[MODULE] [MOD] Universal SafetyNet Fix
- Thread starter Displax
- Start date
FYI, the most likely culprit is LP, and the modded play store. Once I ditched those, I was able to pass the first two integrity checks. To be fair, I haven't tried reinstalling LP now that I'm passing, so you could still give that a go.
Is working on all aosp roms based after flash this, but not when use original module, but miui doesn't have this problem (not miui: mean safety check fails 1 of 2)
Idk why the original module safety check fails in all aosp roms (even with safety passed out of the box) but not in miui, but before that, i doesn't have any problem with original module, maybe its Google?
Idk why the original module safety check fails in all aosp roms (even with safety passed out of the box) but not in miui, but before that, i doesn't have any problem with original module, maybe its Google?
, working even on miui (doesn't have any problem)For what it's worth, I've tried several times, but I'm unable to get it to work successfully with xiaomi.eu 14.0.1.0, installing magisk 25.2 and safetynetfix 2.4.0 mod 1.2. With Zygisk enabled, with or without enforcing.
YASNAC fails basic integrity and CTS profile match, and Integrity Checker fails device_integrity and basic_integrity.
YASNAC fails basic integrity and CTS profile match, and Integrity Checker fails device_integrity and basic_integrity.
david003
If you did all ok, lets go back to magisk and check app list in it. It is possible the google play services is not checked. If you do it , and restart phone, or only start magisk again, it can be unchecked again (and CTS will fail as result). It is not fixable.I replaced magisk to delta version and use SuList instead .
For me, safetynetfix is not enough, I have to use hideprops also and select a new fingerprint (that match the current Android version) to pass CTS profile.
Later USNF builds fro @Displax actually play better with custom ROMs that already integrate SNF (from @kdrag0n Proton project) or fixes from @Displax, but there can still be conflicts with custom ROMs that do this (eg XiaomiEU) and may also spoof additional prop values etc...
If the ROM's embedded SNF/spoofing is up to date and capable of passing PI deviceIntegrity w/o Magisk, when you install Magisk you should NOT install any USNF module... You only need to hide root from droidguard/attestation (com.google.android.gms.unstable) gms (Play Services) process by adding this in denylist (and main com.google.android.gms process for most A11+ devices)...
Otherwise you may need to upgrade ROM or wait for maintainer to update the integrated attestation... PW
USNF hides attestation/droidguard (com.google.android.gms.unstable) gms (Play Services) process itself since Denylist breaks USNF's key functions, especially the injection of code in gms to register a fake keystore and cause the fallback to basic attestation... That's why if you add this to denylist it will kill USNF (deviceIntegrity will be failing) if Denylist is enforced until next boot when USNF will actually remove it from denylist for you!...
With Zygisk based USNF, simply don't add any gms (Google Play Services) processes to Denylist... PW
Thanks. I tried this, reinstalling magisk without the USNF module and adding com.google.android.gms to the DenyList. It still failed, though. Hopefully things will get sorted out eventually. Until then I've been temporarily installing magisk to run backups and then uninstalling it.
Did you mean just com.google.android.gms process? Should be that + com.google.android.gms.unstable for most A11+ installations...And did you check S/N and PI results without Magisk?; That would indicate if inbuilt fixes are working... PW
I had added all of Google Play Services to the denylist, that includes com.google.android.gms and com.google.android.gms.unstable, and a lot of others. I tried again, and added just those 2 to the deny list, and it appears to have worked.
The integrity checks pass, both with unrooted xiaomi.eu, and with magisk with those 2 added to the deny list, without the USNF module.
My banking app still fails, though (it works with unrooted xiaomi.eu). But that's another issue. I suspect it's trying to check something else I haven't figured out, yet.
Thank you!
Attachments
You shouldn't deny most Google stuff... You may have unexpected issues... Only we only need those two gms services added... If you hide Chrome components for example, you may break webview for other apps depending on Android version...
Good to know XiaomiEU has current SNF...Certainly is... An no surprise...
Can you say app?
Welcome...
PWThe banking app is BDO.You shouldn't deny most Google stuff... You may have unexpected issues... Only we only need those two gms services added... If you hide Chrome components for example, you may break webview for other apps depending on Android version...
Certainly is... An no surprise...
Can you say app?
Welcome...
Attachments
Easy one:
My device:
Xiaomi RN8T stock A11 MIUI,
Magisk Canary 25209,
Magisk App hidden in stub,
Latest Shamiko public release (for proper root hiding),
LSPosed Hide My AppList module configured to hide all apps associated with root,*
OEM unlocking disabled,*
USB debugging disabled,*
Developer options disabled.*
* = confirmed not needed for your app.
I suspect just using proper root hiding (Shamiko or other) should get you going... And maybe you haven't taken Hide the Magisk app option in Magisk app?...
PW
Last edited:
Thank you for trying all that. I'm still not able to get it to work. Magisk was hidden already. I added Shamiko, but it still failed. I also added LSPosed and Hide My AppList, but it still failed even with those.Easy one:
View attachment 5874301
My device:
Xiaomi RN8T stock A11 MIUI,
Magisk Canary 25209,
Magisk App hidden in stub,
Latest Shamiko public release (for proper root hiding),
LSPosed Hide My AppList module configured to hide all apps associated with root,*
OEM unlocking disabled,*
USB debugging disabled,*
Developer options disabled.*
* = confirmed not needed for your app.
I suspect just using proper root hiding (Shamiko or other) should get you going... And maybe you haven't taken Hide the Magisk app option in Magisk app?...
Just checked and this app works for me w/o Shamiko hiding (ie with Denylist enforced)...
Please give device details; ROM, any custom recovery, any unusual mods...
Try with all modules other than USNF disabled (reboot and check still have PI deviceIntegrity)... And are you clearing app data before each test? App in denylist of course(?)...
Please show Momo and Ruru detector results... PW
You can disable this in LineageOS... I think you can in most ROMs, but apparently it doesn't show in some...
Wasn't needed for the app mentioned anyway... You can leave as is if it's not detected... PW
Similar threads
- Sticky
Top Liked Posts
-
1
You are quoting my mail that was an answer to somebody what is Magisk Alpha and then you write about Magisk Delta?!
MagiskmDelta and Magisk Alpha are totally different forks
And Magisk Delta (you write in your mail) is not Chinese but Vietnamese developer
Besides, I run Delta (again, Delta is not Alpha) on one of my phones and it is excellent. It has nothing AI. But you need to set it properly. If interested, please read the posts in XDA Magisk DELTA thread. There, you can also find where to download Delta, etc -
7
No, Alpha is not from TJW, it's not from the official Magisk channel
Magisk Alpha is a fork by Chinese developers, contributors to the official Magisk development, where a subgroup of them also own the development of Shamiko and LSPosed modules (hence, they are not outsiders!!!)
They have also developed Momo, and eg Native Test, hence no wonder that you cannot fully hide 'root' from those detectors
However, they don't participate on XDA, they have TG channel exclusively in Chinese (and it's tricky to obtain the invitation link), and Alpha, as well as Shaniko and LSPosed (and Momo and Native Test aka Minotaur) are not open source projects.
And, be aware that telemetry is built into the Alpha
Bellow is the XDA thread about Alpha, if you have further questions please ask there (here it's OT), that other Alpha users (but not Alpha developers) could answer you:
[Discussion] Magisk Alpha (Public Released) fork - @vvb2060
This is the spot for the General Support...
forum.xda-developers.com
Btw, take a time to read through the thread. Although things are constantly changing, first few pages from the spring of 2022 are interesting from the historical point of view. Also, you will find different opinions about the closed source development, telemetry (later introduced), their forcing of Chinese on TG channel, user experiences when they tried to argue about something with them, etc
In short, it's for mavericks, not for the ordinary Magisk users5
Try my module:
[MODULE] Play Integrity Fix [SafetyNet fix updated fork]
PLAY INTEGRITY FIX A Magisk (and Zygisk)...
forum.xda-developers.com
Or try 1.3 version of Displax:
54
Not sure why you needed MHPC fingerprint with stock ROM... are you using 'force basic ' function too?
You can use this module without MHPC as it sets a (very old) fingerprint and mismatched model props targeting GMS droidguard/attestation process which is better than MHPC globally set props and also allows some devices to meet new Play Integrity APIs deviceIntegrity verdict... If Google doesn't enforce hardware backed server end basic only evaluationType for your device you may have deviceIntegrity with matching fingerprint/security patch values as set by MHPC, but it's likely you'd only pass old S/N ctsProfileMatch that way...
The new USNF (and newer PIF) solutions with work fairly universally on their own and are better for the current PI API anyway... Nb. If not setting props globally for other purposes you should disable MHPC as sensitive prop function will still operate by default (ie. when module is active but not configured) and is duplicated in USNF anyway...
PW -
180Universal SafetyNet Fix [MOD]Hello. This is my modification [FORK] of the original Universal SafetyNet Fix module from @kdrag0n.
Magisk module
Created for the (temporary?) restoration of working capacity in the conditions of constant change of verification algorithms from Google.
If you can`t wait for update original kdrag0n`s project - feel free to use my little "experimental sandbox"
Usage:
1. Delete/disable/reset MagiskHidePropsConfig (if installed).
2. Just install it over old Universal SafetyNet Fix (if present) and reboot device.
3. You may be needed to wipe GMS data (not cache) if there is no result immediately.
4. Make sure that your SELinux mode sets to Enforcing! Otherwise, run thesetenforce 1command.
Сhecking the results:
Play Integrity API: https://play.google.com/store/apps/details?id=gr.nikolasspyr.integritycheck
SafetyNet API: https://play.google.com/store/apps/details?id=rikka.safetynetchecker
Changelog:
v2.4.0-MOD_2.0
* Fix KernelSU support. You still need "ZygiskOnKernelSU".
* Fix WiFi calling on some devices (and maybe other related issues) by moving changing *ro.product.first_api_level* from global namespace to GMS only.
* Pass *MEETS_STRONG_INTEGRITY*. By default you need device that launched with Android 13+ or custom ROM that manipulate with *ro.product.first_api_level* (>= 33 / or `null` / or not present).
If you want to play with it more complex - use separate inherited module (delete mine first): https://forum.xda-developers.com/t/module-play-integrity-fix.4607985/
v2.4.0-MOD_1.3
* Fix "stat /sys/fs/selinux" access time reading. Also removed archaic MIUI cross-region shenanigans. Thanks to PR by aviraxp!
* Ignore props changing on Xiaomi.eu. This fixes randomly attestation failings. So strange ROM...
* Added Riru version back. Remember that is need old MagiskHide support (and adding com.google.android.gms/com.google.android.gms.unstable to HideList) !
* Added microG version. Note there is some strange behavior that GMS can crash while run SN attest more than 2 times in one session. Just do not do this. This behavior should not affect applications in real life.
v2.4.0-MOD_1.2
* Fix crash and endless tests loop/failing on Android < 9.0 (bug from original version 2.4.0).
* Do not unpatch (revert) changes. To prevent possible tests failing after a while on some ROMs (cross conflicts).
v2.4.0-MOD_1.1
* Fix KeyStore hook desynchronization (tests randomly failing problem).
v2.4.0-MOD_1.0
* It is now based on top of original v2.4.0 codebase instead of v2.3.1, with adding new hiding algorithm for current realities and some code refreshing.
Inherited module with forcing STRONG implementation: https://forum.xda-developers.com/t/module-play-integrity-fix.4607985/
Downloads: at the bottom of this post or GitHub Releases
Source code: GitHub32MOD updated to v.1.3 !
- Fix "stat /sys/fs/selinux" access time reading. Also removed archaic MIUI cross-region shenanigans. Thanks to PR by aviraxp!
- Ignore props changing on Xiaomi.eu. This fixes randomly attestation failings. So strange ROM...
31MOD updated to v.2.0 !
- Fix KernelSU support. You still need "ZygiskOnKernelSU".
- Fix WiFi calling on some devices (and maybe other related issues) by moving changing *ro.product.first_api_level* from global namespace to GMS only.
- Pass *MEETS_STRONG_INTEGRITY*. By default you need device that launched with Android 13+ or custom ROM that manipulate with *ro.product.first_api_level* (>= 33 / or `null` / or not present). If you want to play with it more complex - use separate "-STRONG" build. NOTE: Various system issues are possible on "-STRONG" build!
Related commit for STRONG: https://github.com/Displax/safetynet-fix/commit/79f6ef22db5eeb717c57a9bd00ee90b8d7cd2201
New posts
-
OneUI 5.1 for Exynos Galaxy S10 series- Latest: Fooking Rekt
-
Question Confessions: How I Got Addicted to Blood Balance Australia
- Latest: BloodAuBalance
