MagiskHide method for hiding unlocked bootloader - General Questions and Answers

How does MagiskHide hide the bootloader status? I'm trying to find a way to replicate the same method with the latest canary release which has Zygisk instead of MagiskHide. Any help is appreciated.

It just changed a few props, all of which are integrated into MagiskHide Props Config (the "Edit MagiskHide props" option) and/or Universal SafetyNet Fix (which soon should be updated to work on Magisk build 23010+).

Didgeridoohan said:
It just changed a few props, all of which are integrated into MagiskHide Props Config (the "Edit MagiskHide props" option) and/or Universal SafetyNet Fix (which soon should be updated to work on Magisk build 23010+).
Click to expand...
Click to collapse
I just changed those props, it still fails attestation. It might be something different though, will check further. Thanks.

With Magisk Canary 23010 you'll also have to add the Play Services processes manually to the Deny list (gms and unstable). If you haven't done that, do so and try again. Could also be that you'll need to fool keystore to use basic attestation, but for those you'll have to use USNF v1.2.0 until the next release, since Riru doesn't play well with Zygisk.

Didgeridoohan said:
With Magisk Canary 23010 you'll also have to add the Play Services processes manually to the Deny list (gms and unstable). If you haven't done that, do so and try again. Could also be that you'll need to fool keystore to use basic attestation, but for those you'll have to use USNF v1.2.0 until the next release, since Riru doesn't play well with Zygisk.
Click to expand...
Click to collapse
Yeah, Riru apparently was the problem as when I removed Riru and downgraded Universal SafetyNet Fix ctsProfile now passes. Thanks for the aid!

Didgeridoohan said:
With Magisk Canary 23010 you'll also have to add the Play Services processes manually to the Deny list (gms and unstable). If you haven't done that, do so and try again. Could also be that you'll need to fool keystore to use basic attestation, but for those you'll have to use USNF v1.2.0 until the next release, since Riru doesn't play well with Zygisk.
Click to expand...
Click to collapse
Is there any update in 2022?
I'm using latest canary Magisk and latest USNF v2.2.1 on Android 11 but the unlocked bootloader is still detected.
Is there any solution? Thank you.

Related

OOS 10.0.1 + Magisk + EdXposed = SafetyNet fails both

OOS 10.0.1
Magisk v20.1
EdXposed v0.4.5.5
SafetyNet first works and after some time it fails both ctsProfile and basicIntegrity
I also tried Magisk Hide Props Config
Same problem on my 6t. Still trying to find a solution. I fear that Gravitybox may be the culprit. Do you have it installed?
https://github.com/ElderDrivers/EdXposed/issues/386
Edxposed no longer passes Safety Net by default. You need to blacklist Google Play Store, Google Play Services and Google Framework as per this site.
Soumy1234 said:
https://github.com/ElderDrivers/EdXposed/issues/386
Edxposed no longer passes Safety Net by default. You need to blacklist Google Play Store, Google Play Services and Google Framework as per this site.
Click to expand...
Click to collapse
In addition try the hidden core module, works great for me.... No more safetynet issues...
kpmohamedhussain said:
In addition try the hidden core module, works great for me.... No more safetynet issues...
Click to expand...
Click to collapse
Thank you for recommending the Hidden Core Module! It works great on my OnePlus 7 Pro. After installing the module and blacklisting the Google Play Store, Google Play Services and Google Framework in EdXposed I was able to pass SafteyNet without a problem. One app (Mario Kart Tour) was still detecting root. I was able to get it working by clearing the cache and storage from the Play Store and Play Services and rebooting.
Be careful for those Edxposed modules which are not fully compatible to android 10.
Kris
Hirs_E_Fruit said:
OOS 10.0.1
Magisk v20.1
EdXposed v0.4.5.5
SafetyNet first works and after some time it fails both ctsProfile and basicIntegrity
I also tried Magisk Hide Props Config
Click to expand...
Click to collapse
I follow steps as link below and it works ! I can use Magisk + Edxposed and safetynet won't be crashed.(It would fail at every rebooting. Waiting for a while and it will pass safetynet check )
https://forum.xda-developers.com/pixel-4-xl/how-to/xposed-discussion-thread-t3992607

[Android 10] install EdXposed and Xposed without loosing safety net

Hi,
My question is simple, what is the difference between Xposed and EdXposed, and if there is a way to install it without loosing safety net.
My phone is a Oneplus 7 with android 10.
Thanks and best wishes for the new year!
EdXposed Framework allows to install XPosed Framework on devices running Android 10, Pie, and Oreo .
EdXposed requires your device must be rooted with Magisk v20.2+
By means of MagiskHide you can prevent SafetyNet's hardware attestion will fail.
jwoegerbauer said:
EdXposed Framework allows to install XPosed Framework on devices running Android 10, Pie, and Oreo .
EdXposed requires your device must be rooted with Magisk v20.2+
By means of MagiskHide you can prevent SafetyNet's hardware attestion will fail.
Click to expand...
Click to collapse
So it's impossible?
Biasio said:
So it's impossible?
Click to expand...
Click to collapse
Latest SafetyNet version not only checks for Android got rooted but also for device's bootloader got unlocked. The problem for John Wu - developer of Magisk - is that the new key attestation workflow now is hardware-based, and the code is sent by OEM to Google's server. May be some day he will find a solution ... it's unlikely that MagiskHide will be able to alter the key or intercept the transmission, IMHO.
Resume: Until then SafetyNet works as expected by OEMs and app developers, who have an interest in having an unmodified Android.
To add, you could try magisk module MHPC (Magisk Hide Props Config) which is what you'd use to modify device fingerprint and other system props.
The particular features in MHPC you may want to use which MIGHT get SafetyNet to pass are the Device Simulation and Force Basic Attestation. Combined, along with setting a similar device's fingerprint as long as that selected device isn't designed with hardware attestation, could be enough to fool SN. EdXposed coupled with Magisk's own Hide feature to hide themselves from GSF, GPS, Gpay, etc, should prove successful. The issue lies mostly with which order the software is installed and hidden, sometimes with rebooting being absolutely essential between certain steps. It really is a trial and error process.
Biasio said:
Hi,
My question is simple, what is the difference between Xposed and EdXposed, and if there is a way to install it without loosing safety net.
My phone is a Oneplus 7 with android 10.
Thanks and best wishes for the new year!
Click to expand...
Click to collapse
Turn Off Edxposed module from magisk download and install LSposed apk install it...Goto magisk and download module Riru LSposed...reboot your phone... That's It Check your safety net.... Dont forget to off or remove Edxposed module or any other xposed enhanced framework module you using...lemme know if it worked for you...

Question Safetynet

I Literally tried every way on the internet to try and pass safety net on arrow os 12, when I first installed it it was working fine but after mgisk 24.2 I couldn't pass safety net and I just Uninstalled mgisk but still I can't pass even with root Uninstalled
What should I do?
Have you tried Universal SafetyNet Fix and Shamiko?
Frenik said:
Have you tried Universal SafetyNet Fix and Shamiko?
Click to expand...
Click to collapse
Yes. didn't work
Enable zygisk
Enforce denylist
Select play services (including gms and unstable)
Flash safetynetfix and shamiko modules
Hide magisk app
Reboot and clear data of play store
Enjoy
Don't enable Enforce DenyList for Shamiko. It will still use the DenyList use though.
I have the same problem. The only reason I can think of is because I imported data from my old phone ... it does not look at all like a good reason but ... I will try to backup, clean the rom and start fresh.
Allahy3een​did you import data as well ?
How did you manage to solve you problem?
EDIT:
I can confirm, staring from scratch fixed everything!!!
NOTE: I did not even had to actually use the MagiskHide Props Config, so ArrowOS v11.0 ROM has a valid fingerprint ...
I did not use shamiko module as well, only safetynetfix and it's all gold. I did looked at this video for ref:

Question 6a Rooted - Can't use GPay

Tried to follow ALL the methods for previous 6 roots and Gpay fixes and can't seem to find a method. Any ideas? I know this is a new phone so perhaps I have to wait, but just curious if there was somethign I may have missed. Followed this method:
fl3xtra said:
Tried to follow ALL the methods for previous 6 roots and Gpay fixes and can't seem to find a method. Any ideas? I know this is a new phone so perhaps I have to wait, but just curious if there was somethign I may have missed. Followed this method:
Click to expand...
Click to collapse
See this post and read the few pages before and after that to get an understanding of what is going on. Basically, Play Integrity API is replacing SafetyNet API so adjustments had to be made.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Also this...
[Magisk] Google wallet (pay) with magisk
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do: - Update Magisk to 25.2, Update magisk app to 25.2 as well - Rename Magisk app if you havent already - [ OPTIONAL ]...
forum.xda-developers.com
I havent tried on this phone but every device I use I've had success with https://github.com/kdrag0n/safetynet-fix
tlxxxsracer said:
I havent tried on this phone but every device I use I've had success with https://github.com/kdrag0n/safetynet-fix
Click to expand...
Click to collapse
From what I read (I could be wrong), Google made changes to their authentication in June 2022.
I literally just got it to work 30 min ago. I followed instructions here: https://forum.xda-developers.com/t/...tynet-fix-2-3-1.4217823/page-91#post-87198517
Not sure if step #1 did anything since I don't have MagiskHidePropsConfig configured in any special way. I think it was the modded safetynet fix that did the trick.
Can you share your steps on rooting? Where did you get the boot.img?
Indian gpay or wallet gpay
z0mghii said:
Can you share your steps on rooting? Where did you get the boot.img?
Click to expand...
Click to collapse
I use a Verizon MVNO as my carrier so i downloaded the factory image that's already available on Google. Extracted boot.img from there.
I believe that not all factory images are available yet so you may have to wait if you don't use Verizon or Verizon mvno. (Might be available on Monday.)
Lughnasadh said:
See this post and read the few pages before and after that to get an understanding of what is going on. Basically, Play Integrity API is replacing SafetyNet API so adjustments had to be made.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Also this...
[Magisk] Google wallet (pay) with magisk
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do: - Update Magisk to 25.2, Update magisk app to 25.2 as well - Rename Magisk app if you havent already - [ OPTIONAL ]...
forum.xda-developers.com
Click to expand...
Click to collapse
I got it to work. The one thing I did differently than some other guides is I changed my phone to a Pixel 4a under props config. Seems to work now and haven't had any issues.
Rooting this phone will be the same as every other Pixel phone. Of course rooting and keeping apps like banking and GPay is an ongoing battle between Google and developers. The requirement to root and use those apps will change as Google updates their security methods, but again that won't be a "per phone" issue, it will be the same methods for all rooted Pixel phones.
Any idea how this affects Felica models? (the ones sold in Japan)
fl3xtra said:
I got it to work. The one thing I did differently than some other guides is I changed my phone to a Pixel 4a under props config. Seems to work now and haven't had any issues.
Click to expand...
Click to collapse
That shouldn't be necessary, assuming you're not running some custom rom.
Anyway, I didn't do that, and google pay and wallet work fine on this phone using magisk with the stock android 13 rom.
Lughnasadh said:
See this post and read the few pages before and after that to get an understanding of what is going on. Basically, Play Integrity API is replacing SafetyNet API so adjustments had to be made.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Also this...
[Magisk] Google wallet (pay) with magisk
Saw on reddit that some people have issues with google pay, since the new update added some new checks. So here is what you do: - Update Magisk to 25.2, Update magisk app to 25.2 as well - Rename Magisk app if you havent already - [ OPTIONAL ]...
forum.xda-developers.com
Click to expand...
Click to collapse
Folks, the answer is RIGHT HERE.
The issue is NOT device fingerprints or authentication. Google has deprecated the SafetyNet API for the new Play Integrity API, which makes it impossible to spoof an evaluationType of MEETS_STRONG_INTEGRITY.
The solution, as @Lughnasadh shared, is the modified Universal SafetyNet FIx module shared by Displax, which forces the system to use the legacy SafetyNet attestation. This is only a temporary solution, as the time may eventually come when Google removes support for SafetyNet altogether from their apps. There is no permanent solution, nor will there ever be, because spoofing hardware backed device integrity is not possible due to hardware key attestation and the Android Trusted Execution Environment.

[Solved] Any gentleman happens to have kebab(t) OxygenOS [12] device fingerprint? (For SafetyNet)

Edit:
The USNF module moded by displax fixes both safetynet and security patch info! Thank
rocketda7331 for your experience and nice guidance!
Also, thank BillGoss for your fast help!
Your info gave me the chance to turn back from my wrong direction!
As shown here [ https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf/blob/master/common/prints.sh ], they only have OOS [11] device fingerprints:
OnePlus 8T China KB2000 (11):OnePlus:KB2000=OnePlus/OnePlus8T_CH/OnePlus8T:11/RP1A.201005.001/2108261338:user/release-keys__2021-08-01
OnePlus 8T India KB2001 (11):OnePlus:KB2001=OnePlus/OnePlus8T_IND/OnePlus8T:11/RP1A.201005.001/2110091916:user/release-keys__2021-10-01
OnePlus 8T Europe KB2003 (11):OnePlus:KB2003=OnePlus/OnePlus8T_EEA/OnePlus8T:11/RP1A.201005.001/2110091916:user/release-keys__2021-10-01
OnePlus 8T Global KB2005 (11):OnePlus:KB2005=OnePlus/OnePlus8T/OnePlus8T:11/RP1A.201005.001/2110091917:user/release-keys__2021-10-01
OnePlus 8T T-Mobile KB2007 (11):OnePlus:KB2007=OnePlus/OnePlus8TTMO/OnePlus8TTMO:11/RP1A.201005.001/2108091917:user/release-keys__2021-08-01
But I'm already on LineagsOS 19.1 (Android 12), and I forgotttttttttttt to check the fingerprint of OOS 12 by myself before installing LOS...
Although OOS 11 fingerprint is still able to pass SafetyNet, but it also gives me a "Platform: Out of date" false alarm under "Android security patches" even with latest LOS build installed.
Does any gentleman happens to have OOS [12] device fingerprints for kb2005 or kb2007?
Thanks in advance!!!
ro.build.display.ota: KB2005_11_C.35
ro.build.fingerprint: OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.202208261328:user/release-keys
If you want other properties, let me know.
BillGoss said:
ro.build.display.ota: KB2005_11_C.35
ro.build.fingerprint: OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.202208261328:user/release-keys
If you want other properties, let me know.
Click to expand...
Click to collapse
Thanks a lot! You're GREAT!
Sadly this fingerprint can not pass SafetyNet, it gives a "CTS profile match: Fail".
But it fixes the "Platform: Out of date" in "Android security patches"!
You still saved my day! Thank you for your selfless help!
By the way, the LOS 19.1 (20221013) fingerprint is:
OnePlus/OnePlus8T/OnePlus8T:12/RKQ1.211119.001/R.20220730031:user/release-keys
which looks very similar to the OOS C.35 12 fingerprint.
Hmm... Maybe OnePlus just forgot to update it's SafetyNet status?
Found a related issue:
SafetyNet fails on C.20 update for OnePlus 8 Pro · Issue #188 · kdrag0n/safetynet-fix
The "C.20" update for OnePlus 8 Pro based on Android 12 and the OxygenOS 12.1 overlay in correlation with "SafetyNet-Fix v2.2.1" completely blocks the fingerprint scanner. Uninstalling this module ...
github.com
Issue is still open, seems OnePlus has broken something...
GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
rocketda7331 said:
GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - Displax/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
Click to expand...
Click to collapse
Yeah thx I already have that.
With that and hideprops module installed, I can already pass safetynet with OOS 11 fingerprint.
But it's android 11 fingerprint and I'm running android 12 (lineageos 19.1), so using that fingerprint gives me "Platform: Out of date" in "Android security patches".
And as shown above, OOS 12 fingerprint seems problematic too.
For now I can only switch back to OOS 11 fingerprint and watch how this will end...
What are you trying to achieve? If you just want to pass safetynet, you can ditch magiskhideprops module. safetytnet fix module will only spoof your fingerprint for google play services, elsewhere you will have correct fingerprint. I am also on LOS19.1 and everything is reported up to date in Android security patches with this setup. If you wish to keep using magiskhide props for other purposes, you can keep it, but reset your fingerprint.
I will also point out that the linked safetynetfix is modded by displax and is not the original you might have if you installed it ages ago. To pass safetynet nowadays you should update it to this one.
rocketda7331 said:
What are you trying to achieve? If you just want to pass safetynet, you can ditch magiskhideprops module. safetytnet fix module will only spoof your fingerprint for google play services, elsewhere you will have correct fingerprint. I am also on LOS19.1 and everything is reported up to date in Android security patches with this setup. If you wish to keep using magiskhide props for other purposes, you can keep it, but reset your fingerprint.
Click to expand...
Click to collapse
I tried to pass safetynet with a fingerprint from oos 12, not oos 11.
Safetynetfix module is not enough for me because my other apps and games also checks safetynet, so I also have hidepropsconfig module installed. And I use YASNAC to check safetynet.
With hideprops module enabled and oos 11 fingerprint spoofed, I can pass safetynet check, but also got "Platform: Out of date".
With hideprops module enabled and oos 12 fingerprint spoofed, I cannot pass safetynet check, but the platform became okay.
With hideprops module disabled, I cannot pass safetynet check with YASNAC (but google play is okay because safetynetfix module is active), and the platform is okay too. Is this your current state?
IAAxl said:
I tried to pass safetynet with a fingerprint from oos 12, not oos 11.
Safetynetfix module is not enough for me because my other apps and games also checks safetynet, so I also have hidepropsconfig module installed. And I use YASNAC to check safetynet.
With hideprops module enabled and oos 11 fingerprint spoofed, I can pass safetynet check, but also got "Platform: Out of date".
With hideprops module enabled and oos 12 fingerprint spoofed, I cannot pass safetynet check, but the platform became okay.
With hideprops module not enabled, I cannot pass safetynet check, and the platform is okay too. Is this your current state?
Click to expand...
Click to collapse
Are you sure you are using modded safetynetfix module by displax? See if it says "modded by displax" in your magisk modules section. If you have confirmed this, disable magiskhideprops and reboot your phone. Clear data/cache for google play services(note, this will reset your google related settings) and run safetynet attestation. It should pass this way. Apps check safetynet through google, they aren't running their own checks for that, however they can detect root through other methods that don't care about your safetynet status. What app do you have problem with, I could try. You don't have to mess with fingerprints with this module and I assume this is what is actually messing things up for you.
I have oneplus 8t, running lineageos 19.1 and only with safetynetfix mod I can pass safetynet everywhere every time.
rocketda7331 said:
Are you sure you are using modded safetynetfix module by displax? See if it says "modded by displax" in your magisk modules section. If you have confirmed this, disable magiskhideprops and reboot your phone. Clear data/cache for google play services(note, this will reset your google related settings) and run safetynet attestation. It should pass this way. Apps check safetynet through google, they aren't running their own checks for that, however they can detect root through other methods that don't care about your safetynet status. What app do you have problem with, I could try. You don't have to mess with fingerprints with this module and I assume this is what is actually messing things up for you.
I have oneplus 8t, running lineageos 19.1 and only with safetynetfix mod I can pass safetynet everywhere every time.
Click to expand...
Click to collapse
I'm using kdrag0n's universal safetynet fix module v2.3.1, with propsconfig by Didgeridoohan.
I'll check displax's modded version and try your build!
Thanks a lot for sharing your success experience!
IAAxl said:
I'm using kdrag0n's universal safetynet fix module v2.3.1, with propsconfig by Didgeridoohan.
I'll check displax's modded version and try your build!
Thanks a lot for sharing your success experience!
Click to expand...
Click to collapse
Disable propsconfig. Displax' modded version will be all you need to pass safetynet and you will have correct fingerprint(so correct security updates information as well) everywhere else.
rocketda7331 said:
Disable propsconfig. Displax' modded version will be all you need to pass safetynet and you will have correct fingerprint(so correct security updates information as well) everywhere else.
Click to expand...
Click to collapse
It worked!
Thank you so much for your experience and nice guidance!
You saved my year!
IAAxl said:
It worked!
Thank you so much for your experience and nice guidance!
You saved my year!
Click to expand...
Click to collapse
Also check article
How to pass SafetyNet on Android after rooting or installing a custom ROM
It is possible to pass SafetyNet, even after extensive modding like rooting or installing a custom ROM. Check out how to do that here!
www.xda-developers.com

Categories

Resources