Question Safetynet fix for Android 12?

Search This thread

KaiserSnorezay

Senior Member
Jan 26, 2012
142
17
Sydney
Nexus 9
OnePlus 3
So the latest 31.0810.1226.77-1.1.138-2203 update has introduced Android 12..and killed Safetynet bypass. The kdragon Safetynet fix 2.2.1 no longer works and the device doesn't pass basic attestation either. Is there a workaround that doesn't involve unrooting it or are we ****ed for the time being? Goddamn Magisk had to deprecate their Magiskhide and safetynet bypass features. /rant
 

BakaValen

Senior Member
May 17, 2011
78
3
ASUS ROG Phone 5
Just re-flash magisk should be enough. Else re-flash safetynet-fix-v2.2.1.zip after magisk.
course if you havent got TWRP installed you would have to re-flash the boot.img to get magisk working again.
 

KaiserSnorezay

Senior Member
Jan 26, 2012
142
17
Sydney
Nexus 9
OnePlus 3
I usually do that after every firmware update, reflashing the patched boot.img, and I already had the latest kdrag0n safetynet fix (2.2.1 as of now). This time after restarting on android 12, safety net failed and the Google pay app reported that my device is no longer certified. Guess I'll try again. Wait..is there finally now a TWRP for ROG 5? I miss using it from my old 1+3.

Edit - didn't work.
 
Last edited:

BakaValen

Senior Member
May 17, 2011
78
3
ASUS ROG Phone 5
There is no TWRP for A12.
You will have to make a new patched boot image for A12. Go to Magisk and patch boot.img taken from Payload.bin (Payload dunper required) and flash it. That will get you root back.
Then you can use the universal safety net fix zip inside magisk.
 

KaiserSnorezay

Senior Member
Jan 26, 2012
142
17
Sydney
Nexus 9
OnePlus 3
Did the same process I've followed for every system update - patch boot.img with the payload dumper and patch script as described in this forum before applying the update, and flash it afterwards. The safetynet fix that had already been installed and working under 11 stopped, and removing and reapplying it does nothing.
 

BakaValen

Senior Member
May 17, 2011
78
3
ASUS ROG Phone 5
Flash version 2.2.1.
I'm telling you. There is a process not being done correctly.
I'm on the latest A12 for the 5s with safetynet pass.
Send screenshots of install process (magisk black screen bit)
 

KaiserSnorezay

Senior Member
Jan 26, 2012
142
17
Sydney
Nexus 9
OnePlus 3
Flash version 2.2.1.
I'm telling you. There is a process not being done correctly.
I'm on the latest A12 for the 5s with safetynet pass.
Send screenshots of install process (magisk black screen bit)
Yes, I'm using 2.2.1. The flashing process appears to have worked, as shown -
It's the latest Magisk with zygisk enabled. FWIW here's the result of running safetynet test also.
 

Attachments

  • Screenshot_20220528-190100004 (1).png
    Screenshot_20220528-190100004 (1).png
    42.2 KB · Views: 28
  • Screenshot_20220528-191042977 (1).png
    Screenshot_20220528-191042977 (1).png
    97.1 KB · Views: 27
Last edited:

Andrologic

Senior Member
Apr 29, 2016
256
1
108
Huawei Nexus 6P
Huawei Mate 20 X
Yes, I'm using 2.2.1. The flashing process appears to have worked, as shown -
It's the latest Magisk with zygisk enabled. FWIW here's the result of running safetynet test also.

Are you running Shamiko withLSPosed/Xprivacy + blocking tracking for Goog Play Services and the relevant apps? Safetynetfix 2.2.1 alone is no longer a full solution whether you're on A11 or A12 and regardless of your Magisk version...
 

KaiserSnorezay

Senior Member
Jan 26, 2012
142
17
Sydney
Nexus 9
OnePlus 3
If you mean adding play services to the deny list, then yes. Got rid of xprivacylua as it didn't help. Used it to block reading identifiers and tracking for play services and other components, to no avail. Right now even the basic integrity test is failing.
Update - Installed Shamiko, disabled the 'enforce denylist' in Magisk so that it takes over the job and rebooted..and nothing different.
 
Last edited:

KaiserSnorezay

Senior Member
Jan 26, 2012
142
17
Sydney
Nexus 9
OnePlus 3
Don't know WTF is wrong this time, compared to every previous time it would just simply upgrade with no problems.
  • Installed this month's system update.
  • Uninstalled Magisk.
  • Patched the boot.img with Magisk, flashed it.
  • Reinstalled the Magisk apk. It was rooted, all my settings and modules showed up as usual.
  • Toggled zygisk to off, just to be sure, restarted, turned it back on, restarted.
  • NOTHING. Again the ****ing Safetynet fails.
 

Strephon Alkhalikoi

Senior Member
Aug 3, 2010
7,189
3,305
Vulcan
Samsung Galaxy S4
Nexus 6
Don't know WTF is wrong this time, compared to every previous time it would just simply upgrade with no problems.
  • Installed this month's system update.
  • Uninstalled Magisk.
  • Patched the boot.img with Magisk, flashed it.
  • Reinstalled the Magisk apk. It was rooted, all my settings and modules showed up as usual.
  • Toggled zygisk to off, just to be sure, restarted, turned it back on, restarted.
  • NOTHING. Again the ****ing Safetynet fails.
Google changed something today, as Google Pay now detects root when I had used it just yesterday without issue. It appears the safetynet fix needs fixing.
 

Andrologic

Senior Member
Apr 29, 2016
256
1
108
Huawei Nexus 6P
Huawei Mate 20 X
Google changed something today, as Google Pay now detects root when I had used it just yesterday without issue. It appears the safetynet fix needs fixing.

Re-check that all GPay sub components are added to your Shamiko deny list and Shamiko configured properly (i.e with Magisk's own deny disabled). Also check and ensure that tracking is blocked for Gpay in Xprivacy.

If you don't have any one of those installed - you need it to be completely covered. Even if you pass Saftynet. Safetynet Fix and Magisk hide alone won't cut it, at least not currently. Tough apps like banking and payment apps will detect you.

Many people skip one or more of these and run into frustration with root detection..
 

KaiserSnorezay

Senior Member
Jan 26, 2012
142
17
Sydney
Nexus 9
OnePlus 3
I noticed that if I add Google play services (all components) to the Magisk deny list, it doesn't persist after reboot. Could that be it? Is it unable to modify the system partition? I'm using Shamiko, with Magisk enforce deny list option disabled.
 

Strephon Alkhalikoi

Senior Member
Aug 3, 2010
7,189
3,305
Vulcan
Samsung Galaxy S4
Nexus 6
Re-check that all GPay sub components are added to your Shamiko deny list and Shamiko configured properly (i.e with Magisk's own deny disabled). Also check and ensure that tracking is blocked for Gpay in Xprivacy.

If you don't have any one of those installed - you need it to be completely covered. Even if you pass Saftynet. Safetynet Fix and Magisk hide alone won't cut it, at least not currently. Tough apps like banking and payment apps will detect you.

Many people skip one or more of these and run into frustration with root detection..
It may be a glitch, as GPay is currently not complaining about root when I pull up one of my stored cards. Regardless, I don't have Shamiko installed, but will look into it so long as it doesn't require Xposed or any of its derivatives.

EDIT: Confirmed to be a glitch. Not more than five minutes prior to this edit I used GPay without trouble.
 
Last edited:

KaiserSnorezay

Senior Member
Jan 26, 2012
142
17
Sydney
Nexus 9
OnePlus 3
Did some more testing, given I had to install the latest June firmware anyway. Fully removed Magisk (I hadn't done this earlier) and reinstalled, it passes. The culprit for failure turned out to be LSPosed. When enabled, it fails SafetyNet. I can manage without it but if anyone knows a workaround please do tell.