SafetyNet Issues
If ctsProfile = false, basicIntegrity = true
Your ro.build.fingerprint is screwed up, or maybe it is not updated, you have to update it manually by navigating to /system/build.prop
or you can use MagiskHide Props Config module for better fix. Don't worry, this is very common issue who install custom roms.
Steps
1. Download and install MagsikHide Props Config via Magisk (download link below) then Reboot
2. Download any Android Terminal Emulator
3. Type "su" then "props" WITHOUT quotation marks
4. Type "1" for Edit device fingerprint
5. Type "f" for Pick a certified fingerprint
6. Find "Xiaomi"
7. Find "Xiaomi Pocophone F1"
-If you are on Android 9 choose it, if not then Android 10
8. Type "y" for yes
-Would you like to activate device simulation?
Type "n" for no
9. Then reboot by typing "y"
After all that, you can check the SafetyNet. If both passes, congrats!
Actually, you can install "SafetyPatch" module in Magisk IF you want quick fix but the only thing is that it uses someone's device fingerprint e.g. (ro.build.fingerprint=....Huawei/P20) and it changes the behavior of some apps (Google for example)
Some apps detects your phone as Huawei P20 but actually it is Pocophone F1.
If ctsProfile = true, basicIntegrity = false
This issue is rare. I don't think that someone will get this issue but if in case,
-Clear data on all Google apps (Google Play Store, Google Services, etc.) then Reboot then check SafetyNet
Xposed IssueMost phones will get error on both CTS Profile and basicIntegrity. This is common on users when they installed Xposed Canary on Android Q. Try uninstall or update Xposed and check Safetynet. Other system altering apps might be the cause of safetynet failing like Luckypatcher, Uret patcher, etc., try uninstalling them then check SafetyNet.
-Uninstall any other RootSU apps (SuperSU, KingoRoot, KingRoot, etc.) through their app or by using a flashable zip (unSU) then Install magisk via custom recovery.
If ctsProfile = false, basicIntegrity = false
Try doing both until you pass both ctsProfile and basicIntegrity.
If not, Check the documentation for more information (https://github.com/Magisk-Modules-R...EADME.md#i-cant-pass-the-basicintegrity-check)
Original Thread can be found here. https://forum.xda-developers.com/apps/magisk/module-magiskhide-props-config-t3789228
Thanks to @Didgeridoohan
How about asus zenfone max pro m1 with custom rom AEX ?
Type "18" also ?
Ryngga said:
How about asus zenfone max pro m1 with custom rom AEX ?
Type "18" also ?
Click to expand...
Click to collapse
If you are using Asus Zenfone Max Pro M1, then find the Asus brand in one of the selections and then select the specific device you have, do not use Xiaomi. It might conflict with the ctsProfile and gets you false.
is poco f2 listed in there? I am having ctsProfile = false, basicIntegrity = true issue. I tried your method but when i hit su props and enter, no further menu came out....
Thread Updated:
Added Xposed issue and fix.
spicediablo said:
is poco f2 listed in there? I am having ctsProfile = false, basicIntegrity = true issue. I tried your method but when i hit su props and enter, no further menu came out....
Click to expand...
Click to collapse
Did you installed MagiskHideProps in the module menu?
Darklouis said:
Did you installed MagiskHideProps in the module menu?
Click to expand...
Click to collapse
Yes, i installed the latest version and managed to get the response. However, checking still failed after updating fingerprint... [emoji28]
Sent from sagit
spicediablo said:
Yes, i installed the latest version and managed to get the response. However, checking still failed after updating fingerprint... [emoji28]
Sent from sagit
Click to expand...
Click to collapse
It seems that there is no PocoF2 on the listed certified list of device fingerprints. You have to undo the changes and manually change the device fingerprint in the build.props
If you have a stock rom lying around, find the build.props, open it using any text editor, then copy the device fingerprint then paste on the current build.props
(ro.build.fingerprint="device fingerprint")
With the latest module 5.2.6, poco f2 pro is available but the build version is different. according to the author, it should not be an issue...
Darklouis said:
It seems that there is no PocoF2 on the listed certified list of device fingerprints. You have to undo the changes and manually change the device fingerprint in the build.props
If you have a stock rom lying around, find the build.props, open it using any text editor, then copy the device fingerprint then paste on the current build.props
(ro.build.fingerprint="device fingerprint")
Click to expand...
Click to collapse
spicediablo said:
With the latest module 5.2.6, poco f2 pro is available but the build version is different. according to the author, it should not be an issue...
Click to expand...
Click to collapse
Idk how or where is the listed fingerprint in the module, you could try manually change this, I found your fingerprint on Github, Poco F2 codename LMI right?
ro.system.build.fingerprint=qti/qssi/qssi:10/QKQ1.191117.002/20.5.22:user/release-keys
I have taken logs for the author to check. Let's see what is the issue before we try this.
Darklouis said:
Idk how or where is the listed fingerprint in the module, you could try manually change this, I found your fingerprint on Github, Poco F2 codename LMI right?
ro.system.build.fingerprint=qti/qssi/qssi:10/QKQ1.191117.002/20.5.22:user/release-keys
Click to expand...
Click to collapse
Sent from sagit
spicediablo said:
I have taken logs for the author to check. Let's see what is the issue before we try this.
Sent from sagit
Click to expand...
Click to collapse
Keep him posted.
sorry for the question but why do i need the safetynet?
Any idea why and what should I do, if I follow the instructions, find and choose my device (Xiaomi Note 10) and still have the cts test failed with basicintegrity true?
I've got a Poco f1, I am running on miui 11.0.9.0, Android 10, I have installed Magisk and made all the steps (the device simulation didn't appear), however, I still get ctsProfile match fail. What should I do?
solution?
JPMuller said:
I've got a Poco f1, I am running on miui 11.0.9.0, Android 10, I have installed Magisk and made all the steps (the device simulation didn't appear), however, I still get ctsProfile match fail. What should I do?
Click to expand...
Click to collapse
have you got the solution for safety net if using edxposed for android 10 miui11
rehfore said:
sorry for the question but why do i need the safetynet?
Click to expand...
Click to collapse
Lot of banking apps and payment apps (like Gpay) won't work if safety net fails.
I have a question: my device is Poco f1 and it has VoLTE enabled (in menu). My carrier also support VoLTE, but only on few models, and mine is not on the list, and cannot be activated - there is no volte icon on coverage bar. So, if I use your guide, can I change my device fingerprint (e.g. to be visible like Huawei P20 for exampe), and to be able to force the carrier to activate it? I would like to note that, here, where I'm living, there is a lot of Poco phones, which was activated on same carrier, but through different procedure, which is no longer available.
Related
Hello Guys, after I flashed the 20.7.9 EU Beta. I got Safety Net Failed. Is there any way to fix this issue? Thanks.
FYI. My phone is not rooted yet.
Now I already root my phone. And I got this
I wonder if this is related to hardware attestation?
https://www.xda-developers.com/safetynet-hardware-attestation-hide-root-magisk/
edward014 said:
Now I already root my phone. And I got this
Click to expand...
Click to collapse
Apparently, you forgot to hide your magisk with magiskhide in the option. That results in your basic integrity failed.
And for the ctsprofile part, since your evalType showed basic, you may give "Magiskhide props config" a try.
Or, you may just try eu dev 20.7.3, Several reported it passes safetynet check.
Hi all, I passed now the SafetyNet. I just use the MAGISK STABLE and use the command for Magisk Hide Props Config module.
Which commands you used and how exactly did you executed them?
Snah001 said:
Which commands you used and how exactly did you executed them?
Click to expand...
Click to collapse
Use termux and type su -c props and follow or choose the steps that will appear.
I understand but what choice you made in the props?
Snah001 said:
I understand but what choice you made in the props?
Click to expand...
Click to collapse
-Su -c props
-1
-F (Pick certified fingerprint)
-6
-21
-2
-Yes
-Yes
Snah001 said:
I understand but what choice you made in the props?
Click to expand...
Click to collapse
Btw.
Device: Poco F2 Pro
Rooted Magisk Stable 20.4
ROM: Latest beta EU 7.9
Unfortunately doesn't work.
I am on rooted EEA btw.
Tried several fp's but no luck.
The hardware attestation is messing with us.
Snah001 said:
Unfortunately doesn't work.
I am on rooted EEA btw.
Tried several fp's but no luck.
The hardware attestation is messing with us.
Click to expand...
Click to collapse
Give eu a try, they did some effort on the hw attestation or you may try alter some props to fake your phone to another model to get evalType basic.
Simply changing fp is not gonna help on this hw attestation thing.
edward014 said:
-Su -c props
-1
-F (Pick certified fingerprint)
-6
-21
-2
-Yes
-Yes
Click to expand...
Click to collapse
So you use poco X2 fingerprint?
valkyrjur said:
So you use poco X2 fingerprint?
Click to expand...
Click to collapse
I used google. Not Poco X2 or Poco f2 Pro. Dont use also magisk canary. Use stable one
Used Google XL3 and 4 and both did not work.
Also I tried to find in a logcat (after performing the safetynet check) if it states that attestation is hardware backed but couldn't find it in the logcat.
Edit: got Safetynet check to work.
In Playstore it still says "not certified" but safetynet check is now both ok.
Force closed manually Playstore app and it shows now "certified".
Used: https://forum.xda-developers.com/showpost.php?p=83028387&postcount=40658
Snah001 said:
Used Google XL3 and 4 and both did not work.
Also I tried to find in a logcat (after performing the safetynet check) if it states that attestation is hardware backed but couldn't find it in the logcat.
Edit: got Safetynet check to work.
In Playstore it still says "not certified" but safetynet check is now both ok.
Used: https://forum.xda-developers.com/showpost.php?p=83028387&postcount=40658
Click to expand...
Click to collapse
Try force closing, clearing data and cache for the playstore app then restart the app and check again.
pedro1977 said:
Try force closing, clearing data and cache for the playstore app then restart the app and check again.
Click to expand...
Click to collapse
Did you read my edit to my post?
Deleted all app data also as the dev of the zip file recommended.
Snah001 said:
Did you read my edit to my post?
Deleted all app data also as the dev of the zip file recommended.
Click to expand...
Click to collapse
I saw your modules provided about hardware. But I'm not using that one.
Just try Busy Box only and Magisk Hide Props Config Modules and try also to Hide Your magisk manager and Hide your Banking apps as well.
PS: Ignore this reply if you're successfully and no issue with your safetynet check now. Thank you!
As posted I used the zip to change the model name and it works perfect and it shows certified.
Snah001 said:
As posted I used the zip to change the model name and it works perfect and it shows certified.
View attachment 5059129View attachment 5059131
Click to expand...
Click to collapse
Using that module, Both CTS profile and Basicintegrity will True or verified? Also in Playstore? Right? Btw, thanks to this info bro!
I've followed the steps here https://forum.xda-developers.com/pixel-5/how-to/tutorial-unlock-bootloader-root-valid-t4178673
I'm still unable to pass CTS though. Any other recommendations? I've factory reset and re-did the steps above without success.
Eval type shows hardware.. my pixel 4 shows basic.
tlxxxsracer said:
I've followed the steps here https://forum.xda-developers.com/pixel-5/how-to/tutorial-unlock-bootloader-root-valid-t4178673
I'm still unable to pass CTS though. Any other recommendations? I've factory reset and re-did the steps above without success.
Eval type shows hardware.. my pixel 4 shows basic.
Click to expand...
Click to collapse
Easy to pass safety net
tlxxxsracer said:
I've followed the steps here https://forum.xda-developers.com/pixel-5/how-to/tutorial-unlock-bootloader-root-valid-t4178673
I'm still unable to pass CTS though. Any other recommendations? I've factory reset and re-did the steps above without success.
Eval type shows hardware.. my pixel 4 shows basic.
Click to expand...
Click to collapse
When you did it did your phone say it was Pixel 3a ?
jaythenut said:
When you did it did your phone say it was Pixel 3a ?
Click to expand...
Click to collapse
No. I changed it pixel 5. I caught that in the guide and surprised it's not corrected
tlxxxsracer said:
No. I changed it pixel 5. I caught that in the guide and surprised it's not corrected
Click to expand...
Click to collapse
The guide says 3a because that's what you need your phone's fingerprint to be to pass safetynet. It's not a guide error.
Pixel 5 safetynet uses hardware attestation which is why your eval type says "hardware". Basically, that means it does a "deep scan" of your phone, while Pixel 3a and under only does a "surface scan".
Currently, there's no way to fool the "deep scan" so you have to change your device fingerprint to Pixel 3a, so that safetynet test only does a "surface scan" which is easy to fool.
swangjang said:
The guide says 3a because that's what you need your phone's fingerprint to be to pass safetynet. It's not a guide error.
Pixel 5 safetynet uses hardware attestation which is why your eval type says "hardware". Basically, that means it does a "deep scan" of your phone, while Pixel 3a and under only does a "surface scan".
Currently, there's no way to fool the "deep scan" so you have to change your device fingerprint to Pixel 3a, so that safetynet test only does a "surface scan" which is easy to fool.
Click to expand...
Click to collapse
Thanks for this explanation. I thought it was just an error and having to use pixel 5. I got it to work now
swangjang said:
The guide says 3a because that's what you need your phone's fingerprint to be to pass safetynet. It's not a guide error.
Pixel 5 safetynet uses hardware attestation which is why your eval type says "hardware". Basically, that means it does a "deep scan" of your phone, while Pixel 3a and under only does a "surface scan".
Currently, there's no way to fool the "deep scan" so you have to change your device fingerprint to Pixel 3a, so that safetynet test only does a "surface scan" which is easy to fool.
Click to expand...
Click to collapse
do you know of any disadvantages of having the "fingerprint" of the phone as a pixel 3a? Like will this affect something else?
KHANrad_SIN said:
do you know of any disadvantages of having the "fingerprint" of the phone as a pixel 3a? Like will this affect something else?
Click to expand...
Click to collapse
I think it will cause issues with OTA updates but you can do that manually anyway. I have no idea what else it will break. I'm still waiting on my order so I don't actually have the phone yet, sadly.
I have rooted the phone for 2 months and was able to pass safetynet using this method, but today I got the message that I can't use contactless payment, and then when I check safetynet in magisk manager, it failed (only cts profile failed, basic integrity passed and evaltype is basic). I double checked by running props again and found that the device is still simulating 3a. Anyone having the same problem as me?
cescman said:
I have rooted the phone for 2 months and was able to pass safetynet using this method, but today I got the message that I can't use contactless payment, and then when I check safetynet in magisk manager, it failed (only cts profile failed, basic integrity passed and evaltype is basic). I double checked by running props again and found that the device is still stimulating 3a. Anyone having the same problem as me?
Click to expand...
Click to collapse
yes same problem here!
cescman said:
I have rooted the phone for 2 months and was able to pass safetynet using this method, but today I got the message that I can't use contactless payment, and then when I check safetynet in magisk manager, it failed (only cts profile failed, basic integrity passed and evaltype is basic). I double checked by running props again and found that the device is still stimulating 3a. Anyone having the same problem as me?
Click to expand...
Click to collapse
Same here I was using Pixel 5 disguised as 4a 5g
Oh **** I just checked and I'm getting the same error. Basicintegrity passes but cts profile fails. Eval type basic. Why the f is google so against rooting? Imagine Microsoft not allowing admin privillages and shutting you down because you edited the registry files...
cescman said:
I have rooted the phone for 2 months and was able to pass safetynet using this method, but today I got the message that I can't use contactless payment, and then when I check safetynet in magisk manager, it failed (only cts profile failed, basic integrity passed and evaltype is basic). I double checked by running props again and found that the device is still stimulating 3a. Anyone having the same problem as me?
Click to expand...
Click to collapse
Same here
Same issue here ctsProfile is failing
swangjang said:
Oh **** I just checked and I'm getting the same error. Basicintegrity passes but cts profile fails. Eval type basic. Why the f is google so against rooting? Imagine Microsoft not allowing admin privillages and shutting you down because you edited the registry files...
Click to expand...
Click to collapse
thehairyviking69 said:
Same here
Click to expand...
Click to collapse
sam.bagga said:
Same issue here ctsProfile is failing
Click to expand...
Click to collapse
Did you guys try this module for Magisk?
piponomarev said:
Did you guys try this module for Magisk?
Click to expand...
Click to collapse
Tried installing this module via magisk, doesn't seem to do anything though
cescman said:
Tried installing this module via magisk, doesn't seem to do anything though
Click to expand...
Click to collapse
Video screen devices? Get the root again and install the module, if the problems persist, write to the developer
Same for me - can't pass CtsProfile anymore. I noticed it today through the GPay notification, which says my phone doesn't meet device standards for contactless payments.
Has anyone tried the magisk module? What does it do?
Same problem. Pixel 3 running stock rooted. Last time this happened (a few months ago), the Build.Props module fixed it. Now, not so much. Still using basic eval; cts profile fail. Have we finally been locked us out of GPay???
I just found a fix. Download and flash following magisk module. Keep in mind that you need to unzip and rezip the raw files again, as otherwise the files will be inside a folder inside the zip.
GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
You can read more about the recent safetyNet change here.
//EDIT: You can directly download the flashable zip without having to rezip the raw files here.
Michael1200 said:
I just found a fix. Download and flash following magisk module. Keep in mind that you need to unzip and rezip the raw files again, as otherwise the files will be inside a folder inside the zip.
GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
You can read more about the recent safetyNet change here.
Click to expand...
Click to collapse
I'm running 10... will it still work? Nevermind. just went to site and found out, no.
Hey, my Banking apps arent working. Im rooted on One Plus 7 Android 10.0.10 with Magisk 21.1.
I hide Magisk in its Settings and Restarted but didnt worked for me. Please help!
Banking App: VR-SecureGo
Silazius said:
Hey, my Banking apps arent working. Im rooted on One Plus 7 Android 10.0.10 with Magisk 21.1.
I hide Magisk in its Settings and Restarted but didnt worked for me. Please help!
Banking App: VR-SecureGo
Click to expand...
Click to collapse
Settings/Hide magisk manager and reboot, then tap shield icon the bottom, and tap Magisk hide and check then bank app.
Shyciii said:
Settings/Hide magisk manager and reboot, then tap shield icon the bottom, and tap Magisk hide and check then bank app.
Click to expand...
Click to collapse
Did not Worked...
Is there any other option?
Silazius said:
Did not Worked...
Is there any other option?
Click to expand...
Click to collapse
In order for certain apps to work your device will need to pass safetynet check some apps include banking, entertainment and even a few games. You can check this from within Magisk Manger itself. Some custom roms do not support safetynet and therefore it will not pass while on those roms. However, most do such as LineageOS among others. If you need to pass safetynet then making sure software and vendor is updated is your first step, I don't know all the steps as I am unfamiliar with the process but this applies for any device with Magisk not just the OnePlus 7
Silazius said:
Did not Worked...
Is there any other option?
Click to expand...
Click to collapse
Mr.Conkel said:
In order for certain apps to work your device will need to pass safetynet check some apps include banking, entertainment and even a few games. You can check this from within Magisk Manger itself. Some custom roms do not support safetynet and therefore it will not pass while on those roms. However, most do such as LineageOS among others. If you need to pass safetynet then making sure software and vendor is updated is your first step, I don't know all the steps as I am unfamiliar with the process but this applies for any device with Magisk not just the OnePlus 7
Click to expand...
Click to collapse
Saftynet is okei... So what should i do now?
Considering your passing it, you may want to contact the devs of your rom on this one. Not sure why it wouldn't work even with a successful check but that is your best bet assuming your not on stock that is.
I have Oneplus 8 pro . and i have same problem,
the bank app updated their safety and the old way don't work.
also i pass saftynet.
Silazius said:
Did not Worked...
Is there any other option?
Click to expand...
Click to collapse
XPrivacyLua together Magisk Hide is enough.
Try using my app VD INFOS, you can see every detectable thing. (Root/Magisk/Xposed/Riru/and others.)
And then you can fix what needs to be fixed.
[APP][v1.10] VD Infos (Package: com.vitaodoidao.vdinfos)
(Para quem fala PORTUGUÊS, o próximo post está totalmente traduzido !) VD Infos v1.10 As we all know, Android is a super powerful and super versatile operating system. What nobody tells you is that all your personal details and confidential...
forum.xda-developers.com
I'm facing exactly the same issue, my bank's app checks if OEM unlock is active and if so, it fails to start. This thing cannot be hid by Magisk.
Deus. said:
I'm facing exactly the same issue, my bank's app checks if OEM unlock is active and if so, it fails to start. This thing cannot be hid by Magisk.
Click to expand...
Click to collapse
You can hide it easily.
Just unlock bootloader first and then, erase nvdata.
Nvdata contains developer settings, like "oem unlock".
But, if you aready have an unlocked bootloader, the settings "oem unlock" doesn't change nothing.
Hello Everyone,
I recently installed LineageOS 18.1 (build: lineage_kebab-userdebug 11). I have retrieved my Android ID using the ADB commands found here: Device Registration and registered my Android ID a few days ago but Google Play Store still shows: "Device is not certified" under Settings --> About --> Play Protect certification. Is there something I'm doing wrong or something else I need to do in order to get my device certified with Google Play Store?
use magisk hide props config I use the pixel 5 fingerprint and add new props
ro.product.model Pixel 5
ro.product.manufacturer Google
option 5 add those 2 after you change fingerprint you will pass and get stadia discounts just can't run edxposed I do but a few changes in that you fail hope that helps
ecompton59 said:
use magisk hide props config I use the pixel 5 fingerprint and add new props
ro.product.model Pixel 5
ro.product.manufacturer Google
option 5 add those 2 after you change fingerprint you will pass and get stadia discounts just can't run edxposed I do but a few changes in that you fail hope that helps
Click to expand...
Click to collapse
Thank you for the info. So you are saying in order to get my device "certified" with Google Play Store I need to root my device, add new props and change my fingerprint (I assume you mean Android ID)? I'm not sure what you mean by: "stadia discounts" or "edxposed". Also, I do not see where I need to root my device in the LineageOS documentation or the Google documentation so I'm still unclear why this must be done. Does Google block LineageOS devices from getting "certified" or something?
long as you used dual sim oos file to unlock your phone it won't unless you do something like that and Google thinks I have pixel 5 see pics I pass
alteredstate82 said:
Thank you for the info. So you are saying in order to get my device "certified" with Google Play Store I need to root my device, add new props and change my fingerprint (I assume you mean Android ID)? I'm not sure what you mean by: "stadia discounts" or "edxposed". Also, I do not see where I need to root my device in the LineageOS documentation or the Google documentation so I'm still unclear why this must be done. Does Google block LineageOS devices from getting "certified" or something?
Click to expand...
Click to collapse
Unlocking a bootloader breaks SafetyNet passes. This results in the play store as not being certified which usually hides specific apps such as Netflix and some other banking apps and will break them. Magisk is needed to help with spoofing your device to let the play store know your device is certified. Some ROMs have built in patches in which SafetyNet passes fine without root. I believe lineage does not do this with their ROM, so you will need magisk.
This is actually a decent article which describes this if you desire to read it - https://www.hexnode.com/blogs/safetynet-android-security/
azoller1 said:
Unlocking a bootloader breaks SafetyNet passes. This results in the play store as not being certified which usually hides specific apps such as Netflix and some other banking apps and will break them. Magisk is needed to help with spoofing your device to let the play store know your device is certified. Some ROMs have built in patches in which SafetyNet passes fine without root. I believe lineage does not do this with their ROM, so you will need magisk.
This is actually a decent article which describes this if you desire to read it - https://www.hexnode.com/blogs/safetynet-android-security/
Click to expand...
Click to collapse
Okay that makes sense. According to the: Patching Images section of the How to Install Magisk App guide I can install Magisk to the boot ramdisk (see screenshot). However, the LineageOS build I installed does not contain a "boot.img" in the zip file. There is however a "payload.bin" file which according to the: XDA Magisk Installation Guide I need to use "payload-dumper-go" to extract the boot.img from the payload.bin? Does that about sum it up or is there something else I'm missing?
alteredstate82 said:
Okay that makes sense. According to the: Patching Images section of the How to Install Magisk App guide I can install Magisk to the boot ramdisk (see screenshot). However, the LineageOS build I installed does not contain a "boot.img" in the zip file. There is however a "payload.bin" file which according to the: XDA Magisk Installation Guide I need to use "payload-dumper-go" to extract the boot.img from the payload.bin? Does that about sum it up or is there something else I'm missing?
Click to expand...
Click to collapse
Yep. You will need to extract the payload.bin file in which you will use the boot.img, then patch it with magisk, then flash the patched boot.img using fastboot. Then, you will need to use magiskhide to hide magisk itself and use the props spoof module to help with passing safetynet.
I want to say thank you for the help! I successfully installed Magisk and passed the SafetyNet checks! Everything seems to be working good. However, it seems my efforts might be wasted as Magisk is dropping support for hiding root access. This is unfortunate as I have a few job critical apps that will not work unless I hide them from root access in Magisk. Hopefully someone else will pick up the torch and continue development. It's a crime these big tech companies work so hard to prevent us from modifying hardware we own!
Hi, I flashed LineageOS 18.1 to my OnlePlus 8T (KB2003). The device is not rooted.
Since that, he device is no longer Play Protect certified and I am not able to install Netflix or use PayPal anymore.
Therefore I installed Magisk and MagiskHidePropsConf-v6.1.2 and followed the instructions above to change the fingerprint and hopefully hide, that the bootloader is unocked. But the device is still not certified (PayStore App > Settings > Info)
What have I done:
- extracted boot.img from LineageOS payload.bin
- boot.img was patched and fastboot flashed to my device (Patching_Images)
- 2 props added: ro.product.model: "Pixel 5", ro.product.manufacturer: "Google"
Did I forgot something?
But in general, why is it needed to change the fingerprint to Pixel 5? Should not work the default fingerprint of my OnePlus 8T as well?
BR Greg
gregattack said:
Hi, I flashed LineageOS 18.1 to my OnlePlus 8T (KB2003). The device is not rooted.
Since that, he device is no longer Play Protect certified and I am not able to install Netflix or use PayPal anymore.
Therefore I installed Magisk and MagiskHidePropsConf-v6.1.2 and followed the instructions above to change the fingerprint and hopefully hide, that the bootloader is unocked. But the device is still not certified (PayStore App > Settings > Info)
What have I done:
- extracted boot.img from LineageOS payload.bin
- boot.img was patched and fastboot flashed to my device (Patching_Images)
- 2 props added: ro.product.model: "Pixel 5", ro.product.manufacturer: "Google"
Did I forgot something?
But in general, why is it needed to change the fingerprint to Pixel 5? Should not work the default fingerprint of my OnePlus 8T as well?
BR Greg
Click to expand...
Click to collapse
All I needed to do to get Play Protect certified was to change my fingerprint to the OP8T KB2003 fingerprint included in MagiskHide Props Config. No other model spoofing needed.
I am still stuck on Widevine L3, however. Still haven't figured that one out, and may be unrelated.
Did you install and use the Universal SafetyNet Fix module?
If I set the kb2003 OP 8T (EU) fingerprint, it seemed not to work. But I will try again.
Do I need to clear some caches eg: play store, after changing the fingerprint or something else?
cpkelley94 said:
All I needed to do to get Play Protect certified was to change my fingerprint to the OP8T KB2003 fingerprint included in MagiskHide Props Config. No other model spoofing needed.
I am still stuck on Widevine L3, however. Still haven't figured that one out, and may be unrelated.
Click to expand...
Click to collapse
finally I installed Universal SafetyNet Fix and switched to the kb2003 fingerprint and reset all other modification like custom props for the pixel phone. Now it's working. No idea why it fails in previous approach
Strange, on my device. Not on lineage though - I pass safetynet without help from any modules. No props or even USF module. Rooted and bootloader unlocked.
Op8t 5g tmobile.
ykjae said:
Strange, on my device. Not on lineage though - I pass safetynet without help from any modules. No props or even USF module. Rooted and bootloader unlocked.
Op8t 5g tmobile.
Click to expand...
Click to collapse
which image are you using?
I read, that some images like https://evolution-x.org/ pass safetynet out of the box but I did'nt test this.
Finally the unlocked bootloader is the problem.
I want to install custom ROM but I only have one phone right now, I use this X3 Pro for several apps(mostly banking, internet food services, delivery services) that requires SafetyNet.
Read the ROM description and look for safety net, if it's not written then just ask if it supports it. If you've still got no luck, backup your stock system (full twrp backup) and then flash the ROM and test if it supports safety net
ArrowOS 11/12, Pixel Experience.. these im sure of.
CrDroid
PhotonIce said:
Read the ROM description and look for safety net, if it's not written then just ask if it supports it. If you've still got no luck, backup your stock system (full twrp backup) and then flash the ROM and test if it supports safety net
Click to expand...
Click to collapse
yeah... so many questions can be avoid by just reading threads or google it...
Almost all ROMs except for LineageOS.
You can pass SafetyNet with LineageOS.
Just install Magisk, enable MagiskHide, and properly setup "MagiskHide Props Config" module.
komodo os
plskillme said:
I want to install custom ROM but I only have one phone right now, I use this X3 Pro for several apps(mostly banking, internet food services, delivery services) that requires SafetyNet.
Click to expand...
Click to collapse
All of the rom I tried are passing. If it doesn't just install MagiskHide Props Config. Steps are here. If you are using magisk v23 then enable magisk hide. If you using magiskv24 then enable zygisk, enforce list and choose google play service in the deny list then tick com.android.gms and com.android.gms.unstable. If you can't find it then tick show os app in the menu then reboot. It should pass.
tazaga said:
komodo os
Click to expand...
Click to collapse
this thing doesn't exist
gringo80 said:
this thing doesn't exist
Click to expand...
Click to collapse
There is this ROM but just didn't post on xda. Idk why dev don't post it but you can search on Google and go to their source forge folder. You can download there.
Alec Chan said:
There is this ROM but just didn't post on xda. Idk why dev don't post it but you can search on Google and go to their source forge folder. You can download there.
Click to expand...
Click to collapse
rom post in xda need to provide their kernel source code which is something for whatever reason some people find it uncomfortable to do so
zinconnu said:
You can pass SafetyNet with LineageOS.
Just install Magisk, enable MagiskHide, and properly setup "MagiskHide Props Config" module.
Click to expand...
Click to collapse
Actually, some LOS contributors put together a safetynet fix without the need of magisk, obviously not an official thingy.
GitHub - luk1337/ih8sn
Contribute to luk1337/ih8sn development by creating an account on GitHub.
github.com
SafetyNet seems to pass out of the box with most of the ROM's now, unless you flash Magisk.
But the latest version (Magisk 24.1) with zygisk, has a module available called Universal SafetyNet Fixer (by kdrag0n) which seems to fix both CTS Profile and Basic integrity.