Question Safetynet fix for Android 12? - ASUS ROG Phone 5 / 5s

So the latest 31.0810.1226.77-1.1.138-2203 update has introduced Android 12..and killed Safetynet bypass. The kdragon Safetynet fix 2.2.1 no longer works and the device doesn't pass basic attestation either. Is there a workaround that doesn't involve unrooting it or are we ****ed for the time being? Goddamn Magisk had to deprecate their Magiskhide and safetynet bypass features. /rant

Just re-flash magisk should be enough. Else re-flash safetynet-fix-v2.2.1.zip after magisk.
course if you havent got TWRP installed you would have to re-flash the boot.img to get magisk working again.

I usually do that after every firmware update, reflashing the patched boot.img, and I already had the latest kdrag0n safetynet fix (2.2.1 as of now). This time after restarting on android 12, safety net failed and the Google pay app reported that my device is no longer certified. Guess I'll try again. Wait..is there finally now a TWRP for ROG 5? I miss using it from my old 1+3.
Edit - didn't work.

There is no TWRP for A12.
You will have to make a new patched boot image for A12. Go to Magisk and patch boot.img taken from Payload.bin (Payload dunper required) and flash it. That will get you root back.
Then you can use the universal safety net fix zip inside magisk.

BakaValen said:
Then you can use the universal safety net fix zip inside magisk.
Click to expand...
Click to collapse
Getting root on 12 is not the problem. The kdrag0n safetynet fix stopped working after upgrading to 12. I have the latest Zygisk version 2.2.1 that was updated last December.

I am on A12 latest. Rooted with safetynet passed using the fix. You must be doing something wrong.
Explain your process

Did the same process I've followed for every system update - patch boot.img with the payload dumper and patch script as described in this forum before applying the update, and flash it afterwards. The safetynet fix that had already been installed and working under 11 stopped, and removing and reapplying it does nothing.

Flash version 2.2.1.
I'm telling you. There is a process not being done correctly.
I'm on the latest A12 for the 5s with safetynet pass.
Send screenshots of install process (magisk black screen bit)

BakaValen said:
Flash version 2.2.1.
I'm telling you. There is a process not being done correctly.
I'm on the latest A12 for the 5s with safetynet pass.
Send screenshots of install process (magisk black screen bit)
Click to expand...
Click to collapse
Yes, I'm using 2.2.1. The flashing process appears to have worked, as shown -
It's the latest Magisk with zygisk enabled. FWIW here's the result of running safetynet test also.

KaiserSnorezay said:
Yes, I'm using 2.2.1. The flashing process appears to have worked, as shown -
It's the latest Magisk with zygisk enabled. FWIW here's the result of running safetynet test also.
Click to expand...
Click to collapse
Are you running Shamiko withLSPosed/Xprivacy + blocking tracking for Goog Play Services and the relevant apps? Safetynetfix 2.2.1 alone is no longer a full solution whether you're on A11 or A12 and regardless of your Magisk version...

If you mean adding play services to the deny list, then yes. Got rid of xprivacylua as it didn't help. Used it to block reading identifiers and tracking for play services and other components, to no avail. Right now even the basic integrity test is failing.
Update - Installed Shamiko, disabled the 'enforce denylist' in Magisk so that it takes over the job and rebooted..and nothing different.

Passed here just fine... all you need is a clean magisk install, then...
hide the magisk app itself.
enable zygisk, reboot.
flash zygisk version of usf https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.2.1
optionally: flash shamiko, reboot, then select play store and play service in deny list without enabling it.
check again in YASNAC, should pass now.

Don't know WTF is wrong this time, compared to every previous time it would just simply upgrade with no problems.
Installed this month's system update.
Uninstalled Magisk.
Patched the boot.img with Magisk, flashed it.
Reinstalled the Magisk apk. It was rooted, all my settings and modules showed up as usual.
Toggled zygisk to off, just to be sure, restarted, turned it back on, restarted.
NOTHING. Again the ****ing Safetynet fails.

KaiserSnorezay said:
Don't know WTF is wrong this time, compared to every previous time it would just simply upgrade with no problems.
Installed this month's system update.
Uninstalled Magisk.
Patched the boot.img with Magisk, flashed it.
Reinstalled the Magisk apk. It was rooted, all my settings and modules showed up as usual.
Toggled zygisk to off, just to be sure, restarted, turned it back on, restarted.
NOTHING. Again the ****ing Safetynet fails.
Click to expand...
Click to collapse
Google changed something today, as Google Pay now detects root when I had used it just yesterday without issue. It appears the safetynet fix needs fixing.

Strephon Alkhalikoi said:
Google changed something today, as Google Pay now detects root when I had used it just yesterday without issue. It appears the safetynet fix needs fixing.
Click to expand...
Click to collapse
Re-check that all GPay sub components are added to your Shamiko deny list and Shamiko configured properly (i.e with Magisk's own deny disabled). Also check and ensure that tracking is blocked for Gpay in Xprivacy.
If you don't have any one of those installed - you need it to be completely covered. Even if you pass Saftynet. Safetynet Fix and Magisk hide alone won't cut it, at least not currently. Tough apps like banking and payment apps will detect you.
Many people skip one or more of these and run into frustration with root detection..

I noticed that if I add Google play services (all components) to the Magisk deny list, it doesn't persist after reboot. Could that be it? Is it unable to modify the system partition? I'm using Shamiko, with Magisk enforce deny list option disabled.

Andrologic said:
Re-check that all GPay sub components are added to your Shamiko deny list and Shamiko configured properly (i.e with Magisk's own deny disabled). Also check and ensure that tracking is blocked for Gpay in Xprivacy.
If you don't have any one of those installed - you need it to be completely covered. Even if you pass Saftynet. Safetynet Fix and Magisk hide alone won't cut it, at least not currently. Tough apps like banking and payment apps will detect you.
Many people skip one or more of these and run into frustration with root detection..
Click to expand...
Click to collapse
It may be a glitch, as GPay is currently not complaining about root when I pull up one of my stored cards. Regardless, I don't have Shamiko installed, but will look into it so long as it doesn't require Xposed or any of its derivatives.
EDIT: Confirmed to be a glitch. Not more than five minutes prior to this edit I used GPay without trouble.

Did some more testing, given I had to install the latest June firmware anyway. Fully removed Magisk (I hadn't done this earlier) and reinstalled, it passes. The culprit for failure turned out to be LSPosed. When enabled, it fails SafetyNet. I can manage without it but if anyone knows a workaround please do tell.

KaiserSnorezay said:
Did some more testing, given I had to install the latest June firmware anyway. Fully removed Magisk (I hadn't done this earlier) and reinstalled, it passes. The culprit for failure turned out to be LSPosed. When enabled, it fails SafetyNet. I can manage without it but if anyone knows a workaround please do tell.
Click to expand...
Click to collapse
Same boat here. I got safetynet fix passed literally right after I disabled LSPosed. I glimpsed through the issues in LSPosed Github repo but they don't seem to be working on this.

I dont have any issues with safetynet.

Related

Bypass SafetyNet and V4A DRIVER

First of all i want to know how can i Stay encrypted and Install magisk 13.3 ?
currently i'm using SuperSU 2.82 SR3,My data is decrypted.
Rom:C185B184
Google Play: Uncertified
Last night,i've tried Suhide,and i couldnt pass ctsProfile...
and also Suhide has some bugs,like u cant uninstall any app when its activated and u cant Deactivate Suhide,unless u do full unroot.
And Also how can install Viper4Android's Driver Using SuperSU ?
Flash this for Magisk 13.3: https://mega.nz/#!I4FQzbyA!gBZelHmD3lGGwzGISUXkf7GQTUAq5i785d_qPHQOaVE
Or 13.5: https://mega.nz/#!V8EXRRoB!Dlv4gxa7smUhnacjVzHRVemLtZtKKTBfdQ5z0NhCQwY
Though you say you are decrypted now, flashing 13.3 or 13.5 will re-encrypt your /data.
If you want to stay decrypted, flash official 13.3 or 13.5.
Flash back your stock B184 boot image first.
As for SafetyNet, the build you're using is a beta, and pretty recent so it may not be approved by Google (and since beta it might not be approved later either). The even more recent build for your model is B186, and that's definitely not approved yet (released 14th of August).
You should be able to install V4A if you set selinux for permissive. Or you can flash this: https://mega.nz/#!J1FyiSLT!WQVsJ3DWNq3l-HDKcg06ISB4J5COpdabR8Q36A_R_LE
Or if you switch to Magisk there's a V4A module for it in Magisk Manager - Downloads.
i've installed B186 and its certified.
so can tell me how to install magisk on a fresh rom ? 0- 100
cause i've tried this before and i've faced bootloop !
Safetynet Problem
So I've figured it out until u don't unlock bootloader, u can pass safetynet without any problems.
Once I've unlocked my bootloader, I've got CTS Profile error...
Plus I'll get random FC since upgraded to B184 using Hwota method!
I'm on B186 right now and I've got FC again in chrome during this reply :laugh:
Update!
Help me @ante0
ezraiil1 said:
So I've figured it out until u don't unlock bootloader, u can pass safetynet without any problems.
Once I've unlocked my bootloader, I've got CTS Profile error...
Plus I'll get random FC since upgraded to B184 using Hwota method!
I'm on B186 right now and I've got FC again in chrome during this reply :laugh:
Click to expand...
Click to collapse
Did it pass CTS and basic on B186 before flashing magisk?
The FC, does apps close suddenly without warning? If so I think it's something else because it happens to me too on C432 B194. Same for people on c636 B188.
Could be the phone manager that's too strict.
ante0 said:
Did it pass CTS and basic on B186 before flashing magisk?
The FC, does apps close suddenly without warning? If so I think it's something else because it happens to me too on C432 B194. Same for people on c636 B188.
Could be the phone manager that's too strict.
Click to expand...
Click to collapse
Yes,I've Tried it before unlocking bootloader and it passed successfully ,and google play Status was certified too.
before installing magisk,right after i unlockd bootloader!
and then i install magisk and tried again,then both basic integrity and CTS profile failed.
Yes,Sometimes when u r using apps,they suddenly close and jump into app drawer,and when i open them again they start over.
(like chrome,Clash royale,Last Day on earth,Instagram...)
ezraiil1 said:
Yes,I've Tried it before unlocking bootloader and it passed successfully ,and google play Status was certified too.
before installing magisk,right after i unlockd bootloader!
and then i install magisk and tried again,then both basic integrity and CTS profile failed.
Yes,Sometimes when u r using apps,they suddenly close and jump into app drawer,and when i open them again they start over.
(like chrome,Clash royale,Last Day on earth,Instagram...)
Click to expand...
Click to collapse
Is magisk hide enabled in Magisk Manager? If not, check log in Manager to see if it tried to enable. Else try enabling USB debugging and disable then enable Magisk hide.
If it enables after that you're in the same boat as the rest of us. Mine actually worked flawlessly for a week or so, then I had to keep enabling USB debugging to get it running....
Not sure of it's intentional by Huawei that USB debugging gets disabled. Same goes for adb, have to enable USB debugging after each reboot to get it running. I guess a Tasker script could be made to enable it, and disable/enable magiskhide at boot.

Does SafetyNet work in OOS 10 + TWRP + Magisk for you?

I have followed the instructions here to update my OnePlus6 from OOS 09.09 to OOS 10. It all worked fine and I lost no data, although it has a few quirks. Minor bugs that I expect will get fixed in a coming release. The problem is that my phone no longer passes the SafetyNet tests, and so I can no longer use my phone for Google Pay. Is anyone else having that problem?
To be very clear, when on the 9.09 release with TWRP and Magisk my phone passed the SafetyNet tests and GooglePay work just fine. Now, both the Basic Integrity and CTS Profile Match tests fail.
I am on oneplus 6 android 10 openbeta 1
With unlock bootloader and encrypted.
Magisk installed.
This mod work on my phone
Yes. Passed both CTS and BasicIntegrity
Yep, here too. Everything passes, and i can pay with Google Pay.
ButtonBoy said:
I have followed the instructions here to update my OnePlus6 from OOS 09.09 to OOS 10. It all worked fine and I lost no data, although it has a few quirks. Minor bugs that I expect will get fixed in a coming release. The problem is that my phone no longer passes the SafetyNet tests, and so I can no longer use my phone for Google Pay. Is anyone else having that problem?
To be very clear, when on the 9.09 release with TWRP and Magisk my phone passed the SafetyNet tests and GooglePay work just fine. Now, both the Basic Integrity and CTS Profile Match tests fail.
Click to expand...
Click to collapse
Are you using edxposed? Google made some updates and is detecting edxposed, disable it and see if safety net passes.
ptmaniac said:
Are you using edxposed? Google made some updates and is detecting edxposed, disable it and see if safety net passes.
Click to expand...
Click to collapse
No. I did have AdAway & FDroid installed, though. I removed both of those, and still no joy.
ptmaniac said:
Are you using edxposed? Google made some updates and is detecting edxposed, disable it and see if safety net passes.
Click to expand...
Click to collapse
Turn on 'App List' in experimental settings and add all Google apps to the blacklist. Especially Play Services, Play Store and Framework as they are the culprits that detect EdXposed. Leave out any other Google apps that you have Xposed mods for such as Gmail and Play Store Dark Themes.

Question Can we still pass safety net?

Title. Im coming from the one plus 7, and am wondering if I'm still going to be able to pass safety net if I root my new phone.
It passes!
I had to use the magisk hide props config module, but I got my op9 the day it was released. Probably not needed with a newer version of magisk.
mx597turbo said:
I had to use the magisk hide props config module, but I got my op9 the day it was released. Probably not needed with a newer version of magisk.
Click to expand...
Click to collapse
I flashed boot img to obtain root. Even with Magiskhide I still failed Safety check. You are saying you passed ?
inspron said:
I flashed boot img to obtain root. Even with Magiskhide I still failed Safety check. You are saying you passed ?
Click to expand...
Click to collapse
I am rooted with Magisk and have MagiskHide enabled, and pass SafetyNet. I can use Google Pay with no issues.
Make sure you have Google Play Services ticked in MagiskHide settings (it should be ticked by default, but I don't know why else you would fail SafetyNet).
I too cannot seem to pass safetynet even after ensuring that G Play services is checked and installing props config. Any help would be appreciated.
xkelx said:
I too cannot seem to pass safetynet even after ensuring that G Play services is checked and installing props config. Any help would be appreciated.
Click to expand...
Click to collapse
Make sure that you click on everything you can find related to Google and check them off. You'll need to tap on the individual app/service and checkmark everything that isn't already checked, as Magisk doesn't seem to want to check everything off even when you tap the checkmark. There's a dropdown for each app/service if you tap on the name of it.
I've been working on my son's OP9 (haven't gotten mine yet). I couldn't pass SafetyNet until I used the canary version of Magisk. Download the canary version of the manager TJW's Github page then install and update. Clear data on Google Play and you should be good.
I'm passing with that and EdXposed.

Question Suddenly can't use Google wallet

Hi!
I have an issue and was wondering if anyone have a solution. Suddenly Google wallet stopped working, saying that my phone is not up to security standards. It worked fine until this Sunday.
I'm using beyondrom, magisk app (zygisk and hidden) with Universal safteynet fix v.2,4 and Shamiko v.0,6. I also have all Google services etc. in deny list.
Anyone have had the same issue and/or something to try to fix?
eddy92 said:
Hi!
I have an issue and was wondering if anyone have a solution. Suddenly Google wallet stopped working, saying that my phone is not up to security standards. It worked fine until this Sunday.
I'm using beyondrom, magisk app (zygisk and hidden) with Universal safteynet fix v.2,4 and Shamiko v.0,6. I also have all Google services etc. in deny list.
Anyone have had the same issue and/or something to try to fix?
Click to expand...
Click to collapse
What does Play Integrity Checker or TB Checker report for Play Integrity results?
V0latyle said:
What does Play Integrity Checker or TB Checker report for Play Integrity results?
Click to expand...
Click to collapse
Huh, actually only meets device and Basic Integrity, strong Integrity is red.
Any tips on what to do/check?
eddy92 said:
Huh, actually only meets device and Basic Integrity, strong Integrity is red.
Any tips on what to do/check?
Click to expand...
Click to collapse
Strong integrity will always be red on an unlocked bootloader. Basic and Device integrity are the only requirements, Wallet does not use Strong. If you don't already, enable DenyList on Wallet and GPay - make sure you expand and enable on all subprocesses. Then, clear Wallet data and reopen it.
I had this issue a few days ago and fixed it with this method.
V0latyle said:
Strong integrity will always be red on an unlocked bootloader. Basic and Device integrity are the only requirements, Wallet does not use Strong. If you don't already, enable DenyList on Wallet and GPay - make sure you expand and enable on all subprocesses. Then, clear Wallet data and reopen it.
I had this issue a few days ago and fixed it with this method.
Click to expand...
Click to collapse
I have tried this several times, even with installing the wallet app in between. Unfortunatley it does not work! I have no GPay app, just the Wallet one.
I have fixed several other apps with this method, but Wallet does not want to work with me
eddy92 said:
I have tried this several times, even with installing the wallet app in between. Unfortunatley it does not work! I have no GPay app, just the Wallet one.
I have fixed several other apps with this method, but Wallet does not want to work with me
Click to expand...
Click to collapse
If you're running the latest kdragon version of safteynet fix, try deleting the module and install the latest version of the safteynet fix by displax. I myself had problems sometime ago and this helped. Then clear everything again restart and it'll probably work.
erik2041999 said:
If you're running the latest kdragon version of safteynet fix, try deleting the module and install the latest version of the safteynet fix by displax. I myself had problems sometime ago and this helped. Then clear everything again restart and it'll probably work.
Click to expand...
Click to collapse
Hi, thanks for the tip. Sorry stupid question maybe, but where can i find Displax safteynet fix? When searching I can only find Kdrag0ns version. Even on Displax Github it seems to link to the Kndrag0n version.
EDIT: Sorry, nvm I found it! (Link if someone else is looking: https://github.com/Displax/safetynet-fix/releases)
Still does'nt work though
I just realised, with the latest beyondrom magisk got changed to magisk alpha, so you kinda have to go and re-hide the app and so on. Have you done that?
erik2041999 said:
I just realised, with the latest beyondrom magisk got changed to magisk alpha, so you kinda have to go and re-hide the app and so on. Have you done that?
Click to expand...
Click to collapse
I have not yet updated to BeyondROM 2.3, I am still on 2.2 BVL1 version (from december 22). I will update to version 2.3 when I can, then perhaps I can try these steps again. Meybe it can help.
I should not have to re-hide etc. since I didnt update, right?
Nope, sorry I thought you did. But that's probably the reason for why the wallet isn't working. In that case first update and go through all the steps, should work then. It's one of the reasons magisk got replaced by magisk alpha in the newest beyond rom version.
erik2041999 said:
Nope, sorry I thought you did. But that's probably the reason for why the wallet isn't working. In that case first update and go through all the steps, should work then. It's one of the reasons magisk got replaced by magisk alpha in the newest beyond rom version.
Click to expand...
Click to collapse
Excellent, I will try asap. Thanks for all help!!
eddy92 said:
I have not yet updated to BeyondROM 2.3, I am still on 2.2 BVL1 version (from december 22). I will update to version 2.3 when I can, then perhaps I can try these steps again. Meybe it can help.
I should not have to re-hide etc. since I didnt update, right?
Click to expand...
Click to collapse
If you're on a custom ROM you may need to use MHPC to spoof a valid device profile.
I had the same problem here, I managed to solve it by installing Magisk delta and Universal SafetyNet modded.

Question Google Wallet not working after February update

I have a rooted P7P and after latest update, I'm having problems to pay with Google Wallet.
Wallet says that my device is rooted and that's with it is insecure to use the app. No other apps complaining about the root.
Magisk 25.2 installed
Universal SafetyNet Fix 2.4.0 installed
On Magisk Configure DenyList:
Play Store
Play protect
Wallet
I didn't do any changes after the update and everything worked with no problem before. I used PixelFlasher to update and everything went fine. Funny thing is, sometimes if I reboot my phone, I can pay with it few times.
What am I missing?
miimaa said:
I have a rooted P7P and after latest update, I'm having problems to pay with Google Wallet.
Wallet says that my device is rooted and that's with it is insecure to use the app. No other apps complaining about the root.
Magisk 25.2 installed
Universal SafetyNet Fix 2.4.0 installed
On Magisk Configure DenyList:
Play Store
Play protect
Wallet
I didn't do any changes after the update and everything worked with no problem before. I used PixelFlasher to update and everything went fine. Funny thing is, sometimes if I reboot my phone, I can pay with it few times.
What am I missing?
Click to expand...
Click to collapse
Try using the USNF module by Displax (2.4.0 MOD 1.2). It has a separate thread.
Yeah Google pushed an update that broke the official SN 2.4. Use @Displax mod
Fishawy said:
Try using the USNF module by Displax (2.4.0 MOD 1.2). It has a separate thread.
Click to expand...
Click to collapse
Thank you!
I installed that and let's see how it works.
Btw, both USNF passed the YASNAC. So I don't know if that was the problem.
miimaa said:
Thank you!
I installed that and let's see how it works.
Btw, both USNF passed the YASNAC. So I don't know if that was the problem.
Click to expand...
Click to collapse
If payments still don't work after flashing the Displax mod, clear data & cache of Play Store, Play Services, and Wallet, then start fresh. Should be good to go by then.
Fishawy said:
If payments still don't work after flashing the Displax mod, clear data & cache of Play Store, Play Services, and Wallet, then start fresh. Should be good to go by then.
Click to expand...
Click to collapse
At least now the application does not indicate that it cannot be used. So I guess it works.
JakeDHS07 said:
Yeah Google pushed an update that broke the official SN 2.4. Use @Displax mod
Click to expand...
Click to collapse
Works like normal on Feb update for me with just USNF 2.4 from kdrag0n
Must be running an older GPS version. Don't worry it'll get ya
I can confirm that USNF module by Displax (2.4.0 MOD 1.2) works.

Categories

Resources