MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0

Search This thread
By:
Advanced…
I

immortalwon

Senior Member
Mar 11, 2017
256
117
Nhatlienhoan said:
Still that Error. (That's the reason I restore Framework data)
Click to expand...
Click to collapse
Damn something is off with your firmware then lol. I never have this issue. If I was you, I would format all data and downgrade my firmware unless you like OOS 13.1.
Make a full backup of everything and format all data using twrp. Make sure to flash the new firmware immediately after format. Which device are you currently using? I actually don't have too much time right now I G2G, but hopefully you figure it out.
 
N

Nhatlienhoan

Senior Member
Jun 17, 2020
71
11
OnePlus 5T
OnePlus 9
immortalwon said:
Damn something is off with your firmware then lol. I never have this issue. If I was you, I would format all data and downgrade my firmware unless you like OOS 13.1.
Make a full backup of everything and format all data using twrp. Make sure to flash the new firmware immediately after format. Which device are you currently using? I actually don't have too much time right now I G2G, but hopefully you figure it out.
Click to expand...
Click to collapse
Thank you so much for spending that time trying to help me. I really appreciate it. I'll try and mess around. (One more thing I noticed is that for some reason, in my local updater app, it shows I have F24 as my firmware while it showed 13.1 EXO001 before. I did fool around but forgot what I did and usually, those things I did often and shouldn't make any major change). Thanks again!
 
P

pndwal

Senior Member
Jun 23, 2016
7,016
8,101
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
Nhatlienhoan said:
None works so far. :(
Click to expand...
Click to collapse
Did you try my suggestion?:
pndwal said:
Disable all modules except USNF and try... Clear Google Play Services data too... If no dice, try older @Displax v2.3.1-MOD_3.0... 2.4.0 changes (part time spoofing etc) still cause issues on some devices and modded 2.3.1 works better for many... 👀 PW
Click to expand...
Click to collapse
Also, remove everything Google from denylist (only exception would be G Pay/Wallet)... Zygisk-USNF hides root from gms itself; Nb. zy-USNF can work with gms processes in denylist only if it's disabled, including w/ Shamiko but that is still double-hiding and not recommended... Enforced Denylist necessarily breaks zy-USNF as it prevents the basic function, ie. running code in gms Droidguard/attestation process to register fake keystore...

Also, please confirm ROM is fully stock, selinux is enforcing and you have run no other mods (eg from TWRP)...

If all above is correct and no dice, I'd try dirty flashing current ROM (will fix any corruption unless in /data); Use fastboot type full ROM as these are often more complete than recovery type...

🤠 PW
 
mslezak

mslezak

Senior Member
Dec 12, 2016
450
445
Houston
OnePlus 8T
Samsung Galaxy S23
pndwal said:
Did you try my suggestion?:

Also, remove everything Google from denylist (only exception would be G Pay/Wallet)... Zygisk-USNF hides root from gms itself; Nb. zy-USNF can work with gms processes in denylist only if it's disabled, including w/ Shamiko but that is still double-hiding and not recommended... Enforced Denylist necessarily breaks zy-USNF as it prevents the basic function, ie. running code in gms Droidguard/attestation process to register fake keystore...

Also, please confirm ROM is fully stock, selinux is enforcing and you have run no other mods (eg from TWRP)...

If all above is correct and no dice, I'd try dirty flashing current ROM (will fix any corruption unless in /data); Use fastboot type full ROM as these are often more complete than recovery type...

🤠 PW
Click to expand...
Click to collapse
This helped me out - my issue was having Enforce DenyList turned on in Magisk. My device attestation is busted, Universal Safety-Net Fix (USNF) modded by Displax worked. Magisk settings: Zygisk, Configure DenyList (NOT ENFORCE DENYLIST!) add GPay to DenyList, add Google Wallet to DenyList. Install USNF in Magisk, reboot. Force stop Play Store, clear cache. Clear GPay cache and data. Setup GPay.
 
Last edited:
P

pndwal

Senior Member
Jun 23, 2016
7,016
8,101
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
mslezak said:
This helped me out - my issue was having Enforce DenyList turned on in Magisk. My device attestation is busted, Universal Safety-Net Fix (USNF) modded by Displax worked. Magisk settings: Zygisk, Configure DenyList (NOT ENFORCE DENYLIST!) add GPay to DenyList, add Google Wallet to DenyList. Install USNF in Magisk, reboot. Force stop Play Store, clear cache. Clear GPay cache and data. Setup GPay.
Click to expand...
Click to collapse
Do you still have any Google Play Services processes in denylist? PW
 
P

pndwal

Senior Member
Jun 23, 2016
7,016
8,101
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
Last edited:
Abhishek.0

Abhishek.0

Member
May 28, 2023
5
0
zgfg

zgfg

Senior Member
Oct 10, 2016
9,593
7,452
Redmi K20 / Xiaomi Mi 9T
Xiaomi Mi 11
Abhishek.0 said:
i use this but not pass
and also show
basic integrity fail
and cts profile fail
without module only show cts profile fail
what happen i do
Click to expand...
Click to collapse
Does Zygisk show enabled on the Magisk app, main screen, top?

Make sure you have no SELinux Permissive

Also no Riru modules and no XLua (you must manually clean remaining sh... files after removing XLua)

Or, if you prefer Riru, search on TG for alternative solutions instead of the Zygisk USNF here
 
P

pndwal

Senior Member
Jun 23, 2016
7,016
8,101
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
Abhishek.0 said:
i use this but not pass
and also show
basic integrity fail
and cts profile fail
without module only show cts profile fail
what happen i do
Click to expand...
Click to collapse
... Further, please say device / ROM...

Have you tried with nothing Google in denylist except G Pay/Wallet, and all modules disabled except @Displax modded USNF after clearing Google Play Services data?

Especially, try it with MagiskHide Props Config module disabled or removed despite what @kdrag0n says. 😬 PW
 
Last edited:
voetbalremco

voetbalremco

Inactive Recognized Developer
Jan 6, 2012
4,630
1,889
gelderland
Xiaomi Poco F3
Poco F5 Pro / Redmi K60 (China)
zgfg

zgfg

Senior Member
Oct 10, 2016
9,593
7,452
Redmi K20 / Xiaomi Mi 9T
Xiaomi Mi 11
voetbalremco said:
On MIUI it's the other way around, Displax his mod breaks safetynet while the original module still works.
Click to expand...
Click to collapse
Maybe if you have Xiaomi.eu

In that case you pass Play Integrity (that's relevant, not the deprecated SN, but you will also pass SN) without a need for USNF (although your Bootloader is unlocked) - but only if you don't have Magisk

With Magisk, you then also need USNF, but you can try instead SafetyNet Sensitive Props (eg, I use instead of USNF) - screenshot

That's bcs some versions of Xiaomi.eu already have USNF implemented to the ROM.
Otherwise, users would not be able to use Wallet, since they had to unlock BL to be able to flash the custom ROM Xiaomi.eu

However, that's specific to Xiaomi.eu - with the official MIUI and unlock BL, you can not pass PI/SN without Magisk and USNF
 

Attachments

  • Screenshot_2023-06-15-16-23-45-918_io.github.huskydg.magisk-edit.jpg
    Screenshot_2023-06-15-16-23-45-918_io.github.huskydg.magisk-edit.jpg
    143.9 KB · Views: 62
Last edited:
  • Like
Reactions: ipdev
voetbalremco

voetbalremco

Inactive Recognized Developer
Jan 6, 2012
4,630
1,889
gelderland
Xiaomi Poco F3
Poco F5 Pro / Redmi K60 (China)
zgfg said:
Maybe if you have Xiaomi.eu

In that case you pass Play Integrity (that's relevant, not the deprecated SN, but you will also pass SN) without a need for USNF (although your Bootloader is unlocked) - but only if you don't have Magisk

With Magisk, you then also need USNF, but you can try instead SafetyNet Sensitive Props (eg, I use instead of USNF) - screenshot

That's bcs some versions of Xiaomi.eu already have USNF implemented to the ROM.
Otherwise, users would not be able to use Wallet, since they had to unlock BL to be able to flash the custom ROM Xiaomi.eu

However, that's specific to Xiaomi.eu - with the official MIUI and unlock BL, you can not pass PI/SN without Magisk and USNF
Click to expand...
Click to collapse

Yeah good point, thanks for the details.
I do indeed use Xiaomi.eu
 
  • Like
Reactions: pndwal
P

pndwal

Senior Member
Jun 23, 2016
7,016
8,101
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
zgfg said:
Maybe if you have Xiaomi.eu

In that case you pass Play Integrity (that's relevant, not the deprecated SN, but you will also pass SN) without a need for USNF (although your Bootloader is unlocked) - but only if you don't have Magisk

With Magisk, you then also need USNF, but you can try instead SafetyNet Sensitive Props (eg, I use instead of USNF) - screenshot

That's bcs some versions of Xiaomi.eu already have USNF implemented to the ROM.
Otherwise, users would not be able to use Wallet, since they had to unlock BL to be able to flash the custom ROM Xiaomi.eu

However, that's specific to Xiaomi.eu - with the official MIUI and unlock BL, you can not pass PI/SN without Magisk and USNF
Click to expand...
Click to collapse
Yup, @Displax mentioned issues with (some?) XiaomiEU custom ROMs (specifically) not playing nicely w/ USNF...

I guess you also have root hidden from Google Play Services attestation/Droidguard process com.google.android.gms.unstable and likely main gms process com.google.android.gms (added in denylist)...

Out of interest, do you still need the main gms process added to pass now, assuming your tmpfs mount path has become debug_ramdisk?

Also, I assume this won't work without a sensitive props solution even though the ROM itself will adjust some... Can you say S/N and PI checker results with only root hidden from gms (ie. Sensitive Props module disabled)?

And does MHPC module active (with nothing configured) also allow S/N / PI deviceIntegrity to pass (as alternative to SafetyNet Sensitive Props module)? 👍 PW
 
  • Like
Reactions: ipdev
zgfg

zgfg

Senior Member
Oct 10, 2016
9,593
7,452
Redmi K20 / Xiaomi Mi 9T
Xiaomi Mi 11
pndwal said:
Yup, @Displax mentioned issues with (some?) XiaomiEU custom ROMs (specifically) not playing nicely w/ USNF...

I guess you also have root hidden from Google Play Services attestation/Droidguard process com.google.android.gms.unstable and likely main gms process com.google.android.gms (added in denylist)...

Out of interest, do you still need the main gms process added to pass now, assuming your tmpfs mount path has become debug_ramdisk?

Also, I assume this won't work without a sensitive props solution even though the ROM itself will adjust some... Can you say S/N and PI checker results with only root hidden from gms (ie. Sensitive Props module disabled)?

And does MHPC module active (with nothing configured) also allow S/N / PI deviceIntegrity to pass (as alternative to SafetyNet Sensitive Props module)? 👍 PW
Click to expand...
Click to collapse
Xiaomi.eu, MIUI 13/A12 (since Nov 2022)

Magisk Delta latest 25210 with SuList

Its been long ago since I installed Sensitive Props module (at that time I really needed but seems that Husky had later implemented something directly to Delta)

Now I tested with Sensitive Props disabled and even uninstalled (and of course, with rebooting) and I can still pass PI, SN and all checkers I have (except Momo as usually) - I know that I really needed Sensitive Props for Ruru or SCheck but no more now

Hence I removed Sensitive Props

Second, since I don't have DenyList and by SuList everything except the root apps are implicitly in MagiskHide, I performed the mirrored test:

- I checked GMS unstable in SuList and after that SN and PI fail
 
  • Like
Reactions: ipdev and pndwal
You must log in or register to reply here.

Similar threads

Chainfire
[Android 2.1+][03.10.2011][v3.2] Chainfire3D [ROOT][OpenGL ES 2.0+]
Replies
3K
Views
3M
rignfool
rignfool
apb_axel
[ZIP] Synapse + Script => Universal Kernel Manager v3.8.1
Replies
3K
Views
769K
D
Dildoman
repey6
[6.0-12.0][Magisk]Dolby Digital Plus[upd.20211005]
Replies
2K
Views
759K
E
ecompton59
Chainfire
[2014.05.01][ROOT] Mobile ODIN v4.20
Replies
5K
Views
4M
Zagnutty
Zagnutty
DooMLoRD
[04/Jan][ROOTING/UNROOTING] DooMLoRD's Easy Rooting Toolkit [v4.0](zergRush Exploit)
Replies
927
Views
3M
B
bishoy ashraf

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 3
    P
    pndwal
    Iridule said:
    I'm using USNF mod 2.4.0 1.3
    moto edge (2020) all seems ok yet Androidacy shows update though Magisk does not. All seems to still be working well on Android 11. Should I still update?
    Click to expand...
    Click to collapse
    For you either @Displax Mod 1.3 or latest 2.0 should be fine, but 2.0 was experimental, does use a different (Pixel 2) fingerprint prop and it's Shipping level prop setting breaks the fix for devices launched with A13 like Pixel 7... The props set by either of these affecting your device are set to target GMS properly however...

    @chiteroman's newer PIF module (based on USNF but renamed) presumably sets shipping level for LV A13 devices to target GMS so should be better for Pixel 7 and other A13 launch version devices... @Displax Mod 1.3 sets it correctly to 32 but globally which breaks WiFi calling and possibly other features...

    Others reading this; Note that the official module (this thread) has been largely broken for some time...

    👀 PW
    View
    3
    swieder711
    swieder711
    swieder711 said:
    I have two devices, Pixel 7 Pro and Pixel tablet. Both are running stock A13 with root, USFN_1.3, Zygisk and Shamiko. Both devices pass Safetynet. Starting today, my corporate Outlook (and Slack, Onedrive, Teams) are detecting ROOT. I tried clearing cache and memory, but that didnt help. My P7P still lets me run corporate Outlook.

    I plan to do a full wipe next week with the next Android drop. In the meantime, are there any suggestions?
    Click to expand...
    Click to collapse
    EDIT: Rolling back Intune Company portal to 5.0.5926 allows me to prevent corporate apps from detecting ROOT.
    View
    2
    P
    pndwal
    FredMontteiro said:
    Is there currently any way to fix TEE Broken? Device Xiaomi Mi A3
    Click to expand...
    Click to collapse
    No... Unless Momo is giving false positive, really TEE is not broken anyway... I mentioned to you:
    pndwal said:
    'Broken Tee' (actually it won't be; Tee OS for decoding DRM, fingerprint scanner etc is probably fine... Really just OEM keymaster implementation for AVB signals as used by droidguard etc is broken) on A3 is interesting too...
    Click to expand...
    Click to collapse

    So OEM's messed up and AVB chain of trust fixes generally don't even come with OEM updates...

    In such cases broken keystore etc will hopefully cause an exception that triggers on-device fallback to basic-only attestation and Google allows this verdict by not enforcing hardware backed evaluationType verdicts at server end, but generally devices affected will never pass strongIntegrity (unless a retrofit fix is applied by OEM.

    In other cases, like Asus ROG Phone 3 that used to pass strongIntegrity erroneously with bootloader unlocked, Google simply revokes keys for strongIntegrity verdict (blacklists device) as soon as the flawed OEM implementations are discovered.. 😕

    👀 PW
    View
    2
    zgfg
    zgfg
    R0298 said:
    I don't pass the CTS profile match test. How can I fix?
    Motorola edge 30 fusion with Android 13
    Click to expand...
    Click to collapse
    First of all, if you are still on the old KDragon's USNF module - better please read just like two or three last pages and you will see that you had to move to the USNF fork from Displax or Play Integrity midule - they have their own threads with downloads

    If it won't help, then which Magisk version you have, which modules, and if you have LSPosed, which LSPosed modules you have installed- some modules may collide (like MHCP, XPrivacyLua, Lucky patcher and so)

    If you have custom ROM and if that ROM runs SELinux in Permissive mode - you're in troubles again

    Etc - just the question "not passing CTS" cannot be decisively answered

    Btw, SafetyNet is deprecated and you should download from Playstore and test Play Integrity API (Checker).
    There, you need to pass Device and Basic Integrity - don't ask or expect to pass Strong Integrity (for that, phone must run stock/official firmware with the locked Bootloader)
    View
    1
    xSnowLeopardx
    xSnowLeopardx
    chiteroman said:
    - Remove all data from GSF and GMS.
    - Completly uninstall Magisk and flash original boot.img (or init_boot.img) from bootloader.
    - Remove dalvik cache and caches.
    - "rm -rf *" in /data/adb directory (DON'T remove the directory)
    - Try to remove any custom *.rc file.
    - Check Play Integrity API, you should pass BASIC integrity.
    - Patch original boot.img (or init_boot.img) in Magisk app and flash it in bootloader.
    - Install PlayIntegrityFix or Displax safetynet-fix module.
    - Should pass BASIC & DEVICE.
    Click to expand...
    Click to collapse
    Very weird, but this happened:

    I restarted my phone and it went into bootloop but was saved by Magisk bootloop protector. Checked YASNAC and both passed... wtf. Google Wallet detects root so I'll need to still fix that but what the f is happening...
    View
  • 333
    kdrag0n
    kdrag0n
    Universal SafetyNet Fix
    Magisk module​

    Magisk module to work around Google's SafetyNet attestation.

    This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS profile attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    If you still have trouble passing SafetyNet with this module, use MagiskHide Props Config to spoof a certified device profile. This is a common issue on old devices, custom ROMs, and stock ROMs without GMS certification (e.g. Chinese ROMs).

    Android versions up to 13 Beta 3 are supported, including OEM skins such as Samsung One UI and MIUI.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module. See the ProtonAOSP website for more information.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Latest release
    v2.4.0
    Highlights
    • Play Integrity bypass without breaking device checks or causing other issues
    • Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)
    Other changes
    • Updated instructions for newer Android and Magisk versions
    • Better debugging for future development
    This version only supports Zygisk (Magisk 24 and newer).

    It's taken a while to find a way to bypass Play Integrity that doesn't require spoofing the build fingerprint permanently, but I wanted to make sure this module doesn't cause any unnecessary breakage. Just like the original goal of Universal SafetyNet Fix, this minimizes adverse effects by spoofing dynamically at runtime only when necessary. Enjoy!

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support.
    Alternatively, you can also buy me a coffee. All support is appreciated ❤️

    Source code
    View
    223
    Displax
    Displax
    So, here is my modification of USNF with Play Integrity API bypass.

    It changes fingerprint to old 7.1.2 6.0 (LOL) and apply it only for GMS SafetyNet process (by Zygisk injection), so your original prints/security path level does not change. This avoids many side effects/problems with global props changing.

    Updated 3.0:
    No words needed, you understand everything yourself 😜

    Updated 2.1:
    Hide "Enable OEM Unlock" setting

    Updated 2.0:
    Bypassing DEVICE_INTEGRITY for devices that shipped with Android 13+ (Pixel`s 7 )

    Updated:
    Drop fingerprint to lowest possible (6.0) to ensure that no one use same Android version

    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Many thanks to @1nikolas for integrity checker.

    Source code: https://github.com/Displax/safetynet-fix/tree/integrity
    View
    58
    Displax
    Displax
    So, here is my new modification of USNF with Play Integrity API bypass.

    It is now based on top of original v2.4.0 codebase instead of v2.3.1, with adding new hiding algorithm for current realities and some code refreshing.

    Changelog:

    Version 1.2
    * Fix crash and endless tests loop/failing on Android < 9.0 (bug from original version 2.4.0).
    * Do not unpatch (revert) changes. To prevent possible tests failing after a while on some ROMs (cross conflicts).

    Version 1.1
    * Fix KeyStore hook desynchronization (tests randomly failing problem).


    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Source code: https://github.com/Displax/safetynet-fix/tree/dev
    View
    33
    Displax
    Displax
    So, created separate thread for my mod. Welcome)

    [MODULE] [MOD] Universal SafetyNet Fix

    Universal SafetyNet Fix [MOD] Magisk module...
    forum.xda-developers.com forum.xda-developers.com
    View
    31
    P
    pndwal
    Folks, the SafetyNet API was depreciated last Month with 'full turndown' slated for June 2024 and the introduction of the new Play Integrity API. It has also become clear that Google apps are simply the first to adopt the long foretold Play Integrity API; all responsible banks are bound to follow suit in short order, and at least before the June 2023 migration deadline.

    This means (assuming fully deployed Hardware Key Attestation doesn't come first 😬) that the need for a 'Universal Play Integrity Fix' has become quite urgent.

    We currently have workarounds involving using older fingerprint props by means of MHPC module (similar to fix needed for uncertified ROMs), but success/mileage varies per device and users of regular bank apps / gamers etc on stock devices will all soon be forced to experiment with MHPC prints also... This is hardly ideal.

    So I've made an issue report/request on USNF GitHub as follows. This information may be insightful to users here also...

    Please let me know here if I have missed anything important, or add any technically relevant details there...

    PLEASE DON'T spam that issue with unimportant details or queries... (The previous issue is already burgeoning w/ OT.) That's what this thread is for... 😛 :

    Please make 'Universal Play Integrity Fix' ... #204

    Fixes to expand 'Universal SafetyNet Fix' to become a 'Universal Play Integrity Fix' are needed.

    The SafetyNet Attestation API is deprecated and has been replaced by the Play Integrity API.
    https://developer.android.com/training/safetynet/deprecation-timeline

    New Play Integrity API is rolling out from June 2022, and evidently Google Play Store and Google Pay/Wallet are already using its verdict.

    June 2023 is the Migration Deadline for app developers. This will also allow their older app versions to continue working with SafetyNet API for a limited time.

    June 2024 is the End of life for SafetyNet API; its attestation will no longer work for any app version, and apps will receive an error.

    The new Integrity API has more strict requirements for passing attestation, and this seems to be enforced in Android 11+ particularly.

    Currently (evidently due to this), device security issues are detected by

    1. Google Pay/Wallet, which may state "You can't pay contactless with this device...(Your phone doesn't meet software standards)" on updating or attempting to add a card despite in-app Contactless setup stating "You're ready to pay contactless with your phone (Your phone meets security requirements)", and
    2. Google Play Store, which may no longer show apps like Netflix w/ Android 11+ (developers can 'exclude devices from their app's distribution based on their device integrity . Device exclusion is based on the latest device integrity verdict that the Play Store app receives from the Play Integrity API') despite in-app settings showing Play Protect 'Device is certified' result.
    I'm guessing that the 'passing' messages based on the old SafetyNet API are likely to realigned soon.

    A workaround that evidently allows Play Integrity API attestation to pass (and solve Wallet / Play Store issues also) has been discovered. It involves spoofing an earlier certified ROM, generally by using MagiskHide Props Config module to change fingerprint prop to one for Android 10 or earlier.

    Undoubtedly other apps will begin to detect broken TEE etc / fail as they migrate or begin integrating the Play Integrity API.

    A 'Universal Play Integrity Fix' will evidently require more understanding / research into how the fingerprint prop is used, and possibly other new behaviours.
    Click to expand...
    Click to collapse

    Here's hoping... 🙃 PW
    View

New posts