In short I have a rooted OnePlus 3 with OOS 3.2.7, the latest OOS is 3.2.8 but has the November security patch which as I'm sure you known blocks xposed v86 which I need.. I also need to pass SafetyNet so I can't use OOS 3.2.8 without the updated Xposed v87 yet workout it being systemless I can't pass SN with it and even then I'm assuming suhide along with Root Switch still works at disabling root and hides Xposed
Anyway you see my predicament as I can't use Magisk v9 with Systemless xposed etc as I still can pass SafetyNet
Any help would be appreciated
v86.2 is the last systemless xposed that doesn't require Magisk. Every version after requires Magisk. You're still stuck though I believe. Magisk v9 + Phh SU is the only way to pass SafetyNet on the November patch. Once you flash xposed SafetyNet fails.
suhide doesn't work anymore since the November patch so you can forget about using that. It just bootloops.
Tikerz said:
v86.2 is the last systemless xposed that doesn't require Magisk. Every version after requires Magisk. You're still stuck though I believe. Magisk v9 + Phh SU is the only way to pass SafetyNet on the November patch. Once you flash xposed SafetyNet fails.
suhide doesn't work anymore since the November patch so you can forget about using that. It just bootloops.
Click to expand...
Click to collapse
Nope suhide works perfect even with xposed enabled on iOS 3.2.7
The magisk+phh option even though it fails SN will it still play Pokemon go?
steve51184 said:
Nope suhide works perfect even with xposed enabled on iOS 3.2.7
The magisk+phh option even though it fails SN will it still play Pokemon go?
Click to expand...
Click to collapse
That's because 3.2.7 is not on the November patch. Magisk v9 and Phh SU will pass SN. I've been using it on ROMs with November security patch. Just had to give up Xposed which sucks.
Sent from my Pixel using Tapatalk
Tikerz said:
That's because 3.2.7 is not on the November patch. Magisk v9 and Phh SU will pass SN. I've been using it on ROMs with November security patch. Just had to give up Xposed which sucks.
Sent from my Pixel using Tapatalk
Click to expand...
Click to collapse
See I don't get why anyone would give up xposed over the features in 3.2.8 which are in short nothing..
My oxygenOS version is 4.1.6, I installed Magisk with MagiskSU(topjohnwu) today but SafetyNet won't pass. I have MagiskHide enabled.
Any idea why?
Google updated SafetyNet so you're gonna have to use magisk core mode for now to pass safetynet
You can also switch to Magisk 13 which is currently passing for me without issues. I am no longer using any Magisk Modules as having those enabled was causing it to fail.
Or you can switch v13 beta to pass safetynet which is not stable yet
CJ-Wylde said:
You can also switch to Magisk 13 which is currently passing for me without issues. I am no longer using any Magisk Modules as having those enabled was causing it to fail.
Click to expand...
Click to collapse
Same
chazarss said:
Or you can switch v13 beta to pass safetynet which is not stable yet
Click to expand...
Click to collapse
Do I flash the beta directly or must I uninstall Magisk before and then install the beta?
Also, where can I find this beta?
Here is the link
Fredol7 said:
Do I flash the beta directly or must I uninstall Magisk before and then install the beta?
Also, where can I find this beta?
Click to expand...
Click to collapse
You can dirty flash the magisk v13 without uninstall the previous one but don't forget to update magisk manager app to v5.0.2 or the magisk v13 won't work
Here is the link
https://forum.xda-developers.com/apps/magisk/beta-magisk-v13-0-0980cb6-t3618589
Fredol7 said:
My oxygenOS version is 4.1.6, I installed Magisk with MagiskSU(topjohnwu) today but SafetyNet won't pass. I have MagiskHide enabled.
Any idea why?
Click to expand...
Click to collapse
Enable Magisk core module in only in the magisk settings to pass the safety net check. this is a temporary fix.
The following module works for me: https://forum.xda-developers.com/apps/magisk/xiaomi-safetynet-fix-t3600431
Using Magisk v12, with other modules working (not just core mode) and it passes Safetynet.
The Safetynet fix does change the device fingerprint, so I think it will screw up (prevent) OTA updates. But you can simply disable the module when an update rolls out.
redpoint73 said:
The following module works for me: https://forum.xda-developers.com/apps/magisk/xiaomi-safetynet-fix-t3600431
Using Magisk v12, with other modules working (not just core mode) and it passes Safetynet.
The Safetynet fix does change the device fingerprint, so I think it will screw up (prevent) OTA updates. But you can simply disable the module when an update rolls out.
Click to expand...
Click to collapse
The actual fix doesn't need the fingerprint change. There's a modified version here that have those prop changing lines commented out.
I have a Galaxy S5 that I recently loaded with Lineage 14.1. I'm having an issue with SafetyNet. I ran the uninstall.zip to get rid of Magisk 10, then installed Magisk 13.2. After boot up, all is well, and I pass SafetyNet check. Then I'm prompted to update Magisk Manager to 5.6.4. I allow the update, then reboot. After reboot, I no longer pass SafetyNet. Enabling Core Only Mode and rebooting does not fix the problem. I get "false" on both CTS Profile and Basic Integrity. I can't figure out what is going on. I've wiped and reloaded about 15 times now, and the same thing happens every time. As soon as I update Magisk Manager, the Safety Net fails.
install 13.3
13.2 no longer passes safetynet
Nomelas said:
install 13.3
13.2 no longer passes safetynet
Click to expand...
Click to collapse
After 13.3 auto-installed yesterday evening, everything is up and running again.
Magisk and bootloader check
Oh! The 13.3 docs clearly say MagiskHide hides unlicked bootloaders. My question below is moot, then, unless i misunderstood something. Time to.play on a Galaxy S5 before I unlock my LG V20. Sorry to waste everone's time.
This might be a stupid question, but I can find no discussion sbout Magisk and hiding the unlocked bootloader status returned by the verified boot check returned by the kernel which should be patched to not report having that feature.
I presume that is independent of what Magisk hides, or can it? It would have to know how to patch all kernels, no?
So, I look for patched kernels for specific LineageOS builds but can find no mention of such things.
Does Magisk do this, or do I have to find a patched version of the kernel, or patch it myself?
rhollan said:
Oh! The 13.3 docs clearly say MagiskHide hides unlicked bootloaders. My question below is moot, then, unless i misunderstood something. Time to.play on a Galaxy S5 before I unlock my LG V20. Sorry to waste everone's time.
This might be a stupid question, but I can find no discussion sbout Magisk and hiding the unlocked bootloader status returned by the verified boot check returned by the kernel which should be patched to not report having that feature.
I presume that is independent of what Magisk hides, or can it? It would have to know how to patch all kernels, no?
So, I look for patched kernels for specific LineageOS builds but can find no mention of such things.
Does Magisk do this, or do I have to find a patched version of the kernel, or patch it myself?
Click to expand...
Click to collapse
Magisk Hide hides it, see the source code of Magisk:
https://github.com/topjohnwu/Magisk...22b1dbb93b203/jni/magiskhide/hide_utils.c#L22
https://github.com/topjohnwu/Magisk...22b1dbb93b203/jni/magiskhide/hide_utils.c#L26
Deic said:
Magisk Hide hides it, see the source code of Magisk
Click to expand...
Click to collapse
I have verified this on a Galaxy S5 (I should really add my devices: rooted Galaxy S5 running LineageOS 14.1 and unrooted LG V20) and also verified that Magisk serves as a root gate with a root checker and that it allows SafetyNet checks to pass when installed with recent TWRP recovery and LineageOS 14.1. I have been a little reluctant yet to unlock the bootloader on the V20 since it's a one-way trip.
But. here's the weird thing: if I uninstall Magisk, SafetyNet checks still pass despite TWRP being installed along with LineageOS. Android Pay doesn't complain either (though I have not actually tried to purchase anything using it). So, what gives? Why do SafetyNet checks pass if these are installed? Maybe I should install non-systemless SuperSU and see if that makes the checks fail.
---------- Post added at 07:48 PM ---------- Previous post was at 07:43 PM ----------
Deic said:
Magisk Hide hides it, see the source code of Magisk:]
Click to expand...
Click to collapse
Oh My God! It's full of C!
Installed pixel experience using orangefox recovery. Don't know much about rooting. How to install magisk (without root) and pass the safetynet test?
Abhii1 said:
Installed pixel experience using orangefox recovery. Don't know much about rooting. How to install magisk (without root) and pass the safetynet test?
Click to expand...
Click to collapse
follow this tutorial:
[2023 FIX] Fix Magisk CTS Profile False Error - Bypass Safetynet
Magisk CTS Profile False Error is now popping up on almost everyone's device since Google made some changes in March. To Bypass Safetynet...
droidholic.com
aarestu said:
follow this tutorial:
[2023 FIX] Fix Magisk CTS Profile False Error - Bypass Safetynet
Magisk CTS Profile False Error is now popping up on almost everyone's device since Google made some changes in March. To Bypass Safetynet...
droidholic.com
Click to expand...
Click to collapse
Thanks but i don't know how to install magisk
Abhii1 said:
Thanks but i don't know how to install magisk
Click to expand...
Click to collapse
Or you can install try other os.. wait until it fix..
I use ArrowOS for daily use, everything seems stable so far.. including safetynet.. no need root for safetynet secure on ArrowOS
You can install Magisk with adb sideload.
In Magisk you can currently install Magisk hide props config. With that you can change the device fingerprint to an official one. Also use the hide option to prevent Google play from acting up.
I do not know how to pass the cts test yet. There is another mode that can help (Universal SafetyNet fix).
But I have not managed to get it pass the test.
If you find out, let me know.
I have exported some files for the fingerprint from miui
I hope that can help. It is for global Rom.
So I'm trying to get Android 12 working with root and SafetyNet passing. I found that all the guides to be wrong or outdated. Problem with the latest Magisk canary is that it does not support MagiskHide. Problem with the latest stable Magisk (v23) is that it doesn't support Android 12. Here are the combinations I've tried:
Canary Magisk APK, Canary Magisk boot image, with Universal SafetyNet Fix v2.2.1 (Zygisk)
Result: No way to test if safety net passes within Magisk, but it doesn't seem to work.
Canary Magisk APK, Stable Magisk v23 boot image, with Universal SafetyNet Fix v2.1.3 (Riru)
Result: Does not work. MagiskHide automatically turns off after every reboot, probably because the canary boot image does not support it.
Stable Magisk v23 APK, Stable Magisk v23 boot image
Result: Device fails to boot. fast food indicates in an invalid signature. presumably happening because stable magisk v23 does not support Android 12.
Based on these test results these are my assumptions:
1. There is no way to run Magisk 23 on Android 12, and this article and its screenshot are fake:
https://www.droidwin.com/how-to-roo...k-on-android-12/#STEP_6_Boot_to_Fastboot_Mode
and this also does not work: https://krispitech.com/how-to-pass-safetynet-on-rooted-android-12/
OR
It was possible and Android 12 September 5th patch level but somehow not the latest December build?
There is no advantage to running mismatched Magisk APK and boot image versions
Both the Zygisk and Riru versions of the SafetyNet Fix do not work on the latest Android 12 builds.
The new DenyList system does nothing in allowing a SafetyNet bypass.
The ONLY working method That can possibly bypass safety net on Android 12 is using either of these 2 Magisk forks:
Custom Magisk by TheHitMan7 (Can’t find download link)
Alpha Magisk by vvb2060 (Can’t find download link)
Are these assumptions correct? Can someone please correct my misunderstandings?
You need Universal Safetynet Fix v2.2.0 or v2.2.1 which was just released 10 days ago.
To be honest, I haven't tried v2.2.1 yet, but I would imagine it will work. I'm on v2.2.0 right now.
Get it from here: https://github.com/kdrag0n/safetynet-fix
I have been using Magisk Canary 23016, USNF 2.2.0, and MagiskHide Props Config 6.1.2 on my Pixel 5 running the December Android 12 release. SafetyNet passes, GPay works.
I have DenyList blocking both GPay and Google Play Store..
Either you have something configured wrong, or you're having a unique issue. Others have been able to pass SafetyNet using a similar configuration.
No, Magisk Stable does not currently support Android 12. You MUST use Canary 23016; none of the previous builds properly handle the vbmeta flags in the boot image header.
I'm using the latest magisk canary, USNF 2.2.1 and no magisk hide props and am passing. I have Zygisk enabled, but that's about it. Install was flawless. Followed V0latyle's thread on going from A11 to A12 when the canary update dropped.
Thank you everyone, I got it working the way you said! I was super close.
-----------------------------------
V0latyle said:
I have been using Magisk Canary 23016, USNF 2.2.0, and MagiskHide Props Config 6.1.2 on my Pixel 5 running the December Android 12 release. SafetyNet passes, GPay works.
I have DenyList blocking both GPay and Google Play Store..
Either you have something configured wrong, or you're having a unique issue. Others have been able to pass SafetyNet using a similar configuration.
No, Magisk Stable does not currently support Android 12. You MUST use Canary 23016; none of the previous builds properly handle the vbmeta flags in the boot image header.
Click to expand...
Click to collapse
I only blocked play services with deny list and it worked.
One of the guides told me to flash stock vbmeta (idk what this is), and this bricked it until I re-flashed the ROM. But I guess that's not needed anymore.
flyoffacliff said:
Thank you everyone, I got it working the way you said! I was super close.
-----------------------------------
I only blocked play services with deny list and it worked.
One of the guides told me to flash stock vbmeta (idk what this is), and this bricked it until I re-flashed the ROM. But I guess that's not needed anymore.
Click to expand...
Click to collapse
Which guide?
V0latyle said:
Which guide?
Click to expand...
Click to collapse
How to Root Pixel Devices via Magisk on Android 12
In this comprehensive tutorial, we will show you detailed steps to root your Pixel device via Magisk running Android 12.
www.droidwin.com
On step 7. It says it's not necessary for some reason on newer devices but pixel 5 and older still require it. What does flashing this file actually do? Like what's the file made of?
flyoffacliff said:
How to Root Pixel Devices via Magisk on Android 12
In this comprehensive tutorial, we will show you detailed steps to root your Pixel device via Magisk running Android 12.
www.droidwin.com
On step 7. It says it's not necessary for some reason on newer devices but pixel 5 and older still require it. What does flashing this file actually do? Like what's the file made of?
Click to expand...
Click to collapse
Nothing needs to be done with vbmeta as long as you're using Magisk 23016.
I'll try to explain what it is and what it does as simply as I can but there isn't really a simple explanation...
Some components of Android system security, such as Verified Boot, incorporate a means by which the data being loaded from critical partitions is checked in real time as it is loaded. This is called "device-mapper verity". The raw data itself is read at the block device level and used to create a hash; this hash is then compared to a reference hash to determine the data has not been modified. The partition that contains this reference hash is vbmeta.
When the Android 12 beta was first released, Magisk had not yet been updated to properly handle Android 12 boot image headers. Verified Boot is disabled for the most part when the bootloader is unlocked; however some elements still remain to ensure you're booting a proper device boot image. Magisk did not preserve necessary information in the boot headers, so the device wouldn't boot; we would get a message in bootloader stating failed to load/verify boot images
We figured out a workaround for this: disable dm-verity and vbmeta verification altogether. This was done by flashing the vbmeta partition with those two options:
Code:
flash vbmeta vbmeta.img --disable-verity --disable-verification
The problem with this is it has some sort of safety interlock that prevents system from loading if verity/verification are disabled and /data isn't clean. So, rooting required wiping data. You probably discovered this during your "brick": you got a screen reading Cannot load Android system. Your data may be corrupt.
We also discovered that the vbmeta workaround had to be performed every time vbmeta was flashed - meaning no OTA updates, because if vbmeta was flashed without the disable options, we wouldn't be able to boot a patched boot image, and even if we re-disabled verity/verification, the device still wouldn't boot unless data was clean. The only way to update AND reroot AND keep data was to ensure that verity and verification were disabled every time the device was updated.
Fortunately, Magisk 23016 fixed all of this. We don't have to mess with vbmeta anymore. Magisk properly preserves the flags in the boot header, meaning that AVB recognizes it as a legitimate boot image, and the device is happy.
has anyone able to pass safety CTSprofile ?
Basic integrity is pass but CTSprofile Check isnt passed...
anybody able to pass in A12 (OnePlus Nord)
tried all effort but dint work, even Universal SafetyNet Fix v2.2.1 (Zygisk) isnt working..
its makes Basic Integrity Fail after Flash ( Universal SafetyNet Fix v2.2.1 (Zygisk).
I roll back to A11 then sadly....
shhahidxda said:
has anyone able to pass safety CTSprofile ?
Basic integrity is pass but CTSprofile Check isnt passed...
anybody able to pass in A12 (OnePlus Nord)
tried all effort but dint work, even Universal SafetyNet Fix v2.2.1 (Zygisk) isnt working..
its makes Basic Integrity Fail after Flash ( Universal SafetyNet Fix v2.2.1 (Zygisk).
I roll back to A11 then sadly....
Click to expand...
Click to collapse
You're doing something wrong. Don't overlook anything. I'm on Android 12.1 and pass safety net, Google pay works, Netflix works.
Have you configured the deny list in magisk?? If not do that then. I'd start fresh, don't connect to anything on first start. Hide everything about those Google apps. Then add your accounts etc etc. This is what worked for me no problem
thatsupnow said:
You're doing something wrong. Don't overlook anything. I'm on Android 12.1 and pass safety net, Google pay works, Netflix works.
Have you configured the deny list in magisk?? If not do that then. I'd start fresh, don't connect to anything on first start. Hide everything about those Google apps. Then add your accounts etc etc. This is what worked for me no problem
Click to expand...
Click to collapse
I would like to know, how you are able to pass? I mean It is passed using Universal safetynet fix by Kdragon?
or without fix?
as you mention in your screenshot that you have put all google services in denylist,
I've already done that..
anything else ? you done it? can you show screenshot of your safetynet pass??
shhahidxda said:
I would like to know, how you are able to pass? I mean It is passed using Universal safetynet fix by Kdragon?
or without fix?
as you mention in your screenshot that you have put all google services in denylist,
I've already done that..
anything else ? you done it? can you show screenshot of your safetynet pass??
Click to expand...
Click to collapse
I'm using the latest safetynet fix v2.2.1 Kdragon
thatsupnow said:
I'm using the latest safetynet fix v2.2.1 Kdragon
Click to expand...
Click to collapse
Yes, you are able to pass both .. but i am having issue with OnePlus Nord A12..
On A11 i was able to pass without Universal fix..
but as I applied OTA of A12...
I lose safetynet pass.
let me know do you have any workaround?
I've applied Universal fix by Kdragon.. but before flashing Universal fix of Zygisk I was able to pass Basic Integrity but as soon as I flash Kdragon Universal fix of Zygisk both CTS profile & Basic Integrity gets failed... !!!!
I am still looking for solution to fix this issue..!! if you have any work around.. let me know.. I will do my best.. may be i need to modify device fingerprints with Security patch.? what you say?
shhahidxda said:
Yes, you are able to pass both .. but i am having issue with OnePlus Nord A12..
On A11 i was able to pass without Universal
I've applied Universal fix by Kdragon.. but before flashing Universal fix of Zygisk I was able to pass Basic Integrity but as soon as I flash Kdragon Universal fix of Zygisk both CTS profile & Basic Integrity gets failed... !!!!
Click to expand...
Click to collapse
shhahidxda said:
Yes, you are able to pass both .. but i am having issue with OnePlus Nord A12..
On A11 i was able to pass without Universal fix..
but as I applied OTA of A12...
I lose safetynet pass.
let me know do you have any workaround?
I've applied Universal fix by Kdragon.. but before flashing Universal fix of Zygisk I was able to pass Basic Integrity but as soon as I flash Kdragon Universal fix of Zygisk both CTS profile & Basic Integrity gets failed... !!!!
I am still looking for solution to fix this issue..!! if you have any work around.. let me know.. I will do my best.. may be i need to modify device fingerprints with Security patch.? what you say?
Click to expand...
Click to collapse
You do realise that your posting on the pixel 5 forum right?? I'd maybe go checkout what they are doing on the OnePlus side of the tracks
thatsupnow said:
You do realise that your posting on the pixel 5 forum right?? I'd maybe go checkout what they are doing on the OnePlus side of the tracks
Click to expand...
Click to collapse
Yes, I knew i am posting in Pixel 5 and this topic isnt mention on Oneplus section..
I am looking for a solution of this issue.. but nobody has mention it till now.
Android 12.1 + Magisk 25.1 + Zygisk + Google Play services on enforced Denylist > Works charmingly
Note 1: Enforce Denylist for all the Google Play services modules on Magisk.
Note 2: After reboot, clear data of Google Play services and Play Store to make a fresh start.
pseudokawaii said:
Android 12.1 + Magisk 25.1 + Zygisk + Google Play services on enforced Denylist > Works charmingly
Note 1: Enforce Denylist for all the Google Play services modules on Magisk.
Note 2: After reboot, clear data of Google Play services and Play Store to make a fresh start.
Click to expand...
Click to collapse
I have the same running on a Galaxy S10, but every time I put Google Play Services on the enforce Denylist and reboot it no longer shows there. I'm trying to be able to use my banking app, it worked charmingly on magisk 24 but not anymore. Any advice?
El3ssar said:
I have the same running on a Galaxy S10, but every time I put Google Play Services on the enforce Denylist and reboot it no longer shows there. I'm trying to be able to use my banking app, it worked charmingly on magisk 24 but not anymore. Any advice?
Click to expand...
Click to collapse
What do you mean by "it no longer shows there"? Does the Google Play services disappear after putting on denylist? Did you enable the "Enforce Denylist" option? Did you do a retest of SafetyNet after reboot?
El3ssar said:
I have the same running on a Galaxy S10, but every time I put Google Play Services on the enforce Denylist and reboot it no longer shows there. I'm trying to be able to use my banking app, it worked charmingly on magisk 24 but not anymore. Any advice?
Click to expand...
Click to collapse
Yea and it won't stick I've tried that too. You don't need to add Google Play services to the deny list anyway
thatsupnow said:
Yea and it won't stick I've tried that too. You don't need to add Google Play services to the deny list anyway
Click to expand...
Click to collapse
If you're using Universal Safetynet Fix, Play Services is blocked out of the box. I had the same thing happen in one of the newer releases and thought it was an issue. It isn't. Play Services is blocked even though it doesn't show it.