Hi,
My question is simple, what is the difference between Xposed and EdXposed, and if there is a way to install it without loosing safety net.
My phone is a Oneplus 7 with android 10.
Thanks and best wishes for the new year!
EdXposed Framework allows to install XPosed Framework on devices running Android 10, Pie, and Oreo .
EdXposed requires your device must be rooted with Magisk v20.2+
By means of MagiskHide you can prevent SafetyNet's hardware attestion will fail.
jwoegerbauer said:
EdXposed Framework allows to install XPosed Framework on devices running Android 10, Pie, and Oreo .
EdXposed requires your device must be rooted with Magisk v20.2+
By means of MagiskHide you can prevent SafetyNet's hardware attestion will fail.
Click to expand...
Click to collapse
So it's impossible?
Biasio said:
So it's impossible?
Click to expand...
Click to collapse
Latest SafetyNet version not only checks for Android got rooted but also for device's bootloader got unlocked. The problem for John Wu - developer of Magisk - is that the new key attestation workflow now is hardware-based, and the code is sent by OEM to Google's server. May be some day he will find a solution ... it's unlikely that MagiskHide will be able to alter the key or intercept the transmission, IMHO.
Resume: Until then SafetyNet works as expected by OEMs and app developers, who have an interest in having an unmodified Android.
To add, you could try magisk module MHPC (Magisk Hide Props Config) which is what you'd use to modify device fingerprint and other system props.
The particular features in MHPC you may want to use which MIGHT get SafetyNet to pass are the Device Simulation and Force Basic Attestation. Combined, along with setting a similar device's fingerprint as long as that selected device isn't designed with hardware attestation, could be enough to fool SN. EdXposed coupled with Magisk's own Hide feature to hide themselves from GSF, GPS, Gpay, etc, should prove successful. The issue lies mostly with which order the software is installed and hidden, sometimes with rebooting being absolutely essential between certain steps. It really is a trial and error process.
Biasio said:
Hi,
My question is simple, what is the difference between Xposed and EdXposed, and if there is a way to install it without loosing safety net.
My phone is a Oneplus 7 with android 10.
Thanks and best wishes for the new year!
Click to expand...
Click to collapse
Turn Off Edxposed module from magisk download and install LSposed apk install it...Goto magisk and download module Riru LSposed...reboot your phone... That's It Check your safety net.... Dont forget to off or remove Edxposed module or any other xposed enhanced framework module you using...lemme know if it worked for you...
Related
If you want to make your Google Pay work, make sure you followed those steps below
Use AOSP/LOS or OEM Based rom. MIUI 7 and 8 have problems with SafetyNet [Even if you have Magisk installed]
***MOST IMPORTANT***
[###ROOT###]
Check your Selinux Mode in the About Phone section in Settings.
Selinux is another Google Protection featured with Kitkat in 2014
If you have Permissive, change it to Enforcing using this app [Download Attached Files]
Reboot after applying Enforcing. Don't Delete Selinux Mode Changer, You will lose your Enforcing and will be switched back to Permissive
Use Magisk only - Don't use SuperSu, it doesn't have Hiding features and it is not supported anymore
If magisk triggers your SafetyNet (Main reason why Google pay stops working) install the SafetyPatch module or Magisk Hide Props or check your SafetyNet. That will fix your safety net.
Don't use XPOSED, it will trigger safety net even if magisk hide working. Xposed modify Boot.IMG, the reason for the safety net to trigger. If you cant live without Xposed, use EDXPOSED magisk module, install Riru core, riru edxposed and Xposed installer that will not trigger your safety net (Please note: Android 5.1 Android 6.0 get bootloop because of EdXposed, sorry guys no luck)
Don't Update you GOOGLE PAY - google updates security patch, magisk too Update your Google pay rarely
Always update your magisk and try to download magisk from Github.
Check your Safety net and make sure your Selinux is in Enforcing Mode
???
If that helped you, you are welcome
thanks for this solution.
Regards
Ginifa
dviree said:
???
Click to expand...
Click to collapse
Not sure what is so funny?....
Not able to install
amelbeabk said:
That Google Pay image says your phone is rooted, but it says that as an example as what could have tripped off Safety Net.
Safety Net failing doesn't mean you a rooted. Safety Net is designed to fail if you have an Unlocked bootloader.
Click to expand...
Click to collapse
It sucks, but for things like Google Pay, I'd strongly suggest that you just give up. Google is contractually obligated to play this game with you and try to prevent you from using it on a rooted "insecure" device so they can process card payments.
I have moto G5+ with unlocked bootloader and magisk. Google pay works fine and saftey net does not fail if bootloader is unlocked
I have a custom rom. Only way to get Magist working was to install EdXposed and hide module. SafetyNet Test also says safetynet passes but my gpay doesnt want to work. Assuming its seeing edxposed perhaps. Anything else i can do
dk0dave said:
I have moto G5+ with unlocked bootloader and magisk. Google pay works fine and saftey net does not fail if bootloader is unlocked
Click to expand...
Click to collapse
I also have moto G5+, But still not unlock boothloader. I need study more for unlocked it, however this comment is helpful to get a decision for me, Thanks.
Tutuapp Movie HD Cokernutx
Google Play warns me to uninstall SELinux Changer, then shuts my phone down. I tried uninstalling it then rebooting, but the phone is behaving extremely oddly and shutting down by itself.
Now I have to format it, just to be sure.
murick_show said:
If you want to make your Google Pay work, make sure you followed those steps below
Use AOSP/LOS or OEM Based rom. MIUI 7 and 8 have problems with SafetyNet [Even if you have Magisk installed]
***MOST IMPORTANT***
[###ROOT###]
Check your Selinux Mode in the About Phone section in Settings.
Selinux is another Google Protection featured with Kitkat in 2014
If you have Permissive, change it to Enforcing using this app [Download Attached Files]
Reboot after applying Enforcing. Don't Delete Selinux Mode Changer, You will lose your Enforcing and will be switched back to Permissive
Use Magisk only - Don't use SuperSu, it doesn't have Hiding features and it is not supported anymore
If magisk triggers your SafetyNet (Main reason why Google pay stops working) install the SafetyPatch module or Magisk Hide Props or check your SafetyNet. That will fix your safety net.
Don't use XPOSED, it will trigger safety net even if magisk hide working. Xposed modify Boot.IMG, the reason for the safety net to trigger. If you cant live without Xposed, use EDXPOSED magisk module, install Riru core, riru edxposed and Xposed installer that will not trigger your safety net (Please note: Android 5.1 Android 6.0 get bootloop because of EdXposed, sorry guys no luck)
Don't Update you GOOGLE PAY - google updates security patch, magisk too Update your Google pay rarely
Always update your magisk and try to download magisk from Github.
Check your Safety net and make sure your Selinux is in Enforcing Mode
Click to expand...
Click to collapse
Hello, hope you can help, installed Beyond ROM and Thunderstorm kernel. Google pay not working, SE for Android status shows 'enforcing' when the apk is installed the 'permissions' and ''enforcing' tabs are greyed out. Thank you
I'm considering buying this phone but if it lacks support for BASIC attestation would mean that hiding root would be impossible and hence the phone would be useless for me.
Zincoshine said:
I'm considering buying this phone but if it lacks support for BASIC attestation would mean that hiding root would be impossible and hence the phone would be useless for me.
Click to expand...
Click to collapse
As of now with magisk 23.0 on Android 11 I'm able to hide everything g-pay all banking credit card apps working. Magisk is changing in Android 12 so I'm unsure. But I believe there are still some modules we can use to hide su access in magisk canary beta for 12.
There are several modules for Magisk that allow for basic. I have been using them since I bought the phone on release day, and have been able to use all apps. I would recommend sticking to Magisk v23 instead of the newer version, as hide has been removed (for now). You will get conflicting advice on this, and will most likely have to make a decision to move to a12 or keep hide down the line.
Lmk if you would like my list or modules.
mattie_49 said:
As of now with magisk 23.0 on Android 11 I'm able to hide everything g-pay all banking credit card apps working. Magisk is changing in Android 12 so I'm unsure. But I believe there are still some modules we can use to hide su access in magisk canary beta for 12.
Click to expand...
Click to collapse
I have no intention of ever updating to Android 12 so this won't matter. My oneplus 5T has been on Android 8.1 for years (mainly because I wanted that sweet sweet taste of the original rovo89 Xposed framework) and it has worked fine but it's clearly nearing the end of its life and has a slightly broken screen.
OP9 LE2110 with OOS 11.2.8.8.LE25BA rooted with Magisk 23. Working apart of banking app. G Pay is ok
Everything is working great with latest Magisk Alpha, Universal SafetyNet Fix and Zygisk enabled with Deny list (New MagiskHide)
Tried to follow ALL the methods for previous 6 roots and Gpay fixes and can't seem to find a method. Any ideas? I know this is a new phone so perhaps I have to wait, but just curious if there was somethign I may have missed. Followed this method:
fl3xtra said:
Tried to follow ALL the methods for previous 6 roots and Gpay fixes and can't seem to find a method. Any ideas? I know this is a new phone so perhaps I have to wait, but just curious if there was somethign I may have missed. Followed this method:
Click to expand...
Click to collapse
See this post and read the few pages before and after that to get an understanding of what is going on. Basically, Play Integrity API is replacing SafetyNet API so adjustments had to be made.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Also this...
[Magisk] Google wallet (pay) with magisk
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do: - Update Magisk to 25.2, Update magisk app to 25.2 as well - Rename Magisk app if you havent already - [ OPTIONAL ]...
forum.xda-developers.com
I havent tried on this phone but every device I use I've had success with https://github.com/kdrag0n/safetynet-fix
tlxxxsracer said:
I havent tried on this phone but every device I use I've had success with https://github.com/kdrag0n/safetynet-fix
Click to expand...
Click to collapse
From what I read (I could be wrong), Google made changes to their authentication in June 2022.
I literally just got it to work 30 min ago. I followed instructions here: https://forum.xda-developers.com/t/...tynet-fix-2-3-1.4217823/page-91#post-87198517
Not sure if step #1 did anything since I don't have MagiskHidePropsConfig configured in any special way. I think it was the modded safetynet fix that did the trick.
Can you share your steps on rooting? Where did you get the boot.img?
Indian gpay or wallet gpay
z0mghii said:
Can you share your steps on rooting? Where did you get the boot.img?
Click to expand...
Click to collapse
I use a Verizon MVNO as my carrier so i downloaded the factory image that's already available on Google. Extracted boot.img from there.
I believe that not all factory images are available yet so you may have to wait if you don't use Verizon or Verizon mvno. (Might be available on Monday.)
Lughnasadh said:
See this post and read the few pages before and after that to get an understanding of what is going on. Basically, Play Integrity API is replacing SafetyNet API so adjustments had to be made.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Also this...
[Magisk] Google wallet (pay) with magisk
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do: - Update Magisk to 25.2, Update magisk app to 25.2 as well - Rename Magisk app if you havent already - [ OPTIONAL ]...
forum.xda-developers.com
Click to expand...
Click to collapse
I got it to work. The one thing I did differently than some other guides is I changed my phone to a Pixel 4a under props config. Seems to work now and haven't had any issues.
Rooting this phone will be the same as every other Pixel phone. Of course rooting and keeping apps like banking and GPay is an ongoing battle between Google and developers. The requirement to root and use those apps will change as Google updates their security methods, but again that won't be a "per phone" issue, it will be the same methods for all rooted Pixel phones.
Any idea how this affects Felica models? (the ones sold in Japan)
fl3xtra said:
I got it to work. The one thing I did differently than some other guides is I changed my phone to a Pixel 4a under props config. Seems to work now and haven't had any issues.
Click to expand...
Click to collapse
That shouldn't be necessary, assuming you're not running some custom rom.
Anyway, I didn't do that, and google pay and wallet work fine on this phone using magisk with the stock android 13 rom.
Lughnasadh said:
See this post and read the few pages before and after that to get an understanding of what is going on. Basically, Play Integrity API is replacing SafetyNet API so adjustments had to be made.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Also this...
[Magisk] Google wallet (pay) with magisk
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do: - Update Magisk to 25.2, Update magisk app to 25.2 as well - Rename Magisk app if you havent already - [ OPTIONAL ]...
forum.xda-developers.com
Click to expand...
Click to collapse
Folks, the answer is RIGHT HERE.
The issue is NOT device fingerprints or authentication. Google has deprecated the SafetyNet API for the new Play Integrity API, which makes it impossible to spoof an evaluationType of MEETS_STRONG_INTEGRITY.
The solution, as @Lughnasadh shared, is the modified Universal SafetyNet FIx module shared by Displax, which forces the system to use the legacy SafetyNet attestation. This is only a temporary solution, as the time may eventually come when Google removes support for SafetyNet altogether from their apps. There is no permanent solution, nor will there ever be, because spoofing hardware backed device integrity is not possible due to hardware key attestation and the Android Trusted Execution Environment.
Edit:
The USNF module moded by displax fixes both safetynet and security patch info! Thank
rocketda7331 for your experience and nice guidance!
Also, thank BillGoss for your fast help!
Your info gave me the chance to turn back from my wrong direction!
As shown here [ https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf/blob/master/common/prints.sh ], they only have OOS [11] device fingerprints:
OnePlus 8T China KB2000 (11):OnePlus:KB2000=OnePlus/OnePlus8T_CH/OnePlus8T:11/RP1A.201005.001/2108261338:user/release-keys__2021-08-01
OnePlus 8T India KB2001 (11):OnePlus:KB2001=OnePlus/OnePlus8T_IND/OnePlus8T:11/RP1A.201005.001/2110091916:user/release-keys__2021-10-01
OnePlus 8T Europe KB2003 (11):OnePlus:KB2003=OnePlus/OnePlus8T_EEA/OnePlus8T:11/RP1A.201005.001/2110091916:user/release-keys__2021-10-01
OnePlus 8T Global KB2005 (11):OnePlus:KB2005=OnePlus/OnePlus8T/OnePlus8T:11/RP1A.201005.001/2110091917:user/release-keys__2021-10-01
OnePlus 8T T-Mobile KB2007 (11):OnePlus:KB2007=OnePlus/OnePlus8TTMO/OnePlus8TTMO:11/RP1A.201005.001/2108091917:user/release-keys__2021-08-01
But I'm already on LineagsOS 19.1 (Android 12), and I forgotttttttttttt to check the fingerprint of OOS 12 by myself before installing LOS...
Although OOS 11 fingerprint is still able to pass SafetyNet, but it also gives me a "Platform: Out of date" false alarm under "Android security patches" even with latest LOS build installed.
Does any gentleman happens to have OOS [12] device fingerprints for kb2005 or kb2007?
Thanks in advance!!!
ro.build.display.ota: KB2005_11_C.35
ro.build.fingerprint: OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.202208261328:user/release-keys
If you want other properties, let me know.
BillGoss said:
ro.build.display.ota: KB2005_11_C.35
ro.build.fingerprint: OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.202208261328:user/release-keys
If you want other properties, let me know.
Click to expand...
Click to collapse
Thanks a lot! You're GREAT!
Sadly this fingerprint can not pass SafetyNet, it gives a "CTS profile match: Fail".
But it fixes the "Platform: Out of date" in "Android security patches"!
You still saved my day! Thank you for your selfless help!
By the way, the LOS 19.1 (20221013) fingerprint is:
OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.20220730031:user/release-keys
which looks very similar to the OOS C.35 12 fingerprint.
Hmm... Maybe OnePlus just forgot to update it's SafetyNet status?
Found a related issue:
SafetyNet fails on C.20 update for OnePlus 8 Pro · Issue #188 · kdrag0n/safetynet-fix
The "C.20" update for OnePlus 8 Pro based on Android 12 and the OxygenOS 12.1 overlay in correlation with "SafetyNet-Fix v2.2.1" completely blocks the fingerprint scanner. Uninstalling this module ...
github.com
Issue is still open, seems OnePlus has broken something...
GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
rocketda7331 said:
GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
Click to expand...
Click to collapse
Yeah thx I already have that.
With that and hideprops module installed, I can already pass safetynet with OOS 11 fingerprint.
But it's android 11 fingerprint and I'm running android 12 (lineageos 19.1), so using that fingerprint gives me "Platform: Out of date" in "Android security patches".
And as shown above, OOS 12 fingerprint seems problematic too.
For now I can only switch back to OOS 11 fingerprint and watch how this will end...
What are you trying to achieve? If you just want to pass safetynet, you can ditch magiskhideprops module. safetytnet fix module will only spoof your fingerprint for google play services, elsewhere you will have correct fingerprint. I am also on LOS19.1 and everything is reported up to date in Android security patches with this setup. If you wish to keep using magiskhide props for other purposes, you can keep it, but reset your fingerprint.
I will also point out that the linked safetynetfix is modded by displax and is not the original you might have if you installed it ages ago. To pass safetynet nowadays you should update it to this one.
rocketda7331 said:
What are you trying to achieve? If you just want to pass safetynet, you can ditch magiskhideprops module. safetytnet fix module will only spoof your fingerprint for google play services, elsewhere you will have correct fingerprint. I am also on LOS19.1 and everything is reported up to date in Android security patches with this setup. If you wish to keep using magiskhide props for other purposes, you can keep it, but reset your fingerprint.
Click to expand...
Click to collapse
I tried to pass safetynet with a fingerprint from oos 12, not oos 11.
Safetynetfix module is not enough for me because my other apps and games also checks safetynet, so I also have hidepropsconfig module installed. And I use YASNAC to check safetynet.
With hideprops module enabled and oos 11 fingerprint spoofed, I can pass safetynet check, but also got "Platform: Out of date".
With hideprops module enabled and oos 12 fingerprint spoofed, I cannot pass safetynet check, but the platform became okay.
With hideprops module disabled, I cannot pass safetynet check with YASNAC (but google play is okay because safetynetfix module is active), and the platform is okay too. Is this your current state?
IAAxl said:
I tried to pass safetynet with a fingerprint from oos 12, not oos 11.
Safetynetfix module is not enough for me because my other apps and games also checks safetynet, so I also have hidepropsconfig module installed. And I use YASNAC to check safetynet.
With hideprops module enabled and oos 11 fingerprint spoofed, I can pass safetynet check, but also got "Platform: Out of date".
With hideprops module enabled and oos 12 fingerprint spoofed, I cannot pass safetynet check, but the platform became okay.
With hideprops module not enabled, I cannot pass safetynet check, and the platform is okay too. Is this your current state?
Click to expand...
Click to collapse
Are you sure you are using modded safetynetfix module by displax? See if it says "modded by displax" in your magisk modules section. If you have confirmed this, disable magiskhideprops and reboot your phone. Clear data/cache for google play services(note, this will reset your google related settings) and run safetynet attestation. It should pass this way. Apps check safetynet through google, they aren't running their own checks for that, however they can detect root through other methods that don't care about your safetynet status. What app do you have problem with, I could try. You don't have to mess with fingerprints with this module and I assume this is what is actually messing things up for you.
I have oneplus 8t, running lineageos 19.1 and only with safetynetfix mod I can pass safetynet everywhere every time.
rocketda7331 said:
Are you sure you are using modded safetynetfix module by displax? See if it says "modded by displax" in your magisk modules section. If you have confirmed this, disable magiskhideprops and reboot your phone. Clear data/cache for google play services(note, this will reset your google related settings) and run safetynet attestation. It should pass this way. Apps check safetynet through google, they aren't running their own checks for that, however they can detect root through other methods that don't care about your safetynet status. What app do you have problem with, I could try. You don't have to mess with fingerprints with this module and I assume this is what is actually messing things up for you.
I have oneplus 8t, running lineageos 19.1 and only with safetynetfix mod I can pass safetynet everywhere every time.
Click to expand...
Click to collapse
I'm using kdrag0n's universal safetynet fix module v2.3.1, with propsconfig by Didgeridoohan.
I'll check displax's modded version and try your build!
Thanks a lot for sharing your success experience!
IAAxl said:
I'm using kdrag0n's universal safetynet fix module v2.3.1, with propsconfig by Didgeridoohan.
I'll check displax's modded version and try your build!
Thanks a lot for sharing your success experience!
Click to expand...
Click to collapse
Disable propsconfig. Displax' modded version will be all you need to pass safetynet and you will have correct fingerprint(so correct security updates information as well) everywhere else.
rocketda7331 said:
Disable propsconfig. Displax' modded version will be all you need to pass safetynet and you will have correct fingerprint(so correct security updates information as well) everywhere else.
Click to expand...
Click to collapse
It worked!
Thank you so much for your experience and nice guidance!
You saved my year!
IAAxl said:
It worked!
Thank you so much for your experience and nice guidance!
You saved my year!
Click to expand...
Click to collapse
Also check article
How to pass SafetyNet on Android after rooting or installing a custom ROM
It is possible to pass SafetyNet, even after extensive modding like rooting or installing a custom ROM. Check out how to do that here!
www.xda-developers.com
I have zero interest in rooting my phone, but because 5G/VoLTE/VoWiFi are not supported in my country (Slovakia) I had to root it. After successful root, passing SafetyNet and pretty much make everything to work as expected, my Company Portal is detecting root when running Teams and Outlook provisioned by my Company Portal despite having them in DenyList. Is there anyone who managed to pass this?
Thank you.
Happened to me as well. I used Shamiko magisk module and it's all good now.
@chaos193, did you use Riru along?
Or maybe even better question if you don't mind - what modules are you using to successfully pass SafetyNet and hide root?
Can you list them one by one, please?
Either use Shamiko or MagiskHidePropsConf to mask additional properties. I can confirm that InTune Company Portal works fine with SafetyNetFix + Shamiko
p4ra said:
@chaos193, did you use Riru along?
Or maybe even better question if you don't mind - what modules are you using to successfully pass SafetyNet and hide root?
Can you list them one by one, please?
Click to expand...
Click to collapse
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
chaos193 said:
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
Click to expand...
Click to collapse
Quick question @chaos193 - I haven't updated Shamiko to 0.6 as the update states that it requires Magisk 25205+. Reckon that would be magisk canary? Or as you using 0.6 with Magisk stable?
WhoIsJohnGalt1979 said:
Quick question @chaos193 - I haven't updated Shamiko to 0.6 as the update states that it requires Magisk 25205+. Reckon that would be magisk canary? Or as you using 0.6 with Magisk stable?
Click to expand...
Click to collapse
I used it with magisk stable 25.2. I think we are all using magisk stable to root our phone right?
I have tried your suggestions, but still does not seem to work. Adding screenshots.
Can you help me, please? What is wrong with my setup?
Following steps work 100% - I had the same issue.
1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app
I had issue with a specific banking app which detects root by most of the methods. I made it working by using shamiko + airfrozen which i was not really liking.
Now i wnded up with a forked project of magisk bu Husky called magisk delta which brought back magisk hide along with zygisk. With this i don't need shamiko, magiskpropshide, airfrozen or any modules for hiding the root from apps. Yes for safetynet you can use the modded veraion by D. Below is the link. If you are interested have a look at Magisk Delta by HuskyDG... I use the magisk delta canary builds...
I have made it work with first approach. I did a restart of the phone and it worked.
What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.
Is there any other module I am missing for this last piece of puzzle?
And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.
p4ra said:
I have made it work with first approach. I did a restart of the phone and it worked.
What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.
Is there any other module I am missing for this last piece of puzzle?
And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.
Click to expand...
Click to collapse
I'm not quite sure which VoLTE/VoWiFi/5G Magisk module you are referring to, but I believe enabling 5G requires modified mbn files specific to your country/region.
Regarding OTAs, there are two "How To" guides here with all the details you need.
Blaze1001 said:
Following steps work 100% - I had the same issue.
1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app
Click to expand...
Click to collapse
I have done exactly this but it still detects
Oneplus 7 pro
LineageOS 19.1 Nov 27th nightly build
This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)b. Microsoft Authenticator (if you use it)c. Microsoft Defender (if you use it)5. Make sure you clear app data for the apps in the deny list after adding them to the deny list
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
craigacgomez said:
This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)b. Microsoft Authenticator (if you use it)c. Microsoft Defender (if you use it)5. Make sure you clear app data for the apps in the deny list after adding them to the deny list
Click to expand...
Click to collapse
s3axel said:
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
Click to expand...
Click to collapse
Still doesn't work. Its weird because it worked for one night and the next morning it stopped.
UPDATE: its LSPosed I think. But this is the only way to force dark mode on some apps....
UPDATE 2: I disabled forced dark mode on all Microsoft apps in LSPosed plugin and its looking good so far...
UPDATE 3: Had a full day with not a single root detection notification. Looks solid!
s3axel said:
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
Click to expand...
Click to collapse
one of the worse parts of it, if not the worst, is that nobody knows what it detects and there's no guide that applies to each and every device,
I tried in 3 devices, the exact same steps and files, etc, it worked on the 1st one, but on the other two.. no!
For all those who still got issues as another idea: Does Google Wallet work ? Is the device play protect certified ?
I ask because to get Wallet to work (and presumably other apps that rely on Safetynet and/or Play Protect certification) the additional step after #5 in the list above is: clear data for Google Play Services and Google Play Store, then reboot (your device will ask for Google backup configuration again).....
I got the same issue with an App called "SwissID". It recognizes magisk for some reason. All other Apps work (like banking, google wallet etc.)
chaos193 said:
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
Click to expand...
Click to collapse
Its work to me!!! Thanks