Related
So ive been getting a "response is invalid" i even factory reset my phone but still got it.
Are you referring to the SafetyNet test? If so, I'm seeing the same thing.
Everybody is getting it, Google have changed their API. Hopefully should be fixed soon when a new version of magisk manager is released
If you'd looked through the general support thread and the beta thread, you would have seen that everyone is experiencing this...
Google updated the API and it's now required to obtain an API key from Google if you want to make your app check SafetyNet.
It's merely cosmetics though, since Magisk can still hide from SafetyNet, it's just not possible to check the SafetyNet status in the Manager.
Use a different app to check SafetyNet, there are some that have been updated with the above mentioned key.
Does this just mean that checker apps that haven't been updated won't work, or does this apply to all apps? I'm a little confused because of your remark that Magisk can hide from SafetyNet.
Any app that does a SafetyNet check won't be able to do so if they haven't updated to the new SafetyNet API. That's when the "invalid response" is seen.
Magisk doesn't use the SafetyNet API to hide itself, thus you'll still be able to pass SafetyNet with Magisk installed. You just won't be able to check the SafetyNet status in the Magisk Manager.
Okay, thanks for clarifying.
What is SafetyNet?
"SafetyNet provides a set of services and APIs that help protect your app against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users." -Android Developers
Like stated above, SafetyNet is a set of APIs embedded in Google Play Services to see whether a device has been tampered with from its factory state (e.g. a custom ROM is installed). Developers can use this API to block smartphones in which SafetyNet fails to pass.
How will this affect me and my usage of the device?
Several apps use this API to block users with custom ROMs, such as Google Pay, Netflix, and others, especially banking apps. If you don't use any of these, then failing SafetyNet probably won't matter to you. But if you do use some of these apps, you'll find that they often refuse to run.
How to pass SafetyNet:
You will need Magisk and Magisk Manager: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
You will need this ZIP:
https://forum.xda-developers.com/apps/magisk/universal-safetynet-fix-magisk-17-t3840680
After you have downloaded both of these, go ahead and flash Magisk through TWRP. After installation is complete, Go to the Modules section in Magisk Manager and press the + button and select the SafetyNet spoofer ZIP. After it's done, reboot your phone. Then go to Settings in Magisk Manager and turn Magisk Hide off and then on again. Go to the Magisk Hide section and select the following apps to hide Magisk from:
Google
Google Services Framework
Google Play Store
(and other apps requiring SafetyNet to pass)
Then go to Play Store>Settings and see if it says your Device is certified. If not, clear Play Store data and try again.
Done! Now you will have passed SafetyNet!
JarlPenguin said:
What is SafetyNet?
"SafetyNet provides a set of services and APIs that help protect your app against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users." -Android Developers
Like stated above, SafetyNet is a set of APIs embedded in Google Play Services to see whether a device has been tampered with from its factory state (e.g. a custom ROM is installed). Developers can use this API to block smartphones in which SafetyNet fails to pass.
How will this affect me and my usage of the device?
Several apps use this API to block users with custom ROMs, such as Google Pay, Netflix, and others, especially banking apps. If you don't use any of these, then failing SafetyNet probably won't matter to you. But if you do use some of these apps, you'll find that they often refuse to run.
How to pass SafetyNet:
You will need Magisk and Magisk Manager: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
You will need this ZIP:
https://forum.xda-developers.com/apps/magisk/universal-safetynet-fix-magisk-17-t3840680
After you have downloaded both of these, go ahead and flash Magisk through TWRP. After installation is complete, Go to the Modules section in Magisk Manager and press the + button and select the SafetyNet spoofer ZIP. After it's done, reboot your phone. Then go to Settings in Magisk Manager and turn Magisk Hide off and then on again. Go to the Magisk Hide section and select the following apps to hide Magisk from:
Google
Google Services Framework
Google Play Store
(and other apps requiring SafetyNet to pass)
Then go to Play Store>Settings and see if it says your Device is certified. If not, clear Play Store data and try again.
Done! Now you will have passed SafetyNet!
Click to expand...
Click to collapse
I am on Lineage 15.1 based on 8.1, I followed every step you have mentioned but it shows ctsProfile : False and basicintegrity : true
This is how to fix safetynet and device not certified (May not work on 11, but will on 10). Tested on magisk 20.4 stable.
1. Install magisk, i get basic integrity and cts both false.
2. Turn on magisk hide, and check several times, basic integrity will be true and cts still false. Device still not certified. Basic integrity must true in this step to go to next step.
In this step, you must make sure that basic integrity is true, or you will get basic and cts will true at the end but your device wont certified. For make sure, in step 2, i hide the magisk manager also.
3. Install busybox and magisk hide prop config, reboot.
4. Open terminal, type :
- su
- props
- 1
- f
- and choose fp model what you want (use android 10 model for 10 and sunfish 11 preferably for 11), reboot.
5. Check, cts should be true.
6. Clear data for playstore.
7. Check playstore several times, and you will see your device should be certified.
If this tutorial was helpful for you, feel free to leave a thanks to show your appreciation.
Don't work on stock rom. I have xposed installed. Before 10.2 it was working.
micgeb said:
Don't work on stock rom. I have xposed installed. Before 10.2 it was working.
Click to expand...
Click to collapse
I'm not on OOS right now, otherwise I'd be able to help you better. Maybe it's Xposed that's causing you to not be able to pass? Try uninstalling it and see if it passes for you after
micgeb said:
Don't work on stock rom. I have xposed installed. Before 10.2 it was working.
Click to expand...
Click to collapse
Misuto said:
I'm not on OOS right now, otherwise I'd be able to help you better. Maybe it's Xposed that's causing you to not be able to pass? Try uninstalling it and see if it passes for you after
Click to expand...
Click to collapse
I also cover this in my Guide about Installing Lineage, Step 5. I found the Android 10 fingerprint does not pass safety net reliably so I always use the Android 9 fingerprint (even on Android 10 ROMs).
Don't get hung up on device type or Android version. I have tablets that run Android 9 and 10, that use a Android 7 fingerprint. If your device isn't available choose another one.
OhioYJ said:
I also cover this in my Guide about Installing Lineage, Step 5. I found the Android 10 fingerprint does not pass safety net reliably so I always use the Android 9 fingerprint (even on Android 10 ROMs).
Don't get hung up on device type or Android version. I have tablets that run Android 9 and 10, that use a Android 7 fingerprint. If your device isn't available choose another one.
Click to expand...
Click to collapse
I used the key already for Android 9/10. It is only one key in the list.
micgeb said:
I used the key already for Android 9/10. It is only one key in the list.
Click to expand...
Click to collapse
On the 7 one, I meant for another device (Since I was talking tablets at that point) I should have made that clearer. My overall point was that the make / model of the fingerprint does not necessarily matter, just as long as it passes safety net for you.
Great guide and extremely easy to follow. Thanks OP. My 6T is on 10.3.4 and it was from T mobile and converted to international. Now it passed ctsprofile.
So does that mean I could use google pay now? I haven't checked yet. But I still cannot install netflix and disney+ from play store.
xman099 said:
Great guide and extremely easy to follow. Thanks OP. My 6T is on 10.3.4 and it was from T mobile and converted to international. Now it passed ctsprofile.
So does that mean I could use google pay now? I haven't checked yet. But I still cannot install netflix and disney+ from play store.
Click to expand...
Click to collapse
Just give it a little time. Also you may want to delete play store app's storage and reboot. As long as you pass ctsprofile, those apps will be available.
phaino00 said:
Just give it a little time. Also you may want to delete play store app's storage and reboot. As long as you pass ctsprofile, those apps will be available.
Click to expand...
Click to collapse
Thanks. After storage cleaned, now it is certified.
Misuto said:
I originally posted this in another thread to help some people out, and I decided to make a new thread here to help more people, so here is the guide.
Download MagiskHide Props Module from Magisk, install it and reboot your phone. After you do that, go to the play store and download an app call Termux, open it and type su and hit enter, and after that type props and hit enter, a menu will load up in a few seconds, type 1 and hit enter, after that type f and hit enter then type 20 for the OnePlus fingerprint, hit enter, after typing 20 type 9 next for the 6T fingerprint, type 2 for Android 10 and type y for yes and hit enter, wait for it to complete and type y one last time to reboot your phone. That should fix it for you.
P.S. Also don't forget to enable Magisk Hide toggle in the Magisk app settings, in recent builds it's no longer enabled by default.
Click to expand...
Click to collapse
Thanks for the great guide, TMobile converted to international on 10.3.4 now showing certified.
I'm seeing around that people are still wondering how to fix safetynet on their devices, so I've updated the guide with better wording to help people out.
I'm currently using v10.3.6 OOS on my converted OnePlus 6t and this worked perfect. Not that it matters as I'm quite sure this will work long as Android 10 is selected in props and you're on Android 10 but I chose Pixel 3XL Android 10 for my fingerprint change in props. I'm using latest magisk canary. Appreciate this @Misuto !
flash713 said:
I'm currently using v10.3.6 OOS on my converted OnePlus 6t and this worked perfect. Not that it matters as I'm quite sure this will work long as Android 10 is selected in props and you're on Android 10 but I chose Pixel 3XL Android 10 for my fingerprint change in props. I'm using latest magisk canary. Appreciate this @Misuto !
Click to expand...
Click to collapse
You're welcome. Glad I could help.
working for me almost perfect. except one banking app works fine.
Misuto said:
This is how to fix safetynet and device not certified (May not work on 11, but will on 10). Tested on magisk 20.4 stable.
1. Install magisk, i get basic integrity and cts both false.
2. Turn on magisk hide, and check several times, basic integrity will be true and cts still false. Device still not certified. Basic integrity must true in this step to go to next step.
In this step, you must make sure that basic integrity is true, or you will get basic and cts will true at the end but your device wont certified. For make sure, in step 2, i hide the magisk manager also.
3. Install busybox and magisk hide prop config, reboot.
4. Open terminal, type :
- su
- props
- 1
- f
- and choose fp model what you want (use android 10 model for 10 and sunfish 11 preferably for 11), reboot.
5. Check, cts should be true.
6. Clear data for playstore.
7. Check playstore several times, and you will see your device should be certified.
If this tutorial was helpful for you, feel free to leave a thanks to show your appreciation.
Click to expand...
Click to collapse
Worked on Oneplus Nord.
Thank you.
Misuto said:
This is how to fix safetynet and device not certified (May not work on 11, but will on 10). Tested on magisk 20.4 stable.
1. Install magisk, i get basic integrity and cts both false.
2. Turn on magisk hide, and check several times, basic integrity will be true and cts still false. Device still not certified. Basic integrity must true in this step to go to next step.
In this step, you must make sure that basic integrity is true, or you will get basic and cts will true at the end but your device wont certified. For make sure, in step 2, i hide the magisk manager also.
3. Install busybox and magisk hide prop config, reboot.
4. Open terminal, type :
- su
- props
- 1
- f
- and choose fp model what you want (use android 10 model for 10 and sunfish 11 preferably for 11), reboot.
5. Check, cts should be true.
6. Clear data for playstore.
7. Check playstore several times, and you will see your device should be certified.
If this tutorial was helpful for you, feel free to leave a thanks to show your appreciation.
Click to expand...
Click to collapse
Tested and passed on Oneplus 8 Pro IN2025, Latest LineageOS 18.1. OP be praised.
Edit: I have to have the universal SafetyNet Fix installed in the meantime to achieve the success. Otherwise it doesn't work. Now it also worked on my old pixel 2 XL following this way.
It doesn't show that I passed safety net and the rest. But my bank apps and netflix now working flawlessly.
Misuto said:
This is how to fix safetynet and device not certified (May not work on 11, but will on 10). Tested on magisk 20.4 stable.
1. Install magisk, i get basic integrity and cts both false.
2. Turn on magisk hide, and check several times, basic integrity will be true and cts still false. Device still not certified. Basic integrity must true in this step to go to next step.
In this step, you must make sure that basic integrity is true, or you will get basic and cts will true at the end but your device wont certified. For make sure, in step 2, i hide the magisk manager also.
3. Install busybox and magisk hide prop config, reboot.
4. Open terminal, type :
- su
- props
- 1
- f
- and choose fp model what you want (use android 10 model for 10 and sunfish 11 preferably for 11), reboot.
5. Check, cts should be true.
6. Clear data for playstore.
7. Check playstore several times, and you will see your device should be certified.
If this tutorial was helpful for you, feel free to leave a thanks to show your appreciation.
Click to expand...
Click to collapse
This seems like a very easy-to-follow guide. Before I actually execute it, I was wondering if this would work on my unrooted OP6T running Lineage OS 18.1 (official) with lineage os recovery. Doing this just so that I can use Amazon pay, Paytm and other banking apps. Any idea?
Misuto said:
This is how to fix safetynet and device not certified (May not work on 11, but will on 10). Tested on magisk 20.4 stable.
1. Install magisk, i get basic integrity and cts both false.
2. Turn on magisk hide, and check several times, basic integrity will be true and cts still false. Device still not certified. Basic integrity must true in this step to go to next step.
In this step, you must make sure that basic integrity is true, or you will get basic and cts will true at the end but your device wont certified. For make sure, in step 2, i hide the magisk manager also.
3. Install busybox and magisk hide prop config, reboot.
4. Open terminal, type :
- su
- props
- 1
- f
- and choose fp model what you want (use android 10 model for 10 and sunfish 11 preferably for 11), reboot.
5. Check, cts should be true.
6. Clear data for playstore.
7. Check playstore several times, and you will see your device should be certified.
If this tutorial was helpful for you, feel free to leave a thanks to show your appreciation.
Click to expand...
Click to collapse
Thanks man. It worked perfectly on Lineage OS 17.1
Misuto said:
This is how to fix safetynet and device not certified (May not work on 11, but will on 10). Tested on magisk 20.4 stable.
1. Install magisk, i get basic integrity and cts both false.
2. Turn on magisk hide, and check several times, basic integrity will be true and cts still false. Device still not certified. Basic integrity must true in this step to go to next step.
In this step, you must make sure that basic integrity is true, or you will get basic and cts will true at the end but your device wont certified. For make sure, in step 2, i hide the magisk manager also.
3. Install busybox and magisk hide prop config, reboot.
4. Open terminal, type :
- su
- props
- 1
- f
- and choose fp model what you want (use android 10 model for 10 and sunfish 11 preferably for 11), reboot.
5. Check, cts should be true.
6. Clear data for playstore.
7. Check playstore several times, and you will see your device should be certified.
If this tutorial was helpful for you, feel free to leave a thanks to show your appreciation.
Click to expand...
Click to collapse
This worked for me. Thanks
change (8, 9) or add (10) in the build.prop (from /system_root or /system)
ro.product.model="your device codename"
it's the same name that you find in :
ro.product.device=ro.product.name (use that name)
Originally inspired by Displax and finalized by ... me !
(no need to use "BASIC" anymore !)
You must have the original fingerprint for your device (that matche the original dates for security patch in both system and vendor build.prop) / or simply use Magisk props (for noobs)
... AND PLEASE check if you have google apps/opengapps installed in /system (not in /data/app) : it's the minimum requirements for basic integrity !!!
When you finish fixing cts profile go to Magisk Manager and hide GPay (or your banking app) & Google Play Services !!!
You must hide the Managisk Manager too (Parameters) with a random name : this is mandatory to get GPay or any banking app working again !
Reboot +++
That's what i'm using in my ROM for pyxis.
Enjoy and Thank you ALL
Can you attach an example of what you changed
Yes, please share a detailed guide to do this.
I don't understand ****, but does this work with edXposed tho.
Cuz that's the only thing that trips safety net for me
maxs8007 said:
Yes, please share a detailed guide to do this.
Click to expand...
Click to collapse
+1 Please
So in my case, I have S9+ with stock Android 10.
my "ro.blahblah.model" in build.prop looks like
ro.product.system.model=SM-G965N
And I only have "ro.product.system.name". So after I changed my value it looks like
ro.product.system.model=SM-G965N
ro.product.system.name=SM-G965N
And SafetyNet passed. Not only Magisk Manager, but also SafetyNet Checker app.
BeAwareOfNoob said:
I don't understand ****, but does this work with edXposed tho.
Cuz that's the only thing that trips safety net for me
Click to expand...
Click to collapse
Nope.. It doesn't work with edXposed.
So this enables gpay payments?
I have had all passes pass tests etc.
And all looked pretty.
But as soon as I scan NFC, the hardware kicks in and tells me my phone is modified.
No payment.
The end.
This trick with changing props not working for me. Of course evaluationType is Basic but this not help.
Code:
D/SafetyNetResponse( 1800): decodedJWTPayload json:{"nonce":"6SzIit6E/hUQoxmG6wGhjsnt5RM8wz8wgIDj9vCnEPw=","timestampMs":1594762460374,"ctsProfileMatch":false,"apkCertificateDigestSha256":[],"basicIntegrity":false,"advice":"RESTORE_TO_FACTORY_ROM","evaluationType":"BASIC"}
Nope.. It doesn't work with edXposed.
Click to expand...
Click to collapse
Before Google starts pushing hardware attestation it works with EdXposed. Only on dg.db changing mode to 440.
Seems like I will be trying it with edxposed
i did the fallow to my s10
ro.product.system.name=beyond1ltexx
change to
ro.product.system.name=SM-G973F
reboot
still hardware!!!
badaas said:
So this enables gpay payments?
I have had all passes pass tests etc.
And all looked pretty.
But as soon as I scan NFC, the hardware kicks in and tells me my phone is modified.
No payment.
The end.
Click to expand...
Click to collapse
Many have G Pay working, but need extra fix.
Check you have "Device is Certified" status in playstore as well as CTS profile pass, then load SQLite binaries Magisk module and G pay fix module by @73sydney, Magisk Module here:
https://forum.xda-developers.com/ap...7-1-22-pie-t3929950/post79643248#post79643248
It's a long post. Please read it carefully. Worth reading OP too.
Also, don't forget to clear playstore / Google Services / G Pay data or caches. PW
---------- Post added at 11:23 AM ---------- Previous post was at 10:59 AM ----------
QkiZMR said:
This trick with changing props not working for me. Of course evaluationType is Basic but this not help.
Before Google starts pushing hardware attestation it works with EdXposed. Only on dg.db changing mode to 440.
Click to expand...
Click to collapse
You posted you had basicIntegrity fail. Did you get that sorted? If EdXposed is the cause, this is reportedly fixed with Canary (debug) releases. (Incidentally, since you also asked about stability later, there are Stable, Canary and Alpha releases from memory. My guess is that Canary is largely stable, while Alpha probably isn't, but then I'm not a user.)
I sent you relevent link/info:
https://forum.xda-developers.com/ap...v1-universal-systemless-t3432382/post83064795
Of course, this trick is never going to help if basicIntegrity is tripped. And this was the reason for recent problems with EdXposed and other Magisk modules, ie. New Google basicIntegrity detection of unusual bind mechanisms etc, not ctsProfile, although this always fails in turn with basicIntegrity failure (despite the fact being hidden if XPosed modules that give a fake ctsProfile pass are loaded). PW
pndwal said:
Many have G Pay working, but need extra fix.
Check you have "Device is Certified" status in playstore as well as CTS profile pass, then load SQLite binaries Magisk module and G pay fix module by @73sydney, Magisk Module here:
https://forum.xda-developers.com/ap...7-1-22-pie-t3929950/post79643248#post79643248
It's a long post. Please read it carefully. Worth reading OP too.
Also, don't forget to clear playstore / Google Services / G Pay data or caches. PW
---------- Post added at 11:23 AM ---------- Previous post was at 10:59 AM ----------
You posted you had basicIntegrity fail. Did you get that sorted? If EdXposed is the cause, this is reportedly fixed with Canary (debug) released. (Incidentally, since you also asked about stability later, there are Stable, Canary and Alpha releases from memory. My guess is that Canary is largely stable, while Alpha probably isn't, but then I'm not a user.)
I sent you relevent link/info:
https://forum.xda-developers.com/ap...v1-universal-systemless-t3432382/post83064795
Of course, this is never going to help if basicIntegrity is tripped. And this was the reason for recent problems with EdXposed and other Magisk modules, ie. New Google basicIntegrity detection of unusual bind mechanisms etc, not ctsProfile, although this always fails in turn with basicIntegrity failure (despite the fact being hidden if XPosed modules that give a fake ctsProfile pass are loaded). PW
Click to expand...
Click to collapse
Didn't work.
Have you tried gpay in a shop with this method on a hardware locked phone?
Or you just posting posts?
badaas said:
Didn't work.
Have you tried gpay in a shop with this method on a hardware locked phone?
Or you just posting posts?
Click to expand...
Click to collapse
No, hardware attestation hasn't kicked in for me.
Didn't realise you already had SQLite fix as you hadn't said... Guess you've tried all obvious remedies too. - Sorry didn't help.
Guess the king is dead. Commiserations...
Long Live The King! PW
amk316 said:
i did the fallow to my s10
ro.product.system.name=beyond1ltexx
change to
ro.product.system.name=SM-G973F
reboot
still hardware!!!
Click to expand...
Click to collapse
i did'nt said the stuff with ro.xxxx.name
the line to change is :
ro.xxxx.model=(put your device codename)
it's the same name that you have in :
ro.product.device=(your device codename)
If it's so difficult to understand put here your build.prop from /system (or /system_root) ... not the build.prop from vendor !
I've this
ro.product.system.model=SM-N960F
ro.product.system.name=crownltexx
ro.product.system.device=crownlte
What I've to change?
so in case of my device's vendor build prop here..my device's name in ro.product.name/device = hi3650
& I should write that in ro.product.system.model (instead of phh-treble vanilla) right?
Magdy Doze said:
so in case of my device's vendor build prop here..my device's name in ro.product.name/device = hi3650
& I should write that in ro.product.system.model (instead of phh-treble vanilla) right?
Click to expand...
Click to collapse
YES ... for all stuffs because GSI uses generic names and SafetyNet will fail on the fly ... furthermore you should use the original fingerprint lines that you have on the stock (original) firmware and put the dates for security patch for both build.prop in /system & /vendor !
gringo80 said:
YES ... for all stuffs because GSI uses generic names and SafetyNet will fail on the fly ... furthermore you should use the original fingerprint lines that you have on the stock (original) firmware and put the dates for security patch for both build.prop in /system & /vendor !
Click to expand...
Click to collapse
cool...will try it & report back
btw..is that for basic integrity too?...or just for cts profile?
& if so how could I pass basic integrity?.. as I heard its simple
Magdy Doze said:
cool...will try it & report back
btw..is that for basic integrity too?...or just for cts profile?
& if so how could I pass basic integrity?.. as I heard its simple
Click to expand...
Click to collapse
basic integrity is the lower standard ... cts profile is the highest.
just follow the instructions and you will pass everything (grab the original fingerprints / dates from the stock firmware for both build.prop and don't forget to make the final change for ro.xxxx.model)
FYI, i'm a maintainer for a LineageOS 16.0 GSI build ... and that's what i'm using to pass SafetyNet !
@gringo80 I don't currently own any devices that have the necessary hardware for the new key attestation, so I can't get any hands-on experience with this stuff at all. So, I'm curious as to what the benefit is of using the ro.product.devic value for the model props?
hello guys today i managed to bypass SafteyNet after couple of test and god know how many formats i did
but here i share the joy of it with you all
instead of texting guide i prefered to do full video guide in the video guide i will take you from point 0 where the phone is formated and fresh rooted to fully bypass SafteyNet with edxposed installed
last android version 11
basic integrity : pass
cts profile : pass
in advance sorry for my bad english in this post and in the video
do it on your OWN RISK
guide
skysatan said:
hello guys today i managed to bypass SafteyNet after couple of test and god know how many formats i did
but here i share the joy of it with you all
instead of texting guide i prefered to do full video guide in the video guide i will take you from point 0 where the phone is formated and fresh rooted to fully bypass SafteyNet with edxposed installed
last android version 11
basic integrity : pass
cts profile : pass
in advance sorry for my bad english in this post and in the video
do it on your OWN RISK
guide
Click to expand...
Click to collapse
Working like a charm on my S20 Ultra with Android 11 (Beyond Rom 2.0)
Thanks
m8980 said:
Working like a charm on my S20 Ultra with Android 11 (Beyond Rom 2.0)
Thanks
Click to expand...
Click to collapse
yw my friend
Thank you for the nice video,safety Net pass.
pannerch said:
Thank you for the nice video,safety Net pass.
Click to expand...
Click to collapse
yw bro
Edit: Please see Didgeridoohan's post below mine for additional info/context before following this breakdown of what happened in the video.
TL;DW version:
Starting clean, install magisk.
Install the following modules through the magisk download section (You don't need to reboot after installing each module): 'Busybox', 'MagiskHide Props Config'
Install what I think is this? The video is not at all clear, but I believe it to be the latest version of riru from here: https://github.com/RikkaApps/Riru/releases
Install what appears to be the latest sandhook debug version of this: https://github.com/ElderDrivers/EdXposed/releases (Video technically uses the previous 0.5.1.3 revision but that was the latest version at the time the video was posted)
Go into Magisk Manager settings, enable the magisk hide toggle
Select the option above this, 'Hide Magisk Manager' and hide it with whatever setting you like.
Restart? Not too sure if this is needed here, video guy's phone froze here and had to be hard restarted.
If you check Safetynet inside of Magisk now you should now pass basicintegrity while failing ctsprofile.
Install EdXposed Manager (I assume this one: https://github.com/ElderDrivers/EdXposedManager/releases/ ) (Note: A version of this is installed while installing the Riru/EdXposed through Magisk, no idea if this version is different to that)
Install Termux (I assume this one: https://f-droid.org/packages/com.termux/ )
(Optionally) Install the following apps to confirm that everything has been successful once we are finished:
SafetyNet Test - Apps on Google Play
SafetyNet device compatibility test
play.google.com
SafetyNet Checker - Apps on Google Play
SafetyNet is way to check health and environment where android device running.
play.google.com
Root and SafetyNet Checker - Apps on Google Play
Let you know if your device is Rooted and checks if it passes SafetyNet
play.google.com
Open up EdXoposed manager and confirm the framework is active.
Go into EdXposed settings, scroll down to app list mode and enable, scroll down to 'Pass Safetynet' and enable.
Run Termux, type in:
su
Hit enter, grant root access. Type in:
props
Hit enter. Select the first option (Edit device fingerprint), then select 'Pick a certified fingerprint'
In the next screens select your phone manufacturer and model from the lists that appear.
Confirm you selected the correct device by selecting yes, and then reboot when requested.
Run termux, enter su and props again. Confirm that 'Edit device fingerprint' is now Active.
Select 'Force BASIC key attestation'
Select 'Pick from device list' and select your own device from the lists.
Confir you selected the right device and reboot.
Run termux, su, props. 'Edit devide fingerprint' and 'Force BASIC key attestation' should now be active.
Select 'Device simulation'
Select 'Device simulation' again. Confirm you want to enable basic device simulation.
Select 'ro.product.manufacturer'. Confirm you want to enable simulating 'ro.product.manufacturer'. Reboot.
It should now be working.
That said, I was following the instructions on my pixel 2 XL as I typed them out and I'm still failing safetynet so YMMV.
Edit: Did some digging, in the 'Force BASIC key attestation' section I neede to select a device which was similar but not exactly my device. In my case I used the regular Pixel 2. This got it working.
ivivaitylin said:
TL;DW version:
Click to expand...
Click to collapse
If that's what's in the video, there are a few errors that could be corrected...
First one is rather minor: you do not need to install busybox together with MagiskHide Props Config (that requirement was removed in v5.2.6, more than 6 months ago (a small indication that it's not always a good idea to blindly follow random guides on the internet, they rarely get updated as the tools changes).
Enabling MagiskHide is of course necessary, but hiding the Manager isn't if all you want to do is to pass SafetyNet. It's a useful tool though, since many apps look for the Manager. But not SafetyNet...
And, if you want to use EdXposed (it's not necessary for passing SafetyNet, but there might be many useful modules), you need to keep in mind that Google constantly chases these tools and eventually they'll likely get detected. If you keep on the latest versions of EdXposed, the devs usually manages to keep one step ahead.
Changing the device fingerprint is only necessary if you aren't on a stock ROM, or have a device that isn't Google certified.
The "Force BASIC key attestation" option in MagiskHide Props Config is only necessary if your device uses hardware backed key attestation (you can see if it's basic or hardware when you make a SafetyNet check in the Magisk Manager). If you do need to force a basic check you should not pick your own device. That's very clearly stated both in the ui and the module docs. Picking your own device does absolutely nothing.
"Device simulation" isn't necessary at all, and if you're using a device fingerprint from your own device it won't do anything.
There's more on what options to use in MagiskHide Props Config in the module docs:
MagiskHidePropsConf/README.md at master · Magisk-Modules-Repo/MagiskHidePropsConf
This tool is now dead... Contribute to Magisk-Modules-Repo/MagiskHidePropsConf development by creating an account on GitHub.
github.com
Thanks for the info and breakdown, I've added something at the top of my post directing people to check your post before following it.
Didgeridoohan said:
If that's what's in the video, there are a few errors that could be corrected...
First one is rather minor: you do not need to install busybox together with MagiskHide Props Config (that requirement was removed in v5.2.6, more than 6 months ago (a small indication that it's not always a good idea to blindly follow random guides on the internet, they rarely get updated as the tools changes).
Enabling MagiskHide is of course necessary, but hiding the Manager isn't if all you want to do is to pass SafetyNet. It's a useful tool though, since many apps look for the Manager. But not SafetyNet...
And, if you want to use EdXposed (it's not necessary for passing SafetyNet, but there might be many useful modules), you need to keep in mind that Google constantly chases these tools and eventually they'll likely get detected. If you keep on the latest versions of EdXposed, the devs usually manages to keep one step ahead.
Changing the device fingerprint is only necessary if you aren't on a stock ROM, or have a device that isn't Google certified.
The "Force BASIC key attestation" option in MagiskHide Props Config is only necessary if your device uses hardware backed key attestation (you can see if it's basic or hardware when you make a SafetyNet check in the Magisk Manager). If you do need to force a basic check you should not pick your own device. That's very clearly stated both in the ui and the module docs. Picking your own device does absolutely nothing.
"Device simulation" isn't necessary at all, and if you're using a device fingerprint from your own device it won't do anything.
There's more on what options to use in MagiskHide Props Config in the module docs:
MagiskHidePropsConf/README.md at master · Magisk-Modules-Repo/MagiskHidePropsConf
This tool is now dead... Contribute to Magisk-Modules-Repo/MagiskHidePropsConf development by creating an account on GitHub.
github.com
Click to expand...
Click to collapse
you can use it with out EdXposed
skysatan said:
you can use it with out EdXposed
Click to expand...
Click to collapse
That's what you took from my post? The only thing I wrote about EdXposed is that Google often finds ways to detect it...
skysatan said:
hello guys today i managed to bypass SafteyNet after couple of test and god know how many formats i did
but here i share the joy of it with you all
instead of texting guide i prefered to do full video guide in the video guide i will take you from point 0 where the phone is formated and fresh rooted to fully bypass SafteyNet with edxposed installed
last android version 11
basic integrity : pass
cts profile : pass
in advance sorry for my bad english in this post and in the video
do it on your OWN RISK
guide
Click to expand...
Click to collapse
Video is not available anyone share the direct video link
pannerch said:
Thank you for the nice video,safety Net pass.
Click to expand...
Click to collapse
Send the link of the video i unable to watch that video in YouTube