Magisk to pass SafetyNet failure, for PKMN Go - Huawei Mate 9 Questions & Answers

Hey all. I have a Mate 9, stock ROM, just unlocked the bootloader so that I can root. After rooting, I found that most everyone is recommending Magisk, so that I can hide root some certain apps, and pass SafetyNet so that I can use apps like Pokemon Go and Android Pay. And... it's not going well.
I've done this 3 times, trying to install Magisk as the site recommends. I have yet to pass SafetyNet. All I really need is to be root, to pass SafetyNet, and be able to play Pokemon Go.
Any experiences in here that I can learn from? Thanks! :good:

Just a thought but have you installed Magisk Manager and used the hide function for both those apps?

Flash this in magisk manager - modules
https://drive.google.com/open?id=0B2D9GdWntw69NmdJVmhJaWNEOVU
Its needed for safetynet to pass on Huawei devices.
If that doesn't fix it, check that you have USB debugging on in Settings - Developer options.
And that your firmware isn't too new. After Huawei releases a new firmware it takes about 2 weeks for it to get certified by Google.
And make sure hide is working, it should be turned on by default but you need to hide apps in the manager. And check hide logs, if it's empty hide is not working.
If there is text make sure Hide is starting.

Related

Root for just change build prop nougat

Hi,
Hope you can help, if I root with super su for just change build pro settings, and then full unroot, will I keep the changes?? Or there is a another way to change build prop variable without root? I'm in G930F Nougat stock rom
Thanks
Yes the changes will remain if you unroot but why would you? You have already tripped KNOX etc by rooting in the first place, and your system status will remain 'Custom', so things like banking apps will likely still fail to work
No you can't change system files without root, build.prop is a system file
*Detection* said:
Yes the changes will remain if you unroot but why would you? You have already tripped KNOX etc by rooting in the first place, and your system status will remain 'Custom', so things like banking apps will likely still fail to work
No you can't change system files without root, build.prop is a system file
Click to expand...
Click to collapse
Thanks you so much for your answer, it's exactly because some video apps and banking as you said not work with root and they are essential for me. The problem is, I'm root since a long time, s health just work editing build prop, and since a few months ago, some apps like my bank, and video apps stop working because of root, and I need both things now, and I remember that before root(with already Knox tripped) they work fine.
speechgotham3 said:
Thanks you so much for your answer, it's exactly because some video apps and banking as you said not work with root and they are essential for me. The problem is, I'm root since a long time, s health just work editing build prop, and since a few months ago, some apps like my bank, and video apps stop working because of root, and I need both things now, and I remember that before root(with already Knox tripped) they work fine.
Click to expand...
Click to collapse
AFAIK, these apps just don't open anymore because of the SafetyNet profile missmatch you get when rooted (You can download an app like "SafetyNet Helper Sample" from Play Store to view your current SafetyNet status).
Apps like Snapchat, PokemonGO, my local banking app,.. use this technology, rather than the "custom" mark or the tripped knox.
So in my opinion you have three options now:
Use Magisk
When rooted with MagiskSU, your phone will still pass the SafetyNet Profile match, which will let you use your apps and root.
Root -> make your changes -> unroot
When you're completely unrooted you will once again pass the SafetyNet
(Probably doesn't work for you)Unroot -> Prepare Apps -> root again
Apps like Snapchat just check your SafetyNet status at login. That means when you're not rooted, you can log in to Snapchat, when you root afterwards (without a wipe of course) you're still logged in, even tho your phone wouldn't pass SafetyNet atm.
jaannnis said:
AFAIK, these apps just don't open anymore because of the SafetyNet profile missmatch you get when rooted (You can download an app like "SafetyNet Helper Sample" from Play Store to view your current SafetyNet status).
Apps like Snapchat, PokemonGO, my local banking app,.. use this technology, rather than the "custom" mark or the tripped knox.
So in my opinion you have three options now:
Use Magisk
When rooted with MagiskSU, your phone will still pass the SafetyNet Profile match, which will let you use your apps and root.
Root -> make your changes -> unroot
When you're completely unrooted you will once again pass the SafetyNet
(Probably doesn't work for you)Unroot -> Prepare Apps -> root again
Apps like Snapchat just check your SafetyNet status at login. That means when you're not rooted, you can log in to Snapchat, when you root afterwards (without a wipe of course) you're still logged in, even tho your phone wouldn't pass SafetyNet atm.
Click to expand...
Click to collapse
Thanks my friend I will try, because now I'm root with Magisk and with Magisk hide and does not work even with safety net pass
speechgotham3 said:
Thanks my friend I will try, because now I'm root with Magisk and with Magisk hide and does not work even with safety net pass
Click to expand...
Click to collapse
Which version of Magisk are you using?
What is the result of the SafetyNet Sample App?
jaannnis said:
Which version of Magisk are you using?
What is the result of the SafetyNet Sample App?
Click to expand...
Click to collapse
The latest one
Attach you an image
Thanks for your help
speechgotham3 said:
The latest one
Attach you an image
Thanks for your help
Click to expand...
Click to collapse
You could try installing the newest beta, which is 13.6, but I don't really believe this resolves your problem. You can get it from here: Magisk Beta Thread

[Tips] Google Pay on Rooted Android Phone

If you want to make your Google Pay work, make sure you followed those steps below
Use AOSP/LOS or OEM Based rom. MIUI 7 and 8 have problems with SafetyNet [Even if you have Magisk installed]
***MOST IMPORTANT***
[###ROOT###]
Check your Selinux Mode in the About Phone section in Settings.
Selinux is another Google Protection featured with Kitkat in 2014
If you have Permissive, change it to Enforcing using this app [Download Attached Files]
Reboot after applying Enforcing. Don't Delete Selinux Mode Changer, You will lose your Enforcing and will be switched back to Permissive
Use Magisk only - Don't use SuperSu, it doesn't have Hiding features and it is not supported anymore
If magisk triggers your SafetyNet (Main reason why Google pay stops working) install the SafetyPatch module or Magisk Hide Props or check your SafetyNet. That will fix your safety net.
Don't use XPOSED, it will trigger safety net even if magisk hide working. Xposed modify Boot.IMG, the reason for the safety net to trigger. If you cant live without Xposed, use EDXPOSED magisk module, install Riru core, riru edxposed and Xposed installer that will not trigger your safety net (Please note: Android 5.1 Android 6.0 get bootloop because of EdXposed, sorry guys no luck)
Don't Update you GOOGLE PAY - google updates security patch, magisk too Update your Google pay rarely
Always update your magisk and try to download magisk from Github.
Check your Safety net and make sure your Selinux is in Enforcing Mode
???
If that helped you, you are welcome
thanks for this solution.
Regards
Ginifa
dviree said:
???
Click to expand...
Click to collapse
Not sure what is so funny?....
Not able to install
amelbeabk said:
That Google Pay image says your phone is rooted, but it says that as an example as what could have tripped off Safety Net.
Safety Net failing doesn't mean you a rooted. Safety Net is designed to fail if you have an Unlocked bootloader.
Click to expand...
Click to collapse
It sucks, but for things like Google Pay, I'd strongly suggest that you just give up. Google is contractually obligated to play this game with you and try to prevent you from using it on a rooted "insecure" device so they can process card payments.
I have moto G5+ with unlocked bootloader and magisk. Google pay works fine and saftey net does not fail if bootloader is unlocked
I have a custom rom. Only way to get Magist working was to install EdXposed and hide module. SafetyNet Test also says safetynet passes but my gpay doesnt want to work. Assuming its seeing edxposed perhaps. Anything else i can do
dk0dave said:
I have moto G5+ with unlocked bootloader and magisk. Google pay works fine and saftey net does not fail if bootloader is unlocked
Click to expand...
Click to collapse
I also have moto G5+, But still not unlock boothloader. I need study more for unlocked it, however this comment is helpful to get a decision for me, Thanks.
Tutuapp Movie HD Cokernutx
Google Play warns me to uninstall SELinux Changer, then shuts my phone down. I tried uninstalling it then rebooting, but the phone is behaving extremely oddly and shutting down by itself.
Now I have to format it, just to be sure.
murick_show said:
If you want to make your Google Pay work, make sure you followed those steps below
Use AOSP/LOS or OEM Based rom. MIUI 7 and 8 have problems with SafetyNet [Even if you have Magisk installed]
***MOST IMPORTANT***
[###ROOT###]
Check your Selinux Mode in the About Phone section in Settings.
Selinux is another Google Protection featured with Kitkat in 2014
If you have Permissive, change it to Enforcing using this app [Download Attached Files]
Reboot after applying Enforcing. Don't Delete Selinux Mode Changer, You will lose your Enforcing and will be switched back to Permissive
Use Magisk only - Don't use SuperSu, it doesn't have Hiding features and it is not supported anymore
If magisk triggers your SafetyNet (Main reason why Google pay stops working) install the SafetyPatch module or Magisk Hide Props or check your SafetyNet. That will fix your safety net.
Don't use XPOSED, it will trigger safety net even if magisk hide working. Xposed modify Boot.IMG, the reason for the safety net to trigger. If you cant live without Xposed, use EDXPOSED magisk module, install Riru core, riru edxposed and Xposed installer that will not trigger your safety net (Please note: Android 5.1 Android 6.0 get bootloop because of EdXposed, sorry guys no luck)
Don't Update you GOOGLE PAY - google updates security patch, magisk too Update your Google pay rarely
Always update your magisk and try to download magisk from Github.
Check your Safety net and make sure your Selinux is in Enforcing Mode
Click to expand...
Click to collapse
Hello, hope you can help, installed Beyond ROM and Thunderstorm kernel. Google pay not working, SE for Android status shows 'enforcing' when the apk is installed the 'permissions' and ''enforcing' tabs are greyed out. Thank you

Can't use banking app after app installation anymore

Hi all,
Let's tell you my story,
OP6, unlocked, no TWRP, Magisk 20.3 (safetynet is OK) , I used to use my contactless payement app (French Banque populaire app called "Paiement mobile") thanks to Magisk hide, never had to pay more attention to hide root, no need to hide manager, always works with Magisk Hide only.
Updating from OOS 10.3.2 to 10.3.3 and Magisk 20.4.
Everything seems to me fine. I launch once the payement app, no warning.
Thinking about tweaking to make work VoLTE, I tried to find a way to easly save precious data (can't remember the name of the partition name), and finally found that Wanam created an app called "Partition backup and restore" which do that job.
I Installed it and accepted to grant root access.
And at this moment, I got a toast message from my bank app tells me it has detected a security problem.
Since the message, evreytime I open the bank app, it detected the root...
I tried to reinstall it, verify hiding, clear caches, uninstall the partition backup app, contact Wanam, he doesn't understand how his app can reveal the root to my bank app, hide Magisk manager, disable dev mode, oem debug, phone permission to Google Play Services and other, and maybe other things I don't remember... Read so many threads...
My other root-needed apps work.
Rootbear tells me all is OK except BUSYBOX BINARY (can't find something about it).
You're my last chance before getting stock with MSMTool (don't need root anymore).
Thanks in advance guys.
Edit : used Msmtool to go back to stock. No more problem.

Magisk Hide not working with banking apps

All,
I've been fighting with this for a while and I swear that I'm doing everything right (at least, I think I am).
Here's what I'm running:
1. euro build
2. magisk 23.0 (canary build)
I go through the setup, oem unlock and reboot again. I always run into a problem with magisk patched img and safety net failing.
The threads out there have gotten too thick and off-topic with folks asking for other stuff unrelated to the task at hand. I'm beyond confused with all the threads and need a clean and cohesive approach. Again, people, I need a better direction on this. No one-liners and smart ass answers.
Thank you to those that respond with a solid tutorial. Go layman if need be. =)
Magisk is dropping support for hiding root access from apps
Magisk, the popular Android rooting tool, will continue to be developed by topjohnwu, but without its root hiding feature called MagiskHide.
www.xda-developers.com
I recommend following this YouTube tutorial step by step. Also, The Magisk 23.0 build STILL has MagiskHide at the moment, so you may want to enable that.
TL;DR, you'll have to install Riru, LSposed, and XPrivacyLua and their respective magisk modules. While the video showed how to pass SafetyNet and get Google Play "Device is Certified", you can implement the same processes to ANY app having issues with root.
dude6595 said:
Magisk is dropping support for hiding root access from apps
Magisk, the popular Android rooting tool, will continue to be developed by topjohnwu, but without its root hiding feature called MagiskHide.
www.xda-developers.com
Click to expand...
Click to collapse
Once again: Everything that counts is money!
There will be other devs presenting solutions for root and hiding root so that we won't need Magisk any longer.
Until then I'll stay with 23.0

Question Company Portal (InTune) detects root - anyone else?

I have zero interest in rooting my phone, but because 5G/VoLTE/VoWiFi are not supported in my country (Slovakia) I had to root it. After successful root, passing SafetyNet and pretty much make everything to work as expected, my Company Portal is detecting root when running Teams and Outlook provisioned by my Company Portal despite having them in DenyList. Is there anyone who managed to pass this?
Thank you.
Happened to me as well. I used Shamiko magisk module and it's all good now.
@chaos193, did you use Riru along?
Or maybe even better question if you don't mind - what modules are you using to successfully pass SafetyNet and hide root?
Can you list them one by one, please?
Either use Shamiko or MagiskHidePropsConf to mask additional properties. I can confirm that InTune Company Portal works fine with SafetyNetFix + Shamiko
p4ra said:
@chaos193, did you use Riru along?
Or maybe even better question if you don't mind - what modules are you using to successfully pass SafetyNet and hide root?
Can you list them one by one, please?
Click to expand...
Click to collapse
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
chaos193 said:
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
Click to expand...
Click to collapse
Quick question @chaos193 - I haven't updated Shamiko to 0.6 as the update states that it requires Magisk 25205+. Reckon that would be magisk canary? Or as you using 0.6 with Magisk stable?
WhoIsJohnGalt1979 said:
Quick question @chaos193 - I haven't updated Shamiko to 0.6 as the update states that it requires Magisk 25205+. Reckon that would be magisk canary? Or as you using 0.6 with Magisk stable?
Click to expand...
Click to collapse
I used it with magisk stable 25.2. I think we are all using magisk stable to root our phone right?
I have tried your suggestions, but still does not seem to work. Adding screenshots.
Can you help me, please? What is wrong with my setup?
Following steps work 100% - I had the same issue.
1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app
I had issue with a specific banking app which detects root by most of the methods. I made it working by using shamiko + airfrozen which i was not really liking.
Now i wnded up with a forked project of magisk bu Husky called magisk delta which brought back magisk hide along with zygisk. With this i don't need shamiko, magiskpropshide, airfrozen or any modules for hiding the root from apps. Yes for safetynet you can use the modded veraion by D. Below is the link. If you are interested have a look at Magisk Delta by HuskyDG... I use the magisk delta canary builds...
I have made it work with first approach. I did a restart of the phone and it worked.
What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.
Is there any other module I am missing for this last piece of puzzle?
And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.
p4ra said:
I have made it work with first approach. I did a restart of the phone and it worked.
What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.
Is there any other module I am missing for this last piece of puzzle?
And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.
Click to expand...
Click to collapse
I'm not quite sure which VoLTE/VoWiFi/5G Magisk module you are referring to, but I believe enabling 5G requires modified mbn files specific to your country/region.
Regarding OTAs, there are two "How To" guides here with all the details you need.
Blaze1001 said:
Following steps work 100% - I had the same issue.
1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app
Click to expand...
Click to collapse
I have done exactly this but it still detects
Oneplus 7 pro
LineageOS 19.1 Nov 27th nightly build
This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)​b. Microsoft Authenticator (if you use it)​c. Microsoft Defender (if you use it)​5. Make sure you clear app data for the apps in the deny list after adding them to the deny list
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
craigacgomez said:
This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)​b. Microsoft Authenticator (if you use it)​c. Microsoft Defender (if you use it)​5. Make sure you clear app data for the apps in the deny list after adding them to the deny list
Click to expand...
Click to collapse
s3axel said:
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
Click to expand...
Click to collapse
Still doesn't work. Its weird because it worked for one night and the next morning it stopped.
UPDATE: its LSPosed I think. But this is the only way to force dark mode on some apps....
UPDATE 2: I disabled forced dark mode on all Microsoft apps in LSPosed plugin and its looking good so far...
UPDATE 3: Had a full day with not a single root detection notification. Looks solid!
s3axel said:
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
Click to expand...
Click to collapse
one of the worse parts of it, if not the worst, is that nobody knows what it detects and there's no guide that applies to each and every device,
I tried in 3 devices, the exact same steps and files, etc, it worked on the 1st one, but on the other two.. no!
For all those who still got issues as another idea: Does Google Wallet work ? Is the device play protect certified ?
I ask because to get Wallet to work (and presumably other apps that rely on Safetynet and/or Play Protect certification) the additional step after #5 in the list above is: clear data for Google Play Services and Google Play Store, then reboot (your device will ask for Google backup configuration again).....
I got the same issue with an App called "SwissID". It recognizes magisk for some reason. All other Apps work (like banking, google wallet etc.)
chaos193 said:
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
Click to expand...
Click to collapse
Its work to me!!! Thanks

Categories

Resources