MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
- Thread starter kdrag0n
- Start date
Hi,
Thank you for the suggestion, with safetynet-fix-v2.4.0-MOD_1.2.zip the fingerprint scan works now again on my OnePlus 7T (in conjunction with Shamiko-v0.6-126-release.zip)!
Last edited:
I cant open these 2 apps and i dont know why can you check for me?But you need @Displax USNF fork, not official as it's broken ATM... From here:
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-4-0.4217823/post-88149057
And use Play Integrity API Checker to see you have deviceIntegrity (you won't get or need strongIntegrity)...
PW
SNB Mobile - Apps on Google Play
SNB Mobile, The Premiere Mobile Banking Application in KSA
I pass both device and basic integrity so i think its beacise of strong integrity
... That's nothing to do with USNF... It's main function is to bypass use of hardware-backed attestation to collect measurements used for device integrity verdicts.
Zygisk detection etc is the provence of root hiding modules like Shamiko...
USNF is fully working if you can pass Play Integrity deviceIntegrity verdict.
PW
Last edited:
"Module is suspended because Zygisk is not enabled" - But Zygisk IS enabled. It's not working because is suspended.... That's nothing to do with USNF... It's main function is to bypass use of hardware-backed attestation to collect measurements used for device integrity verdicts.
Zygisk detection etc is the provence of root hiding modules like Shamiko...
USNF is fully working if you can pass Play Integrity deviceIntegrity verdict.
Do you have any Ruru modules
Actually, what other modules do you have installed?
Also, do you use safetynet-fix-v2.4.0-MOD_1.2.zip
Also, Magisk app, main screen, top - please provide screenshot to see what Magisk version is installed, does it say Zygisk Yes, etc
Ah, ok... You said 'Zygisk detection' problem... I'm guessing you mean Zygisk activation problem... This is not indicated by toggle in settings... If it has actually activated you'll see Zygisk: Yes in App main page...
As above, Zygisk can be affected by modules; try rebooting with all disabled to eliminate modules... If no dice, please say device ROM etc, and other mods (custom ROM mods etc) you may have...
PWI have
At a glance enhancer
Dolby audio moto G pro
HOS display callibration
Pixel launcher extended for android 13
Yes I use use safetynet-fix-v2.4.0-MOD_1.2.zip
Magisk 26.0
App 26.0
Now I see that that problem is probably with Magisk 26 because it shows that Zygisk is not (working/turned?) But it's turned on In options and I made restart too.
At a glance enhancer
Dolby audio moto G pro
HOS display callibration
Pixel launcher extended for android 13
Yes I use use safetynet-fix-v2.4.0-MOD_1.2.zip
Magisk 26.0
App 26.0
Now I see that that problem is probably with Magisk 26 because it shows that Zygisk is not (working/turned?) But it's turned on In options and I made restart too.
Thank you for help, and sorry.Ah, ok... You said 'Zygisk detection' problem... I'm guessing you mean Zygisk activation problem... This is not indicated by toggle in settings... If it has actually activated you'll see Zygisk: Yes in App main page...
As above, Zygisk can be affected by modules; try rebooting with all disabled to eliminate modules... If no dice, please say device ROM etc, and other mods (custom ROM mods etc) you may have...
The problem occured with Dolby audio moto G pro on Magisk 26. The module blocked Zygisk.
Thanks to the team for making this! However I'm having issues on the OnePlus 8T KB2003
Magisk 26.1
Zygisk Yes
Qualcomm 865
Android Version 13
Shamiko 0.7
SafetyNet-Fix v2.4.0-MOD_1.2
When the SafetyNet-Fix module is ENABLED the Phone PASSES Integrity and CTS but the Fingerprint Reader FAILS
When the SafetyNet-Fix module is DISABLED the Phone FAILS Integrity and CTS but the Fingerprint Reader WORKS
Any ideas?
Magisk 26.1
Zygisk Yes
Qualcomm 865
Android Version 13
Shamiko 0.7
SafetyNet-Fix v2.4.0-MOD_1.2
When the SafetyNet-Fix module is ENABLED the Phone PASSES Integrity and CTS but the Fingerprint Reader FAILS
When the SafetyNet-Fix module is DISABLED the Phone FAILS Integrity and CTS but the Fingerprint Reader WORKS
Any ideas?
:Edit (Thanks @shoey63):
... Try this earlier, pre-runtime-only (ie. part time) spoofing, @Displax modded build:
https://github.com/Displax/safetynet-fix/releases/tag/v2.3.1-MOD_3.0
PW
Last edited:
shoey63
Recognized Contributor
He already is isn't he?Official build is broken ATM anyway... Try this (everyone else is)
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-4-0.4217823/post-88149057
I am on SafetyNet-Fix v2.4.0-MOD_1.2 and I think he's suggesting v2.3.1-MOD_3.0
Trying this now, will report back
This workedOfficial build is broken ATM anyway... Try this (everyone else is)
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-2-4-0.4217823/post-88149057
Edit (Thanks @shoey63):
... Try this earlier, pre-runtime-only (ie. part time) spoofing, @Displax modded build:
https://github.com/Displax/safetynet-fix/releases/tag/v2.3.1-MOD_3.0
thanks for your help!Can P7P users with GPay working please chime in with the following:
OTA version:
Magisk version:
Universal SafetyNet Fix version:
+any other relevant info
Thank you in advance!
OTA version:
Magisk version:
Universal SafetyNet Fix version:
+any other relevant info
Thank you in advance!
Anybody a Starling Bank User? With the latest update on P7P to the App and Base OS - I can no longer hide my root. Doesnt matter what I do and it is still being detected.
Its rather peculiar.. .I cant seem to get my head around what they have done to get it avoid it (Guessing they finally got round to updating the APIs etc they use for Validation / Hardware Att?)
Its rather peculiar.. .I cant seem to get my head around what they have done to get it avoid it (Guessing they finally got round to updating the APIs etc they use for Validation / Hardware Att?)
Sometimes, apps will detect root using means other than just SafetyNet/Play Integrity API. Some things that might be useful for getting the app to work are:
- Use the Shamiko Magisk module and configure the Magisk denylist to not load Magisk for the Starling Bank app.
- Use the Hide My Applist Xposed module to block the Starling Bank app from "seeing" the apps installed on your device.
I tried this and it didnt work - I suspect this is by nature and Starling is able to work around it.
Unless someone with Starling can test this method with the latest update.
Last edited:
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
9New huge update for the Xposed module, also now the repo it's in LSPosed repo so it will appear in LSPosed app. You will want to install it
GitHub - swer45/AttestationSpoofer: Xposed module that spoofs a fake root of trust in local attestations
Xposed module that spoofs a fake root of trust...
github.com
As you can see, now the module will spoof a locked bootloader with a verified boot state in RootOfTrust. This should work in all devices that have a TEE or StrongBox. If someone crash tag me and I will try to fix it.
Also I'm working in Magisk module (Zygisk), but it's difficult XD.5
'Hate' is a strong word!...
Anyway, when the original CyanogenMod bundled all proprietary GApps for one thing, Google issued their infamous "Cease And Desist" order and Steve Kondik thought his baby was dead!...
However Google were quick to clarify that although custom OS's could not legitimately bundle GApps (Nb. other ROMs still do), users are welcome to 'sideload' the same (as devices themselves are generally certified through CTS while custom ROMs are not)...
So OpenGapps was formed to offer legitimised seperate packages, Steve continued with CM project, users continued to use vanilla CM (and later LOS) with proprietary Google Apps, and all in the custom mod world was sweet again...
Of course Google must have realised they nearly shot themselves in the foot with that action, but they scrambled to offer a solution / compromise that wouldn't result in the death of CM or custom ROMs as we know them...
I think the Lineage team simply see that Google is actually the custom modders benefactor and is (in reality) supportive of them and custom mods/ROMs in general if Devs play by the rules, and LOS is simply willing to do so...
Also, they are in the best position to get their custom ROM approved/certified in future (see my post above) by being careful 'not to subvert Google's security model' by tampering expected signals... Note that Magisk now follows this same policy, and I think that's not just because John is a Googler now; it's also a sign of his maturity as a responsible dev...
And ensuring that the main custom mods (ROM, root/overlay framework) comply in no way prevents "those passionate about hiding" from "doing their job"!... Both history and you are proving that.
Personally I think LOS is great and follows a great tradition!
PW5
With this module you can start the CIB Egypt Mobile Banking which is the only app I know they check if you have an unlocked bootloader. Enjoy
3Tested with all my devices with different ROMs. PE, OctaviOS, AncientOS, EvolutionX and Bootleggers
Yeah... Maybe most custom ROMs now integrate SNF (per Proton model) or other spoofing... But what about Stock ROM users...
<SNIP>
Just to mention, official LineageOS builds are not allowed to include 'hacks' like this.
LineageOS Charter - [Github] - SafetyNet
"- All devices MUST NOT alter SafetyNet validation responses."
Cheers.
3
Alpha works because after disabling Zygisk (which you need to do ATM) you have MagiskHide (old style) restored...
You need to hide root from Starling but you cannot use Denylist or Shamiko as both require Zygisk, and even with native bridge loaded Zygisk (already implemented in Alpha, but still not fully hidable as is evident by Starling detections) injection/hooking is detected by memory scanning (or other means?)...
Some have reported that Starling app gives you a week's grace from when it detects root until it fails to open... Just a guess on my part, but you may need a non-Zygisk hide solution again when/if that occurs.Thanks a lot, it finally worked with Magisk alpha so, because it has worked this way, I tried to uninstall magisk alpha and normal magisk and reinstalling normal magisk and it is working as well without any module installed ... so I do not know what happened in the first place... could be that it just needed to make the initial bank app start without rooting and, after this first start, root the device and apply "denylist" in Magisk...
Thanks all of you for your support
PW -
324Universal SafetyNet Fix
Magisk module
Magisk module to work around Google's SafetyNet attestation.
This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS profile attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.
If you still have trouble passing SafetyNet with this module, use MagiskHide Props Config to spoof a certified device profile. This is a common issue on old devices, custom ROMs, and stock ROMs without GMS certification (e.g. Chinese ROMs).
Android versions up to 13 Beta 3 are supported, including OEM skins such as Samsung One UI and MIUI.
How does it work?
The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.
Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module. See the ProtonAOSP website for more information.
Downloads
Downloads and changelogs can be found on GitHub. The topmost release is the latest.
Latest release
v2.4.0
Highlights
- Play Integrity bypass without breaking device checks or causing other issues
- Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)
- Updated instructions for newer Android and Magisk versions
- Better debugging for future development
It's taken a while to find a way to bypass Play Integrity that doesn't require spoofing the build fingerprint permanently, but I wanted to make sure this module doesn't cause any unnecessary breakage. Just like the original goal of Universal SafetyNet Fix, this minimizes adverse effects by spoofing dynamically at runtime only when necessary. Enjoy!
If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support.
Alternatively, you can also buy me a coffee. All support is appreciated
Source code222So, here is my modification of USNF with Play Integrity API bypass.
It changes fingerprint to old7.1.26.0 (LOL) and apply it only for GMS SafetyNet process (by Zygisk injection), so your original prints/security path level does not change. This avoids many side effects/problems with global props changing.
Updated 3.0:
No words needed, you understand everything yourself
Updated 2.1:
Hide "Enable OEM Unlock" setting
Updated 2.0:
Bypassing DEVICE_INTEGRITY for devices that shipped with Android 13+ (Pixel`s 7 )
Updated:
Drop fingerprint to lowest possible (6.0) to ensure that no one use same Android version
Usage:
1. Delete/disable/reset MagiskHidePropsConfig (if installed).
2. Just install it over old Universal SafetyNet Fix and reboot device.
3. You may be needed to wipe GMS data (not cache) if there is no result immediately.
Many thanks to @1nikolas for integrity checker.
Source code: https://github.com/Displax/safetynet-fix/tree/integrity58So, here is my new modification of USNF with Play Integrity API bypass.
It is now based on top of original v2.4.0 codebase instead of v2.3.1, with adding new hiding algorithm for current realities and some code refreshing.
Changelog:
Version 1.2
* Fix crash and endless tests loop/failing on Android < 9.0 (bug from original version 2.4.0).
* Do not unpatch (revert) changes. To prevent possible tests failing after a while on some ROMs (cross conflicts).
Version 1.1
* Fix KeyStore hook desynchronization (tests randomly failing problem).
Usage:
1. Delete/disable/reset MagiskHidePropsConfig (if installed).
2. Just install it over old Universal SafetyNet Fix and reboot device.
3. You may be needed to wipe GMS data (not cache) if there is no result immediately.
Source code: https://github.com/Displax/safetynet-fix/tree/dev33So, created separate thread for my mod. Welcome)
[MODULE] [MOD] Universal SafetyNet Fix
Universal SafetyNet Fix [MOD] Magisk module...
forum.xda-developers.com
31Folks, the SafetyNet API was depreciated last Month with 'full turndown' slated for June 2024 and the introduction of the new Play Integrity API. It has also become clear that Google apps are simply the first to adopt the long foretold Play Integrity API; all responsible banks are bound to follow suit in short order, and at least before the June 2023 migration deadline.
This means (assuming fully deployed Hardware Key Attestation doesn't come first
) that the need for a 'Universal Play Integrity Fix' has become quite urgent.
We currently have workarounds involving using older fingerprint props by means of MHPC module (similar to fix needed for uncertified ROMs), but success/mileage varies per device and users of regular bank apps / gamers etc on stock devices will all soon be forced to experiment with MHPC prints also... This is hardly ideal.
So I've made an issue report/request on USNF GitHub as follows. This information may be insightful to users here also...
Please let me know here if I have missed anything important, or add any technically relevant details there...
PLEASE DON'T spam that issue with unimportant details or queries... (The previous issue is already burgeoning w/ OT.) That's what this thread is for...
:
Here's hoping... PW
