Database Info

Question Safety Net Failure

I'm on latest Firmware Rooted Using Magisk. Safety net failure even after Trying every fix modules hide options and what not. Kindly help.

It appears to be an issue with the newest release of the Magisk (the patch, not the app).
I can confirm mine was passing until installing an update to Magisk. After booting, it failed with or without the fix.

Found a fix on a telegram page, give full credits to modulesrepo and TeamFiles for finding this method.
-- Open Magisk and Flash Riru Core, But do not reboot.
-- Go back and flash Lsposed in magisk & reboot your device.
-- Now install XPrivacyLua apk
-- Open Lsposed and go to modules section and choose XPrivacyLua from there.
-- Select system framework, Settings storage and Google Play services there.(Uncheck the system apps from hide section settings for Play services to show up)
-- Reboot your device
-- Open XPrivacyLua and search google play services, click drop down menu in left of play services and tick 'use tracking' as shown in the screenshot.
-- Tick 'use tracking' on banking apps too and clear data of them after ticking
-- Now clear play services and play store data through your phone's settings.
-- Hide magisk and change name of magisk
-- Your Safetynet Should Pass Now!

Came across that a few days ago, but it seemed excessive.
[2023 FIX] Fix Magisk CTS Profile False Error - Bypass Safetynet
Magisk CTS Profile False Error is now popping up on almost everyone's device since Google made some changes in March. To Bypass Safetynet...
droidholic.com

Madbullben said:
Found a fix on a telegram page, give full credits to modulesrepo and TeamFiles for finding this method.
-- Open Magisk and Flash Riru Core, But do not reboot.
-- Go back and flash Lsposed in magisk & reboot your device.
-- Now install XPrivacyLua apk
-- Open Lsposed and go to modules section and choose XPrivacyLua from there.
-- Select system framework, Settings storage and Google Play services there.(Uncheck the system apps from hide section settings for Play services to show up)
-- Reboot your device
-- Open XPrivacyLua and search google play services, click drop down menu in left of play services and tick 'use tracking' as shown in the screenshot.
-- Tick 'use tracking' on banking apps too and clear data of them after ticking
-- Now clear play services and play store data through your phone's settings.
-- Hide magisk and change name of magisk
-- Your Safetynet Should Pass Now!
Click to expand...
Click to collapse
Thanks a lot, But thats a lot of modules for a phone without TWRP right now ....

I kept getting a failure error as well but now it's all good follow the instructions and links from this video. You don't have to follow the entire instructions you can skip to the part for the magisk safety net module and info

Now clear play services and play store data through your phone's settings ? how to do it ?

Deleted, posted in wrong thread, oops

Madbullben said:
Thanks! Really appreciated that you did this! The new chat bubbles are a good idea in theory but they are so bad and so much worse than the old chat heads and it was driving me crazy with the new chat bubble so this is amazing!
Click to expand...
Click to collapse
Did you make a wrong turn?

Did the fix. Safety net passes, Hulu and Disney+ work, but not Netflix
edit: got it working. restarting the first time didn't fix it, but the 2nd time did for some reason.

TiklMiPickles said:
Did the fix. Safety net passes, Hulu and Disney+ work, but not Netflix
edit: got it working. restarting the first time didn't fix it, but the 2nd time did for some reason.
Click to expand...
Click to collapse
Which one worked ?
Post #3 - The list or the video in Post #6 ?

JazonX said:
Which one worked ?
Post #3 - The list or the video in Post #6 ?
Click to expand...
Click to collapse
The video redirects to the latest canary build, so that is going to be broken.

twistedumbrella said:
The video redirects to the latest canary build, so that is going to be broken.
Click to expand...
Click to collapse
Loud and clear.
If no other option comes up, I will go with the guide with Riru.
It's a huge risk tbh, because ROG 5 doesn't have TWRP yet to revert if anything goes bad.

JazonX said:
Loud and clear.
If no other option comes up, I will go with the guide with Riru.
It's a huge risk tbh, because ROG 5 doesn't have TWRP yet to revert if anything goes bad.
Click to expand...
Click to collapse
Yeah. I'm waiting on the module to work. It's been converted to Riru, but both beta and canary builds of Magisk still fail. I haven't tested the stable one.

The one in the video works fine for me tho. Didn't work at first but for whatever magic reasons everything was fine after some restarts

twistedumbrella said:
Yeah. I'm waiting on the module to work. It's been converted to Riru, but both beta and canary builds of Magisk still fail. I haven't tested the stable one.
Click to expand...
Click to collapse
Just checked his github, sadly the latest version 2.1.0 seems to fix the issue - But it's a paid mod now.
Github has only 2.0.0 where the CTS still fails.

JazonX said:
Just checked his github, sadly the latest version 2.1.0 seems to fix the issue - But it's a paid mod now.
Github has only 2.0.0 where the CTS still fails.
Click to expand...
Click to collapse
It's not a paid mod. Only early access is paid - just wait until the developer releases it via github

twistedumbrella said:
Did you make a wrong turn?
Click to expand...
Click to collapse
Yep oops sorry about that

twistedumbrella said:
Yeah. I'm waiting on the module to work. It's been converted to Riru, but both beta and canary builds of Magisk still fail. I haven't tested the stable one.
Click to expand...
Click to collapse
As we don't have twrp, if something does fail can't we just use fastboot and flash the device again?

Madbullben said:
As we don't have twrp, if something does fail can't we just use fastboot and flash the device again?
Click to expand...
Click to collapse
Raw firmware can fix almost anything. Factory reset can fix the rest.

Bypass SafetyNet Attestation

I'm trying to bypass the SafetyNet chore by using MagiskHide and tools like this one.
I have yet to have success.
I have read lots of information about the topic, but most seems irrelevant and obsolete.
I use a custom ROM with Root enabled.
Can anyone please point me in the right direction of solving this issue?
Thank you.

It would help if you stated which ROM or Android version you are on...

pnin said:
It would help if you stated which ROM or Android version you are on...
Click to expand...
Click to collapse
Android 11, Octavi OS.

I see... can't really help, no experience.

Magisk, Universal SafetyNetFix and MagiskHideProps

robogo1982 said:
Magisk, Universal SafetyNetFix and MagiskHideProps
Click to expand...
Click to collapse
Of course, I have that installed and working according to tutorials, already...
Still, not working.

"Fixed" it by appending `LEGACY_MIFARE_READER=1` to `/system/vendor/etc/libnfc-nci.conf`.
However, this breaks my SIM service. Not sure, how those features are related, but here we are.

Another reboot seems to have fixed the SIM service issue.
Is this really it? Is the NFC problem really fixed after such a long time?
I cannot believe it.
I will test this for some time, just to be sure....

Did you force basic attestation in props?

I'm using ArrowOS 12 (ArrowOS 11 before that) and never had problems with SafetyNet.
Using latest Magisk, Zygisk and DenyList enabled. As for modules, I use GPay SQLite Fix and Universal SafetyNet fix. No other fixes or modules were necessary

if it's for banking apps, just check "Google services" on DenyList (first of all click the dots on right upper corner and check system apps). I was fighting that some time ago.
there's no need to install modules or do anything else, just check all apps U need on DenyList but the main app to deny is still "Google Services"

xSokol said:
if it's for banking apps, just check "Google services" on DenyList (first of all click the dots on right upper corner and check system apps). I was fighting that some time ago.
Click to expand...
Click to collapse
Enabled DenyList, checked Google Play Services and it stays checked. Checking Google Services Framework gets reverted each time I visit DenyList. There is no "Google services".
I found `*.gservices` as a sub-category of Google Services Framework. Disabled. Rebooted several times, after trying out multiple possibilities, but none did work. One time, even basic attestation was broken, which needed another reboot to fix.

no, sorry for my rush, it was about Google Play Services. I have never "denied" Google Services Framework.
what I would do is uninstall modules like "safetynet fix" and reboot to twrp, there's a fix for zygisk, install that one.
then reboot to system, clear all the data of an disobedient app, then go to Magisk DenyList and look for the app, check all services and search for Google Play Services again (I have to check it aftet every reboot somehow).
I just have had similar issue an hour ago with Revolut app because I crashed my system and had to dirty flash what swiped Magisk.
just be patient, it's not hard or complicated work

xSokol said:
there's a fix for zygisk, install that one.
Click to expand...
Click to collapse
Which one? Where? How?
xSokol said:
clear all the data of an disobedient app, then go to Magisk DenyList and look for the app, check all services
Click to expand...
Click to collapse
Check the app or what services? What exactly?

ok, then..
if You go in TWRP to "advanced" and then to "magisk" (sorry if the name isn't correct, I don't focus on names of options) and there are options like "install magisk 24..." or "uninstall magisk 24...", under that there are fixes, so You should find it, it's under "SafetyNet Fix". You need Zygisk, so get fix for Zygisk.
I was about the app that's not working, if You click on the bar with the name it will show its services. in standard Magisk denies only the main service of an app, but some apps require checking all of them.

hello @Aki-to , did U manage?

xSokol said:
hello @Aki-to , did U manage?
Click to expand...
Click to collapse
I did not dare to go into TWRP, because I am not absolutely sure if data or storage encryption works perfectly fine with TWRP on Android 11. I don't want to boot into TWRP and have everything encrypted and therefore unusable.
I did so many flashes and some of them had this problem, but I cannot remember if it was because of a failed flash or because it actually did not work.
I also do not want to remove encryption in Android Security Settings every single time I visit TWRP.
Posts like the following also sound very concerning.
[FIXED] How to remove data encryption in TWRP
Users of TWRP 3.1 on Doogee Mix (including myself) faced the mammoth problem of an encrypted storage after unlocking the bootloader and flashing the custom recovery. This problem is not peculiar to the Doogee Mix, any other device with TWRP 3.1+...
forum.xda-developers.com

there's no need to remove encryption, nothing abiut that.
I just have changed MIUI to 13 today, didn't change anything on TWRP, just installed Magisk from TWRP and checked all the bank apps, GPay and Google Play Services

Aki-to said:
"Fixed" it by appending `LEGACY_MIFARE_READER=1` to `/system/vendor/etc/libnfc-nci.conf`.
However, this breaks my SIM service. Not sure, how those features are related, but here we are.
Click to expand...
Click to collapse
Hi, could you share your Magisk module?

Haobin said:
Hi, could you share your Magisk module?
Click to expand...
Click to collapse
Sure, wanted to do that, anyway, but forgot about it.

Question Company Portal (InTune) detects root - anyone else?

I have zero interest in rooting my phone, but because 5G/VoLTE/VoWiFi are not supported in my country (Slovakia) I had to root it. After successful root, passing SafetyNet and pretty much make everything to work as expected, my Company Portal is detecting root when running Teams and Outlook provisioned by my Company Portal despite having them in DenyList. Is there anyone who managed to pass this?
Thank you.

Happened to me as well. I used Shamiko magisk module and it's all good now.

@chaos193, did you use Riru along?
Or maybe even better question if you don't mind - what modules are you using to successfully pass SafetyNet and hide root?
Can you list them one by one, please?

Either use Shamiko or MagiskHidePropsConf to mask additional properties. I can confirm that InTune Company Portal works fine with SafetyNetFix + Shamiko

p4ra said:
@chaos193, did you use Riru along?
Or maybe even better question if you don't mind - what modules are you using to successfully pass SafetyNet and hide root?
Can you list them one by one, please?
Click to expand...
Click to collapse
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.

chaos193 said:
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
Click to expand...
Click to collapse
Quick question @chaos193 - I haven't updated Shamiko to 0.6 as the update states that it requires Magisk 25205+. Reckon that would be magisk canary? Or as you using 0.6 with Magisk stable?

WhoIsJohnGalt1979 said:
Quick question @chaos193 - I haven't updated Shamiko to 0.6 as the update states that it requires Magisk 25205+. Reckon that would be magisk canary? Or as you using 0.6 with Magisk stable?
Click to expand...
Click to collapse
I used it with magisk stable 25.2. I think we are all using magisk stable to root our phone right?

I have tried your suggestions, but still does not seem to work. Adding screenshots.
Can you help me, please? What is wrong with my setup?

Following steps work 100% - I had the same issue.
1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app

I had issue with a specific banking app which detects root by most of the methods. I made it working by using shamiko + airfrozen which i was not really liking.
Now i wnded up with a forked project of magisk bu Husky called magisk delta which brought back magisk hide along with zygisk. With this i don't need shamiko, magiskpropshide, airfrozen or any modules for hiding the root from apps. Yes for safetynet you can use the modded veraion by D. Below is the link. If you are interested have a look at Magisk Delta by HuskyDG... I use the magisk delta canary builds...

I have made it work with first approach. I did a restart of the phone and it worked.
What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.
Is there any other module I am missing for this last piece of puzzle?
And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.

p4ra said:
I have made it work with first approach. I did a restart of the phone and it worked.
What I am wondering though is the following - I have used the VoLTE/VoWiFi/5G Magisk module, but I don't see the "HD" icon during the call, even though I can browse the internet (when I am not on WiFi). And despite 5G coverage of my current carrier in my area, I don't see 5G icon.
Is there any other module I am missing for this last piece of puzzle?
And last but not least. What scares me the most is that next OTA will completely screw me over after setting everything up. I wish there was a clear tutorial on how to OTA and keep the root without wiping everything out.
Click to expand...
Click to collapse
I'm not quite sure which VoLTE/VoWiFi/5G Magisk module you are referring to, but I believe enabling 5G requires modified mbn files specific to your country/region.
Regarding OTAs, there are two "How To" guides here with all the details you need.

Blaze1001 said:
Following steps work 100% - I had the same issue.
1. Use magisk canary.
2. Install universal safetynet fix MOD 2.0 from displax (Google for "displax github")
3. Use latest shamiko module
4. Activate zygisk
5. Don't enforce denylist
6. Go to denylist and chose all Microsoft apps and tick ALL options for each app.
7. Hide magisk app
Click to expand...
Click to collapse
I have done exactly this but it still detects
Oneplus 7 pro
LineageOS 19.1 Nov 27th nightly build

This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)​b. Microsoft Authenticator (if you use it)​c. Microsoft Defender (if you use it)​5. Make sure you clear app data for the apps in the deny list after adding them to the deny list

Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...

craigacgomez said:
This should be all that's needed to pass the compliance checks for Intune
1. Magisk (Zygisk mode)
2. SafetyNet v2.3.1-MOD_2.0
3. Shamiko v0.5.1 (or higher)
4. Magisk deny-list for the following apps (without Enforce deny-list)
a. Company Portal (Intune)​b. Microsoft Authenticator (if you use it)​c. Microsoft Defender (if you use it)​5. Make sure you clear app data for the apps in the deny list after adding them to the deny list
Click to expand...
Click to collapse
s3axel said:
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
Click to expand...
Click to collapse
Still doesn't work. Its weird because it worked for one night and the next morning it stopped.
UPDATE: its LSPosed I think. But this is the only way to force dark mode on some apps....
UPDATE 2: I disabled forced dark mode on all Microsoft apps in LSPosed plugin and its looking good so far...
UPDATE 3: Had a full day with not a single root detection notification. Looks solid!

s3axel said:
Don't know about this specific app, but in the past I had issues with detection of an "unsecure" device, that was related to ADB debugging being enabled in developer settings...
Click to expand...
Click to collapse
one of the worse parts of it, if not the worst, is that nobody knows what it detects and there's no guide that applies to each and every device,
I tried in 3 devices, the exact same steps and files, etc, it worked on the 1st one, but on the other two.. no!

For all those who still got issues as another idea: Does Google Wallet work ? Is the device play protect certified ?
I ask because to get Wallet to work (and presumably other apps that rely on Safetynet and/or Play Protect certification) the additional step after #5 in the list above is: clear data for Google Play Services and Google Play Store, then reboot (your device will ask for Google backup configuration again).....

I got the same issue with an App called "SwissID". It recognizes magisk for some reason. All other Apps work (like banking, google wallet etc.)

chaos193 said:
It's pretty much what @craigacgomez said. I used Shamiko 0.6 alongside LSposed zygisk release. I'm pretty sure LSposed is not needed but I have it just in case.
Click to expand...
Click to collapse
Its work to me!!! Thanks

[GUIDE] How to get SafetyNet working with MicroG

This is a tutorial on how to set up your phone so that you can consistently pass SafetyNet. Note that all this is from my own experience, and if what works on one device blows up another, that's not my problem and I'm not responsible for that. I will attempt to keep this tutorial as clean and simple as possible, but if you have any further questions that are more specific you are welcome to ask.
In order to be as simple as possible to understand, this guide assumes the following:
- You have a PC. Windows, Mac, the almighty Linux, it makes no difference.
- You have the android platform tools on your PC
- Your device has an unlocked bootloader.
- Your device does not have support for signature spoofing.
- Your device does not have Google's official play services on it.
- You have a working brain.
If one or more of the above is incorrect, you'll have to make more use of the last item on the list.
If the last item on the list is incorrect, you're beyond hope.
Now, the guide:
Step 1: Get some magisk on your phone
Setting up magisk is incredibly simple, and I won't be going into detail here. I would recommend installing the regular magisk app and patching your boot image, as that is what I've done.
Note that you do not need the magisk manager app for this guide at all.
I've attached the magisk app I used to this post. You'll need to install the app and make use of the "install" section of the home page.
Once magisk is installed and set up, you'll need to enable zygisk in the magisk settings. Then reboot.
Step 2: Installing MicroG
I am not going to list through all the possible way you can install microG. Instead, have a link to microG's wiki:
index - MicroG
r/MicroG: Subreddit about microG, a free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries. This …
www.reddit.com
Now here comes the important bit:
From everything I have seen, it appears clear that google stores information about each device that registers with it, and that this in turn will affect SafetyNet.
Therefore, the best way to prevent this leading to SafetyNet failing is to prevent connection with google completely - till the phone is ready.
Before you install microG, make sure your phone has both wifi and data turned off. Leave these off till the setup is complete. Note that only the phone needs to be disconnected, nothing else matters.
In essence, this means that google sees nothing till your device is setup correctly, and then SafetyNet has nothing to complain about.
Now that you've read every word of the above paragraph, go ahead and install microG on your phone.
Make sure you've got all the different components: Core, GSF Framework, FakeStore, and DroidGuard helper. If your installation method does not handle all of this for you, then it sucks, and you shouldn't have used it. Regardless, you can find apks for all of these at https://microg.org/
Step 3: Don't touch
As I've already made clear above, do not change any microG settings at this point. Don't enable device registration (if it's disabled), don't enable safetynet, and just generally leave microG settings alone for now. Oh yeah, and don't turn on wifi or data.
Step 4: Tricking SafetyNet
Everything up till now has just been preparation for actually tricking SafetyNet. So now that we've got all that out the way, let's get down to details:
First, downloads:
Download the latest zip: https://themagisk.com/magiskhide-props-config/
Download the latest zygisk zip: https://themagisk.com/universal-safetynet-fix/
Move these over to your phone and install them both as magisk modules.
Once these modules are installed and you've rebooted, connect your phone to your pc.
Open a terminal/command prompt in your platform tools folder, and type "adb shell props". You may need to grant the superuser permission from your phone.
Then choose option 1.
You'll then need to choose a device from the list available.
The key here is that we need to spoof our device fingerprint, so google thinks the device is certified, even if it actually isn't.
If your device is approved by google, then simply select your device model.
If not, things get a bit more unclear. Not every fingerprint will work for every device - If your device is vastly different from the one you are trying to spoof things may not always work correctly. The best advice I can give here is to choose a device that matches yours as closely as possible. As an example: if your device is made by Xiaomi but is not approved by google, I would select a fingerprint belonging to a Xiaomi device.
Keep in mind that if you try a fingerprint that does not work, you cannot simply switch it to something else and try again, as the SafetyNet history for the device has to be clean.
Once you've spoofed your device fingerprint and rebooted, you're almost ready to test out SafetyNet and google sign in. But first:
Step 5: Do you need signature spoofing?
To ensure things work as smoothly as possible, it's important to make sure you have signature spoofing working before you test SafetyNet. If you've got your own solution to that great. If not:
The first thing I have to point out is that a lot of sigspoof methods on google nowadays are outdated and semi-functional at best, working for a handful of devices. As this guide is intended to be a universal solution regardless of your device, the only answer is lsposed and fakegapps.
Download the latest zygisk zip: https://themagisk.com/lsposed/
Transfer it to your phone and install it as a magisk module.
I've attached the full lsposed manager apk to this post, as the parasitic one sucks. Install it and the fakegapps apk which I've also attached to this post.
You'll now need to enable fakegapps, and turn it on for anything that might need access to spoofing. This includes the system framework, all the microG stuff, and any app that needs to be fooled by microg. Then reboot.
Step 6: Ready to test
Everything should now be set up correctly.
Check the microG settings to make sure signatures are correctly being spoofed.
Enable device registration (if disabled).
Enable SafetyNet attestation.
At this point your phone should still be completely disconnected from the internet.
If you're happy everything is set up correctly, turn on your wifi or data, and test SafetyNet attestation.
Step 7: Done.
Hopefully you now have working SafetyNet and google sign in. If this does work for you, it means that safetynet is now stable on your device, and you are free to install whatever you want on it.
If it didn't work, keep in mind that this hasn't been tested on every device in existence. All I know is that this consistently works for me.
If your phone doesn't turn on, you probably need to charge it.
If your phone has exploded, you probably have a Samsung.
Thanks everyone for reading my guide, I hope you enjoyed! (Maybe it even worked)

RESERVED FOR STUFF

Your guide is well made but I have some things I would change.
1) Since everything has to be done offline and adb is used in linux installation at least I would recommend adding an tip with adb push ~/Downloads/safetynet-tools.zip /storage/emulated/0/Downloads.
Furthermore cause of it I recommend attaching a single zip with
tools so they can be moved easily to the device.
2) there is missing Information: you said in the guide that safety net trips extremely easily. During the entire process the device cant be connected to the internet but what if you want to install another app. For example what if you want to install another app later lets say Netflix for example. I know for a fact it requires safetynet. It would be configured automatically will it? This would conclude to permanetley lock safety net till its reinstalled.

hypethetime said:
Your guide is well made but I have some things I would change.
1) Since everything has to be done offline and adb is used in linux installation at least I would recommend adding an tip with adb push ~/Downloads/safetynet-tools.zip /storage/emulated/0/Downloads.
Furthermore cause of it I recommend attaching a single zip with
tools so they can be moved easily to the device.
Click to expand...
Click to collapse
Hi, I think you may have misunderstood slightly. Only the phone has to be offline, you can still connect it to a PC and download the files on the PC. The only important thing is that the device doesn't communicate with google till you are ready for it to.
hypethetime said:
2) there is missing Information: you said in the guide that safety net trips extremely easily. During the entire process the device cant be connected to the internet but what if you want to install another app. For example what if you want to install another app later lets say Netflix for example. I know for a fact it requires safetynet. It would be configured automatically will it? This would conclude to permanetley lock safety net till its reinstalled.
Click to expand...
Click to collapse
Once the process is complete, you can install whatever else you want and safetynet will not stop working. The main thing is that the process of setting up the device so that it can be approved is very easy to mess up, so that part has to be done carefully.
I'll edit the guide to make these points more clear.

Sense_101 said:
Hi, I think you may have misunderstood slightly. Only the phone has to be offline, you can still connect it to a PC and download the files on the PC. The only important thing is that the device doesn't communicate with google till you are ready for it to.
Click to expand...
Click to collapse
I knew you always were able to use pc and you miss understood me. I at least often had the problem with transferring files for some reseason and for this adb push is extremey helpful.
Regarding instaling more apps thank you for the answer and how quickly it came.

Sense_101 said:
This is a tutorial on how to set up your phone so that you can consistently pass SafetyNet. Note that all this is from my own experience, and if what works on one device blows up another, that's not my problem and I'm not responsible for that. I will attempt to keep this tutorial as clean and simple as possible, but if you have any further questions that are more specific you are welcome to ask.
In order to be as simple as possible to understand, this guide assumes the following:
- You have a PC. Windows, Mac, the almighty Linux, it makes no difference.
- You have the android platform tools on your PC
- Your device has an unlocked bootloader.
- Your device does not have support for signature spoofing.
- Your device does not have Google's official play services on it.
- You have a working brain.
If one or more of the above is incorrect, you'll have to make more use of the last item on the list.
If the last item on the list is incorrect, you're beyond hope.
Now, the guide:
Step 1: Get some magisk on your phone
Setting up magisk is incredibly simple, and I won't be going into detail here. I would recommend installing the regular magisk app and patching your boot image, as that is what I've done.
Note that you do not need the magisk manager app for this guide at all.
I've attached the magisk app I used to this post. You'll need to install the app and make use of the "install" section of the home page.
Once magisk is installed and set up, you'll need to enable zygisk in the magisk settings. Then reboot.
Step 2: Installing MicroG
I am not going to list through all the possible way you can install microG. Instead, have a link to microG's wiki:
index - MicroG
r/MicroG: Subreddit about microG, a free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries. This …
www.reddit.com
Now here comes the important bit:
From everything I have seen, it appears clear that google stores information about each device that registers with it, and that this in turn will affect SafetyNet.
Therefore, the best way to prevent this leading to SafetyNet failing is to prevent connection with google completely - till the phone is ready.
Before you install microG, make sure your phone has both wifi and data turned off. Leave these off till the setup is complete. Note that only the phone needs to be disconnected, nothing else matters.
In essence, this means that google sees nothing till your device is setup correctly, and then SafetyNet has nothing to complain about.
Now that you've read every word of the above paragraph, go ahead and install microG on your phone.
Make sure you've got all the different components: Core, GSF Framework, FakeStore, and DroidGuard helper. If your installation method does not handle all of this for you, then it sucks, and you shouldn't have used it. Regardless, you can find apks for all of these at https://microg.org/
Step 3: Don't touch
As I've already made clear above, do not change any microG settings at this point. Don't enable device registration (if it's disabled), don't enable safetynet, and just generally leave microG settings alone for now. Oh yeah, and don't turn on wifi or data.
Step 4: Tricking SafetyNet
Everything up till now has just been preparation for actually tricking SafetyNet. So now that we've got all that out the way, let's get down to details:
First, downloads:
Download the latest zip: https://themagisk.com/magiskhide-props-config/
Download the latest zygisk zip: https://themagisk.com/universal-safetynet-fix/
Move these over to your phone and install them both as magisk modules.
Once these modules are installed and you've rebooted, connect your phone to your pc.
Open a terminal/command prompt in your platform tools folder, and type "adb shell props". You may need to grant the superuser permission from your phone.
Then choose option 1.
You'll then need to choose a device from the list available.
The key here is that we need to spoof our device fingerprint, so google thinks the device is certified, even if it actually isn't.
If your device is approved by google, then simply select your device model.
If not, things get a bit more unclear. Not every fingerprint will work for every device - If your device is vastly different from the one you are trying to spoof things may not always work correctly. The best advice I can give here is to choose a device that matches yours as closely as possible. As an example: if your device is made by Xiaomi but is not approved by google, I would select a fingerprint belonging to a Xiaomi device.
Keep in mind that if you try a fingerprint that does not work, you cannot simply switch it to something else and try again, as the SafetyNet history for the device has to be clean.
Once you've spoofed your device fingerprint and rebooted, you're almost ready to test out SafetyNet and google sign in. But first:
Step 5: Do you need signature spoofing?
To ensure things work as smoothly as possible, it's important to make sure you have signature spoofing working before you test SafetyNet. If you've got your own solution to that great. If not:
The first thing I have to point out is that a lot of sigspoof methods on google nowadays are outdated and semi-functional at best, working for a handful of devices. As this guide is intended to be a universal solution regardless of your device, the only answer is lsposed and fakegapps.
Download the latest zygisk zip: https://themagisk.com/lsposed/
Transfer it to your phone and install it as a magisk module.
I've attached the full lsposed manager apk to this post, as the parasitic one sucks. Install it and the fakegapps apk which I've also attached to this post.
You'll now need to enable fakegapps, and turn it on for anything that might need access to spoofing. This includes the system framework, all the microG stuff, and any app that needs to be fooled by microg. Then reboot.
Step 6: Ready to test
Everything should now be set up correctly.
Check the microG settings to make sure signatures are correctly being spoofed.
Enable device registration (if disabled).
Enable SafetyNet attestation.
At this point your phone should still be completely disconnected from the internet.
If you're happy everything is set up correctly, turn on your wifi or data, and test SafetyNet attestation.
Step 7: Done.
Hopefully you now have working SafetyNet and google sign in. If this does work for you, it means that safetynet is now stable on your device, and you are free to install whatever you want on it.
If it didn't work, keep in mind that this hasn't been tested on every device in existence. All I know is that this consistently works for me.
If your phone doesn't turn on, you probably need to charge it.
If your phone has exploded, you probably have a Samsung.
Thanks everyone for reading my guide, I hope you enjoyed! (Maybe it even worked)
Click to expand...
Click to collapse
I have a Samsung galaxy note 10 plus running LineageOS 19.1. I'ts unlocked, and rooted with Magisk. Is there something about Samsung phones that are more likely to "explode" trying to install MicroG?

WheelingPigeon said:
I have a Samsung galaxy note 10 plus running LineageOS 19.1. I'ts unlocked, and rooted with Magisk. Is there something about Samsung phones that are more likely to "explode" trying to install MicroG?
Click to expand...
Click to collapse
Yeah, that's a joke

WheelingPigeon said:
I have a Samsung galaxy note 10 plus running LineageOS 19.1. I'ts unlocked, and rooted with Magisk. Is there something about Samsung phones that are more likely to "explode" trying to install MicroG?
Click to expand...
Click to collapse
Samsung phones have a history of "blowing" up. First they were actually dangerous in very few cases but now they can expand and pop of the back of your phone. As long as you switch the battery then your safe to use it.

AOSP Rom (signature spoofing unsupported, without MicroG installer)
After Root install patch for spoofing via NanoDroid Patcher
Open Magisk settings -> Enable Zygisk + Enforce DenyList, install module MagiskHide Props Config -> reboot
Open Termux or ADB, type su to set root permission then type props (option 1)
Install MicroG via APK or offical F-Droid app, grant Signature spoofing permission
If you want using play store, install patched version (F-Droid add repo NanoDroid)
Open MicroG Settings -> Self-Check -> make sure all box checked
Turn on Google device registration, Google SafetyNet, if CTS fail then install Universal SafetyNet Fix
Install magisk module App Systemizer, Busybox for Android NDK to change MicroG to system app

Some apps disappeared on the Play Store after I rooted my phone.

When I first rooted my phone, everything was fine but after a few days some apps started showing up as "This app won't work on your device"
It wouldn't be a problem since I can just download the APK's, but I need to use the Revolut app, it is only available as a mobile app and when you don't install it from the Play store, it just doesn't work.
Can anyone show me a workaround for this?
Maybe a way to trick play store into letting me download all the apps as usual
or a way to trick the app into thinking it's been installed from the play store.
I thought about locking the bootloader again (OEM) but it'll wipe all data, and I don't want that. Because it's been a few months since I rooted my phone and I have a lot of data.
My phone is Samsung Galaxy S10E - SM-G970F if this info means anything.

hmm, try unrooting it, install all apps you need, and then re-root it again.

NikolaTechGuy said:
hmm, try unrooting it, install all apps you need, and then re-root it again.
Click to expand...
Click to collapse
Rooting wipes all the data tho

Quidney said:
When I first rooted my phone, everything was fine but after a few days some apps started showing up as "This app won't work on your device"
It wouldn't be a problem since I can just download the APK's, but I need to use the Revolut app, it is only available as a mobile app and when you don't install it from the Play store, it just doesn't work.
Can anyone show me a workaround for this?
Maybe a way to trick play store into letting me download all the apps as usual
or a way to trick the app into thinking it's been installed from the play store.
I thought about locking the bootloader again (OEM) but it'll wipe all data, and I don't want that. Because it's been a few months since I rooted my phone and I have a lot of data.
My phone is Samsung Galaxy S10E - SM-G970F if this info means anything.
Click to expand...
Click to collapse
you must pass safetynet as well as play integrity api in order for the apps to reappear. You can check this status by downloading the application YASNAC for safetynet status and Play Integrity API checker for checking play integrity status.
If your using magisk then you can flash safetynetfix module from here.
Flashing it should make the Basic integrity and cts profile check from False to true in yasnac
It should also turn Basic Integrity and Device Integrity from a Cross to a Tick
Strong integrity will always fail for rooted users. so forget abt that
Then go to apps > find playstore > storage > clear data
Open playstore again and you'll see an outdated UI dont worry it'll restore on the next app opening
in playstore then tap on your profile picture at the top right then go to settings. Scroll down and see if the device is play protect certified.
If it is the apps should reappear.
This is way too overkill tbh. you could just install Aurora store and call it a day since its litt playstore without accounts and stuff.

Captain_cookie_200 said:
you must pass safetynet as well as play integrity api in order for the apps to reappear. You can check this status by downloading the application YASNAC for safetynet status and Play Integrity API checker for checking play integrity status.
If your using magisk then you can flash safetynetfix module from here.
Flashing it should make the Basic integrity and cts profile check from False to true in yasnac
It should also turn Basic Integrity and Device Integrity from a Cross to a Tick
Strong integrity will always fail for rooted users. so forget abt that
Then go to apps > find playstore > storage > clear data
Open playstore again and you'll see an outdated UI dont worry it'll restore on the next app opening
in playstore then tap on your profile picture at the top right then go to settings. Scroll down and see if the device is play protect certified.
If it is the apps should reappear.
This is way too overkill tbh. you could just install Aurora store and call it a day since its litt playstore without accounts and stuff.
Click to expand...
Click to collapse
Yes but if I install it from the Aurora store I won't be able to use Revolut probably.
Also I installed the module, and though the YASNAC check has 2 ticks, the Play Integrity checker says failed on "Device integrity" and "strong integrity." What do i do then?

Quidney said:
Yes but if I install it from the Aurora store I won't be able to use Revolut probably.
Also I installed the module, and though the YASNAC check has 2 ticks, the Play Integrity checker says failed on "Device integrity" and "strong integrity." What do i do then?
Click to expand...
Click to collapse
hm what method of rooting do you use?

Captain_cookie_200 said:
hm what method of rooting do you use?
Click to expand...
Click to collapse
if you flashed the safetynet fix in magisk already then im afriad i dont know what else is wrong

Captain_cookie_200 said:
hm what method of rooting do you use?
Click to expand...
Click to collapse
Downloaded the firmware, and changed it using magisk, flashed it using ODIN.
It's Magisk 25.2
Zygisk: Yes
Ramdisk: No
But I also have the "Hide Magisk" option, and Systemless Hosts module

Captain_cookie_200 said:
if you flashed the safetynet fix in magisk already then im afriad i dont know what else is wrong
Click to expand...
Click to collapse
Yep I did.

Quidney said:
Yep I did.
Click to expand...
Click to collapse
i dont know then. i passed safety net on one ui 5 on galaxy A32 4G using that module

Captain_cookie_200 said:
i dont know then. i passed safety net on one ui 5 on galaxy A32 4G using that module
Click to expand...
Click to collapse
I also passed the check after the 25th reboot. It took some time to adjust I guess.
But I cannot hide my magisk launcher, it gets detected by Revolut. Welp

Quidney said:
I also passed the check after the 25th reboot. It took some time to adjust I guess.
But I cannot hide my magisk launcher, it gets detected by Revolut. Welp
Click to expand...
Click to collapse
Actually there is a way to fix that as well.
First of all go to magisk then press the gear icon on top right then select Hide the Magisk app. Allow it to install unknown apps. Give it a good name Let it do its work. do not go to home or anywhere while it is reinstalling the apk as something else
Second of all download shamiko from here.
First make sure you have enforce denylist disabled in the magisk's settings. Yep disabled. if it is enabled toggle it off
Then flash shamiko and reboot. Now once you boot back into the system. Open magisk again (or the new reinstalled renamed magisk app) and go to settings and then go to configure denylist. Now find your app and press the checkbox
Now see if it bypasses the root detection. if not then clear all your apps in your recents and try again. This trick always helps to get around apps with root checks.

Captain_cookie_200 said:
Actually there is a way to fix that as well.
First of all go to magisk then press the gear icon on top right then select Hide the Magisk app. Allow it to install unknown apps. Give it a good name Let it do its work. do not go to home or anywhere while it is reinstalling the apk as something else
Second of all download shamiko from here.
First make sure you have enforce denylist disabled in the magisk's settings. Yep disabled. if it is enabled toggle it off
Then flash shamiko and reboot. Now once you boot back into the system. Open magisk again (or the new reinstalled renamed magisk app) and go to settings and then go to configure denylist. Now find your app and press the checkbox
Now see if it bypasses the root detection. if not then clear all your apps in your recents and try again. This trick always helps to get around apps with root checks.
Click to expand...
Click to collapse
Just noticed since you have magisk hide your either using magisk delta or an older version of magisk. I guess you could just use magisk hide but incase that isnt working the method above is the way to go.

Captain_cookie_200 said:
Just noticed since you have magisk hide your either using magisk delta or an older version of magisk. I guess you could just use magisk hide but incase that isnt working the method above is the way to go.
Click to expand...
Click to collapse
I have 25.2 (25200), Zygisk.
But There's an option in the settings right now it says "Restore the Magisk App" because I've already hidden it.

Captain_cookie_200 said:
Actually there is a way to fix that as well.
First of all go to magisk then press the gear icon on top right then select Hide the Magisk app. Allow it to install unknown apps. Give it a good name Let it do its work. do not go to home or anywhere while it is reinstalling the apk as something else
Second of all download shamiko from here.
First make sure you have enforce denylist disabled in the magisk's settings. Yep disabled. if it is enabled toggle it off
Then flash shamiko and reboot. Now once you boot back into the system. Open magisk again (or the new reinstalled renamed magisk app) and go to settings and then go to configure denylist. Now find your app and press the checkbox
Now see if it bypasses the root detection. if not then clear all your apps in your recents and try again. This trick always helps to get around apps with root checks.
Click to expand...
Click to collapse
I'm on the phone with my friend while she sleeps so I cannot reboot the phone >_<
But I'll update you tomorrow probably if it works.

Quidney said:
I have 25.2 (25200), Zygisk.
But There's an option in the settings right now it says "Restore the Magisk App" because I've already hidden it.
Click to expand...
Click to collapse
oh i see. wait how.do you have magisk hide then

Quidney said:
I'm on the phone with my friend while she sleeps so I cannot reboot the phone >_<
But I'll update you tomorrow probably if it works.
Click to expand...
Click to collapse
oh i see. i just tested it on my device and yes it works. the shamiko method is listed prevents the root detection. hope it works fine for you

Captain_cookie_200 said:
oh i see. wait how.do you have magisk hide then
Click to expand...
Click to collapse
I don't have "Magisk Hide" I think that is another feature (Superuser -> Hide) which does not exist for me.

Quidney said:
I don't have "Magisk Hide" I think that is another feature (Superuser -> Hide) which does not exist for me.
Click to expand...
Click to collapse
magisk hide was removed. anyways try the shamiko method and tell if it works

Captain_cookie_200 said:
magisk hide was removed. anyways try the shamiko method and tell if it works
Click to expand...
Click to collapse
Yep everything worked out. I have Revolut now, and it doesn't detect magisk or root.
I still don't have Google Pay, but that's a job for future me.