Safety Net Failed in Safe Mode - Magisk

Hello. I have unlocked bootloader with TWRP installed with default Stock Kernel. Also I have Magisk 20.4 with Edxposed installed and I can't pass the Safety Net. Until before 2-3 months the problem was due to Edxposed. If I deactivate the Riru core from Magisk then I passed the Safety Net. Now something very strange happens and the Edxposed is not only the Suspicious. If I disable it then again I Failed the Safety Net. I tried in safe mode in which disables Magisk, Edxposed and all extra apps (it leaves only the Play Store and some default apps like Duo if I remember well) etc ... and I can't pass the Safety Net again. I tried to Reflash the rom via TWRP so that to have the default boot.img and default boot recovery but again can't pass the Safety Net. How can detect what is which makes the Safety Net to be failed ?
Note 1 : I know that if I make format so that to erase not only the system partition but and data with internal partition and flash the rom from beginning then I would pass the Safety Net as new user but all this process is NOT solution because I should install all the apps with settings and transfer all personal data from the beginning.
Also the sense is to understand for which reason something happens and NOT to make format to resolve all the problems because you will never become better and the unique solution would be the format which is some process, time consuming.
Note 2: The Valid Pass in Safety Net is NOT always from Magisk but from some other third party software like Root Checker which can do the same job. The reason is that the most usual to check Safety Net is from Magisk which make someone to make Magisk to Pass Safety Net but ONLY VISUAL. What I mean ? If you install the HiddenCore Module from Edxposed then the Magisk show that you Pass the Safety Net while any other similar software like Root Checker shows as result failed and if you go to search Netflix or Revolut in Google Play which is some quick way to check if you really pass or fail the Safety Net then you can't find them as result due to failing in Safety Net.

Johnn78 said:
Note 1: I know that if I make format so that to erase not only the system partition but and data with internal partition and flash the rom from beginning then I would pass the Safety Net as new user but all this process is NOT solution because I should install all the apps with settings and transfer all personal data from the beginning.
Click to expand...
Click to collapse
I don't have the solution for your issue specifically, but I have a tip for you in case you would need to reinstall the whole system in the end: you can use titanium backup, or oendbackup (this one you find at f-droid), or another root backup solution (either free, or paid like swift backup) to save your apps + data, so you can recover it later without having to go through the whole annoying process of doing/installing/configuring everything again. Making it a lot easier.

abacate123 said:
I don't have the solution for your issue specifically, but I have a tip for you in case you would need to reinstall the whole system in the end: you can use titanium backup, or oendbackup (this one you find at f-droid), or another root backup solution (either free, or paid like swift backup) to save your apps + data, so you can recover it later without having to go through the whole annoying process of doing/installing/configuring everything again. Making it a lot easier.
Click to expand...
Click to collapse
If I have the app which makes the perfect restore then I wouldn't have problem to make format so that to make restoring later. In past I had tried the twrp which has option for backup but the restore in system and data partition is not good. I couldn't restore the apps such it was when I had made the backup. C an the titanium or oandbackup restore the apps such it was when Imake the backup ?

If you boot into Android Safe Mode, Magisk and modules are still active (unless you use the current Canary, 20411+, in which case Magisk will disable all modules). It's just the Manager and other apps that are disabled.
First thing you should check is if MagiskHide is even enabled, and if it is you should toggle it off and on again.
Second thing is to see if it works. Add a root app or an app like Rootbeer to the Hide list and see if it detects root.
And more: https://www.didgeridoohan.com/magisk/MagiskHide#hn_SafetyNet

Didgeridoohan said:
If you boot into Android Safe Mode, Magisk and modules are still active (unless you use the current Canary, 20411+, in which case Magisk will disable all modules). It's just the Manager and other apps that are disabled.
First thing you should check is if MagiskHide is even enabled, and if it is you should toggle it off and on again.
Second thing is to see if it works. Add a root app or an app like Rootbeer to the Hide list and see if it detects root.
And more: https://www.didgeridoohan.com/magisk/MagiskHide#hn_SafetyNet
Click to expand...
Click to collapse
I don't know if finally happens something with hide of Magisk. I had until now the Root Checker to check about rooting and SafetyNet. If I run Root Checker then it tells me that I am rooted (and failed SafetyNet) and if I hide It then it refers that I am unrooted such the first image shows. But question is, is that correct or happens such with Magisk that may refers that you pass the Safety Net while is reality is NOT truth ? I say this, because I run the Root beer which you told me but if I hide it or not then in both situations, it refers that I am rooted (image 2 & 3). The hide isn't seem to not doing anything because If I don't hide Root beer then such you can see I have 6 "X" while if I hide it then I have only one in "Root Management Apps". Whats means this result ? I tried to turn off and on again from the settings of Magisk the hide but not any result.

That likely means that MagiskHide is working but that you haven't repackaged the Magisk Manager with a random package name. There's an option for that in the Manager settings.
That also means that the SafetyNet failure is because of your setup. Something is triggering it and you're going to have to figure out what. Use the information in the link I posted earlier to help you on your way.

Didgeridoohan said:
That likely means that MagiskHide is working but that you haven't repackaged the Magisk Manager with a random package name. There's an option for that in the Manager settings.
That also means that the SafetyNet failure is because of your setup. Something is triggering it and you're going to have to figure out what. Use the information in the link I posted earlier to help you on your way.
Click to expand...
Click to collapse
Now I saw this setting in settings about repacking with random name. Is this new setting in Magisk ? Because I don't remember to have seen it again in previous Magisk versions. If I go to repackage it, it has as default name "Manager". Should I leave this name or to change this to someother random name ?

Johnn78 said:
Now I saw this setting in settings about repacking with random name. Is this new setting in Magisk ? Because I don't remember to have seen it again in previous Magisk versions. If I go to repackage it, it has as default name "Manager". Should I leave this name or to change this to someother random name ?
Click to expand...
Click to collapse
It's not a new feature... I had to go back and check, but John showcased the first version of hiding the Manager in August 2017 and it was then included in the release of Magisk v14.0 in September 2017. The hiding mechanism has improved a lot since then, but the concept has been around for a while.
Some root detection methods actually do look for "Manager" in the app label (stupid way of detecting root, but hey), so renaming it to something else could be a good idea. It won't hurt, that's for sure.

Didgeridoohan said:
It's not a new feature... I had to go back and check, but John showcased the first version of hiding the Manager in August 2017 and it was then included in the release of Magisk v14.0 in September 2017. The hiding mechanism has improved a lot since then, but the concept has been around for a while.
Some root detection methods actually do look for "Manager" in the app label (stupid way of detecting root, but hey), so renaming it to something else could be a good idea. It won't hurt, that's for sure.
Click to expand...
Click to collapse
I repacked it with different name and the rootbeer appears as result not rooted but the safety net remained sa failed. After I unistalled completly the EdXposed with its modules, LuckyPatcher & Magisk. Also I run and the Magisk Unistaller via twrp and the Edxposed unistaller (this failed because it couldn't detect the edxposed as install due to unistallation of edxposed before) and safety Net remained as Failed. I tried and in safe Mode but the problem persists. Overmore I restore the original boot.img so that to unistall the twrp and go back to original recovery but the Failing in safety Net remains either I go from normal boot either from safe mode. The only which I haven't tried is to lock again the bootloader but I don't believe that this is the problem because in past I always have it unlocked and had passed the Safety Net. I have read that the snet is the process of play store service which decides if mobile will pass the safetynet or not. Can't we unistall this service ?
& something else if you know it, the result of safety Net is "decided" only one time in every boot ? Because If it is some process which make the safety net to be failed and I kill the process then will I get immediate the pass in safety Net or I should restart the mobile as result the process will come again because it will be located in boot list ?

SafetyNet doesn't check for the Manager. That was just for you to fully hide Magisk from other detection methods.
If you uninstall Magisk you can't pass SafetyNet with an unlocked bootloader (unless you are using a custom kernel that masks the bootloader state). MagiskHide helps hiding the unlocked bootloader, so uninstalling it will trigger SN.
If you want to figure things out you have to leave Magisk installed with MagiskHide active (or lock the bootloader, but that's likely not advisable since it can brick your device unless you first restore it to completely stock).
Edit: you can of course go without Google services, but if you are using the stock OEM ROM this could prove troublesome and not worth the effort. If you do, you can of course not use any apps or services that depend on SafetyNet. What is your reason for wanting to pass SafetyNet anyway? Do you actually need it?

Didgeridoohan said:
SafetyNet doesn't check for the Manager. That was just for you to fully hide Magisk from other detection methods.
If you uninstall Magisk you can't pass SafetyNet with an unlocked bootloader (unless you are using a custom kernel that masks the bootloader state). MagiskHide helps hiding the unlocked bootloader, so uninstalling it will trigger SN.
If you want to figure things out you have to leave Magisk installed with MagiskHide active (or lock the bootloader, but that's likely not advisable since it can brick your device unless you first restore it to completely stock).
Edit: you can of course go without Google services, but if you are using the stock OEM ROM this could prove troublesome and not worth the effort. If you do, you can of course not use any apps or services that depend on SafetyNet. What is your reason for wanting to pass SafetyNet anyway? Do you actually need it?
Click to expand...
Click to collapse
Now with default boot, I will go to install Magisk so that via hiding to hide the the unlcking of bootloader. Do you consider some Magisk version as best ? Stable or canary or something else ?
Lately I want to istall the Revolut & the Google Play store can't find it as result. After from many days I couldn't find etflix. Later I learnt that was due to failing in safety net. I found them as apk & installed them successfully but can't get updates from play store for these two apps because mark my device as failed in safety Net. Also if I go to update the os via fota (and with stock boot img) I got error & I suppose that is due to safety Net. In past I could update os only if I have boot stock img & passing the safety Net.

@Didgeridoohan hello bro. I resolved the problem. I cleared the data and cache of Google Play Store, Google Play Services and Google Framework Services and after from restarting I passed the Safety Net with Edxposed installed and activated. Thanks for your help !

Related

I cant get safetynet to pass no matter what I do.

I have a Galaxy S4 on Optimised CM14.1. I used the magisk that came with the ROM. I got safetynet to pass once, and have never been able to get it again.
Any help is appreciated!
BeastMode6 said:
I have a Galaxy S4 on Optimised CM14.1. I used the magisk that came with the ROM. I got safetynet to pass once, and have never been able to get it again.
Any help is appreciated!
Click to expand...
Click to collapse
Check to see if selinux is set to "Permissive", safetynet will fail if it detects a kernel with selinux set to permissive. To check this in the terminal type "getenforce" if it says "permissive", you can type "su" to get a root shell then type "setenforce 1" to enable Enforcing. In adb you can type the same, however you need to type "adb shell" prior to accomplish the same. Once enabled safetynet should pass. To set the selinux back to permissive type "setenforce 0" in a root shell. good luck!
Sent from my SM-T813 using Tapatalk
It says it's enforcing already.
BeastMode6 said:
It says it's enforcing already.
Click to expand...
Click to collapse
OK, make sure you have magisk-hide enabled in the magisk manager settings. I think safetynet checks for root as well, so if your rooted with magisksu, then all you should need to do is enable magisk-hide. If you don't have the magisk manager you can download it from google play.
I have hide on, still fails. I've also restarted like 5 times to no effect.
Check if Hide is working on your device by adding a root checker app to the Hide list. If it can't detect root, at least we know the Hide works.
After that, check SafetyNet with an app like SafetyNet Playground or SafetyNet Helper. Do you pass basic integrity?
Lastly, please upload a Magisk log.
When I added root checker to magisk hide, it can still detect root. The root request message pop'ed up, and I hit grant. Safetynet playground fails on absolutely everything.
BeastMode6 said:
When I added root checker to magisk hide, it can still detect root. The root request message pop'ed up, and I hit grant. Safetynet playground fails on absolutely everything.
Click to expand...
Click to collapse
if all else fails you might try uninstalling and reinstalling magisk, it might get rid of any errant files that maybe lingering around. You never really know whats really lies under the hood with pre-packed ROMs.
brians018883 said:
if all else fails you might try uninstalling and reinstalling magisk, it might get rid of any errant files that maybe lingering around. You never really know whats really lies under the hood with pre-packed ROMs.
Click to expand...
Click to collapse
I've already tried that, didn't work.
BeastMode6 said:
I've already tried that, didn't work.
Click to expand...
Click to collapse
hmm ... you might try enabling core only mode, it could be conflicting magisk modules, if it that's culprit then you would need to then re-enable each module one by one until you trigger the error. It could be an init script and unrelated to magisk. My best advice is to do a backup, do a clean install of lineage os, then install magisk, and see if that works.
(Removed)
brians018883 said:
hmm ... you might try enabling core only mode, it could be conflicting magisk modules, if it that's culprit then you would need to then re-enable each module one by one until you trigger the error. It could be an init script and unrelated to magisk. My best advice is to do a backup, do a clean install of lineage os, then install magisk, and see if that works.
Click to expand...
Click to collapse
YAY core only mode seemed to have fixed it. It's passing now with core only mode and magisk hide.
I've made an interesting discovery. When I go to magisk hide and try to enable hide for the google play store, it now no longer passes safety net (cts mismatch) until I reboot.
BeastMode6 said:
YAY core only mode seemed to have fixed it. It's passing now with core only mode and magisk hide.
I've made an interesting discovery. When I go to magisk hide and try to enable hide for the google play store, it now no longer passes safety net (cts mismatch) until I reboot.
Click to expand...
Click to collapse
good, glad you made some progress!
Best not to hide google play store, magisk hide by default hides safety net, blocking the store may screw with google play services.
Oh since you are on a cm/lineage based rom and to save you some headaches, avoid turning on magisk's busybox implementation, since cm roms use toybox a more enhanced version of busybox it confuses the OS by overlaying the busybox binaries over toybox's binaries and magisk eventually loses root until you do reboot, not mention makes the system sluggish and almost unusable. I learned that the hard way.
Happy Tweaking!

PetNoire's SafetyNet Spoofer! (Universal SafetyNet Fix mod)

PetNoire's SafetyNet Spoofer
This module tries to pass SafetyNet on devices/roms that don't.
This started when i put LineageOS on my phone and couldn't play Pokemon GO anymore. much sadness was had.
i searched around for a fix and found universal-safetynet-fix. Awesome! it let me play pokemon again but it broke everything else root related while it was enabled.
So, i worked on updating it to be compatible with magisk 17. and i got it! (download at the bottom)
but, well.. there was a lot in that code that didn't need to be there anymore. (does anyone even use magisk 12?!)
and worse still, my phones stock image used a thumbprint, not a fingerprint. with it in usnf, it didnt even pass basic integrity!
so i got to work and PetNoire's SafetyNet Spoofer was born!
Disclaimer:
I am not responsible for bricked devices, dead SD cards,
thermonuclear war, or you getting fired because the alarm app failed.
I also do not support hacking/altering any other apps with your root powers.
i made this purely to legitimately play a game on a customized system.
Information
Features:
Resets system props to a factory state
spoofs the device fingerprint or thumbprint
has a friendly command tool to change finger/thumbprint settings
Use:
Flash it with TWRP or MM.
by default, it spoofs the same device that unsf did which is enough for most uses. Congrats, you're done!
you can also use the pnss command as root to change, reset, or disable the fingerprint spoofing.
run the 'pnss' command from terminal for usage information
example command:
Code:
su
pnss set thumb MyDeviceThumbprint/8.1/etc/etc
Requeriments
Magisk v17
Installation
Flash the .ZIP from TWRP or MM Module page
Reboot
Known issues
thumbprint mode is only passing BasicIntegrity, not CTS
Donations
If you feel I helped you, you can buy me a coffee here
Credits
@Deic - the original creator of universal-safetynet-fix here
@PetNoire - porting it to magisk 17, breaking it further, and adding thumbprint support
Download
Please DO NOT share the module itself or the download link, share the thread only.
vv
@PetNoire May I ask a favour (as I've done to other users that hav updated @Deic's module to the current template in the past)? If you're going to re-release the module with the current template, at least please fix it so that it no longer replaces Magisk's internal Busybox with it's own. Really bad practice and we never did get @Deic to fix that before he disappeared...
If you need a specific module Busybox, place it in the module folder instead and call the commands from there, or make sure that the users know that they have to install @osm0sis Busybox, or if you're really in a pinch just use the internal Magisk Busybox then, but at least don't replace it with one that have the possibility to mess up Magisk's internal functions.
Also, it would be a good idea if you gave @Deic a bit more credit than you're doing right now (a tiny, tiny link at the top of your post just isn't enough), no matter that he's MIA. All you've really done is to transfer his module to the current template and added a check for the current Magisk version and it's paths. I'd suggest you make that more apparent so you don't risk being accused of passing someone else's work off as your own.
Didgeridoohan said:
@PetNoire May I ask a favour (as I've done to other users that hav updated @Deic's module to the current template in the past)? If you're going to re-release the module with the current template, at least please fix it so that it no longer replaces Magisk's internal Busybox with it's own. Really bad practice and we never did get @Deic to fix that before he disappeared...
If you need a specific module Busybox, place it in the module folder instead and call the commands from there, or make sure that the users know that they have to install @osm0sis Busybox, or if you're really in a pinch just use the internal Magisk Busybox then, but at least don't replace it with one that have the possibility to mess up Magisk's internal functions.
Also, it would be a good idea if you gave @Deic a bit more credit than you're doing right now (a tiny, tiny link at the top of your post just isn't enough), no matter that he's MIA. All you've really done is to transfer his module to the current template and added a check for the current Magisk version and it's paths. I'd suggest you make that more apparent so you don't risk being accused of passing someone else's work off as your own.
Click to expand...
Click to collapse
Thanks for the tip on busybox. I thought it was pretty weird that it replaced it like that for 2 commands but was more concerned about getting it to work at all. I'll look into fixing that soon.
update: i think i almost have it working on magisk's busybox but still working out some bugs.
And I'll edit it to give him some more credit right away.
PetNoire said:
Thanks for the tip on busybox. I thought it was pretty weird that it replaced it like that for 2 commands but was more concerned about getting it to work at all. I'll look into fixing that soon.
Click to expand...
Click to collapse
That would be great.
I thought I'd give some insight into what the module actually does, for those that are wondering, since it might get lost in translation between the different updates to the module by others than @Deic.
The USNF module is made up of two parts. For one, it changes the device fingerprint to a certified one to pass the ctsProfile check (the in-built one is a Xiaomi print, but IIRC you can also use the device stock fingerprint if it's already certified). This is also something that can be done with a Magisk boot script (post-fs-data.d or service.d) and the resetprop tool:
Code:
resetprop ro.build.fingerprint <certified fingerprint value>
There are also Magisk modules available that do the same thing (apart from USNF).
Device Spoofing Tool by @Dreamer(3MF) is one (although it also changes a whole lot of other props to simulate a OnePlus 2).
And there's also my MagiskHide Props Config that changes the build fingerprint to one of your choice.
Or, if you don't care about the systemlessness, you can directly edit your build.prop file and change the current ro.build.fingerprint to a certified one.
So, for the device fingerprint and passing the ctsProfile there are a few options.
The second part of USNF is the custom MagiskHide (as described in the OP). The thing here though, is that for the majority of devices it is not necessary anymore, since (as it also says in the OP) @topjohnwu have fixed most of those issues. From what it seems, from user reports in different threads, this is only necessary on some MIUI releases (Xiaomi devices). The module actually started out as a "Xiaomi SafetyNet fix" (check the module id), but the build fingerprint part turned out to be useful for other devices, so @Deic changed the name to "Universal". All other devices should be good with only changing the device fingerprint.
So far, it doesn't seem like the custom MagiskHide from the module is interfering in any way with the real thing. But, considering that it hasn't been updated in over a year, who knows.
Class dismissed.
Is there any reason to keep the code for old magisk? Does anyone still use 12-14?
Seems to have helped on my S8 with KingROM
My Magisk updated to 17.1 and then GooglePay started getting upset that I had rooted, mucked around with various things including the 'MagiskHide Props Config' module which my S8 never seems happy with (random reboots when installed) but this seems to do the trick.
I installed via Magisk Manager but it seemed to kill the Magisk install when I rebooted, reinstalled Magisk and now all seems ok so a big thumbs up from me
I wonder how the magiskhide part (at least the "add", etc. scripts) can work, because you use the old outdated "/magisk"-folder, that is no longer supported since 16.3 (or so).
Oberth said:
My Magisk updated to 17.1 and then GooglePay started getting upset that I had rooted, mucked around with various things including the 'MagiskHide Props Config' module which my S8 never seems happy with (random reboots when installed) but this seems to do the trick.
I installed via Magisk Manager but it seemed to kill the Magisk install when I rebooted, reinstalled Magisk and now all seems ok so a big thumbs up from me
Click to expand...
Click to collapse
For some reason it doesn't always work the first time. Usually just rebooting fixes it.
jenslody said:
I wonder how the magiskhide part (at least the "add", etc. scripts) can work, because you use the old outdated "/magisk"-folder, that is no longer supported since 16.3 (or so).
Click to expand...
Click to collapse
I thought I changed it all. You sure there isnt some kind of version check? I'll look at it later
Again first goal was to get it working. Next goal is to make it awesome
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
winzzzzz said:
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
Click to expand...
Click to collapse
In-Case Of Facing A Bootloop/Bootscreen Issue Due To Flashing A Module, Download CoreOnlyMode4Magisk From This Thread https://forum.xda-developers.com/apps/magisk/module-core-mode-bootloop-solver-modules-t3817366 Then Flash It Thru TWRP Recovery.
winzzzzz said:
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
Click to expand...
Click to collapse
Does it boot after disabling the module?
From twrp>advanced>terminal:
HTML:
Mount -o loop /data/adb/magisk.img /mnt
Touch /mnt/universal-safetynet-fix/disable
The reboot
so.. i kind of deleted the whole magiskhide clone from the module and just left the prop configs and its totally passing safetynet now. so i guess the normal magiskhide is enough and is just missing some prop resets.
@PetNoire I still failed to pass safetynet, When I flashed the module, my magisk was erased, but then I just saw from this thread that a reboot is needed. After reboot my magisk came back, but It' says "Requires Additional Setup" I ignore it and then checked if safetynet will pass, It failed.
I'm using stock CM FLARE S4 ROM android 5.1.
Sorry for my English.
Thankyou for the reviving this module. :good:
Godbless you.
PetNoire said:
so.. i kind of deleted the whole magiskhide clone from the module and just left the prop configs and its totally passing safetynet now. so i guess the normal magiskhide is enough and is just missing some prop resets.
Click to expand...
Click to collapse
That was kind of the point of my longish text above... All you need to pass on a device that doesn't fully pass SafetyNet (ctsProfile fails while basicIntegrity passes), is usually just to change ro.build.fingerprint to a certified fingerprint (and there are several ways to go about that, but the Magisk way always involves the resetprop tool somehow). Custom ROMs, developer versions of OEM firmwares (Oneplus 6 beta, for example), and otherwise uncertified devices can usually pass SafetyNet like this.
Didgeridoohan said:
That was kind of the point of my longish text above... All you need to pass on a device that doesn't fully pass SafetyNet (ctsProfile fails while basicIntegrity passes), is usually just to change ro.build.fingerprint to a certified fingerprint (and there are several ways to go about that, but the Magisk way always involves the resetprop tool somehow). Custom ROMs, developer versions of OEM firmwares (Oneplus 6 beta, for example), and otherwise uncertified devices can usually pass SafetyNet like this.
Click to expand...
Click to collapse
This was just the first one that gave me any success so I initially assumed it was because of the hiding. I wasn't even able to pass basic integrity without this one and most others didn't help either. I tries yours at one point with no success. Do you change all the "dangerous props" that this one does?
PetNoire said:
This was just the first one that gave me any success so I initially assumed it was because of the hiding. I wasn't even able to pass basic integrity without this one and most others didn't help either
Click to expand...
Click to collapse
Basic integrity passing has nothing to do with the device fingerprint or other props. With Magisk, that usually means that MagiskHide isn't working (for whatever reason, most of the times it just needs a restart) or you have something installed that MagiskHide can't hide (like Xposed, remnants of other kinds of root, etc).
Edit: Scroll down a little here for a table of examples of what will cause a true or false cts profile or basic integrity response.
https://developer.android.com/training/safetynet/attestation#compat-check-response
iamcurseal said:
@PetNoire I still failed to pass safetynet, When I flashed the module, my magisk was erased, but then I just saw from this thread that a reboot is needed. After reboot my magisk came back, but It' says "Requires Additional Setup" I ignore it and then checked if safetynet will pass, It failed.
I'm using stock CM FLARE S4 ROM android 5.1.
Sorry for my English.
Thankyou for the reviving this module. :good:
Godbless you.
Click to expand...
Click to collapse
I don't know what Tue additional setup does, but I always do it and its been working. Also your device may have thumbprint props instead of fingerprint.
Run this in a terminal and let me know what you get
Code:
getprop | grep print
PetNoire said:
I tries yours at one point with no success. Do you change all the "dangerous props" that this one does?
Click to expand...
Click to collapse
My module changes all the common fingerprint props, but as far as I know, it's only ro.build.fingerprint that is important for the ctsProfile check.
Didgeridoohan said:
Basic integrity passing has nothing to do with the device fingerprint or other props. With Magisk, that usually means that MagiskHide isn't working (for whatever reason, most of the times it just needs a restart) or you have something installed that MagiskHide can't hide (like Xposed, remnants of other kinds of root, etc).
Edit: Scroll down a little here for a table of examples of what will cause a true or false cts profile or basic integrity response.
https://developer.android.com/training/safetynet/attestation#compat-check-response
Click to expand...
Click to collapse
I wiped all partitions, installed lineage 15, installed magisk and enabled hide and it wouldn't pass basic at any point. Even still its never passed it without this module. It didn't even pass it on the clean install, before magisk

Snapchat won't sign in, how to fix?

Alright so I'm running magisk 18.0 on OnePlus 3T with xposed framework. I was able to sign into Snapchat before xposed when I used magisk hide and all the other things you're supposed to do. I'm obviously aware I triggered safety net by using xposed, what's the fastest way to get safetynet to pass again so I can sign into Snapchat? Is it as simple as disabling xposed? Please walk me through this, thanks
JayTheKid said:
Alright so I'm running magisk 18.0 on OnePlus 3T with xposed framework. I was able to sign into Snapchat before xposed when I used magisk hide and all the other things you're supposed to do. I'm obviously aware I triggered safety net by using xposed, what's the fastest way to get safetynet to pass again so I can sign into Snapchat? Is it as simple as disabling xposed? Please walk me through this, thanks
Click to expand...
Click to collapse
The reason I'm having this issue is because Snapchat randomly signed me out today and my restore point in titanium backup was too old
I had it too. Sign out clear data and cache and forced stop
Go hide in Magisk.
Reboot.
Clear data and storage again m
Open MM & turn off Magisk Hide.
Wait a few seconds.
Toggle Magisk Hide back on.
Force stop and clear Snapchat again.
Now before rebooting go ahead give it the permissions you want it to have.
Theory: don't give it the "phone" permission at first it at all if you can help it.
Reboot
Let everything finish loading and settling in, wait a couple minutes then try again.
If it's still messed up, is the account locked on their end until you call?
Let me know.
JayTheKid said:
Alright so I'm running magisk 18.0 on OnePlus 3T with xposed framework. I was able to sign into Snapchat before xposed when I used magisk hide and all the other things you're supposed to do. I'm obviously aware I triggered safety net by using xposed, what's the fastest way to get safetynet to pass again so I can sign into Snapchat? Is it as simple as disabling xposed? Please walk me through this, thanks
Click to expand...
Click to collapse
vonDubenshire said:
I had it too. Sign out clear data and cache and forced stop
Go hide in Magisk.
Reboot.
Clear data and storage again m
Open MM & turn off Magisk Hide.
Wait a few seconds.
Toggle Magisk Hide back on.
Force stop and clear Snapchat again.
Now before rebooting go ahead give it the permissions you want it to have.
Theory: don't give it the "phone" permission at first it at all if you can help it.
Reboot
Let everything finish loading and settling in, wait a couple minutes then try again.
If it's still messed up, is the account locked on their end until you call?
Let me know.
Click to expand...
Click to collapse
I turned off xposed in magisk and the installer, retoggled magisk hide for Snapchat and rebooted. Account was locked, what triggers this? I was using snap with Xposed undetected for months and then it randomly acts up. You mentioned not giving it phone permission, is that how they catch you? The only other thing I could think of that caught me was my cable app (spectrum TV) makes me disable usb debugging to use it
JayTheKid said:
I turned off xposed in magisk and the installer, retoggled magisk hide for Snapchat and rebooted. Account was locked, what triggers this? I was using snap with Xposed undetected for months and then it randomly acts up. You mentioned not giving it phone permission, is that how they catch you? The only other thing I could think of that caught me was my cable app (spectrum TV) makes me disable usb debugging to use it
Click to expand...
Click to collapse
The phone permissions allows the app to see the phone's IMEI code. I think maybe that detected you are on a rooted phone using that information.
How to use Snapchat with magisk (After Ban)
Follow these steps to use Snapchat with magisk -
1.) Update to latest Magisk stable build v20.0 - https://github.com/topjohnwu/Magisk/releases/download/v20.0/Magisk-v20.0.zip
2.) After updating magisk, Go to Magisk Manager > Magisk Hide and check/enable Snapchat and Google Services (all services have to be marked).
3.) Hide Magisk Manager by it self, go to Magisk Manager > Settings and "Hide Magisk Manager" so it will repack Magisk Manager with random name.
4.) Delete "busybox" binary from /system/xbin directory and install BusyBox module from Magisk Manager > Downloads.
5.) Clear data and cache of Snapchat, try to login this time, it will work for sure, if it doesn't, login to this and click unlock my account - https://accounts.snapchat.com/accounts/login?continue=https://accounts.snapchat.com/accounts/welcome
I have tried this myself and it works, my first main account was permanent banned on magisk canary build, After that I deleted that account and started out with fresh new account.
Tested on -
Samsung Galaxy S9+
Rom - Ultimate Rom v11.3
Magisk - v20.0 (Stable)
Kernel - ElementalX
No such item in xbin
I tried that too but i dont find any item such as busybox my Snapchat account can't be locked because its has been open in different phones
So give a solution what should i do i uninstall edxposed tried everything root switch root clock hut none of them really works its say oh on your temporarily login fails please try again later help needed seriously its been days
Running
Magisk 20.4 stable
Ed xposed 0.4.5.6 justins forks snadhook
Android 10

SafetyNet checks (CTS and basic) both failing - LOS16 w/ microG

Hi, can someone please help? I can't get SafetyNet check to pass in Magisk Manager, not even basicIntegrity.
I have tried everything here:
https://www.didgeridoohan.com/magisk/MagiskHideSafetyNet
... and here (in addition to digging around XDA forums)
https://www.didgeridoohan.com/magisk/MagiskInstallationIssues
I have a oneplus One running LineageOS 16 with microG pre-installed (https://lineage.microg.org/)
Specific troubleshooting steps taken, each step taken with TWO device restarts after:
1) Magisk Manager is hidden (via Magisk Hide in the Manager)
2) I am only using Magisk modules i.e. no BusyBox, xposed, etc.
3) After having issues I tried disabling all Magisk modules and rebooting twice
4) I tried the osm0sis unSU script, I flashed it in TWRP then deleted Dalvik/cache and rebooted twice, only Magisk was found
5) Developer options/USB debugging are both disabled
6) I froze in Titanium Backup any app needing root then hid Titanium Backup in Magisk (do I need to fully uninstall Titanium Backup and/or other apps with root?)
7) I tested magiskHide with a root checker app - it works, the root checker reports successful root then I hide the root checker with MagiskHide and when re-checking root then fails as expected.
8) I tried to reset fingerprint props but I reverted the settings back when this didn't help. Does anyone have any more info about this please? Unfortunately I already altered the props on my OPO and I don't have stock Cyanogen ROM available to me (it's spyware anyway!!)
A few related question please:
1) I don't need to use Systemizer plugin anymore, correct? As MagiskHide can handle this now? Or do I?
2) I tried a few SafetyNet fixes/modules but none worked... should I try more i.e. PetNoire's SafetyNet Spoofer? https://forum.xda-developers.com/apps/magisk/universal-safetynet-fix-magisk-17-t3840680/page5
Unfortunately I am not sure that I can attach a logcat output file as I am brand-new to XDA and have <10 posts.
Thank you all so much!
ertrink3n said:
I have a oneplus One running LineageOS 16 with microG pre-installed (https://lineage.microg.org/)
Click to expand...
Click to collapse
I believe this might be the key to your problem. I'm not entirely sure, but I think there might be issues passing SafetyNet on MicroG.
Try looking through MicroG threads/forums for info and help rather than Magisk.
Didgeridoohan said:
I believe this might be the key to your problem. I'm not entirely sure, but I think there might be issues passing SafetyNet on MicroG.
Try looking through MicroG threads/forums for info and help rather than Magisk.
Click to expand...
Click to collapse
Micro G can't pass safety net no more cause the Droid helper hasn't been updated....
([emoji3590]09-09-18[emoji3590])
Thank you for the confirmation @PoochyX, that's what I thought, but since I don't use or keep track of MicroG I wasn't sure.
@ertrink3n That's your answer.

[Help] Can't reinstall magisk

I upgraded to Magisk v23 without thinking and I am trying to reinstall 22.1 so I can continue with magisk hide, but no matter how I flash the repackaged boot.img, after reboot, installed always shows N/A. I've tried with v22 as well, and the same result.
Am I missing something about downgrading, or am I just doing something way off? Thanks in advance.
Why v22.1? Magisk v23 still has the "normal" MagiskHide...
(And just as a FYI, the new Deny list that is included in the latest Canary, 23010, works just as good to hide Magisk from what I've seen so far.)
I've tried 23 as well, I am on it as we speak, yet no matter what, I cannot get the boot to flash...
I did try the new version before rolling back and I could not add the RSA app I need for work to the deny list, rather it caught on to root and crapped out.
If I missed how to add to the deny list, I am happy to try again.
DrSeussFreak said:
I've tried 23 as well, I am on it as we speak, yet no matter what, I cannot get the boot to flash...
I did try the new version before rolling back and I could not add the RSA app I need for work to the deny list, rather it caught on to root and crapped out.
If I missed how to add to the deny list, I am happy to try again.
Click to expand...
Click to collapse
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
V0latyle said:
So Magisk Canary was released yesterday:
Magisk 23010
Someone who is temp rooting want to patch their boot image with this and see what happens?
Also, Magisk Hide is no longer, so here's what you have to do to pass Safetynet (the check is no longer in Magisk so you'll have to use an external app)
In Magisk:
Remove Universal Safetynet Fix and Riru, if you have them installed, Reboot.
Launch Magisk again
Settings > Magisk:
Enable Zygisk
Enable Enforce Denylist
Enable for Google Play Services components: (I just enabled for all subcomponents)
com.google.android.gms
com.google.android.gms.unstable
That should be enough to pass Safetynet. Don't forget to hide other apps such as banking, GPay, DRM (Netflix, Amazon Prime Video, etc)
Click to expand...
Click to collapse
V0latyle said:
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
Click to expand...
Click to collapse
Google play services is what I was missing in my earlier attempts. I cannot thank-you enough!
DrSeussFreak said:
Google play services is what I was missing in my earlier attempts. I cannot thank-you enough!
Click to expand...
Click to collapse
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
V0latyle said:
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
Click to expand...
Click to collapse
I just went through and re-did all my financials and streaming (plus all Amazon apps). I just forgot I had enabled it for these services.
V0latyle said:
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
Click to expand...
Click to collapse
Sorry, 1 additional question I didn't get a clear answer from the forums. I have 4 modules active in Magisk, 3 of them related to safetynet, Riru, MagiskHide Props Config and Universal Safetynet Fix. I disabled them and everything is still working, and I am guessing I do not need them anymore, since it's a whole new setup.
Am I correct that I no longer need these modules anymore? Once again, I appreciate the help.
DrSeussFreak said:
Sorry, 1 additional question I didn't get a clear answer from the forums. I have 4 modules active in Magisk, 3 of them related to safetynet, Riru, MagiskHide Props Config and Universal Safetynet Fix. I disabled them and everything is still working, and I am guessing I do not need them anymore, since it's a whole new setup.
Am I correct that I no longer need these modules anymore? Once again, I appreciate the help.
Click to expand...
Click to collapse
Correct, I was using the same solution as you - I had Riru, USNF, MagiskHide Props Config, and Systemless Hosts. I removed everything and reenabled Systemless Hosts after a reboot. The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
I may end up going back to 23001 because my banking app (Navy Federal) now refuses to start.
V0latyle said:
Correct, I was using the same solution as you - I had Riru, USNF, MagiskHide Props Config, and Systemless Hosts. I removed everything and reenabled Systemless Hosts after a reboot. The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
I may end up going back to 23001 because my banking app (Navy Federal) now refuses to start.
Click to expand...
Click to collapse
Thank you for confirming and good luck with your banking app, I checked all mine, so far so good. New system news bugs
V0latyle said:
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
Click to expand...
Click to collapse
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
pippo45454 said:
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
Click to expand...
Click to collapse
That is what i saw. I've been rooted for almost a decade and I've never seen this issue before with magisk. I don't use gpay often, so that is ok, but i appreciate the info.
pippo45454 said:
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
Click to expand...
Click to collapse
Did you use DenyList to hide both GPay, Google Play Services, and Google Play Store?
GPay works for me, but I am getting a CTS profile mismatch on Magisk 23010, so there's more work to be done. For now, I've downgraded to 23001.
I'll confirm gpay working, i hadn't checked earlier, but I'd marked it for the deny list earlier
How you downgrade to 23001?could you write entire procedure please?
I pur all exclusion, in Witch way you obtain CTS profile?
V0latyle said:
The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
Click to expand...
Click to collapse
Not quite true. 23010 introduces Zygisk that gives module developers way more options on how to create advanced modules. We'll now be able to have Xposed style Magisk mods. Really cool. Old modules still work just as fine though...
V0latyle said:
I am getting a CTS profile mismatch on Magisk 23010
Click to expand...
Click to collapse
Could be because you removed the modules that can help you pass CTS...
MagiskHide Props Config if you need a certified print on a custom ROM (no need on the stock ROM) or if you need to reapply sensitive prop changes that are no longer included in Magisk (although these are also included in Universal SafetyNet Fix v2.1+).
Universal SafetyNet Fix to get around hardware backed key attestation and spoofing model props for Play Services (although currently Magisk Canary 23010 isn't compatible with Riru, so you'll probably have to use an older USNF release for now, and spoof props with MHPC).
I passeri CTS profile with safetynet but anytime i try ti add my card on gpay the band Will block automatically mi credito card...seems that they found that the phone Is not secure do to root....how i can go back ti 23001?
pippo45454 said:
I passeri CTS profile with safetynet but anytime i try ti add my card on gpay the band Will block automatically mi credito card...seems that they found that the phone Is not secure do to root....how i can go back ti 23001?
Click to expand...
Click to collapse
Go into Magisk and tap Uninstall > Restore Images, then Uninstall Completely. Allow Magisk to reboot the phone. When it reboots, Magisk and root will be gone.
Install Magisk 23.0. Manually patch the boot image, reboot to bootloader, and flash the patched boot image. Reboot again and you should come back into root with 23.0.
Didgeridoohan said:
Not quite true. 23010 introduces Zygisk that gives module developers way more options on how to create advanced modules. We'll now be able to have Xposed style Magisk mods. Really cool. Old modules still work just as fine though...
Click to expand...
Click to collapse
Thank you for the explanation. I was under the impression that most modules would have to be rewritten to work with Zygisk.
Didgeridoohan said:
Could be because you removed the modules that can help you pass CTS...
MagiskHide Props Config if you need a certified print on a custom ROM (no need on the stock ROM) or if you need to reapply sensitive prop changes that are no longer included in Magisk (although these are also included in Universal SafetyNet Fix v2.1+).
Universal SafetyNet Fix to get around hardware backed key attestation and spoofing model props for Play Services (although currently Magisk Canary 23010 isn't compatible with Riru, so you'll probably have to use an older USNF release for now, and spoof props with MHPC).
Click to expand...
Click to collapse
Well, I tried USNF 2.0.0, CTS profile still failed, so I removed Magisk and went back to the last version that worked for me, 23001. I only use 4 modules: USNF, Riru to support it, MagiskHide Props, and Systemless Hosts. I'm on the stock ROM. I'll just wait until USNF is updated to work with Zygisk.

Categories

Resources