MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0

Search This thread
By:
Advanced…
Atharkhan101

Atharkhan101

Senior Member
Dec 1, 2013
791
75
Hyderabad
Redmi Note 9 Pro Max
Samsung Galaxy M31
zgfg said:
4) If using Shamiko then must not be Enforce DenyList.
If not using Shamiko then must be Enforced.
That was many times debated in this thread and so.
Most of ppl use Shamiko, hence they have disabled Enforce
Click to expand...
Click to collapse
I know that and thank you as you informed. I read that Shamiko, HMA thing. I disabled DenyList of Magisk, Shamiko failed. I also tried Lsposed and enabled HMA (disabled DenyList of Magisk) that too failed. Just wanted to update you that out of 5 root detect apps including 2 banking apps, 4 apps worked and with Shamiko, HMA, Lsposed only one app could work, not the other 4. I think just for one banking app I should not screw all the 4 working apps.

Apps are:
HDFC Bank- Did not work
Axis bank - Works
RTO - Works
Medibuddy - Works
Rapido Captain - Works

I'm confident that if I use Shamiko, HMA, Lsposed I may get HDFC work but other 4 apps will not work. Just for one HDFC app I don't want to go installing other apps like Lsposed, Shamiko and their too many settings.
 
Atharkhan101

Atharkhan101

Senior Member
Dec 1, 2013
791
75
Hyderabad
Redmi Note 9 Pro Max
Samsung Galaxy M31
zgfg said:
4) If using Shamiko then must not be Enforce DenyList.
If not using Shamiko then must be Enforced.
That was many times debated in this thread and so.
Most of ppl use Shamiko, hence they have disabled Enforce
Click to expand...
Click to collapse
I want to follow Shamiko properly so I need your help please. I'm sorry I read shamiko thing and I did not understood.

My condition now: I have magisk (hide mode) with Enforce denylist enabled and those 5 root apps selected already. Only the HDFC is not working and still detecting root.

So do I need to do below steps? Please correct the steps if you feel they are wrong:
-I have to disable the enforce denylist in magisk
-Flash shamiko.zip
-Then open magisk and enforce denylist and select root detect apps right?
 
zgfg

zgfg

Senior Member
Oct 10, 2016
8,576
6,294
Xiaomi Mi 11 Lite 5G
Atharkhan101 said:
I know that and thank you as you informed.
Click to expand...
Click to collapse
HMA is not substitute for DenyList.
Nobody ever said to disable DenyList when using HMA

Putting a 'banking' app in DenyList is the FIRST thing every user must do, before asking here for help.
Otherwise we really waste time of our lives repeating the same BASIC FACTS

There are many other posts in this and other threads and there are threads here on XDA with guides in the OP posts about Zygisk, DenyList, Shamiko, USNF, HMA and the techniques of hiding

There are eg good guides in the OP posts in the following threads:

forum.xda-developers.com

[Discussion] Magisk - The Age of Zygisk.

This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com forum.xda-developers.com

forum.xda-developers.com

Hide My Applist - A Brief Guide

Hide My Applist Guide As i'm no longer active on XDA, to make the guide more easily maintainable (multiple editor access etc) going forward, i have moved it offsite to github at the following address...
forum.xda-developers.com forum.xda-developers.com

I specially like Standard 73Sydney Disclaimer (about asking things instead of taking own time to search and read) - hence I will no more continue this debate
 
Last edited:
7

73sydney

Senior Member
Jul 21, 2018
3,056
3,226
Sydney
Google Pixel 6 Pro
Samsung Galaxy Watch 4
Atharkhan101 said:
@zgfg

73sydney

I found a work around (no Lsposed, HMA, shamiko needed, they did not work too).

So,
1. I have cleared data and uninstalled the RTO, Medibuddy app which were detecting root and were not working.
2. Uninstalled Magisk
3. Reboot phone
4. Installed Magisk latest 25.2 > Settings > Enabled 'Zygisk' and Checked 'Enforce DenyList'
5. Hide Magisk (need to do this before installing those root detect apps from PlayStore)
6. Reboot
7. Installed RTO and other root detect apps from PlayStore (did not open them yet).
8. Magisk > Settings > Cofigure DenyList > Checked RTO and other root detecting apps.
9. Went back back to my phone's home screen.
10. Reboot.
11. Launched those RTO and other root detect apps and they worked!

I would say most root detecting apps would work with the above method however for me out of 5 Root detecting apps, 4 worked except HDFC bank app. It was working fine on Magisk Manager v23.0 with Magisk.zip v22.1.
Click to expand...
Click to collapse

Similar to this episode yesterday, where the root detection was ultimately being caused by the users TWRP folder (always check, and umm, recheck the basics folks) :) where i disabled Shamiko to prove, along with @zgfg that it must be something the user overlooked as we were doing the least amount of work to get his problem appto hide...i dont disable Shamiko for most examples, but it was warranted in this case...because nothing was adding up, and it needed to be shown that he must be overlooking something :)

We dont ALWAYS suggest HMA and Shamiko etc, i usually point out that Shamiko is always enabled on my device when im replying to a post and testing stuff for people though. We all like to use the least amount of gear where possible :)
 
  • Like
Reactions: ipdev and Atharkhan101
7

73sydney

Senior Member
Jul 21, 2018
3,056
3,226
Sydney
Google Pixel 6 Pro
Samsung Galaxy Watch 4
Atharkhan101 said:
I want to follow Shamiko properly so I need your help please. I'm sorry I read shamiko thing and I did not understood.

My condition now: I have magisk (hide mode) with Enforce denylist enabled and those 5 root apps selected already. Only the HDFC is not working and still detecting root.

So do I need to do below steps? Please correct the steps if you feel they are wrong:
-I have to disable the enforce denylist in magisk
-Flash shamiko.zip
-Then open magisk and enforce denylist and select root detect apps right?
Click to expand...
Click to collapse


When using shamiko = DISABLE "Enforce Deny List"
When NOT using shamiko = ENABLE "Enforce Deny List"
 
  • Like
Reactions: digger16309, ipdev and Atharkhan101
7

73sydney

Senior Member
Jul 21, 2018
3,056
3,226
Sydney
Google Pixel 6 Pro
Samsung Galaxy Watch 4
zgfg said:
HMA is not substitute for DenyList.
Nobody ever said to disable DenyList when using HMA

Putting a 'banking' app in DenyList is the FIRST thing every user must do, before asking here for help.
Otherwise we really waste time of our lives repeating the same BASIC FACTS

There are many other posts in this and other threads and there are threads here on XDA with guides in the OP posts about Zygisk, DenyList, Shamiko, USNF, HMA and the techniques of hiding

There are eg good guides in the OP posts in the following threads:

forum.xda-developers.com

[Discussion] Magisk - The Age of Zygisk.

This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com forum.xda-developers.com

forum.xda-developers.com

Hide My Applist - A Brief Guide

Hide My Applist Guide As i'm no longer active on XDA, to make the guide more easily maintainable (multiple editor access etc) going forward, i have moved it offsite to github at the following address...
forum.xda-developers.com forum.xda-developers.com

I specially like Standard 73Sydney Disclaimer (about asking things instead of taking own time to search and read) - hence I will no more continue this debate
Click to expand...
Click to collapse

We really have to stop meeting up and tag teaming the same old points from people at 4am-5:00am my time (not sure what time it is where you are :) This is getting a bit much :)

Rehashing stuff where a search or even as im always saying "read the last 6-12 pages of a thread people, usually already answered" is getting exhausting....
 
  • Like
Reactions: rodken
Atharkhan101

Atharkhan101

Senior Member
Dec 1, 2013
791
75
Hyderabad
Redmi Note 9 Pro Max
Samsung Galaxy M31
73sydney said:
When using shamiko = DISABLE "Enforce Deny List"
When NOT using shamiko = ENABLE "Enforce Deny List"
Click to expand...
Click to collapse
Thank you very much. I can confirm that both did not make my HDFC bank app work. I literally invested hours on this and I think I have to live with it. All other 4 root detect apps working fine. Thank you and thank you @zgfg I cant imagine having phone without root though haha
 
7

73sydney

Senior Member
Jul 21, 2018
3,056
3,226
Sydney
Google Pixel 6 Pro
Samsung Galaxy Watch 4
Atharkhan101 said:
Thank you very much. I can confirm that both did not make my HDFC bank app work. I literally invested hours on this and I think I have to live with it. All other 4 root detect apps working fine. Thank you and thank you @zgfg I cant imagine having phone without root though haha
Click to expand...
Click to collapse

Im going to say this just like i did yesterday at 4am...only its now 6:38 Aussie time

at any point after changing anything in trying to defeat root detection and before opening the apps again, did you clear the data for the affected apps..

any time youre messing with root detected apps and you make a change in trying to defeat the app detecting root, you should clear the apps data

theres an outside chance if you didnt do this you may find it works

also like yesterday, did you try running a detection app like Ruru to see if your were failing anywhere?

github.com

Releases · byxiaorun/Ruru

An android sample app of detecting suspicious apps like magisk manager - byxiaorun/Ruru
github.com github.com

and now i have to sleep


update:

Just before i headed to bed, i realised that that banking app rang a bell, becuase i only tested it weeks ago....we (a fe wof us) tested a few of them in a row, that was one of them, and it does work, using Hide My Applist....in fact when i just started up my Hide My Applist app, there it was still in the Effective App list...i installed it again from the play store just now, added it to the Deny List, and ran it....opened first go

forum.xda-developers.com

[Discussion] Magisk - The Age of Zygisk.

This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com forum.xda-developers.com
 
  • Like
Reactions: AusVGM and ipdev
P

pndwal

Senior Member
Jun 23, 2016
5,911
6,509
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
73sydney said:
...
Just before i headed to bed, i realised that that banking app rang a bell, becuase i only tested it weeks ago....we (a fe wof us) tested a few of them in a row, that was one of them, and it does work, using Hide My Applist....in fact when i just started up my Hide My Applist app, there it was still in the Effective App list...i installed it again from the play store just now, added it to the Deny List, and ran it....opened first go

https://forum.xda-developers.com/t/discussion-magisk-the-age-of-zygisk.4393877/post-87714843
Click to expand...
Click to collapse
Wasn't able to pass on my MIUI device (RN8T, A10) however... Remember this:
https://forum.xda-developers.com/t/discussion-magisk-the-age-of-zygisk.4393877/post-87715143

... Think we're taking Redmi Note 9 Pro Max here(?)... Anyone had success on MIUI?... I'd love to know what extra leaks need hiding and how... 😃 PW
 
  • Like
Reactions: ipdev and 73sydney
Atharkhan101

Atharkhan101

Senior Member
Dec 1, 2013
791
75
Hyderabad
Redmi Note 9 Pro Max
Samsung Galaxy M31
73sydney said:
at any point after changing anything in trying to defeat root detection and before opening the apps again, did you clear the data for the affected apps..
Click to expand...
Click to collapse
Yes I did clear cache and data.
73sydney said:
also like yesterday, did you try running a detection app like Ruru to see if your were failing anywhere?
Click to expand...
Click to collapse
Installed Ruru, not sure what to check there. Its too much of geek for me. I like what you said earlier like everybody likes to have few gears :)
73sydney said:
Just before i headed to bed, i realised that that banking app rang a bell, becuase i only tested it weeks ago....we (a fe wof us) tested a few of them in a row, that was one of them, and it does work, using Hide My Applist....in fact when i just started up my Hide My Applist app, there it was still in the Effective App list...i installed it again from the play store just now, added it to the Deny List, and ran it....opened first go
Click to expand...
Click to collapse
That HDFC Banking app appears to work but not actually. When you in real, enter the Customer ID and Password, it crashes and takes you browser picker. When I select Chrome, nothing happens. I have Titanium Backup and also checked with the previous version of HDFC app Still no success will use the website instead of app. Just don't want to install other apps Lsposed, HMA and configure so many settings just to make this ONE app work and can fail the OTHER 4. I'm good with Magisk Enforce denylist. Refer the attached screen record

https://drive.google.com/file/d/1IDDmPlHPgl59MeeksxzkI0vflO7Qj8zl/view?usp=drivesdk

If some dev take over Magisk/Zygisk then the enforce deny list/deny list can be improved.
 
Last edited:
  • Like
Reactions: 73sydney
P

pndwal

Senior Member
Jun 23, 2016
5,911
6,509
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
Atharkhan101 said:
If some dev take over Magisk/Zygisk then the enforce deny list/deny list can be improved.
Click to expand...
Click to collapse
There are already Devs/forks that do just that, allowing use of either hidelist or denylist as well as special tweaks (many experimental) for better Zygisk hiding etc etc...

Don't expect this happen in official Magisk however...

John has been following his own roadmap for Magisk and has said he has not plans to abandon it. In 2020 he said:
I don’t see myself stepping down from Magisk in the near future. Magisk is too important for me to abandon it.
Click to expand...
Click to collapse
https://topjohnwu.medium.com/state-of-magisk-2020-21de32721d65
And in 2021:
I will do my best to continue contribute to the Android modding community!
Click to expand...
Click to collapse
https://topjohnwu.medium.com/state-of-magisk-2021-fe29fdaee458

Also, while he won't now state it plainly, code injection (Zygisk project) was always about providing a better framework for 'proper ways to "hide" root and Magisk Manager/App'... See these comments back in 2020:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-84104161

He's said it's up to other Devs to 'step up' and 'start doing their job', ie making zygisk based hiding modules if they're passionate about that... He's also said he wishes people wouldn't fork Magisk for restoring MagiskHide however...

So the future of root hiding is very much in the hands of 3rd party Devs (John has stated as much for a while now too), and it must be said that this makes the whole exercise, including choosing individual hiding solutions, necessarily more complex and challenging than it used to be... but there are also many more options and more effective methods... Such is the modern cat and mouse game of root hiding... 🙃 PW
 
  • Like
Reactions: ipdev, Atharkhan101 and 73sydney
7

73sydney

Senior Member
Jul 21, 2018
3,056
3,226
Sydney
Google Pixel 6 Pro
Samsung Galaxy Watch 4
  • Like
  • Haha
Reactions: ipdev and pndwal
P

pndwal

Senior Member
Jun 23, 2016
5,911
6,509
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
FYI: Looks like we may finally be getting official Universal PI deviceIntegrity Fix in USNF!

It'll be nice to have a working fix linked from OP here again too...

... So seems @kdrag0n has found proper hooks to set and revert the fingerprint used for mismatch trigger for PI hardware based verdict enforcement bypass making this proposition less of a stop-gap fix with far less likelihood of breaking print prop related stuff... He'll also implement the additional @anirudhgupta109 shipping API level prop mismatch needed for Pixel 7 and other A13 LV devices (already adopted by @Displax in his forked USNF mods)... See here:
https://github.com/kdrag0n/safetynet-fix/pull/207#issuecomment-1340460803

Watch this space! 😛 ... And thanks for efforts @kdrag0n. 👍

👀PW
 
Last edited:
  • Like
Reactions: mightyvenom, okij, omartins and 11 others
Atharkhan101

Atharkhan101

Senior Member
Dec 1, 2013
791
75
Hyderabad
Redmi Note 9 Pro Max
Samsung Galaxy M31
Does anyone know why it doesn't select all items in oo
digger16309 said:
@Atharkhan101 Are you running an ad-blocker at any level? For example, I've found that some of these "detect root" scenarios are actually AdAway blocking the sign-in domain as unsafe.
Click to expand...
Click to collapse
Yes I use Adaway and I'm confident that it is not cause any issue because I tried to freeze it in Titanium backup and additionally it used to work in 22.1 Version of magisk WITH Adaway ON.
 
zgfg

zgfg

Senior Member
Oct 10, 2016
8,576
6,294
Xiaomi Mi 11 Lite 5G
Atharkhan101 said:
Does anyone know why it doesn't select all items in oo

Yes I use Adaway and I'm confident that it is not cause any issue because I tried to freeze it in Titanium backup and additionally it used to work in 22.1 Version of magisk WITH Adaway ON.
Click to expand...
Click to collapse
If you have Systemless hosts enabled and you freeze AdAway, /data/adb/modules/hosts/system/etc/hosts file will remain, and Magisk will still mount it (even upon reboot) to the /system/etc/hosts, ie blocking will be still in place

Only if you use AdAway in the non-root/VPN mode, then freezing will really stop blocking

Nevertheless, I don't understand why complicating
AdAway has Pause/Resume button. Just Pause, reboot and then you're sure that AdAway is no more blocking until you Resume and reboot again (reboots not needed if using AdAway in the VPN mode)
 

Attachments

  • IMG_20221207_203740.jpg
    IMG_20221207_203740.jpg
    49.6 KB · Views: 37
  • IMG_20221207_204131.jpg
    IMG_20221207_204131.jpg
    58.7 KB · Views: 37
Last edited:
  • Like
Reactions: ipdev
Atharkhan101

Atharkhan101

Senior Member
Dec 1, 2013
791
75
Hyderabad
Redmi Note 9 Pro Max
Samsung Galaxy M31
zgfg said:
If you have Systemless hosts enabled and you freeze AdAway, /data/adb/modules/hosts/system/etc/hosts file will remain, and Magisk will still mount it (even upon reboot) to the /system/etc/hosts, ie blocking will be still in place

Only if you use AdAway in the non-root/VPN mode, then freezing will really stop blocking

Nevertheless, I don't understand why complicating
AdAway has Pause/Resume button. Just Pause, reboot and then you're sure that AdAway is no more blocking until you Resume and reboot again (reboots not needed if using AdAway in the VPN mode)
Click to expand...
Click to collapse
Already done all you said. Still nope!
 
m0han

m0han

Senior Member
Apr 30, 2012
5,457
2,559
zgfg said:
... Putting a 'banking' app in DenyList is the FIRST thing every user must do, before...
Click to expand...
Click to collapse
... even running it for the first time, may I add?

73sydney said:
... at any point after changing anything in trying to defeat root detection and before opening the apps again, did you clear the data for the affected apps....
Click to expand...
Click to collapse
I thought I read somewhere: Turn ON airplane mode, Clear cache and data of the apps, Reboot and Turn OFF airplane mode before running the apps again.

Atharkhan101 said:
I want to follow Shamiko properly so I need your help please. I'm sorry I read shamiko thing and I did not understood....
Click to expand...
Click to collapse
If the latest official Shamiko-v0.6-126-release.zip here does not work, you might like to try Shamiko-v0.6-130 (see screenshot). For more, see/use the Telegram channel.
 

Attachments

  • Screenshot_20221208_091150.jpg
    Screenshot_20221208_091150.jpg
    181.5 KB · Views: 62
Last edited:
  • Like
Reactions: pndwal and ipdev
K

kamilchno

Senior Member
Feb 19, 2015
69
7
Sony Xperia Z3 Compact
bombadier said:
Which telegram channel?
Click to expand...
Click to collapse
t.me

|ZH/EN|\|SFW| LSPosed Discussion

Channel: @LSPosed ZH/EN 禁止阴阳怪气/No sarcasm; 严禁涉政、机场、广告/ No ads or politics; 不得私聊管理/ NO pm admins; 提问前请先看所有置顶/ Read all pins first; 反馈问题请带日志 / Must report with log; 严禁社工 / No dox; 严禁开挂 / No Cheat; 提问时自称小白会被警告; 不要讨论某框架管理器开发者。
t.me t.me
 
  • Like
Reactions: bombadier
You must log in or register to reply here.

Similar threads

Chainfire
[Android 2.1+][03.10.2011][v3.2] Chainfire3D [ROOT][OpenGL ES 2.0+]
Replies
3K
Views
3M
rignfool
rignfool
apb_axel
[ZIP] Synapse + Script => Universal Kernel Manager v3.8.1
Replies
3K
Views
766K
D
Dildoman
repey6
[6.0-12.0][Magisk]Dolby Digital Plus[upd.20211005]
Replies
2K
Views
737K
B
b4minee
Chainfire
[2014.05.01][ROOT] Mobile ODIN v4.20
Replies
5K
Views
3M
Zagnutty
Zagnutty
DooMLoRD
[04/Jan][ROOTING/UNROOTING] DooMLoRD's Easy Rooting Toolkit [v4.0](zergRush Exploit)
Replies
927
Views
3M
B
bishoy ashraf

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 4
    P
    pndwal
    For those using Canary builds

    Please be aware that in 25207+ major refactoring (of selinux rule patching) has broken many modules etc... This is likely the cause of issues with hiding using recent builds as Shamiko is affected... Please see discussion in Magisk Discussion thread...

    You could revert to 25206 or wait for fixes hopefully in 25211... 👀 PW
    View
    3
    osm0sis
    osm0sis
    I was on 2.3.1_MOD_3.0 on Android 12 and now 2.4.0_MOD_1.2 on Android 13 and all was now well in both setups.
    View
    3
    Nergal di Cuthah
    Nergal di Cuthah
    adrian33 said:
    I'm on a similar setup although just "2.4.0", I need to look around for "2.4.0_MOD_1.2" in particular to try that out.
    Click to expand...
    Click to collapse

    [MODULE] [MOD] Universal SafetyNet Fix

    Universal SafetyNet Fix [MOD] Magisk module...
    forum.xda-developers.com forum.xda-developers.com
    View
    3
    zgfg
    zgfg
    jasonbiggs said:
    so I'm on android 13, pixel 6a. Got Integrity ✅ and CTS match ✅ and also Play Store as Certified. Although, still no google pay or banks access. Any hints to get this working or it this fix not fully functional on 13 as of yet?

    Thanks!
    Click to expand...
    Click to collapse
    With Integrity and CTS do you refer to the deprecated SafetyNet or the 'new' Play Integrity API?

    Also, are you using USNF from this thread or the newer/better safetynet-fix-v2.4.0-MOD_1.2 from the other thread?

    Look into the other USNF thread from Displax and find more info in the thread about GPay

    Btw, banking apps do not rely only on PI API - they try many other detections od root, hence you might need (things vary from app to app) Shamiko, Hide My Applist or even the Magisk Delta fork

    The best would be to search through the Magisk related threads here on XDA, how the other user(s) solved the root detection from your particular banking or similar app
    View
    3
    jasonbiggs
    jasonbiggs
    zgfg said:
    With Integrity and CTS do you refer to the deprecated SafetyNet or the 'new' Play Integrity API?

    Also, are you using USNF from this thread or the newer/better safetynet-fix-v2.4.0-MOD_1.2 from the other thread?

    Look into the other USNF thread from Displax and find more info in the thread about GPay

    Btw, banking apps do not rely only on PI API - they try many other detections od root, hence you might need (things vary from app to app) Shamiko, Hide My Applist or even the Magisk Delta fork

    The best would be to search through the Magisk related threads here on XDA, how the other user(s) solved the root detection from your particular banking or similar app
    Click to expand...
    Click to collapse
    Yes! I was trying to find the link for that mod. This worked. Thanks!

    View
  • 315
    kdrag0n
    kdrag0n
    Universal SafetyNet Fix
    Magisk module​

    Magisk module to work around Google's SafetyNet attestation.

    This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS profile attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    If you still have trouble passing SafetyNet with this module, use MagiskHide Props Config to spoof a certified device profile. This is a common issue on old devices, custom ROMs, and stock ROMs without GMS certification (e.g. Chinese ROMs).

    Android versions up to 13 Beta 3 are supported, including OEM skins such as Samsung One UI and MIUI.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module. See the ProtonAOSP website for more information.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Latest release
    v2.4.0
    Highlights
    • Play Integrity bypass without breaking device checks or causing other issues
    • Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)
    Other changes
    • Updated instructions for newer Android and Magisk versions
    • Better debugging for future development
    This version only supports Zygisk (Magisk 24 and newer).

    It's taken a while to find a way to bypass Play Integrity that doesn't require spoofing the build fingerprint permanently, but I wanted to make sure this module doesn't cause any unnecessary breakage. Just like the original goal of Universal SafetyNet Fix, this minimizes adverse effects by spoofing dynamically at runtime only when necessary. Enjoy!

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support.
    Alternatively, you can also buy me a coffee. All support is appreciated ❤️

    Source code
    View
    215
    Displax
    Displax
    So, here is my modification of USNF with Play Integrity API bypass.

    It changes fingerprint to old 7.1.2 6.0 (LOL) and apply it only for GMS SafetyNet process (by Zygisk injection), so your original prints/security path level does not change. This avoids many side effects/problems with global props changing.

    Updated 3.0:
    No words needed, you understand everything yourself 😜

    Updated 2.1:
    Hide "Enable OEM Unlock" setting

    Updated 2.0:
    Bypassing DEVICE_INTEGRITY for devices that shipped with Android 13+ (Pixel`s 7 )

    Updated:
    Drop fingerprint to lowest possible (6.0) to ensure that no one use same Android version

    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Many thanks to @1nikolas for integrity checker.

    Source code: https://github.com/Displax/safetynet-fix/tree/integrity
    View
    58
    Displax
    Displax
    So, here is my new modification of USNF with Play Integrity API bypass.

    It is now based on top of original v2.4.0 codebase instead of v2.3.1, with adding new hiding algorithm for current realities and some code refreshing.

    Changelog:

    Version 1.2
    * Fix crash and endless tests loop/failing on Android < 9.0 (bug from original version 2.4.0).
    * Do not unpatch (revert) changes. To prevent possible tests failing after a while on some ROMs (cross conflicts).

    Version 1.1
    * Fix KeyStore hook desynchronization (tests randomly failing problem).


    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Source code: https://github.com/Displax/safetynet-fix/tree/dev
    View
    31
    P
    pndwal
    Folks, the SafetyNet API was depreciated last Month with 'full turndown' slated for June 2024 and the introduction of the new Play Integrity API. It has also become clear that Google apps are simply the first to adopt the long foretold Play Integrity API; all responsible banks are bound to follow suit in short order, and at least before the June 2023 migration deadline.

    This means (assuming fully deployed Hardware Key Attestation doesn't come first 😬) that the need for a 'Universal Play Integrity Fix' has become quite urgent.

    We currently have workarounds involving using older fingerprint props by means of MHPC module (similar to fix needed for uncertified ROMs), but success/mileage varies per device and users of regular bank apps / gamers etc on stock devices will all soon be forced to experiment with MHPC prints also... This is hardly ideal.

    So I've made an issue report/request on USNF GitHub as follows. This information may be insightful to users here also...

    Please let me know here if I have missed anything important, or add any technically relevant details there...

    PLEASE DON'T spam that issue with unimportant details or queries... (The previous issue is already burgeoning w/ OT.) That's what this thread is for... 😛 :

    Please make 'Universal Play Integrity Fix' ... #204

    Fixes to expand 'Universal SafetyNet Fix' to become a 'Universal Play Integrity Fix' are needed.

    The SafetyNet Attestation API is deprecated and has been replaced by the Play Integrity API.
    https://developer.android.com/training/safetynet/deprecation-timeline

    New Play Integrity API is rolling out from June 2022, and evidently Google Play Store and Google Pay/Wallet are already using its verdict.

    June 2023 is the Migration Deadline for app developers. This will also allow their older app versions to continue working with SafetyNet API for a limited time.

    June 2024 is the End of life for SafetyNet API; its attestation will no longer work for any app version, and apps will receive an error.

    The new Integrity API has more strict requirements for passing attestation, and this seems to be enforced in Android 11+ particularly.

    Currently (evidently due to this), device security issues are detected by

    1. Google Pay/Wallet, which may state "You can't pay contactless with this device...(Your phone doesn't meet software standards)" on updating or attempting to add a card despite in-app Contactless setup stating "You're ready to pay contactless with your phone (Your phone meets security requirements)", and
    2. Google Play Store, which may no longer show apps like Netflix w/ Android 11+ (developers can 'exclude devices from their app's distribution based on their device integrity . Device exclusion is based on the latest device integrity verdict that the Play Store app receives from the Play Integrity API') despite in-app settings showing Play Protect 'Device is certified' result.
    I'm guessing that the 'passing' messages based on the old SafetyNet API are likely to realigned soon.

    A workaround that evidently allows Play Integrity API attestation to pass (and solve Wallet / Play Store issues also) has been discovered. It involves spoofing an earlier certified ROM, generally by using MagiskHide Props Config module to change fingerprint prop to one for Android 10 or earlier.

    Undoubtedly other apps will begin to detect broken TEE etc / fail as they migrate or begin integrating the Play Integrity API.

    A 'Universal Play Integrity Fix' will evidently require more understanding / research into how the fingerprint prop is used, and possibly other new behaviours.
    Click to expand...
    Click to collapse

    Here's hoping... 🙃 PW
    View
    29
    Displax
    Displax
    So, created separate thread for my mod. Welcome)

    [MODULE] [MOD] Universal SafetyNet Fix

    Universal SafetyNet Fix [MOD] Magisk module...
    forum.xda-developers.com forum.xda-developers.com
    View

New posts