Related
For those who use any official MIUI release (be it Global or Chinese, Stable or Dev):
Download your GSI of preference from Treble-compatible Devices Development section of XDA to your PC. Make sure you download an ARM64 A-only version.
In TWRP on your phone, hit Wipe and then Format Data and confirm it with typing „yes”
Connect your phone in fastboot mode to your PC
Open the command prompt in the folder where your fastboot.exe is located
Type: fastboot flash system path_to_your_GSI.img (Tip: you can also type fastboot flash system and drag and drop it on the command prompt window)
Type: fastboot reboot
The device should reboot to your freshly installed GSI.
For those who use xiaomi.eu ROM: (YMMV, it worked for me so I put it here, see below if it doesn't work for you)
Download your GSI of preference from Treble-compatible Devices Development section of XDA to your PC. Make sure you download an ARM64 A-only version.
Download vendor.img from here to your PC. You can also use any official vendor.img provided in official Xiaomi fastboot firmware packages if you know what you’re doing.
In TWRP on your phone, hit Wipe and then Format Data and confirm it with typing „yes”
Connect your phone in fastboot mode to your PC
Open the command prompt in the folder where your fastboot.exe is located
Type: fastboot flash system path_to_your_GSI.img (Tip: you can also type fastboot flash system and drag and drop it on the command prompt window)
Type: fastboot flash vendor path_to_your_vendor.img (you can drag and drop as well)
Type: fastboot reboot
Alternate, easier (and preferred) way:
Download and flash any official MIUI release like this one here
Follow instructions for official MIUI releases above
The device should reboot to your freshly installed GSI.
How to pass SafetyNet on GSI:
Download the latest Magisk 16.6 and flash it through TWRP
Reboot
In Magisk Manager app, open the side menu and tap Download
Download MagiskHide Props Config, install it and reboot
After reboot, go to Setting and Developer Options and enable Terminal app, right under ADB debugging option
A Terminal app should appear in your apps list. If not, you can also use any terminal emulator app from Play Store
Type „su”, hit enter and grant root permissions
Type „props” and hit enter
Type „1”, hit enter
Type „f”, hit enter
Type „11”, hit enter
Type „7”, hit enter
Type „y”, hit enter
Type „y”, hit enter and your device will reboot
If you care about auto-brightness (which i bet you do), you can also set the module manually to Mi MIX 2S fingerprint:
Follow steps 1-9 from above
Type:
Code:
Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys
and hit enter (thanks @cnrd for the tip!)
Type "y", hit enter
Type "y", hit enter and your device will reboot
After booting successfully, your device will pass SafetyNet, you can check it in Magisk Manager. Tested on my Chinese (XE model) device with the latest Resurrection Remix official GSI, Google Pay is working fine.
Using the Mi 6 ctsProfile kills the background light (at least on phh-treble), use the Mi Mix 2S profile instead:
Code:
Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys
cnrd said:
Using the Mi 6 ctsProfile kills the background light (at least on phh-treble), use the Mi Mix 2S profile instead:
Code:
Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys
Click to expand...
Click to collapse
Added, thanks!
Great tutorial, thank you very much!
Has anyone tried this with the latest pixel experience gsi? Resurrection Remix is running fine but pixel experience always reboots to the fastboot screen.
I used the instructions from the pixel experience thread, but without success. I read the whole thread again and again and did it step by step as mentioned to be sure not to miss any important steps. Not luck.
Can you try it with the Mix2S and confirm that it works and how you it?
Don't want to capture this thread. I'm just desperately trying to get this done to boot.
Best regards
Kleinholzinferno
Thanks for the explain.
Is the OP using this method on a different device? I don't recall seeing any ROMs for the Mix 2S.
napes22 said:
Thanks for the explain.
Is the OP using this method on a different device? I don't recall seeing any ROMs for the Mix 2S.
Click to expand...
Click to collapse
OP is using a Treble ROM. If you go to the Treble section of XDA, there's a bunch of ROMs that will work for the 2s. Instead of flashing a device specific zip file you can flash a generic image file that will work on any phone that supports treble, like the Mi Mix 2s.
This guide walks you through flashing those images, and getting Magisk to work on the 2s.
russphil said:
OP is using a Treble ROM. If you go to the Treble section of XDA, there's a bunch of ROMs that will work for the 2s. Instead of flashing a device specific zip file you can flash a generic image file that will work on any phone that supports treble, like the Mi Mix 2s.
This guide walks you through flashing those images, and getting Magisk to work on the 2s.
Click to expand...
Click to collapse
Thanks, although I had upgraded the Beta to 8.7.10, so probably won't be flashing anything until a workaround comes along. I'm waiting for someone to confirm if it's only for Redmi Note 5.
Thank you for the tutorial, maybe you could add the fact that you have to use the fastboot.exe from miflash.
I´ve used the Minimal ADB and Fastboot Files but they make write Errors and the Rom won´t boot.
Hope I could try this method on my Mi 6X, will report back once I can unlock my Bootloader.
marcii-ec said:
Thank you for the tutorial, maybe you could add the fact that you have to use the fastboot.exe from miflash.
I´ve used the Minimal ADB and Fastboot Files but they make write Errors and the Rom won´t boot.
Click to expand...
Click to collapse
I've done it through Minimal ADB and Fastboot on Windows and through Fastboot on macOS and both work fine.
napes22 said:
Thanks, although I had upgraded the Beta to 8.7.10, so probably won't be flashing anything until a workaround comes along. I'm waiting for someone to confirm if it's only for Redmi Note 5.
Click to expand...
Click to collapse
You can check it if you reboot to Fastboot and see if "fastboot getvar anti" returns anything. If it does, your device has anti-rollback protection enabled.
As far as I know, anti-rollback is enabled on MIX 2S from 8.7.16 onwards, so you should be safe.
woofwoof75 said:
Hope I could try this method on my Mi 6X, will report back once I can unlock my Bootloader.
Click to expand...
Click to collapse
If your device is Treble-compatible, it should work with no problems, however keep in mind that should you run into any issues when using the provided fingerprint, you have to look up some from a stable MIUI for your device.
teddy74eva said:
You can check it if you reboot to Fastboot and see if "fastboot getvar anti" returns anything. If it does, your device has anti-rollback protection enabled.
As far as I know, anti-rollback is enabled on MIX 2S from 8.7.16 onwards, so you should be safe.
Click to expand...
Click to collapse
Yeah, when I run "fastboot getvar anti" I get invalid variable. Which leads me to believe that I don't have any issues at the moment. I won't upgrade from 12, but I'd like to move to Treble at some point.
EDIT: Just checked the "flash_all.bat" file within the 8.7.12 file and saw the following
::set CURRENT_ANTI_VER=1
::for /f "tokens=2 delims=: " %%i in ('fastboot %* getvar anti 2^>^&1 ^| findstr /r /c:"anti:"') do (set version=%%i)
::if [%version%] EQU [] set version=0
::if %version% GTR %CURRENT_ANTI_VER% (
Click to expand...
Click to collapse
Looks like 8.7.12 for Mi Mix 2S is not screwed.
Hello fellow gsi users. I'm new to this props editing thing and wanted to ask two questions for noobs.
If I follow the terminal commands in the OP the device fingerprint shows Xiaomi Mi 6 8.0.0 right? Is this right to use for the MiMix2S? I think so otherwise it wouldn't be mentioned to use.
And i don't understand the command for the auto brightness. What exactly does this do? Enable the automatic brightness settings from the original rom?
Need advice please. Maybe there's a thread that I haven't found yet that explains this topic. I'm eager to get more information but all I found was too general and not the answers I was looking for.
kleinholzinferno said:
Hello fellow gsi users. I'm new to this props editing thing and wanted to ask two questions for noobs.
If I follow the terminal commands in the OP the device fingerprint shows Xiaomi Mi 6 8.0.0 right? Is this right to use for the MiMix2S? I think so otherwise it wouldn't be mentioned to use.
And i don't understand the command for the auto brightness. What exactly does this do? Enable the automatic brightness settings from the original rom?
Need advice please. Maybe there's a thread that I haven't found yet that explains this topic. I'm eager to get more information but all I found was too general and not the answers I was looking for.
Click to expand...
Click to collapse
Basically, setting your fingerprint to Mi6 8.0 fools Google's checks of your installed system's certification, telling them that you are currently running a certified and tested Mi6 firmware. Every firmware has to follow Google's standards and rules for it to be able to fully use Google Services.
Now, I've included Mi6 fingerprint in my guide because it's readily available in MagiskHide Props, thus making it easier to set everything up to a workable state. However, as one user mentioned, if you use Mi6 fingerprint on MIX 2S, it breaks autobrightness. So, in order to be fully certified and keep autobrightness working, you can manually enter a fingerprint provided in the first post, which comes from MIX 2S 8.0 firmware. The only downside is that you have to be careful not to make any mistake when typing, so it's a little bit harder.
If you can live without autobrightness (since, as of now, it's terribly slow), feel free to use the Mi6 preset fingerprint. If you care or if you want to do things as they should be done, go for the manual route. Both of them will make your device Google certified and both of them will allow you to pass SafetyNet checks.
I may generalized some things or not mention them due to my lack of knowledge. If anybody would like to correct something, please do so
P.S. I may completely delete the preset fingerprint guide, as I don't think it's that hard to enter the proper fingerprint manually and it would definitely make things clearer.
Thank you very much for this information, makes everything much clearer for me.
Regarding auto brightness: I don't mind if it works for now, I can live with the manual settings. Better than a laggy auto settings thingy that doesn't worm properly.
The only thing that bothers me is that the screen is much too bright at night (or with night light activated) even in the lowest setting. Is there any possibility to change the minimum value?
Could you explain how to enter the proper fingerprint manually?
Best regards
Edit: nevermind the last question, I found it. In the newer version there's an entry for the mi mix 2s. Xiaomi devices are now listed under number 12, not 11 and the mi mix 2s is listed as own device. Works perfectly fine! Safety net passed, all green now!
Disclaimer: None of this is my work! I only used guides from other people and decided to create single a step-by-step guide for the LG Velvet (4G version). I tried crediting all people at the end of the post.
I am not responsible if you brick your device - use this guide at your own risk and know what you are doing.
After unlocking, your fingerprint reader will no longer work, this can be fixed and the instructions can be found below.
All these tools are commandline tools (cmd) - you should know how to use them.
You should also be familiar with "adb" and "fastboot".
This is not a guide for noobs, only a guide made by a noob.
Unless mentioned otherwise, all these steps are to be done on your computer.
I used Windows 10, it should work on other platforms just fine with a few modifications.
Bootloader Unlock
(European Version - I have no idea about the possibilities of unlocking provider-locked phones or other regions!!!)
Create an account and follow the instructions here:
https://developer.lge.com/resource/mobile/RetrieveBootloader.dev
The steps are explained quite well, therefore I will not write them down here unless people actually have problems with the steps.
(Preparation on the phone: Enable developer options, allow USB debugging and allow OEM Unlock.)
As always, unlocking the bootloader will WIPE your phone.
Installing Magisk / Systemless root
(After you successfully unlocked the bootloader, remember to re-enable developer options on the phone and allow USB Debugging)
Download the latest firmware here.
Use the IMEI search if you don't know which one you need!
Using this page, you will eventually receive a link ending in .kdz.
I don't recommend using the Download tool provided by lg-roms, but instead this script:
https://forum.xda-developers.com/t/...nd-lgup_ui-fixer.3916444/page-2#post-84148225
Paste the .kdz URL in the tool and wait for the Download to complete.
Next, you will need a copy of kdztools. Download a copy of this repository.
Important: Do not download from "Releases" - they are outdated! Instead, download a copy of the current master branch!
To be able to use this tool, you need to have python3 installed.
I will not further describe this step as there are enough tutorials out there and it is usually self explanatory.
You will have to install the module "zstandard" for the script to work:
pip3 install zstandard
Click to expand...
Click to collapse
Use KDZ Tools together with the downloaded firmware.
First, exctrat the KDZ file:
python unkdz.py -f G910EMW10i_00_0520.kdz -x
Click to expand...
Click to collapse
You should now have a large .dz file in the subfolder "kdzextracted". We can use this file to extract the boot image:
python undz.py -f c:G91010i_00_user-signed-ARB0_COM1_EU_OP_0520.dz -s 41
Click to expand...
Click to collapse
After this step, you should have a file "boot_a.image" in the subfolder "dzextracted".
(If you received a different file, use "python undz.py -f c:G91010i_00_user-signed-ARB0_COM1_EU_OP_0520.dz --list" and search for the partition named boot, edit the number "41" in the previous command accordingly)
Rename the boot_a.image to "boot.img" and copy it to your phone.
Download and install the latest Magisk release on your LG device.
In Magisk, select Install and patch the boot.img file.
After patching, copy the patched Magisk image back to your computer, rename it for easier use.
Using adb/fastboot on your pc:
adb reboot bootloader
fastboot flash boot_a magisk.img
fastboot flash boot_b magisk.img
Click to expand...
Click to collapse
Finally
fastboot reboot
Click to expand...
Click to collapse
Wait for the phone to boot and check Magisk installation status.
Congratulations!
Disable automatic firmware updates on your phone if you want to avoid having to re-install a patched Magisk image after every update!
Passing SafetyNet (Google Pay and more)
(You might not need all steps - after every step, you can check SafetyNet status via Magisk and if it is still broken, continue with the next step.)
Reboot after every step!
In the Magisk App, open Settings (top right) and enable the option "MagiskHide"
Download Universal safetynet fix and manually add as a module in the Magisk app
Download Magisk Hide Props Conf (manual DL not needed, can be found as a module directly in the app)
Unless there was an update to SafetyNet, you should now be able to set up and use SafetyNet services like Google Pay
Fixing your fingerprint reader
After the bootloader unlock, you will no longer be able to register fingerprints. This can be fixed using the following steps:
Launch the hidden service menu by dialing #*462633*#910# (might require an inserted SIM card)
SVC Menu -> Handprint -> HandID Logging "ON"
Go to the start of the menu and then navigate to "Device Test" -> SAAT -> Manual Test -> Optical FingerPrint Test
Press SEVERAL times firmly on the green button until it says FAILED, confirm and exit the menu
Go to settings and set up your fingerprints!
AFAIK, you can now disable "HandID Logging" again
Gcam Buffer Fix (Viewfinder Lag)
Using Gcam on the LG Velvet 4G, you will notice that most of the ports will not work properly.
Only a few versions based on Gcam 6.x with the option "buffer fix" will somewhat work, but not very well.
If you have Magisk installed, you can install the Buffer Fix that was originally designed for the LG V40 (Use the one for Android 10). Just flash the ZIP as a Magisk module.
Some Gcams will crash but MGC builds by BSG appear to work well!
(I don't know how this buffer fix works so I don't know if it is healthy to flash a module that was designed for a different phone but I tried several bufferfixes for different phones and this one appears to work flawless.)
Credits:
The very good rooting guide for the LG Velvet 5G by MikGX - THANK YOU
https://forum.xda-developers.com/t/root-lg-velvet-lm-g900em.4171117/
KDZ Download Tool by CXZa
[LG TOOLS] LG-KDZ-dll-Tool/LGUP_UI-fixer/LG-Kdz-downloader
Please, do not share elsewhere as I want to be able to update if necessary ! LG-KDZ-dll-Tool/KDZ dll extractor (=old version) : this message actually, scroll down a bit... LGUP_UI-fixer LG-Kdz-downloader Share this thread or my blog instead...
forum.xda-developers.com
SafetyNet Fix by kdrag0n
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
MagiskHide Props Conf by Didgeridoohan
[MODULE] [DEPRECATED] MagiskHide Props Config - SafetyNet, prop edits, and more - v6.1.2
MagiskHide Props Config v6.1.2 Note: This project is dead, and has been for some time. I have not been involved in the Android modding scene for some time and I no longer have the energy to take it up again. If anyone feels like taking over...
forum.xda-developers.com
Buffer fix for LG V40 by Wyroczen.
[GCAM] Buffer fix by Wyroczen
[GCAM] Buffer fix by Wyroczen Hey, I've made buffer fix for LG V40 in a form of TWRP flashable zip and second option with file for replacement: It will fix lagging viewfinder in GCAM both nightsight and normal mode. Instructions: Boot into TWRP...
forum.xda-developers.com
Fingerprint fix instructions provided by raj_ch2002 for the LG G8X
Steps to get the Fingerprint working with unlocked bootloader and Root
Make sure you have backed up your 20e stock abl. You will need to download the Android 9 kdz "G850EMW10c_00_1126.kdz" link to Android 9 kdz: https://drive.google.com/drive/folders/1nVbxo_sLKXQ_qN030ZZCThd8peER0pRM?usp=sharing If you are already...
forum.xda-developers.com
(Linked by foggydew88 here) - thanks!
paolotheking for providing the LG Velvet 5g service menu code, which is similar to this model
LG Velvet Hidden Menu code
Enjoy: #*462633*#900# Works with G900EM
forum.xda-developers.com
Finally, thanks to the devs of Magisk, kdztools and lg-roms
Reserved
thx!
can you provide boot img for G910EMW10i?
GerRudi said:
Bootloader Unlock
(European Version - I have no idea about the possibilities of unlocking provider-locked phones or other regions!!!)
Create an account and follow the instructions here:
https://developer.lge.com/resource/mobile/RetrieveBootloader.dev
Click to expand...
Click to collapse
Hi. I wonder how it is possible to unlock the bootloader using this page since the LG Velvet 4G (LM-G910EMW) doesn't seem to be at the supported devices list. How did you got it?
Is there a way someone can help to unlock Korea version of velvet?
Can someone from 20a backup me system and vendor partitions ? Not the ones from kdz, i need as they are in the phone with partition backup app that requires root either with qfil? i can give instructions just dm me on telegram @EmanuelCN0 . I specifically need from EMW model.
Got the German Version of the phone (DEA) ... Everytime i want to use undz.py it says Error: extraneous data found IN version. Also unkdz.py says something but extracts the .dz. Any idea what i could do ?
Hello. I've succesfully rooted my European Velvet LTE/4G variant.
Most of the kdz extractors are a total disaster and won't work with recent KDZs. You have to use this one:
A correct extractor for LG's KDZ Android image files
A correct extractor for LG's KDZ Android image files - kdz.py
gist.github.com
This is the correct, working KDZ extractor. Save this raw Python script for example as a kdz_extractor.py.
Now, assuming you already have performed the previous necessary steps like installing zstandard with pip, all you have to do is:
python3 kdz_extractor.py -e <where to extract> <kdz to extract>
You'll have a file called 4.boot_a.img, around 96 MBs. Now you can keep following the OP guide.
I can provide the patched boot_a.img for LMG910EMW Android 11 20a version if someone needs it.
Pinging @Chick0Nugget and @KRAZZIEBOY because they were interested.
swaguduzo said:
Pinging @Chick0Nugget and @KRAZZIEBOY because they were interested.
Click to expand...
Click to collapse
Yeah i already saw it and it worked.... Just forgot to write you a big : THAAAANNNNK YooooooUUUU!!!!!!!!!
Hi. Thank you very much for the detailed explanations.
Update. Rooting worked for me for LG Velvet LMG910EMW and Android 12 with a minor change:
The extract of boot.img did not work as described. Following tools failed for me
1 kdztools -> "Error: extraneous data found IN version" :-/
2 LG Extractor tool -> ZlibException: Bad state - zero bytes :-/ (also with kdz DZ file)
3 "hovatek" ectractor -> unsupported data file :-/ (tested with both DZ and KDZ files)
4 adb dd command to dump the my-name boot partition -> permission denied :-/
Finally it worked with kdz.py from https://gist.github.com/iscgar/e0da0868df7b2f179b000c61f12d1a8c
So i just put in the 5GB Android 12 KDZ from my previous flash and it extracted all partitions including the boot_a.img/boot_b.img files (each around 93 MB).
A quick test with fastboot boot boot_a.img showed that they are working.
Btw. I unlocked the bootloader already with Android 10 (see other post), before i updated to Android 12 with LGROMUP1.1.
The original LGUP did not work because the roms i found are in region "DEA" and my phone seems to be restricted for EU market.
In LGROMUP1.1, this seems to play no role. There was no partition selection, just "flash" button, but it preserved the unlocked bootloader to my surprise.
A lot of automatic restarts until it reached 100%, but everything went smooth.
Cheers.
I am interested in this Velvet 4G with dual screen. Can you answer me two questions please: 1º Is the battery life good? 2º Does the dual screen of the Velvet 5G snap765 work in this 4G model? Thanks friends.
How can an Android application detect that it is running on a rooted device that is running the Universal SafetyNet Fix with MagiskHide configured to hide from that application, props configured to a known good fingerprint, and magisk renamed to something else?
I have read that the Universal SafetyNet Fix module works by causing hardware attestation to fall back to basic when key attestation fails with the "not implemented" error. How can an app developer detect when this happens and require that true hardware attestation is used?
It's easy for any app to detect whether Android got tampered or not: No Magisk module can prevent this.
Only as example:
The Universal Safetynet Fix changes in system file named build.prop these properties
Code:
ro.boot.flash.locked
ro.boot.verifiedbootstate
ro.boot.veritymode
ro.boot.vbmeta.device_state
what in turn changes LastModifiedTime property of build.prop.
Hence it should be obvious - to see whether Android OS got tampered or not - the most easy method is comparing this timestamp with timestamp when Android OS was built.
IMO it's a misconception to believe that app developers are dumber than the developer of Magisk.
Hi everyone,
I'm new to the forum so sorry in advance if I'm posting in the wrong place.
Here is my problem, hope someone knows the solution, thank you in advance
I successfully installed the Lineage OS 18.1 with MicroG on my Samsung s10e. Now I'd like to get my banking app to work, but it detects root.
I would like to install Magisk to prevent that banking app from detecting root, but I'm not being able to do so.
1. First question. Following the instructions here (Magisk website), three different cases are presented:
- option A: device has ramdisk --> grab the boot.img
- option B: device has not ramdisk --> grab the recovery.img
- option C: Samsung device --> different route, as explained here, including downloading the firmware from Samsung and using Odin.
As far as I understood it:
Option A requires fastboot: Samsung devices do not have fastboot, but download mode instead. However, in the Lineage recovery, there is the option to "Enter fastboot". So... can I use this method? I tried but, reaching the "fastboot flash boot" step my terminal shows only "Waiting for any device" indefinetly.
Option C looks like installing Magisk on rooted device but preserving Samsung stock OS. Am I right?
Question is: my device has ramdisk (shown in the Magisk app screen), but is a Samsung device. Which option do I need?
2. Second question is: once I will have Magisk installed, will the recent v24.1 be able to hide root status with Zygisk? I read contrasting things about that and I'm not sure.
I also tried sideloading Magisk using: adb sideload Magisk-v24.1.zip
Results: Magisk appears to be installed, enabling Zygisk + Enforce deny list + add bank app to deny list --> root detected anyway
I even tried this method with Magisk v23 but it did not work.
Thank you so much in advance for any advice!
My advice is to read this thread from its start. Magisk is a wonderful module which just started a new life. Without study you'll be stranded before you know it.
Don't start with installing ....start with reading ¯\_( ͡❛ ͜ʖ ͡❛)_/¯ ...
xabu said:
My advice is to read this thread from its start. Magisk is a wonderful module which just started a new life. Without study you'll be stranded before you know it.
Don't start with installing ....start with reading ¯\_( ͡❛ ͜ʖ ͡❛)_/¯ ...
Click to expand...
Click to collapse
Thank you for directing me to that thread, I will read it thoroughly!
Update 04.01.2023: I've updated/added additional steps to make this tutorial work again.
This question was asked many times and often all the answers did not work:
How do I get Magisk to work with Microsoft Apps like Microsoft Teams, Microsoft Outlook etc (protected by Microsoft Intune)?
With Magisk 24.1 it is finally possible to bypass the protection of Microsoft Intune. Here are the instructions on how to proceed. The solution requires root!
- First of all you need the latest Magisk version (24.2 or higher).
After installation select:
- Settings -> Hide the Magisk app : Select a new name of your choice (I use 'MM' for 'Magisk Manager')
- After Magisk has been hidden open 'Settings' and enable 'Zygisk (Beta)'
- uncheck Force Denylist in Magisk settings
- Select 'Configure DenyList'
- Use the magnifying glass and search for "Microsoft". You will find "Company Portal" (also known as Microsoft Intune).
Important: Expand the view by clicking on the entry. You will see something like this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
- Now, with the expaned view, click the entry. It will look like this:
- Repeat these step (first expand, then clicking the button) on each other Microsoft App - e.g. Microsoft Teams, Microsoft Outlook, ...
Important: If you do not expand the view it will not work!
Now, to make sure that this solution is really working ....
- Install YASNAC - Yet Another SafetyNet Attestation Checker from the Google Play Store.
- Run the SafetyNet Attestation on YASNAC
When it fails is shows something like this:
Fix Basic integrity
- To fix the Basic integrity you need to install the latest Universal SafetyNet Fix from Github.
- Download the ZIP and install it as a module in Magisk (24.1 or higher).
- Reboot again and restart the YASNAC - Yet Another SafetyNet Attestation Checker. It should now pass (at least) the Basic integration.
If this is not the case you might also need to fix your CTS profile match. You can resolve this by doing the following steps:
- Download and install the latest release of MagiskHide Props Config from Github in Magisk as a Module.
- Restart your Phone!
- Launch a Terminal of your choice (e.g. Termux, Android Terminal Emulator, ...).
- Type 'su' (enter) and agree to the root dialog.
- Now type 'props' (enter) ...
... select '1' for Edit device fingerprints
... select 'f' for Pick a certified fingerprint
... select a vendor of your phone (e.g. Xiaomi, Poco, Google, Samsung, Oneplus ...)
... select your phone (if available) or a phone which is next to your phone with your installed Android version (for example 9,10,11).
- After selecting the fingerprint for your device, and when the program ends, reboot your device
After reboot another check of YASNAC - Yet Another SafetyNet Attestation Checker should the look like this:
Update 04.01.2023:
- Install Shamiko and make sure that you uncheck Force Denylist in Magisk settings
Important:
Once YASNAC shows Pass on Basic integrity and CTS profile match you can use any Banking App (e.g. Google Pay, N26, DKB, Sparkasse, Revolut, bunq, <whatever>) by repeating the inital steps for each of these Apps and it should not detect root. You might need to clear the data before the app stops complaining about a rooted device (example Google Pay).
If you find this tutorial helpful please leave a like for this post - thanks in advance.
More Informations / Background / How does this work:
Magisk: The Age of Zygsik
[Discussion] Magisk - The Age of Zygisk.
This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com
Magisk Hide Props Config - SafetyNet
[MODULE] [DEPRECATED] MagiskHide Props Config - SafetyNet, prop edits, and more - v6.1.2
MagiskHide Props Config v6.1.2 Note: This project is dead, and has been for some time. I have not been involved in the Android modding scene for some time and I no longer have the energy to take it up again. If anyone feels like taking over...
forum.xda-developers.com
Hi @GoodSoul nice method- same as my posting from back 2+ weeks ago
Thanks for the repost! It's a proven working method
Zygisk (Alpha channel) + Magisk Hide app stting + DenyList + (MagiskHide Props Config (add fingerprint) + Universal SafetyNet Fix)
Click to expand...
Click to collapse
skuppej said:
Hi @GoodSoul nice method- same as my posting from back 2+ weeks ago
Thanks for the repost! It's a proven working method
Click to expand...
Click to collapse
Hey skuppej, did not see your post, sorry. Was it also (mainly) about Microsoft Intune? Because Magisk Hide did work well in the past on Banking Apps and Google Pay but somehow not well on MS Intune.
Oh, this method is what you should use to hide root from anything
tldr:
Zygisk (Alpha channel) + Magisk Hide app stting + DenyList + (MagiskHide Props Config (add fingerprint) + Universal SafetyNet Fix)
Click to expand...
Click to collapse
Hi,
I've exactly followed the steps mentioned but InTune still detects root.
I've InTune v5.0.5421 installed and Magisk v24.1 installed.
The only difference from your screenshots is that you've evaluation type HARDWARE_BACKED, I've BASIC. The rest is same. My phone is S9 with Stock Android 10 installed.
Do you have any suggestion to check?
This did work, but for some reason as soon as I enable Enforce Deny list, I get extreme lag. Without that option enabled phone woks fine but intune detects root and blocks. I really wish there was a better solution, this never was an issue with MagiskHide
hmm. Update. For literally no reason with nothing changed it just stopped working...No idea why
elite-fusion said:
has anyone had luck with this lately?
I tried the 5067 version and it worked, but teams and outlook still stated that the intune is out of date, so still unusable.
Click to expand...
Click to collapse
persmash said:
Hi,
I've exactly followed the steps mentioned but InTune still detects root.
I've InTune v5.0.5421 installed and Magisk v24.1 installed.
The only difference from your screenshots is that you've evaluation type HARDWARE_BACKED, I've BASIC. The rest is same. My phone is S9 with Stock Android 10 installed.
Do you have any suggestion to check?
Click to expand...
Click to collapse
Make sure you guys clear data in your intune/teams apps, first. Also, delete any work accounts that might pre-exist, if you have them.
skuppej said:
Make sure you guys clear data in your intune/teams apps, first. Also, delete any work accounts that might pre-exist, if you have them.
Click to expand...
Click to collapse
Hi,
Thanks for your reply but InTune doesn't give an error related to rooting. It says the OS is modified and I think that is because of system status is "Custom". I'm searching for a way to make it "Official" again without loosing root but couldn't find anything.
I am on zygisk denylist + shamiko + ticking all processes in denylist
I have also installed universal safetynet but removed it as it doesnot make a difference and i donot have an issue to fail safetynet for now
I am passing intune and Outlook app only
However Onedrive , Office and Teams says i am having policy error and refuse to log in
I would appreciate any assistance as it is crucial for my work environment
Have people gotten this to work on the latest version of Intune (5.0.5421.0)? Root is still being detected on my Google Pixel 4a and 5. I read in the other thread to use an older version of Intune, but my company Intune policy will not allow it (get a Company portal out of date message).
My Intune is updated to 5.0.5421.0 and Teams is still working on all my devices (Oneplus 7, Samsung Tablet A6, Samsung Galaxy S8+ - all with LineageOS 18.1).
For those who have problems: What does 'adb logcat' says in the moment when you launch teams?
GoodSoul said:
My Intune is updated to 5.0.5421.0 and Teams is still working on all my devices (Oneplus 7, Samsung Tablet A6, Samsung Galaxy S8+ - all with LineageOS 18.1).
For those who have problems: What does 'adb logcat' says in the moment when you launch teams?
Click to expand...
Click to collapse
Hi,
I don't have that much technical knowledge. Could you please guide me how can I record the logs so that I can share it here?
Thanks.
persmash said:
I don't have that much technical knowledge. Could you please guide me how can I record the logs so that I can share it here?
Click to expand...
Click to collapse
Try one of these tutorials.
Hey,
I am still using Magisk 23.0 and recently also my Outlook and Teams started crying about my rooted devices. But I have a strange behavior: If I click away this message 2-3 times everything works fine ¯\_(ツ)_/¯.
Anybody else who notices this behavior?
@GoodSoul Is this meant to be work also within the Android Enterprise environment? I mean this thing which is encapsulated from the rest of the system like I would create another user.
tiga05 said:
@GoodSoul Is this meant to be work also within the Android Enterprise environment? I mean this thing which is encapsulated from the rest of the system like I would create another user.
Click to expand...
Click to collapse
I don't know why it should not.
GoodSoul said:
Try one of these tutorials.
Click to expand...
Click to collapse
I used Android Studio to get the logs. Please find them below. To be honest, I didn't undestand anything from them
Code:
2022-03-15 19:04:20.037 6529-6529/? E/[IndicatorGarden]Presenter: onGardenApplyWindowInsets() New DisplayCutout is NULL!!
2022-03-15 19:04:20.041 6203-7029/? E/WindowManager: win=Window{d677566 u0 com.microsoft.windowsintune.companyportal/com.microsoft.omadm.client.OMADMAwaitActivity} destroySurfaces: appStopped=true win.mWindowRemovalAllowed=false win.mRemoveOnExit=false win.mViewVisibility=8 caller=com.android.server.wm.AppWindowToken.destroySurfaces:1249 com.android.server.wm.AppWindowToken.destroySurfaces:1230 com.android.server.wm.AppWindowToken.notifyAppStopped:1285 com.android.server.wm.ActivityRecord.activityStoppedLocked:2776 com.android.server.wm.ActivityTaskManagerService.activityStopped:2512 android.app.IActivityTaskManager$Stub.onTransact:2280 android.os.Binder.execTransactInternal:1056
2022-03-15 19:04:20.061 6529-6529/? E/[IndicatorGarden]Presenter: onGardenApplyWindowInsets() New DisplayCutout is NULL!!
2022-03-15 19:04:20.064 6529-6529/? E/SystemUIImageView: set Image Drawable!!
2022-03-15 19:04:20.064 6529-6529/? E/SystemUIImageView: set Background Drawable!!
2022-03-15 19:04:20.070 6529-6529/? E/[IndicatorGarden]Presenter: onGardenApplyWindowInsets() New DisplayCutout is NULL!!
2022-03-15 19:04:20.495 6814-6814/? E/ApduServiceInfo: Not adding <aid-group> with empty or invalid AIDs
2022-03-15 19:04:20.607 526-1088/? E/BufferQueueProducer: [com.android.systemui.infinity.InfinityWallpaperBlue$_6721#0] disconnect: not connected (req=1)
2022-03-15 19:04:20.609 526-2814/? E/BufferQueueProducer: [com.microsoft.windowsintune.companyportal/com.microsoft.windowsintune.companyportal.views.EnrollmentActivity$_20093#0] disconnect: not connected (req=1)
2022-03-15 19:04:20.681 32192-32192/? E/Zygote: isWhitelistProcess - Process is Whitelisted
2022-03-15 19:04:20.681 32192-32192/? E/Zygote: accessInfo : 1
2022-03-15 19:04:20.683 6203-8084/? E/WindowManager: win=Window{7796f62 u0 com.microsoft.windowsintune.companyportal/com.microsoft.windowsintune.companyportal.views.EnrollmentActivity} destroySurfaces: appStopped=true win.mWindowRemovalAllowed=false win.mRemoveOnExit=false win.mViewVisibility=8 caller=com.android.server.wm.AppWindowToken.destroySurfaces:1249 com.android.server.wm.AppWindowToken.destroySurfaces:1230 com.android.server.wm.AppWindowToken.notifyAppStopped:1285 com.android.server.wm.ActivityRecord.activityStoppedLocked:2776 com.android.server.wm.ActivityTaskManagerService.activityStopped:2512 android.app.IActivityTaskManager$Stub.onTransact:2280 android.os.Binder.execTransactInternal:1056
2022-03-15 19:04:20.713 32192-32192/? E/nder:appservic: Not starting debugger since process cannot load the jdwp agent.
2022-03-15 19:04:22.298 7354-8693/? E/BtGatt.ContextMap: remove() - removed: 7
2022-03-15 19:04:22.341 7354-7521/? E/BtGatt.GattService: [GSIM LOG]: gsimLogHandler, msg: MESSAGE_SCAN_STOP, appName: android.uid.system, scannerId: 7, reportDelayMillis=0
2022-03-15 19:04:22.433 7354-7521/? E/BtGatt.GattService: [GSIM LOG]: gsimLogHandler, msg: MESSAGE_SCAN_START, appName: android.uid.system, scannerId: 7, reportDelayMillis=0
2022-03-15 19:04:22.582 2892-2913/? E/perfsdkserver: [Interface] BpPerfSDKService::connectionRequest()
2022-03-15 19:04:27.585 2892-2913/? E/perfsdkserver: [Interface] BpPerfSDKService::connectionRequest()
2022-03-15 19:04:28.568 6203-6233/? E/Watchdog: [email protected]: 772 heap: 95 / 96 [2022-03-15 19:04:28.567] sdogWay: softdog
2022-03-15 19:04:32.591 2892-2913/? E/perfsdkserver: [Interface] BpPerfSDKService::connectionRequest()
2022-03-15 19:04:37.597 2892-2913/? E/perfsdkserver: [Interface] BpPerfSDKService::connectionRequest()
2022-03-15 19:04:42.603 2892-2913/? E/perfsdkserver: [Interface] BpPerfSDKService::connectionRequest()
2022-03-15 19:04:47.585 32243-32243/? E/Zygote: isWhitelistProcess - Process is Whitelisted
2022-03-15 19:04:47.586 32243-32243/? E/Zygote: accessInfo : 1
Hi,
I followed the guide, but the second time I fire up YASNAC it still fails the SafteyNet fix. I tried everything, rebooted every time, no dice.
GoodSoul said:
My Intune is updated to 5.0.5421.0 and Teams is still working on all my devices (Oneplus 7, Samsung Tablet A6, Samsung Galaxy S8+ - all with LineageOS 18.1).
For those who have problems: What does 'adb logcat' says in the moment when you launch teams?
Click to expand...
Click to collapse
Any luck for you to check my logcat?