Database Info

[Fix] Magisk SafetyNet

SafetyNet Issues​
If ctsProfile = false, basicIntegrity = true
Your ro.build.fingerprint is screwed up, or maybe it is not updated, you have to update it manually by navigating to /system/build.prop
or you can use MagiskHide Props Config module for better fix. Don't worry, this is very common issue who install custom roms.
Steps
1. Download and install MagsikHide Props Config via Magisk (download link below) then Reboot
2. Download any Android Terminal Emulator
3. Type "su" then "props" WITHOUT quotation marks
4. Type "1" for Edit device fingerprint
5. Type "f" for Pick a certified fingerprint
6. Find "Xiaomi"
7. Find "Xiaomi Pocophone F1"
-If you are on Android 9 choose it, if not then Android 10
8. Type "y" for yes
-Would you like to activate device simulation?
Type "n" for no
9. Then reboot by typing "y"
After all that, you can check the SafetyNet. If both passes, congrats!
Actually, you can install "SafetyPatch" module in Magisk IF you want quick fix but the only thing is that it uses someone's device fingerprint e.g. (ro.build.fingerprint=....Huawei/P20) and it changes the behavior of some apps (Google for example)
Some apps detects your phone as Huawei P20 but actually it is Pocophone F1.
If ctsProfile = true, basicIntegrity = false
This issue is rare. I don't think that someone will get this issue but if in case,
-Clear data on all Google apps (Google Play Store, Google Services, etc.) then Reboot then check SafetyNet
Xposed Issue​Most phones will get error on both CTS Profile and basicIntegrity. This is common on users when they installed Xposed Canary on Android Q. Try uninstall or update Xposed and check Safetynet. Other system altering apps might be the cause of safetynet failing like Luckypatcher, Uret patcher, etc., try uninstalling them then check SafetyNet.
-Uninstall any other RootSU apps (SuperSU, KingoRoot, KingRoot, etc.) through their app or by using a flashable zip (unSU) then Install magisk via custom recovery.
If ctsProfile = false, basicIntegrity = false
Try doing both until you pass both ctsProfile and basicIntegrity.
If not, Check the documentation for more information (https://github.com/Magisk-Modules-R...EADME.md#i-cant-pass-the-basicintegrity-check)

Original Thread can be found here. https://forum.xda-developers.com/apps/magisk/module-magiskhide-props-config-t3789228
Thanks to @Didgeridoohan

How about asus zenfone max pro m1 with custom rom AEX ?
Type "18" also ?

Ryngga said:
How about asus zenfone max pro m1 with custom rom AEX ?
Type "18" also ?
Click to expand...
Click to collapse
If you are using Asus Zenfone Max Pro M1, then find the Asus brand in one of the selections and then select the specific device you have, do not use Xiaomi. It might conflict with the ctsProfile and gets you false.

is poco f2 listed in there? I am having ctsProfile = false, basicIntegrity = true issue. I tried your method but when i hit su props and enter, no further menu came out....

Thread Updated:
Added Xposed issue and fix.

spicediablo said:
is poco f2 listed in there? I am having ctsProfile = false, basicIntegrity = true issue. I tried your method but when i hit su props and enter, no further menu came out....
Click to expand...
Click to collapse
Did you installed MagiskHideProps in the module menu?

Darklouis said:
Did you installed MagiskHideProps in the module menu?
Click to expand...
Click to collapse
Yes, i installed the latest version and managed to get the response. However, checking still failed after updating fingerprint... [emoji28]
Sent from sagit

spicediablo said:
Yes, i installed the latest version and managed to get the response. However, checking still failed after updating fingerprint... [emoji28]
Sent from sagit
Click to expand...
Click to collapse
It seems that there is no PocoF2 on the listed certified list of device fingerprints. You have to undo the changes and manually change the device fingerprint in the build.props
If you have a stock rom lying around, find the build.props, open it using any text editor, then copy the device fingerprint then paste on the current build.props
(ro.build.fingerprint="device fingerprint")

With the latest module 5.2.6, poco f2 pro is available but the build version is different. according to the author, it should not be an issue...
Darklouis said:
It seems that there is no PocoF2 on the listed certified list of device fingerprints. You have to undo the changes and manually change the device fingerprint in the build.props
If you have a stock rom lying around, find the build.props, open it using any text editor, then copy the device fingerprint then paste on the current build.props
(ro.build.fingerprint="device fingerprint")
Click to expand...
Click to collapse

spicediablo said:
With the latest module 5.2.6, poco f2 pro is available but the build version is different. according to the author, it should not be an issue...
Click to expand...
Click to collapse
Idk how or where is the listed fingerprint in the module, you could try manually change this, I found your fingerprint on Github, Poco F2 codename LMI right?
ro.system.build.fingerprint=qti/qssi/qssi:10/QKQ1.191117.002/20.5.22:user/release-keys

I have taken logs for the author to check. Let's see what is the issue before we try this.
Darklouis said:
Idk how or where is the listed fingerprint in the module, you could try manually change this, I found your fingerprint on Github, Poco F2 codename LMI right?
ro.system.build.fingerprint=qti/qssi/qssi:10/QKQ1.191117.002/20.5.22:user/release-keys
Click to expand...
Click to collapse
Sent from sagit

spicediablo said:
I have taken logs for the author to check. Let's see what is the issue before we try this.
Sent from sagit
Click to expand...
Click to collapse
Keep him posted.

sorry for the question but why do i need the safetynet?

Any idea why and what should I do, if I follow the instructions, find and choose my device (Xiaomi Note 10) and still have the cts test failed with basicintegrity true?

I've got a Poco f1, I am running on miui 11.0.9.0, Android 10, I have installed Magisk and made all the steps (the device simulation didn't appear), however, I still get ctsProfile match fail. What should I do?

solution?
JPMuller said:
I've got a Poco f1, I am running on miui 11.0.9.0, Android 10, I have installed Magisk and made all the steps (the device simulation didn't appear), however, I still get ctsProfile match fail. What should I do?
Click to expand...
Click to collapse
have you got the solution for safety net if using edxposed for android 10 miui11

rehfore said:
sorry for the question but why do i need the safetynet?
Click to expand...
Click to collapse
Lot of banking apps and payment apps (like Gpay) won't work if safety net fails.

I have a question: my device is Poco f1 and it has VoLTE enabled (in menu). My carrier also support VoLTE, but only on few models, and mine is not on the list, and cannot be activated - there is no volte icon on coverage bar. So, if I use your guide, can I change my device fingerprint (e.g. to be visible like Huawei P20 for exampe), and to be able to force the carrier to activate it? I would like to note that, here, where I'm living, there is a lot of Poco phones, which was activated on same carrier, but through different procedure, which is no longer available.

Unable to pass SafetyNet

I've followed the steps here https://forum.xda-developers.com/pixel-5/how-to/tutorial-unlock-bootloader-root-valid-t4178673
I'm still unable to pass CTS though. Any other recommendations? I've factory reset and re-did the steps above without success.
Eval type shows hardware.. my pixel 4 shows basic.

tlxxxsracer said:
I've followed the steps here https://forum.xda-developers.com/pixel-5/how-to/tutorial-unlock-bootloader-root-valid-t4178673
I'm still unable to pass CTS though. Any other recommendations? I've factory reset and re-did the steps above without success.
Eval type shows hardware.. my pixel 4 shows basic.
Click to expand...
Click to collapse
Easy to pass safety net

tlxxxsracer said:
I've followed the steps here https://forum.xda-developers.com/pixel-5/how-to/tutorial-unlock-bootloader-root-valid-t4178673
I'm still unable to pass CTS though. Any other recommendations? I've factory reset and re-did the steps above without success.
Eval type shows hardware.. my pixel 4 shows basic.
Click to expand...
Click to collapse
When you did it did your phone say it was Pixel 3a ?

jaythenut said:
When you did it did your phone say it was Pixel 3a ?
Click to expand...
Click to collapse
No. I changed it pixel 5. I caught that in the guide and surprised it's not corrected

tlxxxsracer said:
No. I changed it pixel 5. I caught that in the guide and surprised it's not corrected
Click to expand...
Click to collapse
The guide says 3a because that's what you need your phone's fingerprint to be to pass safetynet. It's not a guide error.
Pixel 5 safetynet uses hardware attestation which is why your eval type says "hardware". Basically, that means it does a "deep scan" of your phone, while Pixel 3a and under only does a "surface scan".
Currently, there's no way to fool the "deep scan" so you have to change your device fingerprint to Pixel 3a, so that safetynet test only does a "surface scan" which is easy to fool.

swangjang said:
The guide says 3a because that's what you need your phone's fingerprint to be to pass safetynet. It's not a guide error.
Pixel 5 safetynet uses hardware attestation which is why your eval type says "hardware". Basically, that means it does a "deep scan" of your phone, while Pixel 3a and under only does a "surface scan".
Currently, there's no way to fool the "deep scan" so you have to change your device fingerprint to Pixel 3a, so that safetynet test only does a "surface scan" which is easy to fool.
Click to expand...
Click to collapse
Thanks for this explanation. I thought it was just an error and having to use pixel 5. I got it to work now

swangjang said:
The guide says 3a because that's what you need your phone's fingerprint to be to pass safetynet. It's not a guide error.
Pixel 5 safetynet uses hardware attestation which is why your eval type says "hardware". Basically, that means it does a "deep scan" of your phone, while Pixel 3a and under only does a "surface scan".
Currently, there's no way to fool the "deep scan" so you have to change your device fingerprint to Pixel 3a, so that safetynet test only does a "surface scan" which is easy to fool.
Click to expand...
Click to collapse
do you know of any disadvantages of having the "fingerprint" of the phone as a pixel 3a? Like will this affect something else?

KHANrad_SIN said:
do you know of any disadvantages of having the "fingerprint" of the phone as a pixel 3a? Like will this affect something else?
Click to expand...
Click to collapse
I think it will cause issues with OTA updates but you can do that manually anyway. I have no idea what else it will break. I'm still waiting on my order so I don't actually have the phone yet, sadly.

I have rooted the phone for 2 months and was able to pass safetynet using this method, but today I got the message that I can't use contactless payment, and then when I check safetynet in magisk manager, it failed (only cts profile failed, basic integrity passed and evaltype is basic). I double checked by running props again and found that the device is still simulating 3a. Anyone having the same problem as me?

cescman said:
I have rooted the phone for 2 months and was able to pass safetynet using this method, but today I got the message that I can't use contactless payment, and then when I check safetynet in magisk manager, it failed (only cts profile failed, basic integrity passed and evaltype is basic). I double checked by running props again and found that the device is still stimulating 3a. Anyone having the same problem as me?
Click to expand...
Click to collapse
yes same problem here!

cescman said:
I have rooted the phone for 2 months and was able to pass safetynet using this method, but today I got the message that I can't use contactless payment, and then when I check safetynet in magisk manager, it failed (only cts profile failed, basic integrity passed and evaltype is basic). I double checked by running props again and found that the device is still stimulating 3a. Anyone having the same problem as me?
Click to expand...
Click to collapse
Same here I was using Pixel 5 disguised as 4a 5g

Oh **** I just checked and I'm getting the same error. Basicintegrity passes but cts profile fails. Eval type basic. Why the f is google so against rooting? Imagine Microsoft not allowing admin privillages and shutting you down because you edited the registry files...

cescman said:
I have rooted the phone for 2 months and was able to pass safetynet using this method, but today I got the message that I can't use contactless payment, and then when I check safetynet in magisk manager, it failed (only cts profile failed, basic integrity passed and evaltype is basic). I double checked by running props again and found that the device is still stimulating 3a. Anyone having the same problem as me?
Click to expand...
Click to collapse
Same here

Same issue here ctsProfile is failing

swangjang said:
Oh **** I just checked and I'm getting the same error. Basicintegrity passes but cts profile fails. Eval type basic. Why the f is google so against rooting? Imagine Microsoft not allowing admin privillages and shutting you down because you edited the registry files...
Click to expand...
Click to collapse
thehairyviking69 said:
Same here
Click to expand...
Click to collapse
sam.bagga said:
Same issue here ctsProfile is failing
Click to expand...
Click to collapse
Did you guys try this module for Magisk?

piponomarev said:
Did you guys try this module for Magisk?
Click to expand...
Click to collapse
Tried installing this module via magisk, doesn't seem to do anything though

cescman said:
Tried installing this module via magisk, doesn't seem to do anything though
Click to expand...
Click to collapse
Video screen devices? Get the root again and install the module, if the problems persist, write to the developer

Same for me - can't pass CtsProfile anymore. I noticed it today through the GPay notification, which says my phone doesn't meet device standards for contactless payments.
Has anyone tried the magisk module? What does it do?

Same problem. Pixel 3 running stock rooted. Last time this happened (a few months ago), the Build.Props module fixed it. Now, not so much. Still using basic eval; cts profile fail. Have we finally been locked us out of GPay???

I just found a fix. Download and flash following magisk module. Keep in mind that you need to unzip and rezip the raw files again, as otherwise the files will be inside a folder inside the zip.
GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
You can read more about the recent safetyNet change here.
//EDIT: You can directly download the flashable zip without having to rezip the raw files here.

Michael1200 said:
I just found a fix. Download and flash following magisk module. Keep in mind that you need to unzip and rezip the raw files again, as otherwise the files will be inside a folder inside the zip.
GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
You can read more about the recent safetyNet change here.
Click to expand...
Click to collapse
I'm running 10... will it still work? Nevermind. just went to site and found out, no.

Banking App does not Work with Root

Hey, my Banking apps arent working. Im rooted on One Plus 7 Android 10.0.10 with Magisk 21.1.
I hide Magisk in its Settings and Restarted but didnt worked for me. Please help!
Banking App: VR-SecureGo

Silazius said:
Hey, my Banking apps arent working. Im rooted on One Plus 7 Android 10.0.10 with Magisk 21.1.
I hide Magisk in its Settings and Restarted but didnt worked for me. Please help!
Banking App: VR-SecureGo
Click to expand...
Click to collapse
Settings/Hide magisk manager and reboot, then tap shield icon the bottom, and tap Magisk hide and check then bank app.

Shyciii said:
Settings/Hide magisk manager and reboot, then tap shield icon the bottom, and tap Magisk hide and check then bank app.
Click to expand...
Click to collapse
Did not Worked...
Is there any other option?

Silazius said:
Did not Worked...
Is there any other option?
Click to expand...
Click to collapse
In order for certain apps to work your device will need to pass safetynet check some apps include banking, entertainment and even a few games. You can check this from within Magisk Manger itself. Some custom roms do not support safetynet and therefore it will not pass while on those roms. However, most do such as LineageOS among others. If you need to pass safetynet then making sure software and vendor is updated is your first step, I don't know all the steps as I am unfamiliar with the process but this applies for any device with Magisk not just the OnePlus 7

Silazius said:
Did not Worked...
Is there any other option?
Click to expand...
Click to collapse

Mr.Conkel said:
In order for certain apps to work your device will need to pass safetynet check some apps include banking, entertainment and even a few games. You can check this from within Magisk Manger itself. Some custom roms do not support safetynet and therefore it will not pass while on those roms. However, most do such as LineageOS among others. If you need to pass safetynet then making sure software and vendor is updated is your first step, I don't know all the steps as I am unfamiliar with the process but this applies for any device with Magisk not just the OnePlus 7
Click to expand...
Click to collapse

Saftynet is okei... So what should i do now?

Considering your passing it, you may want to contact the devs of your rom on this one. Not sure why it wouldn't work even with a successful check but that is your best bet assuming your not on stock that is.

I have Oneplus 8 pro . and i have same problem,
the bank app updated their safety and the old way don't work.
also i pass saftynet.

Silazius said:
Did not Worked...
Is there any other option?
Click to expand...
Click to collapse
XPrivacyLua together Magisk Hide is enough.
Try using my app VD INFOS, you can see every detectable thing. (Root/Magisk/Xposed/Riru/and others.)
And then you can fix what needs to be fixed.
[APP][v1.10] VD Infos (Package: com.vitaodoidao.vdinfos)
(Para quem fala PORTUGUÊS, o próximo post está totalmente traduzido !) VD Infos v1.10 As we all know, Android is a super powerful and super versatile operating system. What nobody tells you is that all your personal details and confidential...
forum.xda-developers.com

I'm facing exactly the same issue, my bank's app checks if OEM unlock is active and if so, it fails to start. This thing cannot be hid by Magisk.

Deus. said:
I'm facing exactly the same issue, my bank's app checks if OEM unlock is active and if so, it fails to start. This thing cannot be hid by Magisk.
Click to expand...
Click to collapse
You can hide it easily.
Just unlock bootloader first and then, erase nvdata.
Nvdata contains developer settings, like "oem unlock".
But, if you aready have an unlocked bootloader, the settings "oem unlock" doesn't change nothing.

Question Google Pay after Root

Hi,
I was reading that if I root my Poco X3 Pro with magisk can't use google pay with nfc .
That true ? There is way to unlock google pay to use with nfc ?

astronomy2021 said:
can't use google pay with nfc .
Click to expand...
Click to collapse
That's not true. Install MagiskHide Props Config module and everything will be fine.

wojownikhaha said:
That's not true. Install MagiskHide Props Config module and everything will be fine.
Click to expand...
Click to collapse
My card will works just normal like without root yes ?

On Xiaomi.eu i was able to get Google Pay contactless payments to work by enabling Magisk Hide for all Google apps incl. Pay, but I also had to install HideProps as well as this module: https://github.com/stylemessiah/GPay-SQLite-Fix
On stock it may not be all required. Test it out, some combination of this should work.

Thanks for help have a nice day and be safe

kamild_ said:
On Xiaomi.eu i was able to get Google Pay contactless payments to work by enabling Magisk Hide for all Google apps incl. Pay, but I also had to install HideProps as well as this module: https://github.com/stylemessiah/GPay-SQLite-Fix
On stock it may not be all required. Test it out, some combination of this should work.
Click to expand...
Click to collapse
For me it still says I dont meet security requirements.
What fingerprint did you choose for the device props?
Any more advice on how ye got it working?

23silver said:
For me it still says I dont meet security requirements.
What fingerprint did you choose for the device props?
Any more advice on how ye got it working?
Click to expand...
Click to collapse
If you pass Safetynet, it shouldn't be needed to use the HideProps module.
I don't really use MIUI anymore but doublechecking Safetynet and using the GPay SQLite Fix module is usually the key for me to setting up GPay. You need to install a busybox module and reboot before installing the fix btw.

Question Safety Net Failure

I'm on latest Firmware Rooted Using Magisk. Safety net failure even after Trying every fix modules hide options and what not. Kindly help.

It appears to be an issue with the newest release of the Magisk (the patch, not the app).
I can confirm mine was passing until installing an update to Magisk. After booting, it failed with or without the fix.

Found a fix on a telegram page, give full credits to modulesrepo and TeamFiles for finding this method.
-- Open Magisk and Flash Riru Core, But do not reboot.
-- Go back and flash Lsposed in magisk & reboot your device.
-- Now install XPrivacyLua apk
-- Open Lsposed and go to modules section and choose XPrivacyLua from there.
-- Select system framework, Settings storage and Google Play services there.(Uncheck the system apps from hide section settings for Play services to show up)
-- Reboot your device
-- Open XPrivacyLua and search google play services, click drop down menu in left of play services and tick 'use tracking' as shown in the screenshot.
-- Tick 'use tracking' on banking apps too and clear data of them after ticking
-- Now clear play services and play store data through your phone's settings.
-- Hide magisk and change name of magisk
-- Your Safetynet Should Pass Now!

Came across that a few days ago, but it seemed excessive.
[2023 FIX] Fix Magisk CTS Profile False Error - Bypass Safetynet
Magisk CTS Profile False Error is now popping up on almost everyone's device since Google made some changes in March. To Bypass Safetynet...
droidholic.com

Madbullben said:
Found a fix on a telegram page, give full credits to modulesrepo and TeamFiles for finding this method.
-- Open Magisk and Flash Riru Core, But do not reboot.
-- Go back and flash Lsposed in magisk & reboot your device.
-- Now install XPrivacyLua apk
-- Open Lsposed and go to modules section and choose XPrivacyLua from there.
-- Select system framework, Settings storage and Google Play services there.(Uncheck the system apps from hide section settings for Play services to show up)
-- Reboot your device
-- Open XPrivacyLua and search google play services, click drop down menu in left of play services and tick 'use tracking' as shown in the screenshot.
-- Tick 'use tracking' on banking apps too and clear data of them after ticking
-- Now clear play services and play store data through your phone's settings.
-- Hide magisk and change name of magisk
-- Your Safetynet Should Pass Now!
Click to expand...
Click to collapse
Thanks a lot, But thats a lot of modules for a phone without TWRP right now ....

I kept getting a failure error as well but now it's all good follow the instructions and links from this video. You don't have to follow the entire instructions you can skip to the part for the magisk safety net module and info

Now clear play services and play store data through your phone's settings ? how to do it ?

Deleted, posted in wrong thread, oops

Madbullben said:
Thanks! Really appreciated that you did this! The new chat bubbles are a good idea in theory but they are so bad and so much worse than the old chat heads and it was driving me crazy with the new chat bubble so this is amazing!
Click to expand...
Click to collapse
Did you make a wrong turn?

Did the fix. Safety net passes, Hulu and Disney+ work, but not Netflix
edit: got it working. restarting the first time didn't fix it, but the 2nd time did for some reason.

TiklMiPickles said:
Did the fix. Safety net passes, Hulu and Disney+ work, but not Netflix
edit: got it working. restarting the first time didn't fix it, but the 2nd time did for some reason.
Click to expand...
Click to collapse
Which one worked ?
Post #3 - The list or the video in Post #6 ?

JazonX said:
Which one worked ?
Post #3 - The list or the video in Post #6 ?
Click to expand...
Click to collapse
The video redirects to the latest canary build, so that is going to be broken.

twistedumbrella said:
The video redirects to the latest canary build, so that is going to be broken.
Click to expand...
Click to collapse
Loud and clear.
If no other option comes up, I will go with the guide with Riru.
It's a huge risk tbh, because ROG 5 doesn't have TWRP yet to revert if anything goes bad.

JazonX said:
Loud and clear.
If no other option comes up, I will go with the guide with Riru.
It's a huge risk tbh, because ROG 5 doesn't have TWRP yet to revert if anything goes bad.
Click to expand...
Click to collapse
Yeah. I'm waiting on the module to work. It's been converted to Riru, but both beta and canary builds of Magisk still fail. I haven't tested the stable one.

The one in the video works fine for me tho. Didn't work at first but for whatever magic reasons everything was fine after some restarts

twistedumbrella said:
Yeah. I'm waiting on the module to work. It's been converted to Riru, but both beta and canary builds of Magisk still fail. I haven't tested the stable one.
Click to expand...
Click to collapse
Just checked his github, sadly the latest version 2.1.0 seems to fix the issue - But it's a paid mod now.
Github has only 2.0.0 where the CTS still fails.

JazonX said:
Just checked his github, sadly the latest version 2.1.0 seems to fix the issue - But it's a paid mod now.
Github has only 2.0.0 where the CTS still fails.
Click to expand...
Click to collapse
It's not a paid mod. Only early access is paid - just wait until the developer releases it via github

twistedumbrella said:
Did you make a wrong turn?
Click to expand...
Click to collapse
Yep oops sorry about that

twistedumbrella said:
Yeah. I'm waiting on the module to work. It's been converted to Riru, but both beta and canary builds of Magisk still fail. I haven't tested the stable one.
Click to expand...
Click to collapse
As we don't have twrp, if something does fail can't we just use fastboot and flash the device again?

Madbullben said:
As we don't have twrp, if something does fail can't we just use fastboot and flash the device again?
Click to expand...
Click to collapse
Raw firmware can fix almost anything. Factory reset can fix the rest.