OOS 10.0.1 + Magisk + EdXposed = SafetyNet fails both - OnePlus 7 Pro Questions & Answers

OOS 10.0.1
Magisk v20.1
EdXposed v0.4.5.5
SafetyNet first works and after some time it fails both ctsProfile and basicIntegrity
I also tried Magisk Hide Props Config

Same problem on my 6t. Still trying to find a solution. I fear that Gravitybox may be the culprit. Do you have it installed?

https://github.com/ElderDrivers/EdXposed/issues/386
Edxposed no longer passes Safety Net by default. You need to blacklist Google Play Store, Google Play Services and Google Framework as per this site.

Soumy1234 said:
https://github.com/ElderDrivers/EdXposed/issues/386
Edxposed no longer passes Safety Net by default. You need to blacklist Google Play Store, Google Play Services and Google Framework as per this site.
Click to expand...
Click to collapse
In addition try the hidden core module, works great for me.... No more safetynet issues...

kpmohamedhussain said:
In addition try the hidden core module, works great for me.... No more safetynet issues...
Click to expand...
Click to collapse
Thank you for recommending the Hidden Core Module! It works great on my OnePlus 7 Pro. After installing the module and blacklisting the Google Play Store, Google Play Services and Google Framework in EdXposed I was able to pass SafteyNet without a problem. One app (Mario Kart Tour) was still detecting root. I was able to get it working by clearing the cache and storage from the Play Store and Play Services and rebooting.

Be careful for those Edxposed modules which are not fully compatible to android 10.
Kris
Hirs_E_Fruit said:
OOS 10.0.1
Magisk v20.1
EdXposed v0.4.5.5
SafetyNet first works and after some time it fails both ctsProfile and basicIntegrity
I also tried Magisk Hide Props Config
Click to expand...
Click to collapse

I follow steps as link below and it works ! I can use Magisk + Edxposed and safetynet won't be crashed.(It would fail at every rebooting. Waiting for a while and it will pass safetynet check )
https://forum.xda-developers.com/pixel-4-xl/how-to/xposed-discussion-thread-t3992607

Related

[Tips] Google Pay on Rooted Android Phone

If you want to make your Google Pay work, make sure you followed those steps below
Use AOSP/LOS or OEM Based rom. MIUI 7 and 8 have problems with SafetyNet [Even if you have Magisk installed]
***MOST IMPORTANT***
[###ROOT###]
Check your Selinux Mode in the About Phone section in Settings.
Selinux is another Google Protection featured with Kitkat in 2014
If you have Permissive, change it to Enforcing using this app [Download Attached Files]
Reboot after applying Enforcing. Don't Delete Selinux Mode Changer, You will lose your Enforcing and will be switched back to Permissive
Use Magisk only - Don't use SuperSu, it doesn't have Hiding features and it is not supported anymore
If magisk triggers your SafetyNet (Main reason why Google pay stops working) install the SafetyPatch module or Magisk Hide Props or check your SafetyNet. That will fix your safety net.
Don't use XPOSED, it will trigger safety net even if magisk hide working. Xposed modify Boot.IMG, the reason for the safety net to trigger. If you cant live without Xposed, use EDXPOSED magisk module, install Riru core, riru edxposed and Xposed installer that will not trigger your safety net (Please note: Android 5.1 Android 6.0 get bootloop because of EdXposed, sorry guys no luck)
Don't Update you GOOGLE PAY - google updates security patch, magisk too Update your Google pay rarely
Always update your magisk and try to download magisk from Github.
Check your Safety net and make sure your Selinux is in Enforcing Mode
???
If that helped you, you are welcome
thanks for this solution.
Regards
Ginifa
dviree said:
???
Click to expand...
Click to collapse
Not sure what is so funny?....
Not able to install
amelbeabk said:
That Google Pay image says your phone is rooted, but it says that as an example as what could have tripped off Safety Net.
Safety Net failing doesn't mean you a rooted. Safety Net is designed to fail if you have an Unlocked bootloader.
Click to expand...
Click to collapse
It sucks, but for things like Google Pay, I'd strongly suggest that you just give up. Google is contractually obligated to play this game with you and try to prevent you from using it on a rooted "insecure" device so they can process card payments.
I have moto G5+ with unlocked bootloader and magisk. Google pay works fine and saftey net does not fail if bootloader is unlocked
I have a custom rom. Only way to get Magist working was to install EdXposed and hide module. SafetyNet Test also says safetynet passes but my gpay doesnt want to work. Assuming its seeing edxposed perhaps. Anything else i can do
dk0dave said:
I have moto G5+ with unlocked bootloader and magisk. Google pay works fine and saftey net does not fail if bootloader is unlocked
Click to expand...
Click to collapse
I also have moto G5+, But still not unlock boothloader. I need study more for unlocked it, however this comment is helpful to get a decision for me, Thanks.
Tutuapp Movie HD Cokernutx
Google Play warns me to uninstall SELinux Changer, then shuts my phone down. I tried uninstalling it then rebooting, but the phone is behaving extremely oddly and shutting down by itself.
Now I have to format it, just to be sure.
murick_show said:
If you want to make your Google Pay work, make sure you followed those steps below
Use AOSP/LOS or OEM Based rom. MIUI 7 and 8 have problems with SafetyNet [Even if you have Magisk installed]
***MOST IMPORTANT***
[###ROOT###]
Check your Selinux Mode in the About Phone section in Settings.
Selinux is another Google Protection featured with Kitkat in 2014
If you have Permissive, change it to Enforcing using this app [Download Attached Files]
Reboot after applying Enforcing. Don't Delete Selinux Mode Changer, You will lose your Enforcing and will be switched back to Permissive
Use Magisk only - Don't use SuperSu, it doesn't have Hiding features and it is not supported anymore
If magisk triggers your SafetyNet (Main reason why Google pay stops working) install the SafetyPatch module or Magisk Hide Props or check your SafetyNet. That will fix your safety net.
Don't use XPOSED, it will trigger safety net even if magisk hide working. Xposed modify Boot.IMG, the reason for the safety net to trigger. If you cant live without Xposed, use EDXPOSED magisk module, install Riru core, riru edxposed and Xposed installer that will not trigger your safety net (Please note: Android 5.1 Android 6.0 get bootloop because of EdXposed, sorry guys no luck)
Don't Update you GOOGLE PAY - google updates security patch, magisk too Update your Google pay rarely
Always update your magisk and try to download magisk from Github.
Check your Safety net and make sure your Selinux is in Enforcing Mode
Click to expand...
Click to collapse
Hello, hope you can help, installed Beyond ROM and Thunderstorm kernel. Google pay not working, SE for Android status shows 'enforcing' when the apk is installed the 'permissions' and ''enforcing' tabs are greyed out. Thank you

MagiskHide method for hiding unlocked bootloader

How does MagiskHide hide the bootloader status? I'm trying to find a way to replicate the same method with the latest canary release which has Zygisk instead of MagiskHide. Any help is appreciated.
It just changed a few props, all of which are integrated into MagiskHide Props Config (the "Edit MagiskHide props" option) and/or Universal SafetyNet Fix (which soon should be updated to work on Magisk build 23010+).
Didgeridoohan said:
It just changed a few props, all of which are integrated into MagiskHide Props Config (the "Edit MagiskHide props" option) and/or Universal SafetyNet Fix (which soon should be updated to work on Magisk build 23010+).
Click to expand...
Click to collapse
I just changed those props, it still fails attestation. It might be something different though, will check further. Thanks.
With Magisk Canary 23010 you'll also have to add the Play Services processes manually to the Deny list (gms and unstable). If you haven't done that, do so and try again. Could also be that you'll need to fool keystore to use basic attestation, but for those you'll have to use USNF v1.2.0 until the next release, since Riru doesn't play well with Zygisk.
Didgeridoohan said:
With Magisk Canary 23010 you'll also have to add the Play Services processes manually to the Deny list (gms and unstable). If you haven't done that, do so and try again. Could also be that you'll need to fool keystore to use basic attestation, but for those you'll have to use USNF v1.2.0 until the next release, since Riru doesn't play well with Zygisk.
Click to expand...
Click to collapse
Yeah, Riru apparently was the problem as when I removed Riru and downgraded Universal SafetyNet Fix ctsProfile now passes. Thanks for the aid!
Didgeridoohan said:
With Magisk Canary 23010 you'll also have to add the Play Services processes manually to the Deny list (gms and unstable). If you haven't done that, do so and try again. Could also be that you'll need to fool keystore to use basic attestation, but for those you'll have to use USNF v1.2.0 until the next release, since Riru doesn't play well with Zygisk.
Click to expand...
Click to collapse
Is there any update in 2022?
I'm using latest canary Magisk and latest USNF v2.2.1 on Android 11 but the unlocked bootloader is still detected.
Is there any solution? Thank you.

Trying to hide root from Play Store but can't install modules in Magisk now

I've managed to hide root from the apps themselves by installing the Universal SafetyNet Fix and enabling Zygisk (Beta) and Enforce DenyList and adding the apps to the DenyList and I can use all the apps but now Play Store won't let me update Netflix or Revolut, as it says they're no longer compatible with my device.
I've now hidden the Magisk app, which hasn't helped, and I'm trying to install the Shamiko module from Telegram but if I choose "Normal Android Way" Magisk just closes and if I choose "File Way" it says "Unzip error". This isn't specific to the Shamiko zip though, it happens if I try to reinstall the Universal SafetyNet Fix zip.
I'm using the latest Magisk v24.1, although I notice that on the Home screen it says "Zygisk: No" even though it's enabled. The only other modules installed are Busybox, Call Recorder and Systemless Hosts.
EDIT: Nevermind. I found that this only happens when trying to install using ES File Explorer. If I use the default File Manager it works OK.
EDIT2: So I followed the steps here, from "Setup Fingerprint", setting it to Poco X3 NFC Global - Android 11, and cleared the data&cache for Play Store and Play Services and rebooted, and now the Play Store doesn't even show Netflix or Revolut, either in the list of installed apps or when I search for them. https://forum.xda-developers.com/t/rom-11-lineageos-official-surya-karna.4202533/post-84100067
EDIT3: I disabled "Enforce DenyList" and enabled the Shamiko (v0.4.3) module instead and rebooted and cleared the Play Store and Play Services cache again and now I'm back to where I was before, with Netflix and Revolut showing in the installed apps list (but not when I search for them) and unable to update as it says they're no longer compatible with my device.
EDIT4: Updated Universal SafetyNet Fix to v2.2.1 and used adb props to Force Basic Key attestation to surya (default value, was M200....). No change. Checking Safety Net with Root Checker says it fails.
Magisk 24.1, enabled Zygisk, enabled DenyList, added all Google apps to the DenyList. Renamed the Magisk package name.
Flashed kdrag0n's Universal SafetyNet fix, installed MagiskHide Props, enabled the surya fingerprint and forced basic attestation. All on LineageOS 18.1. Works fine, no issues so far. Didn't even need to clear data or cache for any apps, just rebooted the phone.
robogo1982 said:
Magisk 24.1, enabled Zygisk, enabled DenyList, added all Google apps to the DenyList. Renamed the Magisk package name.
Flashed kdrag0n's Universal SafetyNet fix, installed MagiskHide Props, enabled the surya fingerprint and forced basic attestation. All on LineageOS 18.1. Works fine, no issues so far. Didn't even need to clear data or cache for any apps, just rebooted the phone.
Click to expand...
Click to collapse
I'm using MIUI but I've literally done all of that and I still can't update Netflix or Revolut.
As explained by Lughnasadh here https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/post-86463103 we can't actually add Google Play Services to the DenyList, as doing so breaks USNF and it unticks automatically on reboot anyway. So I think all we can add to the list is Google Play Store.
doveman said:
I'm using MIUI but I've literally done all of that and I still can't update Netflix or Revolut.
As explained by Lughnasadh here https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/post-86463103 we can't actually add Google Play Services to the DenyList, as doing so breaks USNF and it unticks automatically on reboot anyway. So I think all we can add to the list is Google Play Store.
Click to expand...
Click to collapse
Why don't you guys simply stick to Magisk 23.0? Everything works fore with that version of Magisk
Noter2017 said:
Why don't you guys simply stick to Magisk 23.0? Everything works fore with that version of Magisk
Click to expand...
Click to collapse
I seem to have fixed this now by changing the device fingerprint from POCO X3 NFC Global to POCO X3 NFC Europe.
I have issues after the playstore updates. I can delete all data and at old version device is certified. But it updates itself and it's problem then on. Anyway to stop the playstore self update?
You could try Magisk's Detach module -- online repo is deprecated, but it is still around if you search for it...
I've had same issue about Revolut, I think Nerflix uses similar spies. but telling story short: I downloaded Revolut from ApkPure and cheched it on DenyList, reboot aaaaasaaaaaand it's all done, Revolut is getting updates and works as usuaully

Question Safetynet

I Literally tried every way on the internet to try and pass safety net on arrow os 12, when I first installed it it was working fine but after mgisk 24.2 I couldn't pass safety net and I just Uninstalled mgisk but still I can't pass even with root Uninstalled
What should I do?
Have you tried Universal SafetyNet Fix and Shamiko?
Frenik said:
Have you tried Universal SafetyNet Fix and Shamiko?
Click to expand...
Click to collapse
Yes. didn't work
Enable zygisk
Enforce denylist
Select play services (including gms and unstable)
Flash safetynetfix and shamiko modules
Hide magisk app
Reboot and clear data of play store
Enjoy
Don't enable Enforce DenyList for Shamiko. It will still use the DenyList use though.
I have the same problem. The only reason I can think of is because I imported data from my old phone ... it does not look at all like a good reason but ... I will try to backup, clean the rom and start fresh.
Allahy3een​did you import data as well ?
How did you manage to solve you problem?
EDIT:
I can confirm, staring from scratch fixed everything!!!
NOTE: I did not even had to actually use the MagiskHide Props Config, so ArrowOS v11.0 ROM has a valid fingerprint ...
I did not use shamiko module as well, only safetynetfix and it's all gold. I did looked at this video for ref:

[Solved] Any gentleman happens to have kebab(t) OxygenOS [12] device fingerprint? (For SafetyNet)

Edit:
The USNF module moded by displax fixes both safetynet and security patch info! Thank
rocketda7331 for your experience and nice guidance!
Also, thank BillGoss for your fast help!
Your info gave me the chance to turn back from my wrong direction!
As shown here [ https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf/blob/master/common/prints.sh ], they only have OOS [11] device fingerprints:
OnePlus 8T China KB2000 (11):OnePlus:KB2000=OnePlus/OnePlus8T_CH/OnePlus8T:11/RP1A.201005.001/2108261338:user/release-keys__2021-08-01
OnePlus 8T India KB2001 (11):OnePlus:KB2001=OnePlus/OnePlus8T_IND/OnePlus8T:11/RP1A.201005.001/2110091916:user/release-keys__2021-10-01
OnePlus 8T Europe KB2003 (11):OnePlus:KB2003=OnePlus/OnePlus8T_EEA/OnePlus8T:11/RP1A.201005.001/2110091916:user/release-keys__2021-10-01
OnePlus 8T Global KB2005 (11):OnePlus:KB2005=OnePlus/OnePlus8T/OnePlus8T:11/RP1A.201005.001/2110091917:user/release-keys__2021-10-01
OnePlus 8T T-Mobile KB2007 (11):OnePlus:KB2007=OnePlus/OnePlus8TTMO/OnePlus8TTMO:11/RP1A.201005.001/2108091917:user/release-keys__2021-08-01
But I'm already on LineagsOS 19.1 (Android 12), and I forgotttttttttttt to check the fingerprint of OOS 12 by myself before installing LOS...
Although OOS 11 fingerprint is still able to pass SafetyNet, but it also gives me a "Platform: Out of date" false alarm under "Android security patches" even with latest LOS build installed.
Does any gentleman happens to have OOS [12] device fingerprints for kb2005 or kb2007?
Thanks in advance!!!
ro.build.display.ota: KB2005_11_C.35
ro.build.fingerprint: OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.202208261328:user/release-keys
If you want other properties, let me know.
BillGoss said:
ro.build.display.ota: KB2005_11_C.35
ro.build.fingerprint: OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.202208261328:user/release-keys
If you want other properties, let me know.
Click to expand...
Click to collapse
Thanks a lot! You're GREAT!
Sadly this fingerprint can not pass SafetyNet, it gives a "CTS profile match: Fail".
But it fixes the "Platform: Out of date" in "Android security patches"!
You still saved my day! Thank you for your selfless help!
By the way, the LOS 19.1 (20221013) fingerprint is:
OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.20220730031:user/release-keys
which looks very similar to the OOS C.35 12 fingerprint.
Hmm... Maybe OnePlus just forgot to update it's SafetyNet status?
Found a related issue:
SafetyNet fails on C.20 update for OnePlus 8 Pro · Issue #188 · kdrag0n/safetynet-fix
The "C.20" update for OnePlus 8 Pro based on Android 12 and the OxygenOS 12.1 overlay in correlation with "SafetyNet-Fix v2.2.1" completely blocks the fingerprint scanner. Uninstalling this module ...
github.com
Issue is still open, seems OnePlus has broken something...
GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
rocketda7331 said:
GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
Click to expand...
Click to collapse
Yeah thx I already have that.
With that and hideprops module installed, I can already pass safetynet with OOS 11 fingerprint.
But it's android 11 fingerprint and I'm running android 12 (lineageos 19.1), so using that fingerprint gives me "Platform: Out of date" in "Android security patches".
And as shown above, OOS 12 fingerprint seems problematic too.
For now I can only switch back to OOS 11 fingerprint and watch how this will end...
What are you trying to achieve? If you just want to pass safetynet, you can ditch magiskhideprops module. safetytnet fix module will only spoof your fingerprint for google play services, elsewhere you will have correct fingerprint. I am also on LOS19.1 and everything is reported up to date in Android security patches with this setup. If you wish to keep using magiskhide props for other purposes, you can keep it, but reset your fingerprint.
I will also point out that the linked safetynetfix is modded by displax and is not the original you might have if you installed it ages ago. To pass safetynet nowadays you should update it to this one.
rocketda7331 said:
What are you trying to achieve? If you just want to pass safetynet, you can ditch magiskhideprops module. safetytnet fix module will only spoof your fingerprint for google play services, elsewhere you will have correct fingerprint. I am also on LOS19.1 and everything is reported up to date in Android security patches with this setup. If you wish to keep using magiskhide props for other purposes, you can keep it, but reset your fingerprint.
Click to expand...
Click to collapse
I tried to pass safetynet with a fingerprint from oos 12, not oos 11.
Safetynetfix module is not enough for me because my other apps and games also checks safetynet, so I also have hidepropsconfig module installed. And I use YASNAC to check safetynet.
With hideprops module enabled and oos 11 fingerprint spoofed, I can pass safetynet check, but also got "Platform: Out of date".
With hideprops module enabled and oos 12 fingerprint spoofed, I cannot pass safetynet check, but the platform became okay.
With hideprops module disabled, I cannot pass safetynet check with YASNAC (but google play is okay because safetynetfix module is active), and the platform is okay too. Is this your current state?
IAAxl said:
I tried to pass safetynet with a fingerprint from oos 12, not oos 11.
Safetynetfix module is not enough for me because my other apps and games also checks safetynet, so I also have hidepropsconfig module installed. And I use YASNAC to check safetynet.
With hideprops module enabled and oos 11 fingerprint spoofed, I can pass safetynet check, but also got "Platform: Out of date".
With hideprops module enabled and oos 12 fingerprint spoofed, I cannot pass safetynet check, but the platform became okay.
With hideprops module not enabled, I cannot pass safetynet check, and the platform is okay too. Is this your current state?
Click to expand...
Click to collapse
Are you sure you are using modded safetynetfix module by displax? See if it says "modded by displax" in your magisk modules section. If you have confirmed this, disable magiskhideprops and reboot your phone. Clear data/cache for google play services(note, this will reset your google related settings) and run safetynet attestation. It should pass this way. Apps check safetynet through google, they aren't running their own checks for that, however they can detect root through other methods that don't care about your safetynet status. What app do you have problem with, I could try. You don't have to mess with fingerprints with this module and I assume this is what is actually messing things up for you.
I have oneplus 8t, running lineageos 19.1 and only with safetynetfix mod I can pass safetynet everywhere every time.
rocketda7331 said:
Are you sure you are using modded safetynetfix module by displax? See if it says "modded by displax" in your magisk modules section. If you have confirmed this, disable magiskhideprops and reboot your phone. Clear data/cache for google play services(note, this will reset your google related settings) and run safetynet attestation. It should pass this way. Apps check safetynet through google, they aren't running their own checks for that, however they can detect root through other methods that don't care about your safetynet status. What app do you have problem with, I could try. You don't have to mess with fingerprints with this module and I assume this is what is actually messing things up for you.
I have oneplus 8t, running lineageos 19.1 and only with safetynetfix mod I can pass safetynet everywhere every time.
Click to expand...
Click to collapse
I'm using kdrag0n's universal safetynet fix module v2.3.1, with propsconfig by Didgeridoohan.
I'll check displax's modded version and try your build!
Thanks a lot for sharing your success experience!
IAAxl said:
I'm using kdrag0n's universal safetynet fix module v2.3.1, with propsconfig by Didgeridoohan.
I'll check displax's modded version and try your build!
Thanks a lot for sharing your success experience!
Click to expand...
Click to collapse
Disable propsconfig. Displax' modded version will be all you need to pass safetynet and you will have correct fingerprint(so correct security updates information as well) everywhere else.
rocketda7331 said:
Disable propsconfig. Displax' modded version will be all you need to pass safetynet and you will have correct fingerprint(so correct security updates information as well) everywhere else.
Click to expand...
Click to collapse
It worked!
Thank you so much for your experience and nice guidance!
You saved my year!
IAAxl said:
It worked!
Thank you so much for your experience and nice guidance!
You saved my year!
Click to expand...
Click to collapse
Also check article
How to pass SafetyNet on Android after rooting or installing a custom ROM
It is possible to pass SafetyNet, even after extensive modding like rooting or installing a custom ROM. Check out how to do that here!
www.xda-developers.com

Categories

Resources