MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0

[Essentrix]

I've seen it. Cause was permissive selinux; we can pass SafetyNet (basicIntegrity and ctsProfileMatch) with that but not PI basicIntegrity... This additional requirement would probably have come to S/N except that it's superseded by PI, so this API got the stricter basicIntegrity requirement...

I don't yet know of other reasons (enhanced requirements) however, but it's likely there are others.

Try this: disable all Magisk modules, reboot, clear Google Play Services data, enable only latest @Displax USNF, reboot and check again...

Also, check selinux (in terminal emulator type getenforce with su) and in Play integrity API Checker click <> at top and screenshot raw JSON response... PW

Thanks for the update. Made some progress...

 

[pndwal]

Thanks for the update. Made some progress...

Please say what you did... PW

 

[Essentrix]

Please say what you did... PW

Hi, followed your thoughts and cleared Google Play Services data.
Also remembered I had a modded Google Play. Went back to original.

 

[immortalwon]

Has anyone figured out how to bypass 8 ball pool & or KFC app usa root detection?

8 Ball Pool - Apps on Google Play

Play online multiplayer or PvP Pool games and compete with your friends!

play.google.com

KFC US - Ordering App - Apps on Google Play

KFC-US Mobile App

play.google.com

How the device is rooted:

Magisk Alpha 26.101
Shamiko latest --------> GP services, playstore, framework on deny list including KFC & 8 Ball pool.
Hidemyapp list

What could these 2 apps be detecting???

 

[missionman]

I updated module to V2.4.0 but im still getting CTS Profile Match Fail.
Pixel 7 Pro, Android 13. Rooted usinng Magisk 26.1
How do I get CTS Profile Match to pass?
I got a Pass on Device Certification, its just the CTS fail.
It also says HARDWARE_BACKED under Evaluation Type instead of BASIC like it should says if it passes.

 

[zgfg]

I updated module to V2.4.0 but im still getting CTS Profile Match Fail.
Pixel 7 Pro, Android 13. Rooted usinng Magisk 26.1
How do I get CTS Profile Match to pass?
I got a Pass on Device Certification, its just the CTS fail.
It also says HARDWARE_BACKED under Evaluation Type instead of BASIC like it should says if it passes.

2.4 0 from this thread (wrong) or the proper 2.4.0-mod_1.2 from another thread

If needed, please spend 5 minutes to read last few pages here...

 

[rg_gapa]

I know how difficult nowadays is to pass SafetyNet / Play Integration, but maybe there's still something obvious that I'm missing, so I'm looking for advice.

I pass verification at my OnePlus 7T with LineageOS 20 and below, pretty common as I guess, configuration:
- Magisk 26.1
- hidden Magisk app
- Zygisk enabled (without Enforce DenyList)
- DenyList configured for Google Play Service, Play Store, Applist Detector, TB Checker, YASNAC, hidden magisk app, banking apps etc.
- Shamiko 0.7.2
- Universal SafetyNet Fix 2.4.0
- Zygisk LSPosed 1.8.6
- Hide My Applist configured for the same apps as in Magisk DenyList, to hide LSPosed and all root apps

By passing verification I mean:
- SafetyNet Basic + CTS in YASNAC
- All tests in TB Checker (Play Integrity, Root Check, Xposed Check)
-- without SafetyNet Strong integrity and Virtual integrity
- All tests in Applist Detector

So that's great, right? However, if I left device for some time and re-run YASNAC CTS is failing. But If I'll run TB Checker and run tests there, everything is OK back again. After this even YASNAC once again shows passed CTS profile!

This random losing of CTS (until re-running TB Checker) confirms in daily usage, as some apps like banking one are randomly loosing ability to use fingerprint authentication or contactless payment. After running TB Checker and passing CTS once again I might add these payment features back to normal, so it's more like an annoyance than serious problem.

I've tried to reset Google Store/Services/Wallet data and adding some additional Magiks modules related to hidding props but this didn't change a thing, CTS is still failing from time to time, at random moments.

Do you have similar problems? Is there anything I might try to do, or maybe there're some ways to detect which activity at my phone is actually making CTS failing?

Edit: That might be useless post, I just discovered USNF v2.4.0-MOD_1.2... trying it out now.

Edit 2: Works perfectly lol

 

[sakun-ice]

Can somebody help me? I can't get past safety net. I have installed the xiaomi.eu rom on my xiaomi 13. I have Magisk 26.1 with Zygisk. I have installed the modules universal safetynet fix 2.4 mod 1.2 and lsposed. I have added to the deny list: google play services, google play and google play framework. I have deleted the data from those apps and from the bank apps. I have also tried to install the Alpha app instead of Magisk and to hide the magisk app from the settings. But nothing works.

The strange thing is that before installing the xiaomi.eu rom it worked.

 

[zgfg]

Can somebody help me? I can't get past safety net. I have installed the xiaomi.eu rom on my xiaomi 13. I have Magisk 26.1 with Zygisk. I have installed the modules universal safetynet fix 2.4 mod 1.2 and lsposed. I have added to the deny list: google play services, google play and google play framework. I have deleted the data from those apps and from the bank apps. I have also tried to install the Alpha app instead of Magisk and to hide the magisk app from the settings. But nothing works.

The strange thing is that before installing the xiaomi.eu rom it worked.

Xiaomi.eu ROMs can pass Play Integrity (once again, PI is now of interest, SN is deprecated, and if you pass PI you will also pass SN) since they have the spoof built-in

Cannot guarantee for all Xiaomi.eunROMs

Hence, have you tried Play Integrity checker prior than you installed Magisk?

For PI, you should pass Basic and Device Integrity but you cannot pass Strong Integrity (with the unlocked Bootloader)

---

If you switch from Magisk official to Magisk Alpha or Delta, it is not enough (actually, it's then almost as if you did not switch) to install Alpha or Delta app, but after that you also have to install Magisk Alpha or Delta (like through the app, Install, patch and flash the boot img or Direct Install but after reboot you then also have to configure your Magisk Alpha or Delta)

 

[gigavolthavoc07]

Guys how can i use this module in kernelsu?

 

[Nhatlienhoan]

OOS 13.1 on Oneplus 9 fail every safetynet with USNF 2.4.0 mod 1_2. Tried denylist, zygisk and all I used before and worked now don't. Please help and suggest solutions.

 

[immortalwon]

OOS 13.1 on Oneplus 9 fail every safetynet with USNF 2.4.0 mod 1_2. Tried denylist, zygisk and all I used before and worked now don't. Please help and suggest solutions.

Install latest shamiko module. Add google play store, google play services, google services framework to deny list. Clear all app data of above mentioned services and reboot and check again.

 

[pndwal]

OOS 13.1 on Oneplus 9 fail every safetynet with USNF 2.4.0 mod 1_2. Tried denylist, zygisk and all I used before and worked now don't. Please help and suggest solutions.

Disable all modules except USNF and try... Clear Google Play Services data too... If no dice, try older @Displax v2.3.1-MOD_3.0... 2.4.0 changes (part time spoofing etc) still cause issues on some devices and modded 2.3.1 works better for many... PW

 

[Nhatlienhoan]

None works so far.

 

[immortalwon]

None works so far.

Show us a list of which modules you are using with magisk

 

[Nhatlienhoan]

Show us a list of which modules you are using with magisk

Acc, shamiko (from your suggestion), systemless hosts, USNF 2.3.1 mod 3.0 (tried 2.3.1 mod 2.1 and 2.4.0 mod 1.2), v4a re 0.5.0, zygisk LSPosed.

 

[immortalwon]

Acc, shamiko (from your suggestion), systemless hosts, USNF 2.3.1 mod 3.0 (tried 2.3.1 mod 2.1 and 2.4.0 mod 1.2), v4a re 0.5.0, zygisk LSPosed.

Ok now what settings are configured in magisk? Go to the deny list section, take some pictures, etc.

 

[Nhatlienhoan]

Ok now what settings are configured in magisk? Go to the deny list section, take some pictures, etc.

I notice that google framework auto uncheck everytime I open Magisk. Plus Google Play crashed when I clear data of G.Framework, so I restored it from my backup.

 

[immortalwon]

View attachment 5925703
I notice that google framework auto uncheck everytime I open Magisk. Plus Google Play crashed when I clear data of G.Framework, so I restored it from my backup.

You have to restart after clearing the data (not cache, all data) of G.play services, g play services framework, and g play store. Make sure "enforce deny list" is not enabled. It should work and it's also normal for the framework to disable itself, I just do it for good measure. Try again and report results. Don't worry about the crashes, it should be normal after a reboot. Make sure not to accidently uninstall any app updates as that will break the device sometimes.

 

[Nhatlienhoan]

You have to restart after clearing the data (not cache, all data) of G.play services, g play services framework, and g play store. Make sure "enforce deny list" is not enabled. It should work and it's also normal for the framework to disable itself, I just do it for good measure. Try again and report results. Don't worry about the crashes, it should be normal after a reboot. Make sure not to accidently uninstall any app updates as that will break the device sometimes.

I got "Error retrieving information from server. DF-DFERH-01" message in Play store after restart.