SafetyNet FIX - Google Update [March 2020]

Search This thread

drup88

Senior Member
Jun 21, 2013
267
35
Melbourne
Im not sure what i did but as soon as i installed riru, edxposed and edxposed manager - i lost CTSprofile.
uninstalled the above then reapplied boot img, then lost basic Integreity. Cant seem to get anything back now =[

Any advice?

update:: i uninstalled riru, riru hook method (YAHFA in my case) and EdXposed then cleared data on google play services.
Back to normal. goodluck future troubleshooters!
 
Last edited:
  • Like
Reactions: muniategui

muniategui

Member
Nov 17, 2017
13
2
Im not sure what i did but as soon as i installed riru, edxposed and edxposed manager - i lost CTSprofile.
uninstalled the above then reapplied boot img, then lost basic Integreity. Cant seem to get anything back now =[

Any advice?

update:: i uninstalled riru, riru hook method (YAHFA in my case) and EdXposed then cleared data on google play services.
Back to normal. goodluck future troubleshooters!

You saved my day i was missing the clear data on google play services thansk <3

I have magisk 20.4 tried to install the latest riru core and edxposed from magisk but didn't work, tried also with canary and with applist + safetynet pass enabled in exposed manager but didn't work... I'm on OP 7T pro with OxygenOS v10.0.5. After each try i've deleted the data of google services but the only way to avoid false in both checks was to remove core and edxposed :(
 
Last edited:

ScrapMaker

Senior Member
Jan 23, 2008
969
82
i find one more solution for the people have radio android head unit
watch de video
youtube.com/watch?v=9rsJHPj2X0w

I'm failing CST profile match on Pixel 4 XL Android 11 Beta 2, without even having Magisk installed. I have factory reset, and flashed several times to no avail.
 

Didgeridoohan

Forum Moderator / Developer Relations
Staff member
May 31, 2012
11,423
11,632
Gothenburg
Google Nexus 4
Nexus 6
I'm failing CST profile match on Pixel 4 XL Android 11 Beta 2, without even having Magisk installed. I have factory reset, and flashed several times to no avail.

If you have your bootloader unlocked you will always fail CTS. Magisk used to be able to hide the bootloader state, but now that Google is rolling out hardware backed key attestation to check if it's unlocked there's nothing we can do about it. There's currently a way to fool SafetyNet to not use the hardware check, but that'll only work as long as Google doesn't roll it out universally.
 

ScrapMaker

Senior Member
Jan 23, 2008
969
82
Try enabling magisk hide maybe .

Sent from my angler using XDA Labs

Oddly enough, I cannot seem to enable MagiskHide on my Pixel 4 XL running Canary Manager ec2d7d77 (290) (9), and Magisk Canary 97b72a59 (20419). I have flashed the stock boot.img back, forced the app to re-install itself from the Canary channel, and re-patched... Same result. The toggle for MagiskHide moves over, but it doesn't save any of the actual settings. I can go right back to the page after selecting apps to hide, and they're not highlighted. I had this problem once upon a time, and it was because I wasn't aware I had to toggle MagiskHide in the preferences.

Leaves me scratching my head on this one. I'm almost wondering if Root is not really working, despite Root Explorer and Tasker both thinking I have it. None of the actual root operations are working, like controlling mobile data toggle in Tasker, or Secure Settings.
 

Zulfi

Senior Member
Aug 28, 2008
1,042
328
Pune
If you installed EdXposed it caused to screen always on(Display never off automiticaly) that's very dengourus for screen, it will get screen burn.
 

Jaiiiiiiiii

Member
Dec 20, 2016
39
2
I have a weird problem. I pass both cts and basic integrity but my playstore play protect is not certified. Running on evolution x. Recently installed and uninstalled edxposed. Shoul i go for magic props fix? Or i just need to do something easier.

Thanks
 

CiriousJoker

Member
Nov 30, 2016
25
3
Is it possible to bypass hardware attestation by using a modified kernel?

Also, even if we can't fake safety net itself, can we modify each safety net app individually. If a banking app makes a safety net request, in the end it all boils down to one if statement, can't we bypass that one?

What about emulating the whole operating system, including security chip hardware. Basically like a full virtual machine that we just have for those few select banking apps. Since the app can't talk directly to the security chip, I assume we can emulate it somehow? I'm sure I must be missing something here though..
 

Didgeridoohan

Forum Moderator / Developer Relations
Staff member
May 31, 2012
11,423
11,632
Gothenburg
Google Nexus 4
Nexus 6
Is it possible to bypass hardware attestation by using a modified kernel?

Also, even if we can't fake safety net itself, can we modify each safety net app individually. If a banking app makes a safety net request, in the end it all boils down to one if statement, can't we bypass that one?

What about emulating the whole operating system, including security chip hardware. Basically like a full virtual machine that we just have for those few select banking apps. Since the app can't talk directly to the security chip, I assume we can emulate it somehow? I'm sure I must be missing something here though..

It's very unlikely to be that easy:
https://www.xda-developers.com/safetynet-hardware-attestation-hide-root-magisk
 

CiriousJoker

Member
Nov 30, 2016
25
3
Turns out modifying each app individually won't work if the apps implement this properly and verify the request on their server.

What about locking the bootloader after installing the ROM and Magisk on it? So the flow would be: Unlock bootloader, install ROM, install Magisk, lock bootloader, set up device. I heard that this could brick your device, but can't you always flash stock OTA through preinstalled recovery to get the device back (while wiping data ofc, but at least its not bricked?)?
 

Didgeridoohan

Forum Moderator / Developer Relations
Staff member
May 31, 2012
11,423
11,632
Gothenburg
Google Nexus 4
Nexus 6
Turns out modifying each app individually won't work if the apps implement this properly and verify the request on their server.

What about locking the bootloader after installing the ROM and Magisk on it? So the flow would be: Unlock bootloader, install ROM, install Magisk, lock bootloader, set up device. I heard that this could brick your device, but can't you always flash stock OTA through preinstalled recovery to get the device back (while wiping data ofc, but at least its not bricked?)?

Generally, an OTA cannot be flashed on a modified system. And you can't flash anything else without an unlocked bootloader (there are of course exceptions, but those devices are a minority).
 

brentonv

Senior Member
Aug 7, 2018
87
12
update:: i uninstalled riru, riru hook method (YAHFA in my case) and EdXposed then cleared data on google play services.
Back to normal. goodluck future troubleshooters!

Thanks @drup88 I found that I only needed to disable EdXposed Magisk module, reboot and clear data on Google Play services then SafetyNet passes. Not too painful if you really need an app to pass SafetyNet. I'm using Magisk canary v20419 & EdXposed canary v0.5.0.0 on Android 10 (crDroid 6.8).
 

Top Liked Posts

  • There are no posts matching your filters.
  • 22
    Here is the fix for those who have SafetyNet problem.

    Flash Latest Magisk: https://github.com/topjohnwu/Magisk/releases/latest
    Download and Install Latest Riru-Core Module(Magisk): https://github.com/RikkaApps/Riru/releases/latest
    Download and Install Latest YAHFA Module(Magisk): https://github.com/ElderDrivers/EdXposed/releases/latest
    Download and Install Latest EdXposedManager: https://github.com/ElderDrivers/EdXposedManager/releases/latest
    Download and Install Latest HiddenCore Module(EdXposed): https://repo.xposed.info/module/com.cofface.ivader

    Screenshots:
    3GB0IFl.jpg

    TADAtFi.jpg

    KX7s1LN.jpg
    14
    It's a shame that Google does everything to annoy people who just want to do whatever they want with their phone, something they bought.
    9
    The main point is: how far can we trust HiddenCore? It is (was?) closed source, old thread on it here in XDA suggests it may be MALWARE, or can be just a COSMETIC thing by hooking magisk/system when reporting green SafetyNet.

    I really don't know, but I prefer not to use it.

    Thread on it:
    https://forum.xda-developers.com/xposed/modules/hiddencore-module-doing-t3903984

    If it seems open source now I'd suggest to better/deeper investigate its code and build from source before using it. At least by some recognized developer.
    3
    This is NOT a solution... This s*** only fakes SafetyNet results in Magisk Manager and Google Play... plus the phone's display never goes off after x seconds/minutes (idle).
    I can't download Netflix in Google Play with this but I can without (even if "Uncertified" device is displayed).
    3
    Well looking at the replies, this module only fakes the status of the CTS profile. But most banking apps still work.

    I just had one problem that chrome crashes whenever I open it. Everything else seems fine. Any fixes for this "chrome issue"

    Poco F1 - 11.0.6 EU plus Sesh 5.1 kernel
    Magisk 20.3
    magisk riru core 19.7
    edXposed YAHFA 0.4.6.1 (4991)
    edXposed installer 2.2.4
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone