How To Guide Working SafetyNet with Pixel 6 Pro Android 12

Search This thread
By:
Advanced…
Nergal di Cuthah

Nergal di Cuthah

Senior Member
Sep 20, 2013
2,753
1,989
Google Pixel 6 Pro
JodyBreeze901 said:
I looked around and I did not see anything on it so I'm going to ask. I just did a factory reset on the May patch and when I open Magisk, it stays on the splash screen. I'm not able to access the main Magisk page. Is anyone else experiencing this issue?
Click to expand...
Click to collapse
Down grade to beta from canary, patch root, upgrade to canary patch root. This worked for me
 
  • Like
Reactions: roirraW "edor" ehT
roirraW "edor" ehT

roirraW "edor" ehT

Forum Moderator
Staff member
May 8, 2010
17,134
25,121
Tralfamadore
Sprint Samsung Galaxy S III
Samsung Epic 4G Touch
JodyBreeze901 said:
I looked around and I did not see anything on it so I'm going to ask. I just did a factory reset on the May patch and when I open Magisk, it stays on the splash screen. I'm not able to access the main Magisk page. Is anyone else experiencing this issue?
Click to expand...
Click to collapse
Magisk Stable (v24.3) works fine as well.
 
  • Like
Reactions: Lughnasadh
D

devsk

Senior Member
Dec 14, 2008
2,074
770
Has anybody gotten HSBC app to work with this? It still detects root for me after following all the steps in post 1.
 
D

devsk

Senior Member
Dec 14, 2008
2,074
770
whatsisnametake2 said:
have you also hidden/renamed the magisk app then frozen the renamed app?
Click to expand...
Click to collapse
Yes.

I have zygisk enabled with latest canary magisk, Shamiko 0.5 and universal safety net (2.2.1) modules enabled, enforce denylist unchecked as per Shamiko module's comment, have HSBC in DenyList, hidden the magisk app, and 'pm suspend <the hidden app>' from termux.

HSBC app still detects the root.
 
  • Like
Reactions: roirraW "edor" ehT
Nergal di Cuthah

Nergal di Cuthah

Senior Member
Sep 20, 2013
2,753
1,989
Google Pixel 6 Pro
devsk said:
Actually, I am doing this on EvolutionX (A12) on OnePlus8Pro. So, its not exactly a Pixel 6.

But I have a question: what stops the app from doing a process listing and see if 'su' is running in the system?
Click to expand...
Click to collapse
At a guess coding that might be harder than saying however that's why freezing magisk before opening the app has been suggested. Are you using adaway?
Also maybe it sees the custom rom as a threat
 
  • Like
Reactions: roirraW "edor" ehT
D

devsk

Senior Member
Dec 14, 2008
2,074
770
Nergal di Cuthah said:
At a guess coding that might be harder than saying however that's why freezing magisk before opening the app has been suggested. Are you using adaway?
Also maybe it sees the custom rom as a threat
Click to expand...
Click to collapse
I am using systemless hosts to run a custom hosts file (without using adaway, its the same thing).

Even after freezing, a normal user can do a simple poke in /proc to see if 'su' is running.

Is there a way to fake the ROM related strings?...:p
 
  • Like
Reactions: roirraW "edor" ehT
Nergal di Cuthah

Nergal di Cuthah

Senior Member
Sep 20, 2013
2,753
1,989
Google Pixel 6 Pro
devsk said:
I am using systemless hosts to run a custom hosts file (without using adaway, its the same thing).
Click to expand...
Click to collapse
Not really as where i was going is the adaway webserver. Does the app still fail to work if you ax the host file? Which would point it toward an entry causing the issue.

devsk said:
Is there a way to fake the ROM related strings?...
Click to expand...
Click to collapse
That'd be over my skill but i was thinking more the rom having system hooks which the app could see as a threat
 
  • Like
Reactions: roirraW "edor" ehT
M

majorfigjam

Senior Member
Jul 15, 2011
349
624
devsk said:
Actually, I am doing this on EvolutionX (A12) on OnePlus8Pro. So, its not exactly a Pixel 6.

But I have a question: what stops the app from doing a process listing and see if 'su' is running in the system?
Click to expand...
Click to collapse
So take your question to the Zygisk forum ...

Alternatively, get a Pixel 6 Pro, load the latest Kikasura, Magisk 24300 (not beta or canary), Shamiko build 112, etc etc and HSBC will work just fine (for now). Mine does.
 
  • Like
Reactions: devsk
D

devsk

Senior Member
Dec 14, 2008
2,074
770
majorfigjam said:
So take your question to the Zygisk forum ...

Alternatively, get a Pixel 6 Pro, load the latest Kikasura, Magisk 24300 (not beta or canary), Shamiko build 112, etc etc and HSBC will work just fine (for now). Mine does.
Click to expand...
Click to collapse
Thanks for making this suggestion!

Actually, I have my older P3XL with me. So, I followed https://xdaforums.com/t/discussion-magisk-the-age-of-zygisk.4393877/page-75#post-86767061 and got HSBC app working there.

Its strange that the same set of instructions did not work for my OP8Pro. I think may be LOS is more "official" than EvolutionX?
 
S

stoph8n24

Senior Member
May 31, 2014
132
25
Samsung Galaxy Tab 10.1
Huawei Nexus 6P
Anyone got this to work with 24312? I think I may have updated something and now I have a CTS profile fail and Google Play has my device not certified. I have USNF 2.2.1 installed, 2 gms processes on denylist with zygisk on a P6P.

Also, what channel do you guys have magisk set for updates?

Thanks.
 
Nergal di Cuthah

Nergal di Cuthah

Senior Member
Sep 20, 2013
2,753
1,989
Google Pixel 6 Pro
stoph8n24 said:
Anyone got this to work with 24312? I think I may have updated something and now I have a CTS profile fail and Google Play has my device not certified. I have USNF 2.2.1 installed, 2 gms processes on denylist with zygisk on a P6P.

Also, what channel do you guys have magisk set for updates?

Thanks.
Click to expand...
Click to collapse
I'm on canary magisik and usnf 2.2.1 on may update and it works for me
 
RetroTech07

RetroTech07

Senior Member
Apr 24, 2021
369
275
Google Pixel 2 XL
Google Pixel 6 Pro
stoph8n24 said:
Anyone got this to work with 24312? I think I may have updated something and now I have a CTS profile fail and Google Play has my device not certified. I have USNF 2.2.1 installed, 2 gms processes on denylist with zygisk on a P6P.

Also, what channel do you guys have magisk set for updates?

Thanks.
Click to expand...
Click to collapse
I'm on Magisk stable, 24.3 with USNF 2.2.1 and don't have any processes in my deny list for Google Play Services / gms. I still pass Safety net.

Why are you on canary instead of stable?
 
  • Like
Reactions: Nergal di Cuthah
You must log in or register to reply here.

Similar threads

Freak07
Development [Kernel][06.03.2024][Android 14.0.0]Kirisakura 2.2.0_Raviantah for Pixel 6/Pro aka "RAVIOLE"
Replies
3K
Views
499K
alphalog
alphalog
roirraW "edor" ehT
How To Guide April 2, 2024 AP1A.240405.002 Global - Root Pixel 6 Pro [Raven]
Replies
2K
Views
373K
badabing2003
badabing2003
V0latyle
How To Guide [GUIDE] Pixel 6 Pro "raven": Unlock Bootloader, Update, Root, Pass SafetyNet
Replies
2K
Views
206K
V0latyle
V0latyle
Typhus_
Themes / Apps / Mods [MOD][MAGISK][ANDROID 12] Addon Features for Pixel Devices - Pixel 6 Pro Thread
Replies
1K
Views
154K
Thebear j koss
Thebear j koss
roirraW "edor" ehT
General Android 13 QPR3 went final in June 2023-opt-out now to get the OTA without wiping - Pixel 6 Pro [Raven] - [thread also for future Android QPR Betas]
Replies
668
Views
115K
roirraW "edor" ehT
roirraW "edor" ehT

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 61
    Pekempy
    Pekempy

    This is no longer using an Unofficial Magisk app, it's the official Canary and USNF 2.2.0

    1. Download the latest Magisk Canary build
    Click to expand...
    Click to collapse
    2. Patch the boot.img from the Factory Images in Magisk, you'll also need the vbmeta.img if you aren't already rooted:
    Click to expand...
    Click to collapse
    If you're coming from Stock ROM/Unrooted
    2a. Magisk Manager -> Select and Patch a File -> boot.img
    2b. Copy patched boot image to PC
    2c. Reboot to Bootloader
    2d.
    Code: 
    fastboot flash vbmeta --disable-verity --disable-verification vbmeta.img
    2e. Optional, if you want to test the img boots first
    Code: 
    fastboot boot magisk_patched-230xx_xxxxx.img
    2f.
    Code: 
    fastboot flash boot magisk_patched-230xx_xxxxx.img
    2g. Boot your device. This may require a factory reset if you get put into 'Data may be corrupted'
    If your device is already rooted using Magisk
    2a. Magisk Manager -> Direct Install
    2b. Reboot device
    3. Download the latest USNF Zygisk
    Click to expand...
    Click to collapse
    4. Install from within Magisk Manager, and reboot your device
    Click to expand...
    Click to collapse
    5. In Magisk Manager, go to the Settings and enable Zygisk and Enforce DenyList
    Click to expand...
    Click to collapse
    6. Configure DenyList should be just below - This is just like the old Magisk Hide menu
    Click to expand...
    Click to collapse
    7. Hide any apps which may require it e.g banking apps and Google Pay
    Click to expand...
    Click to collapse
    8. In Magisk Settings, choose to Hide the Magisk app so it reinstalls the manager with a different package name. This helps prevent some banking apps detecting root.
    Click to expand...
    Click to collapse
    9. Reboot your device and test SafetyNet with an app like YASNAC
    Click to expand...
    Click to collapse
    If you're still failing CTS, you can try to clear app data for Google Play Services in your devices settings.
    Click to expand...
    Click to collapse


    Helpful screenshots/proof.
    Note: Systemless Hosts/MagiskHide Props Config/Riru/Riru LSPosed are not required for this.
    Notes2: Google Play Services does not need to be configured in DenyList
    1635538043315.png
    1636280624123.png
    1636280645162.png
    1635538206722.png


    To update without wiping data, you can follow the OP post here

    1. Modify flash-all.bat:
    Open flash-all.bat in notepad and remove -w and add --disable-verity, -- disable verification and --skip-reboot to the fastboot update line. After editing, it should read as:
    Code: 
    fastboot --disable-verity --disable-verification update image-raven-xxxxxxxxxxxx.zip --skip-reboot

    2. add the following commands to the bottom and change the img name to your patched boot image
    Code: 
    fastboot reboot-bootloader
ping -n 5 127.0.0.1 >nul
fastboot flash boot --slot=all magisk_patched-23xxx_xxxxx.img
fastboot reboot
    Once the script is ran, you should now be updated to the latest version with Magisk boot image installed.

    ISSUE: Apps not appearing in Google Play Store
    The below was emailed to me by KLWP developers after I raised I couldn't install it. It's worked for me for getting apps like Netflix to show.
    "This may have something to do with the new copy protection Google introduced with the new signing method. This happens if the Play Store falsely detects that something was tampered with on the device. To get around this, you can try to clear Google Play Store's app data."
    Click to expand...
    Click to collapse

    Thanks to @bouchigo for these instructions.
    Use an older version of that app (version 4.234) to get the fingerprint setup and working.

    Steps:
    1. Remove your current Chase bank app.
    2. Install the older version mentioned.
    3. Add it to the magisk deny list.
    4. Setup your fingerprint.

    Once you've done that, you can update the app in the Play Store to the latest version and the fingerprint will still work
    Click to expand...
    Click to collapse
    View
    13
    A
    Anonshe
    Btw with USNF 2.2.0 being out as a Zygisk module, SN passes with Magisk Canary. It's an early access module
    snovvman said:
    I was following these:


    Note the writing "If you flash the images in bootloader, you will have to wipe." This has been my experience as well.
    Click to expand...
    Click to collapse

    There seems to be some confusion in those posts.

    Fastbootd is meant to flash contents of the super partition such as system, vendor, product. Due to dynamic partitions, those are now a part of a super partition which is flashed via regular fastboot aka bootloader.

    Vbmeta is a low level partition too so it needs to be flashed via the bootloader. Data wipe is unavoidable the first time vbmeta and dm-verity are disabled but can be avoided during OTA updates.

    So, for the first root attempt this is how things should go:
    1. Get the latest boot.img of your device. If it's older than the firmware on your device, it is fine. Get the vbmeta image too.
    2. Install Magisk Canary apk on device
    3. Click Install -> Patch an image. Here select the boot image you've extracted in step 1. The patched image will be saved in `/sdcard/Download/`. Copy it over to your PC.
    4. `adb reboot bootloader` to boot into fastboot
    5. `fastboot flashing unlock` if BL hasn't been unlocked
    6. `fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img`
    7. `fastboot -w` the first time you're disabling vbmeta.
    8. Reboot device once to ensure the system has been wiped and is bootable after disabling vbmeta
    9. `fastboot boot magisk_patched.img`
    10. You'll now be booted with temp root. Open Magisk and click Install -> Direct Install

    We boot the patched image instead of flashing it so that you can root even if the latest stock firmware image isn't available yet.

    For monthly updates, don't update via System Update but by using the OTA images released by Google.
    1. Download the OTA package to PC.
    2. Use payload dumper to get the latest boot image for patching as steps above. Extract the vbmeta image too.
    3. `adb reboot recovery`
    4. Install update via adb sideload. It's imperative, the device isn't booted into system upon completion.
    5. Reboot to bootloader from the menu in recovery
    6. `fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img`
    7. `fastboot boot magisk_patched.img`
    8. Direct Install from within Magisk Manager.
    View
    9
    D
    diesteldorf
    Anonshe said:
    No worries, we're all adults here trying to keep up with Google's changes after all :)

    With USNF, DenyList doesn't need to be enabled for Play Services. This prevents any breaking of Play Services. What I did was:
    - Latest Magisk Canary
    - Enabled Zygisk but keep DenyList turned off
    - Flash the USNF module
    - Reboot system and verify if Zygisk is shown as "Yes" in Magisk Manager
    - Enable DenyList and select my bank apps
    - Hid Magisk Manager by repacking it with a different name

    Tested for SN and it passed. Netflix works. Banking apps mostly work with the exception of one which is worked-around by temporarily uninstalling only Magisk Manager. After I'm done with that bank app, a reboot brings back Magisk Manager.

    Unfortunately, since I'm traveling, GPay isn't available here so I can't test it but it should work just fine. If you've a specific app you want me to test, link it and I'll post a screenshot.
    Click to expand...
    Click to collapse
    Thanks for posting. Last night I had the forked Alpha version of Magisk installed with RIRU and the public release of USNF 2.1. Passed Safetynet and everyting was working well, but decided I'd feel better using the latest non-forked Zygisk compatible Magisk 23011

    1. I uninstalled Magisk Alpha from within the app--first restoring images and then doing a complete uninstall.

    2. Installed the latest Magisk 23011 and pattched the boot image.
    3. Copied magisk-patched.img to my computer
    4. adb reboot bootloader
    5. From bootloader I typed:
    fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img (enter)
    fastboot flash boot_a magisk-patched.img (enter)
    fastboot flash boot_b magisk-patched.img (enter)
    fastboot reboot

    I'll be honest, I've been reading other posts stating that one should boot magisk-patched.img instead of flashing it.

    I tried that once and couldn't get it to work. It would just reboot to my home screen., so I began flashing the patched boot.img to both slots immediately after flashing vbmeta

    I've never had any trouble.

    Once I verified Magisk 23011 was properly installed and verified root, I installed USNF 2.2 early release, following Anonshe's instructions.

    SafetyNet failed initially, but I cleared cashe and data for Google Play Services and Play Store and now everything passes

    Definitely don't regret throwing kdrag0n a few bucks. USNF 2.2 does everything expected. https://kdrag0n.dev/patreon/

    I'm currently on the $5 monthly plan, but he also offers a one-time $5.99 charge for early access to USNF 2.2.

    Hopefully we can always manage to stay ahead in this cat and mouse game!!
    View
    9
    Exel
    Exel
    roirraW edor ehT said:
    Maybe here? Haven't tried yet. http://www.oldversion.com/android/com-chase-sig-android/

    There's also https://apkeureka.com/apk/com.chase.sig.android/

    Found using this search: https://www.google.com/search?q=chase+bank+apk+old+version&sxsrf=AOaemvLfTz7WOH6Um3eIfpWRliMBVMz2Kw:1637594539550&ei=q7WbYczzIJWPtAbtxKmYBg&ved=0ahUKEwiM9cKGo6z0AhWVB80KHW1iCmMQ4dUDCA4&uact=5&oq=chase+bank+apk+old+version&gs_lcp=Cgdnd3Mtd2l6EAMyCAghEBYQHRAeOgcIABBHELADOg0ILhDHARCjAhCwAxBDOgcIABCwAxBDOgUIABCABDoICAAQFhAKEB46BggAEBYQHkoECEEYAFDaCFinEmDZE2gBcAJ4AIABuwGIAc4KkgEDNi42mAEAoAEByAEKwAEB&sclient=gws-wiz

    I kinda hate to download banking apps from random websites, however.

    The newest version (still older than what I had from the Play Store) on the second site, chase-mobile_v4.252_apkeureka.com - 20211007 fingerprint still wouldn't enable.

    The oldest version on the second site, chase-mobile_v4.171_apkeureka.com - 20201211 wouldn't let me sign in without updating.

    I'll try one somewhere in the middle. Trial and error is a pain, though. Install, deny in Magisk, log in, 2FA, Settings, Fingerprint, denied. :D Wipe Cache and Storage, uninstall, repeat.

    chase-mobile_v4.220_apkeureka.com - 20200702 - wouldn't let me sign in without update
    chase-mobile_v4.231_apkeureka.com - 20200805 - wouldn't let me sign in without update
    chase-mobile_v4.234_apkeureka.com - 20200817 - wouldn't let me sign in without update

    And that's all she wrote for now. 10/07 is the only one on the site newer than 8/17, 8/17 requires update before trying to sign in, and 10/07 still has the problem where I couldn't enable fingerprints. I don't have the Chase app still installed on some previous rooted phone (with an old version) to restore app data from.

    By the way, I notice all these APKs are much bigger than what the Play Store reports is the current app's size, but maybe there's a technical reason for that. I hope. :)
    Click to expand...
    Click to collapse

    I figured it out! Thank you so much! I came across the apkeureka site but when I clicked the apk from my notifications, it didn't let me install.

    Big thanks to @Bad Bimr for figuring out the data off / wifi off part.

    Here's how to get the Chase app working:

    1. Uninstall any previous chase app from your phone.

    2. Download this Chase apk: https://apkeureka.com/apk/com.chase.sig.android/link/2/ (chase-mobile_v4.234_apkeureka.com.apk)

    3. Use a file explorer or the one that comes stock with your phone to install the apk.

    4. DO NOT open the Chase app.

    5. Go to Magisk > DenyList and check everything on the Chase app.
    5a. Not sure if this is required but I also spoofed my Magisk and named it "Matrix" (Settings > Hide Magisk app)

    6. Turn off both your Wifi and Data so you have no internet connection.

    7. Open the Chase app and enter your login username and password (make sure to click on the fingerprint sensor so it takes you straight to that setting to enable)

    8. It will prompt you that you have no data when you click the sign in button.

    9. You can now enable data and it will sign you in and take you to the fingerprint authentication page where you can enable it.

    10. The next time you sign it, it will prompt you to update the app. Go ahead and do that. Your fingerprint will still work once you update.

    11. PROFIT!
    View
    8
    roirraW "edor" ehT
    roirraW "edor" ehT
    I've always preferred linking to where folks can find the latest release (or instruct them how to find a specific version at the source page, if necessary). A lot of us have been using v2.3.1 for a month or more now.

    Linking to a specific version requires editing the OP, whereas linking to where to find all versions and then consulting input from users in the thread when there are issues is my preferred method. In time, it's likely that the linked-to specific version would no longer be recommended. To each their own, though. There have been plenty of threads on XDA that subscribe to each of those two methods.
    View

New posts