MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
- Thread starter kdrag0n
- Start date
But you need @Displax USNF fork, not official as it's broken ATM... From here:
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-4-0.4217823/post-88149057
And use Play Integrity API Checker to see you have deviceIntegrity (you won't get or need strongIntegrity)...
PW
Last edited:
Same as above... And if deviceIntegrity doesn't pass, try with all modules disabled except modded USNF...
Nb. SafetyNet API is deprecated now and most banks have moved on to Play Integrity API... Modders need to keep up too...
PW
Thank you. Trying this now. I don't have any other modules installed, Not sure what Nb means, but I think it worked.Same as above... And if deviceIntegrity doesn't pass, try with all modules disabled except modded USNF...
Nb. SafetyNet API is deprecated now and most banks have moved on to Play Integrity API... Modders need to keep up too...
Thanks again boss.
I tried. It didn't help me.But you need @Displax fork, not official as it's broken ATM... From here:
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-4-0.4217823/post-88149057
And use Play Integrity API Checker to see you have deviceIntegrity (you won't get or need strongIntegrity)...
Give some information then... What device? ROM? Android version? YASNAC results? Play Integrity API Checker results? What's in denylist?... PW
Device: Realme GT2 pro (RMX 3301)
Android 13 (Realme UI 4.0 version - c13)
Attachments
-
Screenshot_2023-03-26-16-45-31-10.jpg -
Screenshot_2023-03-26-16-45-55-45_fc704e6b13c4fb26bf5e411f75da84f2.jpg -
Screenshot_2023-03-26-16-46-18-52_785cfb1f0fb0c9a2030c9b38a1c3479a.jpg -
Screenshot_2023-03-26-16-47-03-48_0ecf870e1d5390b9ac21ebc76f00749d.jpg -
Screenshot_2023-03-26-16-47-11-25_c164fb607f41c6d3a88bed2bf1a99c07.jpg
My friend, maybe I found solution. I installed magisk hide props module and set all props to active, reset services and now google pay is working well. Now i will test it for some time.
Thank you for your help and answers.
You shouldn't need MHPC... May have needed G Play Services data wipe... shouldn't have any gms processes in denylist... Need Zygisk=yes in Magisk App... Don't change selinux to permissive...
Please say if you ran other mods (eg TWRP flashable .zips... PW
From your screenshots, it doesn't look like all the selections in the sub-selection/drop-down are ticked...you need every single one of them to be ticked...
But you really need to pass everything other than "STRONG_INTEGRITY" if you want any hope of getting Wallet or other (especially Google based) apps to work while rooted...
Also, you should really recheck if Displax's USNF-MOD 1.2 is properly installed and working as, usually, the mod in itself is usually enough...
Also you can do (or re-do, as it were) what I stated below; it seemed to work for sas46...
Thank you my friend, I solved my problem with magisk hide props module. If i tick all of drop-down in google services, wallet stops to work, even with USNF-mod. So I can do well only with mhp module.
USNF hides attestation/droidguard (com.google.android.gms.unstable) gms (Play Services) process itself since Denylist breaks USNF's key functions, especially the injection of code in gms to register a fake keystore and cause the fallback to basic attestation... That's why if you add this to denylist it will kill USNF (deviceIntegrity will be failing) if Denylist is enforced until next boot when USNF will actually remove it from denylist for you!...
With Zygisk based USNF, simply don't add any gms (Google Play Services) processes to Denylist... PW
I'm starting to fail CTS as of a couple days ago. It will intermittently pass, but if I open Google Wallet then I get a notice about not meeting the requirements, and it will fail for a while. Play Integrity Checker will also cause it to fail consistently, but YASNAC sometimes passes, sometimes fails.
Hello herrlegno
Have you found any working solution for Caixabank Sign ?
I have Xiaomi Mi android 13 with opened bootloader, when rooted Cbk sign don't works, not mater any magisk tweak I've tried. I unrooted (not locking bootloader) and Cbk sign works.
No, the only solution i found was to change rom. I'm with pixel experience now. Without magisk but with bootloader unlocked.
Hi,
My OnePlus 7T got recently the Android 12 update (OxygenOS 12.1 version HD1903_11_F.20) and I took the change to update Universal SafetyNet Fix to version 2.4.0 (from version 2.3.1).
The SafetyNet Fix-update was a BIG MISTAKE!
Now the fingerprint unlock does not work anymore. :-(
I tried all the suggestions (clearing data and hiding of Google apps/services, reboot, installed old version of SafetyNet Fix, ...) but nothing helped so far.
Only disabling SafetyNet Fix brings back the fingerprint function...
...but then it breaks the Microsoft Authenticator and Outlook!
Any further ideas? Maybe a complete list Google Apps/Services (incl. system one) would help...
My OnePlus 7T got recently the Android 12 update (OxygenOS 12.1 version HD1903_11_F.20) and I took the change to update Universal SafetyNet Fix to version 2.4.0 (from version 2.3.1).
The SafetyNet Fix-update was a BIG MISTAKE!
Now the fingerprint unlock does not work anymore. :-(
I tried all the suggestions (clearing data and hiding of Google apps/services, reboot, installed old version of SafetyNet Fix, ...) but nothing helped so far.
Only disabling SafetyNet Fix brings back the fingerprint function...
...but then it breaks the Microsoft Authenticator and Outlook!
Any further ideas? Maybe a complete list Google Apps/Services (incl. system one) would help...
Last edited:
Just go back to an older version. I'm still using Universal Safetynet fix version 2.3.1mod_3.0. This version has been working for me, never updated to the recent one. BTW, you're lucky to have fingerprint working at all. Almost all the time when the bootloader is unlocked, that instantly blocks the fingerprint reader from working.
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
9New huge update for the Xposed module, also now the repo it's in LSPosed repo so it will appear in LSPosed app. You will want to install it
GitHub - swer45/AttestationSpoofer: Xposed module that spoofs a fake root of trust in local attestations
Xposed module that spoofs a fake root of trust...
github.com
As you can see, now the module will spoof a locked bootloader with a verified boot state in RootOfTrust. This should work in all devices that have a TEE or StrongBox. If someone crash tag me and I will try to fix it.
Also I'm working in Magisk module (Zygisk), but it's difficult XD.7GitHub - chiteroman/AttestationSpoofer: Xposed module that spoofs a fake root of trust in local attestations
Xposed module that spoofs a fake root of trust...
github.com
5
With this module you can start the CIB Egypt Mobile Banking which is the only app I know they check if you have an unlocked bootloader. Enjoy
5
I updated the Xposed module with better hooking method to don't affect another apps. This afternoon I will work in Zygisk module, I will try to do it.5
'Hate' is a strong word!...
Anyway, when the original CyanogenMod bundled all proprietary GApps for one thing, Google issued their infamous "Cease And Desist" order and Steve Kondik thought his baby was dead!...
However Google were quick to clarify that although custom OS's could not legitimately bundle GApps (Nb. other ROMs still do), users are welcome to 'sideload' the same (as devices themselves are generally certified through CTS while custom ROMs are not)...
So OpenGapps was formed to offer legitimised seperate packages, Steve continued with CM project, users continued to use vanilla CM (and later LOS) with proprietary Google Apps, and all in the custom mod world was sweet again...
Of course Google must have realised they nearly shot themselves in the foot with that action, but they scrambled to offer a solution / compromise that wouldn't result in the death of CM or custom ROMs as we know them...
I think the Lineage team simply see that Google is actually the custom modders benefactor and is (in reality) supportive of them and custom mods/ROMs in general if Devs play by the rules, and LOS is simply willing to do so...
Also, they are in the best position to get their custom ROM approved/certified in future (see my post above) by being careful 'not to subvert Google's security model' by tampering expected signals... Note that Magisk now follows this same policy, and I think that's not just because John is a Googler now; it's also a sign of his maturity as a responsible dev...
And ensuring that the main custom mods (ROM, root/overlay framework) comply in no way prevents "those passionate about hiding" from "doing their job"!... Both history and you are proving that.
Personally I think LOS is great and follows a great tradition!
PW -
324Universal SafetyNet Fix
Magisk module
Magisk module to work around Google's SafetyNet attestation.
This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS profile attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.
If you still have trouble passing SafetyNet with this module, use MagiskHide Props Config to spoof a certified device profile. This is a common issue on old devices, custom ROMs, and stock ROMs without GMS certification (e.g. Chinese ROMs).
Android versions up to 13 Beta 3 are supported, including OEM skins such as Samsung One UI and MIUI.
How does it work?
The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.
Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module. See the ProtonAOSP website for more information.
Downloads
Downloads and changelogs can be found on GitHub. The topmost release is the latest.
Latest release
v2.4.0
Highlights
- Play Integrity bypass without breaking device checks or causing other issues
- Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)
- Updated instructions for newer Android and Magisk versions
- Better debugging for future development
It's taken a while to find a way to bypass Play Integrity that doesn't require spoofing the build fingerprint permanently, but I wanted to make sure this module doesn't cause any unnecessary breakage. Just like the original goal of Universal SafetyNet Fix, this minimizes adverse effects by spoofing dynamically at runtime only when necessary. Enjoy!
If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support.
Alternatively, you can also buy me a coffee. All support is appreciated
Source code222So, here is my modification of USNF with Play Integrity API bypass.
It changes fingerprint to old7.1.26.0 (LOL) and apply it only for GMS SafetyNet process (by Zygisk injection), so your original prints/security path level does not change. This avoids many side effects/problems with global props changing.
Updated 3.0:
No words needed, you understand everything yourself
Updated 2.1:
Hide "Enable OEM Unlock" setting
Updated 2.0:
Bypassing DEVICE_INTEGRITY for devices that shipped with Android 13+ (Pixel`s 7 )
Updated:
Drop fingerprint to lowest possible (6.0) to ensure that no one use same Android version
Usage:
1. Delete/disable/reset MagiskHidePropsConfig (if installed).
2. Just install it over old Universal SafetyNet Fix and reboot device.
3. You may be needed to wipe GMS data (not cache) if there is no result immediately.
Many thanks to @1nikolas for integrity checker.
Source code: https://github.com/Displax/safetynet-fix/tree/integrity58So, here is my new modification of USNF with Play Integrity API bypass.
It is now based on top of original v2.4.0 codebase instead of v2.3.1, with adding new hiding algorithm for current realities and some code refreshing.
Changelog:
Version 1.2
* Fix crash and endless tests loop/failing on Android < 9.0 (bug from original version 2.4.0).
* Do not unpatch (revert) changes. To prevent possible tests failing after a while on some ROMs (cross conflicts).
Version 1.1
* Fix KeyStore hook desynchronization (tests randomly failing problem).
Usage:
1. Delete/disable/reset MagiskHidePropsConfig (if installed).
2. Just install it over old Universal SafetyNet Fix and reboot device.
3. You may be needed to wipe GMS data (not cache) if there is no result immediately.
Source code: https://github.com/Displax/safetynet-fix/tree/dev33So, created separate thread for my mod. Welcome)
[MODULE] [MOD] Universal SafetyNet Fix
Universal SafetyNet Fix [MOD] Magisk module...
forum.xda-developers.com
31Folks, the SafetyNet API was depreciated last Month with 'full turndown' slated for June 2024 and the introduction of the new Play Integrity API. It has also become clear that Google apps are simply the first to adopt the long foretold Play Integrity API; all responsible banks are bound to follow suit in short order, and at least before the June 2023 migration deadline.
This means (assuming fully deployed Hardware Key Attestation doesn't come first
) that the need for a 'Universal Play Integrity Fix' has become quite urgent.
We currently have workarounds involving using older fingerprint props by means of MHPC module (similar to fix needed for uncertified ROMs), but success/mileage varies per device and users of regular bank apps / gamers etc on stock devices will all soon be forced to experiment with MHPC prints also... This is hardly ideal.
So I've made an issue report/request on USNF GitHub as follows. This information may be insightful to users here also...
Please let me know here if I have missed anything important, or add any technically relevant details there...
PLEASE DON'T spam that issue with unimportant details or queries... (The previous issue is already burgeoning w/ OT.) That's what this thread is for...
:
Here's hoping... PW
