I've followed the steps here https://forum.xda-developers.com/pixel-5/how-to/tutorial-unlock-bootloader-root-valid-t4178673
I'm still unable to pass CTS though. Any other recommendations? I've factory reset and re-did the steps above without success.
Eval type shows hardware.. my pixel 4 shows basic.
tlxxxsracer said:
I've followed the steps here https://forum.xda-developers.com/pixel-5/how-to/tutorial-unlock-bootloader-root-valid-t4178673
I'm still unable to pass CTS though. Any other recommendations? I've factory reset and re-did the steps above without success.
Eval type shows hardware.. my pixel 4 shows basic.
Click to expand...
Click to collapse
Easy to pass safety net
tlxxxsracer said:
I've followed the steps here https://forum.xda-developers.com/pixel-5/how-to/tutorial-unlock-bootloader-root-valid-t4178673
I'm still unable to pass CTS though. Any other recommendations? I've factory reset and re-did the steps above without success.
Eval type shows hardware.. my pixel 4 shows basic.
Click to expand...
Click to collapse
When you did it did your phone say it was Pixel 3a ?
jaythenut said:
When you did it did your phone say it was Pixel 3a ?
Click to expand...
Click to collapse
No. I changed it pixel 5. I caught that in the guide and surprised it's not corrected
tlxxxsracer said:
No. I changed it pixel 5. I caught that in the guide and surprised it's not corrected
Click to expand...
Click to collapse
The guide says 3a because that's what you need your phone's fingerprint to be to pass safetynet. It's not a guide error.
Pixel 5 safetynet uses hardware attestation which is why your eval type says "hardware". Basically, that means it does a "deep scan" of your phone, while Pixel 3a and under only does a "surface scan".
Currently, there's no way to fool the "deep scan" so you have to change your device fingerprint to Pixel 3a, so that safetynet test only does a "surface scan" which is easy to fool.
swangjang said:
The guide says 3a because that's what you need your phone's fingerprint to be to pass safetynet. It's not a guide error.
Pixel 5 safetynet uses hardware attestation which is why your eval type says "hardware". Basically, that means it does a "deep scan" of your phone, while Pixel 3a and under only does a "surface scan".
Currently, there's no way to fool the "deep scan" so you have to change your device fingerprint to Pixel 3a, so that safetynet test only does a "surface scan" which is easy to fool.
Click to expand...
Click to collapse
Thanks for this explanation. I thought it was just an error and having to use pixel 5. I got it to work now
swangjang said:
The guide says 3a because that's what you need your phone's fingerprint to be to pass safetynet. It's not a guide error.
Pixel 5 safetynet uses hardware attestation which is why your eval type says "hardware". Basically, that means it does a "deep scan" of your phone, while Pixel 3a and under only does a "surface scan".
Currently, there's no way to fool the "deep scan" so you have to change your device fingerprint to Pixel 3a, so that safetynet test only does a "surface scan" which is easy to fool.
Click to expand...
Click to collapse
do you know of any disadvantages of having the "fingerprint" of the phone as a pixel 3a? Like will this affect something else?
KHANrad_SIN said:
do you know of any disadvantages of having the "fingerprint" of the phone as a pixel 3a? Like will this affect something else?
Click to expand...
Click to collapse
I think it will cause issues with OTA updates but you can do that manually anyway. I have no idea what else it will break. I'm still waiting on my order so I don't actually have the phone yet, sadly.
I have rooted the phone for 2 months and was able to pass safetynet using this method, but today I got the message that I can't use contactless payment, and then when I check safetynet in magisk manager, it failed (only cts profile failed, basic integrity passed and evaltype is basic). I double checked by running props again and found that the device is still simulating 3a. Anyone having the same problem as me?
cescman said:
I have rooted the phone for 2 months and was able to pass safetynet using this method, but today I got the message that I can't use contactless payment, and then when I check safetynet in magisk manager, it failed (only cts profile failed, basic integrity passed and evaltype is basic). I double checked by running props again and found that the device is still stimulating 3a. Anyone having the same problem as me?
Click to expand...
Click to collapse
yes same problem here!
cescman said:
I have rooted the phone for 2 months and was able to pass safetynet using this method, but today I got the message that I can't use contactless payment, and then when I check safetynet in magisk manager, it failed (only cts profile failed, basic integrity passed and evaltype is basic). I double checked by running props again and found that the device is still stimulating 3a. Anyone having the same problem as me?
Click to expand...
Click to collapse
Same here I was using Pixel 5 disguised as 4a 5g
Oh **** I just checked and I'm getting the same error. Basicintegrity passes but cts profile fails. Eval type basic. Why the f is google so against rooting? Imagine Microsoft not allowing admin privillages and shutting you down because you edited the registry files...
cescman said:
I have rooted the phone for 2 months and was able to pass safetynet using this method, but today I got the message that I can't use contactless payment, and then when I check safetynet in magisk manager, it failed (only cts profile failed, basic integrity passed and evaltype is basic). I double checked by running props again and found that the device is still stimulating 3a. Anyone having the same problem as me?
Click to expand...
Click to collapse
Same here
Same issue here ctsProfile is failing
swangjang said:
Oh **** I just checked and I'm getting the same error. Basicintegrity passes but cts profile fails. Eval type basic. Why the f is google so against rooting? Imagine Microsoft not allowing admin privillages and shutting you down because you edited the registry files...
Click to expand...
Click to collapse
thehairyviking69 said:
Same here
Click to expand...
Click to collapse
sam.bagga said:
Same issue here ctsProfile is failing
Click to expand...
Click to collapse
Did you guys try this module for Magisk?
piponomarev said:
Did you guys try this module for Magisk?
Click to expand...
Click to collapse
Tried installing this module via magisk, doesn't seem to do anything though
cescman said:
Tried installing this module via magisk, doesn't seem to do anything though
Click to expand...
Click to collapse
Video screen devices? Get the root again and install the module, if the problems persist, write to the developer
Same for me - can't pass CtsProfile anymore. I noticed it today through the GPay notification, which says my phone doesn't meet device standards for contactless payments.
Has anyone tried the magisk module? What does it do?
Same problem. Pixel 3 running stock rooted. Last time this happened (a few months ago), the Build.Props module fixed it. Now, not so much. Still using basic eval; cts profile fail. Have we finally been locked us out of GPay???
I just found a fix. Download and flash following magisk module. Keep in mind that you need to unzip and rezip the raw files again, as otherwise the files will be inside a folder inside the zip.
GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
You can read more about the recent safetyNet change here.
//EDIT: You can directly download the flashable zip without having to rezip the raw files here.
Michael1200 said:
I just found a fix. Download and flash following magisk module. Keep in mind that you need to unzip and rezip the raw files again, as otherwise the files will be inside a folder inside the zip.
GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
You can read more about the recent safetyNet change here.
Click to expand...
Click to collapse
I'm running 10... will it still work? Nevermind. just went to site and found out, no.
Related
Hey,
Does anyone have or can make a November patched boot image that has just the unlocked state check disabled so SafetyNet will pass? I want to play PoGo and have no use for root or Magisk at this time, but can't play because Niantic added extra checks beyond just SafetyNet passing. The Canary build of Magisk is unstable right now and among other things blocks charging with the device off, which is kind of dangerous. The Magisk hide on Pixel 3s also still seems hit or miss from that build. I also don't want to have to wipe my phone just to get rid of Magisk and pass SafetyNet right now.
I don't have my Linux dev environment up to date because I haven't done kernel work in a couple years, so hopefully someone else is already set up to throw in the couple quick patches from source and spit out an image.
Thanks!
Why are you looking at the Magisk Canary build? 17.3 Beta is working just fine on both Pixel 3 and PIxel 3 XL.
sliding_billy said:
Why are you looking at the Magisk Canary build? 17.3 Beta is working just fine on both Pixel 3 and PIxel 3 XL.
Click to expand...
Click to collapse
Hiding the Magisk Manager app itself (which PoGo looks for) doesn't work correctly. It sometimes creates a second copy and also can cause root to be lost.
elkay said:
Hiding the Magisk Manager app itself (which PoGo looks for) doesn't work correctly. It sometimes creates a second copy and also can cause root to be lost.
Click to expand...
Click to collapse
Gotcha. I've never lost root with 17.3, nor has anything failed due to Manager not hiding or creating a duplicate. Stinks that they are that concerned about device rooting for a game.
Hello Guys, after I flashed the 20.7.9 EU Beta. I got Safety Net Failed. Is there any way to fix this issue? Thanks.
FYI. My phone is not rooted yet.
Now I already root my phone. And I got this
I wonder if this is related to hardware attestation?
https://www.xda-developers.com/safetynet-hardware-attestation-hide-root-magisk/
edward014 said:
Now I already root my phone. And I got this
Click to expand...
Click to collapse
Apparently, you forgot to hide your magisk with magiskhide in the option. That results in your basic integrity failed.
And for the ctsprofile part, since your evalType showed basic, you may give "Magiskhide props config" a try.
Or, you may just try eu dev 20.7.3, Several reported it passes safetynet check.
Hi all, I passed now the SafetyNet. I just use the MAGISK STABLE and use the command for Magisk Hide Props Config module.
Which commands you used and how exactly did you executed them?
Snah001 said:
Which commands you used and how exactly did you executed them?
Click to expand...
Click to collapse
Use termux and type su -c props and follow or choose the steps that will appear.
I understand but what choice you made in the props?
Snah001 said:
I understand but what choice you made in the props?
Click to expand...
Click to collapse
-Su -c props
-1
-F (Pick certified fingerprint)
-6
-21
-2
-Yes
-Yes
Snah001 said:
I understand but what choice you made in the props?
Click to expand...
Click to collapse
Btw.
Device: Poco F2 Pro
Rooted Magisk Stable 20.4
ROM: Latest beta EU 7.9
Unfortunately doesn't work.
I am on rooted EEA btw.
Tried several fp's but no luck.
The hardware attestation is messing with us.
Snah001 said:
Unfortunately doesn't work.
I am on rooted EEA btw.
Tried several fp's but no luck.
The hardware attestation is messing with us.
Click to expand...
Click to collapse
Give eu a try, they did some effort on the hw attestation or you may try alter some props to fake your phone to another model to get evalType basic.
Simply changing fp is not gonna help on this hw attestation thing.
edward014 said:
-Su -c props
-1
-F (Pick certified fingerprint)
-6
-21
-2
-Yes
-Yes
Click to expand...
Click to collapse
So you use poco X2 fingerprint?
valkyrjur said:
So you use poco X2 fingerprint?
Click to expand...
Click to collapse
I used google. Not Poco X2 or Poco f2 Pro. Dont use also magisk canary. Use stable one
Used Google XL3 and 4 and both did not work.
Also I tried to find in a logcat (after performing the safetynet check) if it states that attestation is hardware backed but couldn't find it in the logcat.
Edit: got Safetynet check to work.
In Playstore it still says "not certified" but safetynet check is now both ok.
Force closed manually Playstore app and it shows now "certified".
Used: https://forum.xda-developers.com/showpost.php?p=83028387&postcount=40658
Snah001 said:
Used Google XL3 and 4 and both did not work.
Also I tried to find in a logcat (after performing the safetynet check) if it states that attestation is hardware backed but couldn't find it in the logcat.
Edit: got Safetynet check to work.
In Playstore it still says "not certified" but safetynet check is now both ok.
Used: https://forum.xda-developers.com/showpost.php?p=83028387&postcount=40658
Click to expand...
Click to collapse
Try force closing, clearing data and cache for the playstore app then restart the app and check again.
pedro1977 said:
Try force closing, clearing data and cache for the playstore app then restart the app and check again.
Click to expand...
Click to collapse
Did you read my edit to my post?
Deleted all app data also as the dev of the zip file recommended.
Snah001 said:
Did you read my edit to my post?
Deleted all app data also as the dev of the zip file recommended.
Click to expand...
Click to collapse
I saw your modules provided about hardware. But I'm not using that one.
Just try Busy Box only and Magisk Hide Props Config Modules and try also to Hide Your magisk manager and Hide your Banking apps as well.
PS: Ignore this reply if you're successfully and no issue with your safetynet check now. Thank you!
As posted I used the zip to change the model name and it works perfect and it shows certified.
Snah001 said:
As posted I used the zip to change the model name and it works perfect and it shows certified.
View attachment 5059129View attachment 5059131
Click to expand...
Click to collapse
Using that module, Both CTS profile and Basicintegrity will True or verified? Also in Playstore? Right? Btw, thanks to this info bro!
Hello Everyone,
I recently installed LineageOS 18.1 (build: lineage_kebab-userdebug 11). I have retrieved my Android ID using the ADB commands found here: Device Registration and registered my Android ID a few days ago but Google Play Store still shows: "Device is not certified" under Settings --> About --> Play Protect certification. Is there something I'm doing wrong or something else I need to do in order to get my device certified with Google Play Store?
use magisk hide props config I use the pixel 5 fingerprint and add new props
ro.product.model Pixel 5
ro.product.manufacturer Google
option 5 add those 2 after you change fingerprint you will pass and get stadia discounts just can't run edxposed I do but a few changes in that you fail hope that helps
ecompton59 said:
use magisk hide props config I use the pixel 5 fingerprint and add new props
ro.product.model Pixel 5
ro.product.manufacturer Google
option 5 add those 2 after you change fingerprint you will pass and get stadia discounts just can't run edxposed I do but a few changes in that you fail hope that helps
Click to expand...
Click to collapse
Thank you for the info. So you are saying in order to get my device "certified" with Google Play Store I need to root my device, add new props and change my fingerprint (I assume you mean Android ID)? I'm not sure what you mean by: "stadia discounts" or "edxposed". Also, I do not see where I need to root my device in the LineageOS documentation or the Google documentation so I'm still unclear why this must be done. Does Google block LineageOS devices from getting "certified" or something?
long as you used dual sim oos file to unlock your phone it won't unless you do something like that and Google thinks I have pixel 5 see pics I pass
alteredstate82 said:
Thank you for the info. So you are saying in order to get my device "certified" with Google Play Store I need to root my device, add new props and change my fingerprint (I assume you mean Android ID)? I'm not sure what you mean by: "stadia discounts" or "edxposed". Also, I do not see where I need to root my device in the LineageOS documentation or the Google documentation so I'm still unclear why this must be done. Does Google block LineageOS devices from getting "certified" or something?
Click to expand...
Click to collapse
Unlocking a bootloader breaks SafetyNet passes. This results in the play store as not being certified which usually hides specific apps such as Netflix and some other banking apps and will break them. Magisk is needed to help with spoofing your device to let the play store know your device is certified. Some ROMs have built in patches in which SafetyNet passes fine without root. I believe lineage does not do this with their ROM, so you will need magisk.
This is actually a decent article which describes this if you desire to read it - https://www.hexnode.com/blogs/safetynet-android-security/
azoller1 said:
Unlocking a bootloader breaks SafetyNet passes. This results in the play store as not being certified which usually hides specific apps such as Netflix and some other banking apps and will break them. Magisk is needed to help with spoofing your device to let the play store know your device is certified. Some ROMs have built in patches in which SafetyNet passes fine without root. I believe lineage does not do this with their ROM, so you will need magisk.
This is actually a decent article which describes this if you desire to read it - https://www.hexnode.com/blogs/safetynet-android-security/
Click to expand...
Click to collapse
Okay that makes sense. According to the: Patching Images section of the How to Install Magisk App guide I can install Magisk to the boot ramdisk (see screenshot). However, the LineageOS build I installed does not contain a "boot.img" in the zip file. There is however a "payload.bin" file which according to the: XDA Magisk Installation Guide I need to use "payload-dumper-go" to extract the boot.img from the payload.bin? Does that about sum it up or is there something else I'm missing?
alteredstate82 said:
Okay that makes sense. According to the: Patching Images section of the How to Install Magisk App guide I can install Magisk to the boot ramdisk (see screenshot). However, the LineageOS build I installed does not contain a "boot.img" in the zip file. There is however a "payload.bin" file which according to the: XDA Magisk Installation Guide I need to use "payload-dumper-go" to extract the boot.img from the payload.bin? Does that about sum it up or is there something else I'm missing?
Click to expand...
Click to collapse
Yep. You will need to extract the payload.bin file in which you will use the boot.img, then patch it with magisk, then flash the patched boot.img using fastboot. Then, you will need to use magiskhide to hide magisk itself and use the props spoof module to help with passing safetynet.
I want to say thank you for the help! I successfully installed Magisk and passed the SafetyNet checks! Everything seems to be working good. However, it seems my efforts might be wasted as Magisk is dropping support for hiding root access. This is unfortunate as I have a few job critical apps that will not work unless I hide them from root access in Magisk. Hopefully someone else will pick up the torch and continue development. It's a crime these big tech companies work so hard to prevent us from modifying hardware we own!
Hi, I flashed LineageOS 18.1 to my OnlePlus 8T (KB2003). The device is not rooted.
Since that, he device is no longer Play Protect certified and I am not able to install Netflix or use PayPal anymore.
Therefore I installed Magisk and MagiskHidePropsConf-v6.1.2 and followed the instructions above to change the fingerprint and hopefully hide, that the bootloader is unocked. But the device is still not certified (PayStore App > Settings > Info)
What have I done:
- extracted boot.img from LineageOS payload.bin
- boot.img was patched and fastboot flashed to my device (Patching_Images)
- 2 props added: ro.product.model: "Pixel 5", ro.product.manufacturer: "Google"
Did I forgot something?
But in general, why is it needed to change the fingerprint to Pixel 5? Should not work the default fingerprint of my OnePlus 8T as well?
BR Greg
gregattack said:
Hi, I flashed LineageOS 18.1 to my OnlePlus 8T (KB2003). The device is not rooted.
Since that, he device is no longer Play Protect certified and I am not able to install Netflix or use PayPal anymore.
Therefore I installed Magisk and MagiskHidePropsConf-v6.1.2 and followed the instructions above to change the fingerprint and hopefully hide, that the bootloader is unocked. But the device is still not certified (PayStore App > Settings > Info)
What have I done:
- extracted boot.img from LineageOS payload.bin
- boot.img was patched and fastboot flashed to my device (Patching_Images)
- 2 props added: ro.product.model: "Pixel 5", ro.product.manufacturer: "Google"
Did I forgot something?
But in general, why is it needed to change the fingerprint to Pixel 5? Should not work the default fingerprint of my OnePlus 8T as well?
BR Greg
Click to expand...
Click to collapse
All I needed to do to get Play Protect certified was to change my fingerprint to the OP8T KB2003 fingerprint included in MagiskHide Props Config. No other model spoofing needed.
I am still stuck on Widevine L3, however. Still haven't figured that one out, and may be unrelated.
Did you install and use the Universal SafetyNet Fix module?
If I set the kb2003 OP 8T (EU) fingerprint, it seemed not to work. But I will try again.
Do I need to clear some caches eg: play store, after changing the fingerprint or something else?
cpkelley94 said:
All I needed to do to get Play Protect certified was to change my fingerprint to the OP8T KB2003 fingerprint included in MagiskHide Props Config. No other model spoofing needed.
I am still stuck on Widevine L3, however. Still haven't figured that one out, and may be unrelated.
Click to expand...
Click to collapse
finally I installed Universal SafetyNet Fix and switched to the kb2003 fingerprint and reset all other modification like custom props for the pixel phone. Now it's working. No idea why it fails in previous approach
Strange, on my device. Not on lineage though - I pass safetynet without help from any modules. No props or even USF module. Rooted and bootloader unlocked.
Op8t 5g tmobile.
ykjae said:
Strange, on my device. Not on lineage though - I pass safetynet without help from any modules. No props or even USF module. Rooted and bootloader unlocked.
Op8t 5g tmobile.
Click to expand...
Click to collapse
which image are you using?
I read, that some images like https://evolution-x.org/ pass safetynet out of the box but I did'nt test this.
Finally the unlocked bootloader is the problem.
Tried to follow ALL the methods for previous 6 roots and Gpay fixes and can't seem to find a method. Any ideas? I know this is a new phone so perhaps I have to wait, but just curious if there was somethign I may have missed. Followed this method:
fl3xtra said:
Tried to follow ALL the methods for previous 6 roots and Gpay fixes and can't seem to find a method. Any ideas? I know this is a new phone so perhaps I have to wait, but just curious if there was somethign I may have missed. Followed this method:
Click to expand...
Click to collapse
See this post and read the few pages before and after that to get an understanding of what is going on. Basically, Play Integrity API is replacing SafetyNet API so adjustments had to be made.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Also this...
[Magisk] Google wallet (pay) with magisk
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do: - Update Magisk to 25.2, Update magisk app to 25.2 as well - Rename Magisk app if you havent already - [ OPTIONAL ]...
forum.xda-developers.com
I havent tried on this phone but every device I use I've had success with https://github.com/kdrag0n/safetynet-fix
tlxxxsracer said:
I havent tried on this phone but every device I use I've had success with https://github.com/kdrag0n/safetynet-fix
Click to expand...
Click to collapse
From what I read (I could be wrong), Google made changes to their authentication in June 2022.
I literally just got it to work 30 min ago. I followed instructions here: https://forum.xda-developers.com/t/...tynet-fix-2-3-1.4217823/page-91#post-87198517
Not sure if step #1 did anything since I don't have MagiskHidePropsConfig configured in any special way. I think it was the modded safetynet fix that did the trick.
Can you share your steps on rooting? Where did you get the boot.img?
Indian gpay or wallet gpay
z0mghii said:
Can you share your steps on rooting? Where did you get the boot.img?
Click to expand...
Click to collapse
I use a Verizon MVNO as my carrier so i downloaded the factory image that's already available on Google. Extracted boot.img from there.
I believe that not all factory images are available yet so you may have to wait if you don't use Verizon or Verizon mvno. (Might be available on Monday.)
Lughnasadh said:
See this post and read the few pages before and after that to get an understanding of what is going on. Basically, Play Integrity API is replacing SafetyNet API so adjustments had to be made.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Also this...
[Magisk] Google wallet (pay) with magisk
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do: - Update Magisk to 25.2, Update magisk app to 25.2 as well - Rename Magisk app if you havent already - [ OPTIONAL ]...
forum.xda-developers.com
Click to expand...
Click to collapse
I got it to work. The one thing I did differently than some other guides is I changed my phone to a Pixel 4a under props config. Seems to work now and haven't had any issues.
Rooting this phone will be the same as every other Pixel phone. Of course rooting and keeping apps like banking and GPay is an ongoing battle between Google and developers. The requirement to root and use those apps will change as Google updates their security methods, but again that won't be a "per phone" issue, it will be the same methods for all rooted Pixel phones.
Any idea how this affects Felica models? (the ones sold in Japan)
fl3xtra said:
I got it to work. The one thing I did differently than some other guides is I changed my phone to a Pixel 4a under props config. Seems to work now and haven't had any issues.
Click to expand...
Click to collapse
That shouldn't be necessary, assuming you're not running some custom rom.
Anyway, I didn't do that, and google pay and wallet work fine on this phone using magisk with the stock android 13 rom.
Lughnasadh said:
See this post and read the few pages before and after that to get an understanding of what is going on. Basically, Play Integrity API is replacing SafetyNet API so adjustments had to be made.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Also this...
[Magisk] Google wallet (pay) with magisk
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do: - Update Magisk to 25.2, Update magisk app to 25.2 as well - Rename Magisk app if you havent already - [ OPTIONAL ]...
forum.xda-developers.com
Click to expand...
Click to collapse
Folks, the answer is RIGHT HERE.
The issue is NOT device fingerprints or authentication. Google has deprecated the SafetyNet API for the new Play Integrity API, which makes it impossible to spoof an evaluationType of MEETS_STRONG_INTEGRITY.
The solution, as @Lughnasadh shared, is the modified Universal SafetyNet FIx module shared by Displax, which forces the system to use the legacy SafetyNet attestation. This is only a temporary solution, as the time may eventually come when Google removes support for SafetyNet altogether from their apps. There is no permanent solution, nor will there ever be, because spoofing hardware backed device integrity is not possible due to hardware key attestation and the Android Trusted Execution Environment.
Edit:
The USNF module moded by displax fixes both safetynet and security patch info! Thank
rocketda7331 for your experience and nice guidance!
Also, thank BillGoss for your fast help!
Your info gave me the chance to turn back from my wrong direction!
As shown here [ https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf/blob/master/common/prints.sh ], they only have OOS [11] device fingerprints:
OnePlus 8T China KB2000 (11):OnePlus:KB2000=OnePlus/OnePlus8T_CH/OnePlus8T:11/RP1A.201005.001/2108261338:user/release-keys__2021-08-01
OnePlus 8T India KB2001 (11):OnePlus:KB2001=OnePlus/OnePlus8T_IND/OnePlus8T:11/RP1A.201005.001/2110091916:user/release-keys__2021-10-01
OnePlus 8T Europe KB2003 (11):OnePlus:KB2003=OnePlus/OnePlus8T_EEA/OnePlus8T:11/RP1A.201005.001/2110091916:user/release-keys__2021-10-01
OnePlus 8T Global KB2005 (11):OnePlus:KB2005=OnePlus/OnePlus8T/OnePlus8T:11/RP1A.201005.001/2110091917:user/release-keys__2021-10-01
OnePlus 8T T-Mobile KB2007 (11):OnePlus:KB2007=OnePlus/OnePlus8TTMO/OnePlus8TTMO:11/RP1A.201005.001/2108091917:user/release-keys__2021-08-01
But I'm already on LineagsOS 19.1 (Android 12), and I forgotttttttttttt to check the fingerprint of OOS 12 by myself before installing LOS...
Although OOS 11 fingerprint is still able to pass SafetyNet, but it also gives me a "Platform: Out of date" false alarm under "Android security patches" even with latest LOS build installed.
Does any gentleman happens to have OOS [12] device fingerprints for kb2005 or kb2007?
Thanks in advance!!!
ro.build.display.ota: KB2005_11_C.35
ro.build.fingerprint: OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.202208261328:user/release-keys
If you want other properties, let me know.
BillGoss said:
ro.build.display.ota: KB2005_11_C.35
ro.build.fingerprint: OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.202208261328:user/release-keys
If you want other properties, let me know.
Click to expand...
Click to collapse
Thanks a lot! You're GREAT!
Sadly this fingerprint can not pass SafetyNet, it gives a "CTS profile match: Fail".
But it fixes the "Platform: Out of date" in "Android security patches"!
You still saved my day! Thank you for your selfless help!
By the way, the LOS 19.1 (20221013) fingerprint is:
OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.20220730031:user/release-keys
which looks very similar to the OOS C.35 12 fingerprint.
Hmm... Maybe OnePlus just forgot to update it's SafetyNet status?
Found a related issue:
SafetyNet fails on C.20 update for OnePlus 8 Pro · Issue #188 · kdrag0n/safetynet-fix
The "C.20" update for OnePlus 8 Pro based on Android 12 and the OxygenOS 12.1 overlay in correlation with "SafetyNet-Fix v2.2.1" completely blocks the fingerprint scanner. Uninstalling this module ...
github.com
Issue is still open, seems OnePlus has broken something...
GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
rocketda7331 said:
GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
Click to expand...
Click to collapse
Yeah thx I already have that.
With that and hideprops module installed, I can already pass safetynet with OOS 11 fingerprint.
But it's android 11 fingerprint and I'm running android 12 (lineageos 19.1), so using that fingerprint gives me "Platform: Out of date" in "Android security patches".
And as shown above, OOS 12 fingerprint seems problematic too.
For now I can only switch back to OOS 11 fingerprint and watch how this will end...
What are you trying to achieve? If you just want to pass safetynet, you can ditch magiskhideprops module. safetytnet fix module will only spoof your fingerprint for google play services, elsewhere you will have correct fingerprint. I am also on LOS19.1 and everything is reported up to date in Android security patches with this setup. If you wish to keep using magiskhide props for other purposes, you can keep it, but reset your fingerprint.
I will also point out that the linked safetynetfix is modded by displax and is not the original you might have if you installed it ages ago. To pass safetynet nowadays you should update it to this one.
rocketda7331 said:
What are you trying to achieve? If you just want to pass safetynet, you can ditch magiskhideprops module. safetytnet fix module will only spoof your fingerprint for google play services, elsewhere you will have correct fingerprint. I am also on LOS19.1 and everything is reported up to date in Android security patches with this setup. If you wish to keep using magiskhide props for other purposes, you can keep it, but reset your fingerprint.
Click to expand...
Click to collapse
I tried to pass safetynet with a fingerprint from oos 12, not oos 11.
Safetynetfix module is not enough for me because my other apps and games also checks safetynet, so I also have hidepropsconfig module installed. And I use YASNAC to check safetynet.
With hideprops module enabled and oos 11 fingerprint spoofed, I can pass safetynet check, but also got "Platform: Out of date".
With hideprops module enabled and oos 12 fingerprint spoofed, I cannot pass safetynet check, but the platform became okay.
With hideprops module disabled, I cannot pass safetynet check with YASNAC (but google play is okay because safetynetfix module is active), and the platform is okay too. Is this your current state?
IAAxl said:
I tried to pass safetynet with a fingerprint from oos 12, not oos 11.
Safetynetfix module is not enough for me because my other apps and games also checks safetynet, so I also have hidepropsconfig module installed. And I use YASNAC to check safetynet.
With hideprops module enabled and oos 11 fingerprint spoofed, I can pass safetynet check, but also got "Platform: Out of date".
With hideprops module enabled and oos 12 fingerprint spoofed, I cannot pass safetynet check, but the platform became okay.
With hideprops module not enabled, I cannot pass safetynet check, and the platform is okay too. Is this your current state?
Click to expand...
Click to collapse
Are you sure you are using modded safetynetfix module by displax? See if it says "modded by displax" in your magisk modules section. If you have confirmed this, disable magiskhideprops and reboot your phone. Clear data/cache for google play services(note, this will reset your google related settings) and run safetynet attestation. It should pass this way. Apps check safetynet through google, they aren't running their own checks for that, however they can detect root through other methods that don't care about your safetynet status. What app do you have problem with, I could try. You don't have to mess with fingerprints with this module and I assume this is what is actually messing things up for you.
I have oneplus 8t, running lineageos 19.1 and only with safetynetfix mod I can pass safetynet everywhere every time.
rocketda7331 said:
Are you sure you are using modded safetynetfix module by displax? See if it says "modded by displax" in your magisk modules section. If you have confirmed this, disable magiskhideprops and reboot your phone. Clear data/cache for google play services(note, this will reset your google related settings) and run safetynet attestation. It should pass this way. Apps check safetynet through google, they aren't running their own checks for that, however they can detect root through other methods that don't care about your safetynet status. What app do you have problem with, I could try. You don't have to mess with fingerprints with this module and I assume this is what is actually messing things up for you.
I have oneplus 8t, running lineageos 19.1 and only with safetynetfix mod I can pass safetynet everywhere every time.
Click to expand...
Click to collapse
I'm using kdrag0n's universal safetynet fix module v2.3.1, with propsconfig by Didgeridoohan.
I'll check displax's modded version and try your build!
Thanks a lot for sharing your success experience!
IAAxl said:
I'm using kdrag0n's universal safetynet fix module v2.3.1, with propsconfig by Didgeridoohan.
I'll check displax's modded version and try your build!
Thanks a lot for sharing your success experience!
Click to expand...
Click to collapse
Disable propsconfig. Displax' modded version will be all you need to pass safetynet and you will have correct fingerprint(so correct security updates information as well) everywhere else.
rocketda7331 said:
Disable propsconfig. Displax' modded version will be all you need to pass safetynet and you will have correct fingerprint(so correct security updates information as well) everywhere else.
Click to expand...
Click to collapse
It worked!
Thank you so much for your experience and nice guidance!
You saved my year!
IAAxl said:
It worked!
Thank you so much for your experience and nice guidance!
You saved my year!
Click to expand...
Click to collapse
Also check article
How to pass SafetyNet on Android after rooting or installing a custom ROM
It is possible to pass SafetyNet, even after extensive modding like rooting or installing a custom ROM. Check out how to do that here!
www.xda-developers.com