Related
Hey all. I have a Mate 9, stock ROM, just unlocked the bootloader so that I can root. After rooting, I found that most everyone is recommending Magisk, so that I can hide root some certain apps, and pass SafetyNet so that I can use apps like Pokemon Go and Android Pay. And... it's not going well.
I've done this 3 times, trying to install Magisk as the site recommends. I have yet to pass SafetyNet. All I really need is to be root, to pass SafetyNet, and be able to play Pokemon Go.
Any experiences in here that I can learn from? Thanks! :good:
Just a thought but have you installed Magisk Manager and used the hide function for both those apps?
Flash this in magisk manager - modules
https://drive.google.com/open?id=0B2D9GdWntw69NmdJVmhJaWNEOVU
Its needed for safetynet to pass on Huawei devices.
If that doesn't fix it, check that you have USB debugging on in Settings - Developer options.
And that your firmware isn't too new. After Huawei releases a new firmware it takes about 2 weeks for it to get certified by Google.
And make sure hide is working, it should be turned on by default but you need to hide apps in the manager. And check hide logs, if it's empty hide is not working.
If there is text make sure Hide is starting.
All,
I've been fighting with this for a while and I swear that I'm doing everything right (at least, I think I am).
Here's what I'm running:
1. euro build
2. magisk 23.0 (canary build)
I go through the setup, oem unlock and reboot again. I always run into a problem with magisk patched img and safety net failing.
The threads out there have gotten too thick and off-topic with folks asking for other stuff unrelated to the task at hand. I'm beyond confused with all the threads and need a clean and cohesive approach. Again, people, I need a better direction on this. No one-liners and smart ass answers.
Thank you to those that respond with a solid tutorial. Go layman if need be. =)
Magisk is dropping support for hiding root access from apps
Magisk, the popular Android rooting tool, will continue to be developed by topjohnwu, but without its root hiding feature called MagiskHide.
www.xda-developers.com
I recommend following this YouTube tutorial step by step. Also, The Magisk 23.0 build STILL has MagiskHide at the moment, so you may want to enable that.
TL;DR, you'll have to install Riru, LSposed, and XPrivacyLua and their respective magisk modules. While the video showed how to pass SafetyNet and get Google Play "Device is Certified", you can implement the same processes to ANY app having issues with root.
dude6595 said:
Magisk is dropping support for hiding root access from apps
Magisk, the popular Android rooting tool, will continue to be developed by topjohnwu, but without its root hiding feature called MagiskHide.
www.xda-developers.com
Click to expand...
Click to collapse
Once again: Everything that counts is money!
There will be other devs presenting solutions for root and hiding root so that we won't need Magisk any longer.
Until then I'll stay with 23.0
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do:
- Update Magisk to 25.2, Update magisk app to 25.2 as well
- Rename Magisk app if you havent already
- [ OPTIONAL ] Add all google apps on deny list (good practice in case google wants to detect root throught their other apps)
- install these modules: https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf and https://github.com/kdrag0n/safetynet-fix
- then:
step 1.) Download any terminal (I use termux)
step 2.) type SU
step 3.) type props
step 4.) edit device fingerprint
step 5.) follow the onscreen promt
step 6.) once successfully changed, reboot device
optional (i didnt have to but you can try) reset google play, play services and google wallet appdata.
step 7.) enjoy working google wallet.
- Reboot
NOTE: Remeber to clear google wallet just in case.
ANOTHER NOTE: If your device is not on this list: https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf/blob/master/common/prints.sh
then you'll have to manually obtain an old fingerprint for your device, its all on here how to do:
MagiskHidePropsConf/README.md at master · Magisk-Modules-Repo/MagiskHidePropsConf
This tool is now dead... Contribute to Magisk-Modules-Repo/MagiskHidePropsConf development by creating an account on GitHub.
github.com
Enjoy.
EDIT: Alternatively try this:
https://github.com/Displax/safetynet-fix/releases/
it wont work for all from what I know but it was successful for some.
I only had to update magisk then add Wallet to the deny list.... Haven't tested an actual payment yet, but it stopped complaining about root when I open it.
I probably already had some of those modules installed from before. Some of the names look familiar.
Tried it at McDonald's... Didn't work. I guess the app stops complaining after a few goes of starting it up... Need to check in the "contactless setup" part of the Wallet app to be sure. Has a warning there if your device is "unsafe".
I'll try the full list of steps above tonight and confirm tomorrow if I can pay with it.
ahhh, it was not only with me... going to install to see if it passes...
None of the above works. If you try to pay contactless it will fail. If you try to add card it will fail also. I think that the new google wallet can detect if bootloader is unlocked. I don't see any workaround on this.
covar said:
None of the above works. If you try to pay contactless it will fail. If you try to add card it will fail also. I think that the new google wallet can detect if bootloader is unlocked. I don't see any workaround on this.
Click to expand...
Click to collapse
Yeah I removed Magisk and I still failed. It seems bootloader related I think.
covar said:
None of the above works. If you try to pay contactless it will fail. If you try to add card it will fail also. I think that the new google wallet can detect if bootloader is unlocked. I don't see any workaround on this.
Click to expand...
Click to collapse
works fine for me, I added something you should try as well in case it didnt work for you.
Danishblunt said:
works fine for me, I added something you should try as well in case it didnt work for you.
Click to expand...
Click to collapse
Still nothing. Have you try to make payment????
covar said:
Still nothing. Have you try to make payment????
Click to expand...
Click to collapse
I made 4 payments after the fix, latest being 12 minutes prior to this reply. it works fine.
I suggest starting from my post 1point by point. If it still doesnt work then you may have an app that somehow triggers the root detection that I don't have on my phone.
You should probably mention that picking correct CTS fingerprint is crucial. Sometimes its one version down for your device, but other times you have to use entirely different (but probably related somehow?) device FP, either because prior version doesn't exist, or Google simply doesn't accept it. The Google Pay thread has a scattered reports of working combos somebody should probably make a nicer list of.
I think some steps are not necessary. Like hiding all Google apps and SQ Lite
Also, momo-hider is depreciated. Use shamiko.
Lastly, I just installed magisk hide props (and configured it) and now it works.
Thanks its work✓ !! Is it permanent? Or someday its gonna pop out because some updates?
Magisk user
Paulo_1307_ said:
I think some steps are not necessary. Like hiding all Google apps and SQ Lite
Also, momo-hider is depreciated. Use shamiko.
Lastly, I just installed magisk hide props (and configured it) and now it works.
Click to expand...
Click to collapse
You are correct. The only thing to do is to configure props. I personally change the fingerprint and now works fine.
Paulo_1307_ said:
I think some steps are not necessary. Like hiding all Google apps and SQ Lite
Also, momo-hider is depreciated. Use shamiko.
Lastly, I just installed magisk hide props (and configured it) and now it works.
Click to expand...
Click to collapse
You're right, just listed old modules i gathered over time just in case without testing if they are needed anymore. Tested if they were needed and indeed, they arent.
Hiding the google apps is a good idea regardless if its needed or not.
Fixed the original post to reflect the changes.
Danishblunt said:
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do:
- Update Magisk to 25.2, Update magisk app to 25.2 as well
- Rename Magisk app if you havent already
- [ OPTIONAL ] Add all google apps on deny list (good practice in case google wants to detect root throught their other apps)
- install these modules: https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf and https://github.com/kdrag0n/safetynet-fix
- then:
step 1.) Download any terminal (I use termux)
step 2.) type SU
step 3.) type props
step 4.) edit device fingerprint
step 5.) follow the onscreen promt
step 6.) once successfully changed, reboot device
optional (i didnt have to but you can try) reset google play, play services and google wallet appdata.
step 7.) enjoy working google wallet.
- Reboot
NOTE: Remeber to clear google wallet just in case.
ANOTHER NOTE: If your device is not on this list: https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf/blob/master/common/prints.sh
then you'll have to manually obtain an old fingerprint for your device, its all on here how to do:
MagiskHidePropsConf/README.md at master · Magisk-Modules-Repo/MagiskHidePropsConf
This tool is now dead... Contribute to Magisk-Modules-Repo/MagiskHidePropsConf development by creating an account on GitHub.
github.com
Enjoy.
Click to expand...
Click to collapse
hi may I ask what does step 5 mean? Thanks!
darkhunter9 said:
hi may I ask what does step 5 mean? Thanks!
Click to expand...
Click to collapse
baisically just means follow instructions on your screen.
Paulo_1307_ said:
I think some steps are not necessary. Like hiding all Google apps and SQ Lite
Also, momo-hider is depreciated. Use shamiko.
Lastly, I just installed magisk hide props (and configured it) and now it works.
Click to expand...
Click to collapse
Can confirm this works
I had both GPay and Wallet installed on my Pixel 5; yesterday I got the "security requirements" notification.
I've now removed both apps. When I tap on the GPay tile in Quick Settings, it says "Hold to reader", but when I tap Show All, it says "Not set up". I'll test it later today.
Does anyone know how to clear cache for embedded GPay?
V0latyle said:
I had both GPay and Wallet installed on my Pixel 5; yesterday I got the "security requirements" notification.
I've now removed both apps. When I tap on the GPay tile in Quick Settings, it says "Hold to reader", but when I tap Show All, it says "Not set up". I'll test it later today.
Does anyone know how to clear cache for embedded GPay?
Click to expand...
Click to collapse
It will show an error when you try to do a transaction if you havent done the above. Minr also showed that it was reafy but when trying to pay it would throw error.
Danishblunt said:
It will show an error when you try to do a transaction if you havent done the above. Minr also showed that it was reafy but when trying to pay it would throw error.
Click to expand...
Click to collapse
I just went to Dollar General and successfully used tap to pay. I do not have either of the discrete apps installed, just embedded GPay.
Danishblunt said:
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do:
- Update Magisk to 25.2, Update magisk app to 25.2 as well
- Rename Magisk app if you havent already
- [ OPTIONAL ] Add all google apps on deny list (good practice in case google wants to detect root throught their other apps)
- install these modules: https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf and https://github.com/kdrag0n/safetynet-fix
- then:
step 1.) Download any terminal (I use termux)
step 2.) type SU
step 3.) type props
step 4.) edit device fingerprint
step 5.) follow the onscreen promt
step 6.) once successfully changed, reboot device
optional (i didnt have to but you can try) reset google play, play services and google wallet appdata.
step 7.) enjoy working google wallet.
- Reboot
NOTE: Remeber to clear google wallet just in case.
ANOTHER NOTE: If your device is not on this list: https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf/blob/master/common/prints.sh
then you'll have to manually obtain an old fingerprint for your device, its all on here how to do:
MagiskHidePropsConf/README.md at master · Magisk-Modules-Repo/MagiskHidePropsConf
This tool is now dead... Contribute to Magisk-Modules-Repo/MagiskHidePropsConf development by creating an account on GitHub.
github.com
Enjoy.
Click to expand...
Click to collapse
Even tho Xiaomi Mi 11 Lite 5g (European version) is not on either list, I got Google Wallet to play nicely (ie work! ) using this guide. In effect the Xiaomi Mi 11 Lite Indonesia Xiaomi:M2101K9AG must have similar coding to Xiaomi M2102K9G. I am now on 13.0.6 SKIEUXM MIUI version. I was worried in the termux app re warnings about ensuring device fingerprint is compatible etc, but when I got the sae warning in adb shell command within minimal adb & fastboot command, I decided to see what happens and it all worked for me. Have carried 2 transactions within Google wallet over yesterday & today with complete success. My device was already certified within Play protect part of Google Play Store.
So I have rooted phone with Magisk 25.2 version, zygisk and deny list set up ; magisk hidden (Hide) then froze Magisk Hide within SD Maid so my fully rooted phone runs Ad Away, no ads & all my banking apps eg Santander & Halifax work fine, so root is hidden from them. Given up trying to get Chase banking app tho
I have zero interest in rooting my phone, but because 5G/VoLTE/VoWiFi are not supported in my country (Slovakia) I had to root it. After successful root, passing SafetyNet and pretty much make everything to work as expected, my Company Portal is detecting root when running Teams and Outlook provisioned by my Company Portal despite having them in DenyList. Is there anyone who managed to pass this?
Thank you.
Happened to me as well. I used Shamiko magisk module and it's all good now.
@chaos193, did you use Riru along?
Or maybe even better question if you don't mind - what modules are you using to successfully pass SafetyNet and hide root?
Can you list them one by one, please?
Either use Shamiko or MagiskHidePropsConf to mask additional properties. I can confirm that InTune Company Portal works fine with SafetyNetFix + Shamiko
p4ra said:
@chaos193, did you use Riru along?
Or maybe even better question if you don't mind - what modules are you using to successfully pass SafetyNet and hide root?
Can you list them one by one, please?
Click to expand...
Click to collapse
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
chaos193 said:
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
Click to expand...
Click to collapse
Quick question @chaos193 - I haven't updated Shamiko to 0.6 as the update states that it requires Magisk 25205+. Reckon that would be magisk canary? Or as you using 0.6 with Magisk stable?
WhoIsJohnGalt1979 said:
Quick question @chaos193 - I haven't updated Shamiko to 0.6 as the update states that it requires Magisk 25205+. Reckon that would be magisk canary? Or as you using 0.6 with Magisk stable?
Click to expand...
Click to collapse
I used it with magisk stable 25.2. I think we are all using magisk stable to root our phone right?
I have tried your suggestions, but still does not seem to work. Adding screenshots.
Can you help me, please? What is wrong with my setup?
Following steps work 100% - I had the same issue.
1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app
I had issue with a specific banking app which detects root by most of the methods. I made it working by using shamiko + airfrozen which i was not really liking.
Now i wnded up with a forked project of magisk bu Husky called magisk delta which brought back magisk hide along with zygisk. With this i don't need shamiko, magiskpropshide, airfrozen or any modules for hiding the root from apps. Yes for safetynet you can use the modded veraion by D. Below is the link. If you are interested have a look at Magisk Delta by HuskyDG... I use the magisk delta canary builds...
I have made it work with first approach. I did a restart of the phone and it worked.
What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.
Is there any other module I am missing for this last piece of puzzle?
And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.
p4ra said:
I have made it work with first approach. I did a restart of the phone and it worked.
What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.
Is there any other module I am missing for this last piece of puzzle?
And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.
Click to expand...
Click to collapse
I'm not quite sure which VoLTE/VoWiFi/5G Magisk module you are referring to, but I believe enabling 5G requires modified mbn files specific to your country/region.
Regarding OTAs, there are two "How To" guides here with all the details you need.
Blaze1001 said:
Following steps work 100% - I had the same issue.
1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app
Click to expand...
Click to collapse
I have done exactly this but it still detects
Oneplus 7 pro
LineageOS 19.1 Nov 27th nightly build
This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)b. Microsoft Authenticator (if you use it)c. Microsoft Defender (if you use it)5. Make sure you clear app data for the apps in the deny list after adding them to the deny list
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
craigacgomez said:
This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)b. Microsoft Authenticator (if you use it)c. Microsoft Defender (if you use it)5. Make sure you clear app data for the apps in the deny list after adding them to the deny list
Click to expand...
Click to collapse
s3axel said:
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
Click to expand...
Click to collapse
Still doesn't work. Its weird because it worked for one night and the next morning it stopped.
UPDATE: its LSPosed I think. But this is the only way to force dark mode on some apps....
UPDATE 2: I disabled forced dark mode on all Microsoft apps in LSPosed plugin and its looking good so far...
UPDATE 3: Had a full day with not a single root detection notification. Looks solid!
s3axel said:
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
Click to expand...
Click to collapse
one of the worse parts of it, if not the worst, is that nobody knows what it detects and there's no guide that applies to each and every device,
I tried in 3 devices, the exact same steps and files, etc, it worked on the 1st one, but on the other two.. no!
For all those who still got issues as another idea: Does Google Wallet work ? Is the device play protect certified ?
I ask because to get Wallet to work (and presumably other apps that rely on Safetynet and/or Play Protect certification) the additional step after #5 in the list above is: clear data for Google Play Services and Google Play Store, then reboot (your device will ask for Google backup configuration again).....
I got the same issue with an App called "SwissID". It recognizes magisk for some reason. All other Apps work (like banking, google wallet etc.)
chaos193 said:
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
Click to expand...
Click to collapse
Its work to me!!! Thanks
This is a tutorial on how to set up your phone so that you can consistently pass SafetyNet. Note that all this is from my own experience, and if what works on one device blows up another, that's not my problem and I'm not responsible for that. I will attempt to keep this tutorial as clean and simple as possible, but if you have any further questions that are more specific you are welcome to ask.
In order to be as simple as possible to understand, this guide assumes the following:
- You have a PC. Windows, Mac, the almighty Linux, it makes no difference.
- You have the android platform tools on your PC
- Your device has an unlocked bootloader.
- Your device does not have support for signature spoofing.
- Your device does not have Google's official play services on it.
- You have a working brain.
If one or more of the above is incorrect, you'll have to make more use of the last item on the list.
If the last item on the list is incorrect, you're beyond hope.
Now, the guide:
Step 1: Get some magisk on your phone
Setting up magisk is incredibly simple, and I won't be going into detail here. I would recommend installing the regular magisk app and patching your boot image, as that is what I've done.
Note that you do not need the magisk manager app for this guide at all.
I've attached the magisk app I used to this post. You'll need to install the app and make use of the "install" section of the home page.
Once magisk is installed and set up, you'll need to enable zygisk in the magisk settings. Then reboot.
Step 2: Installing MicroG
I am not going to list through all the possible way you can install microG. Instead, have a link to microG's wiki:
index - MicroG
r/MicroG: Subreddit about microG, a free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries. This …
www.reddit.com
Now here comes the important bit:
From everything I have seen, it appears clear that google stores information about each device that registers with it, and that this in turn will affect SafetyNet.
Therefore, the best way to prevent this leading to SafetyNet failing is to prevent connection with google completely - till the phone is ready.
Before you install microG, make sure your phone has both wifi and data turned off. Leave these off till the setup is complete. Note that only the phone needs to be disconnected, nothing else matters.
In essence, this means that google sees nothing till your device is setup correctly, and then SafetyNet has nothing to complain about.
Now that you've read every word of the above paragraph, go ahead and install microG on your phone.
Make sure you've got all the different components: Core, GSF Framework, FakeStore, and DroidGuard helper. If your installation method does not handle all of this for you, then it sucks, and you shouldn't have used it. Regardless, you can find apks for all of these at https://microg.org/
Step 3: Don't touch
As I've already made clear above, do not change any microG settings at this point. Don't enable device registration (if it's disabled), don't enable safetynet, and just generally leave microG settings alone for now. Oh yeah, and don't turn on wifi or data.
Step 4: Tricking SafetyNet
Everything up till now has just been preparation for actually tricking SafetyNet. So now that we've got all that out the way, let's get down to details:
First, downloads:
Download the latest zip: https://themagisk.com/magiskhide-props-config/
Download the latest zygisk zip: https://themagisk.com/universal-safetynet-fix/
Move these over to your phone and install them both as magisk modules.
Once these modules are installed and you've rebooted, connect your phone to your pc.
Open a terminal/command prompt in your platform tools folder, and type "adb shell props". You may need to grant the superuser permission from your phone.
Then choose option 1.
You'll then need to choose a device from the list available.
The key here is that we need to spoof our device fingerprint, so google thinks the device is certified, even if it actually isn't.
If your device is approved by google, then simply select your device model.
If not, things get a bit more unclear. Not every fingerprint will work for every device - If your device is vastly different from the one you are trying to spoof things may not always work correctly. The best advice I can give here is to choose a device that matches yours as closely as possible. As an example: if your device is made by Xiaomi but is not approved by google, I would select a fingerprint belonging to a Xiaomi device.
Keep in mind that if you try a fingerprint that does not work, you cannot simply switch it to something else and try again, as the SafetyNet history for the device has to be clean.
Once you've spoofed your device fingerprint and rebooted, you're almost ready to test out SafetyNet and google sign in. But first:
Step 5: Do you need signature spoofing?
To ensure things work as smoothly as possible, it's important to make sure you have signature spoofing working before you test SafetyNet. If you've got your own solution to that great. If not:
The first thing I have to point out is that a lot of sigspoof methods on google nowadays are outdated and semi-functional at best, working for a handful of devices. As this guide is intended to be a universal solution regardless of your device, the only answer is lsposed and fakegapps.
Download the latest zygisk zip: https://themagisk.com/lsposed/
Transfer it to your phone and install it as a magisk module.
I've attached the full lsposed manager apk to this post, as the parasitic one sucks. Install it and the fakegapps apk which I've also attached to this post.
You'll now need to enable fakegapps, and turn it on for anything that might need access to spoofing. This includes the system framework, all the microG stuff, and any app that needs to be fooled by microg. Then reboot.
Step 6: Ready to test
Everything should now be set up correctly.
Check the microG settings to make sure signatures are correctly being spoofed.
Enable device registration (if disabled).
Enable SafetyNet attestation.
At this point your phone should still be completely disconnected from the internet.
If you're happy everything is set up correctly, turn on your wifi or data, and test SafetyNet attestation.
Step 7: Done.
Hopefully you now have working SafetyNet and google sign in. If this does work for you, it means that safetynet is now stable on your device, and you are free to install whatever you want on it.
If it didn't work, keep in mind that this hasn't been tested on every device in existence. All I know is that this consistently works for me.
If your phone doesn't turn on, you probably need to charge it.
If your phone has exploded, you probably have a Samsung.
Thanks everyone for reading my guide, I hope you enjoyed! (Maybe it even worked)
RESERVED FOR STUFF
Your guide is well made but I have some things I would change.
1) Since everything has to be done offline and adb is used in linux installation at least I would recommend adding an tip with adb push ~/Downloads/safetynet-tools.zip /storage/emulated/0/Downloads.
Furthermore cause of it I recommend attaching a single zip with
tools so they can be moved easily to the device.
2) there is missing Information: you said in the guide that safety net trips extremely easily. During the entire process the device cant be connected to the internet but what if you want to install another app. For example what if you want to install another app later lets say Netflix for example. I know for a fact it requires safetynet. It would be configured automatically will it? This would conclude to permanetley lock safety net till its reinstalled.
hypethetime said:
Your guide is well made but I have some things I would change.
1) Since everything has to be done offline and adb is used in linux installation at least I would recommend adding an tip with adb push ~/Downloads/safetynet-tools.zip /storage/emulated/0/Downloads.
Furthermore cause of it I recommend attaching a single zip with
tools so they can be moved easily to the device.
Click to expand...
Click to collapse
Hi, I think you may have misunderstood slightly. Only the phone has to be offline, you can still connect it to a PC and download the files on the PC. The only important thing is that the device doesn't communicate with google till you are ready for it to.
hypethetime said:
2) there is missing Information: you said in the guide that safety net trips extremely easily. During the entire process the device cant be connected to the internet but what if you want to install another app. For example what if you want to install another app later lets say Netflix for example. I know for a fact it requires safetynet. It would be configured automatically will it? This would conclude to permanetley lock safety net till its reinstalled.
Click to expand...
Click to collapse
Once the process is complete, you can install whatever else you want and safetynet will not stop working. The main thing is that the process of setting up the device so that it can be approved is very easy to mess up, so that part has to be done carefully.
I'll edit the guide to make these points more clear.
Sense_101 said:
Hi, I think you may have misunderstood slightly. Only the phone has to be offline, you can still connect it to a PC and download the files on the PC. The only important thing is that the device doesn't communicate with google till you are ready for it to.
Click to expand...
Click to collapse
I knew you always were able to use pc and you miss understood me. I at least often had the problem with transferring files for some reseason and for this adb push is extremey helpful.
Regarding instaling more apps thank you for the answer and how quickly it came.
Sense_101 said:
This is a tutorial on how to set up your phone so that you can consistently pass SafetyNet. Note that all this is from my own experience, and if what works on one device blows up another, that's not my problem and I'm not responsible for that. I will attempt to keep this tutorial as clean and simple as possible, but if you have any further questions that are more specific you are welcome to ask.
In order to be as simple as possible to understand, this guide assumes the following:
- You have a PC. Windows, Mac, the almighty Linux, it makes no difference.
- You have the android platform tools on your PC
- Your device has an unlocked bootloader.
- Your device does not have support for signature spoofing.
- Your device does not have Google's official play services on it.
- You have a working brain.
If one or more of the above is incorrect, you'll have to make more use of the last item on the list.
If the last item on the list is incorrect, you're beyond hope.
Now, the guide:
Step 1: Get some magisk on your phone
Setting up magisk is incredibly simple, and I won't be going into detail here. I would recommend installing the regular magisk app and patching your boot image, as that is what I've done.
Note that you do not need the magisk manager app for this guide at all.
I've attached the magisk app I used to this post. You'll need to install the app and make use of the "install" section of the home page.
Once magisk is installed and set up, you'll need to enable zygisk in the magisk settings. Then reboot.
Step 2: Installing MicroG
I am not going to list through all the possible way you can install microG. Instead, have a link to microG's wiki:
index - MicroG
r/MicroG: Subreddit about microG, a free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries. This …
www.reddit.com
Now here comes the important bit:
From everything I have seen, it appears clear that google stores information about each device that registers with it, and that this in turn will affect SafetyNet.
Therefore, the best way to prevent this leading to SafetyNet failing is to prevent connection with google completely - till the phone is ready.
Before you install microG, make sure your phone has both wifi and data turned off. Leave these off till the setup is complete. Note that only the phone needs to be disconnected, nothing else matters.
In essence, this means that google sees nothing till your device is setup correctly, and then SafetyNet has nothing to complain about.
Now that you've read every word of the above paragraph, go ahead and install microG on your phone.
Make sure you've got all the different components: Core, GSF Framework, FakeStore, and DroidGuard helper. If your installation method does not handle all of this for you, then it sucks, and you shouldn't have used it. Regardless, you can find apks for all of these at https://microg.org/
Step 3: Don't touch
As I've already made clear above, do not change any microG settings at this point. Don't enable device registration (if it's disabled), don't enable safetynet, and just generally leave microG settings alone for now. Oh yeah, and don't turn on wifi or data.
Step 4: Tricking SafetyNet
Everything up till now has just been preparation for actually tricking SafetyNet. So now that we've got all that out the way, let's get down to details:
First, downloads:
Download the latest zip: https://themagisk.com/magiskhide-props-config/
Download the latest zygisk zip: https://themagisk.com/universal-safetynet-fix/
Move these over to your phone and install them both as magisk modules.
Once these modules are installed and you've rebooted, connect your phone to your pc.
Open a terminal/command prompt in your platform tools folder, and type "adb shell props". You may need to grant the superuser permission from your phone.
Then choose option 1.
You'll then need to choose a device from the list available.
The key here is that we need to spoof our device fingerprint, so google thinks the device is certified, even if it actually isn't.
If your device is approved by google, then simply select your device model.
If not, things get a bit more unclear. Not every fingerprint will work for every device - If your device is vastly different from the one you are trying to spoof things may not always work correctly. The best advice I can give here is to choose a device that matches yours as closely as possible. As an example: if your device is made by Xiaomi but is not approved by google, I would select a fingerprint belonging to a Xiaomi device.
Keep in mind that if you try a fingerprint that does not work, you cannot simply switch it to something else and try again, as the SafetyNet history for the device has to be clean.
Once you've spoofed your device fingerprint and rebooted, you're almost ready to test out SafetyNet and google sign in. But first:
Step 5: Do you need signature spoofing?
To ensure things work as smoothly as possible, it's important to make sure you have signature spoofing working before you test SafetyNet. If you've got your own solution to that great. If not:
The first thing I have to point out is that a lot of sigspoof methods on google nowadays are outdated and semi-functional at best, working for a handful of devices. As this guide is intended to be a universal solution regardless of your device, the only answer is lsposed and fakegapps.
Download the latest zygisk zip: https://themagisk.com/lsposed/
Transfer it to your phone and install it as a magisk module.
I've attached the full lsposed manager apk to this post, as the parasitic one sucks. Install it and the fakegapps apk which I've also attached to this post.
You'll now need to enable fakegapps, and turn it on for anything that might need access to spoofing. This includes the system framework, all the microG stuff, and any app that needs to be fooled by microg. Then reboot.
Step 6: Ready to test
Everything should now be set up correctly.
Check the microG settings to make sure signatures are correctly being spoofed.
Enable device registration (if disabled).
Enable SafetyNet attestation.
At this point your phone should still be completely disconnected from the internet.
If you're happy everything is set up correctly, turn on your wifi or data, and test SafetyNet attestation.
Step 7: Done.
Hopefully you now have working SafetyNet and google sign in. If this does work for you, it means that safetynet is now stable on your device, and you are free to install whatever you want on it.
If it didn't work, keep in mind that this hasn't been tested on every device in existence. All I know is that this consistently works for me.
If your phone doesn't turn on, you probably need to charge it.
If your phone has exploded, you probably have a Samsung.
Thanks everyone for reading my guide, I hope you enjoyed! (Maybe it even worked)
Click to expand...
Click to collapse
I have a Samsung galaxy note 10 plus running LineageOS 19.1. I'ts unlocked, and rooted with Magisk. Is there something about Samsung phones that are more likely to "explode" trying to install MicroG?
WheelingPigeon said:
I have a Samsung galaxy note 10 plus running LineageOS 19.1. I'ts unlocked, and rooted with Magisk. Is there something about Samsung phones that are more likely to "explode" trying to install MicroG?
Click to expand...
Click to collapse
Yeah, that's a joke
WheelingPigeon said:
I have a Samsung galaxy note 10 plus running LineageOS 19.1. I'ts unlocked, and rooted with Magisk. Is there something about Samsung phones that are more likely to "explode" trying to install MicroG?
Click to expand...
Click to collapse
Samsung phones have a history of "blowing" up. First they were actually dangerous in very few cases but now they can expand and pop of the back of your phone. As long as you switch the battery then your safe to use it.
AOSP Rom (signature spoofing unsupported, without MicroG installer)
After Root install patch for spoofing via NanoDroid Patcher
Open Magisk settings -> Enable Zygisk + Enforce DenyList, install module MagiskHide Props Config -> reboot
Open Termux or ADB, type su to set root permission then type props (option 1)
Install MicroG via APK or offical F-Droid app, grant Signature spoofing permission
If you want using play store, install patched version (F-Droid add repo NanoDroid)
Open MicroG Settings -> Self-Check -> make sure all box checked
Turn on Google device registration, Google SafetyNet, if CTS fail then install Universal SafetyNet Fix
Install magisk module App Systemizer, Busybox for Android NDK to change MicroG to system app