MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0

Search This thread
By:
Advanced…
7

73sydney

Senior Member
Jul 21, 2018
3,056
3,226
Sydney
Google Pixel 6 Pro
Samsung Galaxy Watch 4
locolyric said:
Any one have idea how to make this ewallet run ? I try all hide my app and magisk delta. And It won't work.
Click to expand...
Click to collapse

I already tested on magisk officlal (and HMA) and not working....

Cant remember if anyone tested on Magisk Delta...there was a period there we tested like 4 or 5 banking apps in a row, and only two failed, this was one of them....
 
  • Like
Reactions: ipdev
casouzaj

casouzaj

Senior Member
Oct 13, 2006
2,396
639
59
Pindamonhangaba, SP - Brazili
Sony Xperia Z5 Compact
Xperia XZ2
I'm running the latest Delta Canary in my Xperia XZ2, loaded with LineageOS 20.0. I have both Zygisk and MagiskHide enabled, MagiskHide list properly configured, and with the latest USNF-mod and Shamiko 0.5.2 (120) - the latest Shamiko causes a lot of crashes - and also LSPosed and HMA. All my banking apps work, including contactless payments.
 
zgfg

zgfg

Senior Member
Oct 10, 2016
8,527
6,255
Xiaomi Mi 11 Lite 5G
casouzaj said:
I'm running the latest Delta Canary in my Xperia XZ2, loaded with LineageOS 20.0. I have both Zygisk and MagiskHide enabled, MagiskHide list properly configured, and with the latest USNF-mod and Shamiko 0.5.2 (120) - the latest Shamiko causes a lot of crashes - and also LSPosed and HMA. All my banking apps work, including contactless payments.
Click to expand...
Click to collapse
Do you really need Shamiko with Delta - try with disabled and retest with your banking apps (I did - I was suggested by Delta developer, and later uninstalled Shamiko, not using it now for weeks and everything works fine for me)
 
  • Like
Reactions: 73sydney
P

pndwal

Senior Member
Jun 23, 2016
5,862
6,489
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
casouzaj said:
I'm running the latest Delta Canary in my Xperia XZ2, loaded with LineageOS 20.0. I have both Zygisk and MagiskHide enabled, MagiskHide list properly configured, and with the latest USNF-mod and Shamiko 0.5.2 (120) - the latest Shamiko causes a lot of crashes - and also LSPosed and HMA. All my banking apps work, including contactless payments.
Click to expand...
Click to collapse
Yeah, isn't Delta's MagiskHide basically an alternative to using Shamiko?... I'm not au fait with Delta's current implementation... Is HideList running along with Shamiko (doing anything in addition) or has Shamiko taken over completely?... Nb. @huskydg did say way back:
huskydg said:
... If you use shamiko, why not use official magisk.
Click to expand...
Click to collapse
Also you just said:
casouzaj said:
I always put in hidelist (or denylist) every app for which I have an account (username and pasword), which happens to be a lot of apps. Never had any issues. Used TJW`s canary before. Now in Delta canary, for many months. Just my 2 cents...
Click to expand...
Click to collapse
🤔... So do you have issues or not?...

Also, you are effectively doing what whitelist mode does when you "put in hidelist... a lot of apps". So I guess this (readme.md) applies:
#### Whitelist
...
- Whitelist has significant performance and memory consumption issue, please use it only for testing
...
Click to expand...
Click to collapse
My guess is that you may be experiencing 'performance issues' inherent with hiding root from so many apps. 😬... You probably saw this response anyway:
https://forum.xda-developers.com/t/discussion-magisk-the-age-of-zygisk.4393877/post-87864599

... Perhaps both Shamiko and MagiskHide are competing to fork all these processes and do needed mounts and modification unmounts also, I don't know for sure... May be best to ask in Delta thread re. Shamiko use w/ hidelist...

You're not by chance also using MagiskHide SuList option are you?... 😃 PW
 
  • Like
Reactions: 73sydney
L

locolyric

Senior Member
Jul 12, 2008
1,202
121
Seremban
Amazon Fire HD 8 and HD 10
Xiaomi Mi Max 3
73sydney said:
I already tested on magisk officlal (and HMA) and not working....

Cant remember if anyone tested on Magisk Delta...there was a period there we tested like 4 or 5 banking apps in a row, and only two failed, this was one of them....
Click to expand...
Click to collapse
the only thing i can make that wallet work is remove magisk.
i am confuse how it can be happened even we choose to stop that app detecting magisk.
in my opinion it means even we choose not to let app read our app list. But google allow it, and this feel not secure at all to me...
 
P

pndwal

Senior Member
Jun 23, 2016
5,862
6,489
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
locolyric said:
Any one have idea how to make this ewallet run ? I try all hide my app and magisk delta. And It won't work.
Click to expand...
Click to collapse
Like this?:
IMG_20221219_010537.jpgIMG_20221219_010641.jpg

Xiaomi RN8T w/ A10 MIUI, Magisk Canary, Magisk App hidden, app in denylist (NOT enforced), Shamiko, LSPosed + HideMyApplist XPosed module hiding all root/mod related apps from app... and Play Integrity deviceIntegrity passing of course...

locolyric said:
the only thing i can make that wallet work is remove magisk.
i am confuse how it can be happened even we choose to stop that app detecting magisk.
in my opinion it means even we choose not to let app read our app list. But google allow it, and this feel not secure at all to me...
Click to expand...
Click to collapse
If it really works when you uninstall Magisk App only (I'm assuming that's what you meant), it's likely you haven't both invoked the obfuscated stub app (taken Hide the Magisk app) and properly enabled hide for and marked hiddenmagiskappname as invisible to the app... A number of bank apps require both these measures...

Further, see my device detections in screenshots here:
https://forum.xda-developers.com/t/discussion-magisk-the-age-of-zygisk.4393877/post-87868919

🙂 PW
 
L

locolyric

Senior Member
Jul 12, 2008
1,202
121
Seremban
Amazon Fire HD 8 and HD 10
Xiaomi Mi Max 3
pndwal said:
Like this?:
View attachment 5787691View attachment 5787693

Xiaomi RN8T w/ A10 MIUI, Magisk Canary, Magisk App hidden, app in denylist (NOT enforced), Shamiko, LSPosed + HideMyApplist XPosed module hiding all root/mod related apps from app... and Play Integrity deviceIntegrity passing of course...


If it really works when you uninstall Magisk App only (I'm assuming that's what you meant), it's likely you haven't both invoked the obfuscated stub app (taken Hide the Magisk app) and properly enabled hide for and marked hiddenmagiskappname as invisible to the app... A number of bank apps require both these measures...

Further, see my device detections in screenshots here:
https://forum.xda-developers.com/t/discussion-magisk-the-age-of-zygisk.4393877/post-87868919

🙂 PW
Click to expand...
Click to collapse
which version of tng wallet you using ?version 1.7.86 can't work on evolutionx a13.
 
P

pndwal

Senior Member
Jun 23, 2016
5,862
6,489
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
locolyric said:
then this issue might be the specific phone issue , as i can't make it work on a12 nor a13.
using your method.
Click to expand...
Click to collapse
That's why I linked my phone detections for you above... Clearly, those don't matter... Run Momo / Ruru and you may work out what additional detections are causing issues... But no guarantees... 😜 PW
 
Last edited:
  • Like
Reactions: 73sydney
7

73sydney

Senior Member
Jul 21, 2018
3,056
3,226
Sydney
Google Pixel 6 Pro
Samsung Galaxy Watch 4
Short PSA:

In the latest Hide My Applist, it can take quite a while for it to actively hide apps, especially first boot after install. Ive noted this on two clean flashes now.

It is highly recommended you wait until ROM has settled in for a few minutes after first boot after install, and afetr boot in general, before testing apps or testing Ruru

Also worth pointing out as always, before any test with Ruru, be sure to force close and clear cache/data for the testing app....
 
Last edited:
  • Like
Reactions: christantoan, ipdev, bombadier and 1 other person
2uk3y

2uk3y

Senior Member
Sep 3, 2010
488
194
Malaysia
locolyric said:
then this issue might be the specific phone issue , as i can't make it work on a12 nor a13.
using your method.
Click to expand...
Click to collapse
maybe android version ? bcoz @pndwal use A10. maybe ?
bcoz i also can not run tngewallet on A13 after solve all ruru and momo detection issues.
i also follow below setup... except android version A13
Xiaomi RN8T w/ A10 MIUI, Magisk Canary, Magisk App hidden, app in denylist (NOT enforced), Shamiko, LSPosed + HideMyApplist XPosed module hiding all root/mod related apps from app... and Play Integrity deviceIntegrity passing of course...
Click to expand...
Click to collapse
 
  • Like
Reactions: ipdev
bombadier

bombadier

Senior Member
Jul 3, 2010
3,641
3,562
The Burgh
LG G Watch R
Samsung Galaxy Tab S2
2uk3y said:
maybe android version ? bcoz @pndwal use A10. maybe ?
bcoz i also can not run tngewallet on A13 after solve all ruru and momo detection issues.
i also follow below setup... except android version A13
Click to expand...
Click to collapse
I tried installing the tng ewallet on my pixel 4a android 13 and cant even get the app to run, force closes with an OpenGLRenderer error
Unable to match the desired swap behaviour
 
2uk3y

2uk3y

Senior Member
Sep 3, 2010
488
194
Malaysia
bombadier said:
I tried installing the tng ewallet on my pixel 4a android 13 and cant even get the app to run, force closes with an OpenGLRenderer error
Unable to match the desired swap behaviour
Click to expand...
Click to collapse
so android 13 can not run this. need to test on lower android version 12 or 11

@locolyric so i try using tngewallet v1.7.84 and it work. v1.7.86 and latest not working.

what i can see there is additional start from v1.7.86

1.7.84 vs 1.786
Screenshot 2022-12-20 at 10.15.49 PM.png
Screenshot 2022-12-20 at 10.18.29 PM.png
 
Last edited:
  • Like
Reactions: locolyric
christantoan

christantoan

Senior Member
Oct 9, 2015
258
108
OnePlus 3T
OnePlus 7 Pro
Hi,

I need help in passing PI. I'm using latest stable Magisk Official, Shamiko, USNF modded, and LSPosed. My device is OnePlus 7 Pro running Oxygen OS 11.

Here are my detection results:

Screenshot_20221221-075955.png Screenshot_20221221-080038.png Screenshot_20221221-080106.png Screenshot_20221221-080157.png

Please let me know of you need more info.
Thank you in advance!
 
You must log in or register to reply here.

Similar threads

Chainfire
[Android 2.1+][03.10.2011][v3.2] Chainfire3D [ROOT][OpenGL ES 2.0+]
Replies
3K
Views
3M
rignfool
rignfool
apb_axel
[ZIP] Synapse + Script => Universal Kernel Manager v3.8.1
Replies
3K
Views
766K
D
Dildoman
repey6
[6.0-12.0][Magisk]Dolby Digital Plus[upd.20211005]
Replies
2K
Views
736K
B
b4minee
Chainfire
[2014.05.01][ROOT] Mobile ODIN v4.20
Replies
5K
Views
3M
Zagnutty
Zagnutty
DooMLoRD
[04/Jan][ROOTING/UNROOTING] DooMLoRD's Easy Rooting Toolkit [v4.0](zergRush Exploit)
Replies
927
Views
3M
B
bishoy ashraf

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 4
    P
    pndwal
    For those using Canary builds

    Please be aware that in 25207+ major refactoring (of selinux rule patching) has broken many modules etc... This is likely the cause of issues with hiding using recent builds as Shamiko is affected... Please see discussion in Magisk Discussion thread...

    You could revert to 25206 or wait for fixes hopefully in 25211... 👀 PW
    View
    3
    P
    pndwal
    V1adAdGad said:
    I have a strange behavior. After rebooting the phone I have everything pass in YASNAC. But after opening the bank application YASNAC shows that CTS profile fail. Cannot find in this thread anything related to this problem. Any ideas?

    crDroid9 13Android
    OnePlus 6t
    Magisk hided and seftynet installed
    Click to expand...
    Click to collapse
    This module has issues with builds that offer a fix for new Play Integrity deviceIntegrity...

    As mentioned above, you need to pass that now as SafetyNet is depreciated, but you will need to be passing old ctsProfileMatch in order to pass deviceIntegrity...

    @Displax posted links to his working (forked/fixed) builds in a new thread a couple of pages back here:
    https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-4-0.4217823/post-88149057

    We're hoping that official USNF may get needed attention soon, but it appears @kdrag0n is busy with other matters...

    🙂 PW
    View
    3
    osm0sis
    osm0sis
    I was on 2.3.1_MOD_3.0 on Android 12 and now 2.4.0_MOD_1.2 on Android 13 and all was now well in both setups.
    View
    3
    Nergal di Cuthah
    Nergal di Cuthah
    adrian33 said:
    I'm on a similar setup although just "2.4.0", I need to look around for "2.4.0_MOD_1.2" in particular to try that out.
    Click to expand...
    Click to collapse

    [MODULE] [MOD] Universal SafetyNet Fix

    Universal SafetyNet Fix [MOD] Magisk module...
    forum.xda-developers.com forum.xda-developers.com
    View
    3
    Nergal di Cuthah
    Nergal di Cuthah
    cabagekiller said:
    would you be able to share the new displax 2.4.0 1.2 for me I am unable to find it easily. I would appreciate that
    Click to expand...
    Click to collapse

    [MODULE] [MOD] Universal SafetyNet Fix

    Universal SafetyNet Fix [MOD] Magisk module...
    forum.xda-developers.com forum.xda-developers.com
    View
  • 312
    kdrag0n
    kdrag0n
    Universal SafetyNet Fix
    Magisk module​

    Magisk module to work around Google's SafetyNet attestation.

    This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS profile attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    If you still have trouble passing SafetyNet with this module, use MagiskHide Props Config to spoof a certified device profile. This is a common issue on old devices, custom ROMs, and stock ROMs without GMS certification (e.g. Chinese ROMs).

    Android versions up to 13 Beta 3 are supported, including OEM skins such as Samsung One UI and MIUI.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module. See the ProtonAOSP website for more information.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Latest release
    v2.4.0
    Highlights
    • Play Integrity bypass without breaking device checks or causing other issues
    • Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)
    Other changes
    • Updated instructions for newer Android and Magisk versions
    • Better debugging for future development
    This version only supports Zygisk (Magisk 24 and newer).

    It's taken a while to find a way to bypass Play Integrity that doesn't require spoofing the build fingerprint permanently, but I wanted to make sure this module doesn't cause any unnecessary breakage. Just like the original goal of Universal SafetyNet Fix, this minimizes adverse effects by spoofing dynamically at runtime only when necessary. Enjoy!

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support.
    Alternatively, you can also buy me a coffee. All support is appreciated ❤️

    Source code
    View
    213
    Displax
    Displax
    So, here is my modification of USNF with Play Integrity API bypass.

    It changes fingerprint to old 7.1.2 6.0 (LOL) and apply it only for GMS SafetyNet process (by Zygisk injection), so your original prints/security path level does not change. This avoids many side effects/problems with global props changing.

    Updated 3.0:
    No words needed, you understand everything yourself 😜

    Updated 2.1:
    Hide "Enable OEM Unlock" setting

    Updated 2.0:
    Bypassing DEVICE_INTEGRITY for devices that shipped with Android 13+ (Pixel`s 7 )

    Updated:
    Drop fingerprint to lowest possible (6.0) to ensure that no one use same Android version

    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Many thanks to @1nikolas for integrity checker.

    Source code: https://github.com/Displax/safetynet-fix/tree/integrity
    View
    58
    Displax
    Displax
    So, here is my new modification of USNF with Play Integrity API bypass.

    It is now based on top of original v2.4.0 codebase instead of v2.3.1, with adding new hiding algorithm for current realities and some code refreshing.

    Changelog:

    Version 1.2
    * Fix crash and endless tests loop/failing on Android < 9.0 (bug from original version 2.4.0).
    * Do not unpatch (revert) changes. To prevent possible tests failing after a while on some ROMs (cross conflicts).

    Version 1.1
    * Fix KeyStore hook desynchronization (tests randomly failing problem).


    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Source code: https://github.com/Displax/safetynet-fix/tree/dev
    View
    31
    P
    pndwal
    Folks, the SafetyNet API was depreciated last Month with 'full turndown' slated for June 2024 and the introduction of the new Play Integrity API. It has also become clear that Google apps are simply the first to adopt the long foretold Play Integrity API; all responsible banks are bound to follow suit in short order, and at least before the June 2023 migration deadline.

    This means (assuming fully deployed Hardware Key Attestation doesn't come first 😬) that the need for a 'Universal Play Integrity Fix' has become quite urgent.

    We currently have workarounds involving using older fingerprint props by means of MHPC module (similar to fix needed for uncertified ROMs), but success/mileage varies per device and users of regular bank apps / gamers etc on stock devices will all soon be forced to experiment with MHPC prints also... This is hardly ideal.

    So I've made an issue report/request on USNF GitHub as follows. This information may be insightful to users here also...

    Please let me know here if I have missed anything important, or add any technically relevant details there...

    PLEASE DON'T spam that issue with unimportant details or queries... (The previous issue is already burgeoning w/ OT.) That's what this thread is for... 😛 :

    Please make 'Universal Play Integrity Fix' ... #204

    Fixes to expand 'Universal SafetyNet Fix' to become a 'Universal Play Integrity Fix' are needed.

    The SafetyNet Attestation API is deprecated and has been replaced by the Play Integrity API.
    https://developer.android.com/training/safetynet/deprecation-timeline

    New Play Integrity API is rolling out from June 2022, and evidently Google Play Store and Google Pay/Wallet are already using its verdict.

    June 2023 is the Migration Deadline for app developers. This will also allow their older app versions to continue working with SafetyNet API for a limited time.

    June 2024 is the End of life for SafetyNet API; its attestation will no longer work for any app version, and apps will receive an error.

    The new Integrity API has more strict requirements for passing attestation, and this seems to be enforced in Android 11+ particularly.

    Currently (evidently due to this), device security issues are detected by

    1. Google Pay/Wallet, which may state "You can't pay contactless with this device...(Your phone doesn't meet software standards)" on updating or attempting to add a card despite in-app Contactless setup stating "You're ready to pay contactless with your phone (Your phone meets security requirements)", and
    2. Google Play Store, which may no longer show apps like Netflix w/ Android 11+ (developers can 'exclude devices from their app's distribution based on their device integrity . Device exclusion is based on the latest device integrity verdict that the Play Store app receives from the Play Integrity API') despite in-app settings showing Play Protect 'Device is certified' result.
    I'm guessing that the 'passing' messages based on the old SafetyNet API are likely to realigned soon.

    A workaround that evidently allows Play Integrity API attestation to pass (and solve Wallet / Play Store issues also) has been discovered. It involves spoofing an earlier certified ROM, generally by using MagiskHide Props Config module to change fingerprint prop to one for Android 10 or earlier.

    Undoubtedly other apps will begin to detect broken TEE etc / fail as they migrate or begin integrating the Play Integrity API.

    A 'Universal Play Integrity Fix' will evidently require more understanding / research into how the fingerprint prop is used, and possibly other new behaviours.
    Click to expand...
    Click to collapse

    Here's hoping... 🙃 PW
    View
    28
    R
    ReservedName
    ok so there is a solution

    get the magisk module riru

    after you get riru get LSPosed

    after you get LSPosed get xprivacylua (in the LSPosed app)

    select play services in the xprivacylua settings IN the LSPosed app

    AND in the xprivacylua app itself after you've restarted.

    clear play service data

    check safetynet in magisk - enjoy?

    I would reboot between each step just to be safe but I know it's necessary to load the xprivacylua module

    s/o to saitama_96 for discovering it or so I'm led to believe
    View

New posts