MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0

Search This thread
By:
Advanced…
S

Sasy969

Senior Member
Jan 30, 2018
66
11
osm0sis said:
Why are you in a root module thread if you don't have root. Of course it won't pass without root. 🤦‍♂️
Click to expand...
Click to collapse
I have the same problem also with root.
Btw i have always used my phone without root without any problems.
I attach some screenshots of my current setup. As i said before sometimes I get MEETS _DEVICE_INTEGRITY and MEETS_BASIC_INTEGRITY and sometimes don't
 

Attachments

  • Screenshot_20230127-195132_Magisk_Delta.png
    Screenshot_20230127-195132_Magisk_Delta.png
    175.1 KB · Views: 94
  • Screenshot_20230127-192019_Play_Integrity_API_Checker.png
    Screenshot_20230127-192019_Play_Integrity_API_Checker.png
    74.6 KB · Views: 86
  • Screenshot_20230127-192331_Play_Integrity_API_Checker.png
    Screenshot_20230127-192331_Play_Integrity_API_Checker.png
    76 KB · Views: 93
  • Screenshot_20230127-195144_Magisk_Delta.png
    Screenshot_20230127-195144_Magisk_Delta.png
    107.8 KB · Views: 91
Last edited:
P

pndwal

Senior Member
Jun 23, 2016
7,794
9,616
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
DartGerion said:
Should i disable Revanced module and Substratum? Doesn't seem to be really necessary.
Click to expand...
Click to collapse
I already said "all modules disabled except USNF"... You can put stuff back after fixing issue (then you'll know if any break integrity verdicts), but test w/ essential mods only...

...And I asked you:
pndwal said:
... So G Wallet working without deviceIntegrity?... Please show YASNAC results also (after disabling all modules except USNF)... PW
Click to expand...
Click to collapse
because it's not clear what "still doesnt pass the integrity" means... Do you mean deviceIntegrity or strongIntegrity here???... If not passing deviceIntegrity (and I suspect you are now), please show YASNAC results also (after disabling all modules except USNF) as I requested... PW
 
P

pndwal

Senior Member
Jun 23, 2016
7,794
9,616
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
Sasy969 said:
Sorry to further bother you, but I have read the last 3/4 pages and i I have read only about other users with root, but i have the same problem without root.
I get MEETS _DEVICE_INTEGRITY and MEETS_BASIC_INTEGRITY, but still wallet says i don't meet safety requirements.
I also have tried with magisk and USNF 2.3.1 Modded but sometimes I get MEETS _DEVICE_INTEGRITY and MEETS_BASIC_INTEGRITY and sometimes I don't, like other users earlier
Click to expand...
Click to collapse
You still haven't given any details about your setup...

I'm guessing you're running a custom rom however, one that integrates SNF, and it's likely that you've taken an update recently and that the ROM dev may have already integrated USNF 2.4.0 changes for SNF with that update... If so inbuilt SNF solution may be conflicting with your downgraded USNF builds...

I'm not a fan of integrating SNF or other prop spoofs etc in ROMs as users must wait for ROM Devs for fixes and I've seen too many issues/conflicts with Magisk modules...

Ordinarily one of @Displax's modded USNF builds alone should have sorted you out for now...

Please say if I'm in the ballpark with you configuration, and give us some details!... PW
 
D

DartGerion

Member
Dec 8, 2018
39
6
33
OnePlus 7
Samsung Galaxy Tab S6
M
pndwal said:
I already said "all modules disabled except USNF"... You can put stuff back after fixing issue (then you'll know if any break integrity verdicts), but test w/ essential mods only...

...And I asked you:

because it's not clear what "still doesnt pass the integrity" means... Do you mean deviceIntegrity or strongIntegrity here???... If not passing deviceIntegrity (and I suspect you are now), please show YASNAC results also (after disabling all modules except USNF) as I requested... PW
Click to expand...
Click to collapse
Bro, calm down a notch. I'm asking about the necessity of disabling the modules just to clarify the situation, no need to get irritated. Should i just toggle the switch off or also reboot after toggling off?
The YASNAC screenshot is on the attachments. I'm not passing any Integrity, as the json log stats that integrity is UNEVALUATED.
 

Attachments

  • Screenshot_20230128-092151.jpg
    Screenshot_20230128-092151.jpg
    289.4 KB · Views: 74
P

pndwal

Senior Member
Jun 23, 2016
7,794
9,616
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
pndwal said:
So definitely Google Play Services? (Not '... for AR' etc?)... So G Wallet working without deviceIntegrity?... Please show YASNAC results also (after disabling all modules except USNF)... PW
Click to expand...
Click to collapse
DartGerion said:
Should i disable Revanced module and Substratum? Doesn't seem to be really necessary.
Click to expand...
Click to collapse
pndwal said:
I already said "all modules disabled except USNF"... You can put stuff back after fixing issue (then you'll know if any break integrity verdicts), but test w/ essential mods only...

...And I asked you:

because it's not clear what "still doesnt pass the integrity" means... Do you mean deviceIntegrity or strongIntegrity here???... If not passing deviceIntegrity (and I suspect you are now), please show YASNAC results also (after disabling all modules except USNF) as I requested... PW
Click to expand...
Click to collapse
DartGerion said:
Bro, calm down a notch. I'm asking about the necessity of disabling the modules just to clarify the situation, no need to get irritated. Should i just toggle the switch off or also reboot after toggling off?...
Click to expand...
Click to collapse
What makes you think I'm irritated/not calm?...

But I'm not going to help if when I ask for details/confirmation, you totally ignore the question(s) and just ask more of your own...

...Two way street... PW
 
D

DartGerion

Member
Dec 8, 2018
39
6
33
OnePlus 7
Samsung Galaxy Tab S6
pndwal said:
What makes you think I'm irritated/not calm?...

But I'm not going to help if when I ask for details/confirmation, you totally ignore the question(s) and just ask more of your own...

...Two way street... PW
Click to expand...
Click to collapse
You are absolutely right, it should be a two way street. With YASNAC screenshot, i totally overlooked it while reading, my apologies.
I'm not accusing you of anything, just the tone seems a bit irritated, but it's also understandable, seeing how many messages there recently are of people having a lot of problems with integrity and Gwallet.
I'm invested as much, as i could be, to solving this issue and to help others, who might face similar problems and i kindly ask for your help in this matter.
 
  • Like
Reactions: pndwal
S

Sasy969

Senior Member
Jan 30, 2018
66
11
pndwal said:
You still haven't given any details about your setup...

I'm guessing you're running a custom rom however, one that integrates SNF, and it's likely that you've taken an update recently and that the ROM dev may have already integrated USNF 2.4.0 changes for SNF with that update... If so inbuilt SNF solution may be conflicting with your downgraded USNF builds...

I'm not a fan of integrating SNF or other prop spoofs etc in ROMs as users must wait for ROM Devs for fixes and I've seen too many issues/conflicts with Magisk modules...

Ordinarily one of @Displax's modded USNF builds alone should have sorted you out for now...

Please say if I'm in the ballpark with you configuration, and give us some details!... PW
Click to expand...
Click to collapse
Thanks for your replay. In my first post i have said that i am on the latest Evox, i have asked in the telegram group of the Rom and they said that the ROM doesn't have any kind of USNF integration that could cause some conflicts.
Also in the first post of the page i have attached some screenshots of my actual configuration:
Custom ROM : Evox
Magisk installed
USNF module: 2.3.1 modded by Displax.
No other module are installed.
Since this morning i fail all the integrity check as in the screenshot.
EDIT: Tried to install USNF 2.4.0 and i get the first two check
 

Attachments

  • Screenshot_20230127-192019_Play_Integrity_API_Checker.png
    Screenshot_20230127-192019_Play_Integrity_API_Checker.png
    74.6 KB · Views: 34
Last edited:
P

pndwal

Senior Member
Jun 23, 2016
7,794
9,616
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
Sasy969 said:
Thanks for your replay. In my first post i have said that i am on the latest Evox,
Click to expand...
Click to collapse
Ah yes... So EvolutionX ROM...
Sasy969 said:
i have asked in the telegram group of the Rom and they said that the ROM doesn't have any kind of USNF integration that could cause some conflicts.
Click to expand...
Click to collapse
Well how can you pass integrity verdicts at all?... Unless device launched w/ A7 or earlier...

Anyway, seems your info is flawed... This indicates official EvolutionX official does integrate spoofing for S/N and PI:
https://t.me/EvolutionX/647435

This generally means they pull code from @Displax's USNF pull requests, his own forks and/or @kdrag0n's implemented code for custom Proton ROMs etc...
Sasy969 said:
Also in the first post of the page i have attached some screenshots of my actual configuration:
Custom ROM : Evox
Magisk installed
USNF module: 2.3.1 modded by Displax.
No other module are installed.
Since this morning i fail all the integrity check as in the screenshot.
Click to expand...
Click to collapse
But we don't know what device AFAICS... Is it very old???

And have you tried simply adding com.google.android.gms.unstable (and may possibly need com.google.android.gms also) to denylist w/ Magisk installed and NO Magisk modules at all?... Please give that a go and say if verdicts are any more consistent/stable...

🤠 PW
 
S

Sasy969

Senior Member
Jan 30, 2018
66
11
pndwal said:
Ah yes... So EvolutionX ROM...

Well how can you pass integrity verdicts at all?... Unless device launched w/ A7 or earlier...

Anyway, seems your info is flawed... This indicates official EvolutionX official does integrate spoofing for S/N and PI:
https://t.me/EvolutionX/647435

This generally means they pull code from @Displax's USNF pull requests, his own forks and/or @kdrag0n's implemented code for custom Proton ROMs etc...

But we don't know what device AFAICS... Is it very old???

And have you tried simply adding com.google.android.gms.unstable (and may possibly need com.google.android.gms also) to denylist w/ Magisk installed and NO Magisk modules at all?... Please give that a go and say if verdicts are any more consistent/stable...

🤠 PW
Click to expand...
Click to collapse
I'm so sorry about the wrong information I have given to you, but It was what i was said in the chat group.
My device is pretty recent (One Plus 9), I have just tried following you suggestions and I have eliminated USNF module.
com.google.android.gms.unstable and com.google.android.gms were already added to the denylist.
At least for now my device get MEETS _DEVICE_INTEGRITY and MEETS_BASIC_INTEGRITY.
I will try again during the day, for now I thank you for your help and apologize for my poor knowledge.
 
  • Like
Reactions: pndwal
P

pndwal

Senior Member
Jun 23, 2016
7,794
9,616
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
DartGerion said:
You are absolutely right, it should be a two way street. With YASNAC screenshot, i totally overlooked it while reading, my apologies.
I'm not accusing you of anything, just the tone seems a bit irritated, but it's also understandable, seeing how many messages there recently are of people having a lot of problems with integrity and Gwallet.
I'm invested as much, as i could be, to solving this issue and to help others, who might face similar problems and i kindly ask for your help in this matter.
Click to expand...
Click to collapse
All good/all right then...

So no problem with main USNF fallback / prop spoofing since I believe you don't even need these on OnePlus 7TPro... You can check in Momo to confirm... It'll say TEE is broken if you don't need these fixes (actually it's not, but Devs mean keymaster implementation, part of which is processed in TEE, is broken)
DartGerion said:
... I'm asking about the necessity of disabling the modules just to clarify the situation... Should i just toggle the switch off or also reboot after toggling off?
Click to expand...
Click to collapse
Yup, need to reboot... Magisk = magic mask ie. a system overlay applied systemlessly (modules comprise part of that) loaded at boottime, so modules aren't disabled till reboot...
DartGerion said:
The YASNAC screenshot is on the attachments. I'm not passing any Integrity, as the json log stats that integrity is UNEVALUATED.
Click to expand...
Click to collapse
Your deviceIntegrity has been evaluated properly (returning blank value) but appIntegrity and accountDetails haven't been evaluated since failing deviceIntegrity invalidates these...

Anyway, it seems something is now breaking PI's more sensitive basicIntegrity verdict... Again, please report check w/ all modules disabled except USNF... This user also had passing S/N but failing PI basicIntegrity due to modules on OnePlus 7 device w/ stock ROM:
https://xdaforums.com/t/magisk-module-universal-safetynet-fix-2-4-0.4217823/post-87891641

Also, please check your selinux status is enforcing regardless of results disabling modules... (Are you a viper4android user?)... PW
 
S

Sasy969

Senior Member
Jan 30, 2018
66
11
Sasy969 said:
I will try again during the day
Click to expand...
Click to collapse
I have tried again and now i fail all three integrity check as can been seen in the screenshot below.
Current setup
OP9
Magisk installed
Custom ROM Evox
No USNF module installed
com.google.android.gms.unstable and com.google.android.gms added to the denylist
 

Attachments

  • Screenshot_20230128-131740_Play_Integrity_API_Checker.png
    Screenshot_20230128-131740_Play_Integrity_API_Checker.png
    73.6 KB · Views: 29
M

memocatcher

Senior Member
Dec 22, 2013
731
199
A few days ago I randomly got the message from Wallet that my device doesnt meet the security requirements to use Wallet. Before that, everything was fine with USF 2.4.0 installed. I checked the Play Integrity status and it now only shows a green check for basic integrity and device integrity, but not for strong integrity.
Is it supposed to be like that? Or does strong integrity normally works as well with USF installed?
 
R

rxmp

New member
Jan 28, 2023
1
0
memocatcher said:
A few days ago I randomly got the message from Wallet that my device doesnt meet the security requirements to use Wallet. Before that, everything was fine with USF 2.4.0 installed. I checked the Play Integrity status and it now only shows a green check for basic integrity and device integrity, but not for strong integrity.
Is it supposed to be like that? Or does strong integrity normally works as well with USF installed?
Click to expand...
Click to collapse
Same situation. Does anyone know how to fix this? Every module is up to date.
 
P

pndwal

Senior Member
Jun 23, 2016
7,794
9,616
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
thomas140 said:
... So I just tried magisk 25.2 again with selinux enforcing, this time, the Cts profile, Device and Basic integrity become Pass except the strong integrity.
Click to expand...
Click to collapse
All good for you now then re deviceIntegrity then... Expected results...
thomas140 said:
And Viper4android status suddenly becomes normal with selinux enforcing.
Previously, I was using selinuxmodechanger app to change selinux, and now, I don't need it anymore.
Click to expand...
Click to collapse
Is it Viper4AndroidFX?... I think you only have issues with Neon driver only when installing/changing to legacy mode... If you didn't reinstall V4A you shouldn't have the issue...
thomas140 said:
Not sure which step fixes this viper4android issue that haunted me for 1year 😑
Click to expand...
Click to collapse
You just need to reset Neon driver when selecting legacy mode... When you reinstall in future or have driver = abnormal, just set legacy mode, disable the module, reboot, re-enable module and reboot again... driver should have reset and status should now be Normal...
thomas140 said:
The banking app that still detect root is Ocbc Digital- Mobile Banking app(Singapore version). You can try to download the app via link below and test whether can hide from this banking app.
https://ocbc-digital.nl.aptoide.com/app
Click to expand...
Click to collapse
I wasn't able to hide root/modified environment from this app with my setup... Sorry... PW
 
  • Like
Reactions: thomas140
P

pndwal

Senior Member
Jun 23, 2016
7,794
9,616
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
memocatcher said:
A few days ago I randomly got the message from Wallet that my device doesnt meet the security requirements to use Wallet. Before that, everything was fine with USF 2.4.0 installed. I checked the Play Integrity status and it now only shows a green check for basic integrity and device integrity, but not for strong integrity.
Is it supposed to be like that? Or does strong integrity normally works as well with USF installed?
Click to expand...
Click to collapse
rxmp said:
Same situation. Does anyone know how to fix this? Every module is up to date.
Click to expand...
Click to collapse
Folks, please read back a bit before posting here to save unnecessary repetition... 👍 PW
 
  • Like
Reactions: oliversum and ipdev
P

pndwal

Senior Member
Jun 23, 2016
7,794
9,616
Sydney
Redmi Note 8
Xiaomi Redmi Note 8 (2021)
Sasy969 said:
I'm so sorry about the wrong information I have given to you, but It was what i was said in the chat group.
My device is pretty recent (One Plus 9), I have just tried following you suggestions and I have eliminated USNF module.
com.google.android.gms.unstable and com.google.android.gms were already added to the denylist.
Click to expand...
Click to collapse
That's interesting... Did you add, or does ROM add?... And if you remove them, are the added again with reboot?

I ask because USNF removes these at boot if manually added as they'll cause conflicts w/ USNF if denylist is enforced... (There's no conflict if proper hiding using Shamiko etc is employed however.)

If they're added at boot by ROM, this may be the source of the conflict w/ USNF module... Simply allowing that to happen but using Shamiko (denylist NOT enforced) may possibly fix issue with USNF installed...
Sasy969 said:
At least for now my device get MEETS _DEVICE_INTEGRITY and MEETS_BASIC_INTEGRITY.
I will try again during the day, for now I thank you for your help and apologize for my poor knowledge.
Click to expand...
Click to collapse
We're all learning here... Please report your mileage... PW
 
D

DartGerion

Member
Dec 8, 2018
39
6
33
OnePlus 7
Samsung Galaxy Tab S6
pndwal said:
All good/all right then...

So no problem with main USNF fallback / prop spoofing since I believe you don't even need these on OnePlus 7TPro... You can check in Momo to confirm... It'll say TEE is broken if you don't need these fixes (actually it's not, but Devs mean keymaster implementation, part of which is processed in TEE, is broken)

Yup, need to reboot... Magisk = magic mask ie. a system overlay applied systemlessly (modules comprise part of that) loaded at boottime, so modules aren't disabled till reboot...

Your deviceIntegrity has been evaluated properly (returning blank value) but appIntegrity and accountDetails haven't been evaluated since failing deviceIntegrity invalidates these...

Anyway, it seems something is now breaking PI's more sensitive basicIntegrity verdict... Again, please report check w/ all modules disabled except USNF... This user also had passing S/N but failing PI basicIntegrity due to modules on OnePlus 7 device w/ stock ROM:
https://xdaforums.com/t/magisk-module-universal-safetynet-fix-2-4-0.4217823/post-87891641

Also, please check your selinux status is enforcing regardless of results disabling modules... (Are you a viper4android user?)... PW
Click to expand...
Click to collapse
Hey.
So with all modules (including USNF) the safetynet and PI Integrity shows "Not passed" (Duh).
The MOMO shows just that it found the SU folder and detected Magisk.
When everything excluding the @Displax modded USNF is turned off (and also Play Services data cleared) the results are on the screenshots below. Note: Deny list is enforced and only Google Wallet and some banking apps are added, nothing more.
YASNAC passes with flying colours. The device integrity in 2 apps fail to be checked and return UNEVALUATED results. Json is also attached.
What's baffling is that even now, the Google Wallet worked (I checked it now in the supermarket terminal).
 

Attachments

  • 327909108_837836623986762_3229856709671983932_n.jpg
    327909108_837836623986762_3229856709671983932_n.jpg
    80.5 KB · Views: 58
  • 327024288_1037626413861038_4375128942873898307_n.jpg
    327024288_1037626413861038_4375128942873898307_n.jpg
    101.1 KB · Views: 69
  • 327826054_1865392073808772_7546333153937309119_n.jpg
    327826054_1865392073808772_7546333153937309119_n.jpg
    79.5 KB · Views: 62
  • 316692891_1229360628017242_6066898324437315848_n.jpg
    316692891_1229360628017242_6066898324437315848_n.jpg
    63.4 KB · Views: 60
  • 327112085_836349237463848_615120129010573973_n.jpg
    327112085_836349237463848_615120129010573973_n.jpg
    105.8 KB · Views: 56
T

thomas140

Senior Member
Jul 3, 2018
652
144
Johor
Xiaomi Poco F1
Xiaomi 13
pndwal said:
All good for you now then re deviceIntegrity then... Expected results...

Is it Viper4AndroidFX?... I think you only have issues with Neon driver only when installing/changing to legacy mode... If you didn't reinstall V4A you shouldn't have the issue...

You just need to reset Neon driver when selecting legacy mode... When you reinstall in future or have driver = abnormal, just set legacy mode, disable the module, reboot, re-enable module and reboot again... driver should have reset and status should now be Normal...

I wasn't able to hide root/modified environment from this app with my setup... Sorry... PW
Click to expand...
Click to collapse
Never mind then.
Anyway, thanks for your explanation, at least some issues have been resolved..😎
 
  • Like
Reactions: pndwal and ipdev
ipdev

ipdev

Recognized Contributor
Feb 14, 2016
2,546
1
5,159
Google Nexus 10
Nexus 7 (2013)
Sasy969 said:
I have tried again and now i fail all three integrity check as can been seen in the screenshot below.
Current setup
OP9
Magisk installed
Custom ROM Evox
No USNF module installed
com.google.android.gms.unstable and com.google.android.gms added to the denylist
Click to expand...
Click to collapse
Adding gms processes to the denylist will do nothing unless you are enforcing the denylist or using another module that sources the denylist.

If your rom incudes integrity (SafteyNet) fix(s). Try enforcing the denylist in Magisk and see what happens.

Note:
Make sure to clear cache/data of PI checker before testing again.
Might also have to clear cache/data of PlayStore/PlayServices and let them update again.

SafetyNet (com.google.android.gms.unstable) is required.
Main GMS (com.google.android.gms) is only required if Magisk is not in /sbin.
It can/will cause problems if GMS is added when not required.

Cheers. :cowboy:
 
  • Like
Reactions: galaxys and osm0sis
ipdev

ipdev

Recognized Contributor
Feb 14, 2016
2,546
1
5,159
Google Nexus 10
Nexus 7 (2013)
pndwal said:
Try clearing Play Services data and all modules disabled except USNF... Also, can use older @Displax modded build unless device launched with A13 (Pixel 7 etc)... And you don't need Play Store in denylist... PW
Click to expand...
Click to collapse
You can still use Displax's mod version on devices released with Android 13.

You just need to edit the service script after installing the module.
Add the fallback to the service script and then reboot.
Code: 
if [[ "$(getprop ro.product.first_api_level)" -ge 33 ]]; then
  resetprop ro.product.first_api_level 32
fi
USNF - [Github] - commit

Cheers. :cowboy:
 
  • Like
Reactions: galaxys and osm0sis
You must log in or register to reply here.

Similar threads

Chainfire
[Android 2.1+][03.10.2011][v3.2] Chainfire3D [ROOT][OpenGL ES 2.0+]
Replies
3K
Views
3M
rignfool
rignfool
apb_axel
[ZIP] Synapse + Script => Universal Kernel Manager v3.8.1
Replies
3K
Views
773K
D
Dildoman
repey6
[6.0-12.0][Magisk]Dolby Digital Plus[upd.20211005]
Replies
2K
Views
778K
M
Mradim
Chainfire
[2014.05.01][ROOT] Mobile ODIN v4.20
Replies
5K
Views
4M
Rukbat
Rukbat
DooMLoRD
[04/Jan][ROOTING/UNROOTING] DooMLoRD's Easy Rooting Toolkit [v4.0](zergRush Exploit)
Replies
927
Views
3M
B
bishoy ashraf

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 337
    kdrag0n
    kdrag0n
    Universal SafetyNet Fix
    Magisk module​

    Magisk module to work around Google's SafetyNet attestation.

    This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS profile attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.

    If you still have trouble passing SafetyNet with this module, use MagiskHide Props Config to spoof a certified device profile. This is a common issue on old devices, custom ROMs, and stock ROMs without GMS certification (e.g. Chinese ROMs).

    Android versions up to 13 Beta 3 are supported, including OEM skins such as Samsung One UI and MIUI.

    How does it work?
    The way this workaround works is relatively low-level. An in-depth explanation, as well as source code and ROM changes, can be found on GitHub.

    Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module. See the ProtonAOSP website for more information.

    Downloads
    Downloads and changelogs can be found on GitHub. The topmost release is the latest.

    Latest release
    v2.4.0
    Highlights
    • Play Integrity bypass without breaking device checks or causing other issues
    • Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)
    Other changes
    • Updated instructions for newer Android and Magisk versions
    • Better debugging for future development
    This version only supports Zygisk (Magisk 24 and newer).

    It's taken a while to find a way to bypass Play Integrity that doesn't require spoofing the build fingerprint permanently, but I wanted to make sure this module doesn't cause any unnecessary breakage. Just like the original goal of Universal SafetyNet Fix, this minimizes adverse effects by spoofing dynamically at runtime only when necessary. Enjoy!

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support.
    Alternatively, you can also buy me a coffee. All support is appreciated ❤️

    Source code
    View
    223
    Displax
    Displax
    So, here is my modification of USNF with Play Integrity API bypass.

    It changes fingerprint to old 7.1.2 6.0 (LOL) and apply it only for GMS SafetyNet process (by Zygisk injection), so your original prints/security path level does not change. This avoids many side effects/problems with global props changing.

    Updated 3.0:
    No words needed, you understand everything yourself 😜

    Updated 2.1:
    Hide "Enable OEM Unlock" setting

    Updated 2.0:
    Bypassing DEVICE_INTEGRITY for devices that shipped with Android 13+ (Pixel`s 7 )

    Updated:
    Drop fingerprint to lowest possible (6.0) to ensure that no one use same Android version

    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Many thanks to @1nikolas for integrity checker.

    Source code: https://github.com/Displax/safetynet-fix/tree/integrity
    View
    58
    Displax
    Displax
    So, here is my new modification of USNF with Play Integrity API bypass.

    It is now based on top of original v2.4.0 codebase instead of v2.3.1, with adding new hiding algorithm for current realities and some code refreshing.

    Changelog:

    Version 1.2
    * Fix crash and endless tests loop/failing on Android < 9.0 (bug from original version 2.4.0).
    * Do not unpatch (revert) changes. To prevent possible tests failing after a while on some ROMs (cross conflicts).

    Version 1.1
    * Fix KeyStore hook desynchronization (tests randomly failing problem).


    Usage:
    1. Delete/disable/reset MagiskHidePropsConfig (if installed).
    2. Just install it over old Universal SafetyNet Fix and reboot device.
    3. You may be needed to wipe GMS data (not cache) if there is no result immediately.

    Source code: https://github.com/Displax/safetynet-fix/tree/dev
    View
    33
    Displax
    Displax
    So, created separate thread for my mod. Welcome)

    [MODULE] [MOD] Universal SafetyNet Fix

    Universal SafetyNet Fix [MOD] Magisk module...
    xdaforums.com xdaforums.com
    View
    32
    P
    pndwal
    Folks, the SafetyNet API was depreciated last Month with 'full turndown' slated for June 2024 and the introduction of the new Play Integrity API. It has also become clear that Google apps are simply the first to adopt the long foretold Play Integrity API; all responsible banks are bound to follow suit in short order, and at least before the June 2023 migration deadline.

    This means (assuming fully deployed Hardware Key Attestation doesn't come first 😬) that the need for a 'Universal Play Integrity Fix' has become quite urgent.

    We currently have workarounds involving using older fingerprint props by means of MHPC module (similar to fix needed for uncertified ROMs), but success/mileage varies per device and users of regular bank apps / gamers etc on stock devices will all soon be forced to experiment with MHPC prints also... This is hardly ideal.

    So I've made an issue report/request on USNF GitHub as follows. This information may be insightful to users here also...

    Please let me know here if I have missed anything important, or add any technically relevant details there...

    PLEASE DON'T spam that issue with unimportant details or queries... (The previous issue is already burgeoning w/ OT.) That's what this thread is for... 😛 :

    Please make 'Universal Play Integrity Fix' ... #204

    Fixes to expand 'Universal SafetyNet Fix' to become a 'Universal Play Integrity Fix' are needed.

    The SafetyNet Attestation API is deprecated and has been replaced by the Play Integrity API.
    https://developer.android.com/training/safetynet/deprecation-timeline

    New Play Integrity API is rolling out from June 2022, and evidently Google Play Store and Google Pay/Wallet are already using its verdict.

    June 2023 is the Migration Deadline for app developers. This will also allow their older app versions to continue working with SafetyNet API for a limited time.

    June 2024 is the End of life for SafetyNet API; its attestation will no longer work for any app version, and apps will receive an error.

    The new Integrity API has more strict requirements for passing attestation, and this seems to be enforced in Android 11+ particularly.

    Currently (evidently due to this), device security issues are detected by

    1. Google Pay/Wallet, which may state "You can't pay contactless with this device...(Your phone doesn't meet software standards)" on updating or attempting to add a card despite in-app Contactless setup stating "You're ready to pay contactless with your phone (Your phone meets security requirements)", and
    2. Google Play Store, which may no longer show apps like Netflix w/ Android 11+ (developers can 'exclude devices from their app's distribution based on their device integrity . Device exclusion is based on the latest device integrity verdict that the Play Store app receives from the Play Integrity API') despite in-app settings showing Play Protect 'Device is certified' result.
    I'm guessing that the 'passing' messages based on the old SafetyNet API are likely to realigned soon.

    A workaround that evidently allows Play Integrity API attestation to pass (and solve Wallet / Play Store issues also) has been discovered. It involves spoofing an earlier certified ROM, generally by using MagiskHide Props Config module to change fingerprint prop to one for Android 10 or earlier.

    Undoubtedly other apps will begin to detect broken TEE etc / fail as they migrate or begin integrating the Play Integrity API.

    A 'Universal Play Integrity Fix' will evidently require more understanding / research into how the fingerprint prop is used, and possibly other new behaviours.
    Click to expand...
    Click to collapse

    Here's hoping... 🙃 PW
    View

New posts