MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0

[pndwal]

Hi, guys!
Apologize for errors in writing, English is not my first language. For me the Gpay was working until today. I've checked the API integrity and receive the UNEVALUATED results with all integrity red. I've attached the denylist and magisk modules. Right now my USNF mod is 2.3.1 v2.0 (i know there is newest one, i've tried it with same results). Can you, please, help me identify the culprit. MOMO detects only wrong partition, so i think it's just the bootloader unlock. My phone is Oneplus 7T Pro, running stock OOS11, unlocked BL.

Try clearing Play Services data and all modules disabled except USNF... Also, can use older @Displax modded build unless device launched with A13 (Pixel 7 etc)... And you don't need Play Store in denylist... PW

 

[qetuol]

Can you please specify what did you clear? I cleared wallet cache and data but didn't help.

Nah, it works for me again after clearing everything and I'm only passing basic. However it will check even when not using it and if it fails once it's gone forever. So since the check fails sporadically wallet will stop working after a while.

 

[pndwal]

I don't think it is 2.4, because it stopped to worked when I was on 2.3.2 (I can't remember for sure, but it was a previous version). I just updated to 2.4 after that to see if it was resolved.

People have had failures w/ all USNF builds... Even stock devices were failing G Pay/Wallet device security checks at one point!...

However recent failures w/ 2.4.0 are certainly due to new changes/regressions specific to that build... See posts above...

What I start to think now is that Gwallet now checks the strong hardware integrity, not just cts.

Nah... Still Passing fine w/ PI deviceIntegrity... PW

 

[pndwal]

Can you please specify what did you clear? I cleared wallet cache and data but didn't help.

Can be a challenge... See my saga above:
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-4-0.4217823/post-88049087 PW

 

[pulpf]

the latest version is v2.3.1-mod 2.1 and it works very well

 

[pndwal]

Nah, it works for me again after clearing everything and I'm only passing basic.

What, w/o PI deviceIntegrity?

However it will check even when not using it and if it fails once it's gone forever. So since the check fails sporadically wallet will stop working after a while.

Not usually forever... Generally rights itself after some time (a week sometimes) w/o intervention as long as PI deviceIntegrity has not failed again in the meantime. PW

 

[pndwal]

the latest version is v2.3.1-mod 2.1 and it works very well

Recent issues here are with latest official USNF, 2.4.0... PW

 

[pulpf]

with 2.4.0 I have neither the fingerprint reader nor the payment

 

[DartGerion]

Try clearing Play Services data and all modules disabled except USNF... Also, can use older @Displax modded build unless device launched with A13 (Pixel 7 etc)... And you don't need Play Store in denylist... PW

Tried clearing everything in Play Service and Play Market as well as disabling basically everything in Magisk except USNF, still doesnt pass the integrity. However the GWallet started working again.

 

[pndwal]

Tried clearing everything in Play Service and Play Market as well as disabling basically everything in Magisk except USNF, still doesnt pass the integrity. However the GWallet started working again.

So definitely Google Play Services? (Not '... for AR' etc?)... So G Wallet working without deviceIntegrity?... Please show YASNAC results also (after disabling all modules except USNF)... PW

 

[pndwal]

Hi guys,

I have been trying many ways but to no workaround to pass the integrity and CTS profile test which caused me unable to bypass the banking and gov app.
I have to dirty flash the same Rom to remove magisk temporarily in order to use the apps which is very time consuming.
I'm using Poco F1 with info below:
- Miui Eu 12.0.3
- Android 10
- Latest Magisk Canary 25.2
- Google Play store device is not certified after magisk installed.
- Tried with LSPosed with XprivacyLua and USNF 2.4.0 (failed)
-Tried with USNF 2.4.0 only (Failed)

Please help if there is any way to settle this.
Really appreciate if anyone can help.
Cheers.

As you likely know, there are serious issues w/ official USNF 2.4.0 (w/ new fixes for PI deviceIntegrity)... I'd be using @Displax's first modded USNF fork w/ his own working PI fixes from here:
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-4-0.4217823/post-87198517

for this reason... (Read his notes in spoiler)...

At first glance your issue seemed to relate to Xiaomi EU custom ROM integrating SNF per @kdrag0n's recommendation...

Personally I prefer clean ROMs that don't integrate prop spoofing based 'fixes' etc because they often conflict with Magisk modules trying to do the same thing... They may be fine without Magisk (eg you seem to be passing PI deviceIntegrity w/o Magisk w/ your ROMs implementation which likely forks the @Displax commits anyway) but cause unexpected surprises for Magisk users...Also, SNF applied to ROMs per @kdrag0n's notes for his Proton ROMs may play well with Magisk USNF module until the latter is updated; seems users may need to wait for their ROM Devs to update inbuilt SNF to match USNF when that occurs...

But now I see your SELinux is set to permissive!?!? Why? ... Is that an official XiaomiEU custom ROM or unofficial build?... Have you disabled Linux security using a recovery flashable mod or other?... Done any other mods?...

... I'd uninstall XPrivacyLUA also, but note banks often detect this even after uninstalling as it doesn't clean up properly... Remove data/system/xlua folder to prevent this detection...

PW

 

[thomas140]

As you likely know, there are serious issues w/ official USNF 2.4.0 (w/ new fixes for PI deviceIntegrity)... I'd be using @Displax's first modded USNF fork w/ his own working PI fixes from here:
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-4-0.4217823/post-87198517

for this reason... (Read his notes in spoiler)...

At first glance your issue seemed to relate to Xiaomi EU custom ROM integrating SNF per @kdrag0n's recommendation...

Personally I prefer clean ROMs that don't integrate prop spoofing based 'fixes' etc because they often conflict with Magisk modules trying to do the same thing... They may be fine without Magisk (eg you seem to be passing PI deviceIntegrity w/o Magisk w/ your ROMs implementation which likely forks the @Displax commits anyway) but cause unexpected surprises for Magisk users...Also, SNF applied to ROMs per @kdrag0n's notes for his Proton ROMs may play well with Magisk USNF module until the latter is updated; seems users may need to wait for their ROM Devs to update inbuilt SNF to match USNF when that occurs...

But now I see your SELinux is set to permissive!?!? Why? ... Is that an official XiaomiEU custom ROM or unofficial build?... Have you disabled Linux security using a recovery flashable mod or other?... Done any other mods?...

... I'd uninstall XPrivacyLUA also, but note banks often detect this even after uninstalling as it doesn't clean up properly... Remove data/system/xlua folder to prevent this detection...

PW

Thanks for your reply. The miui Eu is based from the official miui Eu website.
Also, I'm using the Displax modded USNF
Yes, I found the issue.
The magisk 25.2 is the problem.
I used the magisk 24.1 and manage to resolve the integrity issue except the strong integrity.
As for the selinux to be permissive, it's because the viper4android doesn't work in enforcing under magisk 25.2.
Now that I have changed back to magisk 24.1, viper4android is now worked with enforcing now, so permissive is not needed anymore.

As for XprivacyLua, manage to delete the folder and get applist detector cleared.
But the banking app still manage to find the root.
I tried to use ice box app to freeze magisk, hide my app and greenify but still the same issue.
Is there any solution to bypass?
Attached is the screenshot of detector after ice box freezes those apps.

 

[Sasy969]

Hi guys, I need your help. I'm on latest Evox with no root, but suddenly wallet stopped working saiyng that my device didn't meet safety requirements, how can I solve?

 

[pndwal]

Thanks for your reply. The miui Eu is based from the official miui Eu website.

Yes, I know that... I meant is it official custom XiaomiEU or some unofficial build as I asked... But seems you set permissive SELinux yourself... Doubt you'll pass deviceIntegrity easily with that set...

Also, I'm using the Displax modded USNF
Yes, I found the issue.
The magisk 25.2 is the problem.

How is 25.2 a problem?

I used the magisk 24.1 and manage to resolve the integrity issue except the strong integrity.
As for the selinux to be permissive, it's because the viper4android doesn't work in enforcing under magisk 25.2.
Now that I have changed back to magisk 24.1, viper4android is now worked with enforcing now, so permissive is not needed anymore.

Permissive has not been needed for Viper4AndroidFX for a long while; you don't need old Magisk... And you still didn't describe what mod was used to switch SELinux... If you made system changes you may still have issues after reverting that...

As for XprivacyLua, manage to delete the folder and get applist detector cleared.
But the banking app still manage to find the root.
I tried to use ice box app to freeze magisk, hide my app and greenify but still the same issue.
Is there any solution to bypass?

How would I know?... You haven't even named the app!... PW

 

[pndwal]

Hi guys, I need your help. I'm on latest Evox with no root, but suddenly wallet stopped working saiyng that my device didn't meet safety requirements, how can I solve?

My car won't start... How can I solve?... BTW, it's a green one... PW

 

[pndwal]

Hi guys, I need your help. I'm on latest Evox with no root, but suddenly wallet stopped working saiyng that my device didn't meet safety requirements, how can I solve?

Clue: Read back a bit before posting... PW

 

[DartGerion]

So definitely Google Play Services? (Not '... for AR' etc?)... So G Wallet working without deviceIntegrity?... Please show YASNAC results also (after disabling all modules except USNF)... PW

Should i disable Revanced module and Substratum? Doesn't seem to be really necessary.

 

[Sasy969]

Clue: Read back a bit before posting... PW

Sorry to further bother you, but I have read the last 3/4 pages and i I have read only about other users with root, but i have the same problem without root.
I get MEETS _DEVICE_INTEGRITY and MEETS_BASIC_INTEGRITY, but still wallet says i don't meet safety requirements.
I also have tried with magisk and USNF 2.3.1 Modded but sometimes I get MEETS _DEVICE_INTEGRITY and MEETS_BASIC_INTEGRITY and sometimes I don't, like other users earlier

 

[osm0sis]

Sorry to further bother you, but I have read the last 3/4 pages and i I have read only about other users with root, but i have the same problem without root.
I get MEETS _DEVICE_INTEGRITY and MEETS_BASIC_INTEGRITY, but still wallet says i don't meet safety requirements.
I also have tried with magisk and USNF 2.3.1 Modded but sometimes I get MEETS _DEVICE_INTEGRITY and MEETS_BASIC_INTEGRITY and sometimes I don't, like other users earlier

Why are you in a root module thread if you don't have root. Of course it won't pass without root.

 

[thomas140]

Yes, I know that... I meant is it official custom XiaomiEU or some unofficial build as I asked... But seems you set permissive SELinux yourself... Doubt you'll pass deviceIntegrity easily with that set...

How is 25.2 a problem?

Permissive has not been needed for Viper4AndroidFX for a long while; you don't need old Magisk... And you still didn't describe what mod was used to switch SELinux... If you made system changes you may still have issues after reverting that...

How would I know?... You haven't even named the app!... PW

1. It's official custom xiaomi EU.

2. Yes, understand that viper4android doesn't need to be permissive but I found that it can't run under enforcing anymore since I upgraded to Magisk 25.1 and then to 25.2.
But I saw you got mentioned that it's not easy to pass device integrity with selinux permissive. So I just tried magisk 25.2 again with selinux enforcing, this time, the Cts profile, Device and Basic integrity become Pass except the strong integrity.
And Viper4android status suddenly becomes normal with selinux enforcing.
Previously, I was using selinuxmodechanger app to change selinux, and now, I don't need it anymore.
Not sure which step fixes this viper4android issue that haunted me for 1year

3. The banking app that still detect root is Ocbc Digital- Mobile Banking app(Singapore version). You can try to download the app via link below and test whether can hide from this banking app.
https://ocbc-digital.nl.aptoide.com/app

Attached are the screenshot of the integrity status and selinux changer app.