[TOOL] Samsung Xposed Safe Mode script - Xposed General

Samsung Xposed Safe Mode script v1.0
What does it do?
This is an init.d script which emulates the xposed safe mode where you can press any button during boot, get a vibrate (to know it detected you), and it will disable all your xposed modules. To be used in case of bootloops because of incompatible modules.
This only disables all modules so that you can boot. It does NOT actually uninstall or disable xposed itself.
Why would I need this?
I talked with the developer of xposed for Samsung, wanam, and apparently, xposed safe mode was disabled for Samsung devices due to a Knox issue (if you disabled xposed, Knox will hate you and refuse to boot the phone). This is good, but if you have a bootloop, AND you're on a bootloader locked device, you have NO CHOICE but to wipe your data. Ouch!! That's a heavy penalty for accidentally installing one malfunctioning module!
Or maybe your phone still is bootloader unlocked, but you're running Samsung xposed and safemode is still disabled for you. Then you'd rather have xposed safemode back just for the ease of not having to go through recovery to fix things.
How does it work?
1. Press any of three buttons during boot (volume keys, or home button). You have 10 seconds from bootup to choose to do this.
2. System will give you 2 short vibrates to tell you it detected it.
3. Press any button 4 more times, each time will give you another short vibration.
4. One long vibration will signal to you that xposed has been disabled.
5. The script will automatically reboot your device in 6 seconds. This is because we can't disable xposed, so xposed will STILL load modules on this bootup, which means you'll still see the bootloop momentarily until you reboot.
Great! How do I install it?
This is an init.d script, so you need init.d support in your phone. Obviously, if you have a bootlocked device, you probably don't have init.d support. This is not a guide on how to get init.d support, but I'll offer you a few tips you can use to search yourself.
- install-recovery.sh, since it's called by init.rc during boot, can be hijacked in order to create an init.d system.
- If install-recovery didn't work, SuperSU also includes an su.d directory which is executed at a similar time. Just throw a script in there, or throw a script in there which enables use of the init.d folder (run-parts /system/etc/init.d).
Anyways, here's how you install it:
- Place the script you downloaded into
Code:
/system/etc/init.d
OR
Code:
/system/su.d
Give the script proper permissions for the folder it's in
- For su.d folder, it is root:root 0700 (rwx------)
- For init.d folder, it could be a variety of permissions. My init.d folder runs as a result of su.d, so I gave it same permissions as su.d. If yours doesn't, then you might want to try root:root 0755 (rwxr-xr-x)
- The important point here is to make sure it's at least root user and group, readable and executable, rwxr-xr-x
Will it work on my device?
It should work on any device really, if you follow the simple instructions. But I've only tested it on the ATT S4 (Lollipop 5.0.1), so I can't guarantee it will work on your device. Test it out and see if it works for you! It probably will!
You saved me!
I'm glad to hear that! I love to hear and see a thanks, so make sure to click the thanks button and maybe write a post too!
Bugs and problems
You know how to report bugs and issues. State all relevant information related to the problem; device, problem in clear detail, with reproducible steps, and anything else you might need.
Related custom xposed builds
Here are a list of Samsung custom xposed builds I know this "safe mode problem" to be present in. (Don't forget, this problem is likely to be in any and all Samsung xposed custom builds due to the nature of the Knox problem).
[UNOFFICIAL] Xposed for Samsung Lollipop by arter97
[UNOFFICIAL][5.0][v87.1][03 Dec] Xposed for Samsung Lollipop 5.0.x
[UNOFFICIAL][5.1/6][v87.1][28 Nov]Xposed for Samsung Lollipop/Marshmallow
Disclaimer: As usual, while I've made every attempt to make it perfect, there are no guarantee it will work for you. By using this, you agree not to hold me accountable in case something bad happens to you (or it didn't save your device)! Do your own testing to make sure it works before you actually need to use it in an emergency!

FAQ
It didn't vibrate
You probably have a different device which places the vibrator in a different location. I don't have your device, so maybe you'll need to help me debug and find where the vibrator is located at.
It didn't work!
What happened? Give me some detailed information about exactly what you did, what happened, and the device you're on!
Some possible problems to investigate are:
Does the script have correct user: owner and permissions?
Is your init.d or su.d system even working? Make sure it is first

Nice work!
It should help with incompatible modules leading to a bootloop, but it won't prevent Xposed from loading, the flag "/data/data/de.robv.android.xposed.installer/conf/disabled" is ignored on my Xposed version, done here for a reason, i got many bootloop reports in the past by people accidentally triggering safe mode by physical buttons, leading to Knox refusing to deal with modified binaries.
Fortunately it does not seem to be the same with TouchWiz 7.0, so i will bring it back later for Nougat.

wanam said:
Nice work!
It should help with incompatible modules leading to a bootloop, but it won't prevent Xposed from loading, the flag "/data/data/de.robv.android.xposed.installer/conf/disabled" is ignored on my Xposed version, done here for a reason, i got many bootloop reports in the past by people accidentally triggering safe mode by physical buttons, leading to Knox refusing to deal with modified binaries.
Fortunately it does not seem to be the same with TouchWiz 7.0, so i will bring it back later for Nougat.
Click to expand...
Click to collapse
Thank you!
It certainly will help a lot for disabling incompatible modules. Yes, although it doesn't technically disable xposed itself. It's really great that future versions aren't that way!
I actually thought of creating another script which utilizes back and menu key buttons to actually uninstall xposed from backups (an actual disable xposed script of sorts), but I thought it was too much.

Related

Xposed FAQ / Known issues

Where can I find general information on Xposed, e.g. how to install it?
In this thread.
Does this require root access?
Yes, because it replaces a file in /system/bin. Once the framework is installed, it should work without root access.
For which devices/ROMs does it work?
I develop the Xposed framework based on the AOSP sources. I'm personally using CM10.2 on an I9100 (Samsung Galaxy S2, bought in Germany). Basically, it should work on any phone which with a ROM based on Android 4.0 or later and an ARM or x86 processor (this is the processor architecture, almost all smart phones and tablets have either of those). Exceptions might be ROMs which are different from the original Android code in some very internal, central code parts (which don't need to be touched for most theming and enhancement modifications). But this is related to the ROM, not the phone itself.
The modules target higher-level code, so they are more likely to be incompatible with your ROM. Basically, the question is whether the methods and resources which the module modifies are similar on your ROM and on the developer's ROM. Let's say a module needs to modify the result of a certain method call. For this, it needs to specify the exact name and parameters that identify that method. If the in your ROM, an additional parameter has been added, the module can't find the method anymore and won't work. If the method can still be found, it will probably work (unless the rest of the app/ROM has changed too much).
There is not definite answer whether it will work. Just try it (of course, making a nandroid backup before is never a bad idea). If it doesn't work, just disable the module. You might want to inform the module developer (not me!) about this fact and provide details (e.g. a logcat and/or the content of /data/data/de.robv.android.xposed.installer/log/debug.log).
What about Gingerbread? Or any other Android version before 4.0.3?
An experimental version for Gingerbread made by liudongmiao can be found here: http://forum.xda-developers.com/xposed/-t2739034.
Note that I cannot give any support for it, please direct your feedback to @liudongmiao.
Are there known incompatibilities?
There seem to be issues with AOKP nightlies. For more details, please read this post.
There seem to be issues (bootloops) with the Oppo Framework, I don't have a fix yet.
On some HTC One phones with CM11, the System UI force crashes. This seems to be caused by SELinux restrictions. Executing "restorecon /system/bin/app_process" (as root, e.g. with adb shell) should help against the FCs, but Xposed might not work due to other SELinux restrictions. If you have the possibility to disable SELinux enforcing mode, you can try that.
If you are an SELinux expert and would like to help, please contact me.
Apart from that, obviously it won't work if the conditions mention above aren't met, e.g. if your phone isn't rooted or it is running on a pre-ICS ROM.
How can I install it?
See the first post. The framework installation needs to be done only once (and on updates), then it can be used for any modules.
Does Xposed get disabled if I flash a new ROM?
Yes, because the file it modifies, /system/bin/app_process, is part of every ROM and will be overwritten when you flash a ROM. However, as long as you don't wipe data, the Xposed Installer app will still be installed, so you can just click on "install/update" again in the Framework section and reboot.
For CyanogenMod-based ROMs, there is an easy solution: [1] and [2]. This will reactivate Xposed automatically after you flash a new ROM/nightly.
For other ROMs, you can try this one. Be careful, it will disable Xposed again if you flash it twice!
Isn't this insecure?
In a way, yes. With great power comes great risk. On the other hand, other ways of modifying your phone are also open to malicious coding. For more details see this post.
Why do I have to enable a module after installing it? Couldn't you skip this additional step?
This is for security reasons (see the question above). By making you confirm that you want to use a module, apps cannot contain hidden Xposed modules. The same could be done with an additional permission, but I'm not sure if everyone would recognize that and it is harder to implement. As a bonus, this toggle allows you to temporarily disable a modification or to ship an app that contains an optional Xposed module.
How do I develop my own modification using the Xposed framework?
First make sure that Xposed is working fine for you. Then read this extensive tutorial.
Why isn't the Xposed Installer available via Play Store?
I have several reasons for that. I wrote about it in this post. And as I learned, Google does indeed sometimes remove apps which interfere with other apps.
From my point of view, you are free to publish the modules you develop on Play Store (at your own risk - Google might remove them). However, be careful if you plan to get money from them. Paid apps are stored in encrypted containers, which means Xposed can't load them at boot time.
Where can I donate some money to support you?
http://repo.xposed.info/donate
Am I allowed to fork Xposed and publish my own version? What should I consider?
I have written this down in a separate post: http://forum.xda-developers.com/showpost.php?p=46325320&postcount=4372
Can I include Xposed in my ROM?
First of all: One reason why I developed Xposed was to avoid the need to flash anything just for a few small changes. So Xposed is designed to work on top of ROMs, not as a part of them.
That said, I don't forbid you to include it. Here are the conditions:
I won't support you in the process of including it. You'll have to figure out the best way to do it yourself. The easiest way (which will also cause the least problems) is probably to simply put the installer and the modules into /system/app, then your users just need to click the "install/update" button, activate the modules they want and reboot.
There might be ways to really pre-install Xposed so that it's working out of the box, but I don't recommend that. You have to be very careful about file permissions, so there is a good chance it won't work. Again, absolutely no support for this.
I won't support your users with problems which might have been caused by using the included version instead of installing it normally.
When your users report problems which are probably not related to including Xposed in the ROM, please try to give them some support yourself. If you can't find a solution, send them to the correct help thread. For example, this thread is only for the framework. Not for any modules, not even my own.
I expect you to include the latest versions, which are usually the ones working best. I won't support older versions.
Your users must be able to update to the latest version, preferably without installing a new version of your ROM. Again, I won't support older versions.
From the previous point, it follows that you need to include the original APKs, otherwise updating is not possible due to a certificate mismatch. This is even more important since updates are possible from within the app. It also avoids confusion, like users wanting support for any modifications you might have made.
You probably want to include some modules. There are many modules that are not written by myself. Therefore, you need to get permission from the module authors as well. For modules written by myself, the same conditions which you are just reading apply.
Please give proper credit (which includes a link to this thread for the framework). Don't sell it as your own work.
You might have the impression now that I'm not a big fan of including Xposed in a ROM. This impression is correct. It's not too hard to install Xposed and any attempts to pre-install Xposed will just cause additonal support requests.
Why don't you just recommend Xposed in your ROM thread, along with the place where they can download it (this thread) and some instructions how to get the most out of it for your ROM? Give your users some choice!
The following posts list known, confirmed issues of the Xposed framework/installer. The intention is to give more information about the symptoms, the background and possible solutions/workarounds.
I won't add every reported issue here, but only when it's clear (e.g. through analyzed logs) that the problem is indeed an incompatibility with Xposed. It doesn't include module issues and the inability to read and follow instructions.
In case you have found a solution/workaround for one of the issues, please let me know.
ART / Android L / Android Lollipop / Android 5.0
Symptom:
You want to use Xposed and ART. However, as soon as you install Xposed, the runtime is reverted back to Dalvik.
Or you want to install Xposed on Android L, but it displays a message that it's not compatible.
Background:
There is no Xposed support for ART (yet), therefore Xposed automatically reverts the runtime to Dalvik. You can be glad that I implemented this, otherwise you would end up in a bootloop. It's a completely different architecture with pretty much no documentation. Rewriting Xposed for the ART runtime requires understanding the concept, the code structure and many details to know how it works. I have already spent dozens of hours on that and some things are working. But still it's a long way ahead. Don't expect even a test version in the near future. So please don't ask when it will be available - you will surely know when it is ready. I have nothing else to say about that.
Update: ART might be become the default runtime environment in the next Android version. You can read my thoughts about this here.
Update 2: The Android L developer preview is out. Don't try to install Xposed on this ROM! Check here for some explanations and status: http://forum.xda-developers.com/xposed/android-l-support-t2797923
Update 3: An alpha version for Lollipop is available now: http://forum.xda-developers.com/xposed/official-xposed-lollipop-t3030118
Square Enix games (e.g. Final Fantasy) / Puzzles & Dragons
Symptom:
If you have activated Xposed and any module, some Square Enix games (e.g. Final Fantasy) and Puzzles & Dragons don't start anymore.
Background:
I have spent several hours analyzing this issue. Here are my findings: http://forum.xda-developers.com/showpost.php?p=42331031&postcount=1701
Solution:
I don't think I will be able to fix this. Some users reported that it's working after converting Xposed and modules to system apps (but I didn't test it and you have to do this after every update).
Otherwise, you could press the "uninstall" button in the Xposed Installer, reboot, play the game, afterwards press the "install/update" button and reboot again.
Aliyun OS
Symptom:
You experience bootloops after installing Xposed and you find files like /system/framework/core.jex. Typical devices where this happens are THL T100S (with a MediaTek MT6592 processor), THL W200S, CUBOT X6, several ones from Zopo, ...
Background:
These devices ship with ROMs that are based on an incompatible Android fork called "Aliyun OS". These ROMs have a proprietary ahead-of-time compiler called "jazz, which is incompatible with Xposed.
Solution:
No chance of fixing this within Xposed. It was reported that deodexing the ROM and then deleting the /system/framework/*.jex files helps, however you won't get any support for this in the Xposed subforum.
Another possibility might be to disable the JIT compiler by adding "dalvik.vm.execution-mode=int:fast" to /system/build.prop or /data/local.prop (might have an impact on performance). See https://github.com/rovo89/Xposed/issues/14 for details.
MIUI/Dexspy
Symptom:
You experience bootloops after installing Xposed on MIUI. There are references to "Dexspy" in /system/bin/app_process and /system/framework/*.
Background:
There are modified versions of Xposed that have been integrated into some MIUI ROMs. I don't know the details, I don't know if that's still the case for current ROMs, and I don't have the time to follow up on this.
Solution:
Sorry, but I can't support you with this. MIUI is closed-source and in some parts heavily modified from AOSP. I don't have the time to keep track of their changes, and due to some bad handling from their side in the past (forking Xposed without any credit, removing all references to the original project and myself), I'm not very motivated to do so. If you're lucky, Xposed might work on your MIUI ROM. If it doesn't, you'll have to find someone else to look into it. If someone creates a clean patch that doesn't break Xposed on other ROMs, we can talk about including it, but otherwise you'll have to decide between MIUI and Xposed.
Segmentation fault
Symptom:
During the framework installation, you get messages that contain "Segmentation fault". This usually happens on ICS ROMs.
Background:
For some reason, the BusyBox binary that comes with Xposed doesn't work with your ROM.
Solution:
Install the attached app, it contains BusyBox binaries which are compiled with different settings, with all dependencies included in the file. Due to this, the incompatibilities should be gone. These files aren't included by default because they are much larger and not needed by most users.
Resources subclass
Symptom:
You can install Xposed 2.6+ and your phone is still booting afterwards. The version numbers are shown in green in the framework section. However, no modules are working. In the Xposed error log, you find a message like:
Code:
java.lang.ClassCastException: class android.content.res.XResources doesn't extend class x.y.z
You might have a ROM from Huawei, Nubia, ...
Background:
These ROMs use a similar approach as Xposed to theme resources. They create a subclass of Resources which takes care of special handling and return an instances of it from getTopLevelResources(). If Xposed replaced this class with its own XResources implementation, then it would a) break the ROM's additional functionality and b) probably cause crashes if the ROM tries to use this functionality.
Solution:
As a workaround, you can simply disable the resources API in the Xposed Installer settings. Some modules won't work anymore, but most should still work.
Mid-term, I hope that I can build a solution that works with such ROMs as well, however it will take some time.
Huge log file
Symptom:
Your disk space is getting low and you find out that much of it is taken up by Xposed Installer (sometimes several 100 MB). You think that this is a bug in Xposed.
Background:
It's most likely not a bug in the Xposed framework, but a bug or incompatibility of a module. One reason might be the removal of a hack in Xposed 2.6. That hack had a side-effect that some modules relied upon. The might also be other issues, for example the module might simple not be made for your ROM.
In any case, such modules might run into errors frequently and log each of them, causing the huge log files.
Solution:
First, find out which module is causing this. You can check the log file in the Xposed Installer. Somewhere near the top of the exception call stacks (beginning with "at ..."), you can usually find the package name of the module that caused it.
Next, make sure that the module is updated. To be on the safe side, you should update all modules. Then you can clear the log file and reboot.
If there are still issues, please go to the support thread of the module. Check if your ROM is supported and whether somebody else has already reported the issues. If not, post your error.log there and ask the developer to have a look at it.

[2016.10.10] suhide v0.55 [CLOSED]

THIS IS CURRENTLY NOT WORKING
A newer version is available here: https://forum.xda-developers.com/apps/supersu/suhide-lite-t3653855
suhide is an experimental (and officially unsupported) mod for SuperSU that can selectively hide root (the su binary and package name) from other applications.
Pros
- Hides root on a per-app base, no need to globally disable root
- Doesn't need Xposed
- Even supports SuperSU's ancient app compatibility mode (BINDSYSTEMXBIN)
- Passes SafetyNet attestation by default on stock ROMs (last officially tested on 2016.10.07)
Cons
- Ultimately a losing game (see the next few posts)
- No GUI (at the moment) - Unofficial GUI by loserskater
Requirements
- SuperSU v2.78 SR1 or newer (link)
- SuperSU installed in systemless mode
- Android 6.0 or newer
- TWRP (3.0.2 or newer, with access to /data - link!) or FlashFire (link)
Xposed
Xposed is not currently officially supported, but if you want to use it directly, you must be using @topjohnwu 's systemless xposed v86.2 exactly (attached at the bottom). It seems to mostly work during my non-extensive testing, but there are still some performance issues (both boot-time and run-time). Proceed with caution, expect bootloop.
Alternatively, there are some reports that the latest Magisk version + the latest systemless xposed (for Magisk) also works. I have not personally tested this.
CyanogenMod
I've personally tested with CM13 on i9300 without issue, however, several users are reporting it doesn't work for them. Proceed with caution, expect bootloop. Also, aside from just flashing SuperSU, you need to make sure /system/bin/su and /system/xbin/su are removed, or CM's internal root will still be used.
Usage
Install/Upgrade
- Make sure you have the latest SuperSU version flashed in systemless mode
- Make sure you are using the latest TWRP or FlashFire version
- Remove any and all Xposed versions
- If you have been having issues, flash suhide-rm-vX.YY.zip first, and note that your blacklist has been lost.
- Flash the attached suhide-vX.YY.zip
- If you are upgrading from suhide v0.16 or older, reflash SuperSU ZIP, and note that your blacklist has been lost.
- Optionally, flash the Xposed version linked above, and pray
At first install SafetyNet is automatically blacklisted.
If you have just flashed a ROM, it is advised to let it fully boot at least once before installing suhide.
Uninstall
- Flash the attached suhide-rm-vX.YY.zip. The version may appear older, the uninstall script doesn't change very often.
Blacklisting an app
You need the UID (10000 to 99999, usually 10xxx) of the app, which can be tricky to find, or the process name. There may be a GUI for this at some point.
(Note that all commands below need to be executed from a root shell)
If you know the package name, ls -nld /data/data/packagename will show the UID - usually the 3rd column.
Similarly, for running apps, ps -n | grep packagename will also show the UID - usually the 1st column.
Note that the process name is often the same as the package name, but this is not always the case. UID is more reliable for identifying a specific app, and it is also faster than blocking based on process names.
When you know the UID or process name:
Add to blacklist: /su/suhide/add UID or /su/suhide/add processname
Remove from blacklist: /su/suhide/rm UID or /su/suhide/rm processname
List blacklist: /su/suhide/list
All running processes for that UID or process name need to be killed/restarted for su binary hiding. For SuperSU GUI hiding, the device needs to be restarted. I recommend just (soft-)rebooting your device after making any changes.
Please keep in mind that many apps store their rooted state, so you may need to clear their data (and then reboot).
Integration into SuperSU
This mod isn't stable, and probably will never be (see the next few posts). As SuperSU does aim to be stable, I don't think they're a good match. But who knows, it all depends on how things progress on the detection side.
Detections
This mod hides the su binary pretty well, and does a basic job of hiding the SuperSU GUI. The hiding is never perfect, and suhide itself is not undetectable either. This will never be a perfectly working solution.
Debugging bootloops
- Get your device in a booting state
- Make sure you have TWRP or a similar recovery
- Install LiveBoot (link)
- If you are not a LiveBoot Pro user, enable the Freeload option
- Enable the Save logs option
- Recreate the bootloop
- In TWRP, get /cache/liveboot.log , and ZIP+attach it to a post here.
Download
Attached below.
Any rm version should work to uninstall any suhide version.
There may be multiple versions of suhide attached, please look carefully which one you are downloading!
YOU ARE EXPLICITLY NOT ALLOWED TO REDISTRIBUTE THESE FILES
(pre-v0.51: 17410 downloads)
Hiding root: a losing game - rant du jour
Most apps that detect root fall into the payment, banking/investing, corporate security, or (anit cheating) gaming category.
While a lot of apps have their custom root detection routines, with the introduction of SafetyNet the situation for power users has become worse, as developers of those apps can now use a single API to check if the device is not obviously compromised.
SafetyNet is of course developed by Google, which means they can do some tricks that others may not be able to easily do, as they have better platform access and control. In its current incarnation, ultimately the detection routines still run as an unprivileged user and do not yet use information from expected-to-be-secure components such as the bootloader or TPM. In other words, even though they have slightly more access than a 3rd party app, they still have less access than a root app does.
Following from this is that as long as there is someone who is willing to put in the time and effort - and this can become very complex and time consuming very quickly - and SafetyNet keeps their detection routines in the same class, there will in theory always be a way to beat these detections.
While reading that may initially make some of you rejoice, this is in truth a bad thing. As an Android security engineer in Google's employ has stated, they need to "make sure that Android Pay is running on a device that has a well documented set of API’s and a well understood security model".
The problem is that with a rooted device, it is ultimately not possible to guarantee said security model with the current class of SafetyNet tamper detection routines. The cat and mouse game currently being played out - SafetyNet detecting root, someone bypassing it, SafetyNet detecting it again, repeat - only serves to emphasize this point. The more we push this, the more obvious this becomes to all players involved, and the quicker SafetyNet (and similar solutions) will grow beyond their current limitations.
Ultimately, information will be provided and verified by bootloaders/TrustZone/SecureBoot/TIMA/TEE/TPM etc. (Samsung is already doing this with their KNOX/TIMA solutions). Parts of the device we cannot easily reach or patch, and thus there will come a time when these detection bypasses may no longer viable. This will happen regardless of our efforts, as you can be sure malware authors are working on this as well. What we power-users do may well influence the time-frame, however. If a bypass attains critical mass, it will be patched quickly.
More security requires more locking down. Ultimately these security features are about money - unbelievably large amounts of money. This while our precious unlocked bootloaders and root solutions are more of a developer and enthusiast thing. While we're all generally fond of shaking our fists at the likes of Google, Samsung, HTC, etc, it should be noted that there are people in all these companies actively lobbying to keep unlocked/unlockable devices available for us to play with, with the only limitation being that some financial/corporate stuff may not work if we play too hard.
It would be much easier (and safer from their perspective) for all these parties to simply plug that hole and fully lock down the platform (beyond 3rd party apps using only the normal APIs). Bypassing root checks en masse is nothing less than poking the bear.
Nevertheless, users want to hide their roots (so do malware authors...) and at least this implementation of suhide is a simple one. I still think it's a bad idea to do it. Then again, I think it's a bad idea to do anything financial related on Android smartphone that isn't completely clean, but that's just me.
Note that I have intentionally left out any debate on whether SafetyNet/AndroidPay/etc need to be this perfectly secure (most people do their banking on virus ridden Windows installations after all), who should get to decide which risk is worth taking, or even if Google and cohorts would be able to design the systems more robustly so the main app processor would not need to be trusted at all. (the latter could be done for Android Pay, but wouldn't necessarily solve anything for Random Banking App). While those are very interesting discussion points, ultimately it is Google who decides how they want this system to work, regardless of our opinions on the matter - and they want to secure it.
--- reserved ---
Changelogs
2016.10.10 - v0.55 - RELEASE NOTES
- Some code cleanup
- Support for blocking based on process name
- Should fix some crashes (requires uninstall/reinstall to activate)
2016.10.07 - v0.54 - RELEASE NOTES
- Fix for latest SafetyNet update
2016.09.19 - v0.53 - RELEASE NOTES
- Haploid container (monoploid)
2016.09.18 - v0.52 - see v0.51 release notes below
- Fix root loss on some firmwares
2016.09.18 - v0.51 - RELEASE NOTES
- Complete redesign
- Zygote proxying (haploid)
- Binder hijacking (diploid)
- su.d instead of ramdisk modification
- Xposed supported (-ish)
2016.09.04 - v0.16 - RELEASE NOTES
- Fix some SELinux access errors
- Should now work on devices that ask for a password/pattern/pin immediately at boot - for real this time!
- Binderjacking improvements for Nougat
2016.08.31 - v0.12 - RELEASE NOTES
- Fix some issues with suhide-add/rm scripts
- Fix not working at all on 32-bit devices
- Should now work on devices that ask for a password/pattern/pin immediately at boot
- Rudimentary GUI hiding
- No longer limited to arm/arm64 devices: support for x86/x86_64/mips/mips64 devices added
2016.08.29 - v0.01
- Initial release
As always thank you Chainfire! I will try and edit this post.
Edit @Chainfire this seems to work for enabling Android Pay! I didn't get the chance to actually pay yet. But it did let me add my card and did not display the message about a failed authorization of Android check! Before I couldn't even get past that first screen.
Edit 2: @Chainfire It seems to of had an adverse effect on Snapchat. I cleared cache on the app, uninstalled and reinstalled and restarted. It kept Force closing after a photo no matter what. I used suhide-rm and it seems to have fixed the app from any issues. Thanks again and hopefully we'll get you some more reports. Either way your solution works!
Tested on stock rooted 7.0 Nexus 6p.
@Chainfire
What was your reason for doing this project?
Sent from my Nexus 6P using XDA-Developers mobile app
Ofthecats said:
What was your reason for doing this project?
Click to expand...
Click to collapse
For building it, curious if the method I came up with would work well. For releasing, if others are doing it, join them or be left behind.
I'm assuming with custom ROM android pay still won't work right?
HamsterHam said:
I'm assuming with custom ROM android pay still won't work right?
Click to expand...
Click to collapse
I'd just give it a try. It's spoofing the specific app, not the entire ROM that matters. It's fairly simple to try.
Installed on LG G4 w/ V20g-EUR-XX update and rerooted with TWRP 3.0.2-0 and SuperSU-v2.76-2016063161323. seems to be working fine, for the moment. Thank you for the update.
So far so good, I was able to add card to android pay. I would try using it during lunch and report back. Again, thanks for the continuous hard work.
djide said:
So far so good, I was able to add card to android pay. I would try using it during lunch and report back. Again, thanks for the continuous hard work.
Click to expand...
Click to collapse
What was the UID or process you found to blacklist it with?
Sent from my ONEPLUS A3000 using Tapatalk
how to install it? which file should I flash ? Both?
I can't see to add an app using terminal.
I'm typing in
/data/adb/suhide-add 10284
Says file not found. Can someone help, cheers.
Joshmccullough said:
What was the UID or process you found to blacklist it with?
Click to expand...
Click to collapse
Android Pay comes blacklisted out-of-the-box
HamsterHam said:
I can't see to add an app using terminal.
I'm typing in
/data/adb/suhide-add 10284
Says file not found. Can someone help, cheers.
Click to expand...
Click to collapse
Are you in Android or TWRP ?
ls -l /data/adb/
Chainfire said:
Android Pay comes blacklisted out-of-the-box
Click to expand...
Click to collapse
Derp. That's what I get for not reading the entire sentence under 'Install' in the OP......thanks!
PedroM.CostaAndrade said:
how to install it? which file should I flash ? Both?
Click to expand...
Click to collapse
Please don't quote a large post like that just to ask a single question.
Please read the first post, so you know what to do.
OnePlus 2 here, stock 6.0.1, systemless rooted with SuperSU Pro v2.76, flahed using Flashfire.
Passes SafetyNet check, does not pass my bank's root check, propably for the reasons the OP states above.
thdervenis said:
OnePlus 2 here, stock 6.0.1, systemless rooted with SuperSU Pro v2.76, flahed using Flashfire.
Passes SafetyNet check, does not pass my bank's root check, propably for the reasons the OP states above.
Click to expand...
Click to collapse
You need to blacklist the UID for your bank. Directions are in the OP.

Fix dec 2016/jan 2017: Snapchat on rooted android device running xposed.

POST IS UPDATED REGULARLY.
LINK 1 - Parallel Space: https://play.google.com/store/apps/details?id=com.lbe.parallel.intl&hl=en[/URL][/URL]
LINK 2 - Parallel Space 64-Bit Support: https://play.google.com/store/apps/details?id=com.lbe.parallel.intl.arm64&hl=en[/URL][/URL]
Salutations. (That means 'Hello').
NOTE: For those who are interested, I will include background information about how I came to the solution. All that other jazz too. First and foremost however; the fix!
SOLUTION:
Right at the top of the post, you will find two links. This being a new account and all (don't ask), until I create 10 posts I cannot include any outside links. So once I've done so, I will update the post.
STEP **: So at the top of the post, there are clearly two links. 64-Bit Android devices are becoming increasingly common. This architecture may pose a few problems. give the application framework. Should you own a 64-Bit device, I recommend installing this application too (LINK 2). This will theoretically prevent any obstacles.
Pre-requisite(s): Make sure you have the 'Snapchat' application installed. It is recommended to have installed the latest update from the Google Play Store.
STEP ONE: Download the application appended to LINK 1. This is called Parallel Space. You might recognize the name (its creators are the same who allow you to seamlessly virtualize Windows OS on Mac OS).
STEP TWO: Launch the application.
STEP THREE: You should be prompted with a grid-like interface. Here you will be greeted with a range of familiar icons. In the top right corner of each icon, you will notice a blue check-mark. Make sure that there is one next to the 'Snapchat' icon. This will ensure that the app is 'cloned'.
STEP FOUR: In the 'Parallel Space' app, tap on the 'Snapchat' icon. This will launch the application.
STEP FIVE: From here it is pretty self-explanatory. You are greeted by the standard 'Snapchat' interface. Tap on 'Log In'. Then proceed to do so.
STEP SIX: 'Snapchat' should be functioning as normal.
STEP SEVEN (BONUS): During testing, this worked on and off. --
Remain logged-in to the 'cloned' 'Snapchat' application within the 'Parallel Space' application.
Then proceed to launch the stock 'Snapchat' application.
Next attempt to 'Log-In'.
Should this operation be successful, you are then free to uninstall 'Parallel Space' and any related assets from your device.
HOWEVER, I personally do not recommend this. When logging out or updating the 'Snapchat' application, errors may be re-encountered.
Instead, I recommend that if possible, do use the stock application, but leave 'Parallel Space' installed. Using the stock app will improve efficiency and reduce the load on system resources. But keeping the 'Parallel Space' application on the device, well; you get the point.
Enjoy the fix! If it does not work, please let me know [Device Name and Model No.]. I've tested on various devices, succeeded every-time. Do keep in mind that this is a loop-hole, so may be patched in future or not work at all for some devices.
Background (Because I know someone will ask): The idea came to mind while using a LG G5 as a daily driver. I had tested every custom ROM available for the device. The problem was that with custom ROM's, there was always an issue, Malfunctioning sensors, camera's not working persistently, etc , etc.
The G5's stock ROM left me wanting more. The overbearing interface made it a living hell. Plus, the device just being rooted (NO XPOSED) meant that 'Snapchat' did not work. I looked for fixes for a time, but could not find any.
Development of ROM's for the device is on-going, and I am an active member. But I just couldn't handle not being able to use the camera (one of the device's best features) and no accelerator, screen-rotation, etc. So I went back to stock again. Do keep in mind that I was alternating/dual-booting between custom and stock ROM's just because of the camera; mainly.
This most recent time. instead of flashing stock MM, I flashed stock N for the G5. For 850, it has been officially released in some countries, and a manual flash via TWRP was a peice of cake.
This update is a lot better. I am running Nova Launcher again. So it makes it look a little better. Themes have also been improved. I am using an in-built dark one which makes the device look a lot better aesthetically. Additionally, I'm rocking a white carbon-fibre skin on the exterior; improving grip and overall security. The only issue was again, no 'Snapchat'.
After a few days, I had the idea to attempt this. I tested my theory and it worked! That's it.
Please do keep in mind that I will update this post as often as possible.
P.S This was tested just after updating to the latest version of 'Snapchat' which was a significant update. It included Shazam, Groups, etc. So you know, pretty cool that it worked.
Did not work on Google Nexus 5 running Android 7.1.1. Still gives error message saying that I can't connect to the server.
Same here, not working on freshly reinstalled and rooted 7.1.1 Nexus 5x. No Xposed, no nothing. I get the infuriating "temporarily failed" message in both cloned and regular modes.
It didn't worked. S7 edge exynos (6.0.1)
Holyphe said:
It didn't worked. S7 edge exynos (6.0.1)
Click to expand...
Click to collapse
I'm pretty sure if you get Xposed framework, there's a module that allows you to hide root from apps. Problem is that there is no Xposed framework for Android 7 yet. Hope this helps.
hot_potato said:
I'm pretty sure if you get Xposed framework, there's a module that allows you to hide root from apps. Problem is that there is no Xposed framework for Android 7 yet. Hope this helps.
Click to expand...
Click to collapse
Whats the name of it?
Holyphe said:
Whats the name of it?
Click to expand...
Click to collapse
I personally tried the module on cm13 but it doesnt work for me. I think that somehow snapchat knows when you use xposed too.
The thing is that on aosp roms with root already build in sometimes snapchat do not catch it but if you have xposed, no way you can get in. For that freaky snapchat app here is what i did: install any rom, if if had root build in i then install su uninstaller zip with twrp then log in into snapchat and after that, rooting with super su zip again. The catch is that once you log out of the app and attempt to log in again, you cant get in and you have to repeat the proccess. It's annoying as hell!!! They need to disable the security check, if people want to cheat che system somehow they will, so whats the point. Also there are much more tweaks for jailbroken iphones and they have no problem with it .
Sorry for the rant here buqt im super frustrated.
AndroidFL said:
I personally tried the module on cm13 but it doesnt work for me. I think that somehow snapchat knows when you use xposed too.
The thing is that on aosp roms with root already build in sometimes snapchat do not catch it but if you have xposed, no way you can get in. For that freaky snapchat app here is what i did: install any rom, if if had root build in i then install su uninstaller zip with twrp then log in into snapchat and after that, rooting with super su zip again. The catch is that once you log out of the app and attempt to log in again, you cant get in and you have to repeat the proccess. It's annoying as hell!!! They need to disable the security check, if people want to cheat che system somehow they will, so whats the point. Also there are much more tweaks for jailbroken iphones and they have no problem with it .
Sorry for the rant here buqt im super frustrated.
Click to expand...
Click to collapse
That's the only solution I've seen working so far. unroot and reroot. Root cloak doesn't work, parallel doesn't work. I should've logged in before rooting and I hate to do it again.
Any work arounds yet? I've seen ppl do it using titanium backup but I'm not sure if that works. Can anybody help?
Samsung s5 G900v Not working
I have been searching and searching and still haven't found a way to sign into snapcat. It took me about 6 months to be able to find out how to root my phone.
Dukeboyty said:
I have been searching and searching and still haven't found a way to sign into snapcat. It took me about 6 months to be able to find out how to root my phone.
Click to expand...
Click to collapse
Well todays your lucky day.
Step one turn off xposed.
Step two reboot
Step three sign into snapchat
Step four turn xposed back on
Step five reboot
You should be able to snap now.
Okay. I will try this on monday and will let youknow how it goes. Right now I decided to unroot to use snapchat, so I didn't loose my streaks. Thanks in advane will let you know how it goes.
immorality said:
Well todays your lucky day.
Step one turn off xposed.
Step two reboot
Step three sign into snapchat
Step four turn xposed back on
Step five reboot
You should be able to snap now.
Click to expand...
Click to collapse
Now that i think of it, when i uninstalled xposed it didn't work still. but after i "fully unrooted" through Super su and tried to sign in it worked. so it has to do with root or maybe both but the xposed didnt work for me. Thanks even though it didn't/wouldn't have worked for me!
Dukeboyty said:
Now that i think of it, when i uninstalled xposed it didn't work still. but after i "fully unrooted" through Super su and tried to sign in it worked. so it has to do with root or maybe both but the xposed didnt work for me. Thanks even though it didn't/wouldn't have worked for me!
Click to expand...
Click to collapse
Snapchat detects xposed framework.
Though at a time they did do root they since moved to blocking xposed due to the security concerns with money and also privacy of the user.
Though with certain phones and ect that could be the case I am using a s5 and have no issues.
just install magisk and systemless xposed and turn on magisk hide in magisk manager now snapchat won't detect root
then when u wanna log in just turn off xposed in xposed installer and reboot "it won't take time booting optimizing app when reactivated now" so reboot is easy
and u can have multiple accounts by backing up snapchat with titanium backup and don't ever log out just wibe its data and when u want to relog just restore the backup
and if u want to have multiple accounts access just patch the titanium backup with luckypatcher and have multiple backups (accounts)
ahmedsasker said:
just install magisk and systemless xposed and turn on magisk hide in magisk manager now snapchat won't detect root
then when u wanna log in just turn off xposed in xposed installer and reboot "it won't take time booting optimizing app when reactivated now" so reboot is easy
and u can have multiple accounts by backing up snapchat with titanium backup and don't ever log out just wibe its data and when u want to relog just restore the backup
and if u want to have multiple accounts access just patch the titanium backup with luckypatcher and have multiple backups (accounts)
Click to expand...
Click to collapse
Can u make a instructions how to do it step by step? How can i turn off xposed in xposed installer? It also works when SuperSu is installed or i have to unistall it first?
Fnn.09 said:
Can u make a instructions how to do it step by step? How can i turn off xposed in xposed installer? It also works when SuperSu is installed or i have to unistall it first?
Click to expand...
Click to collapse
make a nandroid backup if u want
1- full unroot by opening supersu and going to settings and press Full unroot and wait till it finishes and restart
2- download xposed uninstaller if u have xposed framework installed and flash it
3- install magisk manager from playstore
4- download and flash last magisk which is (12v) now from : https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
5- flash magisk v12.0 which you downloaded now your phone will have systemless root
6- go into magisk manager app and go to settings and toggle "Magisk Hide" (ON) and restart now your root is hidden
7- remove your current xposed app and install this one : https://forum.xda-developers.com/xposed/material-design-xposed-installer-t3137758
8- flash systemless xposed : https://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268
9- reboot and go to the xposed installer app and toggle the xposed off or on as you want when u restart it won't take time optimizing apps like before so fast now
your root is hidden now but xposed is not but you can disable it and enable it easily
Instead of using Parallel Space (which I believe to be insecure) use Island to clone your apps. It's a little more advanced to setup, but it's a lot more secure. It works for rooted and non-rooted devices. On the 1st page of the thread, it explains how Parallel Space and others repack the apk file locally, which is dangerous. https://forum.xda-developers.com/android/apps-games/closed-beta-test-incoming-companion-app-t3366295
Island never repack apk file locally, which is inherently insecure for users, since all your app data (including password input) are technically in the hand of MoboClean. (The same applies to other similar tools, e.g. LBE Parallel Space)
Instead, Island takes advantage of the underlying mechanism used by "Android for Work". This ensures that all your apps run natively in Android system and their data are securely stored in internal location of Android which is never accessible by Island. It has the same level of security as "Android for Work".
Click to expand...
Click to collapse
Be sure to read the disclaimer!!! The app is still only available in closed beta at the time of writing this, and could possibly cause you're device to bootloop or even possibly brick it, but root, xposed, or other modifications {in my opinion) has a higher chance of bootloops or bricking your device.
You follow the same steps in island to clone snapchat as you would in Parallel Space to login to snapchat. It might be possible to use the play store inside island to download snapchat inside island and login that way. I can't remember exactly how it works. I believe that island is a good way to test apps in a "sandbox environment" to keep the data excluded, safe and secure from the regular apps that you have installed outside of island.
I use Magisk now which bypasses SafetyNet which is what snapchat uses to "block access" to modified/rooted devices.
Probably the easiest method is to download Casper which is an alternative snapchat client that allows you to save snaps, and many other features that the official snapchat client can't do. Find Casper at www.casper.io
FYI Netflix has started to change how they do things as well by hiding the app's play store page from devices that have been modified or rooted, but it's still possible to simply sideload Netflix for now.

Magisk is consistently causing my Settings app to hang after booting

I have no proof of this, but this has been happening on my Note 4 (SM-N910T) ever since v13.3, and now on v14.0. I also bought a Huawei Honor 6X about a week ago, it's now happening there too. I didn't feel that this was worth posting about, figuring it might be device-specific or ROM-specific. But now that it's happening on 2 devices I've changed my mind.
Note 4:
Android 7.1.2 (CMRemix)
Xposed unofficial by PurifyOS (system mode)
Kernel sets SELinux to permissive on boot
Magisk v14.0
No Magisk modules installed
Honor 6X:
Android 7.1.2 (Resurrection Remix)
Xposed (systemless Magisk version)
Kernel sets SELinux to permissive on boot
Magisk v14.0
No Magisk modules installed
Description of the issue:
After powering on/rebooting, I can't open system Settings app for up to a minute or so. It just hangs on a white screen. It then either gives a message stating that Settings isn't responding, or, if I manually close Settings with the Recent button then try to reopen it, it repeats the same behavior but will eventually open. Sometimes I need to access Settings immediately after boot to make changes. Device is otherwise responsive, Magisk appears to work fine.
I have tried clean ROM installs on both devices, with full wipes beforehand, and latest stable Magisk. I've also tried with and without Xposed, results are the same. This didn't happen before v13.3, v11.x and v12.x didn't exhibit this behavior. But back this I was using systemless SuperSU in conjunction with Magisk. I suspect that MagiskSU may be the culprit.
MagiskSU is also noticeably slower (when compared to SuperSU or non-Magisk Phh's Superuser) at responding to SU requests, even with a setting of auto-grant and the lowest possible timeout (10 seconds), and global mount namespace. This may be due to the fact that does more than just rooting, it is logical to assume that it has more background processes running since it is also a systemless framework, whereas the other 2 solutions only manage root access.
Last, my file managers oftentimes won't let me delete/modify certain files/folders in the system partition, with a message like "device or resource busy", or flat-out denying access. System is remounted as RW. This only happens with Magisk, but never with SuperSU or Phh. I do use Magisk for systemless mods, but sometimes I want to make direct midifications to /system. Magisk, as a root solution, shouldn't be denying my ability to do this, since I own my devices, not Magisk.
Right now I'm primarily concerned with the Settings issue, but I figured the other issues are worth mentioning. I'm still on the fence, I may return to SuperSU, or Phh, trying Magisk again after a few more stable releases. But if this can be resolved then I'll give it another chance.
I'm posting the logs for my Honor 6X, one is the Magisk log from /cache, the other is /data/anr/traces.txt. Attempts to get a logcat during boot were unsuccessful.
Thanks for any help!
Magisk saves a log during boot that you might find useful. It's /data/magisk_debug.log. A logcat from when the device has booted up and you're trying to open up the Settings might also be interesting.
Have you tried on a stock ROM? Both those ROMs you're using are related and may have similar ROM specific issues...
dont open setting immediately after reboot. open it after a minute. not really a problem
It is not Magisk problem that cause this problem but it is the rom...i'm also using RR 7.1.2 on bacon and Magisk v14 and have no problem at all but we bacon user does encountered this problem in RR build in July and the devs fixed this on August build....
Sent from my A0001 using Tapatalk
@all: I've been super busy lately, not much time to post anywhere. But getting back to this.....I doubt this is a ROM issue. My reasoning is that it would occur with or without Magisk if that were the case. I don't get this issue when using SuperSU or non-Magisk Phh Superuser (regular). This only occurs when Magisk is installed, since v13.3, but not before that version. It has also occurred on Huawei stock EMUI firmware.
@24imelqui: Just because you don't consider something to be a problem doesn't mean it isn't a problem for others. I have a need to be able to access my Settings app immediately after booting. Your comment isn't useful in the least, if you can't post something helpful then don't post at all. /Ignored.....
@iPusak Gaoq™: isn't Bacon a Nexus device (not sure, never owned one)? Can you reference something where this has been reported? And fixed? Like something on XDA or GitHub or whatever? If this can be proven to be ROM issue then I'll post something to my devices' devs to see if it can be fixed in later releases.
I'm attaching several logs, this time a logcat as well. No such debug log exists in /data, and Magisk v14.0 has no options in the Manager app for debug logging.
AnonVendetta said:
@all: I've been super busy lately, not much time to post anywhere. But getting back to this.....I doubt this is a ROM issue. My reasoning is that it would occur with or without Magisk if that were the case. I don't get this issue when using SuperSU or non-Magisk Phh Superuser (regular). This only occurs when Magisk is installed, since v13.3, but not before that version. It has also occurred on Huawei stock EMUI firmware.
@24imelqui: Just because you don't consider something to be a problem doesn't mean it isn't a problem for others. I have a need to be able to access my Settings app immediately after booting. Your comment isn't useful in the least, if you can't post something helpful then don't post at all. /Ignored.....
@iPusak Gaoq™: isn't Bacon a Nexus device (not sure, never owned one)? Can you reference something where this has been reported? And fixed? Like something on XDA or GitHub or whatever? If this can be proven to be ROM issue then I'll post something to my devices' devs to see if it can be fixed in later releases.
I'm attaching several logs, this time a logcat as well. No such debug log exists in /data, and Magisk v14.0 has no options in the Manager app for debug logging.
Click to expand...
Click to collapse
There have been issues previously, where it seems like it's a Magisk thing but it's really a ROM issue. Some things Magisk does (and it does a few more things than just root your device) can sometimes bring problems out into the light...
I believe bacon refers to the OnePlus One (Nexus devices are all named after aquatic creatures). Looking in the RR thread over in those forums I'd guess you'll find your information somewhere around here: https://forum.xda-developers.com/on...tion-remix-t3507102/post73283623#post73283623
About your logs: I'm not too good at reading logcats, so no help from me there. But, I see something there in your Magisk log... Have you tried disabling Xposed?
There are things going on when a device with Magisk starts, so depending on your setup it might take a short while (30-ish seconds for me on my daily driver) before root requests start being accepted. If the ROM settings require root, that might be the reason why it won't open straight away when booting up your device.
OK, back again, Xposed disabled this time in the app (but still installed), so not active.
Here is the full changelog on the build where the devs fixed the issues on settings freeze/fc on startup....
https://forum.xda-developers.com/showthread.php?p=73304715
Sent from my A0001 using Tapatalk

PetNoire's SafetyNet Spoofer! (Universal SafetyNet Fix mod)

PetNoire's SafetyNet Spoofer
This module tries to pass SafetyNet on devices/roms that don't.
This started when i put LineageOS on my phone and couldn't play Pokemon GO anymore. much sadness was had.
i searched around for a fix and found universal-safetynet-fix. Awesome! it let me play pokemon again but it broke everything else root related while it was enabled.
So, i worked on updating it to be compatible with magisk 17. and i got it! (download at the bottom)
but, well.. there was a lot in that code that didn't need to be there anymore. (does anyone even use magisk 12?!)
and worse still, my phones stock image used a thumbprint, not a fingerprint. with it in usnf, it didnt even pass basic integrity!
so i got to work and PetNoire's SafetyNet Spoofer was born!
Disclaimer:
I am not responsible for bricked devices, dead SD cards,
thermonuclear war, or you getting fired because the alarm app failed.
I also do not support hacking/altering any other apps with your root powers.
i made this purely to legitimately play a game on a customized system.
Information
Features:
Resets system props to a factory state
spoofs the device fingerprint or thumbprint
has a friendly command tool to change finger/thumbprint settings
Use:
Flash it with TWRP or MM.
by default, it spoofs the same device that unsf did which is enough for most uses. Congrats, you're done!
you can also use the pnss command as root to change, reset, or disable the fingerprint spoofing.
run the 'pnss' command from terminal for usage information
example command:
Code:
su
pnss set thumb MyDeviceThumbprint/8.1/etc/etc
Requeriments
Magisk v17
Installation
Flash the .ZIP from TWRP or MM Module page
Reboot
Known issues
thumbprint mode is only passing BasicIntegrity, not CTS
Donations
If you feel I helped you, you can buy me a coffee here
Credits
@Deic - the original creator of universal-safetynet-fix here
@PetNoire - porting it to magisk 17, breaking it further, and adding thumbprint support
Download
Please DO NOT share the module itself or the download link, share the thread only.
vv
@PetNoire May I ask a favour (as I've done to other users that hav updated @Deic's module to the current template in the past)? If you're going to re-release the module with the current template, at least please fix it so that it no longer replaces Magisk's internal Busybox with it's own. Really bad practice and we never did get @Deic to fix that before he disappeared...
If you need a specific module Busybox, place it in the module folder instead and call the commands from there, or make sure that the users know that they have to install @osm0sis Busybox, or if you're really in a pinch just use the internal Magisk Busybox then, but at least don't replace it with one that have the possibility to mess up Magisk's internal functions.
Also, it would be a good idea if you gave @Deic a bit more credit than you're doing right now (a tiny, tiny link at the top of your post just isn't enough), no matter that he's MIA. All you've really done is to transfer his module to the current template and added a check for the current Magisk version and it's paths. I'd suggest you make that more apparent so you don't risk being accused of passing someone else's work off as your own.
Didgeridoohan said:
@PetNoire May I ask a favour (as I've done to other users that hav updated @Deic's module to the current template in the past)? If you're going to re-release the module with the current template, at least please fix it so that it no longer replaces Magisk's internal Busybox with it's own. Really bad practice and we never did get @Deic to fix that before he disappeared...
If you need a specific module Busybox, place it in the module folder instead and call the commands from there, or make sure that the users know that they have to install @osm0sis Busybox, or if you're really in a pinch just use the internal Magisk Busybox then, but at least don't replace it with one that have the possibility to mess up Magisk's internal functions.
Also, it would be a good idea if you gave @Deic a bit more credit than you're doing right now (a tiny, tiny link at the top of your post just isn't enough), no matter that he's MIA. All you've really done is to transfer his module to the current template and added a check for the current Magisk version and it's paths. I'd suggest you make that more apparent so you don't risk being accused of passing someone else's work off as your own.
Click to expand...
Click to collapse
Thanks for the tip on busybox. I thought it was pretty weird that it replaced it like that for 2 commands but was more concerned about getting it to work at all. I'll look into fixing that soon.
update: i think i almost have it working on magisk's busybox but still working out some bugs.
And I'll edit it to give him some more credit right away.
PetNoire said:
Thanks for the tip on busybox. I thought it was pretty weird that it replaced it like that for 2 commands but was more concerned about getting it to work at all. I'll look into fixing that soon.
Click to expand...
Click to collapse
That would be great.
I thought I'd give some insight into what the module actually does, for those that are wondering, since it might get lost in translation between the different updates to the module by others than @Deic.
The USNF module is made up of two parts. For one, it changes the device fingerprint to a certified one to pass the ctsProfile check (the in-built one is a Xiaomi print, but IIRC you can also use the device stock fingerprint if it's already certified). This is also something that can be done with a Magisk boot script (post-fs-data.d or service.d) and the resetprop tool:
Code:
resetprop ro.build.fingerprint <certified fingerprint value>
There are also Magisk modules available that do the same thing (apart from USNF).
Device Spoofing Tool by @Dreamer(3MF) is one (although it also changes a whole lot of other props to simulate a OnePlus 2).
And there's also my MagiskHide Props Config that changes the build fingerprint to one of your choice.
Or, if you don't care about the systemlessness, you can directly edit your build.prop file and change the current ro.build.fingerprint to a certified one.
So, for the device fingerprint and passing the ctsProfile there are a few options.
The second part of USNF is the custom MagiskHide (as described in the OP). The thing here though, is that for the majority of devices it is not necessary anymore, since (as it also says in the OP) @topjohnwu have fixed most of those issues. From what it seems, from user reports in different threads, this is only necessary on some MIUI releases (Xiaomi devices). The module actually started out as a "Xiaomi SafetyNet fix" (check the module id), but the build fingerprint part turned out to be useful for other devices, so @Deic changed the name to "Universal". All other devices should be good with only changing the device fingerprint.
So far, it doesn't seem like the custom MagiskHide from the module is interfering in any way with the real thing. But, considering that it hasn't been updated in over a year, who knows.
Class dismissed.
Is there any reason to keep the code for old magisk? Does anyone still use 12-14?
Seems to have helped on my S8 with KingROM
My Magisk updated to 17.1 and then GooglePay started getting upset that I had rooted, mucked around with various things including the 'MagiskHide Props Config' module which my S8 never seems happy with (random reboots when installed) but this seems to do the trick.
I installed via Magisk Manager but it seemed to kill the Magisk install when I rebooted, reinstalled Magisk and now all seems ok so a big thumbs up from me
I wonder how the magiskhide part (at least the "add", etc. scripts) can work, because you use the old outdated "/magisk"-folder, that is no longer supported since 16.3 (or so).
Oberth said:
My Magisk updated to 17.1 and then GooglePay started getting upset that I had rooted, mucked around with various things including the 'MagiskHide Props Config' module which my S8 never seems happy with (random reboots when installed) but this seems to do the trick.
I installed via Magisk Manager but it seemed to kill the Magisk install when I rebooted, reinstalled Magisk and now all seems ok so a big thumbs up from me
Click to expand...
Click to collapse
For some reason it doesn't always work the first time. Usually just rebooting fixes it.
jenslody said:
I wonder how the magiskhide part (at least the "add", etc. scripts) can work, because you use the old outdated "/magisk"-folder, that is no longer supported since 16.3 (or so).
Click to expand...
Click to collapse
I thought I changed it all. You sure there isnt some kind of version check? I'll look at it later
Again first goal was to get it working. Next goal is to make it awesome
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
winzzzzz said:
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
Click to expand...
Click to collapse
In-Case Of Facing A Bootloop/Bootscreen Issue Due To Flashing A Module, Download CoreOnlyMode4Magisk From This Thread https://forum.xda-developers.com/apps/magisk/module-core-mode-bootloop-solver-modules-t3817366 Then Flash It Thru TWRP Recovery.
winzzzzz said:
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
Click to expand...
Click to collapse
Does it boot after disabling the module?
From twrp>advanced>terminal:
HTML:
Mount -o loop /data/adb/magisk.img /mnt
Touch /mnt/universal-safetynet-fix/disable
The reboot
so.. i kind of deleted the whole magiskhide clone from the module and just left the prop configs and its totally passing safetynet now. so i guess the normal magiskhide is enough and is just missing some prop resets.
@PetNoire I still failed to pass safetynet, When I flashed the module, my magisk was erased, but then I just saw from this thread that a reboot is needed. After reboot my magisk came back, but It' says "Requires Additional Setup" I ignore it and then checked if safetynet will pass, It failed.
I'm using stock CM FLARE S4 ROM android 5.1.
Sorry for my English.
Thankyou for the reviving this module. :good:
Godbless you.
PetNoire said:
so.. i kind of deleted the whole magiskhide clone from the module and just left the prop configs and its totally passing safetynet now. so i guess the normal magiskhide is enough and is just missing some prop resets.
Click to expand...
Click to collapse
That was kind of the point of my longish text above... All you need to pass on a device that doesn't fully pass SafetyNet (ctsProfile fails while basicIntegrity passes), is usually just to change ro.build.fingerprint to a certified fingerprint (and there are several ways to go about that, but the Magisk way always involves the resetprop tool somehow). Custom ROMs, developer versions of OEM firmwares (Oneplus 6 beta, for example), and otherwise uncertified devices can usually pass SafetyNet like this.
Didgeridoohan said:
That was kind of the point of my longish text above... All you need to pass on a device that doesn't fully pass SafetyNet (ctsProfile fails while basicIntegrity passes), is usually just to change ro.build.fingerprint to a certified fingerprint (and there are several ways to go about that, but the Magisk way always involves the resetprop tool somehow). Custom ROMs, developer versions of OEM firmwares (Oneplus 6 beta, for example), and otherwise uncertified devices can usually pass SafetyNet like this.
Click to expand...
Click to collapse
This was just the first one that gave me any success so I initially assumed it was because of the hiding. I wasn't even able to pass basic integrity without this one and most others didn't help either. I tries yours at one point with no success. Do you change all the "dangerous props" that this one does?
PetNoire said:
This was just the first one that gave me any success so I initially assumed it was because of the hiding. I wasn't even able to pass basic integrity without this one and most others didn't help either
Click to expand...
Click to collapse
Basic integrity passing has nothing to do with the device fingerprint or other props. With Magisk, that usually means that MagiskHide isn't working (for whatever reason, most of the times it just needs a restart) or you have something installed that MagiskHide can't hide (like Xposed, remnants of other kinds of root, etc).
Edit: Scroll down a little here for a table of examples of what will cause a true or false cts profile or basic integrity response.
https://developer.android.com/training/safetynet/attestation#compat-check-response
iamcurseal said:
@PetNoire I still failed to pass safetynet, When I flashed the module, my magisk was erased, but then I just saw from this thread that a reboot is needed. After reboot my magisk came back, but It' says "Requires Additional Setup" I ignore it and then checked if safetynet will pass, It failed.
I'm using stock CM FLARE S4 ROM android 5.1.
Sorry for my English.
Thankyou for the reviving this module. :good:
Godbless you.
Click to expand...
Click to collapse
I don't know what Tue additional setup does, but I always do it and its been working. Also your device may have thumbprint props instead of fingerprint.
Run this in a terminal and let me know what you get
Code:
getprop | grep print
PetNoire said:
I tries yours at one point with no success. Do you change all the "dangerous props" that this one does?
Click to expand...
Click to collapse
My module changes all the common fingerprint props, but as far as I know, it's only ro.build.fingerprint that is important for the ctsProfile check.
Didgeridoohan said:
Basic integrity passing has nothing to do with the device fingerprint or other props. With Magisk, that usually means that MagiskHide isn't working (for whatever reason, most of the times it just needs a restart) or you have something installed that MagiskHide can't hide (like Xposed, remnants of other kinds of root, etc).
Edit: Scroll down a little here for a table of examples of what will cause a true or false cts profile or basic integrity response.
https://developer.android.com/training/safetynet/attestation#compat-check-response
Click to expand...
Click to collapse
I wiped all partitions, installed lineage 15, installed magisk and enabled hide and it wouldn't pass basic at any point. Even still its never passed it without this module. It didn't even pass it on the clean install, before magisk

Categories

Resources