MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0

[Nergal di Cuthah]

Does the modded version work with Magisk v23 do you know?

Works fine as far as i can tell

 

[bangrod]

Works fine as far as i can tell

Does it need to be installed with the kdrag0n original mod or should I remove that one first?

 

[Nergal di Cuthah]

Does it need to be installed with the kdrag0n original mod or should I remove that one first?

If you are downgrading i suppose best practice is to remove the newer, don't know if it is necessary though. If you're on older than 2.4.0 then you should be able to install over (but don't follow the update button after as it will upgrade you to 2.4.0)

 

[bangrod]

If you are downgrading i suppose best practice is to remove the newer, don't know if it is necessary though. If you're on older than 2.4.0 then you should be able to install over (but don't follow the update button after as it will upgrade you to 2.4.0)

Ok thanks I'll try it again. I'm using older version as I'm on magisk v23 and need the Riru version of safety net fix

 

[Nergal di Cuthah]

Ok thanks I'll try it again. I'm using older version as I'm on magisk v23 and need the Riru version of safety net fix

I'm sorry i think I misread your magisk version. I think I'm on 25

 

[christantoan]

Sorry for bumping but can anyone help me with this, please?

This is probably off-topic and if so, can anyone please point me to where should I post to ask for advice about general apps root avoidance?

Since its latest update, I've been unable to open this app (the app's apk is attached just in case it's exclusive to my region) because it detects that my phone is insecure. My phone passes PI until basic integrity so maybe someone with strong integrity verdict can help me check if the app requires it.
View attachment 5820903

For information, I've tried HMA and DenyList with Shamiko.

Thank you in advance.

Thank you!

 

[pndwal]

Does the modded version work with Magisk v23 do you know?

No... It's a Zygisk module so needs 24.0+.

You can use Riru modules, eg @huskydg's USNF fork, or official Riru-USNF + Magiskhide + for PI deviceIntegrity use MHPC to manually add a mismatched fingerprint prop and manually alter shipping level prop value (for A13 LV devices) if google enforces hardware based verdicts for Play Integrity API on you device. (Hardware based verdict enforcement for SafetyNet API is bypassed by mismatched model prop in Riru-USNF)... PW

 

[pndwal]

Works fine as far as i can tell

Does it need to be installed with the kdrag0n original mod or should I remove that one first?

Please see post above... PW

 

[huskydg]

Sorry for bumping but can anyone help me with this, please?



Thank you!

Yes, but you have to uninstall UNSF and give up official magisk. Also even you switch to another unofficial magisk, installing USNF will make it detects again. That's your choice ¯\_(ツ)_/¯

Also check this:

[Suggestion] Bypass Safetynet without using resetprop · Issue #253 · kdrag0n/safetynet-fix

We have few apps that detect dirty props change done by Magisk resetprop. This will make it is impossible to use these apps and make Safetynet passed on stock ROM. We need to change necessary props...

github.com

 

[christantoan]

Yes, but you have to uninstall UNSF and give up official magisk. That's your choice ¯\_(ツ)_/¯

Also check this:

[Suggestion] Bypass Safetynet without using resetprop · Issue #253 · kdrag0n/safetynet-fix

We have few apps that detect dirty props change done by Magisk resetprop. This will make it is impossible to use these apps and make Safetynet passed on stock ROM. We need to change necessary props...

github.com

Ouch

Thank you for the advice though. Glad to know how the apps detect root.

 

[Sasy969]

Hi again guys
thanks to the help of @pndwal I was able to have wallet working, simply adding com.google.android.gms.unstable and com.google.android.gms to magisk denylist with no USNF magisk module at all.
Until now everything was working preatty fine and i was using wallet for paymenti without any problem, but now I have just opened wallet and again the same poup up saying my device doesn't meet safety requirements.

Attual Setup
Magisk installed
One Plus 9 eith EvolutionX ROM (ROM seems to have some tricks to pass safetny net on its own)
No magisk module installed
i am able to get MEETS _DEVICE_INTEGRITY and MEETS_BASIC_INTEGRITY

 

[AnyNameYouWish]

On Google Pixel 5, I installed january update last weekend. Since today only, I can't pass integrity check anymore.

I followed V0latyle and Homeboy76 guides, tried with Kdrag0n(2.4) and Displax's (3 available versions) modules. Each time I flashed in Magisk then wiped Play Store, Play services and Wallet cache and data.

Deny list is configured but not enforced since I use Shamiko. I tried both ways tho, but unsuccessful in both.

No changes in my modules since I updated so I don't think one of them caused it, but here's the lists:

My modules in magisk are
- AOSP Mods Full 2.6.0
- Builtin Busybos 1.0.4
- Debloater 17.3.3
- Magisk Bootloop protector 1.5
- mindetach 2.3
- Shamiko 06
- Universal SafetyNet Fix 2.4.0 (Kdrag0n)
- Youtube Revanced 18.03.36
- Zygist Lsposed 1.8.5 mod

In Lsposed, modules are :
- AOSP mods
- Let me downgrade
- UniversalAuth
- UpdateLocker
- XprivacyLUA

Any idea what I'm missing and what could be a fix?

 

[wyt18]

On Google Pixel 5, I installed january update last weekend. Since today only, I can't pass integrity check anymore.

I followed V0latyle and Homeboy76 guides, tried with Kdrag0n(2.4) and Displax's (3 available versions) modules. Each time I flashed in Magisk then wiped Play Store, Play services and Wallet cache and data.

Deny list is configured but not enforced since I use Shamiko. I tried both ways tho, but unsuccessful in both.

No changes in my modules since I updated so I don't think one of them caused it, but here's the lists:

My modules in magisk are
- AOSP Mods Full 2.6.0
- Builtin Busybos 1.0.4
- Debloater 17.3.3
- Magisk Bootloop protector 1.5
- mindetach 2.3
- Shamiko 06
- Universal SafetyNet Fix 2.4.0 (Kdrag0n)
- Youtube Revanced 18.03.36
- Zygist Lsposed 1.8.5 mod

In Lsposed, modules are :
- AOSP mods
- Let me downgrade
- UniversalAuth
- UpdateLocker
- XprivacyLUA

Any idea what I'm missing and what could be a fix?

Try uninstalling xprivacylua and delete all the folders it created in system and sdcard. That was what tripped integrity checker for me before

 

[AnyNameYouWish]

Try uninstalling xprivacylua and delete all the folders it created in system and sdcard. That was what tripped integrity checker for me before

Holy Moly you made me happy!

I didn't find any folder to delete, but first try with Displax latest mod + clear data from Play Store, Play service and Wallet did the job.

I reinstalled XprivacyLUA, so far so good Still have to go out and test the wallet.

Thanks Captain! May I ask how did you find out?

 

[wyt18]

Holy Moly you made me happy!

I didn't find any folder to delete, but first try with Displax latest mod + clear data from Play Store, Play service and Wallet did the job.

I reinstalled XprivacyLUA, so far so good Still have to go out and test the wallet.

Thanks Captain! May I ask how did you find out?

I tried everything and at some point deleted all my magisk and xposed modules to test individually

Be careful about using xprivacy, it may trip integrity again at some point. I removed it completely and now all works fine

 

[Sasy969]

Hi again guys
thanks to the help of @pndwal I was able to have wallet working, simply adding com.google.android.gms.unstable and com.google.android.gms to magisk denylist with no USNF magisk module at all.
Until now everything was working preatty fine and i was using wallet for paymenti without any problem, but now I have just opened wallet and again the same poup up saying my device doesn't meet safety requirements.

Attual Setup
Magisk installed
One Plus 9 eith EvolutionX ROM (ROM seems to have some tricks to pass safetny net on its own)
No magisk module installed
i am able to get MEETS _DEVICE_INTEGRITY and MEETS_BASIC_INTEGRITY

Update: I have tried again to simply delete the data of GW, GPS and PS and wallet started working again

 

[Schroeder09]

Try uninstalling xprivacylua and delete all the folders it created in system and sdcard. That was what tripped integrity checker for me before

how can you tell this? I am now out of nowhere not passing integrity check, and I have no idea why, and I'm not sure ow to troubleshoot to determine the cause.

 

[wyt18]

how can you tell this? I am now out of nowhere not passing integrity check, and I have no idea why, and I'm not sure ow to troubleshoot to determine the cause.

try uninstalling all your xposed / magisk modules and see if that works

 

[Schroeder09]

try uninstalling all your xposed / magisk modules and see if that works

will disabling them do the same trick?

edit: disabled XPL and rebooted. now im passing safety net. wth!? I guess I will have to see what google apps I restricted the last couple days and undo that? is that the proper course of action?


EDIT#2: Cant seem to get safety net to pass if XPL is active at all. Is there cache or data in certain folders I need to delete or rename? I'm on A13 on a p7p with the latest security update. I have magisk 25.2 and lsposed 1.8.6. I'm using universal safety net fix 2.4.0.

EDIT #3: so it seems restricting gboard with XPL causes safetynet to trip. I will post a 4th edit, but I believe there is a specific restriction on gboard that is causing this.

 

[pndwal]

will disabling them do the same trick?

edit: disabled XPL and rebooted. now im passing safety net. wth!? I guess I will have to see what google apps I restricted the last couple days and undo that? is that the proper course of action?

EDIT#2: Cant seem to get safety net to pass if XPL is active at all. Is there cache or data in certain folders I need to delete or rename? I'm on A13 on a p7p with the latest security update. I have magisk 25.2 and lsposed 1.8.6. I'm using universal safety net fix 2.4.0.

EDIT #3: so it seems restricting gboard with XPL causes safetynet to trip. I will post a 4th edit, but I believe there is a specific restriction on gboard that is causing this.

A number of modules will break basicIntegrity even for S/N API, more for PI API... Some configurations in modules like XPrivacyLUA will also break ctsProfileMatch etc... Disabling all modules other than USNF is the correct approach for diagnosing issues...

Nb. Banks often detect XPrivacyLUA even after uninstalling as it doesn't clean up properly... Remove data/system/xlua folder to prevent this detection...

PW