Remove All Ads from XDA

Why Does XPosed Always Trip SafetyNet?

26 posts
Thanks Meter: 4
 
By gudenau, Junior Member on 2nd September 2017, 06:14 AM
Post Reply Email Thread
I'd like to know exactly why XPosed trips the SafteyNet checks even when running as a Magisk module. Is there a change that's easy to detect? Is it not possible to isolate the changes to certain apps? I want all the technical details about this issue.
The Following 2 Users Say Thank You to gudenau For This Useful Post: [ View ] Gift gudenau Ad-Free
 
 
2nd September 2017, 08:31 PM |#2  
Senior Member
Thanks Meter: 21
 
More
What I'm aware of after talking to some of the devs and reading in the forums
That google play service downloads Safteynet XML file which executes and checks for Xposed File modifications
3rd September 2017, 04:22 PM |#3  
Member
Flag Avon
Thanks Meter: 8
 
More
I think its due to Xposed modifying the /system folder, and as magisk is "systemless", it doesnt do that.
3rd September 2017, 05:30 PM |#4  
Senior Member
Flag Munich
Thanks Meter: 372
 
More
Quote:
Originally Posted by loguhn

I think its due to Xposed modifying the /system folder, and as magisk is "systemless", it doesnt do that.

But there's systemless xposed which still triggers safety net. So it can't be just that.

Gesendet von meinem Moto G 2014 LTE mit Tapatalk
3rd September 2017, 07:03 PM |#5  
OP Junior Member
Thanks Meter: 4
 
More
Quote:
Originally Posted by kabso5

What I'm aware of after talking to some of the devs and reading in the forums
That google play service downloads Safteynet XML file which executes and checks for Xposed File modifications

That doesn't tell me anything about what part of Xposed trips the checks though.
7th September 2017, 04:32 PM |#6  
aer0zer0's Avatar
Senior Member
Flag Cortland NY
Thanks Meter: 541
 
More
Quote:
Originally Posted by gudenau

That doesn't tell me anything about what part of Xposed trips the checks though.

safetynet checks the zygote, which xposed modifies to work, thats why it trips, be it system or systemless, it didnt used to. Safetynet has evolved
8th September 2017, 05:58 AM |#7  
cthulhu1987's Avatar
Senior Member
Flag Stuttgart
Thanks Meter: 13
 
More
Quote:
Originally Posted by aer0zer0

safetynet checks the zygote, which xposed modifies to work, thats why it trips, be it system or systemless, it didnt used to. Safetynet has evolved

I don't get how a root-level app can't fool a non-root level app such as Google Play into thinking nothing's rotten in Denmark
The Following User Says Thank You to cthulhu1987 For This Useful Post: [ View ] Gift cthulhu1987 Ad-Free
8th September 2017, 02:57 PM |#8  
aer0zer0's Avatar
Senior Member
Flag Cortland NY
Thanks Meter: 541
 
More
Quote:
Originally Posted by cthulhu1987

I don't get how a root-level app can't fool a non-root level app such as Google Play into thinking nothing's rotten in Denmark

I'm sure if they could spoof the zygote, or force it back as a pass like the bootloader and kernel, they would have done it already. Root is not exactly the entire solution
The Following User Says Thank You to aer0zer0 For This Useful Post: [ View ] Gift aer0zer0 Ad-Free
10th September 2017, 03:27 AM |#9  
OP Junior Member
Thanks Meter: 4
 
More
Quote:
Originally Posted by aer0zer0

safetynet checks the zygote, which xposed modifies to work, thats why it trips, be it system or systemless, it didnt used to. Safetynet has evolved

How exactly does it detect it though? There are several versions it in the wild.
10th September 2017, 03:39 AM |#10  
aer0zer0's Avatar
Senior Member
Flag Cortland NY
Thanks Meter: 541
 
More
Maybe @topjohnwu can explain better here
The Following User Says Thank You to aer0zer0 For This Useful Post: [ View ] Gift aer0zer0 Ad-Free
10th September 2017, 05:37 PM |#11  
Senior Member
Thanks Meter: 69
 
More
Quote:
Originally Posted by aer0zer0

Maybe @topjohnwu can explain better here

he did: https://forum.xda-developers.com/sho...postcount=4200

Quote:

Systemless Xposed cannot pass SafetyNet!!! SN checks the running Zygote process, it is not as simple as unmounting the files to hide it!

Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes