Mod Note
Closed upon OP request. Solution is in post #3.
Hello,
Ok so i have my Lenovo K33a42 with me, i have rooted it using magisk and installed Pixel Experience (right here). After installing the ROM, i saw i cant pass safety net (cts profile), i ignored it because i dont use any banking apps or such. When i tested safety net again today, i see a weird error saying "Can't access Google Play Services". Help me please. Thanks
Would you like to share your solution with us?
Ah sure,
So i couldnt pass CTS profile before Magisk 24 and after upgrading to Magisk 24 i couldnt pass safetynet at all. So i asked in android's discord and one guy asked me to enable Zygisk and install universal safetynet fix. I did it and i saw now i could pass basic integrity but not CTS profile (Note: my device does not use Hardware backed Attestation). Another guy there asked me to install MagiskHide Props Config module (after installing you have to do "su -c props" in a terminal emulator to do the next steps) and asked me to edit my device fingerprint according to my rom. As i am using Pixel Experience Android 9 i changed my fingerprint to Google Pixel 3 Android 9's. Before rebooting he asked me to enable Force Basic Key Attestation and then my phone automatically rebooted and then boom. I passed safetynet and to see if my device is certified or not i had to clear Google Play Services' data, i did it and after about some hours i checked Play Store and my device was certified. I still can't find Netflix on Play Store idk why. If you guys could help me out?
Thanks
Related
Hey everyone, I had ADT in my shop earlier today installing a security system. It comes with an app they call ADT Pulse which lets me arm/disarm/receive alerts/update profiles/all the usual stuff you'd expect. The problem is for some ridiculous reason it's checking for root and I don't know why but Magisk Hide isn't able to hide it.
Are there any other options I have on this one? (attached a couple screenshots)
Thanks everyone.
Does your phone pass safetynet? If so, it could be detecting magisk which you could repackage to a random name
Are you running a custom kernel with the unlocked bootloader flag patched ?
While you certainly can post for help here, you're probably better off posting in the Magisk General Support Discussion thread. The most basic of questions is whether you're passing SafetyNet.
krash2k said:
Hey everyone, I had ADT in my shop earlier today installing a security system. It comes with an app they call ADT Pulse which lets me arm/disarm/receive alerts/update profiles/all the usual stuff you'd expect. The problem is for some ridiculous reason it's checking for root and I don't know why but Magisk Hide isn't able to hide it.
Are there any other options I have on this one? (attached a couple screenshots)
Thanks everyone.
Click to expand...
Click to collapse
i had an app that magisk hide wasn't working with (i think it was concur or thinkorswim or an auth/2step app). also have patched kernel (flash 1.06) and passing safety net
i added the following to magisk hide and it started working. don't know which one did the trick, just added several to try, but haven't experienced any problems in over a month so i left em all added
android services library
android shared library
android_auto_generated_rro_....
chrome
come.google.android.gms.setup
device configuration
google connectivity services
google partner setup
google services framework
google support services
intent filter verification service
keep
key chain
Hey everyone sorry I wasn't getting alerts that there were responses here.
Magisk says:
SafetyNet Check Success
ctsProfile: true
basicIntegrity: true
I am not running a custom kernel.
Does your phone pass safetynet? If so, it could be detecting magisk which you could repackage to a random name
Click to expand...
Click to collapse
When I read this I remembered seeing a setting in Magisk to repackage itself so I went in and did that without expecting it to be that easy of a fix. Turned out that it was!
Problem solved, many thanks as always for the input here.
I installed the latest magisk apk and already flashed the zip file .
My phone is rooted properly but there is some error in safetynet checking it shows that: THE RESPONSE IS INVALID
The reason according to me is the empty payload
I have tried the beta version as well but still the error remains same
I want to play fortnite and use some banking apps but it doesn't allow me
I am using OnePlus 6
Any kind of help will be appreciated
Thanks!
Can someone help me out?
Please!!!
From what I read from the dev himself, Google Apps using the old API won't work so safetynet won't work with those apps anymore. Magisk is one of them. You'll have to wait for the devs to release a new version.
https://twitter.com/topjohnwu/status/1029239685338419200
Try this
I don't get that error message. I am running the stable version(v16.0) of Magisk on my OnePlus 6. I followed this guide to root my phone https://forum.xda-developers.com/oneplus-6/how-to/oneplus-6-unlock-bootloader-flash-twrp-t3792643
You should follow this guide from the start.
Or maybe try this module on Magisk first: MagiskHide Props Config
Please use the search function because this was already posted..... i know its hard to use the search but it keeps the forums nice and clean and people hate double posts
Hello Everyone,
I recently installed LineageOS 18.1 (build: lineage_kebab-userdebug 11). I have retrieved my Android ID using the ADB commands found here: Device Registration and registered my Android ID a few days ago but Google Play Store still shows: "Device is not certified" under Settings --> About --> Play Protect certification. Is there something I'm doing wrong or something else I need to do in order to get my device certified with Google Play Store?
use magisk hide props config I use the pixel 5 fingerprint and add new props
ro.product.model Pixel 5
ro.product.manufacturer Google
option 5 add those 2 after you change fingerprint you will pass and get stadia discounts just can't run edxposed I do but a few changes in that you fail hope that helps
ecompton59 said:
use magisk hide props config I use the pixel 5 fingerprint and add new props
ro.product.model Pixel 5
ro.product.manufacturer Google
option 5 add those 2 after you change fingerprint you will pass and get stadia discounts just can't run edxposed I do but a few changes in that you fail hope that helps
Click to expand...
Click to collapse
Thank you for the info. So you are saying in order to get my device "certified" with Google Play Store I need to root my device, add new props and change my fingerprint (I assume you mean Android ID)? I'm not sure what you mean by: "stadia discounts" or "edxposed". Also, I do not see where I need to root my device in the LineageOS documentation or the Google documentation so I'm still unclear why this must be done. Does Google block LineageOS devices from getting "certified" or something?
long as you used dual sim oos file to unlock your phone it won't unless you do something like that and Google thinks I have pixel 5 see pics I pass
alteredstate82 said:
Thank you for the info. So you are saying in order to get my device "certified" with Google Play Store I need to root my device, add new props and change my fingerprint (I assume you mean Android ID)? I'm not sure what you mean by: "stadia discounts" or "edxposed". Also, I do not see where I need to root my device in the LineageOS documentation or the Google documentation so I'm still unclear why this must be done. Does Google block LineageOS devices from getting "certified" or something?
Click to expand...
Click to collapse
Unlocking a bootloader breaks SafetyNet passes. This results in the play store as not being certified which usually hides specific apps such as Netflix and some other banking apps and will break them. Magisk is needed to help with spoofing your device to let the play store know your device is certified. Some ROMs have built in patches in which SafetyNet passes fine without root. I believe lineage does not do this with their ROM, so you will need magisk.
This is actually a decent article which describes this if you desire to read it - https://www.hexnode.com/blogs/safetynet-android-security/
azoller1 said:
Unlocking a bootloader breaks SafetyNet passes. This results in the play store as not being certified which usually hides specific apps such as Netflix and some other banking apps and will break them. Magisk is needed to help with spoofing your device to let the play store know your device is certified. Some ROMs have built in patches in which SafetyNet passes fine without root. I believe lineage does not do this with their ROM, so you will need magisk.
This is actually a decent article which describes this if you desire to read it - https://www.hexnode.com/blogs/safetynet-android-security/
Click to expand...
Click to collapse
Okay that makes sense. According to the: Patching Images section of the How to Install Magisk App guide I can install Magisk to the boot ramdisk (see screenshot). However, the LineageOS build I installed does not contain a "boot.img" in the zip file. There is however a "payload.bin" file which according to the: XDA Magisk Installation Guide I need to use "payload-dumper-go" to extract the boot.img from the payload.bin? Does that about sum it up or is there something else I'm missing?
alteredstate82 said:
Okay that makes sense. According to the: Patching Images section of the How to Install Magisk App guide I can install Magisk to the boot ramdisk (see screenshot). However, the LineageOS build I installed does not contain a "boot.img" in the zip file. There is however a "payload.bin" file which according to the: XDA Magisk Installation Guide I need to use "payload-dumper-go" to extract the boot.img from the payload.bin? Does that about sum it up or is there something else I'm missing?
Click to expand...
Click to collapse
Yep. You will need to extract the payload.bin file in which you will use the boot.img, then patch it with magisk, then flash the patched boot.img using fastboot. Then, you will need to use magiskhide to hide magisk itself and use the props spoof module to help with passing safetynet.
I want to say thank you for the help! I successfully installed Magisk and passed the SafetyNet checks! Everything seems to be working good. However, it seems my efforts might be wasted as Magisk is dropping support for hiding root access. This is unfortunate as I have a few job critical apps that will not work unless I hide them from root access in Magisk. Hopefully someone else will pick up the torch and continue development. It's a crime these big tech companies work so hard to prevent us from modifying hardware we own!
Hi, I flashed LineageOS 18.1 to my OnlePlus 8T (KB2003). The device is not rooted.
Since that, he device is no longer Play Protect certified and I am not able to install Netflix or use PayPal anymore.
Therefore I installed Magisk and MagiskHidePropsConf-v6.1.2 and followed the instructions above to change the fingerprint and hopefully hide, that the bootloader is unocked. But the device is still not certified (PayStore App > Settings > Info)
What have I done:
- extracted boot.img from LineageOS payload.bin
- boot.img was patched and fastboot flashed to my device (Patching_Images)
- 2 props added: ro.product.model: "Pixel 5", ro.product.manufacturer: "Google"
Did I forgot something?
But in general, why is it needed to change the fingerprint to Pixel 5? Should not work the default fingerprint of my OnePlus 8T as well?
BR Greg
gregattack said:
Hi, I flashed LineageOS 18.1 to my OnlePlus 8T (KB2003). The device is not rooted.
Since that, he device is no longer Play Protect certified and I am not able to install Netflix or use PayPal anymore.
Therefore I installed Magisk and MagiskHidePropsConf-v6.1.2 and followed the instructions above to change the fingerprint and hopefully hide, that the bootloader is unocked. But the device is still not certified (PayStore App > Settings > Info)
What have I done:
- extracted boot.img from LineageOS payload.bin
- boot.img was patched and fastboot flashed to my device (Patching_Images)
- 2 props added: ro.product.model: "Pixel 5", ro.product.manufacturer: "Google"
Did I forgot something?
But in general, why is it needed to change the fingerprint to Pixel 5? Should not work the default fingerprint of my OnePlus 8T as well?
BR Greg
Click to expand...
Click to collapse
All I needed to do to get Play Protect certified was to change my fingerprint to the OP8T KB2003 fingerprint included in MagiskHide Props Config. No other model spoofing needed.
I am still stuck on Widevine L3, however. Still haven't figured that one out, and may be unrelated.
Did you install and use the Universal SafetyNet Fix module?
If I set the kb2003 OP 8T (EU) fingerprint, it seemed not to work. But I will try again.
Do I need to clear some caches eg: play store, after changing the fingerprint or something else?
cpkelley94 said:
All I needed to do to get Play Protect certified was to change my fingerprint to the OP8T KB2003 fingerprint included in MagiskHide Props Config. No other model spoofing needed.
I am still stuck on Widevine L3, however. Still haven't figured that one out, and may be unrelated.
Click to expand...
Click to collapse
finally I installed Universal SafetyNet Fix and switched to the kb2003 fingerprint and reset all other modification like custom props for the pixel phone. Now it's working. No idea why it fails in previous approach
Strange, on my device. Not on lineage though - I pass safetynet without help from any modules. No props or even USF module. Rooted and bootloader unlocked.
Op8t 5g tmobile.
ykjae said:
Strange, on my device. Not on lineage though - I pass safetynet without help from any modules. No props or even USF module. Rooted and bootloader unlocked.
Op8t 5g tmobile.
Click to expand...
Click to collapse
which image are you using?
I read, that some images like https://evolution-x.org/ pass safetynet out of the box but I did'nt test this.
Finally the unlocked bootloader is the problem.
I've managed to hide root from the apps themselves by installing the Universal SafetyNet Fix and enabling Zygisk (Beta) and Enforce DenyList and adding the apps to the DenyList and I can use all the apps but now Play Store won't let me update Netflix or Revolut, as it says they're no longer compatible with my device.
I've now hidden the Magisk app, which hasn't helped, and I'm trying to install the Shamiko module from Telegram but if I choose "Normal Android Way" Magisk just closes and if I choose "File Way" it says "Unzip error". This isn't specific to the Shamiko zip though, it happens if I try to reinstall the Universal SafetyNet Fix zip.
I'm using the latest Magisk v24.1, although I notice that on the Home screen it says "Zygisk: No" even though it's enabled. The only other modules installed are Busybox, Call Recorder and Systemless Hosts.
EDIT: Nevermind. I found that this only happens when trying to install using ES File Explorer. If I use the default File Manager it works OK.
EDIT2: So I followed the steps here, from "Setup Fingerprint", setting it to Poco X3 NFC Global - Android 11, and cleared the data&cache for Play Store and Play Services and rebooted, and now the Play Store doesn't even show Netflix or Revolut, either in the list of installed apps or when I search for them. https://forum.xda-developers.com/t/rom-11-lineageos-official-surya-karna.4202533/post-84100067
EDIT3: I disabled "Enforce DenyList" and enabled the Shamiko (v0.4.3) module instead and rebooted and cleared the Play Store and Play Services cache again and now I'm back to where I was before, with Netflix and Revolut showing in the installed apps list (but not when I search for them) and unable to update as it says they're no longer compatible with my device.
EDIT4: Updated Universal SafetyNet Fix to v2.2.1 and used adb props to Force Basic Key attestation to surya (default value, was M200....). No change. Checking Safety Net with Root Checker says it fails.
Magisk 24.1, enabled Zygisk, enabled DenyList, added all Google apps to the DenyList. Renamed the Magisk package name.
Flashed kdrag0n's Universal SafetyNet fix, installed MagiskHide Props, enabled the surya fingerprint and forced basic attestation. All on LineageOS 18.1. Works fine, no issues so far. Didn't even need to clear data or cache for any apps, just rebooted the phone.
robogo1982 said:
Magisk 24.1, enabled Zygisk, enabled DenyList, added all Google apps to the DenyList. Renamed the Magisk package name.
Flashed kdrag0n's Universal SafetyNet fix, installed MagiskHide Props, enabled the surya fingerprint and forced basic attestation. All on LineageOS 18.1. Works fine, no issues so far. Didn't even need to clear data or cache for any apps, just rebooted the phone.
Click to expand...
Click to collapse
I'm using MIUI but I've literally done all of that and I still can't update Netflix or Revolut.
As explained by Lughnasadh here https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/post-86463103 we can't actually add Google Play Services to the DenyList, as doing so breaks USNF and it unticks automatically on reboot anyway. So I think all we can add to the list is Google Play Store.
doveman said:
I'm using MIUI but I've literally done all of that and I still can't update Netflix or Revolut.
As explained by Lughnasadh here https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/post-86463103 we can't actually add Google Play Services to the DenyList, as doing so breaks USNF and it unticks automatically on reboot anyway. So I think all we can add to the list is Google Play Store.
Click to expand...
Click to collapse
Why don't you guys simply stick to Magisk 23.0? Everything works fore with that version of Magisk
Noter2017 said:
Why don't you guys simply stick to Magisk 23.0? Everything works fore with that version of Magisk
Click to expand...
Click to collapse
I seem to have fixed this now by changing the device fingerprint from POCO X3 NFC Global to POCO X3 NFC Europe.
I have issues after the playstore updates. I can delete all data and at old version device is certified. But it updates itself and it's problem then on. Anyway to stop the playstore self update?
You could try Magisk's Detach module -- online repo is deprecated, but it is still around if you search for it...
I've had same issue about Revolut, I think Nerflix uses similar spies. but telling story short: I downloaded Revolut from ApkPure and cheched it on DenyList, reboot aaaaasaaaaaand it's all done, Revolut is getting updates and works as usuaully
Hi all,
I just installed LineageOS on my g100, and now a few apps are refusing to run - in particular netflix and my bank app (Fidelity). Also the TMNT game crashed at launch.
I went through https://forum.xda-developers.com/t/discussion-magisk-the-age-of-zygisk.4393877/ and installed Magisk, MagiskHide Props Config, and Universal SafetyNet Fix and now YASNAC gives me a pass for both Basic integrity and CTS profile match. TMNT works now!
However, I still can't install netflix or log into my bank app. I'm thinking that while I got a valid CTS profile, it's probably not the correct one for this device.
I think that what I need is for someone to run this command on an up-to-date stock firmware device:
Code:
getprop ro.build.fingerprint
Would anyone here be willing to do that for me?
---
Edit: I missed the section on adjusting prop values the first time through. Now my device is claiming to be a Pixel 6 and Fidelity works!
Netflix still won't install from the play store, but I sideloaded the apk and now it's working too!
It would still be nice to have the proper CTS profile/fingerprint if anyone gets a chance, though.
Try installing LineageOS, but from an older version, and try using other GApps
Not sure if you saw my edit, I've got everything working now. The phone is pretending to be a pixel 6.
motorola/nio_retail/nio:12/S1RTS32.41-20-16-1-5/d6673-9e875:user/release-keys
That is the latest firmware. In the playstore, settings, about it must say Device certified, if it doesn't delete the play store data and make changes. For me even with that saying device certified, Netflix didn't appear until the next day.
moxtrom said:
motorola/nio_retail/nio:12/S1RTS32.41-20-16-1-5/d6673-9e875:user/release-keys
That is the latest firmware. In the playstore, settings, about it must say Device certified, if it doesn't delete the play store data and make changes. For me even with that saying device certified, Netflix didn't appear until the next day.
Click to expand...
Click to collapse
Thank you!