How To Guide Working SafetyNet with Pixel 6 Pro Android 12

Search This thread

Jerreth

Senior Member
Mar 9, 2011
496
110
Oregon
New to the safetynet stuff and hiding magisk but i have followed the instructions and when i do a safteynet check it says i pass but google pay is still non-functional it states it is "unable to load your payment info" does anyone have any ideas? i am on the January update with the canary magisk and p6pro
 

crypticc

Senior Member
Aug 22, 2009
1,164
139
London
thanks very much for this guide. FYI the flash Verity vbmeta thing caused my phone to refuse to boot / reporting corrupt. I reflashed the regular boot.img unpacked from the stock FW image and it booted fine and then I redid without that step and all is well.
FYI I then found on the stock>root thread that the vbmeta step no longer needed on latest canary.
 

crypticc

Senior Member
Aug 22, 2009
1,164
139
London
New to the safetynet stuff and hiding magisk but i have followed the instructions and when i do a safteynet check it says i pass but google pay is still non-functional it states it is "unable to load your payment info" does anyone have any ideas? i am on the January update with the canary magisk and p6pro
did you select to reveal system apps and also hide the google play services and related stuff?
 

dilligaf56

Senior Member
Feb 22, 2011
165
45
SoCal, USA
Just noticed the update to the OP. Does anyone have a link to the version of the Chase app apk that will work with the fingerprint scanner?

Also, in Google Pay, I can add my Discover card but when I try to add my Citibank Visa, it fails after trying to talk to the bank. It worked fine on my rooted LG V20. The P6P passes SafetyNet fine. Anyone have an idea as to how I can get this to work? TIA.
 

edmondt

Senior Member
Mar 21, 2006
633
268
Toronto
Workaround for what? Just follow the OP and Google Pay will work fine.
No it hasn't been working at all; yes you can launch Google Pay etc, but you cannot actually add a Credit Card and use it.
 

Attachments

  • Screenshot_20220125-015759.png
    Screenshot_20220125-015759.png
    80.5 KB · Views: 34

roirraW "edor" ehT

Forum Moderator
Staff member
Just noticed the update to the OP. Does anyone have a link to the version of the Chase app apk that will work with the fingerprint scanner?
I didn't need a particular version. Set up the fingerprint with the Chase app while running the stock, unrooted kernel (boot.img). Then put the custom and/or rooted kernel back on the phone and it'll keep working as long as you're following all the steps in the OP as well.

I already had the Chase app working (without fingerprint) before updating to the January update via the full factory image (without wiping), so while I was flashing, I boot the phone once fully stock (I do that anyway, just to make sure there's no problem yet), set the fingerprint reader up in the Chase app, then I flashed the newly Magisk'd boot.img from the January update.

Once my custom kernel of choice was updated for January, I flashed it as well. Everything still works.
 
  • Like
Reactions: dilligaf56

Gordietm

Senior Member
Sep 11, 2012
2,107
587
Toronto
Google Pixel 6 Pro
I didn't need a particular version. Set up the fingerprint with the Chase app while running the stock, unrooted kernel (boot.img). Then put the custom and/or rooted kernel back on the phone and it'll keep working as long as you're following all the steps in the OP as well.

I already had the Chase app working (without fingerprint) before updating to the January update via the full factory image (without wiping), so while I was flashing, I boot the phone once fully stock (I do that anyway, just to make sure there's no problem yet), set the fingerprint reader up in the Chase app, then I flashed the newly Magisk'd boot.img from the January update.

Once my custom kernel of choice was updated for January, I flashed it as well. Everything still works.
What is kernel that your using and how do you like it?
 
  • Like
Reactions: roirraW "edor" ehT

roirraW "edor" ehT

Forum Moderator
Staff member
What is kernel that your using and how do you like it?
That's not really the subject of this thread. I like it quite well but I tend to not experiment much - I try something and I like it so I stick with it unless there's some really strong reason to try something else, so I've only flashed a couple. I hope you understand, I'm not going to make comparisons between them. There are four very fine choices here and I don't think you'll go wrong with any of them. If you have any trouble finding them, click on the Development Quick Filter up above the list of threads in this section and Control-F and type kernel, and you'll easily see the ones that are available.
 
  • Like
Reactions: Gordietm

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    While learning about my new OnePlus 7T Pro and spending countless hours to root it, I created a GitHub repo showing how to root, unroot, and update OTA (when rooted):


    Maybe it can help someone else 🙂
    Perhaps you should post this in the OnePlus 7T Pro thread given this is a Pixel 6 Pro thread for how to pass SafetyNet? There are also several existing guides on how to root, unroot and update via OTA (when rooted) for the Pixel 6 Pro and there are some differences to that of the OnePlus 7T Pro. For example, when updating to the April build via "Install to Inactive Slot" method, Canary Magisk 24306 is required. This is a Pixel 6 series distinction. You also mention TWRP and there isn't a TWRP for the Pixel 6 series. Just a couple of examples.

    But kudos on making a guide for the OnePlus 7T Pro 👍
    2
    Can someone explain to me why the OP still references using the Canary version of Magisk, and adding in the "disable" tags for verity and vbmeta if it's not needed?
    1
    Same here on May patch. For some reason my banking app detects root and refuses to let me log in after I flash Kirisakura kernel. On stock kernel and with the usual MagiskHide, DenyList etc. the app doesn't detect root...
    You re-enabled the relevant Magisk Modules (if you disabled them before updating)? Try rebooting again?
    1
    Can someone explain to me why the OP still references using the Canary version of Magisk, and adding in the "disable" tags for verity and vbmeta if it's not needed?
    Probably just @Pekempy's personal choice. You *can* use and do those things. I choose not to.

    Yes sir. I feel like I tried everything. Also I flashed Radioactive kernel to see if my banking app would work and... It does.
    The app must really hate Kirisakura kernel for some reason :ROFLMAO:
    I would chalk it up to coincidence, nothing more, but who knows.
    1
    I looked around and I did not see anything on it so I'm going to ask. I just did a factory reset on the May patch and when I open Magisk, it stays on the splash screen. I'm not able to access the main Magisk page. Is anyone else experiencing this issue?
    Down grade to beta from canary, patch root, upgrade to canary patch root. This worked for me
  • 58

    This is no longer using an Unofficial Magisk app, it's the official Canary and USNF 2.2.0

    1. Download the latest Magisk Canary build
    2. Patch the boot.img from the Factory Images in Magisk, you'll also need the vbmeta.img if you aren't already rooted:
    If you're coming from Stock ROM/Unrooted
    2a. Magisk Manager -> Select and Patch a File -> boot.img
    2b. Copy patched boot image to PC
    2c. Reboot to Bootloader
    2d.
    Code:
    fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
    2e. Optional, if you want to test the img boots first
    Code:
    fastboot boot magisk_patched-230xx_xxxxx.img
    2f.
    Code:
    fastboot flash boot magisk_patched-230xx_xxxxx.img
    2g. Boot your device. This may require a factory reset if you get put into 'Data may be corrupted'
    If your device is already rooted using Magisk
    2a. Magisk Manager -> Direct Install
    2b. Reboot device
    4. Install from within Magisk Manager, and reboot your device
    5. In Magisk Manager, go to the Settings and enable Zygisk and Enforce DenyList
    6. Configure DenyList should be just below - This is just like the old Magisk Hide menu
    7. Hide any apps which may require it e.g banking apps and Google Pay
    8. In Magisk Settings, choose to Hide the Magisk app so it reinstalls the manager with a different package name. This helps prevent some banking apps detecting root.
    9. Reboot your device and test SafetyNet with an app like YASNAC
    If you're still failing CTS, you can try to clear app data for Google Play Services in your devices settings.


    Helpful screenshots/proof.
    Note: Systemless Hosts/MagiskHide Props Config/Riru/Riru LSPosed are not required for this.
    Notes2: Google Play Services does not need to be configured in DenyList

    1635538043315.png
    1636280624123.png
    1636280645162.png
    1635538206722.png


    To update without wiping data, you can follow the OP post here

    1. Modify flash-all.bat:
    Open flash-all.bat in notepad and remove -w and add --disable-verity, -- disable verification and --skip-reboot to the fastboot update line. After editing, it should read as:
    Code:
    fastboot --disable-verity --disable-verification update image-raven-xxxxxxxxxxxx.zip --skip-reboot

    2. add the following commands to the bottom and change the img name to your patched boot image
    Code:
    fastboot reboot-bootloader
    ping -n 5 127.0.0.1 >nul
    fastboot flash boot --slot=all magisk_patched-23xxx_xxxxx.img
    fastboot reboot
    Once the script is ran, you should now be updated to the latest version with Magisk boot image installed.

    ISSUE: Apps not appearing in Google Play Store
    The below was emailed to me by KLWP developers after I raised I couldn't install it. It's worked for me for getting apps like Netflix to show.
    "This may have something to do with the new copy protection Google introduced with the new signing method. This happens if the Play Store falsely detects that something was tampered with on the device. To get around this, you can try to clear Google Play Store's app data."

    Thanks to @bouchigo for these instructions.
    Use an older version of that app (version 4.234) to get the fingerprint setup and working.

    Steps:
    1. Remove your current Chase bank app.
    2. Install the older version mentioned.
    3. Add it to the magisk deny list.
    4. Setup your fingerprint.

    Once you've done that, you can update the app in the Play Store to the latest version and the fingerprint will still work
    13
    Btw with USNF 2.2.0 being out as a Zygisk module, SN passes with Magisk Canary. It's an early access module
    I was following these:


    Note the writing "If you flash the images in bootloader, you will have to wipe." This has been my experience as well.

    There seems to be some confusion in those posts.

    Fastbootd is meant to flash contents of the super partition such as system, vendor, product. Due to dynamic partitions, those are now a part of a super partition which is flashed via regular fastboot aka bootloader.

    Vbmeta is a low level partition too so it needs to be flashed via the bootloader. Data wipe is unavoidable the first time vbmeta and dm-verity are disabled but can be avoided during OTA updates.

    So, for the first root attempt this is how things should go:
    1. Get the latest boot.img of your device. If it's older than the firmware on your device, it is fine. Get the vbmeta image too.
    2. Install Magisk Canary apk on device
    3. Click Install -> Patch an image. Here select the boot image you've extracted in step 1. The patched image will be saved in `/sdcard/Download/`. Copy it over to your PC.
    4. `adb reboot bootloader` to boot into fastboot
    5. `fastboot flashing unlock` if BL hasn't been unlocked
    6. `fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img`
    7. `fastboot -w` the first time you're disabling vbmeta.
    8. Reboot device once to ensure the system has been wiped and is bootable after disabling vbmeta
    9. `fastboot boot magisk_patched.img`
    10. You'll now be booted with temp root. Open Magisk and click Install -> Direct Install

    We boot the patched image instead of flashing it so that you can root even if the latest stock firmware image isn't available yet.

    For monthly updates, don't update via System Update but by using the OTA images released by Google.
    1. Download the OTA package to PC.
    2. Use payload dumper to get the latest boot image for patching as steps above. Extract the vbmeta image too.
    3. `adb reboot recovery`
    4. Install update via adb sideload. It's imperative, the device isn't booted into system upon completion.
    5. Reboot to bootloader from the menu in recovery
    6. `fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img`
    7. `fastboot boot magisk_patched.img`
    8. Direct Install from within Magisk Manager.
    9
    Maybe here? Haven't tried yet. http://www.oldversion.com/android/com-chase-sig-android/

    There's also https://apkeureka.com/apk/com.chase.sig.android/

    Found using this search: https://www.google.com/search?q=chase+bank+apk+old+version&sxsrf=AOaemvLfTz7WOH6Um3eIfpWRliMBVMz2Kw:1637594539550&ei=q7WbYczzIJWPtAbtxKmYBg&ved=0ahUKEwiM9cKGo6z0AhWVB80KHW1iCmMQ4dUDCA4&uact=5&oq=chase+bank+apk+old+version&gs_lcp=Cgdnd3Mtd2l6EAMyCAghEBYQHRAeOgcIABBHELADOg0ILhDHARCjAhCwAxBDOgcIABCwAxBDOgUIABCABDoICAAQFhAKEB46BggAEBYQHkoECEEYAFDaCFinEmDZE2gBcAJ4AIABuwGIAc4KkgEDNi42mAEAoAEByAEKwAEB&sclient=gws-wiz

    I kinda hate to download banking apps from random websites, however.

    The newest version (still older than what I had from the Play Store) on the second site, chase-mobile_v4.252_apkeureka.com - 20211007 fingerprint still wouldn't enable.

    The oldest version on the second site, chase-mobile_v4.171_apkeureka.com - 20201211 wouldn't let me sign in without updating.

    I'll try one somewhere in the middle. Trial and error is a pain, though. Install, deny in Magisk, log in, 2FA, Settings, Fingerprint, denied. :D Wipe Cache and Storage, uninstall, repeat.

    chase-mobile_v4.220_apkeureka.com - 20200702 - wouldn't let me sign in without update
    chase-mobile_v4.231_apkeureka.com - 20200805 - wouldn't let me sign in without update
    chase-mobile_v4.234_apkeureka.com - 20200817 - wouldn't let me sign in without update

    And that's all she wrote for now. 10/07 is the only one on the site newer than 8/17, 8/17 requires update before trying to sign in, and 10/07 still has the problem where I couldn't enable fingerprints. I don't have the Chase app still installed on some previous rooted phone (with an old version) to restore app data from.

    By the way, I notice all these APKs are much bigger than what the Play Store reports is the current app's size, but maybe there's a technical reason for that. I hope. :)

    I figured it out! Thank you so much! I came across the apkeureka site but when I clicked the apk from my notifications, it didn't let me install.

    Big thanks to @Bad Bimr for figuring out the data off / wifi off part.

    Here's how to get the Chase app working:

    1. Uninstall any previous chase app from your phone.

    2. Download this Chase apk: https://apkeureka.com/apk/com.chase.sig.android/link/2/ (chase-mobile_v4.234_apkeureka.com.apk)

    3. Use a file explorer or the one that comes stock with your phone to install the apk.

    4. DO NOT open the Chase app.

    5. Go to Magisk > DenyList and check everything on the Chase app.
    5a. Not sure if this is required but I also spoofed my Magisk and named it "Matrix" (Settings > Hide Magisk app)

    6. Turn off both your Wifi and Data so you have no internet connection.

    7. Open the Chase app and enter your login username and password (make sure to click on the fingerprint sensor so it takes you straight to that setting to enable)

    8. It will prompt you that you have no data when you click the sign in button.

    9. You can now enable data and it will sign you in and take you to the fingerprint authentication page where you can enable it.

    10. The next time you sign it, it will prompt you to update the app. Go ahead and do that. Your fingerprint will still work once you update.

    11. PROFIT!
    9
    No worries, we're all adults here trying to keep up with Google's changes after all :)

    With USNF, DenyList doesn't need to be enabled for Play Services. This prevents any breaking of Play Services. What I did was:
    - Latest Magisk Canary
    - Enabled Zygisk but keep DenyList turned off
    - Flash the USNF module
    - Reboot system and verify if Zygisk is shown as "Yes" in Magisk Manager
    - Enable DenyList and select my bank apps
    - Hid Magisk Manager by repacking it with a different name

    Tested for SN and it passed. Netflix works. Banking apps mostly work with the exception of one which is worked-around by temporarily uninstalling only Magisk Manager. After I'm done with that bank app, a reboot brings back Magisk Manager.

    Unfortunately, since I'm traveling, GPay isn't available here so I can't test it but it should work just fine. If you've a specific app you want me to test, link it and I'll post a screenshot.
    Thanks for posting. Last night I had the forked Alpha version of Magisk installed with RIRU and the public release of USNF 2.1. Passed Safetynet and everyting was working well, but decided I'd feel better using the latest non-forked Zygisk compatible Magisk 23011

    1. I uninstalled Magisk Alpha from within the app--first restoring images and then doing a complete uninstall.

    2. Installed the latest Magisk 23011 and pattched the boot image.
    3. Copied magisk-patched.img to my computer
    4. adb reboot bootloader
    5. From bootloader I typed:
    fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img (enter)
    fastboot flash boot_a magisk-patched.img (enter)
    fastboot flash boot_b magisk-patched.img (enter)
    fastboot reboot

    I'll be honest, I've been reading other posts stating that one should boot magisk-patched.img instead of flashing it.

    I tried that once and couldn't get it to work. It would just reboot to my home screen., so I began flashing the patched boot.img to both slots immediately after flashing vbmeta

    I've never had any trouble.

    Once I verified Magisk 23011 was properly installed and verified root, I installed USNF 2.2 early release, following Anonshe's instructions.

    SafetyNet failed initially, but I cleared cashe and data for Google Play Services and Play Store and now everything passes

    Definitely don't regret throwing kdrag0n a few bucks. USNF 2.2 does everything expected. https://kdrag0n.dev/patreon/

    I'm currently on the $5 monthly plan, but he also offers a one-time $5.99 charge for early access to USNF 2.2.

    Hopefully we can always manage to stay ahead in this cat and mouse game!!
    6
    @Anonshe or @V0latyle, you guys are doing a great job so far! I appreciate your dedication!

    I have my P6P sitting in its box for now, only unlocked the bootloader. Would any of you be so kind to write an idiot-proof guide to permanently root the P6P? I feel like information is all over the place in the P6P section...
    I'll update my guides in a bit, but just for you...this will be the Cliff Notes version, so if you need more detailed instructions, you'll have to wait a bit...

    Without the SIM card in it, start your phone. Get through the setup by skipping as much as you can. If you want, connect to WiFi and install the latest update, because you'll be wiping when you unlock the bootloader. If you choose to do so, let the update complete once you get through setup.

    While you're doing this, download the latest factory zip to your computer. Extract it and the .zip inside it.

    Once you're at the home screen, go to Settings > About, scroll to the bottom and tap the build number several times until it says You are Now a Developer. Go back one screen, go to System > Developer Options, enable OEM Unlocking and USB Debugging. Reboot to bootloader.

    Connect to PC via USB and open command line in platform tools. Unlock bootloader:
    Code:
    fastboot flash unlock
    Confirm and allow your device to wipe. I don't remember if it gives you a choice, but don't reboot.
    Disable dm-verity and vbmeta verification:
    Code:
    flash vbmeta --disable-verity --disable-verificaiton --slot=all vbmeta.img
    where vbmeta.img will be in factory zip > build folder > device-image > vbmeta.img

    Reboot to system. Install Magisk 23011. Copy boot.img from the same folder you find vbmeta.img in, to your phone (you'll have to enable File Transfer on your device)

    Patch the boot image in Magisk (Select and Patch a File), then copy the patched image back to your computer. Reboot to bootloader.

    Flash the patched boot image:
    Code:
    fastboot flash boot magisk_patched-23xxx_xxxxx.img

    Reboot and enjoy.