Apps that use liboemcrypto.so to play content protected by DRM, such as Netflix and My5, will fail when playback is attempted on a rooted device.
The symptoms displayed by affected devices vary by brand and Android version. Some devices may display an obscure error message when you attempt playback. Others may just appear stuck loading the requested content.
This Magisk module fixes the problem by masking liboemcrypto.so with a zero byte replacement. Whilst the same effect could be achieved by simply deleting or renaming liboemcrypto.so with a root-enabled file manager, this has the disadvantage of altering your /system partition by writing to the file-system. The advantage of the Magisk method is that no actual changes are made to the device. The problematic file is merely concealed from the apps that attempt to use it.
To use the module, flash it in the Modules section of Magisk Manager and then reboot your device.
The module works when the library in question is located at either /system/lib/liboemcrypto.so or /system/vendor/lib/liboemcrypto.so. If your library is located elsewhere (or missing), this module will have no effect (but it's harmless to try it).
The module has been verified working on a Samsung Galaxy S9+ (SM-G965F/DS) running Magisk 16.x/17.x/18.x on a variery of ROMs, on a Samsung Tab S3 (SM-T820) running stock Android 8.0 and Magisk 16.x/17.x, and on a Samsung Tab S4 (SM-T830) running stock Android 8.1 and Magisk 17.x/18.x. It was created because a similar module on XDA did not work on my devices. It is being released by popular request, because a number of other users contacted me with the same complaint.
The module was integrated into the official Magisk module repository on 2018-06-27, and can therefore be directly downloaded from within the Magisk Manager app.
Please note that a consequence of using this module is that Widevine DRM will fall back to using L3 instead of L1. This means that Netflix will play all content in SD quality, regardless of your subscription type. Of course, without this module, you won't be able to play anything on a rooted device, so beggars can't be choosers.
Change log:
2020-12-20: v1.5
Updated for Magisk v21 template format.
2019-03-29: v1.4
Updated for Magisk v19 template format.
Issue a warning if installed on an S10e (G970F), S10 (G973F) or S10+ (G975F).
2018-12-06: v1.3
Added support for devices that have the library under either /system/lib64 or /system/vendor/lib64.
Added support for devices that have the library in multiple locations.
2018-07-22: v1.2
Added logic to install in only the appropriate library directory, rather than in both.
2018-05-29: v1.1
Added support for devices that have the library under /system/vendor/lib instead of /system/lib.
2018-04-23: v1.0
Initial release.
Work on Note 8 perfectly thx mate check with netafix,showmax thx again mate
Wysłane z mojego SM-N950F przy użyciu Tapatalka
Version 1.1 has been released with support for devices that have the library under /system/vendor/lib instead.
Hi,
Could you try to make nc+ GO usefull for rooted devices ?
Thanks for the module @ianmacd, finaly Netflix working again on my rooted and Widevine L1 patched Oneplus5.
I noticed this module actually reverts your device back to Widevine L3 when module is active, is that correct?
an0therus3r said:
Thanks for the module @ianmacd, finaly Netflix working again on my rooted and Widevine L1 patched Oneplus5.
I noticed this module actually reverts your device back to Widevine L3 when module is active, is that correct?
Click to expand...
Click to collapse
Yes, this is an unfortunate side-effect of the module. The module fakes the erasure of the DRM library, which enables playback, but not in HD.
If HD is important to you, there are patched Netflix binaries floating around, but I believe they are quite an old version. I mainly use my tablet to cast to the television, so it's not a problem for me. I should add something about this to the documentation.
Why did I have my device manually updated by ONEPLUS in order to enjoy HD content thru YouTube, prime, Netflix etc.. if it is conflicting with Netflix, the one I use the most?? This is pretty weird. This model is a great work around, but now I'm back to L3 and the whole point was to enjoy L1. What do you mean with patched Netflix libraries? Can you maybe point me in the right direction? That'd be greatly appreciated
mshinni80 said:
Why did I have my device manually updated by ONEPLUS in order to enjoy HD content thru YouTube, prime, Netflix etc.. if it is conflicting with Netflix, the one I use the most?? This is pretty weird. This model is a great work around, but now I'm back to L3 and the whole point was to enjoy L1. What do you mean with patched Netflix libraries? Can you maybe point me in the right direction? That'd be greatly appreciated
Click to expand...
Click to collapse
This article contains an introduction to the problem. Basically, you either need to patch the APK or find one pre-patched by someone else.
Most, if not all people use apktool for this kind of work, but later versions of the Netflix APK can't currently be decompiled, so if you look around for a patched APK, you'll necessarily find an old version.
ianmacd said:
Version 1.1 has been released with support for devices that have the library under /system/vendor/lib instead.
Click to expand...
Click to collapse
I didnt fix my error -9 still getting same error sorry we couldn't get Netflix service error (-9) running on Note 4 with Magisk 16.4 on MM ROM
*edit* I went into /vendor/lib/ and delete (take a backup of it) the file liboemcrypto.so, reboot and it worked! I dont know if that the right way to fix it? this Module seems like didn't change anything
zfk110 said:
I didnt fix my error -9 still getting same error sorry we couldn't get Netflix service error (-9) running on Note 4 with Magisk 16.4 on MM ROM
*edit* I went into /vendor/lib/ and delete (take a backup of it) the file liboemcrypto.so, reboot and it worked! I dont know if that the right way to fix it? this Module seems like didn't change anything
Click to expand...
Click to collapse
Thank you for the report. I will investigate the matter.
The module should have worked with that path. I have a device myself that has liboemcrypto.so in that location, and the module works fine with it. I'll look into it.
ianmacd said:
Thank you for the report. I will investigate the matter.
The module should have worked with that path. I have a device myself that has liboemcrypto.so in that location, and the module works fine with it. I'll look into it.
Click to expand...
Click to collapse
this time I download the module direct from Magisk without using the your provided zip and then installing using from TWRP
this time it worked, now I can use Netflix without any issues I download and installed the module direct from Magisk
zfk110 said:
this time I download the module direct from Magisk without using the your provided zip and then installing using from TWRP
this time it worked, now I can use Netflix without any issues I download and installed the module direct from Magisk
Click to expand...
Click to collapse
That's weird, too, because it's the same version in both cases.
I assume you returned liboemcrypto.so to your device before installing the module. If not, there wouldn't have been anything for the module to do.
I don't know if this is related to the liboemcrypto.so library or something very different: I would like to screen cast (as in mirror my display to a Chromecast) protected content such as Prime Video. If I do so now then the result is sound + captions and a black screen. No video. This module sort of fixed my problem with Prime Video but not entirely so I wonder if you have insights into fully resolving this. I can't believe Google's own screen cast feature isn't trusted by Google's own Chromecast!
Thanks
Your work is perfect. You are a genius!
Has anyone actually managed to mask the device as L1 DRM? Just curious
Hi @ianmacd, I've installed this through Magisk Manager. I don't use Netflix or My5. I expect it to work with Saavn like apps with more Indian content (songs). Regards.
Massive thank you to the O.P been trying for a very long time to get all 4 to work on a rooted device with this module it WORKS!!! Thank you so much for the time you put into Roms and this Module!!
MetalIris said:
Massive thank you to the O.P been trying for a very long time to get all 4 to work on a rooted device with this module it WORKS!!! Thank you so much for the time you put into Roms and this Module!!
Click to expand...
Click to collapse
With all regards to @ianmacd efforts, this hack will enforce falling back to Widevine L3, hence make Netflix HD a no-go.
I am now trying to fix Widevine L1 on Exynos5420 stuff, and I found out that SELinux enforcing mode restricting access from untrusted apps to read "/", and "mount", as well as restricting "toybox" system() calls effectively make up-to-date Netflix happy while debugging the mediadrmserver with gdbserver using root Of course a small SELinux policy change is required to make gdbserver work but this is out of scope.
If there is a way to assign a custom seclabel to processes or files related to package by its name, this approach can help using SELinux as an umbrella for apps like NF.
ianmacd said:
Apps that use liboemcrypto.so to play content protected by DRM, such as Netflix and My5, will fail when playback is attempted on a rooted device.
The symptoms displayed by affected devices vary by brand and Android version. Some devices may display an obscure error message when you attempt playback. Others may just appear stuck loading the requested content.
This Magisk module fixes the problem by masking liboemcrypto.so with a zero byte replacement. Whilst the same effect could be achieved by simply deleting or renaming liboemcrypto.so with a root-enabled file manager, this has the disadvantage of altering your /system partition by writing to the file-system. The advantage of the Magisk method is that no actual changes are made to the device. The problematic file is merely concealed from the apps that attempt to use it.
To use the module, flash it in the Modules section of Magisk Manager and then reboot your device.
The module works when the library in question is located at either /system/lib/liboemcrypto.so or /system/vendor/lib/liboemcrypto.so. If your library is located elsewhere (or missing), this module will have no effect (but it's harmless to try it).
The module has been verified working on a Samsung Galaxy S9+ (SM-G965F/DS) running Magisk 16.x/17.x on a variery of ROMs, on a Samsung Tab S3 (SM-T820) running stock Android 8.0 and Magisk 16.x/17.x, and on a Samsung Tab S4 (SM-T830) running stock Android 8.1 and Magisk 17.x. It was created because a similar module on XDA did not work on my devices. It is being released by popular request, because a number of other users contacted me with the same complaint.
The module was integrated into the official Magisk module repository on 2018-06-27, and can therefore be directly downloaded from within the Magisk Manager app.
Please note that a consequence of using this module is that Widevine DRM will fall back to using L3 instead of L1. This means that Netflix will play all content in SD quality, regardless of your subscription type. Of course, without this module, you won't be able to play anything on a rooted device, so beggars can't be choosers.
Change log:
2018-07-22: v1.2
Added logic to install in only the appropriate library directory, rather than in both.
2018-05-29: v1.1
Add support for devices that have the library under /system/vendor/lib instead of /system/lib.
2018-04-23: v1.0
Initial release.
Click to expand...
Click to collapse
Ianmacd thank you 10 times for this and for the module that restores on Samsung note 9 previously paired bluetooth devices that were lost after reboot. You saved my life !! Hhh
So if I unroot my S8 will HDR and hd work?
Related
Hey! First off, thank you to the creator of magisk, it's amazing and very useful
However, I can't seem to get Fire Emblem Heroes to work. OP3T on stock rom, TWRP and magisk 11.1, nothing else. Using MagiskSU for greenify and adaway and everything works. Manager says I pass the safety net check (used to give a profile mismatch but that went away after rebooting) and I've enabled magisk hide for the app, to no avail.
For what it's worth PoGo seems to be working fine.
What further info could I give you to help and where do I get it?
Thanks!!!!
pqueiro said:
Hey! First off, thank you to the creator of magisk, it's amazing and very useful
However, I can't seem to get Fire Emblem Heroes to work. OP3T on stock rom, TWRP and magisk 11.1, nothing else. Using MagiskSU for greenify and adaway and everything works. Manager says I pass the safety net check (used to give a profile mismatch but that went away after rebooting) and I've enabled magisk hide for the app, to no avail.
For what it's worth PoGo seems to be working fine.
What further info could I give you to help and where do I get it?
Thanks!!!!
Click to expand...
Click to collapse
Trying to update the game e get the message "your device isn't compatible with this version"
Rcpbarba said:
Trying to update the game e get the message "your device isn't compatible with this version"
Click to expand...
Click to collapse
I just updated from 1.0.2 to 1.1.0 and keep getting the same error message as before (the good old 803-3001).
This is supposed to be a connection error message, but it doesn't make sense -- if I hotspot off my magisk'd OP3T to a stock OPO or a stock iPad, the game works fine, so it stands to reason the connection is good.
Hence my suspicion that it's probably a SafetyNet issue (FE:H, like PoGo, uses SafetyNet -- might be a Nintendo thing). Any idea how to get around it?
Thanks!
Might be an issue where the app also relies on another app or service to find a rooted device. See this thread, the Hiding root post under "Dependencies": https://forum.xda-developers.com/apps/magisk/magisk-magisk-hide-troubleshooting-tips-t3561828
Didgeridoohan said:
Might be an issue where the app also relies on another app or service to find a rooted device. See this thread, the Hiding root post under "Dependencies": https://forum.xda-developers.com/apps/magisk/magisk-magisk-hide-troubleshooting-tips-t3561828
Click to expand...
Click to collapse
Good idea. I didn't think of that, but alas, the game doesn't ask for any permissions (and none listed in settings) -- so if they do use 3rd party software to check, it doesn't show up in the permission list.
Inspired by Pocket Morty's dependency on Google Play Games, I went and installed that too (I'd removed it as a cruft-reduction exercise) to see if that was it, but it's not. Still doesn't work, same error message.
pqueiro said:
Good idea. I didn't think of that, but alas, the game doesn't ask for any permissions (and none listed in settings) -- so if they do use 3rd party software to check, it doesn't show up in the permission list.
Inspired by Pocket Morty's dependency on Google Play Games, I went and installed that too (I'd removed it as a cruft-reduction exercise) to see if that was it, but it's not. Still doesn't work, same error message.
Click to expand...
Click to collapse
Yeah, I don't think it has to be as a result of permissions (note to self: update the text)... It might also be that the app is looking for certain prop values. Both of these are hard to figure out without decompiling the apk.
Didgeridoohan said:
Yeah, I don't think it has to be as a result of permissions (note to self: update the text)... It might also be that the app is looking for certain prop values. Both of these are hard to figure out without decompiling the apk.
Click to expand...
Click to collapse
Well now, that's substantially more complicated and probably out of my league I'll have to stick to playing it on the iPad. It's not impossible, just annoying.
Thanks!
you could try on nox pc emulator too, it is working on 1.1 (i had to disable root tho)
i will try with magisk on my phone until i install the apps on LineageOS13
EDIT: @pqueiro it works on LineageOS 13 and using Magisk 11.1, without problems, so i guess can be something of the rom (i can pass the net check too, and PoGo without problems)
panchovix said:
you could try on nox pc emulator too, it is working on 1.1 (i had to disable root tho)
i will try with magisk on my phone until i install the apps on LineageOS13
EDIT: @pqueiro it works on LineageOS 13 and using Magisk 11.1, without problems, so i guess can be something of the rom (i can pass the net check too, and PoGo without problems)
Click to expand...
Click to collapse
The plot thickens. Let me check on my "playground" phone if I can replicate that.
@pqueiro
did you install the game when the Phone was already rooted?
I can replicate this issue when installing the game on already rooted devices - but if I install the game on a non-rooted device and apply magisk afterwards the game launches proper.
Create a nandroid backup, flash the rom and try to launch the game while non-rooted and see if it makes a difference for you.
Klassikal said:
@pqueiro
did you install the game when the Phone was already rooted?
I can replicate this issue when installing the game on already rooted devices - but if I install the game on a non-rooted device and apply magisk afterwards the game launches proper.
Create a nandroid backup, flash the rom and try to launch the game while non-rooted and see if it makes a difference for you.
Click to expand...
Click to collapse
FYI, tried this (took the opportunity when updating Oxygen OS) and it worked a treat! All is good. Backup > unroot > update > install > magisk all the things and it's working fine.
Thanks!
PetNoire's SafetyNet Spoofer
This module tries to pass SafetyNet on devices/roms that don't.
This started when i put LineageOS on my phone and couldn't play Pokemon GO anymore. much sadness was had.
i searched around for a fix and found universal-safetynet-fix. Awesome! it let me play pokemon again but it broke everything else root related while it was enabled.
So, i worked on updating it to be compatible with magisk 17. and i got it! (download at the bottom)
but, well.. there was a lot in that code that didn't need to be there anymore. (does anyone even use magisk 12?!)
and worse still, my phones stock image used a thumbprint, not a fingerprint. with it in usnf, it didnt even pass basic integrity!
so i got to work and PetNoire's SafetyNet Spoofer was born!
Disclaimer:
I am not responsible for bricked devices, dead SD cards,
thermonuclear war, or you getting fired because the alarm app failed.
I also do not support hacking/altering any other apps with your root powers.
i made this purely to legitimately play a game on a customized system.
Information
Features:
Resets system props to a factory state
spoofs the device fingerprint or thumbprint
has a friendly command tool to change finger/thumbprint settings
Use:
Flash it with TWRP or MM.
by default, it spoofs the same device that unsf did which is enough for most uses. Congrats, you're done!
you can also use the pnss command as root to change, reset, or disable the fingerprint spoofing.
run the 'pnss' command from terminal for usage information
example command:
Code:
su
pnss set thumb MyDeviceThumbprint/8.1/etc/etc
Requeriments
Magisk v17
Installation
Flash the .ZIP from TWRP or MM Module page
Reboot
Known issues
thumbprint mode is only passing BasicIntegrity, not CTS
Donations
If you feel I helped you, you can buy me a coffee here
Credits
@Deic - the original creator of universal-safetynet-fix here
@PetNoire - porting it to magisk 17, breaking it further, and adding thumbprint support
Download
Please DO NOT share the module itself or the download link, share the thread only.
vv
@PetNoire May I ask a favour (as I've done to other users that hav updated @Deic's module to the current template in the past)? If you're going to re-release the module with the current template, at least please fix it so that it no longer replaces Magisk's internal Busybox with it's own. Really bad practice and we never did get @Deic to fix that before he disappeared...
If you need a specific module Busybox, place it in the module folder instead and call the commands from there, or make sure that the users know that they have to install @osm0sis Busybox, or if you're really in a pinch just use the internal Magisk Busybox then, but at least don't replace it with one that have the possibility to mess up Magisk's internal functions.
Also, it would be a good idea if you gave @Deic a bit more credit than you're doing right now (a tiny, tiny link at the top of your post just isn't enough), no matter that he's MIA. All you've really done is to transfer his module to the current template and added a check for the current Magisk version and it's paths. I'd suggest you make that more apparent so you don't risk being accused of passing someone else's work off as your own.
Didgeridoohan said:
@PetNoire May I ask a favour (as I've done to other users that hav updated @Deic's module to the current template in the past)? If you're going to re-release the module with the current template, at least please fix it so that it no longer replaces Magisk's internal Busybox with it's own. Really bad practice and we never did get @Deic to fix that before he disappeared...
If you need a specific module Busybox, place it in the module folder instead and call the commands from there, or make sure that the users know that they have to install @osm0sis Busybox, or if you're really in a pinch just use the internal Magisk Busybox then, but at least don't replace it with one that have the possibility to mess up Magisk's internal functions.
Also, it would be a good idea if you gave @Deic a bit more credit than you're doing right now (a tiny, tiny link at the top of your post just isn't enough), no matter that he's MIA. All you've really done is to transfer his module to the current template and added a check for the current Magisk version and it's paths. I'd suggest you make that more apparent so you don't risk being accused of passing someone else's work off as your own.
Click to expand...
Click to collapse
Thanks for the tip on busybox. I thought it was pretty weird that it replaced it like that for 2 commands but was more concerned about getting it to work at all. I'll look into fixing that soon.
update: i think i almost have it working on magisk's busybox but still working out some bugs.
And I'll edit it to give him some more credit right away.
PetNoire said:
Thanks for the tip on busybox. I thought it was pretty weird that it replaced it like that for 2 commands but was more concerned about getting it to work at all. I'll look into fixing that soon.
Click to expand...
Click to collapse
That would be great.
I thought I'd give some insight into what the module actually does, for those that are wondering, since it might get lost in translation between the different updates to the module by others than @Deic.
The USNF module is made up of two parts. For one, it changes the device fingerprint to a certified one to pass the ctsProfile check (the in-built one is a Xiaomi print, but IIRC you can also use the device stock fingerprint if it's already certified). This is also something that can be done with a Magisk boot script (post-fs-data.d or service.d) and the resetprop tool:
Code:
resetprop ro.build.fingerprint <certified fingerprint value>
There are also Magisk modules available that do the same thing (apart from USNF).
Device Spoofing Tool by @Dreamer(3MF) is one (although it also changes a whole lot of other props to simulate a OnePlus 2).
And there's also my MagiskHide Props Config that changes the build fingerprint to one of your choice.
Or, if you don't care about the systemlessness, you can directly edit your build.prop file and change the current ro.build.fingerprint to a certified one.
So, for the device fingerprint and passing the ctsProfile there are a few options.
The second part of USNF is the custom MagiskHide (as described in the OP). The thing here though, is that for the majority of devices it is not necessary anymore, since (as it also says in the OP) @topjohnwu have fixed most of those issues. From what it seems, from user reports in different threads, this is only necessary on some MIUI releases (Xiaomi devices). The module actually started out as a "Xiaomi SafetyNet fix" (check the module id), but the build fingerprint part turned out to be useful for other devices, so @Deic changed the name to "Universal". All other devices should be good with only changing the device fingerprint.
So far, it doesn't seem like the custom MagiskHide from the module is interfering in any way with the real thing. But, considering that it hasn't been updated in over a year, who knows.
Class dismissed.
Is there any reason to keep the code for old magisk? Does anyone still use 12-14?
Seems to have helped on my S8 with KingROM
My Magisk updated to 17.1 and then GooglePay started getting upset that I had rooted, mucked around with various things including the 'MagiskHide Props Config' module which my S8 never seems happy with (random reboots when installed) but this seems to do the trick.
I installed via Magisk Manager but it seemed to kill the Magisk install when I rebooted, reinstalled Magisk and now all seems ok so a big thumbs up from me
I wonder how the magiskhide part (at least the "add", etc. scripts) can work, because you use the old outdated "/magisk"-folder, that is no longer supported since 16.3 (or so).
Oberth said:
My Magisk updated to 17.1 and then GooglePay started getting upset that I had rooted, mucked around with various things including the 'MagiskHide Props Config' module which my S8 never seems happy with (random reboots when installed) but this seems to do the trick.
I installed via Magisk Manager but it seemed to kill the Magisk install when I rebooted, reinstalled Magisk and now all seems ok so a big thumbs up from me
Click to expand...
Click to collapse
For some reason it doesn't always work the first time. Usually just rebooting fixes it.
jenslody said:
I wonder how the magiskhide part (at least the "add", etc. scripts) can work, because you use the old outdated "/magisk"-folder, that is no longer supported since 16.3 (or so).
Click to expand...
Click to collapse
I thought I changed it all. You sure there isnt some kind of version check? I'll look at it later
Again first goal was to get it working. Next goal is to make it awesome
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
winzzzzz said:
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
Click to expand...
Click to collapse
In-Case Of Facing A Bootloop/Bootscreen Issue Due To Flashing A Module, Download CoreOnlyMode4Magisk From This Thread https://forum.xda-developers.com/apps/magisk/module-core-mode-bootloop-solver-modules-t3817366 Then Flash It Thru TWRP Recovery.
winzzzzz said:
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
Click to expand...
Click to collapse
Does it boot after disabling the module?
From twrp>advanced>terminal:
HTML:
Mount -o loop /data/adb/magisk.img /mnt
Touch /mnt/universal-safetynet-fix/disable
The reboot
so.. i kind of deleted the whole magiskhide clone from the module and just left the prop configs and its totally passing safetynet now. so i guess the normal magiskhide is enough and is just missing some prop resets.
@PetNoire I still failed to pass safetynet, When I flashed the module, my magisk was erased, but then I just saw from this thread that a reboot is needed. After reboot my magisk came back, but It' says "Requires Additional Setup" I ignore it and then checked if safetynet will pass, It failed.
I'm using stock CM FLARE S4 ROM android 5.1.
Sorry for my English.
Thankyou for the reviving this module. :good:
Godbless you.
PetNoire said:
so.. i kind of deleted the whole magiskhide clone from the module and just left the prop configs and its totally passing safetynet now. so i guess the normal magiskhide is enough and is just missing some prop resets.
Click to expand...
Click to collapse
That was kind of the point of my longish text above... All you need to pass on a device that doesn't fully pass SafetyNet (ctsProfile fails while basicIntegrity passes), is usually just to change ro.build.fingerprint to a certified fingerprint (and there are several ways to go about that, but the Magisk way always involves the resetprop tool somehow). Custom ROMs, developer versions of OEM firmwares (Oneplus 6 beta, for example), and otherwise uncertified devices can usually pass SafetyNet like this.
Didgeridoohan said:
That was kind of the point of my longish text above... All you need to pass on a device that doesn't fully pass SafetyNet (ctsProfile fails while basicIntegrity passes), is usually just to change ro.build.fingerprint to a certified fingerprint (and there are several ways to go about that, but the Magisk way always involves the resetprop tool somehow). Custom ROMs, developer versions of OEM firmwares (Oneplus 6 beta, for example), and otherwise uncertified devices can usually pass SafetyNet like this.
Click to expand...
Click to collapse
This was just the first one that gave me any success so I initially assumed it was because of the hiding. I wasn't even able to pass basic integrity without this one and most others didn't help either. I tries yours at one point with no success. Do you change all the "dangerous props" that this one does?
PetNoire said:
This was just the first one that gave me any success so I initially assumed it was because of the hiding. I wasn't even able to pass basic integrity without this one and most others didn't help either
Click to expand...
Click to collapse
Basic integrity passing has nothing to do with the device fingerprint or other props. With Magisk, that usually means that MagiskHide isn't working (for whatever reason, most of the times it just needs a restart) or you have something installed that MagiskHide can't hide (like Xposed, remnants of other kinds of root, etc).
Edit: Scroll down a little here for a table of examples of what will cause a true or false cts profile or basic integrity response.
https://developer.android.com/training/safetynet/attestation#compat-check-response
iamcurseal said:
@PetNoire I still failed to pass safetynet, When I flashed the module, my magisk was erased, but then I just saw from this thread that a reboot is needed. After reboot my magisk came back, but It' says "Requires Additional Setup" I ignore it and then checked if safetynet will pass, It failed.
I'm using stock CM FLARE S4 ROM android 5.1.
Sorry for my English.
Thankyou for the reviving this module. :good:
Godbless you.
Click to expand...
Click to collapse
I don't know what Tue additional setup does, but I always do it and its been working. Also your device may have thumbprint props instead of fingerprint.
Run this in a terminal and let me know what you get
Code:
getprop | grep print
PetNoire said:
I tries yours at one point with no success. Do you change all the "dangerous props" that this one does?
Click to expand...
Click to collapse
My module changes all the common fingerprint props, but as far as I know, it's only ro.build.fingerprint that is important for the ctsProfile check.
Didgeridoohan said:
Basic integrity passing has nothing to do with the device fingerprint or other props. With Magisk, that usually means that MagiskHide isn't working (for whatever reason, most of the times it just needs a restart) or you have something installed that MagiskHide can't hide (like Xposed, remnants of other kinds of root, etc).
Edit: Scroll down a little here for a table of examples of what will cause a true or false cts profile or basic integrity response.
https://developer.android.com/training/safetynet/attestation#compat-check-response
Click to expand...
Click to collapse
I wiped all partitions, installed lineage 15, installed magisk and enabled hide and it wouldn't pass basic at any point. Even still its never passed it without this module. It didn't even pass it on the clean install, before magisk
Hi everyone,
I just rooted (my 1st root) my pixel 4 yesterday to activate the soli module as in my country it doesn't work otherwise.
Soli is now working, but some app (like Netflix) cannot be used even after installing the APK from some APK database.
After looking online I understood that this was because of the safetynet checks, which are both failed (ctsprofile and basicintegrity)
Unfortunatelly, I haven't found any thread to fix it except some old for older versions or mentioning TWRP which i didn't use.
I have only 3 modules installed: Riru Edxposed / Riru Core and MagiskHide props config (and the check of all google playservice addresses in the module)
Can someone help me on that?
Thanks !
Seems like Google started detecting EdXposed yesterday, but this can be worked around by adding some Google components to the EdXposed blacklist. Take a look on the EdXposed Github for details.
Didgeridoohan said:
Seems like Google started detecting EdXposed yesterday, but this can be worked around by adding some Google components to the EdXposed blacklist. Take a look on the EdXposed Github for details.
Click to expand...
Click to collapse
The check is now green for both, thanks
But i can't still use netflix (app will remain on the logo for ever).
I tried to rename the liboem file with a root explorer but the file is not present in the folder in system\lib\ or \lib64
frikadel said:
The check is now green for both, thanks
But i can't still use netflix (app will remain on the logo for ever).
I tried to rename the liboem file with a root explorer but the file is not present in the folder in system\lib\ or \lib64
Click to expand...
Click to collapse
Hi,
Coul you please tell me if you are on custom rom?
I am on custom and only way to pass is to use Props Module in Magisk. But the Props is not loading when Riru EdXposed is active.
Thank you,
amplatfus
I just posted this on Github, kinda curious if it helps with Google Pay. I had never heard of this module before:
Has anyone tried the Hidden Core module in EdXposed? It is passing SafetyNet for me without any blacklisting or switching modes, just install and reboot.
For posterity, I am running EdXposed YAHFA 0.4.5.1. EdXposed Manager 4.5.1 under Magisk v20.1 / Android Pie.
https://ibb.co/xLBxDDV
https://ibb.co/F6y1hcH
SmilingPerson said:
I just posted this on Github, kinda curious if it helps with Google Pay. I had never heard of this module before:
Has anyone tried the Hidden Core module in EdXposed? It is passing SafetyNet for me without any blacklisting or switching modes, just install and reboot.
For posterity, I am running EdXposed YAHFA 0.4.5.1. EdXposed Manager 4.5.1 under Magisk v20.1 / Android Pie.
https://ibb.co/xLBxDDV
https://ibb.co/F6y1hcH
Click to expand...
Click to collapse
Hi,
Tried. It is not working. Still searching.
Thanks!
amplatfus said:
Hi,
Tried. It is not working. Still searching.
Thanks!
Click to expand...
Click to collapse
Yep, I recently went from rooted stock to LineageOS 16 on my phone, and can no longer use Netflix. My rooted Android media boxes also run LOS and Netflix *does* work on them, so I am perplexed. I can run the (terrible) remote control app for my Toyota by simply hiding things in Magisk and adding it to the blacklist in EdXposed Manager, otherwise it will complain about the phone being rooted. That works, but Netflix does not.
I don't need Netflix on my daily driver telephone, so no loss, but it tells us that whatever Google is doing, it is beatable. I just don't see the common ground though, it almost seems like it is device dependant. Next time I install Netflix, I am going to face due north, chant the Canadian anthem, and touch my nose with my right index finger while clutching a rosary in my left hand. Maybe that will be the ticket.
Sent from my unknown using Tapatalk
SmilingPerson said:
I just posted this on Github, kinda curious if it helps with Google Pay. I had never heard of this module before:
Has anyone tried the Hidden Core module in EdXposed? It is passing SafetyNet for me without any blacklisting or switching modes, just install and reboot.
For posterity, I am running EdXposed YAHFA 0.4.5.1. EdXposed Manager 4.5.1 under Magisk v20.1 / Android Pie.
https://ibb.co/xLBxDDV
https://ibb.co/F6y1hcH
Click to expand...
Click to collapse
You're a great bro !! after having installed the module on EdXposed and restarted my redmi note 4x (mido) with EAX Os 6.7, both the ticks were of a magnificent green! many thanks! :victory::victory::victory:
UPDATE!NO MORE COMPLICATED SCRIPTS, JUST USE MAGISK 24.1 WITH DENY LIST!
1. Enable Zygisk, add the apps to the deny list
2. Hide Magisk App
3. Install SafetyNet Fix by kdrag0n (Might still need Magisk Hide Props if your device is a little older)
Working on: Poco X3 Pro + Lineage 18.1 (Android 11)
Aurora Store | F-Droid - Free and Open Source Android App Repository
A Google Playstore Client
f-droid.org
^Use aurora store to get the older version of Singapass that's likely to work, I'm using build 100.
V-Key Pte Ltd is basically a IT security technology based in Singapore I suppose.
Some softwares in Singapore, i.e. OCBC Banking, SingPass and maybe some other SEA banking softwares have v-key components which detects magisk.
This is a guide on how to use such softwares with Magisk, because I firmly believe that I get to choose what features I wish to have for my phone, and it is not fair for these banking companies to deny their services just because my device is rooted, I mean, if my banking stuff gets compromised because my phone is rooted and exploited, I'm willing to take the risk.
This guide aims to help mostly Singaporean users or anyone using such softwares with v-key components.
To make things work, the following things must be done:
1. Make sure Magisk manager is hidden
2. Make sure device fingerprint is certified by google (Check out the MagiskHide Props Config module) Please contribute fingerprints to this module for the benefit of everyone, checkout the GitHub page for more details.
3. Add the apps to Magisk Hide list.
4. Use package manager (pm) to disable the following v-key components in terminal (Using POSB Banking App as an example:
pm disable com.dbs.sg.posbmbanking/vkey.android.vos.MgService
pm disable com.dbs.sg.posbmbanking/com.vkey.android.support.permission.VGuardPermissionActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.vguard.VGDialogActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.internal.vguard.cache.ProcessHttpRequestIntentService
*Some apps may not have one or two v-key components listed above (i.e. SingPass), so getting an error on one or two components being not found should not be a big issue. If things works out you should see out puts on new states being disabled
*Attached a script that deals with OCBC, POSB and SingPass, if you have some weird errors make sure the encoding or format (Not sure of the jargon for it) is Unix or sth and not Windows
Credits:
Reddit User u/Inscythe for giving me a vague idea on the existence of v-key components
Muntashir Akon for his App Manager, allowed me to search for v-key components of apps(tried the disabling features of this app but didn't work, hence the script with pm command)
@Didgeridoohan for MagiskHide Props Config
@vurtomatic for giving me the idea of creating a guide on this.
Hi @Xanth0k1d , thanks for the guide.
I have a rooted LOS 18.1 (OnePlus 3), with magisk 22.1, magisk hide on and magisk manager hidden. All my bank apps work correctly excepts K-PLUS app, the retail bank app from Kasikorn Bank in Thailand.
I can see in the logs of magisk that some vkey components are linked to the app. I followed you guide and was able to disable 2/4 components you listed (2 didn't exist).
Unfortunately this didn't fix the issue.
Do you know how I can search in my phone if other vkey components exist that I might need to disable?
Thanks
Hey @Xanth0k1d, does this still work for you? I noticed that VGuard services are visible with App Manager for DBS but not Government apps. I could disable those services via ADB Root without the use of Magisk just fine.
Seems like GovTech has caught up to this trick :/
erOzeOz said:
Hi @Xanth0k1d , thanks for the guide.
I have a rooted LOS 18.1 (OnePlus 3), with magisk 22.1, magisk hide on and magisk manager hidden. All my bank apps work correctly excepts K-PLUS app, the retail bank app from Kasikorn Bank in Thailand.
I can see in the logs of magisk that some vkey components are linked to the app. I followed you guide and was able to disable 2/4 components you listed (2 didn't exist).
Unfortunately this didn't fix the issue.
Do you know how I can search in my phone if other vkey components exist that I might need to disable?
Thanks
Click to expand...
Click to collapse
Disabling the existing vkey components should be enough.
Did you spoof the device signature with the magisk hideprops module?
KrishvY said:
Hey @Xanth0k1d, does this still work for you? I noticed that VGuard services are visible with App Manager for DBS but not Government apps. I could disable those services via ADB Root without the use of Magisk just fine.
Seems like GovTech has caught up to this trick :/
Click to expand...
Click to collapse
All my apps are working fine, could you please be clear of your problem? i.e. what's working, what's not etc
Xanth0k1d said:
All my apps are working fine, could you please be clear of your problem? i.e. what's working, what's not etc
Click to expand...
Click to collapse
I'm using a OP6, LineageOS 17.1, latest nightly build. I can't use SingPass and Standard Chartered but I can use DBS just fine. I did not root my phone and I don't have Magisk installed either.
I just can't find V-key components in SingPass with App Manager.
KrishvY said:
I'm using a OP6, LineageOS 17.1, latest nightly build. I can't use SingPass and Standard Chartered but I can use DBS just fine. I did not root my phone and I don't have Magisk installed either.
I just can't find V-key components in SingPass with App Manager.
Click to expand...
Click to collapse
The App Mananger by Muntashir Akon?
I think I need to explain this properly, SIngapass and some apps may not work in the following situations:
You installed a custom rom without a Google approved device ID
You rooted your phone
You have Magisk
etc
For your case, Singpass does not work because you installed Lineage - a custom rom, which should not have a Google approved device prop by default. It doesn't matter if you are rooted or you have install Magisk at this point.
My suggestion to you is to install Magisk and follow my guide-hide magisk and spoof you device fingerprint so it looks like you are running a stock rom.
hi @Xanth0k1d. Have been using your method to hide singpass in the past. But the app just recently was able to detect root. As someone mentioned above, the updated app has no v-key components listed in the service. Any idea how to circumvent the situation and what services to disable?
Holy ****, I just saw the update.
Probably some dude saw this post...
I have yet updated so I can't test, if anyone's finding any solutions to this pls update as well.
Xanth0k1d said:
V-Key Pte Ltd is basically a IT security technology based in Singapore I suppose.
Some softwares in Singapore, i.e. OCBC Banking, SingPass and maybe some other SEA banking softwares have v-key components which detects magisk.
This is a guide on how to use such softwares with Magisk, because I firmly believe that I get to choose what features I wish to have for my phone, and it is not fair for these banking companies to deny their services just because my device is rooted, I mean, if my banking stuff gets compromised because my phone is rooted and exploited, I'm willing to take the risk.
This guide aims to help mostly Singaporean users or anyone using such softwares with v-key components.
To make things work, the following things must be done:
1. Make sure Magisk manager is hidden
2. Make sure device fingerprint is certified by google (Check out the MagiskHide Props Config module) Please contribute fingerprints to this module for the benefit of everyone, checkout the GitHub page for more details.
3. Add the apps to Magisk Hide list.
4. Use package manager (pm) to disable the following v-key components in terminal (Using POSB Banking App as an example:
pm disable com.dbs.sg.posbmbanking/vkey.android.vos.MgService
pm disable com.dbs.sg.posbmbanking/com.vkey.android.support.permission.VGuardPermissionActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.vguard.VGDialogActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.internal.vguard.cache.ProcessHttpRequestIntentService
*Some apps may not have one or two v-key components listed above (i.e. SingPass), so getting an error on one or two components being not found should not be a big issue. If things works out you should see out puts on new states being disabled
*Attached a script that deals with OCBC, POSB and SingPass, if you have some weird errors make sure the encoding or format (Not sure of the jargon for it) is Unix or sth and not Windows
Credits:
Reddit User u/Inscythe for giving me a vague idea on the existence of v-key components
Muntashir Akon for his App Manager, allowed me to search for v-key components of apps(tried the disabling features of this app but didn't work, hence the script with pm command)
@Didgeridoohan for MagiskHide Props Config
@vurtomatic for giving me the idea of creating a guide on this.
Click to expand...
Click to collapse
heya, I'm the reddit user... I had updated the app, but so far has no luck finding where the detection is hiding now... I might just try turning off services one-by-one with servicely, but I'll keep you all updated if I get any success.
@Xanth0k1d since you haven't updated your singpass, can you check what are the available services and listeners currently your version is using? I want to compare the difference with the latest version.
I managed to get Singapore's GPay app to work by blocking this `com.google.android.gms.gmscompliance.ui.UncertifiedDeviceActivity`. Do your devices pass SafetyNet?
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
stevenkyk said:
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
Click to expand...
Click to collapse
Thanks! Can confirm that this works!
Singpass is a really weird app.
Recently google nuke the api so magisk stopped working, can't pass the safetynet. Magisk released a canary release that fix that.
Yet, singpass continue to stop working so I thought maybe I need do more? Then I coincidently force stop the app to run it again, it magically working again! That is after I reboot twice before that. So now I learn the rebooting and force stop do different things.
I didn't apply anything from this thread, it is really a weird app.
Lu5ck said:
Singpass is a really weird app.
Recently google nuke the api so magisk stopped working, can't pass the safetynet. Magisk released a canary release that fix that.
Yet, singpass continue to stop working so I thought maybe I need do more? Then I coincidently force stop the app to run it again, it magically working again! That is after I reboot twice before that. So now I learn the rebooting and force stop do different things.
I didn't apply anything from this thread, it is really a weird app.
Click to expand...
Click to collapse
The safetynet api did not get nuked, the api changed so code that use the old api won't work, even on the latest stable build safetynet will still pass when using another checker app. While I won't go into the technical details, singpass spawns a new isolated process to check for root, exploiting the fact that isolated processes are treated differently and is difficult for magisk to hide itself. So the solution is to disable the offending process and not let it spawn. There are several other requirements necessary for singpass to run, which are largely beyond the scope of discussion in this thread.
Any idea how to bypass Citibank sg root detection? I am able to use vkey method for posb and ocbc but Citibank doesn't have a vkey service
auggie246 said:
Any idea how to bypass Citibank sg root detection? I am able to use vkey method for posb and ocbc but Citibank doesn't have a vkey service
Click to expand...
Click to collapse
The trick here is to decompile the APK using apktool and inspect the Androidmanifest.xml manually. Search for "ISOLATED" and in the same line you should be able to find the name of the service to be disabled. Of course this assumes that citibank's app used a similar tactic as the other apps.
Edit: I tried the citibank sg app, magisk hide + rename package is sufficient for me to launch the app, don't have an account so I can't test any further.
stevenkyk said:
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
Click to expand...
Click to collapse
I guess there's another update to Singpass that circumvent this circumvention as well lol
Apparently it's now using a service called o.ImmutableSetMultimap for checking root (confirmed by magiskhide entry) and it works for a few seconds after loading Singpass before failing again with different error message. I think it checks for both whether the service is active and found a root (gives error T0), or whether the service is running at all (gives error T-1). I think we need something else to block this.
Play Store said it was not compatible and therefore not available, so following advice on the web I sideloaded the apk but still got an incompatibility message.
I fully pass SafetyNet according to both Magisk and "Root Tester". For good measure I added Netflix to MagiskHide...
But still got the message "This device is not supported by the app"
Is Netflix somehow detecting my unlocked/rooted phone despite SafetyNet passing or is Netflix truly not compatible with the new Pixel 5a?
Either way, any suggestions on how to get Netflix to work???
Seems like problem was that the apk on the Netflix site was old.
I downloaded a newer version from Softpedia and all works fine!
Did you wipe data in the playstore app then reboot? If so, you should be able to download it from the playstore and stay current. That's what I do.
If you're using Magisk (which I assume you are), use Magisk Hide to hide Magisk from Netflix. It's part of their DRM check - if they detect root, the device integrity is assumed compromised, so DRM protected content won't play. Same thing happens with Amazon Prime Video.
When you use Magisk Hide, make sure you hide it from com.google.android.gms (Google Play Services) as well.
V0latyle said:
If you're using Magisk (which I assume you are), use Magisk Hide to hide Magisk from Netflix. It's part of their DRM check - if they detect root, the device integrity is assumed compromised, so DRM protected content won't play. Same thing happens with Amazon Prime Video.
When you use Magisk Hide, make sure you hide it from com.google.android.gms (Google Play Services) as well.
Click to expand...
Click to collapse
As I posted above, it seems that the problem was that Netflix had an old apk on their site that wasn't compatible with my Pixel 5a. Downloading an updated apk from a 3rd party worked fine -- so turns out this wasn't a DRM or Magisk issue.
Thanks for all the helpful suggestions!