) to ensure that no one use same Android version

    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Many thanks to @1nikolas for integrity checker.

    Source code: https://github.com/Displax/safetynet-fix/tree/integrity
    View
    58
    Displax
    Displax
    So, here is my new modification of USNF with Play Integrity API bypass.

    It is now based on top of original v2.4.0 codebase instead of v2.3.1, with adding new hiding algorithm for current realities and some code refreshing.

    Changelog:

    Version 1.2
    * Fix crash and endless tests loop/failing on Android < 9.0 (bug from original version 2.4.0).
    * Do not unpatch (revert) changes. To prevent possible tests failing after a while on some ROMs (cross conflicts).

    Version 1.1
    * Fix KeyStore hook desynchronization (tests randomly failing problem).


    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Source code: https://github.com/Displax/safetynet-fix/tree/dev
    View
    31
    P
    pndwal
    Folks, the SafetyNet API was depreciated last Month with 'full turndown' slated for June 2024 and the introduction of the new Play Integrity API. It has also become clear that Google apps are simply the first to adopt the long foretold Play Integrity API; all responsible banks are bound to follow suit in short order, and at least before the June 2023 migration deadline.

    This means (assuming fully deployed Hardware Key Attestation doesn't come first 😬) that the need for a 'Universal Play Integrity Fix' has become quite urgent.

    We currently have workarounds involving using older fingerprint props by means of MHPC module (similar to fix needed for uncertified ROMs), but success/mileage varies per device and users of regular bank apps / gamers etc on stock devices will all soon be forced to experiment with MHPC prints also... This is hardly ideal.

    So I've made an issue report/request on USNF GitHub as follows. This information may be insightful to users here also...

    Please let me know here if I have missed anything important, or add any technically relevant details there...

    PLEASE DON'T spam that issue with unimportant details or queries... (The previous issue is already burgeoning w/ OT.) That's what this thread is for... 😛 :

    Please make 'Universal Play Integrity Fix' ... #204

    Fixes to expand 'Universal SafetyNet Fix' to become a 'Universal Play Integrity Fix' are needed.

    The SafetyNet Attestation API is deprecated and has been replaced by the Play Integrity API.
    https://developer.android.com/training/safetynet/deprecation-timeline

    New Play Integrity API is rolling out from June 2022, and evidently Google Play Store and Google Pay/Wallet are already using its verdict.

    June 2023 is the Migration Deadline for app developers. This will also allow their older app versions to continue working with SafetyNet API for a limited time.

    June 2024 is the End of life for SafetyNet API; its attestation will no longer work for any app version, and apps will receive an error.

    The new Integrity API has more strict requirements for passing attestation, and this seems to be enforced in Android 11+ particularly.

    Currently (evidently due to this), device security issues are detected by

    1. Google Pay/Wallet, which may state "You can't pay contactless with this device...(Your phone doesn't meet software standards)" on updating or attempting to add a card despite in-app Contactless setup stating "You're ready to pay contactless with your phone (Your phone meets security requirements)", and
    2. Google Play Store, which may no longer show apps like Netflix w/ Android 11+ (developers can 'exclude devices from their app's distribution based on their device integrity . Device exclusion is based on the latest device integrity verdict that the Play Store app receives from the Play Integrity API') despite in-app settings showing Play Protect 'Device is certified' result.
    I'm guessing that the 'passing' messages based on the old SafetyNet API are likely to realigned soon.

    A workaround that evidently allows Play Integrity API attestation to pass (and solve Wallet / Play Store issues also) has been discovered. It involves spoofing an earlier certified ROM, generally by using MagiskHide Props Config module to change fingerprint prop to one for Android 10 or earlier.

    Undoubtedly other apps will begin to detect broken TEE etc / fail as they migrate or begin integrating the Play Integrity API.

    A 'Universal Play Integrity Fix' will evidently require more understanding / research into how the fingerprint prop is used, and possibly other new behaviours.
    Click to expand...
    Click to collapse

    Here's hoping... 🙃 PW
    View
    29
    Displax
    Displax
    So, created separate thread for my mod. Welcome)

    [MODULE] [MOD] Universal SafetyNet Fix

    Universal SafetyNet Fix [MOD] Magisk module...
    forum.xda-developers.com forum.xda-developers.com
    View

New posts