I am on the April patch and using Kirisakura latest 2.1.0 kernel. Bank Apps detected root. I have config Denylist, rename the Magisk App, and even frozen it. However, bank apps still detected root. When I flash back to the stock kernel, bank apps work fine and can't detect root.
How To Guide Working SafetyNet with Pixel 6 Pro Android 12
- Thread starter Pekempy
- Start date
I just noticed when I checked that one of my bank apps in my denylist, for example, now shows two more toggles in the Deny list than it used to. I just enabled Denying for those two additional toggles and even rebooted but the app is still detecting root. It may be detecting the bootloader being unlocked instead of the actual root itself, and to my understanding, there's no way to hide that your bootloader is unlocked.
In my case, that particular banking app still works, it merely says some parts of it won't work while rooted. I'll just use the bank's site in Chrome if I have to.
You can't if you mean the "your bootloader is unlocked" warning, it there for security in case malware unlocks the bootloader, it only stays up for a little bit anyway
Hmm.. I am confused again. You mention "Notes2: Google Play services does NOT need to be configured in DenyList" - but your screenshot shows Google Play Services configred in DenyList. Could you kindly clarify please?
At the time of taking screenshots I believed it needed to be, but was later corrected hence the addition of the notes.
You do not need to add GPS
I haven't noticed any definite problems with still having mine in the DenyList since last November, but maybe I should un-deny it and see if anything I've had quirks with clear up.It would be good to take off the now outdated screenshot
Hmm. The latest version of USNF is supposed to uncheck Google Play Services from the deny list automatically. It "denies" it in the background because the module won't work properly if it is checked.I haven't noticed any definite problems with still having mine in the DenyList since last November, but maybe I should un-deny it and see if anything I've had quirks with clear up.
Last edited:
Thank you! I guess I should've checked - you're right, mine's no longer checked.
This is no longer using an Unofficial Magisk app, it's the official Canary and USNF 2.2.0
If you're coming from Stock ROM/Unrooted
2a. Magisk Manager -> Select and Patch a File -> boot.img
2b. Copy patched boot image to PC
2c. Reboot to Bootloader
2d.
2e. Optional, if you want to test the img boots firstCode:fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
2f.Code:fastboot boot magisk_patched-230xx_xxxxx.img
2g. Boot your device. This may require a factory reset if you get put into 'Data may be corrupted'Code:fastboot flash boot magisk_patched-230xx_xxxxx.imgIf your device is already rooted using Magisk
2a. Magisk Manager -> Direct Install
2b. Reboot device
Helpful screenshots/proof.
Note: Systemless Hosts/MagiskHide Props Config/Riru/Riru LSPosed are not required for this.
Notes2: Google Play Services does not need to be configured in DenyList
View attachment 5444471View attachment 5451769View attachment 5451771View attachment 5444483
To update without wiping data, you can follow the OP post here
Method to upgrade every month, without wiping data and retaining root
Caution: I originally wrote this guide when it was necessary to disable verity and verification before flashing patched boot.img. Now Magisk has overcome this requirement and some users have reportedly flashed updates without disabling...forum.xda-developers.com
1. Modify flash-all.bat:
Open flash-all.bat in notepad and remove -w and add --disable-verity, -- disable verification and --skip-reboot to the fastboot update line. After editing, it should read as:
Code:fastboot --disable-verity --disable-verification update image-raven-xxxxxxxxxxxx.zip --skip-reboot
2. add the following commands to the bottom and change the img name to your patched boot image
Once the script is ran, you should now be updated to the latest version with Magisk boot image installed.Code:fastboot reboot-bootloader ping -n 5 127.0.0.1 >nul fastboot flash boot --slot=all magisk_patched-23xxx_xxxxx.img fastboot reboot
ISSUE: Apps not appearing in Google Play Store
Thanks to @bouchigo for these instructions.
Would you ever lock oem again? (After rooting)
(I have so far have not seen this mentioned).
Also, what is vbmeta_system.img?
Should we also run this?
fastboot flash vbmeta_system --disable-verity --disable-verification vbmeta_system.img
Last edited:
This is no longer using an Unofficial Magisk app, it's the official Canary and USNF 2.2.0
If you're coming from Stock ROM/Unrooted
2a. Magisk Manager -> Select and Patch a File -> boot.img
2b. Copy patched boot image to PC
2c. Reboot to Bootloader
2d.
2e. Optional, if you want to test the img boots firstCode:fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
2f.Code:fastboot boot magisk_patched-230xx_xxxxx.img
2g. Boot your device. This may require a factory reset if you get put into 'Data may be corrupted'Code:fastboot flash boot magisk_patched-230xx_xxxxx.imgIf your device is already rooted using Magisk
2a. Magisk Manager -> Direct Install
2b. Reboot device
Helpful screenshots/proof.
Note: Systemless Hosts/MagiskHide Props Config/Riru/Riru LSPosed are not required for this.
Notes2: Google Play Services does not need to be configured in DenyList
View attachment 5444471View attachment 5451769View attachment 5451771View attachment 5444483
To update without wiping data, you can follow the OP post here
Method to upgrade every month, without wiping data and retaining root
Caution: I originally wrote this guide when it was necessary to disable verity and verification before flashing patched boot.img. Now Magisk has overcome this requirement and some users have reportedly flashed updates without disabling...
1. Modify flash-all.bat:
Open flash-all.bat in notepad and remove -w and add --disable-verity, -- disable verification and --skip-reboot to the fastboot update line. After editing, it should read as:
Code:fastboot --disable-verity --disable-verification update image-raven-xxxxxxxxxxxx.zip --skip-reboot
2. add the following commands to the bottom and change the img name to your patched boot image
Once the script is ran, you should now be updated to the latest version with Magisk boot image installed.Code:fastboot reboot-bootloader ping -n 5 127.0.0.1 >nul fastboot flash boot --slot=all magisk_patched-23xxx_xxxxx.img fastboot reboot
ISSUE: Apps not appearing in Google Play Store
Thanks to @bouchigo for these instructions.
!!! BEST POST EVER !!!
Thanks for explaining the steps. I had been missing this line:
Code:
fastboot flash vbmeta --disable-verity --disable-verification vbmeta.imgAdditionally, I also ran this line for OnePlus 7T Pro:
Code:
fastboot flash vbmeta_system --disable-verity --disable-verification vbmeta_system.imgWhile learning about my new OnePlus 7T Pro and spending countless hours to root it, I created a GitHub repo showing how to root, unroot, and update OTA (when rooted):
github.com
Maybe it can help someone else
GitHub - poti1/oneplus7tpro
Contribute to poti1/oneplus7tpro development by creating an account on GitHub.
github.com
Maybe it can help someone else
Perhaps you should post this in the OnePlus 7T Pro thread given this is a Pixel 6 Pro thread for how to pass SafetyNet? There are also several existing guides on how to root, unroot and update via OTA (when rooted) for the Pixel 6 Pro and there are some differences to that of the OnePlus 7T Pro. For example, when updating to the April build via "Install to Inactive Slot" method, Canary Magisk 24306 is required. This is a Pixel 6 series distinction. You also mention TWRP and there isn't a TWRP for the Pixel 6 series. Just a couple of examples.While learning about my new OnePlus 7T Pro and spending countless hours to root it, I created a GitHub repo showing how to root, unroot, and update OTA (when rooted):
GitHub - poti1/oneplus7tpro
Contribute to poti1/oneplus7tpro development by creating an account on GitHub.
Maybe it can help someone else
But kudos on making a guide for the OnePlus 7T Pro
Thanks for the kudos.Perhaps you should post this in the OnePlus 7T Pro thread given this is a Pixel 6 Pro thread for how to pass SafetyNet? There are also several existing guides on how to root, unroot and update via OTA (when rooted) for the Pixel 6 Pro and there are some differences to that of the OnePlus 7T Pro. For example, when updating to the April build via "Install to Inactive Slot" method, Canary Magisk 24306 is required. This is a Pixel 6 series distinction. You also mention TWRP and there isn't a TWRP for the Pixel 6 series. Just a couple of examples.
But kudos on making a guide for the OnePlus 7T Pro
(And for not saying just RTFM
)
Last edited:
Same here on May patch. For some reason my banking app detects root and refuses to let me log in after I flash Kirisakura kernel. On stock kernel and with the usual MagiskHide, DenyList etc. the app doesn't detect root...
You re-enabled the relevant Magisk Modules (if you disabled them before updating)? Try rebooting again?
Can someone explain to me why the OP still references using the Canary version of Magisk, and adding in the "disable" tags for verity and vbmeta if it's not needed?
Yes sir. I feel like I tried everything. Also I flashed Radioactive kernel to see if my banking app would work and... It does.
The app must really hate Kirisakura kernel for some reason
Probably just @Pekempy's personal choice. You *can* use and do those things. I choose not to.
I would chalk it up to coincidence, nothing more, but who knows.Yes sir. I feel like I tried everything. Also I flashed Radioactive kernel to see if my banking app would work and... It does.
The app must really hate Kirisakura kernel for some reason
Top Liked Posts
-
There are no posts matching your filters.
-
61
This is no longer using an Unofficial Magisk app, it's the official Canary and USNF 2.2.0
If you're coming from Stock ROM/Unrooted
2a. Magisk Manager -> Select and Patch a File -> boot.img
2b. Copy patched boot image to PC
2c. Reboot to Bootloader
2d.
2e. Optional, if you want to test the img boots firstCode:fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
2f.Code:fastboot boot magisk_patched-230xx_xxxxx.img
2g. Boot your device. This may require a factory reset if you get put into 'Data may be corrupted'Code:fastboot flash boot magisk_patched-230xx_xxxxx.imgIf your device is already rooted using Magisk
2a. Magisk Manager -> Direct Install
2b. Reboot device
Helpful screenshots/proof.
Note: Systemless Hosts/MagiskHide Props Config/Riru/Riru LSPosed are not required for this.
Notes2: Google Play Services does not need to be configured in DenyList
To update without wiping data, you can follow the OP post here
Method to upgrade every month, without wiping data and retaining root
Caution: I originally wrote this guide when it...
forum.xda-developers.com
1. Modify flash-all.bat:
Open flash-all.bat in notepad and remove -w and add --disable-verity, -- disable verification and --skip-reboot to the fastboot update line. After editing, it should read as:
Code:fastboot --disable-verity --disable-verification update image-raven-xxxxxxxxxxxx.zip --skip-reboot
2. add the following commands to the bottom and change the img name to your patched boot image
Once the script is ran, you should now be updated to the latest version with Magisk boot image installed.Code:fastboot reboot-bootloader ping -n 5 127.0.0.1 >nul fastboot flash boot --slot=all magisk_patched-23xxx_xxxxx.img fastboot reboot
ISSUE: Apps not appearing in Google Play Store
13Btw with USNF 2.2.0 being out as a Zygisk module, SN passes with Magisk Canary. It's an early access module
I was following these:
[CLOSED] Read this before rooting your Raven ***OBSOLETE***
Update 12-16-21: As of Magisk 23016, the below...
forum.xda-developers.com
[CLOSED] Read this before rooting your Raven ***OBSOLETE***
Update 12-16-21: As of Magisk 23016, the below...
forum.xda-developers.com
Note the writing "If you flash the images in bootloader, you will have to wipe." This has been my experience as well.
There seems to be some confusion in those posts.
Fastbootd is meant to flash contents of the super partition such as system, vendor, product. Due to dynamic partitions, those are now a part of a super partition which is flashed via regular fastboot aka bootloader.
Vbmeta is a low level partition too so it needs to be flashed via the bootloader. Data wipe is unavoidable the first time vbmeta and dm-verity are disabled but can be avoided during OTA updates.
So, for the first root attempt this is how things should go:
1. Get the latest boot.img of your device. If it's older than the firmware on your device, it is fine. Get the vbmeta image too.
2. Install Magisk Canary apk on device
3. Click Install -> Patch an image. Here select the boot image you've extracted in step 1. The patched image will be saved in `/sdcard/Download/`. Copy it over to your PC.
4. `adb reboot bootloader` to boot into fastboot
5. `fastboot flashing unlock` if BL hasn't been unlocked
6. `fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img`
7. `fastboot -w` the first time you're disabling vbmeta.
8. Reboot device once to ensure the system has been wiped and is bootable after disabling vbmeta
9. `fastboot boot magisk_patched.img`
10. You'll now be booted with temp root. Open Magisk and click Install -> Direct Install
We boot the patched image instead of flashing it so that you can root even if the latest stock firmware image isn't available yet.
For monthly updates, don't update via System Update but by using the OTA images released by Google.
1. Download the OTA package to PC.
2. Use payload dumper to get the latest boot image for patching as steps above. Extract the vbmeta image too.
3. `adb reboot recovery`
4. Install update via adb sideload. It's imperative, the device isn't booted into system upon completion.
5. Reboot to bootloader from the menu in recovery
6. `fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img`
7. `fastboot boot magisk_patched.img`
8. Direct Install from within Magisk Manager.9Maybe here? Haven't tried yet. http://www.oldversion.com/android/com-chase-sig-android/
There's also https://apkeureka.com/apk/com.chase.sig.android/
Found using this search: https://www.google.com/search?q=chase+bank+apk+old+version&sxsrf=AOaemvLfTz7WOH6Um3eIfpWRliMBVMz2Kw:1637594539550&ei=q7WbYczzIJWPtAbtxKmYBg&ved=0ahUKEwiM9cKGo6z0AhWVB80KHW1iCmMQ4dUDCA4&uact=5&oq=chase+bank+apk+old+version&gs_lcp=Cgdnd3Mtd2l6EAMyCAghEBYQHRAeOgcIABBHELADOg0ILhDHARCjAhCwAxBDOgcIABCwAxBDOgUIABCABDoICAAQFhAKEB46BggAEBYQHkoECEEYAFDaCFinEmDZE2gBcAJ4AIABuwGIAc4KkgEDNi42mAEAoAEByAEKwAEB&sclient=gws-wiz
I kinda hate to download banking apps from random websites, however.
The newest version (still older than what I had from the Play Store) on the second site, chase-mobile_v4.252_apkeureka.com - 20211007 fingerprint still wouldn't enable.
The oldest version on the second site, chase-mobile_v4.171_apkeureka.com - 20201211 wouldn't let me sign in without updating.
I'll try one somewhere in the middle. Trial and error is a pain, though. Install, deny in Magisk, log in, 2FA, Settings, Fingerprint, denied. Wipe Cache and Storage, uninstall, repeat.
chase-mobile_v4.220_apkeureka.com - 20200702 - wouldn't let me sign in without update
chase-mobile_v4.231_apkeureka.com - 20200805 - wouldn't let me sign in without update
chase-mobile_v4.234_apkeureka.com - 20200817 - wouldn't let me sign in without update
And that's all she wrote for now. 10/07 is the only one on the site newer than 8/17, 8/17 requires update before trying to sign in, and 10/07 still has the problem where I couldn't enable fingerprints. I don't have the Chase app still installed on some previous rooted phone (with an old version) to restore app data from.
By the way, I notice all these APKs are much bigger than what the Play Store reports is the current app's size, but maybe there's a technical reason for that. I hope.
I figured it out! Thank you so much! I came across the apkeureka site but when I clicked the apk from my notifications, it didn't let me install.
Big thanks to @Bad Bimr for figuring out the data off / wifi off part.
Here's how to get the Chase app working:
1. Uninstall any previous chase app from your phone.
2. Download this Chase apk: https://apkeureka.com/apk/com.chase.sig.android/link/2/ (chase-mobile_v4.234_apkeureka.com.apk)
3. Use a file explorer or the one that comes stock with your phone to install the apk.
4. DO NOT open the Chase app.
5. Go to Magisk > DenyList and check everything on the Chase app.
5a. Not sure if this is required but I also spoofed my Magisk and named it "Matrix" (Settings > Hide Magisk app)
6. Turn off both your Wifi and Data so you have no internet connection.
7. Open the Chase app and enter your login username and password (make sure to click on the fingerprint sensor so it takes you straight to that setting to enable)
8. It will prompt you that you have no data when you click the sign in button.
9. You can now enable data and it will sign you in and take you to the fingerprint authentication page where you can enable it.
10. The next time you sign it, it will prompt you to update the app. Go ahead and do that. Your fingerprint will still work once you update.
11. PROFIT!9
Thanks for posting. Last night I had the forked Alpha version of Magisk installed with RIRU and the public release of USNF 2.1. Passed Safetynet and everyting was working well, but decided I'd feel better using the latest non-forked Zygisk compatible Magisk 23011No worries, we're all adults here trying to keep up with Google's changes after all
With USNF, DenyList doesn't need to be enabled for Play Services. This prevents any breaking of Play Services. What I did was:
- Latest Magisk Canary
- Enabled Zygisk but keep DenyList turned off
- Flash the USNF module
- Reboot system and verify if Zygisk is shown as "Yes" in Magisk Manager
- Enable DenyList and select my bank apps
- Hid Magisk Manager by repacking it with a different name
Tested for SN and it passed. Netflix works. Banking apps mostly work with the exception of one which is worked-around by temporarily uninstalling only Magisk Manager. After I'm done with that bank app, a reboot brings back Magisk Manager.
Unfortunately, since I'm traveling, GPay isn't available here so I can't test it but it should work just fine. If you've a specific app you want me to test, link it and I'll post a screenshot.
1. I uninstalled Magisk Alpha from within the app--first restoring images and then doing a complete uninstall.
2. Installed the latest Magisk 23011 and pattched the boot image.
3. Copied magisk-patched.img to my computer
4. adb reboot bootloader
5. From bootloader I typed:
fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img (enter)
fastboot flash boot_a magisk-patched.img (enter)
fastboot flash boot_b magisk-patched.img (enter)
fastboot reboot
I'll be honest, I've been reading other posts stating that one should boot magisk-patched.img instead of flashing it.
I tried that once and couldn't get it to work. It would just reboot to my home screen., so I began flashing the patched boot.img to both slots immediately after flashing vbmeta
I've never had any trouble.
Once I verified Magisk 23011 was properly installed and verified root, I installed USNF 2.2 early release, following Anonshe's instructions.
SafetyNet failed initially, but I cleared cashe and data for Google Play Services and Play Store and now everything passes
Definitely don't regret throwing kdrag0n a few bucks. USNF 2.2 does everything expected. https://kdrag0n.dev/patreon/
I'm currently on the $5 monthly plan, but he also offers a one-time $5.99 charge for early access to USNF 2.2.
Hopefully we can always manage to stay ahead in this cat and mouse game!!7I've always preferred linking to where folks can find the latest release (or instruct them how to find a specific version at the source page, if necessary). A lot of us have been using v2.3.1 for a month or more now.
Linking to a specific version requires editing the OP, whereas linking to where to find all versions and then consulting input from users in the thread when there are issues is my preferred method. In time, it's likely that the linked-to specific version would no longer be recommended. To each their own, though. There have been plenty of threads on XDA that subscribe to each of those two methods.
