I'm considering buying this phone but if it lacks support for BASIC attestation would mean that hiding root would be impossible and hence the phone would be useless for me.
Zincoshine said:
I'm considering buying this phone but if it lacks support for BASIC attestation would mean that hiding root would be impossible and hence the phone would be useless for me.
Click to expand...
Click to collapse
As of now with magisk 23.0 on Android 11 I'm able to hide everything g-pay all banking credit card apps working. Magisk is changing in Android 12 so I'm unsure. But I believe there are still some modules we can use to hide su access in magisk canary beta for 12.
There are several modules for Magisk that allow for basic. I have been using them since I bought the phone on release day, and have been able to use all apps. I would recommend sticking to Magisk v23 instead of the newer version, as hide has been removed (for now). You will get conflicting advice on this, and will most likely have to make a decision to move to a12 or keep hide down the line.
Lmk if you would like my list or modules.
mattie_49 said:
As of now with magisk 23.0 on Android 11 I'm able to hide everything g-pay all banking credit card apps working. Magisk is changing in Android 12 so I'm unsure. But I believe there are still some modules we can use to hide su access in magisk canary beta for 12.
Click to expand...
Click to collapse
I have no intention of ever updating to Android 12 so this won't matter. My oneplus 5T has been on Android 8.1 for years (mainly because I wanted that sweet sweet taste of the original rovo89 Xposed framework) and it has worked fine but it's clearly nearing the end of its life and has a slightly broken screen.
OP9 LE2110 with OOS 11.2.8.8.LE25BA rooted with Magisk 23. Working apart of banking app. G Pay is ok
Everything is working great with latest Magisk Alpha, Universal SafetyNet Fix and Zygisk enabled with Deny list (New MagiskHide)
Related
Hey,
Does anyone have or can make a November patched boot image that has just the unlocked state check disabled so SafetyNet will pass? I want to play PoGo and have no use for root or Magisk at this time, but can't play because Niantic added extra checks beyond just SafetyNet passing. The Canary build of Magisk is unstable right now and among other things blocks charging with the device off, which is kind of dangerous. The Magisk hide on Pixel 3s also still seems hit or miss from that build. I also don't want to have to wipe my phone just to get rid of Magisk and pass SafetyNet right now.
I don't have my Linux dev environment up to date because I haven't done kernel work in a couple years, so hopefully someone else is already set up to throw in the couple quick patches from source and spit out an image.
Thanks!
Why are you looking at the Magisk Canary build? 17.3 Beta is working just fine on both Pixel 3 and PIxel 3 XL.
sliding_billy said:
Why are you looking at the Magisk Canary build? 17.3 Beta is working just fine on both Pixel 3 and PIxel 3 XL.
Click to expand...
Click to collapse
Hiding the Magisk Manager app itself (which PoGo looks for) doesn't work correctly. It sometimes creates a second copy and also can cause root to be lost.
elkay said:
Hiding the Magisk Manager app itself (which PoGo looks for) doesn't work correctly. It sometimes creates a second copy and also can cause root to be lost.
Click to expand...
Click to collapse
Gotcha. I've never lost root with 17.3, nor has anything failed due to Manager not hiding or creating a duplicate. Stinks that they are that concerned about device rooting for a game.
If you want to make your Google Pay work, make sure you followed those steps below
Use AOSP/LOS or OEM Based rom. MIUI 7 and 8 have problems with SafetyNet [Even if you have Magisk installed]
***MOST IMPORTANT***
[###ROOT###]
Check your Selinux Mode in the About Phone section in Settings.
Selinux is another Google Protection featured with Kitkat in 2014
If you have Permissive, change it to Enforcing using this app [Download Attached Files]
Reboot after applying Enforcing. Don't Delete Selinux Mode Changer, You will lose your Enforcing and will be switched back to Permissive
Use Magisk only - Don't use SuperSu, it doesn't have Hiding features and it is not supported anymore
If magisk triggers your SafetyNet (Main reason why Google pay stops working) install the SafetyPatch module or Magisk Hide Props or check your SafetyNet. That will fix your safety net.
Don't use XPOSED, it will trigger safety net even if magisk hide working. Xposed modify Boot.IMG, the reason for the safety net to trigger. If you cant live without Xposed, use EDXPOSED magisk module, install Riru core, riru edxposed and Xposed installer that will not trigger your safety net (Please note: Android 5.1 Android 6.0 get bootloop because of EdXposed, sorry guys no luck)
Don't Update you GOOGLE PAY - google updates security patch, magisk too Update your Google pay rarely
Always update your magisk and try to download magisk from Github.
Check your Safety net and make sure your Selinux is in Enforcing Mode
???
If that helped you, you are welcome
thanks for this solution.
Regards
Ginifa
dviree said:
???
Click to expand...
Click to collapse
Not sure what is so funny?....
Not able to install
amelbeabk said:
That Google Pay image says your phone is rooted, but it says that as an example as what could have tripped off Safety Net.
Safety Net failing doesn't mean you a rooted. Safety Net is designed to fail if you have an Unlocked bootloader.
Click to expand...
Click to collapse
It sucks, but for things like Google Pay, I'd strongly suggest that you just give up. Google is contractually obligated to play this game with you and try to prevent you from using it on a rooted "insecure" device so they can process card payments.
I have moto G5+ with unlocked bootloader and magisk. Google pay works fine and saftey net does not fail if bootloader is unlocked
I have a custom rom. Only way to get Magist working was to install EdXposed and hide module. SafetyNet Test also says safetynet passes but my gpay doesnt want to work. Assuming its seeing edxposed perhaps. Anything else i can do
dk0dave said:
I have moto G5+ with unlocked bootloader and magisk. Google pay works fine and saftey net does not fail if bootloader is unlocked
Click to expand...
Click to collapse
I also have moto G5+, But still not unlock boothloader. I need study more for unlocked it, however this comment is helpful to get a decision for me, Thanks.
Tutuapp Movie HD Cokernutx
Google Play warns me to uninstall SELinux Changer, then shuts my phone down. I tried uninstalling it then rebooting, but the phone is behaving extremely oddly and shutting down by itself.
Now I have to format it, just to be sure.
murick_show said:
If you want to make your Google Pay work, make sure you followed those steps below
Use AOSP/LOS or OEM Based rom. MIUI 7 and 8 have problems with SafetyNet [Even if you have Magisk installed]
***MOST IMPORTANT***
[###ROOT###]
Check your Selinux Mode in the About Phone section in Settings.
Selinux is another Google Protection featured with Kitkat in 2014
If you have Permissive, change it to Enforcing using this app [Download Attached Files]
Reboot after applying Enforcing. Don't Delete Selinux Mode Changer, You will lose your Enforcing and will be switched back to Permissive
Use Magisk only - Don't use SuperSu, it doesn't have Hiding features and it is not supported anymore
If magisk triggers your SafetyNet (Main reason why Google pay stops working) install the SafetyPatch module or Magisk Hide Props or check your SafetyNet. That will fix your safety net.
Don't use XPOSED, it will trigger safety net even if magisk hide working. Xposed modify Boot.IMG, the reason for the safety net to trigger. If you cant live without Xposed, use EDXPOSED magisk module, install Riru core, riru edxposed and Xposed installer that will not trigger your safety net (Please note: Android 5.1 Android 6.0 get bootloop because of EdXposed, sorry guys no luck)
Don't Update you GOOGLE PAY - google updates security patch, magisk too Update your Google pay rarely
Always update your magisk and try to download magisk from Github.
Check your Safety net and make sure your Selinux is in Enforcing Mode
Click to expand...
Click to collapse
Hello, hope you can help, installed Beyond ROM and Thunderstorm kernel. Google pay not working, SE for Android status shows 'enforcing' when the apk is installed the 'permissions' and ''enforcing' tabs are greyed out. Thank you
Hi,
My question is simple, what is the difference between Xposed and EdXposed, and if there is a way to install it without loosing safety net.
My phone is a Oneplus 7 with android 10.
Thanks and best wishes for the new year!
EdXposed Framework allows to install XPosed Framework on devices running Android 10, Pie, and Oreo .
EdXposed requires your device must be rooted with Magisk v20.2+
By means of MagiskHide you can prevent SafetyNet's hardware attestion will fail.
jwoegerbauer said:
EdXposed Framework allows to install XPosed Framework on devices running Android 10, Pie, and Oreo .
EdXposed requires your device must be rooted with Magisk v20.2+
By means of MagiskHide you can prevent SafetyNet's hardware attestion will fail.
Click to expand...
Click to collapse
So it's impossible?
Biasio said:
So it's impossible?
Click to expand...
Click to collapse
Latest SafetyNet version not only checks for Android got rooted but also for device's bootloader got unlocked. The problem for John Wu - developer of Magisk - is that the new key attestation workflow now is hardware-based, and the code is sent by OEM to Google's server. May be some day he will find a solution ... it's unlikely that MagiskHide will be able to alter the key or intercept the transmission, IMHO.
Resume: Until then SafetyNet works as expected by OEMs and app developers, who have an interest in having an unmodified Android.
To add, you could try magisk module MHPC (Magisk Hide Props Config) which is what you'd use to modify device fingerprint and other system props.
The particular features in MHPC you may want to use which MIGHT get SafetyNet to pass are the Device Simulation and Force Basic Attestation. Combined, along with setting a similar device's fingerprint as long as that selected device isn't designed with hardware attestation, could be enough to fool SN. EdXposed coupled with Magisk's own Hide feature to hide themselves from GSF, GPS, Gpay, etc, should prove successful. The issue lies mostly with which order the software is installed and hidden, sometimes with rebooting being absolutely essential between certain steps. It really is a trial and error process.
Biasio said:
Hi,
My question is simple, what is the difference between Xposed and EdXposed, and if there is a way to install it without loosing safety net.
My phone is a Oneplus 7 with android 10.
Thanks and best wishes for the new year!
Click to expand...
Click to collapse
Turn Off Edxposed module from magisk download and install LSposed apk install it...Goto magisk and download module Riru LSposed...reboot your phone... That's It Check your safety net.... Dont forget to off or remove Edxposed module or any other xposed enhanced framework module you using...lemme know if it worked for you...
What version of Magisk and what root hide (module name and version please) people have it fully working for Feb 2022 firmware update (840.2201.226), especially for Google Pay? Thanks
(I'd it all working on the previous firmware release just fine. Then right after applying the above mentioned Feb update, when I tried to execute Magisk (possibly 23.1) to patch the inactive slot, it just wouldn't execute let alone patch; nor would Termux "su" command would execute. So there was no way to patch Magisk over that update. Problem was made worse, when I executed LSPosed, which proceeded to update and auto rebooted the phone! Jumped from the frying pan into the fire.)
nexusnerdgeek said:
What version of Magisk and what root hide (module name and version please) people have it fully working for Feb 2022 firmware update (840.2201.226), especially for Google Pay? Thanks
(I'd it all working on the previous firmware release just fine. Then right after applying the above mentioned Feb update, when I tried to execute Magisk (possibly 23.1) to patch the inactive slot, it just wouldn't execute let alone patch; nor would Termux "su" command would execute. So there was no way to patch Magisk over that update. Problem was made worse, when I executed LSPosed, which proceeded to update and auto rebooted the phone! Jumped from the frying pan into the fire.)
Click to expand...
Click to collapse
Using Latest Magisk and Zygisk-Shamiko.
MagiskHide is no longer available - and Denylist is not effective.
For the patch - First Patch the Boot Image, then Install Magisk again over TWRP as well.
Thanks, I got Magisk 24.2 installed & working fine now.
(Things are super difficult as it is, so I've skipped trying to install/activate TWRP.)
However, Universal SafetyNet Fix v2.2.1 (https://github.com/kdrag0n/safetynet-fix/releases), though installs fine, gets disabled due to "Module suspended because Zygisk is not enabled".
I've confirmed that Zygisk (Beta) is activated in Magisk's settings. What am I missing?
Q: How to "unsuspend" Universal SafetyNet Fix module?
Thanks
(It's so difficult to keep up with all this work that I'm leaning towards relocking the boot-loader. I really don't use any app or feature to benefit from unlocked boot loader or root. I did it only to be ready for injecting mbn, which isn't needed or possible anyway. It was a bad decision then & remains so now. Though I don't know if while relocking the bootloader the phone will get bricked. Decision.. decision... With all the difficulty of keeping up with root, it sounds like a risk worth taking.)
Actually removing the Magisk APK and reinstalling it seemed to have helped. Termux works reliably for su. Gpay is good as well. Magisk log shows no funky messages.
In the end, I had to use this to overcome root detection on two banking apps: https://github.com/vvb2060/magisk_files/blob/alpha/app-release.apk
nexusnerdgeek said:
In the end, I had to use this to overcome root detection on two banking apps: https://github.com/vvb2060/magisk_files/blob/alpha/app-release.apk
Click to expand...
Click to collapse
What's that ?
Leads to a empty GitHub Page ...
Actually official Magisk 24.3 works well for all of the banking apps I need root hide for. So, there's no need for that unofficial alpha build anymore for me; in fact, I got rid of it. Please disregard that link.
I have zero interest in rooting my phone, but because 5G/VoLTE/VoWiFi are not supported in my country (Slovakia) I had to root it. After successful root, passing SafetyNet and pretty much make everything to work as expected, my Company Portal is detecting root when running Teams and Outlook provisioned by my Company Portal despite having them in DenyList. Is there anyone who managed to pass this?
Thank you.
Happened to me as well. I used Shamiko magisk module and it's all good now.
@chaos193, did you use Riru along?
Or maybe even better question if you don't mind - what modules are you using to successfully pass SafetyNet and hide root?
Can you list them one by one, please?
Either use Shamiko or MagiskHidePropsConf to mask additional properties. I can confirm that InTune Company Portal works fine with SafetyNetFix + Shamiko
p4ra said:
@chaos193, did you use Riru along?
Or maybe even better question if you don't mind - what modules are you using to successfully pass SafetyNet and hide root?
Can you list them one by one, please?
Click to expand...
Click to collapse
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
chaos193 said:
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
Click to expand...
Click to collapse
Quick question @chaos193 - I haven't updated Shamiko to 0.6 as the update states that it requires Magisk 25205+. Reckon that would be magisk canary? Or as you using 0.6 with Magisk stable?
WhoIsJohnGalt1979 said:
Quick question @chaos193 - I haven't updated Shamiko to 0.6 as the update states that it requires Magisk 25205+. Reckon that would be magisk canary? Or as you using 0.6 with Magisk stable?
Click to expand...
Click to collapse
I used it with magisk stable 25.2. I think we are all using magisk stable to root our phone right?
I have tried your suggestions, but still does not seem to work. Adding screenshots.
Can you help me, please? What is wrong with my setup?
Following steps work 100% - I had the same issue.
1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app
I had issue with a specific banking app which detects root by most of the methods. I made it working by using shamiko + airfrozen which i was not really liking.
Now i wnded up with a forked project of magisk bu Husky called magisk delta which brought back magisk hide along with zygisk. With this i don't need shamiko, magiskpropshide, airfrozen or any modules for hiding the root from apps. Yes for safetynet you can use the modded veraion by D. Below is the link. If you are interested have a look at Magisk Delta by HuskyDG... I use the magisk delta canary builds...
I have made it work with first approach. I did a restart of the phone and it worked.
What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.
Is there any other module I am missing for this last piece of puzzle?
And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.
p4ra said:
I have made it work with first approach. I did a restart of the phone and it worked.
What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.
Is there any other module I am missing for this last piece of puzzle?
And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.
Click to expand...
Click to collapse
I'm not quite sure which VoLTE/VoWiFi/5G Magisk module you are referring to, but I believe enabling 5G requires modified mbn files specific to your country/region.
Regarding OTAs, there are two "How To" guides here with all the details you need.
Blaze1001 said:
Following steps work 100% - I had the same issue.
1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app
Click to expand...
Click to collapse
I have done exactly this but it still detects
Oneplus 7 pro
LineageOS 19.1 Nov 27th nightly build
This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)b. Microsoft Authenticator (if you use it)c. Microsoft Defender (if you use it)5. Make sure you clear app data for the apps in the deny list after adding them to the deny list
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
craigacgomez said:
This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)b. Microsoft Authenticator (if you use it)c. Microsoft Defender (if you use it)5. Make sure you clear app data for the apps in the deny list after adding them to the deny list
Click to expand...
Click to collapse
s3axel said:
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
Click to expand...
Click to collapse
Still doesn't work. Its weird because it worked for one night and the next morning it stopped.
UPDATE: its LSPosed I think. But this is the only way to force dark mode on some apps....
UPDATE 2: I disabled forced dark mode on all Microsoft apps in LSPosed plugin and its looking good so far...
UPDATE 3: Had a full day with not a single root detection notification. Looks solid!
s3axel said:
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
Click to expand...
Click to collapse
one of the worse parts of it, if not the worst, is that nobody knows what it detects and there's no guide that applies to each and every device,
I tried in 3 devices, the exact same steps and files, etc, it worked on the 1st one, but on the other two.. no!
For all those who still got issues as another idea: Does Google Wallet work ? Is the device play protect certified ?
I ask because to get Wallet to work (and presumably other apps that rely on Safetynet and/or Play Protect certification) the additional step after #5 in the list above is: clear data for Google Play Services and Google Play Store, then reboot (your device will ask for Google backup configuration again).....
I got the same issue with an App called "SwissID". It recognizes magisk for some reason. All other Apps work (like banking, google wallet etc.)
chaos193 said:
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
Click to expand...
Click to collapse
Its work to me!!! Thanks