Hello Forum People,
I have my bootloader unlocked, build MHA-L29C432B198, TWRP recovery and I use Magisk v14.5 however I cannot seem to pass SafetyNet with Magisk failing on ctsProfile and basicIntegrity and "SafetyNet Test" (from the Play Store) passing Safety Net Request but failing Response Signature Validation ("Response Payload Validation Failed").
I have a suspicion that this is due to the unlocked bootloader as I have removed Magisk and anything else I think might have tripped SafetyNet but always the same issue.
Can anyone confirm if this is the cause or otherwise and if having my bootloader unlocked is 'causing SafetyNet to fail then is it safe to relock after re-installing Magisk and returning recovery back to stock or is there some kind of work around?
Muchos appreciated in advance!!
It works fine with unlocked bootloader. Check in Playstore - hamburger menu - scroll down - Settings - scroll down - Device certification: can be certified or uncertified.
It's usually uncertified if your firmware is not approved yet by Huawei. And that would make safetynet fail.
What modules are you using? Xposed will also make safetynet fail.
You could try installing the propfix for magisk, found here: https://mega.nz/#!IOAgibSQ!uix7Gku_MY0ETP-zTae03awF_uH_Jgatr1SDEEvw77A
And did you happen to have SuperSU installed prior to Magisk?
ante0 said:
It works fine with unlocked bootloader. Check in Playstore - hamburger menu - scroll down - Settings - scroll down - Device certification: can be certified or uncertified.
It's usually uncertified if your firmware is not approved yet by Huawei. And that would make safetynet fail.
What modules are you using? Xposed will also make safetynet fail.
You could try installing the propfix for magisk, found here: https://mega.nz/#!IOAgibSQ!uix7Gku_MY0ETP-zTae03awF_uH_Jgatr1SDEEvw77A
And did you happen to have SuperSU installed prior to Magisk?
Click to expand...
Click to collapse
I have tried the propfix and that was unsuccessful in my case. Looks like it's because the firmware is uncertified which is confusing since I updated OTA by official means; update manager gave me a notification, I updated.
Is this a likely scenario that it could be uncertified even though they issued the update?
beejkitsune said:
I have tried the propfix and that was unsuccessful in my case. Looks like it's because the firmware is uncertified which is confusing since I updated OTA by official means; update manager gave me a notification, I updated.
Is this a likely scenario that it could be uncertified even though they issued the update?
Click to expand...
Click to collapse
So according to HiSuite I have an official ROM, I have performed a full factory reset and I am still getting uncertified status through Play Store. I cannot understand this as previously everything was working fine, I could use my banking app etc. and then one day everything stopped working and the only thing I can trace it to is this uncertified status.
Can anyone help me at all because short of going to extremes of using FH to rebrand etc I am all out of ideas and not being able to pass SafetyNet is really annoying; I can no longer use my banking app or Android Pay.
beejkitsune said:
So according to HiSuite I have an official ROM, I have performed a full factory reset and I am still getting uncertified status through Play Store. I cannot understand this as previously everything was working fine, I could use my banking app etc. and then one day everything stopped working and the only thing I can trace it to is this uncertified status.
Can anyone help me at all because short of going to extremes of using FH to rebrand etc I am all out of ideas and not being able to pass SafetyNet is really annoying; I can no longer use my banking app or Android Pay.
Click to expand...
Click to collapse
This is infuriating. I cannot seem to fathom why my device would suddenly be unverified.
I have considered locking my bootloader again but with attempts to do that I am given re-locked status. Suggestions, anyone, please?
Sent from my Mate 9 using XDA Labs
beejkitsune said:
This is infuriating. I cannot seem to fathom why my device would suddenly be unverified.
I have considered locking my bootloader again but with attempts to do that I am given re-locked status. Suggestions, anyone, please?
Sent from my Mate 9 using XDA Labs
Click to expand...
Click to collapse
I know my comment comes a little late, but just so you know,
I'm not certified (according to Google play store), and yet I pass SafetyNet. So your problem doesn't seem to be related.
I'm on B197 and Safety Net 14.3, and B197 was also officially pushed to my phone by Huawei.
Surfinette said:
I know my comment comes a little late, but just so you know,
I'm not certified (according to Google play store), and yet I pass SafetyNet. So your problem doesn't seem to be related.
I'm on B197 and Safety Net 14.3, and B197 was also officially pushed to my phone by Huawei.
Click to expand...
Click to collapse
Thanks for the reply. My solution ended up being to. Rebrand and then update to the Oreo release MHA-L29C432 8.0.0.361. Play Store now certified and passing SafetyNet with no issues. I'm still not 100% sure what tripped SafetyNet originally, nothing seems to be consistent with other people's experiences but I have now a resolution albeit not the desired approach, nor solution.
Related
I sent my oneplus 5 to get the drm level 1 to be able to stream hd in Netflix . After I got it back I unlocked the bootloader and rooted. The cell was working fine for a few months but now netflix won't open. I get network error 9. I open the logs and it says general drm error. The interesting part is that if I lock the bootloader netflix works fine and the videos are in hd. As soon as I unlock the bootloader and root the device with magisk it stops working. Magisk hide is working properly cause I can download Netflix directly from playstore but the app won't work. I am gonna attached a pic of the logs. Can someone please help? Thanks!
This is part of the log
Hello,
I am also facing the same problem. I also have unlocked bootloader, magisk and xposed installed. I have got DRM level 1 activated on my device.
Pls someone suggest any solution other then unrooting and removing xposed .
deepak549 said:
Hello,
I am also facing the same problem. I also have unlocked bootloader, magisk and xposed installed. I have got DRM level 1 activated on my device.
Pls someone suggest any solution other then unrooting and removing xposed .
Click to expand...
Click to collapse
In my case I don't have xposed. I own another oneplus 5 that works fine with unlocked bootloader and the one with the issue was working fine before. I have no idea what happened.
xestan said:
In my case I don't have xposed. I own another oneplus 5 that works fine with unlocked bootloader and the one with the issue was working fine before. I have no idea what happened.
Click to expand...
Click to collapse
I also had the same problem. I got L1 on my 5T, worked fine for some time but stopped. The will work if you use the magisk module that makes the app thinks the phone is L3 and it will work, or you could use 4.x version of the app and it will work. But with any of those solutions netflix won't play in HD.
I heard that netflix is checking is bootloader is unlocked for L1 and blocking it.
harpin14789 said:
I also had the same problem. I got L1 on my 5T, worked fine for some time but stopped. The will work if you use the magisk module that makes the app thinks the phone is L3 and it will work, or you could use 4.x version of the app and it will work. But with any of those solutions netflix won't play in HD.
I heard that netflix is checking is bootloader is unlocked for L1 and blocking it.
Click to expand...
Click to collapse
If netflix is doing that, is not doing it accross all devices or something cause my other oneplus 5 works perfectly. The workaround I found is install the 4.x version and then after opening that version go and update to the latest one, but as you said it will not be in HD.
I have a (non-essential) app that I can not make to work on my new phone with the following error message:
Integrity check failed
Modifications on your phone have been detected. The app can not be used due to security reasons.
Details: The device is checked for signs of root access, respectively if the bootloader is unlocked. For these checks only local elements are used, no data is submitted to external services.
Click to expand...
Click to collapse
This is on a POCO X3 NFC with unlocked bootloader, custom ROM (ArrowOS 11) with microG (instead of Google Play Services) and stable Magisk (v22.0) with MagiskHide applied to that app. I have also already tried to freeze Magisk with AirFrozen, which is a trick that works on a problematic banking app, but that did not change anything.
The strange thing is, that the same app (and same app version) does not show that error on a OnePlus 6 with unlocked bootloader, custom ROM (LineageOS 16 for microG) and Magisk with MagiskHide applied to that app.
I have no idea what the difference may be any and how this is possible.
Any ideas?
https://github.com/kdrag0n/safetynet-fix check and download from release section if you want
etahamad said:
https://github.com/kdrag0n/safetynet-fix check and download from release section if you want
Click to expand...
Click to collapse
If you are replying to me, it's definitely not a SafetyNet issue, because my devices haven't passed SafetyNet since it stopped working with microG about a year (?) ago.
Is anyone else having this issue. Started yesterday for me after years of being rooted without fail. Is there a Google Services update that now runs root check for fingerprint login?
Same here did you get it to work?
Same on my OP 8 pro, Magisk hide, reboot and reinstalling etc didn't work either
Ok, I thought I was going crazy, I have the same problem since last couple of updates... Anybody figured out how to fix it? Maybe an older version of chase mobile?
The new chase app update fix the fingerprint started to work again i got root with magisk and edxposed instaled.try to update the app
Doesn't work for me with app version 4.262 (updated December 15, 2021).
Moto G7 Play (channel), LineageOS 18.1 20211226-NIGHTLY, Magisk v23.0.
As far as I can tell, fingerprint login is the only thing that doesn't work. edit: Quick view balances also does not work.
Just for comparison, everything works with the Bank of America app, including fingerprint login.
I had fingerprint working with root by installing older version and then updating but now I can't get it to work anymore.
Can anyone confirm whether the fingerprint works without root (but with bootloader unlocked and custom ROM installed)?
I'm seeing this issue still in Feb 2022. Rest of app works. Funny how whatever it detects isn't reason enough to block access, just block fingerprint.
supeRUUser said:
Can anyone confirm whether the fingerprint works without root (but with bootloader unlocked and custom ROM installed)?
Click to expand...
Click to collapse
Yes. I just reset my device and reinstalled LineageOS. The fingerprint worked. I then flashed Magisk (and enabled Hide for the Chase app), and the fingerprint continues to work. It seems you just need to set it up *before* rooting.
Hi guys, so I bought my first Realme phone a couple of months ago and I noticed that the Google Pay app wasn't working. I checked the ali store where i bought it and surely it said "Global rom: This is the version with global firmware installed, with many languages, including portuguese language, spanish language, google store is normal, but please note that google pay payment does not work properly". For any reason, this ROM wont let me have Google Pay, so I wanted to know if any of you knows how to enable the Google Pay app? or should I install another ROM? Has any of you had a similar problem? Thanks
Perhaps shift from global to Europe firmware?
Im from South America, so I dont know if the European firmware would work. I'm having a little bit of trouble finding out how RUI 3.0 - Firmware - ROM work. Also, do you know how to do the shift from Global to European? Or at least a tutorial? Ive seen the site https://realmefirmware.com/realme-gt-neo2-5g-firmware/ which has the global firmware released today but I dont know if it's just installing the firmware and problem solved.
Bootloader unlocked = no google pay, it will only work with the original firmware channel, don't try locking your bootloader if you are not 100% sure of it, this will cause your phone to bootloop and you will end up with a bricked device that only realme support would be able to solve, the best solution would be to spoof your device fingerprint to pass the SafetyNet and everything will work just fine, you can contact me for help if you want.
Yes Im going to need a little bit of help with that, thanks
hen1_98 said:
Bootloader unlocked = no google pay, it will only work with the original firmware channel, don't try locking your bootloader if you are not 100% sure of it, this will cause your phone to bootloop and you will end up with a bricked device that only realme support would be able to solve, the best solution would be to spoof your device fingerprint to pass the SafetyNet and everything will work just fine, you can contact me for help if you want.
Click to expand...
Click to collapse
Hello hen1_98, so may I know how to spoof the fingerprint to pass SafetyNet?
drwpls said:
Hello hen1_98, so may I know how to spoof the fingerprint to pass SafetyNet?
Click to expand...
Click to collapse
With Magisk installed you can use the Universal SafetyNetFix by kdrag0n, easy fix
hello, I also flashed the phone, changed the region, rooted it (now it does not work). And closed the bootloader. works on the old bank, but the new (other) does not want to.
hen1_98 said:
With Magisk installed you can use the Universal SafetyNetFix by kdrag0n, easy fix
Click to expand...
Click to collapse
i did install it, but CTS profile still not pass.
I figure out that I need a valid fingerprint which associate to the device (The one which registered to google) to make CTS check pass.
So, I need the fingerprint when the device is in stock rom and haven't rooted.
Hello,
A couple of days ago, a member of my family wanted to unlock their Motorola Edge 30 Fusion's bootloader, to be able to decrypt the data. They brought it to me, since they knew I had some experience with doing so and because I got their bootloader unlocked Galaxy Note9 working with Netflix in full quality (WideVine L1).
This time around, after unlocking the bootloader, installing Magisk and decrypting the data partition, Netflix (and other DRM software) would fully refuse to work. So I took a LogCat read & a DRM info report and saw this:
SafetyNet BASIC is passed (MagiskHideProps & SafetyNet fix + Zygisk & MagiskHide)
WideVine reported level is L1
However! Logcat reports WVCdm being unable to locate & download a certificate for L1. So I checked /data/vendor/mediadrm and the reported error was correct.
However, there is a certificate for L3, but the phone refuses to fall back to L3 for some reason.
liboemcrypto disabler has been unsuccessful, since, from what I can tell, the phone does not use that library.
These same symptoms occur when the userdata partition is encrypted.
Does anybody have any suggestions? I used the exact same steps to get WideVine L1 on the Galaxy Note9.
My opinion is that it has to do with ThinkShield somehow. Can someone advise, please?
Thank you!
antoniu200 said:
Hello,
A couple of days ago, a member of my family wanted to unlock their Motorola Edge 30 Fusion's bootloader, to be able to decrypt the data. They brought it to me, since they knew I had some experience with doing so and because I got their bootloader unlocked Galaxy Note9 working with Netflix in full quality (WideVine L1).
This time around, after unlocking the bootloader, installing Magisk and decrypting the data partition, Netflix (and other DRM software) would fully refuse to work. So I took a LogCat read & a DRM info report and saw this:
SafetyNet BASIC is passed (MagiskHideProps & SafetyNet fix + Zygisk & MagiskHide)
WideVine reported level is L1
However! Logcat reports WVCdm being unable to locate & download a certificate for L1. So I checked /data/vendor/mediadrm and the reported error was correct.
However, there is a certificate for L3, but the phone refuses to fall back to L3 for some reason.
liboemcrypto disabler has been unsuccessful, since, from what I can tell, the phone does not use that library.
These same symptoms occur when the userdata partition is encrypted.
Does anybody have any suggestions? I used the exact same steps to get WideVine L1 on the Galaxy Note9.
My opinion is that it has to do with ThinkShield somehow. Can someone advise, please?
Thank you!
Click to expand...
Click to collapse
Let's take a step back a moment. You're assuming the SafetyNet attestation is a good measure of the platform integrity - which it no longer is, because it has been replaced by Play Integrity. More information here.
That would be my first step, to ensure the device is passing BASIC and DEVICE attestation.
V0latyle said:
Let's take a step back a moment. You're assuming the SafetyNet attestation is a good measure of the platform integrity - which it no longer is, because it has been replaced by Play Integrity. More information here.
That would be my first step, to ensure the device is passing BASIC and DEVICE attestation.
Click to expand...
Click to collapse
Thank you for your reply!
I didn't know that was a thing. I installed the SafetyNet fix from Displax and BASIC and DEVICE tests are now passed, exception being the STRONG test. However, WideVine still refuses to fall back to L3.