Related
How does MagiskHide hide the bootloader status? I'm trying to find a way to replicate the same method with the latest canary release which has Zygisk instead of MagiskHide. Any help is appreciated.
It just changed a few props, all of which are integrated into MagiskHide Props Config (the "Edit MagiskHide props" option) and/or Universal SafetyNet Fix (which soon should be updated to work on Magisk build 23010+).
Didgeridoohan said:
It just changed a few props, all of which are integrated into MagiskHide Props Config (the "Edit MagiskHide props" option) and/or Universal SafetyNet Fix (which soon should be updated to work on Magisk build 23010+).
Click to expand...
Click to collapse
I just changed those props, it still fails attestation. It might be something different though, will check further. Thanks.
With Magisk Canary 23010 you'll also have to add the Play Services processes manually to the Deny list (gms and unstable). If you haven't done that, do so and try again. Could also be that you'll need to fool keystore to use basic attestation, but for those you'll have to use USNF v1.2.0 until the next release, since Riru doesn't play well with Zygisk.
Didgeridoohan said:
With Magisk Canary 23010 you'll also have to add the Play Services processes manually to the Deny list (gms and unstable). If you haven't done that, do so and try again. Could also be that you'll need to fool keystore to use basic attestation, but for those you'll have to use USNF v1.2.0 until the next release, since Riru doesn't play well with Zygisk.
Click to expand...
Click to collapse
Yeah, Riru apparently was the problem as when I removed Riru and downgraded Universal SafetyNet Fix ctsProfile now passes. Thanks for the aid!
Didgeridoohan said:
With Magisk Canary 23010 you'll also have to add the Play Services processes manually to the Deny list (gms and unstable). If you haven't done that, do so and try again. Could also be that you'll need to fool keystore to use basic attestation, but for those you'll have to use USNF v1.2.0 until the next release, since Riru doesn't play well with Zygisk.
Click to expand...
Click to collapse
Is there any update in 2022?
I'm using latest canary Magisk and latest USNF v2.2.1 on Android 11 but the unlocked bootloader is still detected.
Is there any solution? Thank you.
Tried to follow ALL the methods for previous 6 roots and Gpay fixes and can't seem to find a method. Any ideas? I know this is a new phone so perhaps I have to wait, but just curious if there was somethign I may have missed. Followed this method:
fl3xtra said:
Tried to follow ALL the methods for previous 6 roots and Gpay fixes and can't seem to find a method. Any ideas? I know this is a new phone so perhaps I have to wait, but just curious if there was somethign I may have missed. Followed this method:
Click to expand...
Click to collapse
See this post and read the few pages before and after that to get an understanding of what is going on. Basically, Play Integrity API is replacing SafetyNet API so adjustments had to be made.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Also this...
[Magisk] Google wallet (pay) with magisk
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do: - Update Magisk to 25.2, Update magisk app to 25.2 as well - Rename Magisk app if you havent already - [ OPTIONAL ]...
forum.xda-developers.com
I havent tried on this phone but every device I use I've had success with https://github.com/kdrag0n/safetynet-fix
tlxxxsracer said:
I havent tried on this phone but every device I use I've had success with https://github.com/kdrag0n/safetynet-fix
Click to expand...
Click to collapse
From what I read (I could be wrong), Google made changes to their authentication in June 2022.
I literally just got it to work 30 min ago. I followed instructions here: https://forum.xda-developers.com/t/...tynet-fix-2-3-1.4217823/page-91#post-87198517
Not sure if step #1 did anything since I don't have MagiskHidePropsConfig configured in any special way. I think it was the modded safetynet fix that did the trick.
Can you share your steps on rooting? Where did you get the boot.img?
Indian gpay or wallet gpay
z0mghii said:
Can you share your steps on rooting? Where did you get the boot.img?
Click to expand...
Click to collapse
I use a Verizon MVNO as my carrier so i downloaded the factory image that's already available on Google. Extracted boot.img from there.
I believe that not all factory images are available yet so you may have to wait if you don't use Verizon or Verizon mvno. (Might be available on Monday.)
Lughnasadh said:
See this post and read the few pages before and after that to get an understanding of what is going on. Basically, Play Integrity API is replacing SafetyNet API so adjustments had to be made.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Also this...
[Magisk] Google wallet (pay) with magisk
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do: - Update Magisk to 25.2, Update magisk app to 25.2 as well - Rename Magisk app if you havent already - [ OPTIONAL ]...
forum.xda-developers.com
Click to expand...
Click to collapse
I got it to work. The one thing I did differently than some other guides is I changed my phone to a Pixel 4a under props config. Seems to work now and haven't had any issues.
Rooting this phone will be the same as every other Pixel phone. Of course rooting and keeping apps like banking and GPay is an ongoing battle between Google and developers. The requirement to root and use those apps will change as Google updates their security methods, but again that won't be a "per phone" issue, it will be the same methods for all rooted Pixel phones.
Any idea how this affects Felica models? (the ones sold in Japan)
fl3xtra said:
I got it to work. The one thing I did differently than some other guides is I changed my phone to a Pixel 4a under props config. Seems to work now and haven't had any issues.
Click to expand...
Click to collapse
That shouldn't be necessary, assuming you're not running some custom rom.
Anyway, I didn't do that, and google pay and wallet work fine on this phone using magisk with the stock android 13 rom.
Lughnasadh said:
See this post and read the few pages before and after that to get an understanding of what is going on. Basically, Play Integrity API is replacing SafetyNet API so adjustments had to be made.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Also this...
[Magisk] Google wallet (pay) with magisk
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do: - Update Magisk to 25.2, Update magisk app to 25.2 as well - Rename Magisk app if you havent already - [ OPTIONAL ]...
forum.xda-developers.com
Click to expand...
Click to collapse
Folks, the answer is RIGHT HERE.
The issue is NOT device fingerprints or authentication. Google has deprecated the SafetyNet API for the new Play Integrity API, which makes it impossible to spoof an evaluationType of MEETS_STRONG_INTEGRITY.
The solution, as @Lughnasadh shared, is the modified Universal SafetyNet FIx module shared by Displax, which forces the system to use the legacy SafetyNet attestation. This is only a temporary solution, as the time may eventually come when Google removes support for SafetyNet altogether from their apps. There is no permanent solution, nor will there ever be, because spoofing hardware backed device integrity is not possible due to hardware key attestation and the Android Trusted Execution Environment.
Edit:
The USNF module moded by displax fixes both safetynet and security patch info! Thank
rocketda7331 for your experience and nice guidance!
Also, thank BillGoss for your fast help!
Your info gave me the chance to turn back from my wrong direction!
As shown here [ https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf/blob/master/common/prints.sh ], they only have OOS [11] device fingerprints:
OnePlus 8T China KB2000 (11):OnePlus:KB2000=OnePlus/OnePlus8T_CH/OnePlus8T:11/RP1A.201005.001/2108261338:user/release-keys__2021-08-01
OnePlus 8T India KB2001 (11):OnePlus:KB2001=OnePlus/OnePlus8T_IND/OnePlus8T:11/RP1A.201005.001/2110091916:user/release-keys__2021-10-01
OnePlus 8T Europe KB2003 (11):OnePlus:KB2003=OnePlus/OnePlus8T_EEA/OnePlus8T:11/RP1A.201005.001/2110091916:user/release-keys__2021-10-01
OnePlus 8T Global KB2005 (11):OnePlus:KB2005=OnePlus/OnePlus8T/OnePlus8T:11/RP1A.201005.001/2110091917:user/release-keys__2021-10-01
OnePlus 8T T-Mobile KB2007 (11):OnePlus:KB2007=OnePlus/OnePlus8TTMO/OnePlus8TTMO:11/RP1A.201005.001/2108091917:user/release-keys__2021-08-01
But I'm already on LineagsOS 19.1 (Android 12), and I forgotttttttttttt to check the fingerprint of OOS 12 by myself before installing LOS...
Although OOS 11 fingerprint is still able to pass SafetyNet, but it also gives me a "Platform: Out of date" false alarm under "Android security patches" even with latest LOS build installed.
Does any gentleman happens to have OOS [12] device fingerprints for kb2005 or kb2007?
Thanks in advance!!!
ro.build.display.ota: KB2005_11_C.35
ro.build.fingerprint: OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.202208261328:user/release-keys
If you want other properties, let me know.
BillGoss said:
ro.build.display.ota: KB2005_11_C.35
ro.build.fingerprint: OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.202208261328:user/release-keys
If you want other properties, let me know.
Click to expand...
Click to collapse
Thanks a lot! You're GREAT!
Sadly this fingerprint can not pass SafetyNet, it gives a "CTS profile match: Fail".
But it fixes the "Platform: Out of date" in "Android security patches"!
You still saved my day! Thank you for your selfless help!
By the way, the LOS 19.1 (20221013) fingerprint is:
OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.20220730031:user/release-keys
which looks very similar to the OOS C.35 12 fingerprint.
Hmm... Maybe OnePlus just forgot to update it's SafetyNet status?
Found a related issue:
SafetyNet fails on C.20 update for OnePlus 8 Pro · Issue #188 · kdrag0n/safetynet-fix
The "C.20" update for OnePlus 8 Pro based on Android 12 and the OxygenOS 12.1 overlay in correlation with "SafetyNet-Fix v2.2.1" completely blocks the fingerprint scanner. Uninstalling this module ...
github.com
Issue is still open, seems OnePlus has broken something...
GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
rocketda7331 said:
GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
Click to expand...
Click to collapse
Yeah thx I already have that.
With that and hideprops module installed, I can already pass safetynet with OOS 11 fingerprint.
But it's android 11 fingerprint and I'm running android 12 (lineageos 19.1), so using that fingerprint gives me "Platform: Out of date" in "Android security patches".
And as shown above, OOS 12 fingerprint seems problematic too.
For now I can only switch back to OOS 11 fingerprint and watch how this will end...
What are you trying to achieve? If you just want to pass safetynet, you can ditch magiskhideprops module. safetytnet fix module will only spoof your fingerprint for google play services, elsewhere you will have correct fingerprint. I am also on LOS19.1 and everything is reported up to date in Android security patches with this setup. If you wish to keep using magiskhide props for other purposes, you can keep it, but reset your fingerprint.
I will also point out that the linked safetynetfix is modded by displax and is not the original you might have if you installed it ages ago. To pass safetynet nowadays you should update it to this one.
rocketda7331 said:
What are you trying to achieve? If you just want to pass safetynet, you can ditch magiskhideprops module. safetytnet fix module will only spoof your fingerprint for google play services, elsewhere you will have correct fingerprint. I am also on LOS19.1 and everything is reported up to date in Android security patches with this setup. If you wish to keep using magiskhide props for other purposes, you can keep it, but reset your fingerprint.
Click to expand...
Click to collapse
I tried to pass safetynet with a fingerprint from oos 12, not oos 11.
Safetynetfix module is not enough for me because my other apps and games also checks safetynet, so I also have hidepropsconfig module installed. And I use YASNAC to check safetynet.
With hideprops module enabled and oos 11 fingerprint spoofed, I can pass safetynet check, but also got "Platform: Out of date".
With hideprops module enabled and oos 12 fingerprint spoofed, I cannot pass safetynet check, but the platform became okay.
With hideprops module disabled, I cannot pass safetynet check with YASNAC (but google play is okay because safetynetfix module is active), and the platform is okay too. Is this your current state?
IAAxl said:
I tried to pass safetynet with a fingerprint from oos 12, not oos 11.
Safetynetfix module is not enough for me because my other apps and games also checks safetynet, so I also have hidepropsconfig module installed. And I use YASNAC to check safetynet.
With hideprops module enabled and oos 11 fingerprint spoofed, I can pass safetynet check, but also got "Platform: Out of date".
With hideprops module enabled and oos 12 fingerprint spoofed, I cannot pass safetynet check, but the platform became okay.
With hideprops module not enabled, I cannot pass safetynet check, and the platform is okay too. Is this your current state?
Click to expand...
Click to collapse
Are you sure you are using modded safetynetfix module by displax? See if it says "modded by displax" in your magisk modules section. If you have confirmed this, disable magiskhideprops and reboot your phone. Clear data/cache for google play services(note, this will reset your google related settings) and run safetynet attestation. It should pass this way. Apps check safetynet through google, they aren't running their own checks for that, however they can detect root through other methods that don't care about your safetynet status. What app do you have problem with, I could try. You don't have to mess with fingerprints with this module and I assume this is what is actually messing things up for you.
I have oneplus 8t, running lineageos 19.1 and only with safetynetfix mod I can pass safetynet everywhere every time.
rocketda7331 said:
Are you sure you are using modded safetynetfix module by displax? See if it says "modded by displax" in your magisk modules section. If you have confirmed this, disable magiskhideprops and reboot your phone. Clear data/cache for google play services(note, this will reset your google related settings) and run safetynet attestation. It should pass this way. Apps check safetynet through google, they aren't running their own checks for that, however they can detect root through other methods that don't care about your safetynet status. What app do you have problem with, I could try. You don't have to mess with fingerprints with this module and I assume this is what is actually messing things up for you.
I have oneplus 8t, running lineageos 19.1 and only with safetynetfix mod I can pass safetynet everywhere every time.
Click to expand...
Click to collapse
I'm using kdrag0n's universal safetynet fix module v2.3.1, with propsconfig by Didgeridoohan.
I'll check displax's modded version and try your build!
Thanks a lot for sharing your success experience!
IAAxl said:
I'm using kdrag0n's universal safetynet fix module v2.3.1, with propsconfig by Didgeridoohan.
I'll check displax's modded version and try your build!
Thanks a lot for sharing your success experience!
Click to expand...
Click to collapse
Disable propsconfig. Displax' modded version will be all you need to pass safetynet and you will have correct fingerprint(so correct security updates information as well) everywhere else.
rocketda7331 said:
Disable propsconfig. Displax' modded version will be all you need to pass safetynet and you will have correct fingerprint(so correct security updates information as well) everywhere else.
Click to expand...
Click to collapse
It worked!
Thank you so much for your experience and nice guidance!
You saved my year!
IAAxl said:
It worked!
Thank you so much for your experience and nice guidance!
You saved my year!
Click to expand...
Click to collapse
Also check article
How to pass SafetyNet on Android after rooting or installing a custom ROM
It is possible to pass SafetyNet, even after extensive modding like rooting or installing a custom ROM. Check out how to do that here!
www.xda-developers.com
Does Google Wallet and contactless payments work?
Work for me even before I root also
Do still work after root? What Magisk module are you using to make it work after unlocking the bootloader and root?
zenaldo said:
Do still work after root? What Magisk module are you using to make it work after unlocking the bootloader and root?
Click to expand...
Click to collapse
Universal SafetyNet Fix.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Most of my Google Wallet cards worked at most merchants with just the Universal SafteyNet module, but a couple cards wouldn't work at one particular merchant until I add the Systemless Hosts module. Now everything works fine.
Hello. I have not rooted my device and I keep getting errors when trying to add Credit Cards.
The credit card company says that the issue with the mobile...
Just heads up I used the guide for the Pixel 7 Pro for my 7A , just download the firmware from Google site and follow the guide and worked perfect!!
Did you need safetynet for anything though? I tried to use the P7 Pro guide and the entire safetynet section was rubbish, not sure if it's just outdated info or something. However, the forked fix from displax works fine (2.4.0 mod 1.2), passes full safetynet and got Google Wallet working.
Releases · Displax/safetynet-fix
Google SafetyNet attestation workarounds for Magisk - Displax/safetynet-fix
github.com
droid_<3er said:
Did you need safetynet for anything though? I tried to use the P7 Pro guide and the entire safetynet section was rubbish, not sure if it's just outdated info or something. However, the forked fix from displax works fine (2.4.0 mod 1.2), passes full safetynet and got Google Wallet working.
Releases · Displax/safetynet-fix
Google SafetyNet attestation workarounds for Magisk - Displax/safetynet-fix
github.com
Click to expand...
Click to collapse
I don`t use google wallet, my PNC app works and coin base and all of the other apps I use work perfectly fine being rooted.
droid_<3er said:
Did you need safetynet for anything though? I tried to use the P7 Pro guide and the entire safetynet section was rubbish, not sure if it's just outdated info or something. However, the forked fix from displax works fine (2.4.0 mod 1.2), passes full safetynet and got Google Wallet working.
Releases · Displax/safetynet-fix
Google SafetyNet attestation workarounds for Magisk - Displax/safetynet-fix
github.com
Click to expand...
Click to collapse
This was enough to get sn passing / wallet working, thanks!
Does anyone know how otas will work for us? Can we install the ota then install magisk to inactive slot? Or do we need to download the factory image each time to get init_boot