I cant get safetynet to pass no matter what I do. - Magisk

I have a Galaxy S4 on Optimised CM14.1. I used the magisk that came with the ROM. I got safetynet to pass once, and have never been able to get it again.
Any help is appreciated!

BeastMode6 said:
I have a Galaxy S4 on Optimised CM14.1. I used the magisk that came with the ROM. I got safetynet to pass once, and have never been able to get it again.
Any help is appreciated!
Click to expand...
Click to collapse
Check to see if selinux is set to "Permissive", safetynet will fail if it detects a kernel with selinux set to permissive. To check this in the terminal type "getenforce" if it says "permissive", you can type "su" to get a root shell then type "setenforce 1" to enable Enforcing. In adb you can type the same, however you need to type "adb shell" prior to accomplish the same. Once enabled safetynet should pass. To set the selinux back to permissive type "setenforce 0" in a root shell. good luck!
Sent from my SM-T813 using Tapatalk

It says it's enforcing already.

BeastMode6 said:
It says it's enforcing already.
Click to expand...
Click to collapse
OK, make sure you have magisk-hide enabled in the magisk manager settings. I think safetynet checks for root as well, so if your rooted with magisksu, then all you should need to do is enable magisk-hide. If you don't have the magisk manager you can download it from google play.

I have hide on, still fails. I've also restarted like 5 times to no effect.

Check if Hide is working on your device by adding a root checker app to the Hide list. If it can't detect root, at least we know the Hide works.
After that, check SafetyNet with an app like SafetyNet Playground or SafetyNet Helper. Do you pass basic integrity?
Lastly, please upload a Magisk log.

When I added root checker to magisk hide, it can still detect root. The root request message pop'ed up, and I hit grant. Safetynet playground fails on absolutely everything.

BeastMode6 said:
When I added root checker to magisk hide, it can still detect root. The root request message pop'ed up, and I hit grant. Safetynet playground fails on absolutely everything.
Click to expand...
Click to collapse
if all else fails you might try uninstalling and reinstalling magisk, it might get rid of any errant files that maybe lingering around. You never really know whats really lies under the hood with pre-packed ROMs.

brians018883 said:
if all else fails you might try uninstalling and reinstalling magisk, it might get rid of any errant files that maybe lingering around. You never really know whats really lies under the hood with pre-packed ROMs.
Click to expand...
Click to collapse
I've already tried that, didn't work.

BeastMode6 said:
I've already tried that, didn't work.
Click to expand...
Click to collapse
hmm ... you might try enabling core only mode, it could be conflicting magisk modules, if it that's culprit then you would need to then re-enable each module one by one until you trigger the error. It could be an init script and unrelated to magisk. My best advice is to do a backup, do a clean install of lineage os, then install magisk, and see if that works.

(Removed)

brians018883 said:
hmm ... you might try enabling core only mode, it could be conflicting magisk modules, if it that's culprit then you would need to then re-enable each module one by one until you trigger the error. It could be an init script and unrelated to magisk. My best advice is to do a backup, do a clean install of lineage os, then install magisk, and see if that works.
Click to expand...
Click to collapse
YAY core only mode seemed to have fixed it. It's passing now with core only mode and magisk hide.
I've made an interesting discovery. When I go to magisk hide and try to enable hide for the google play store, it now no longer passes safety net (cts mismatch) until I reboot.

BeastMode6 said:
YAY core only mode seemed to have fixed it. It's passing now with core only mode and magisk hide.
I've made an interesting discovery. When I go to magisk hide and try to enable hide for the google play store, it now no longer passes safety net (cts mismatch) until I reboot.
Click to expand...
Click to collapse
good, glad you made some progress!
Best not to hide google play store, magisk hide by default hides safety net, blocking the store may screw with google play services.
Oh since you are on a cm/lineage based rom and to save you some headaches, avoid turning on magisk's busybox implementation, since cm roms use toybox a more enhanced version of busybox it confuses the OS by overlaying the busybox binaries over toybox's binaries and magisk eventually loses root until you do reboot, not mention makes the system sluggish and almost unusable. I learned that the hard way.
Happy Tweaking!

Related

Magisk Banking apps not working

I was using the Xposed framework today and every app kept crashing so disabled Xposed framework and related modules.
However, afterwards my banking apps stopped working.
These apps are logging me off because they detect my phone has been jailbroken.
The app in question is Lloyds banking app (UK)
I have Magisk 16.0 on a Samsung S8 G950F with renovate ice 7.2 installed
Everything was working before
When I tap on safety net check i get all success
In Magisk hide the apps I want to hide the status of are checked (lloyds being one)
I uninstalled, cleared cache of the app, restart the phone and installed the app again, then before starting it up I checked the option in Magisk hide and then opened the app. However it didn't work.
Any idea what I am missing?
Thank you
http://www.didgeridoohan.com/magisk/MagiskHideHidingRoot
Tried those options already
Hide Magisk manager but didn't work
I would uninstall the banking app or delete it's memory completely. The app might have stored the root status and a phone usually does not unroot anymore.
Unfortunately the banks do not see that the owner of a rooted phone usually works more on keeping his phone safe and free of ads.
I'm going to try that again but doubt it will work as I have tried it already. Maybe there's something residual left that can't be removed even after cleaning the data. I see a lot of apps folder in my file manager from apps that I deleted ages ago.
LLoyds bank
went to bank info and cleared cache and data
Uninstalled app
went to file manager and removed residual files folders
installed clean master and did a cache junk file clean up
restart phone in recovery and cleared cache and dalvic cache
rebooted phone and installed lloyds banking app
opened magisk manager before opening lloyds and ticked lloyds app in magisk hide
opened app and inputted login information
same error: your device appears to be jailbroken etc
Have you tried with Magisk v16.7 (MagiskHide has been improved since v16.0)?
Have you tried repackaging the Manager?
Have you tested if the app is detecting Magisk in the Manager name?
Have you tried grabbing a logcat, to see if it's possible to figure out what's happening?
Etc...
In other words: All of the things that are found in the link I gave you earlier.
is your kernel set to permissive? ive noticed if i set kernel to enforcing then my banking app works with magisk hide. im with santander uk
dead0 said:
is your kernel set to permissive? ive noticed if i set kernel to enforcing then my banking app works with magisk hide. im with santander uk
Click to expand...
Click to collapse
That is interesting. MagiskHide should be able to hide a permissive SELinux. I wonder why it doesn't seem to work...
Didgeridoohan said:
That is interesting. MagiskHide should be able to hide a permissive SELinux. I wonder why it doesn't seem to work...
Click to expand...
Click to collapse
it is strange... seems on latest builds of banking apps, they are somehow still detecting if kernel is permissive or enforcing.
cpu2007 said:
I was using the Xposed framework today and every app kept crashing so disabled Xposed framework and related modules.
However, afterwards my banking apps stopped working.
These apps are logging me off because they detect my phone has been jailbroken.
The app in question is Lloyds banking app (UK)
I have Magisk 16.0 on a Samsung S8 G950F with renovate ice 7.2 installed
Everything was working before
When I tap on safety net check i get all success
In Magisk hide the apps I want to hide the status of are checked (lloyds being one)
I uninstalled, cleared cache of the app, restart the phone and installed the app again, then before starting it up I checked the option in Magisk hide and then opened the app. However it didn't work.
Any idea what I am missing?
Thank you
Click to expand...
Click to collapse
If it's anything like Barclays's App, once it detects a rooted phpne, that's it - you're stuffed, as the App sends the phone's identity to Barclays's blacklist. The only way out is a reflash, which will give the phone a new identity.
.
DaystromLIVR said:
If it's anything like Barclays's App, once it detects a rooted phpne, that's it - you're stuffed, as the App sends the phone's identity to Barclays's blacklist. The only way out is a reflash, which will give the phone a new identity.
.
Click to expand...
Click to collapse
To follow-up, it appears that Barclays doesn't use SafetyNet, but something called libShield (??!).
Whenever Barclays detects root on one of my phones, I have to reflash it to stock, thus giving it a new identity.
I have to follow this sequence, in order to prevent tripping:
Reflash the device to stock
Make sure you get Magisk installed BEFORE re-installing the banking app.
Once you've installed the banking app, DO NOT RUN IT yet.
Make sure MagiskHide is ticked for that banking app (and any related apps, like Pingit).
Do the 'randomise Magisk\'s package name' thing.
Set the Superuser thing to 'deny' by default (Barclays seems to trip if it detects that a user is pressing DENY, by the longer time taken).
Reboot
Make sure everything is working
Then, start the app, and begin the reregistration process.
It's happened on me to. On Bank Mandiri App. On other Bank running normaly. The issues happened after upgrade into Magisk 17.1
On Magisk 16.x it's Work without any issue.
Any clues what going on and how to fix it?
repackaging the Manage with a random name is the trick,i did it and its works
In my case (RaiPay in Romania) I did all things except reflashing and it did not work.
Logcat: https://gist.github.com/eusebiu/8110ef85b1d4093c557b32a101fac299
eusebium said:
In my case (RaiPay in Romania) I did all things except reflashing and it did not work.
Logcat: https://gist.github.com/eusebiu/8110ef85b1d4093c557b32a101fac299
Click to expand...
Click to collapse
Hi, I also have RaiPay (Czech rep.), please try to change SELinux to "enforcing" with this module, it works for me:
https://forum.xda-developers.com/apps/magisk/module-magisk-selinux-manager-t3760042
PlagueCz said:
Hi, I also have RaiPay (Czech rep.), please try to change SELinux to "enforcing" with this module, it works for me:
https://forum.xda-developers.com/apps/magisk/module-magisk-selinux-manager-t3760042
Click to expand...
Click to collapse
Hey! Thanks for replying! In my case it was already set to "enforcing". I tried changing it using KA-Mod from enforcing to permissive and back but still same result.
eusebium said:
Hey! Thanks for replying! In my case it was already set to "enforcing". I tried changing it using KA-Mod from enforcing to permissive and back but still same result.
Click to expand...
Click to collapse
Hi, sry I didn't reply, too busy.
Please try following Magisk modules:
Busybox for Android NDK
Magisk SELinux Manager (set to enforcing)
MagiskHide Props Config
SafetyPatch
SQLite for ARM aarch64
Modules can be found in Magisk "Downloads" tab (except SELinux manager).
I have these modules installed and my RaiPay works, in combination with enforcing SELinux. I think both our RaiPay apps are very similar if not the same.
PlagueCz said:
Hi, sry I didn't reply, too busy.
Please try following Magisk modules:
Busybox for Android NDK
Magisk SELinux Manager (set to enforcing)
MagiskHide Props Config
SafetyPatch
SQLite for ARM aarch64
Modules can be found in Magisk "Downloads" tab (except SELinux manager).
I have these modules installed and my RaiPay works, in combination with enforcing SELinux. I think both our RaiPay apps are very similar if not the same.
Click to expand...
Click to collapse
Thanks for answering! I think the SafetyPatch was not correctly installed as I get an error message at boot (something with Android has an internal system error. Contact the manufacturer) => not working...
eusebium said:
Thanks for answering! I think the SafetyPatch was not correctly installed as I get an error message at boot (something with Android has an internal system error. Contact the manufacturer) => not working...
Click to expand...
Click to collapse
Yes, I get the same message, is your RaiPay working? And have you tried RaiPay without Magisk installed on your device?

[Help] Magisk hide works only when retoggled

Details: Huawei P20 Pro running 9.0. Magisk Manager v7 (latest), Magisk v18.2 (latest canary) original package name. Safety net passed.
I tested to make sure that magisk hide is working properly on my device. https://play.google.com/store/apps/details?id=com.revolut.revolut&hl=en_GB. This app does not have fingerprint login enabled without magisk hide. Hence when I turn off magisk hide, you can't use fingerprint to login into the app. When I turn it back on, fingerprint login works. Also my bank app works.
Here is the problem. https://play.google.com/store/apps/details?id=com.starlingbank.android&hl=en_GB. This app does not seem to run even when magisk hide is on. Here's the kicker, even though magiskhide has been toggled and confirmed working, upon opening this app it will show the usual "device not secure/rooted" message. After this it somehow disable magiskhide as my revolut app no longer prompts for fingerprint and my bank app stops working.
I have to go back into magisk and retoggle magisk hide for it to work again. (However the starling bank app still fails the root check)
I'm really really frustrated now and will appreciate any help.
UDPATE: I did some stuff from https://forum.xda-developers.com/apps/magisk/how-to-bypass-lloyds-root-detection-t3837206, the adaway host list. Added MagiskHide Props Config. I also set tasker to toggle magiskhide whenever I turn on my screen. Seems to work more consistently for now
Check the Magisk main thread and Github, there is a known problem with Magisk Hide in the 18.x. I went back to 17.x which work for me without any problems.
lambstone said:
Details: Huawei P20 Pro running 9.0. Magisk Manager v7 (latest), Magisk v18.2 (latest canary) original package name. Safety net passed.
I have to go back into magisk and retoggle magisk hide for it to work again. (However the starling bank app still fails the root check)
I'm really really frustrated now and will appreciate any help.
Click to expand...
Click to collapse
If Magisk Hide Of Magisk 18.x Is Working Intermittently (Which Means Also The Device Will Not Pass The SafetyNet Sometimes), Try To Use The Module Of Microsoft Intune Company Portal Hider Which Includes Also The Functionality Of Re-Enabling Magisk Hide Every 5 Min. For Magisk 18.x From This Thread https://forum.xda-developers.com/apps/magisk/module-microsoft-intune-company-portal-t3780451. Awaiting Your Feedback.
Dreamer(3MF) said:
The Functionality Of Re-Enabling Magisk Hide Every 5 Min
Click to expand...
Click to collapse
Doesn't this cause battery drain?
akxak said:
Check the Magisk main thread and Github, there is a known problem with Magisk Hide in the 18.x. I went back to 17.x which work for me without any problems.
Click to expand...
Click to collapse
Hi, some questions. Do I have to install also the Manager v6.10 to install Magisk v17.3? Or can I leave the last Manager? Then, I uninstall Magisk from the app and them I flash the v17.3 from (temporary) TWRP, is it correct?
Simone_ASR said:
Hi, some questions. Do I have to install also the Manager v6.10 to install Magisk v17.3? Or can I leave the last Manager? Then, I uninstall Magisk from the app and them I flash the v17.3 from (temporary) TWRP, is it correct?
Click to expand...
Click to collapse
The latest Magisk Manager dropped support for Magisk 17 or older, you need the matching Manager..
akxak said:
The latest Magisk Manager dropped support for Magisk 17 or older, you need the matching Manager..
Click to expand...
Click to collapse
Thank you so much for your fast reply!
In the exact same situation as OP P20 Pro (maybe except im on LOS 16)
Magisk seems to be working fine passing safteynet and Root Beet finding nothing but yet the Starling Bank app and the Arriva Ticket app both figure out my phone is rooted after a while and lock out.
Had exact problem with Starling app with magisk hide and app on hide list. Turned out to be a direct build.prop modification so after resetprop -p all good now.
gkornaks said:
Had exact problem with Starling app with magisk hide and app on hide list. Turned out to be a direct build.prop modification so after resetprop -p all good now.
Click to expand...
Click to collapse
Can you expand on this a bit?
I've downloaded Magiskhide props config, and what do I have to do now?
For me, starling always works for couple of days and then it locks me out via the root screen.
republicj said:
Can you expand on this a bit?
I've downloaded Magiskhide props config, and what do I have to do now?
For me, starling always works for couple of days and then it locks me out via the root screen.
Click to expand...
Click to collapse
I modified a build.prop directly before magisk install so compromised the system partition. I've used resetprop to mask it. Like you I'm occasionally getting root warning as well and have to re-authorise so magisk hide in 18.1 not perfect as mentioned a lot in a forum.
Hi,
it seams that the problem is still there. I have to retoggle Magisk Hide at every reboot of the phone.
Is there any workaround or any ETA on the fix?
Thank you.
No one?
Never ask for ETAs...
https://github.com/topjohnwu/Magisk/issues/1654
Didgeridoohan said:
Never ask for ETAs...
https://github.com/topjohnwu/Magisk/issues/1654
Click to expand...
Click to collapse
Ok, I'm sorry about that , I just needed a confirmation that the problem was still there. Thank you for the reply!
Yes it's till here. I cannot login to Arriva bus app with Magisk 20.1.

Safety Net Failed in Safe Mode

Hello. I have unlocked bootloader with TWRP installed with default Stock Kernel. Also I have Magisk 20.4 with Edxposed installed and I can't pass the Safety Net. Until before 2-3 months the problem was due to Edxposed. If I deactivate the Riru core from Magisk then I passed the Safety Net. Now something very strange happens and the Edxposed is not only the Suspicious. If I disable it then again I Failed the Safety Net. I tried in safe mode in which disables Magisk, Edxposed and all extra apps (it leaves only the Play Store and some default apps like Duo if I remember well) etc ... and I can't pass the Safety Net again. I tried to Reflash the rom via TWRP so that to have the default boot.img and default boot recovery but again can't pass the Safety Net. How can detect what is which makes the Safety Net to be failed ?
Note 1 : I know that if I make format so that to erase not only the system partition but and data with internal partition and flash the rom from beginning then I would pass the Safety Net as new user but all this process is NOT solution because I should install all the apps with settings and transfer all personal data from the beginning.
Also the sense is to understand for which reason something happens and NOT to make format to resolve all the problems because you will never become better and the unique solution would be the format which is some process, time consuming.
Note 2: The Valid Pass in Safety Net is NOT always from Magisk but from some other third party software like Root Checker which can do the same job. The reason is that the most usual to check Safety Net is from Magisk which make someone to make Magisk to Pass Safety Net but ONLY VISUAL. What I mean ? If you install the HiddenCore Module from Edxposed then the Magisk show that you Pass the Safety Net while any other similar software like Root Checker shows as result failed and if you go to search Netflix or Revolut in Google Play which is some quick way to check if you really pass or fail the Safety Net then you can't find them as result due to failing in Safety Net.
Johnn78 said:
Note 1: I know that if I make format so that to erase not only the system partition but and data with internal partition and flash the rom from beginning then I would pass the Safety Net as new user but all this process is NOT solution because I should install all the apps with settings and transfer all personal data from the beginning.
Click to expand...
Click to collapse
I don't have the solution for your issue specifically, but I have a tip for you in case you would need to reinstall the whole system in the end: you can use titanium backup, or oendbackup (this one you find at f-droid), or another root backup solution (either free, or paid like swift backup) to save your apps + data, so you can recover it later without having to go through the whole annoying process of doing/installing/configuring everything again. Making it a lot easier.
abacate123 said:
I don't have the solution for your issue specifically, but I have a tip for you in case you would need to reinstall the whole system in the end: you can use titanium backup, or oendbackup (this one you find at f-droid), or another root backup solution (either free, or paid like swift backup) to save your apps + data, so you can recover it later without having to go through the whole annoying process of doing/installing/configuring everything again. Making it a lot easier.
Click to expand...
Click to collapse
If I have the app which makes the perfect restore then I wouldn't have problem to make format so that to make restoring later. In past I had tried the twrp which has option for backup but the restore in system and data partition is not good. I couldn't restore the apps such it was when I had made the backup. C an the titanium or oandbackup restore the apps such it was when Imake the backup ?
If you boot into Android Safe Mode, Magisk and modules are still active (unless you use the current Canary, 20411+, in which case Magisk will disable all modules). It's just the Manager and other apps that are disabled.
First thing you should check is if MagiskHide is even enabled, and if it is you should toggle it off and on again.
Second thing is to see if it works. Add a root app or an app like Rootbeer to the Hide list and see if it detects root.
And more: https://www.didgeridoohan.com/magisk/MagiskHide#hn_SafetyNet
Didgeridoohan said:
If you boot into Android Safe Mode, Magisk and modules are still active (unless you use the current Canary, 20411+, in which case Magisk will disable all modules). It's just the Manager and other apps that are disabled.
First thing you should check is if MagiskHide is even enabled, and if it is you should toggle it off and on again.
Second thing is to see if it works. Add a root app or an app like Rootbeer to the Hide list and see if it detects root.
And more: https://www.didgeridoohan.com/magisk/MagiskHide#hn_SafetyNet
Click to expand...
Click to collapse
I don't know if finally happens something with hide of Magisk. I had until now the Root Checker to check about rooting and SafetyNet. If I run Root Checker then it tells me that I am rooted (and failed SafetyNet) and if I hide It then it refers that I am unrooted such the first image shows. But question is, is that correct or happens such with Magisk that may refers that you pass the Safety Net while is reality is NOT truth ? I say this, because I run the Root beer which you told me but if I hide it or not then in both situations, it refers that I am rooted (image 2 & 3). The hide isn't seem to not doing anything because If I don't hide Root beer then such you can see I have 6 "X" while if I hide it then I have only one in "Root Management Apps". Whats means this result ? I tried to turn off and on again from the settings of Magisk the hide but not any result.
That likely means that MagiskHide is working but that you haven't repackaged the Magisk Manager with a random package name. There's an option for that in the Manager settings.
That also means that the SafetyNet failure is because of your setup. Something is triggering it and you're going to have to figure out what. Use the information in the link I posted earlier to help you on your way.
Didgeridoohan said:
That likely means that MagiskHide is working but that you haven't repackaged the Magisk Manager with a random package name. There's an option for that in the Manager settings.
That also means that the SafetyNet failure is because of your setup. Something is triggering it and you're going to have to figure out what. Use the information in the link I posted earlier to help you on your way.
Click to expand...
Click to collapse
Now I saw this setting in settings about repacking with random name. Is this new setting in Magisk ? Because I don't remember to have seen it again in previous Magisk versions. If I go to repackage it, it has as default name "Manager". Should I leave this name or to change this to someother random name ?
Johnn78 said:
Now I saw this setting in settings about repacking with random name. Is this new setting in Magisk ? Because I don't remember to have seen it again in previous Magisk versions. If I go to repackage it, it has as default name "Manager". Should I leave this name or to change this to someother random name ?
Click to expand...
Click to collapse
It's not a new feature... I had to go back and check, but John showcased the first version of hiding the Manager in August 2017 and it was then included in the release of Magisk v14.0 in September 2017. The hiding mechanism has improved a lot since then, but the concept has been around for a while.
Some root detection methods actually do look for "Manager" in the app label (stupid way of detecting root, but hey), so renaming it to something else could be a good idea. It won't hurt, that's for sure.
Didgeridoohan said:
It's not a new feature... I had to go back and check, but John showcased the first version of hiding the Manager in August 2017 and it was then included in the release of Magisk v14.0 in September 2017. The hiding mechanism has improved a lot since then, but the concept has been around for a while.
Some root detection methods actually do look for "Manager" in the app label (stupid way of detecting root, but hey), so renaming it to something else could be a good idea. It won't hurt, that's for sure.
Click to expand...
Click to collapse
I repacked it with different name and the rootbeer appears as result not rooted but the safety net remained sa failed. After I unistalled completly the EdXposed with its modules, LuckyPatcher & Magisk. Also I run and the Magisk Unistaller via twrp and the Edxposed unistaller (this failed because it couldn't detect the edxposed as install due to unistallation of edxposed before) and safety Net remained as Failed. I tried and in safe Mode but the problem persists. Overmore I restore the original boot.img so that to unistall the twrp and go back to original recovery but the Failing in safety Net remains either I go from normal boot either from safe mode. The only which I haven't tried is to lock again the bootloader but I don't believe that this is the problem because in past I always have it unlocked and had passed the Safety Net. I have read that the snet is the process of play store service which decides if mobile will pass the safetynet or not. Can't we unistall this service ?
& something else if you know it, the result of safety Net is "decided" only one time in every boot ? Because If it is some process which make the safety net to be failed and I kill the process then will I get immediate the pass in safety Net or I should restart the mobile as result the process will come again because it will be located in boot list ?
SafetyNet doesn't check for the Manager. That was just for you to fully hide Magisk from other detection methods.
If you uninstall Magisk you can't pass SafetyNet with an unlocked bootloader (unless you are using a custom kernel that masks the bootloader state). MagiskHide helps hiding the unlocked bootloader, so uninstalling it will trigger SN.
If you want to figure things out you have to leave Magisk installed with MagiskHide active (or lock the bootloader, but that's likely not advisable since it can brick your device unless you first restore it to completely stock).
Edit: you can of course go without Google services, but if you are using the stock OEM ROM this could prove troublesome and not worth the effort. If you do, you can of course not use any apps or services that depend on SafetyNet. What is your reason for wanting to pass SafetyNet anyway? Do you actually need it?
Didgeridoohan said:
SafetyNet doesn't check for the Manager. That was just for you to fully hide Magisk from other detection methods.
If you uninstall Magisk you can't pass SafetyNet with an unlocked bootloader (unless you are using a custom kernel that masks the bootloader state). MagiskHide helps hiding the unlocked bootloader, so uninstalling it will trigger SN.
If you want to figure things out you have to leave Magisk installed with MagiskHide active (or lock the bootloader, but that's likely not advisable since it can brick your device unless you first restore it to completely stock).
Edit: you can of course go without Google services, but if you are using the stock OEM ROM this could prove troublesome and not worth the effort. If you do, you can of course not use any apps or services that depend on SafetyNet. What is your reason for wanting to pass SafetyNet anyway? Do you actually need it?
Click to expand...
Click to collapse
Now with default boot, I will go to install Magisk so that via hiding to hide the the unlcking of bootloader. Do you consider some Magisk version as best ? Stable or canary or something else ?
Lately I want to istall the Revolut & the Google Play store can't find it as result. After from many days I couldn't find etflix. Later I learnt that was due to failing in safety net. I found them as apk & installed them successfully but can't get updates from play store for these two apps because mark my device as failed in safety Net. Also if I go to update the os via fota (and with stock boot img) I got error & I suppose that is due to safety Net. In past I could update os only if I have boot stock img & passing the safety Net.
@Didgeridoohan hello bro. I resolved the problem. I cleared the data and cache of Google Play Store, Google Play Services and Google Framework Services and after from restarting I passed the Safety Net with Edxposed installed and activated. Thanks for your help !

[Help] Can't reinstall magisk

I upgraded to Magisk v23 without thinking and I am trying to reinstall 22.1 so I can continue with magisk hide, but no matter how I flash the repackaged boot.img, after reboot, installed always shows N/A. I've tried with v22 as well, and the same result.
Am I missing something about downgrading, or am I just doing something way off? Thanks in advance.
Why v22.1? Magisk v23 still has the "normal" MagiskHide...
(And just as a FYI, the new Deny list that is included in the latest Canary, 23010, works just as good to hide Magisk from what I've seen so far.)
I've tried 23 as well, I am on it as we speak, yet no matter what, I cannot get the boot to flash...
I did try the new version before rolling back and I could not add the RSA app I need for work to the deny list, rather it caught on to root and crapped out.
If I missed how to add to the deny list, I am happy to try again.
DrSeussFreak said:
I've tried 23 as well, I am on it as we speak, yet no matter what, I cannot get the boot to flash...
I did try the new version before rolling back and I could not add the RSA app I need for work to the deny list, rather it caught on to root and crapped out.
If I missed how to add to the deny list, I am happy to try again.
Click to expand...
Click to collapse
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
V0latyle said:
So Magisk Canary was released yesterday:
Magisk 23010
Someone who is temp rooting want to patch their boot image with this and see what happens?
Also, Magisk Hide is no longer, so here's what you have to do to pass Safetynet (the check is no longer in Magisk so you'll have to use an external app)
In Magisk:
Remove Universal Safetynet Fix and Riru, if you have them installed, Reboot.
Launch Magisk again
Settings > Magisk:
Enable Zygisk
Enable Enforce Denylist
Enable for Google Play Services components: (I just enabled for all subcomponents)
com.google.android.gms
com.google.android.gms.unstable
That should be enough to pass Safetynet. Don't forget to hide other apps such as banking, GPay, DRM (Netflix, Amazon Prime Video, etc)
Click to expand...
Click to collapse
V0latyle said:
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
Click to expand...
Click to collapse
Google play services is what I was missing in my earlier attempts. I cannot thank-you enough!
DrSeussFreak said:
Google play services is what I was missing in my earlier attempts. I cannot thank-you enough!
Click to expand...
Click to collapse
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
V0latyle said:
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
Click to expand...
Click to collapse
I just went through and re-did all my financials and streaming (plus all Amazon apps). I just forgot I had enabled it for these services.
V0latyle said:
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
Click to expand...
Click to collapse
Sorry, 1 additional question I didn't get a clear answer from the forums. I have 4 modules active in Magisk, 3 of them related to safetynet, Riru, MagiskHide Props Config and Universal Safetynet Fix. I disabled them and everything is still working, and I am guessing I do not need them anymore, since it's a whole new setup.
Am I correct that I no longer need these modules anymore? Once again, I appreciate the help.
DrSeussFreak said:
Sorry, 1 additional question I didn't get a clear answer from the forums. I have 4 modules active in Magisk, 3 of them related to safetynet, Riru, MagiskHide Props Config and Universal Safetynet Fix. I disabled them and everything is still working, and I am guessing I do not need them anymore, since it's a whole new setup.
Am I correct that I no longer need these modules anymore? Once again, I appreciate the help.
Click to expand...
Click to collapse
Correct, I was using the same solution as you - I had Riru, USNF, MagiskHide Props Config, and Systemless Hosts. I removed everything and reenabled Systemless Hosts after a reboot. The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
I may end up going back to 23001 because my banking app (Navy Federal) now refuses to start.
V0latyle said:
Correct, I was using the same solution as you - I had Riru, USNF, MagiskHide Props Config, and Systemless Hosts. I removed everything and reenabled Systemless Hosts after a reboot. The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
I may end up going back to 23001 because my banking app (Navy Federal) now refuses to start.
Click to expand...
Click to collapse
Thank you for confirming and good luck with your banking app, I checked all mine, so far so good. New system news bugs
V0latyle said:
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
Click to expand...
Click to collapse
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
pippo45454 said:
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
Click to expand...
Click to collapse
That is what i saw. I've been rooted for almost a decade and I've never seen this issue before with magisk. I don't use gpay often, so that is ok, but i appreciate the info.
pippo45454 said:
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
Click to expand...
Click to collapse
Did you use DenyList to hide both GPay, Google Play Services, and Google Play Store?
GPay works for me, but I am getting a CTS profile mismatch on Magisk 23010, so there's more work to be done. For now, I've downgraded to 23001.
I'll confirm gpay working, i hadn't checked earlier, but I'd marked it for the deny list earlier
How you downgrade to 23001?could you write entire procedure please?
I pur all exclusion, in Witch way you obtain CTS profile?
V0latyle said:
The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
Click to expand...
Click to collapse
Not quite true. 23010 introduces Zygisk that gives module developers way more options on how to create advanced modules. We'll now be able to have Xposed style Magisk mods. Really cool. Old modules still work just as fine though...
V0latyle said:
I am getting a CTS profile mismatch on Magisk 23010
Click to expand...
Click to collapse
Could be because you removed the modules that can help you pass CTS...
MagiskHide Props Config if you need a certified print on a custom ROM (no need on the stock ROM) or if you need to reapply sensitive prop changes that are no longer included in Magisk (although these are also included in Universal SafetyNet Fix v2.1+).
Universal SafetyNet Fix to get around hardware backed key attestation and spoofing model props for Play Services (although currently Magisk Canary 23010 isn't compatible with Riru, so you'll probably have to use an older USNF release for now, and spoof props with MHPC).
I passeri CTS profile with safetynet but anytime i try ti add my card on gpay the band Will block automatically mi credito card...seems that they found that the phone Is not secure do to root....how i can go back ti 23001?
pippo45454 said:
I passeri CTS profile with safetynet but anytime i try ti add my card on gpay the band Will block automatically mi credito card...seems that they found that the phone Is not secure do to root....how i can go back ti 23001?
Click to expand...
Click to collapse
Go into Magisk and tap Uninstall > Restore Images, then Uninstall Completely. Allow Magisk to reboot the phone. When it reboots, Magisk and root will be gone.
Install Magisk 23.0. Manually patch the boot image, reboot to bootloader, and flash the patched boot image. Reboot again and you should come back into root with 23.0.
Didgeridoohan said:
Not quite true. 23010 introduces Zygisk that gives module developers way more options on how to create advanced modules. We'll now be able to have Xposed style Magisk mods. Really cool. Old modules still work just as fine though...
Click to expand...
Click to collapse
Thank you for the explanation. I was under the impression that most modules would have to be rewritten to work with Zygisk.
Didgeridoohan said:
Could be because you removed the modules that can help you pass CTS...
MagiskHide Props Config if you need a certified print on a custom ROM (no need on the stock ROM) or if you need to reapply sensitive prop changes that are no longer included in Magisk (although these are also included in Universal SafetyNet Fix v2.1+).
Universal SafetyNet Fix to get around hardware backed key attestation and spoofing model props for Play Services (although currently Magisk Canary 23010 isn't compatible with Riru, so you'll probably have to use an older USNF release for now, and spoof props with MHPC).
Click to expand...
Click to collapse
Well, I tried USNF 2.0.0, CTS profile still failed, so I removed Magisk and went back to the last version that worked for me, 23001. I only use 4 modules: USNF, Riru to support it, MagiskHide Props, and Systemless Hosts. I'm on the stock ROM. I'll just wait until USNF is updated to work with Zygisk.

What is the go-to replacement for MagiskHide & the central module repo?

I just realized there was a new public Magisk release yesterday, v24, and reading through the changes I see there are two that kind of impact me: MagiskHide and the central module repository removals.
So far I had been using MagiskHide because of its ease of use, list apps, tick box, and that's it (I haven't encountered apps that detected Magisk or root status, although I know it's insufficient for some). For modules, for example, the one that moves user certs to the system store, I just searched directly from the Magisk app and it was all good as well.
But things change from now on with those things being deprecated and removed and because there isn't much to go about in the release notes I was wondering if someone could direct me to the way of doing things now.
- What's the most apt, prevalent, or recommended replacement for MagiskHide? From the release notes I gather its a module, but I'm clueless as to which one or whether there are more than one option.
- If searching for mods and directly installing them is not available through the app, is there anything like it? Or is it all manual now? I.e. look for a module around the net, download it, copy it / decompress it somewhere in the device and install it.
Thanks for everything!
KaoDome said:
I just realized there was a new public Magisk release yesterday, v24, and reading through the changes I see there are two that kind of impact me: MagiskHide and the central module repository removals.
So far I had been using MagiskHide because of its ease of use, list apps, tick box, and that's it (I haven't encountered apps that detected Magisk or root status, although I know it's insufficient for some). For modules, for example, the one that moves user certs to the system store, I just searched directly from the Magisk app and it was all good as well.
But things change from now on with those things being deprecated and removed and because there isn't much to go about in the release notes I was wondering if someone could direct me to the way of doing things now.
- What's the most apt, prevalent, or recommended replacement for MagiskHide? From the release notes I gather its a module, but I'm clueless as to which one or whether there are more than one option.
- If searching for mods and directly installing them is not available through the app, is there anything like it? Or is it all manual now? I.e. look for a module around the net, download it, copy it / decompress it somewhere in the device and install it.
Thanks for everything!
Click to expand...
Click to collapse
[Discussion] Magisk - The Age of Zygisk.
This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com
Here. First 5 post and you should know all you need
So, I read through that thread. It certainly solved a few issues for me. Like getting safety net, getting a repository, etc.
But it didn't have anything I see to replace magisk hide, even in the Fox Magisk Module Manager.
Do I just need to know other terminology now? Or is there something else I'm missing?
Quantumrabbit said:
So, I read through that thread. It certainly solved a few issues for me. Like getting safety net, getting a repository, etc.
But it didn't have anything I see to replace magisk hide, even in the Fox Magisk Module Manager.
Do I just need to know other terminology now? Or is there something else I'm missing?
Click to expand...
Click to collapse
I don't get it, Magisk Hide is good for passing SafetyNet and you said you got it. Anyway, for SafetyNet you can use the Universal SafetyNet Fix module.
If you meant the hide list, there's now the Deny list. To quote:
The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.
Click to expand...
Click to collapse
Porpet said:
I don't get it, Magisk Hide is good for passing SafetyNet and you said you got it. Anyway, for SafetyNet you can use the Universal SafetyNet Fix module.
If you meant the hide list, there's now the Deny list. To quote:
Click to expand...
Click to collapse
Yes, it's for some banking apps, Concur, and others, none of which have any business checking for root, but all check for Magisk and such in other ways, and prevent usage.
If the deny list is how to do that now, I'll give that a go. Thank you
Quantumrabbit said:
Yes, it's for some banking apps, Concur, and others, none of which have any business checking for root, but all check for Magisk and such in other ways, and prevent usage.
If the deny list is how to do that now, I'll give that a go. Thank you
Click to expand...
Click to collapse
And where did you find the deny list?
fusk said:
And where did you find the deny list?
Click to expand...
Click to collapse
Settings enforce deny list. You need to enable zygisk and reboot prior also in settings.
Also there is an add on module shamiko that has more hide features after you configure denylist
H
toolhas4degrees said:
Settings enforce deny list. You need to enable zygisk and reboot prior also in settings.
Also there is an add on module shamiko that has more hide features after you configure denylist
Click to expand...
Click to collapse
How to add modules shamiko & how to more hide features
Spartacus500 said:
H
How to add modules shamiko & how to more hide features
Click to expand...
Click to collapse
Shamiko is a flashable only need to slash magisk module. You can find it in the magisk alpha thread on telegram. You need to configure denylist first and reboot then turn off the enforce denylist toggle and flash the shamiko module.
If you are using lsposed download hide my applist xposed module and search how to use it if you want more coverage
Pm me if you want links
I'm having a lot of trouble. Duo Mobile (a 2FA app) is still able to detect that I'm rooted. Here's what I've done:
1) Installed Magisk & Manager app version 24.1 (24100)
2) Enabled Zygisk (and rebooted of course)
3) Enabled Enforce DenyList
4) Added com.duosecurity.duomobile and ALL Google Play Services submodules to the DenyList
5) Installed Universal SafetyNet Fix v2.2.1 from https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.2.1
6) Hidden the Magisk app
7) Completely uninstalled & reinstalled Duo Mobile (and verified that it's still on the DenyList
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Drakinite said:
I'm having a lot of trouble. Duo Mobile (a 2FA app) is still able to detect that I'm rooted. Here's what I've done:
1) Installed Magisk & Manager app version 24.1 (24100)
2) Enabled Zygisk (and rebooted of course)
3) Enabled Enforce DenyList
4) Added com.duosecurity.duomobile and ALL Google Play Services submodules to the DenyList
5) Installed Universal SafetyNet Fix v2.2.1 from https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.2.1
6) Hidden the Magisk app
7) Completely uninstalled & reinstalled Duo Mobile (and verified that it's still on the DenyList
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Click to expand...
Click to collapse
This is quite weird and definitely shows how different devices handle root detection. I a Samsung S10+ and just installed Magisk 24 with enforce DenyList earlier this week. Today I just installed Duo Mobile and it works fine. I do not have it in the DenyList, and Magisk is not hidden. I use a custom SafetyNet fix that was installed when I originally installed an AIO TWRP/Magisk/SafetyNet fix after unlocking my bootloader. I also fail SafetyNet checks.
Have you tried Shamiko? It didn't help me pass SafetyNet so I removed it.
Unfortunately I don't have any other fixes for you but you can check SafetyNet with apps from the play store, I use YASNAC and SafetyNet 'attest'.
What phone are you using?
Drakinite said:
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Click to expand...
Click to collapse
There are SafetyNet checker apps you can download from the Play Store or F-Droid such as YASNAC.
danbest82 said:
Have you tried Shamiko? It didn't help me pass SafetyNet so I removed it.
Unfortunately I don't have any other fixes for you but you can check SafetyNet with apps from the play store, I use YASNAC and SafetyNet 'attest'.
What phone are you using?
Click to expand...
Click to collapse
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
anonymous-bot said:
There are SafetyNet checker apps you can download from the Play Store or F-Droid such as YASNAC.
Click to expand...
Click to collapse
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Drakinite said:
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Click to expand...
Click to collapse
Get VD Infos and use it to scan your files. You can find it on XDA.
Drakinite said:
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
Click to expand...
Click to collapse
Hmm ok. Like I said shimako didn't work for me either. I'm not sure why Duo is still detecting root. For reference this is what is on my DenyList:
Drakinite said:
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Click to expand...
Click to collapse
YASNAC is the replacement for Momo it looks like since Momo is Riru based (https://github.com/canyie/Riru-MomoHider)
simplydat said:
Get VD Infos and use use to scan your files. You can find it in XDA
Click to expand...
Click to collapse
Ok so this one is more helpful, but I'm not sure how to hide these that appeared. Any idea what ro.kernel.qemu.gles is? I looked through my list of installed apps and nothing like that showed up.
Should we switch to private messages to not spam the thread? Or perhaps staying in here can be helpful for those with the same problem?
Drakinite said:
Ok so this one is more helpful, but I'm not sure how to hide these that appeared. Any idea what ro.kernel.qemu.gles is? I looked through my list of installed apps and nothing like that showed up.
Should we switch to private messages to not spam the thread? Or perhaps staying in here can be helpful for those with the same problem?
Click to expand...
Click to collapse
OMG WAIT, it finally worked! I don't know what changed, but Duo is now no longer detecting root. Gotta love when things magically start working when you don't know what changed.
Drakinite said:
OMG WAIT, it finally worked! I don't know what changed, but Duo is now no longer detecting root. Gotta love when things magically start working when you don't know what changed.
Click to expand...
Click to collapse
Awesome. Hope it stays that way!
Hi,
I've switched to the new method with the DenyList & Shamiko (v0.5.0) on OnePlus 6 recently - Magisk (v24.3), however it doesn't seem to hide root from Google Pay. Can it still be a bug with Magisk, when it can't hide system apps? In the changelog of Shamiko it mentioned that it was fixed in Magisk "24102+", I'm not sure what version is this, but I imagine it's not released yet. If so, is there a way of installing this version early?
Thank you!
antivirtel said:
Hi,
I've switched to the new method with the DenyList & Shamiko (v0.5.0) on OnePlus 6 recently - Magisk (v24.3), however it doesn't seem to hide root from Google Pay. Can it still be a bug with Magisk, when it can't hide system apps? In the changelog of Shamiko it mentioned that it was fixed in Magisk "24102+", I'm not sure what version is this, but I imagine it's not released yet. If so, is there a way of installing this version early?
Thank you!
Click to expand...
Click to collapse
Version 24102 would be v24.102. So your Magisk 24.300 is newer.

Categories

Resources