[MODULE] Play Integrity Fix [SafetyNet fix updated fork]

Search This thread
By:
Advanced…
chiteroman

chiteroman

Senior Member
Nov 4, 2019
518
561
22
Oviedo
Xiaomi Poco X3 Pro
PLAY INTEGRITY FIX


A Magisk (and Zygisk) module that works as an alternative to safetynet-fix.

Which module is better? Which one should I use?
The answer is the one that works best for your device, the best thing to do is to try Displax first and if it works well for you, then stick with that one.
However, some devices THAT HAVE BEEN RELEASED with Android 13 or higher have problems using the Displax module because the "ro.product.first_api_level" property is altered in all namespaces (except this version), which causes instability in the system, like Wi-Fi calling not working.

NOTE: Don't use kdrag0n module, it's outdated and doesn't work.

All devices THAT HAVE BEEN RELEASED with Android 13 or higher will force a hardware attestation (HARDWARE_BACKED), so unless you manage to hack the TEE (and the StrongBox if there is one) of your device (good luck :p) you will never be able to get the DEVICE verdict.

Google checks the integrity of your device by collecting data from the process "com.google.android.gms.unstable", this calls DroidGuard which we could say is Google's anticheat for Android. The point is that Google checks through a native library (.so) the property "ro.product.first_api_level", if this property is higher than 32 or doesn't exist (empty string) it will force a hardware attestation.
What my module does is to force the value of this property to 25, thus forcing a simple (BASIC) attestation. In addition, my module includes some changes in the implementation of the Zygisk library and the Java code that is injected, which makes it (in theory) work on more devices.

Download the latest version:
github.com

Release v8.6 · chiteroman/PlayIntegrityFix

Remove a lot of useless code in final shared libraries Improved Java code Allow MagiskHidePropsConfig to be installed (needed for few devices, check #3 issue on GitHub) Disable safetynet-fix instea...
github.com github.com
 
Last edited:
  • Like
  • Love
Reactions: joan1280, Dior DNA, Klinsmann (Capt) and 90 others
Lord Sithek

Lord Sithek

Senior Member
Dec 19, 2018
1,456
781
Xiaomi Redmi Note 4
Huawei Watch 2
swer45 said:
A module fork of @Displax one: https://forum.xda-developers.com/t/module-mod-universal-safetynet-fix.4553699/

With this module you will fix Play Integrity veredicts including Strong one (until Google fixes it).

Remember to remove any other modules like safetynet-fix which may affect the functionality of this module.


To read logs use this command:
adb shell "logcat | grep 'SNFix'"

Check your first_api_level prop:
adb shell getprop ro.product.first_api_level


If your device fail Device/Basic make sure you have Shamiko module installed. If you found any bug @ me and send logs.


TODO:
- Spoof hardware bootloader (local) attestations in deny list :D.
Click to expand...
Click to collapse
Thanks for your great efforts, as well as @Displax, @kdrag0n and others who contributed 🫶
 
  • Like
Reactions: Wolfcity, simpleatom7, Catfriend1 and 4 others
J

jons99

Senior Member
Nov 5, 2019
346
382
swer45 said:
A module fork of @Displax one: https://forum.xda-developers.com/t/module-mod-universal-safetynet-fix.4553699/

With this module you will fix Play Integrity veredicts including Strong one (until Google fixes it).

Remember to remove any other modules like safetynet-fix which may affect the functionality of this module.


To read logs use this command:
adb shell "logcat | grep 'SNFix'"

Check your first_api_level prop:
adb shell getprop ro.product.first_api_level


If your device fail Device/Basic make sure you have Shamiko module installed. If you found any bug @ me and send logs.


TODO:
- Spoof hardware bootloader (local) attestations in deny list :D.
Click to expand...
Click to collapse
is this a modification to the displax mod of kdrag0ns module?
what's the difference?
 
shoey63

shoey63

Recognized Contributor
Jun 5, 2012
4,244
4,361
Somewhere in Oz...
Sony Xperia XZ2 Premium
ASUS ROG Phone 3
Almost perfect on ROG phone 3 😋
Screenshot_20230721-234003.jpg



Screenshot_20230721-234026_1.jpgScreenshot_20230721-233936_1.jpg
 
  • Like
  • Love
Reactions: chiteroman and jons99
m0han

m0han

Senior Member
Apr 30, 2012
5,778
2,880
OnePlus 11
Poco X3 Karna, AICP A12.1, Magisk Delta Canary, Riru. All good on TB Checker.
 

Attachments

  • IMG_20230722_000935_161.jpg
    IMG_20230722_000935_161.jpg
    52.5 KB · Views: 968
  • Love
Reactions: chiteroman
m0han

m0han

Senior Member
Apr 30, 2012
5,778
2,880
OnePlus 11
Anyone have success on OnePlus 11 5G?
I'd check if I could get the device rooted nice and proper. I could use some help. Anyone?
 
chiteroman

chiteroman

Senior Member
Nov 4, 2019
518
561
22
Oviedo
Xiaomi Poco X3 Pro
I tried to spoof a fake root of trust and it worked! But only works in Key Attestation Demo because it's a very simple app, when I want to try it with a real app like CIB it crashes and in Momo it gives an error of "Service not responding". Also sometimes the system crashes and it's very easy to detect.

Solution? Use my Xposed module (easy to detect) or modify framework.jar and implement hook by yourself (better).

So this module won't have that option.
 
  • Like
Reactions: osm0sis, pndwal and V0latyle
V

vindicatorr

Member
Jan 20, 2013
49
8
Same triple fails as I got with Displax :confused:...
Code: 
07-21 19:20:37.264  3689  3689 I SNFix/Zygisk: Dex size in memory: 9000
07-21 19:20:37.305  3689  3689 I SNFix/Zygisk: __system_property_read_callback handle: 0x79b3f2e3a4
07-21 19:20:37.305  3689  3689 I SNFix/Zygisk: Get system class loader
07-21 19:20:37.305  3689  3689 I SNFix/Zygisk: Create InMemoryDexClassLoader
07-21 19:20:37.306  3689  3689 I SNFix/Zygisk: Load class
07-21 19:20:37.307  3689  3689 I SNFix/Zygisk: Call init
07-21 19:20:37.311  3689  3689 D SNFix/Java: [null] Entry point: Initializing SafetyNet patches
07-21 19:20:37.311  3689  3689 D SNFix/Java: [null] Initializing SecurityBridge
07-21 19:20:37.312  3689  3689 D SNFix/Java: [null] Real provider=AndroidKeyStore version 1.0, keystore=java.security.KeyStore@e6c07a, spi=android.security.keystore2.AndroidKeyStoreSpi@941502b
07-21 19:20:37.314  3689  3689 D SNFix/Java: [null] Init proxy provider - wrapping AndroidKeyStore version 1.0
07-21 19:20:37.314  3689  3689 D SNFix/Java: [null] Removing real provider
07-21 19:20:37.314  3689  3689 D SNFix/Java: [null] Inserting provider AndroidKeyStore version 1.0
07-21 19:20:37.315  3689  3689 D SNFix/Java: [null] Security hooks installed
07-21 19:20:37.315  3689  3689 D SNFix/Java: [null] Patch DEVICE_INITIAL_SDK_INT prop. Set it to: 26
07-21 19:20:37.315  3689  3689 I SNFix/Zygisk: Cleaning...
07-21 19:20:37.426  3689  3689 D SNFix/Java: [com.google.android.gms.unstable] Provider: get service - type=CertificateFactory algorithm=X.509
07-21 19:20:37.489  3689  3689 D SNFix/Java: [com.google.android.gms.unstable] Provider: get service - type=KeyStore algorithm=BKS
07-21 19:20:37.489  3689  3689 D SNFix/Java: [com.google.android.gms.unstable] Patch PRODUCT prop. Set it to: walleye
07-21 19:20:37.489  3689  3689 D SNFix/Java: [com.google.android.gms.unstable] Patch DEVICE prop. Set it to: walleye
07-21 19:20:37.489  3689  3689 D SNFix/Java: [com.google.android.gms.unstable] Patch MODEL prop. Set it to: Pixel 2
07-21 19:20:37.489  3689  3689 D SNFix/Java: [com.google.android.gms.unstable] Patch FINGERPRINT prop. Set it to: google/walleye/walleye:8.1.0/OPM1.171019.011/4448085:user/release-keys
07-21 19:20:37.818  3689  3743 D SNFix/Java: [com.google.android.gms.unstable] Provider: get service - type=KeyStore algorithm=AndroidKeyStore
...
07-21 19:20:37.818  3689  3743 D SNFix/Java: [com.google.android.gms.unstable] Init proxy KeyStore SPI
07-21 19:20:37.819  3689  3743 D SNFix/Java: [com.google.android.gms.unstable] Provider: get service - type=KeyPairGenerator algorithm=EC
07-21 19:20:37.819  3689  3743 D SNFix/Java: [com.google.android.gms.unstable] Provider: get service - type=KeyPairGenerator algorithm=EC
07-21 19:20:37.939  3689  3743 D SNFix/Java: [com.google.android.gms.unstable] Provider: get service - type=KeyStore algorithm=AndroidKeyStore
...
07-21 19:21:57.518  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Provider: get service - type=KeyStore algorithm=AndroidKeyStore
07-21 19:21:57.518  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Patch PRODUCT prop. Set it to: walleye
07-21 19:21:57.518  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Patch DEVICE prop. Set it to: walleye
07-21 19:21:57.518  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Patch MODEL prop. Set it to: Pixel 2
07-21 19:21:57.518  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Patch FINGERPRINT prop. Set it to: google/walleye/walleye:8.1.0/OPM1.171019.011/4448085:user/release-keys
07-21 19:21:57.518  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Init proxy KeyStore SPI
07-21 19:21:57.521  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Provider: get service - type=KeyPairGenerator algorithm=EC
07-21 19:21:57.552  3689  4388 I SNFix/Zygisk: Hacking first_api_level, original value: 31
07-21 19:21:57.806  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Provider: get service - type=KeyStore algorithm=AndroidKeyStore
07-21 19:21:57.806  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Patch PRODUCT prop. Set it to: walleye
07-21 19:21:57.806  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Patch DEVICE prop. Set it to: walleye
07-21 19:21:57.806  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Patch MODEL prop. Set it to: Pixel 2
07-21 19:21:57.806  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Patch FINGERPRINT prop. Set it to: google/walleye/walleye:8.1.0/OPM1.171019.011/4448085:user/release-keys
07-21 19:21:57.806  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Init proxy KeyStore SPI
07-21 19:21:57.812  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Proxy key store: get certificate chain
07-21 19:21:57.812  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Stack trace element: dalvik.system.VMStack.getThreadStackTrace(Native Method)
07-21 19:21:57.812  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Stack trace element: java.lang.Thread.getStackTrace(Thread.java:1841)
07-21 19:21:57.812  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Stack trace element: b.a.engineGetCertificateChain(SourceFile:1)
07-21 19:21:57.812  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Stack trace element: java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:513)
07-21 19:21:57.812  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Stack trace element: java.security.KeyStore.getEntry(KeyStore.java:1581)
07-21 19:21:57.812  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Stack trace element: com.google.ccc.abuse.droidguard.DroidGuard.initNative(Native Method)
07-21 19:21:57.812  3689  5502 D SNFix/Java: [com.google.android.gms.unstable] Blocking call
07-21 19:21:57.884  3689  5502 I SNFix/Zygisk: Hacking first_api_level, original value: 31
07-21 19:21:58.350  3689  5681 I SNFix/Zygisk: Hacking first_api_level, original value: 31
07-21 19:21:59.003  3689  3743 I SNFix/Zygisk: Hacking first_api_level, original value: 31
"$ getprop | grep -i walleye" results in nothing.
"Patch <*> prop", however "[ro.product.build.fingerprint]: [google/gsi_gms_arm64/gsi_arm64:13/T3B3.230413.003/9957835:user/release-keys]".
 
A

acwcanada

Senior Member
Mar 19, 2016
299
210
Displax's 2.4.0 pass device and basic, and his "Strong" passes all 3. I got "Red" on all 3 with yours, install Shamiko doesn't make any difference. My Pixel 6 Pro is on A14 Beta 4, have no idea if this is the reason.
 
  • Like
Reactions: simpleatom7
I

immortalwon

Senior Member
Mar 11, 2017
256
117
swer45 said:
A module fork of @Displax one: https://forum.xda-developers.com/t/module-mod-universal-safetynet-fix.4553699/

With this module you will fix Play Integrity veredicts including Strong one (until Google fixes it).

Remember to remove any other modules like safetynet-fix which may affect the functionality of this module.


To read logs use this command:
adb shell "logcat | grep 'SNFix'"

Check your first_api_level prop:
adb shell getprop ro.product.first_api_level


If your device fail Device/Basic make sure you have Shamiko module installed. If you found any bug @ me and send logs.

App to check Play Integrity: https://play.google.com/store/apps/details?id=gr.nikolasspyr.integritycheck
Click to expand...
Click to collapse

Works on one plus pro 9 and passes all play integrity checks even strong. Nice work but I don't give it long b4 being patched. A device with broken T.E.E keymaster sure is hilarious passing play integrity
 
  • Like
Reactions: simpleatom7, ipdev, chiteroman and 1 other person
You must log in or register to reply here.

Similar threads

T
  • Locked
  • Sticky
Magisk - The Magic Mask for Android
Replies
56
Views
6M
T
topjohnwu
T
  • Sticky
Magisk General Support / Discussion
Replies
57K
Views
6M
P
pndwal
Didgeridoohan
  • Sticky
[MODULE] [DEPRECATED] MagiskHide Props Config - SafetyNet, prop edits, and more - v6.1.2
Replies
7K
Views
1M
P
pndwal
Deic
[Magisk v14.0] Universal SafetyNet Fix | Universal Hide [v2 Beta 5]
Replies
2K
Views
874K
N
Noweir
T
  • Locked
[CLOSED][BETA][2018.7.19] Magisk v16.7 (1671)
Replies
7K
Views
3M
T
topjohnwu

Top Liked Posts

24 Hours 30 Days All time
  • 4
    chiteroman
    chiteroman
    zgfg said:
    BTW, IDK why do you delete the old versions from GitHub😒

    For Bootloader Spoofer, I see under Releases now only the latest v1.2

    Fortunately, I found v1.1 on my backup

    ---

    Ie, I just realized that on my Xiaomi.eu MIUI 12.5 (with Magisk Delta - IMO, it shouldn't matter) with Spoofer v1 2, KeyAttestation shows that Certificate is 'not trusted'

    With v1.1 it works perfectly, Bootloader is (spoofed to) locked

    Without Spoofer, Bootloader is unlocked but there is no problem with Certificate

    Screenshots attached
    Click to expand...
    Click to collapse
    Oh, seems like verify methods didn't hook well or there are more verify methods in your Android build. I'm working in a better solution.
    View
    1
    zgfg
    zgfg
    chiteroman said:
    Someone on Github post an issue about Wifi calling not working:

    wi-fi calling · Issue #2 · chiteroman/PlayIntegrityFix

    Samsung S23+, magisk 26.3, PIF 8.4. Works ok...
    github.com github.com

    Very strange, but I think I know where is the problem, so I uploaded a new test build. Hope this works and can pass BASIC and DEVICE.

    EDIT: Check OP.
    Click to expand...
    Click to collapse
    I don't use WiFi calling but Device and Basic are ok
    View
    1
    mcreuter83
    mcreuter83
    With MagistHideprops working too.
    chiteroman said:
    New test build !
    Click to expand...
    Click to collapse
    View
  • 11
    chiteroman
    chiteroman
    More than 3000 downloads, thanks to everyone guys 🥰

    I'm still searching a new "exploit" and turn green STRONG veredict ✔
    View
    10
    chiteroman
    chiteroman
    I have updated the main post to better explain what my module does and how DroidGuard works, in a very summarised way.
    View
    7
    chiteroman
    chiteroman
    Update to v8.2

    Changelog: https://github.com/chiteroman/PlayIntegrityFix/blob/main/changelog.md
    View
    6
    zgfg
    zgfg
    andrey-seo said:
    I Turned off the module in lsposed "disable secure flags" and reboot , but it's didn't help
    Click to expand...
    Click to collapse
    I asked you to uninstall Lucky Patcher

    You must also uninstall XPrivacyLua and not just uninstall but manually clean the garbage it leaves, because that garbage will still cause detections

    Please take your time and scroll about the older posts (and search on XDA, there are other similar threads and similar things are asked and answered here and there), eg XPrivacyLua was already mentioned several times when the other users had problems with, what to do, how, etc

    And you could test yourself. Remove everything else, have only Magisk, Zygisk, Shamiko, DenyList properly configured (there are posts end threads describing that) and this module and then test

    Then later you will see if you add your things like LP, Lua how they badly affect

    So you will see what you can have and what not
    View
    6
    chiteroman
    chiteroman
    .
    View
  • 93
    chiteroman
    chiteroman
    PLAY INTEGRITY FIX


    A Magisk (and Zygisk) module that works as an alternative to safetynet-fix.

    Which module is better? Which one should I use?
    The answer is the one that works best for your device, the best thing to do is to try     Displax first and if it works well for you, then stick with that one.
    However, some devices THAT HAVE BEEN RELEASED with Android 13 or higher have problems using the Displax module because the "ro.product.first_api_level" property is altered in all namespaces (    except this version), which causes instability in the system, like Wi-Fi calling not working.

    NOTE: Don't use kdrag0n module, it's outdated and doesn't work.

    All devices THAT HAVE BEEN RELEASED with Android 13 or higher will force a hardware attestation (HARDWARE_BACKED), so unless you manage to hack the TEE (and the StrongBox if there is one) of your device (good luck :p) you will never be able to get the DEVICE verdict.

    Google checks the integrity of your device by collecting data from the process "com.google.android.gms.unstable", this calls DroidGuard which we could say is Google's anticheat for Android. The point is that Google checks through a native library (.so) the property "ro.product.first_api_level", if this property is higher than 32 or doesn't exist (empty string) it will force a hardware attestation.
    What my module does is to force the value of this property to 25, thus forcing a simple (BASIC) attestation. In addition, my module includes some changes in the implementation of the Zygisk library and the Java code that is injected, which makes it (in theory) work on more devices.

    Download the latest version:

    Release v8.6 · chiteroman/PlayIntegrityFix

    Remove a lot of useless code in final shared...
    github.com github.com
    View
    13
    chiteroman
    chiteroman
    Updated and source code available:

    GitHub - chiteroman/PlayIntegrityFix: Fixes Play Integrity API (and SafetyNet) veredicts. IT DOESN'T PASS STRONG VEREDICT.

    Fixes Play Integrity API (and SafetyNet)...
    github.com github.com
    View
    12
    Displax
    Displax
    zgfg said:
    We made too big a fuss and it didn't go under the radar
    Click to expand...
    Click to collapse
    This bug was discovered a ≈ month ago and was open source, so it was only a matter of time ;)
    I just put it all together)
    View
    11
    chiteroman
    chiteroman
    More than 3000 downloads, thanks to everyone guys 🥰

    I'm still searching a new "exploit" and turn green STRONG veredict ✔
    View
    10
    chiteroman
    chiteroman
    I have updated the main post to better explain what my module does and how DroidGuard works, in a very summarised way.
    View

New posts