Database Develop

PetNoire's SafetyNet Spoofer! (Universal SafetyNet Fix mod)

PetNoire's SafetyNet Spoofer
This module tries to pass SafetyNet on devices/roms that don't.
This started when i put LineageOS on my phone and couldn't play Pokemon GO anymore. much sadness was had.
i searched around for a fix and found universal-safetynet-fix. Awesome! it let me play pokemon again but it broke everything else root related while it was enabled.
So, i worked on updating it to be compatible with magisk 17. and i got it! (download at the bottom)
but, well.. there was a lot in that code that didn't need to be there anymore. (does anyone even use magisk 12?!)
and worse still, my phones stock image used a thumbprint, not a fingerprint. with it in usnf, it didnt even pass basic integrity!
so i got to work and PetNoire's SafetyNet Spoofer was born!
Disclaimer:
I am not responsible for bricked devices, dead SD cards,
thermonuclear war, or you getting fired because the alarm app failed.
I also do not support hacking/altering any other apps with your root powers.
i made this purely to legitimately play a game on a customized system.
Information
Features:
Resets system props to a factory state
spoofs the device fingerprint or thumbprint
has a friendly command tool to change finger/thumbprint settings
Use:
Flash it with TWRP or MM.
by default, it spoofs the same device that unsf did which is enough for most uses. Congrats, you're done!
you can also use the pnss command as root to change, reset, or disable the fingerprint spoofing.
run the 'pnss' command from terminal for usage information
example command:
Code:
su
pnss set thumb MyDeviceThumbprint/8.1/etc/etc
Requeriments
Magisk v17
Installation
Flash the .ZIP from TWRP or MM Module page
Reboot
Known issues
thumbprint mode is only passing BasicIntegrity, not CTS
Donations
If you feel I helped you, you can buy me a coffee here
Credits
@Deic - the original creator of universal-safetynet-fix here
@PetNoire - porting it to magisk 17, breaking it further, and adding thumbprint support
Download
Please DO NOT share the module itself or the download link, share the thread only.
vv

@PetNoire May I ask a favour (as I've done to other users that hav updated @Deic's module to the current template in the past)? If you're going to re-release the module with the current template, at least please fix it so that it no longer replaces Magisk's internal Busybox with it's own. Really bad practice and we never did get @Deic to fix that before he disappeared...
If you need a specific module Busybox, place it in the module folder instead and call the commands from there, or make sure that the users know that they have to install @osm0sis Busybox, or if you're really in a pinch just use the internal Magisk Busybox then, but at least don't replace it with one that have the possibility to mess up Magisk's internal functions.
Also, it would be a good idea if you gave @Deic a bit more credit than you're doing right now (a tiny, tiny link at the top of your post just isn't enough), no matter that he's MIA. All you've really done is to transfer his module to the current template and added a check for the current Magisk version and it's paths. I'd suggest you make that more apparent so you don't risk being accused of passing someone else's work off as your own.

Didgeridoohan said:
@PetNoire May I ask a favour (as I've done to other users that hav updated @Deic's module to the current template in the past)? If you're going to re-release the module with the current template, at least please fix it so that it no longer replaces Magisk's internal Busybox with it's own. Really bad practice and we never did get @Deic to fix that before he disappeared...
If you need a specific module Busybox, place it in the module folder instead and call the commands from there, or make sure that the users know that they have to install @osm0sis Busybox, or if you're really in a pinch just use the internal Magisk Busybox then, but at least don't replace it with one that have the possibility to mess up Magisk's internal functions.
Also, it would be a good idea if you gave @Deic a bit more credit than you're doing right now (a tiny, tiny link at the top of your post just isn't enough), no matter that he's MIA. All you've really done is to transfer his module to the current template and added a check for the current Magisk version and it's paths. I'd suggest you make that more apparent so you don't risk being accused of passing someone else's work off as your own.
Click to expand...
Click to collapse
Thanks for the tip on busybox. I thought it was pretty weird that it replaced it like that for 2 commands but was more concerned about getting it to work at all. I'll look into fixing that soon.
update: i think i almost have it working on magisk's busybox but still working out some bugs.
And I'll edit it to give him some more credit right away.

PetNoire said:
Thanks for the tip on busybox. I thought it was pretty weird that it replaced it like that for 2 commands but was more concerned about getting it to work at all. I'll look into fixing that soon.
Click to expand...
Click to collapse
That would be great.
I thought I'd give some insight into what the module actually does, for those that are wondering, since it might get lost in translation between the different updates to the module by others than @Deic.
The USNF module is made up of two parts. For one, it changes the device fingerprint to a certified one to pass the ctsProfile check (the in-built one is a Xiaomi print, but IIRC you can also use the device stock fingerprint if it's already certified). This is also something that can be done with a Magisk boot script (post-fs-data.d or service.d) and the resetprop tool:
Code:
resetprop ro.build.fingerprint <certified fingerprint value>
There are also Magisk modules available that do the same thing (apart from USNF).
Device Spoofing Tool by @Dreamer(3MF) is one (although it also changes a whole lot of other props to simulate a OnePlus 2).
And there's also my MagiskHide Props Config that changes the build fingerprint to one of your choice.
Or, if you don't care about the systemlessness, you can directly edit your build.prop file and change the current ro.build.fingerprint to a certified one.
So, for the device fingerprint and passing the ctsProfile there are a few options.
The second part of USNF is the custom MagiskHide (as described in the OP). The thing here though, is that for the majority of devices it is not necessary anymore, since (as it also says in the OP) @topjohnwu have fixed most of those issues. From what it seems, from user reports in different threads, this is only necessary on some MIUI releases (Xiaomi devices). The module actually started out as a "Xiaomi SafetyNet fix" (check the module id), but the build fingerprint part turned out to be useful for other devices, so @Deic changed the name to "Universal". All other devices should be good with only changing the device fingerprint.
So far, it doesn't seem like the custom MagiskHide from the module is interfering in any way with the real thing. But, considering that it hasn't been updated in over a year, who knows.
Class dismissed.

Is there any reason to keep the code for old magisk? Does anyone still use 12-14?

Seems to have helped on my S8 with KingROM
My Magisk updated to 17.1 and then GooglePay started getting upset that I had rooted, mucked around with various things including the 'MagiskHide Props Config' module which my S8 never seems happy with (random reboots when installed) but this seems to do the trick.
I installed via Magisk Manager but it seemed to kill the Magisk install when I rebooted, reinstalled Magisk and now all seems ok so a big thumbs up from me

I wonder how the magiskhide part (at least the "add", etc. scripts) can work, because you use the old outdated "/magisk"-folder, that is no longer supported since 16.3 (or so).

Oberth said:
My Magisk updated to 17.1 and then GooglePay started getting upset that I had rooted, mucked around with various things including the 'MagiskHide Props Config' module which my S8 never seems happy with (random reboots when installed) but this seems to do the trick.
I installed via Magisk Manager but it seemed to kill the Magisk install when I rebooted, reinstalled Magisk and now all seems ok so a big thumbs up from me
Click to expand...
Click to collapse
For some reason it doesn't always work the first time. Usually just rebooting fixes it.

jenslody said:
I wonder how the magiskhide part (at least the "add", etc. scripts) can work, because you use the old outdated "/magisk"-folder, that is no longer supported since 16.3 (or so).
Click to expand...
Click to collapse
I thought I changed it all. You sure there isnt some kind of version check? I'll look at it later
Again first goal was to get it working. Next goal is to make it awesome

Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP

winzzzzz said:
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
Click to expand...
Click to collapse
In-Case Of Facing A Bootloop/Bootscreen Issue Due To Flashing A Module, Download CoreOnlyMode4Magisk From This Thread https://forum.xda-developers.com/apps/magisk/module-core-mode-bootloop-solver-modules-t3817366 Then Flash It Thru TWRP Recovery.

winzzzzz said:
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
Click to expand...
Click to collapse
Does it boot after disabling the module?
From twrp>advanced>terminal:
HTML:
Mount -o loop /data/adb/magisk.img /mnt
Touch /mnt/universal-safetynet-fix/disable
The reboot

so.. i kind of deleted the whole magiskhide clone from the module and just left the prop configs and its totally passing safetynet now. so i guess the normal magiskhide is enough and is just missing some prop resets.

@PetNoire I still failed to pass safetynet, When I flashed the module, my magisk was erased, but then I just saw from this thread that a reboot is needed. After reboot my magisk came back, but It' says "Requires Additional Setup" I ignore it and then checked if safetynet will pass, It failed.
I'm using stock CM FLARE S4 ROM android 5.1.
Sorry for my English.
Thankyou for the reviving this module. :good:
Godbless you.

PetNoire said:
so.. i kind of deleted the whole magiskhide clone from the module and just left the prop configs and its totally passing safetynet now. so i guess the normal magiskhide is enough and is just missing some prop resets.
Click to expand...
Click to collapse
That was kind of the point of my longish text above... All you need to pass on a device that doesn't fully pass SafetyNet (ctsProfile fails while basicIntegrity passes), is usually just to change ro.build.fingerprint to a certified fingerprint (and there are several ways to go about that, but the Magisk way always involves the resetprop tool somehow). Custom ROMs, developer versions of OEM firmwares (Oneplus 6 beta, for example), and otherwise uncertified devices can usually pass SafetyNet like this.

Didgeridoohan said:
That was kind of the point of my longish text above... All you need to pass on a device that doesn't fully pass SafetyNet (ctsProfile fails while basicIntegrity passes), is usually just to change ro.build.fingerprint to a certified fingerprint (and there are several ways to go about that, but the Magisk way always involves the resetprop tool somehow). Custom ROMs, developer versions of OEM firmwares (Oneplus 6 beta, for example), and otherwise uncertified devices can usually pass SafetyNet like this.
Click to expand...
Click to collapse
This was just the first one that gave me any success so I initially assumed it was because of the hiding. I wasn't even able to pass basic integrity without this one and most others didn't help either. I tries yours at one point with no success. Do you change all the "dangerous props" that this one does?

PetNoire said:
This was just the first one that gave me any success so I initially assumed it was because of the hiding. I wasn't even able to pass basic integrity without this one and most others didn't help either
Click to expand...
Click to collapse
Basic integrity passing has nothing to do with the device fingerprint or other props. With Magisk, that usually means that MagiskHide isn't working (for whatever reason, most of the times it just needs a restart) or you have something installed that MagiskHide can't hide (like Xposed, remnants of other kinds of root, etc).
Edit: Scroll down a little here for a table of examples of what will cause a true or false cts profile or basic integrity response.
https://developer.android.com/training/safetynet/attestation#compat-check-response

iamcurseal said:
@PetNoire I still failed to pass safetynet, When I flashed the module, my magisk was erased, but then I just saw from this thread that a reboot is needed. After reboot my magisk came back, but It' says "Requires Additional Setup" I ignore it and then checked if safetynet will pass, It failed.
I'm using stock CM FLARE S4 ROM android 5.1.
Sorry for my English.
Thankyou for the reviving this module. :good:
Godbless you.
Click to expand...
Click to collapse
I don't know what Tue additional setup does, but I always do it and its been working. Also your device may have thumbprint props instead of fingerprint.
Run this in a terminal and let me know what you get
Code:
getprop | grep print

PetNoire said:
I tries yours at one point with no success. Do you change all the "dangerous props" that this one does?
Click to expand...
Click to collapse
My module changes all the common fingerprint props, but as far as I know, it's only ro.build.fingerprint that is important for the ctsProfile check.

Didgeridoohan said:
Basic integrity passing has nothing to do with the device fingerprint or other props. With Magisk, that usually means that MagiskHide isn't working (for whatever reason, most of the times it just needs a restart) or you have something installed that MagiskHide can't hide (like Xposed, remnants of other kinds of root, etc).
Edit: Scroll down a little here for a table of examples of what will cause a true or false cts profile or basic integrity response.
https://developer.android.com/training/safetynet/attestation#compat-check-response
Click to expand...
Click to collapse
I wiped all partitions, installed lineage 15, installed magisk and enabled hide and it wouldn't pass basic at any point. Even still its never passed it without this module. It didn't even pass it on the clean install, before magisk

{guide} pass SafteyNet any android 11

hello guys today i managed to bypass SafteyNet after couple of test and god know how many formats i did
but here i share the joy of it with you all
instead of texting guide i prefered to do full video guide in the video guide i will take you from point 0 where the phone is formated and fresh rooted to fully bypass SafteyNet with edxposed installed
last android version 11
basic integrity : pass
cts profile : pass
in advance sorry for my bad english in this post and in the video
do it on your OWN RISK
guide

skysatan said:
hello guys today i managed to bypass SafteyNet after couple of test and god know how many formats i did
but here i share the joy of it with you all
instead of texting guide i prefered to do full video guide in the video guide i will take you from point 0 where the phone is formated and fresh rooted to fully bypass SafteyNet with edxposed installed
last android version 11
basic integrity : pass
cts profile : pass
in advance sorry for my bad english in this post and in the video
do it on your OWN RISK
guide
Click to expand...
Click to collapse
Working like a charm on my S20 Ultra with Android 11 (Beyond Rom 2.0)
Thanks

m8980 said:
Working like a charm on my S20 Ultra with Android 11 (Beyond Rom 2.0)
Thanks
Click to expand...
Click to collapse
yw my friend

Thank you for the nice video,safety Net pass.

pannerch said:
Thank you for the nice video,safety Net pass.
Click to expand...
Click to collapse
yw bro

Edit: Please see Didgeridoohan's post below mine for additional info/context before following this breakdown of what happened in the video.
TL;DW version:
Starting clean, install magisk.
Install the following modules through the magisk download section (You don't need to reboot after installing each module): 'Busybox', 'MagiskHide Props Config'
Install what I think is this? The video is not at all clear, but I believe it to be the latest version of riru from here: https://github.com/RikkaApps/Riru/releases
Install what appears to be the latest sandhook debug version of this: https://github.com/ElderDrivers/EdXposed/releases (Video technically uses the previous 0.5.1.3 revision but that was the latest version at the time the video was posted)
Go into Magisk Manager settings, enable the magisk hide toggle
Select the option above this, 'Hide Magisk Manager' and hide it with whatever setting you like.
Restart? Not too sure if this is needed here, video guy's phone froze here and had to be hard restarted.
If you check Safetynet inside of Magisk now you should now pass basicintegrity while failing ctsprofile.
Install EdXposed Manager (I assume this one: https://github.com/ElderDrivers/EdXposedManager/releases/ ) (Note: A version of this is installed while installing the Riru/EdXposed through Magisk, no idea if this version is different to that)
Install Termux (I assume this one: https://f-droid.org/packages/com.termux/ )
(Optionally) Install the following apps to confirm that everything has been successful once we are finished:
SafetyNet Test - Apps on Google Play
SafetyNet device compatibility test
play.google.com
SafetyNet Checker - Apps on Google Play
SafetyNet is way to check health and environment where android device running.
play.google.com
Root and SafetyNet Checker - Apps on Google Play
Let you know if your device is Rooted and checks if it passes SafetyNet
play.google.com
Open up EdXoposed manager and confirm the framework is active.
Go into EdXposed settings, scroll down to app list mode and enable, scroll down to 'Pass Safetynet' and enable.
Run Termux, type in:
su
Hit enter, grant root access. Type in:
props
Hit enter. Select the first option (Edit device fingerprint), then select 'Pick a certified fingerprint'
In the next screens select your phone manufacturer and model from the lists that appear.
Confirm you selected the correct device by selecting yes, and then reboot when requested.
Run termux, enter su and props again. Confirm that 'Edit device fingerprint' is now Active.
Select 'Force BASIC key attestation'
Select 'Pick from device list' and select your own device from the lists.
Confir you selected the right device and reboot.
Run termux, su, props. 'Edit devide fingerprint' and 'Force BASIC key attestation' should now be active.
Select 'Device simulation'
Select 'Device simulation' again. Confirm you want to enable basic device simulation.
Select 'ro.product.manufacturer'. Confirm you want to enable simulating 'ro.product.manufacturer'. Reboot.
It should now be working.
That said, I was following the instructions on my pixel 2 XL as I typed them out and I'm still failing safetynet so YMMV.
Edit: Did some digging, in the 'Force BASIC key attestation' section I neede to select a device which was similar but not exactly my device. In my case I used the regular Pixel 2. This got it working.

ivivaitylin said:
TL;DW version:
Click to expand...
Click to collapse
If that's what's in the video, there are a few errors that could be corrected...
First one is rather minor: you do not need to install busybox together with MagiskHide Props Config (that requirement was removed in v5.2.6, more than 6 months ago (a small indication that it's not always a good idea to blindly follow random guides on the internet, they rarely get updated as the tools changes).
Enabling MagiskHide is of course necessary, but hiding the Manager isn't if all you want to do is to pass SafetyNet. It's a useful tool though, since many apps look for the Manager. But not SafetyNet...
And, if you want to use EdXposed (it's not necessary for passing SafetyNet, but there might be many useful modules), you need to keep in mind that Google constantly chases these tools and eventually they'll likely get detected. If you keep on the latest versions of EdXposed, the devs usually manages to keep one step ahead.
Changing the device fingerprint is only necessary if you aren't on a stock ROM, or have a device that isn't Google certified.
The "Force BASIC key attestation" option in MagiskHide Props Config is only necessary if your device uses hardware backed key attestation (you can see if it's basic or hardware when you make a SafetyNet check in the Magisk Manager). If you do need to force a basic check you should not pick your own device. That's very clearly stated both in the ui and the module docs. Picking your own device does absolutely nothing.
"Device simulation" isn't necessary at all, and if you're using a device fingerprint from your own device it won't do anything.
There's more on what options to use in MagiskHide Props Config in the module docs:
MagiskHidePropsConf/README.md at master · Magisk-Modules-Repo/MagiskHidePropsConf
This tool is now dead... Contribute to Magisk-Modules-Repo/MagiskHidePropsConf development by creating an account on GitHub.
github.com

Thanks for the info and breakdown, I've added something at the top of my post directing people to check your post before following it.

Didgeridoohan said:
If that's what's in the video, there are a few errors that could be corrected...
First one is rather minor: you do not need to install busybox together with MagiskHide Props Config (that requirement was removed in v5.2.6, more than 6 months ago (a small indication that it's not always a good idea to blindly follow random guides on the internet, they rarely get updated as the tools changes).
Enabling MagiskHide is of course necessary, but hiding the Manager isn't if all you want to do is to pass SafetyNet. It's a useful tool though, since many apps look for the Manager. But not SafetyNet...
And, if you want to use EdXposed (it's not necessary for passing SafetyNet, but there might be many useful modules), you need to keep in mind that Google constantly chases these tools and eventually they'll likely get detected. If you keep on the latest versions of EdXposed, the devs usually manages to keep one step ahead.
Changing the device fingerprint is only necessary if you aren't on a stock ROM, or have a device that isn't Google certified.
The "Force BASIC key attestation" option in MagiskHide Props Config is only necessary if your device uses hardware backed key attestation (you can see if it's basic or hardware when you make a SafetyNet check in the Magisk Manager). If you do need to force a basic check you should not pick your own device. That's very clearly stated both in the ui and the module docs. Picking your own device does absolutely nothing.
"Device simulation" isn't necessary at all, and if you're using a device fingerprint from your own device it won't do anything.
There's more on what options to use in MagiskHide Props Config in the module docs:
MagiskHidePropsConf/README.md at master · Magisk-Modules-Repo/MagiskHidePropsConf
This tool is now dead... Contribute to Magisk-Modules-Repo/MagiskHidePropsConf development by creating an account on GitHub.
github.com
Click to expand...
Click to collapse
you can use it with out EdXposed

skysatan said:
you can use it with out EdXposed
Click to expand...
Click to collapse
That's what you took from my post? The only thing I wrote about EdXposed is that Google often finds ways to detect it...

skysatan said:
hello guys today i managed to bypass SafteyNet after couple of test and god know how many formats i did
but here i share the joy of it with you all
instead of texting guide i prefered to do full video guide in the video guide i will take you from point 0 where the phone is formated and fresh rooted to fully bypass SafteyNet with edxposed installed
last android version 11
basic integrity : pass
cts profile : pass
in advance sorry for my bad english in this post and in the video
do it on your OWN RISK
guide
Click to expand...
Click to collapse
Video is not available anyone share the direct video link

pannerch said:
Thank you for the nice video,safety Net pass.
Click to expand...
Click to collapse
Send the link of the video i unable to watch that video in YouTube

[Help] Can't reinstall magisk

I upgraded to Magisk v23 without thinking and I am trying to reinstall 22.1 so I can continue with magisk hide, but no matter how I flash the repackaged boot.img, after reboot, installed always shows N/A. I've tried with v22 as well, and the same result.
Am I missing something about downgrading, or am I just doing something way off? Thanks in advance.

Why v22.1? Magisk v23 still has the "normal" MagiskHide...
(And just as a FYI, the new Deny list that is included in the latest Canary, 23010, works just as good to hide Magisk from what I've seen so far.)

I've tried 23 as well, I am on it as we speak, yet no matter what, I cannot get the boot to flash...
I did try the new version before rolling back and I could not add the RSA app I need for work to the deny list, rather it caught on to root and crapped out.
If I missed how to add to the deny list, I am happy to try again.

DrSeussFreak said:
I've tried 23 as well, I am on it as we speak, yet no matter what, I cannot get the boot to flash...
I did try the new version before rolling back and I could not add the RSA app I need for work to the deny list, rather it caught on to root and crapped out.
If I missed how to add to the deny list, I am happy to try again.
Click to expand...
Click to collapse
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
V0latyle said:
So Magisk Canary was released yesterday:
Magisk 23010
Someone who is temp rooting want to patch their boot image with this and see what happens?
Also, Magisk Hide is no longer, so here's what you have to do to pass Safetynet (the check is no longer in Magisk so you'll have to use an external app)
In Magisk:
Remove Universal Safetynet Fix and Riru, if you have them installed, Reboot.
Launch Magisk again
Settings > Magisk:
Enable Zygisk
Enable Enforce Denylist
Enable for Google Play Services components: (I just enabled for all subcomponents)
com.google.android.gms
com.google.android.gms.unstable
That should be enough to pass Safetynet. Don't forget to hide other apps such as banking, GPay, DRM (Netflix, Amazon Prime Video, etc)
Click to expand...
Click to collapse

V0latyle said:
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
Click to expand...
Click to collapse
Google play services is what I was missing in my earlier attempts. I cannot thank-you enough!

DrSeussFreak said:
Google play services is what I was missing in my earlier attempts. I cannot thank-you enough!
Click to expand...
Click to collapse
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).

V0latyle said:
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
Click to expand...
Click to collapse
I just went through and re-did all my financials and streaming (plus all Amazon apps). I just forgot I had enabled it for these services.

V0latyle said:
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
Click to expand...
Click to collapse
Sorry, 1 additional question I didn't get a clear answer from the forums. I have 4 modules active in Magisk, 3 of them related to safetynet, Riru, MagiskHide Props Config and Universal Safetynet Fix. I disabled them and everything is still working, and I am guessing I do not need them anymore, since it's a whole new setup.
Am I correct that I no longer need these modules anymore? Once again, I appreciate the help.

DrSeussFreak said:
Sorry, 1 additional question I didn't get a clear answer from the forums. I have 4 modules active in Magisk, 3 of them related to safetynet, Riru, MagiskHide Props Config and Universal Safetynet Fix. I disabled them and everything is still working, and I am guessing I do not need them anymore, since it's a whole new setup.
Am I correct that I no longer need these modules anymore? Once again, I appreciate the help.
Click to expand...
Click to collapse
Correct, I was using the same solution as you - I had Riru, USNF, MagiskHide Props Config, and Systemless Hosts. I removed everything and reenabled Systemless Hosts after a reboot. The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
I may end up going back to 23001 because my banking app (Navy Federal) now refuses to start.

V0latyle said:
Correct, I was using the same solution as you - I had Riru, USNF, MagiskHide Props Config, and Systemless Hosts. I removed everything and reenabled Systemless Hosts after a reboot. The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
I may end up going back to 23001 because my banking app (Navy Federal) now refuses to start.
Click to expand...
Click to collapse
Thank you for confirming and good luck with your banking app, I checked all mine, so far so good. New system news bugs

V0latyle said:
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
Click to expand...
Click to collapse
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001

pippo45454 said:
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
Click to expand...
Click to collapse
That is what i saw. I've been rooted for almost a decade and I've never seen this issue before with magisk. I don't use gpay often, so that is ok, but i appreciate the info.

pippo45454 said:
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
Click to expand...
Click to collapse
Did you use DenyList to hide both GPay, Google Play Services, and Google Play Store?
GPay works for me, but I am getting a CTS profile mismatch on Magisk 23010, so there's more work to be done. For now, I've downgraded to 23001.

I'll confirm gpay working, i hadn't checked earlier, but I'd marked it for the deny list earlier

How you downgrade to 23001?could you write entire procedure please?

I pur all exclusion, in Witch way you obtain CTS profile?

V0latyle said:
The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
Click to expand...
Click to collapse
Not quite true. 23010 introduces Zygisk that gives module developers way more options on how to create advanced modules. We'll now be able to have Xposed style Magisk mods. Really cool. Old modules still work just as fine though...
V0latyle said:
I am getting a CTS profile mismatch on Magisk 23010
Click to expand...
Click to collapse
Could be because you removed the modules that can help you pass CTS...
MagiskHide Props Config if you need a certified print on a custom ROM (no need on the stock ROM) or if you need to reapply sensitive prop changes that are no longer included in Magisk (although these are also included in Universal SafetyNet Fix v2.1+).
Universal SafetyNet Fix to get around hardware backed key attestation and spoofing model props for Play Services (although currently Magisk Canary 23010 isn't compatible with Riru, so you'll probably have to use an older USNF release for now, and spoof props with MHPC).

I passeri CTS profile with safetynet but anytime i try ti add my card on gpay the band Will block automatically mi credito card...seems that they found that the phone Is not secure do to root....how i can go back ti 23001?

pippo45454 said:
I passeri CTS profile with safetynet but anytime i try ti add my card on gpay the band Will block automatically mi credito card...seems that they found that the phone Is not secure do to root....how i can go back ti 23001?
Click to expand...
Click to collapse
Go into Magisk and tap Uninstall > Restore Images, then Uninstall Completely. Allow Magisk to reboot the phone. When it reboots, Magisk and root will be gone.
Install Magisk 23.0. Manually patch the boot image, reboot to bootloader, and flash the patched boot image. Reboot again and you should come back into root with 23.0.

Didgeridoohan said:
Not quite true. 23010 introduces Zygisk that gives module developers way more options on how to create advanced modules. We'll now be able to have Xposed style Magisk mods. Really cool. Old modules still work just as fine though...
Click to expand...
Click to collapse
Thank you for the explanation. I was under the impression that most modules would have to be rewritten to work with Zygisk.
Didgeridoohan said:
Could be because you removed the modules that can help you pass CTS...
MagiskHide Props Config if you need a certified print on a custom ROM (no need on the stock ROM) or if you need to reapply sensitive prop changes that are no longer included in Magisk (although these are also included in Universal SafetyNet Fix v2.1+).
Universal SafetyNet Fix to get around hardware backed key attestation and spoofing model props for Play Services (although currently Magisk Canary 23010 isn't compatible with Riru, so you'll probably have to use an older USNF release for now, and spoof props with MHPC).
Click to expand...
Click to collapse
Well, I tried USNF 2.0.0, CTS profile still failed, so I removed Magisk and went back to the last version that worked for me, 23001. I only use 4 modules: USNF, Riru to support it, MagiskHide Props, and Systemless Hosts. I'm on the stock ROM. I'll just wait until USNF is updated to work with Zygisk.

What is the go-to replacement for MagiskHide & the central module repo?

I just realized there was a new public Magisk release yesterday, v24, and reading through the changes I see there are two that kind of impact me: MagiskHide and the central module repository removals.
So far I had been using MagiskHide because of its ease of use, list apps, tick box, and that's it (I haven't encountered apps that detected Magisk or root status, although I know it's insufficient for some). For modules, for example, the one that moves user certs to the system store, I just searched directly from the Magisk app and it was all good as well.
But things change from now on with those things being deprecated and removed and because there isn't much to go about in the release notes I was wondering if someone could direct me to the way of doing things now.
- What's the most apt, prevalent, or recommended replacement for MagiskHide? From the release notes I gather its a module, but I'm clueless as to which one or whether there are more than one option.
- If searching for mods and directly installing them is not available through the app, is there anything like it? Or is it all manual now? I.e. look for a module around the net, download it, copy it / decompress it somewhere in the device and install it.
Thanks for everything!

KaoDome said:
I just realized there was a new public Magisk release yesterday, v24, and reading through the changes I see there are two that kind of impact me: MagiskHide and the central module repository removals.
So far I had been using MagiskHide because of its ease of use, list apps, tick box, and that's it (I haven't encountered apps that detected Magisk or root status, although I know it's insufficient for some). For modules, for example, the one that moves user certs to the system store, I just searched directly from the Magisk app and it was all good as well.
But things change from now on with those things being deprecated and removed and because there isn't much to go about in the release notes I was wondering if someone could direct me to the way of doing things now.
- What's the most apt, prevalent, or recommended replacement for MagiskHide? From the release notes I gather its a module, but I'm clueless as to which one or whether there are more than one option.
- If searching for mods and directly installing them is not available through the app, is there anything like it? Or is it all manual now? I.e. look for a module around the net, download it, copy it / decompress it somewhere in the device and install it.
Thanks for everything!
Click to expand...
Click to collapse
[Discussion] Magisk - The Age of Zygisk.
This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com
Here. First 5 post and you should know all you need

So, I read through that thread. It certainly solved a few issues for me. Like getting safety net, getting a repository, etc.
But it didn't have anything I see to replace magisk hide, even in the Fox Magisk Module Manager.
Do I just need to know other terminology now? Or is there something else I'm missing?

Quantumrabbit said:
So, I read through that thread. It certainly solved a few issues for me. Like getting safety net, getting a repository, etc.
But it didn't have anything I see to replace magisk hide, even in the Fox Magisk Module Manager.
Do I just need to know other terminology now? Or is there something else I'm missing?
Click to expand...
Click to collapse
I don't get it, Magisk Hide is good for passing SafetyNet and you said you got it. Anyway, for SafetyNet you can use the Universal SafetyNet Fix module.
If you meant the hide list, there's now the Deny list. To quote:
The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.
Click to expand...
Click to collapse

Porpet said:
I don't get it, Magisk Hide is good for passing SafetyNet and you said you got it. Anyway, for SafetyNet you can use the Universal SafetyNet Fix module.
If you meant the hide list, there's now the Deny list. To quote:
Click to expand...
Click to collapse
Yes, it's for some banking apps, Concur, and others, none of which have any business checking for root, but all check for Magisk and such in other ways, and prevent usage.
If the deny list is how to do that now, I'll give that a go. Thank you

Quantumrabbit said:
Yes, it's for some banking apps, Concur, and others, none of which have any business checking for root, but all check for Magisk and such in other ways, and prevent usage.
If the deny list is how to do that now, I'll give that a go. Thank you
Click to expand...
Click to collapse
And where did you find the deny list?

fusk said:
And where did you find the deny list?
Click to expand...
Click to collapse
Settings enforce deny list. You need to enable zygisk and reboot prior also in settings.
Also there is an add on module shamiko that has more hide features after you configure denylist

H
toolhas4degrees said:
Settings enforce deny list. You need to enable zygisk and reboot prior also in settings.
Also there is an add on module shamiko that has more hide features after you configure denylist
Click to expand...
Click to collapse
How to add modules shamiko & how to more hide features

Spartacus500 said:
H
How to add modules shamiko & how to more hide features
Click to expand...
Click to collapse
Shamiko is a flashable only need to slash magisk module. You can find it in the magisk alpha thread on telegram. You need to configure denylist first and reboot then turn off the enforce denylist toggle and flash the shamiko module.
If you are using lsposed download hide my applist xposed module and search how to use it if you want more coverage
Pm me if you want links

I'm having a lot of trouble. Duo Mobile (a 2FA app) is still able to detect that I'm rooted. Here's what I've done:
1) Installed Magisk & Manager app version 24.1 (24100)
2) Enabled Zygisk (and rebooted of course)
3) Enabled Enforce DenyList
4) Added com.duosecurity.duomobile and ALL Google Play Services submodules to the DenyList
5) Installed Universal SafetyNet Fix v2.2.1 from https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.2.1
6) Hidden the Magisk app
7) Completely uninstalled & reinstalled Duo Mobile (and verified that it's still on the DenyList
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.

Drakinite said:
I'm having a lot of trouble. Duo Mobile (a 2FA app) is still able to detect that I'm rooted. Here's what I've done:
1) Installed Magisk & Manager app version 24.1 (24100)
2) Enabled Zygisk (and rebooted of course)
3) Enabled Enforce DenyList
4) Added com.duosecurity.duomobile and ALL Google Play Services submodules to the DenyList
5) Installed Universal SafetyNet Fix v2.2.1 from https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.2.1
6) Hidden the Magisk app
7) Completely uninstalled & reinstalled Duo Mobile (and verified that it's still on the DenyList
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Click to expand...
Click to collapse
This is quite weird and definitely shows how different devices handle root detection. I a Samsung S10+ and just installed Magisk 24 with enforce DenyList earlier this week. Today I just installed Duo Mobile and it works fine. I do not have it in the DenyList, and Magisk is not hidden. I use a custom SafetyNet fix that was installed when I originally installed an AIO TWRP/Magisk/SafetyNet fix after unlocking my bootloader. I also fail SafetyNet checks.
Have you tried Shamiko? It didn't help me pass SafetyNet so I removed it.
Unfortunately I don't have any other fixes for you but you can check SafetyNet with apps from the play store, I use YASNAC and SafetyNet 'attest'.
What phone are you using?

Drakinite said:
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Click to expand...
Click to collapse
There are SafetyNet checker apps you can download from the Play Store or F-Droid such as YASNAC.

danbest82 said:
Have you tried Shamiko? It didn't help me pass SafetyNet so I removed it.
Unfortunately I don't have any other fixes for you but you can check SafetyNet with apps from the play store, I use YASNAC and SafetyNet 'attest'.
What phone are you using?
Click to expand...
Click to collapse
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
anonymous-bot said:
There are SafetyNet checker apps you can download from the Play Store or F-Droid such as YASNAC.
Click to expand...
Click to collapse
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.

Drakinite said:
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Click to expand...
Click to collapse
Get VD Infos and use it to scan your files. You can find it on XDA.

Drakinite said:
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
Click to expand...
Click to collapse
Hmm ok. Like I said shimako didn't work for me either. I'm not sure why Duo is still detecting root. For reference this is what is on my DenyList:
Drakinite said:
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Click to expand...
Click to collapse
YASNAC is the replacement for Momo it looks like since Momo is Riru based (https://github.com/canyie/Riru-MomoHider)

simplydat said:
Get VD Infos and use use to scan your files. You can find it in XDA
Click to expand...
Click to collapse
Ok so this one is more helpful, but I'm not sure how to hide these that appeared. Any idea what ro.kernel.qemu.gles is? I looked through my list of installed apps and nothing like that showed up.
Should we switch to private messages to not spam the thread? Or perhaps staying in here can be helpful for those with the same problem?

Drakinite said:
Ok so this one is more helpful, but I'm not sure how to hide these that appeared. Any idea what ro.kernel.qemu.gles is? I looked through my list of installed apps and nothing like that showed up.
Should we switch to private messages to not spam the thread? Or perhaps staying in here can be helpful for those with the same problem?
Click to expand...
Click to collapse
OMG WAIT, it finally worked! I don't know what changed, but Duo is now no longer detecting root. Gotta love when things magically start working when you don't know what changed.

Drakinite said:
OMG WAIT, it finally worked! I don't know what changed, but Duo is now no longer detecting root. Gotta love when things magically start working when you don't know what changed.
Click to expand...
Click to collapse
Awesome. Hope it stays that way!

Hi,
I've switched to the new method with the DenyList & Shamiko (v0.5.0) on OnePlus 6 recently - Magisk (v24.3), however it doesn't seem to hide root from Google Pay. Can it still be a bug with Magisk, when it can't hide system apps? In the changelog of Shamiko it mentioned that it was fixed in Magisk "24102+", I'm not sure what version is this, but I imagine it's not released yet. If so, is there a way of installing this version early?
Thank you!

antivirtel said:
Hi,
I've switched to the new method with the DenyList & Shamiko (v0.5.0) on OnePlus 6 recently - Magisk (v24.3), however it doesn't seem to hide root from Google Pay. Can it still be a bug with Magisk, when it can't hide system apps? In the changelog of Shamiko it mentioned that it was fixed in Magisk "24102+", I'm not sure what version is this, but I imagine it's not released yet. If so, is there a way of installing this version early?
Thank you!
Click to expand...
Click to collapse
Version 24102 would be v24.102. So your Magisk 24.300 is newer.

Question Not passing safetynet(Play Integrity API) on pixel 7

I made a big mistake yesterday. I saw threads about the new Play Integrity API thing and download the Integrity API checker. At that time, the integrity API checker cannot pass MEETS_DEVICE_INTEGRITY but my YASNAC can pass CTS profile. So I installed the Displex mod of the universal safetynet fix. I saw that my DEVICE_INTEGRITY passed but after testing a bit I found that it's not very consistent. Then after checking out the original repo knowing that there will be a release about this fix soon, I Installed back v2.4.0. This is when everything goes wrong. My device can no longer pass CTS profile. I tried wiping storage of the GAPPS, install back the modded module, remove Magiskhide props config. It is still not working. I cannot use my GPay now. Please help me get my GPAY back. Thanks for all the help.

To clarify my current setup, I have the modded v2.3.1_MOD2.1 installed now and props config removed.
Also a small question, do I need to wait for the device to get certified to get the CTS profile match or it should immediately work if everything is right.

seanho12345 said:
To clarify my current setup, I have the modded v2.3.1_MOD2.1 installed now and props config removed.
Also a small question, do I need to wait for the device to get certified to get the CTS profile match or it should immediately work if everything is right.
Click to expand...
Click to collapse
safetynet-fix 2.3.1-MOD_2.1 should get you back on track. It's a popular topic today for those of us caught off guard.
Waiting for Play Protect certification should work but clearing storage for Play Store and Play Services will speed it up.

manjaroid said:
safetynet-fix 2.3.1-MOD_2.1 should get you back on track. It's a popular topic today for those of us caught off guard.
Waiting for Play Protect certification should work but clearing storage for Play Store and Play Services will speed it up.
Click to expand...
Click to collapse
Yeah I already have USNF 2.3.1_MOD2.1 installed. However, my question is that is the CTS profile a prerequisite for the device to get certified or it should first get certified then the CTS profile match will work.

Hi
Im having sort of same problem, untill today my phone passed everything, gpay worked and all good..
from nothing it started to fail, not passing CTS profile match, gpay doesnt work.
tried everything, reinstalled magisk, reinstalled the modules, tried 2.3.1 mod, tried 2.4.0. Nothing works.
best i've achieved, is passing safetynet once, but after 2-3 min, it doesnt pass anymore.
any ideas what to do now?

manjaroid said:
safetynet-fix 2.3.1-MOD_2.1 should get you back on track. It's a popular topic today for those of us caught off guard.
Waiting for Play Protect certification should work but clearing storage for Play Store and Play Services will speed it up.
Click to expand...
Click to collapse
I'm Play Store certified but I don't pass CTS profile match

I am not sure if anyone has the same problem as mine. I configured magisk denylist as picture attached which included "play store service". The restarted the phone, went back to the denylist "play store service" gone

tinhsoftware said:
I am not sure if anyone has the same problem as mine. I configured magisk denylist as picture attached which included "play store service". The restarted the phone, went back to the denylist "play store service" gone
Click to expand...
Click to collapse
If you mean Google Play Services, that's normal and intended behavior if using a USNF mod. It's "denied" in the background.

Can confirm that the new 3.0 MOD from Displax works flawlessly. I just installed it and everything is working.
https://github.com/Displax/safetynet-fix/releases/download/v2.3.1-MOD_3.0/safetynet-fix-v2.3.1-MOD_3.0.zip

seanho12345 said:
Can confirm that the new 3.0 MOD from Displax works flawlessly. I just installed it and everything is working.
https://github.com/Displax/safetynet-fix/releases/download/v2.3.1-MOD_3.0/safetynet-fix-v2.3.1-MOD_3.0.zip
Click to expand...
Click to collapse
I you still have issues with Banking / Wallet app (even passing SN checks) then install Shamiko Module, disable Enforce Deny List and try. This module takes charge of DenyList hidding Zygisk itself and Zygisk modules.

good morning
after maby 20 hours of hiding the magic by Shamiko moldes
itis ok
and fine

I have a Google Pixel 7 with Magisk V25.2, Universal SafetyNetFix V2.4.0 and I still can't install some apps and some other are not even visible in the results.
I've tried with and without the deny list (clearing cache and storage of Google Play service/store/protect), but nothing.
I've spent the last 2 days banging my head on the wall looking for solution, but...nothing.
Do you guys know something that works?

andrea_x said:
Do you guys know something that works?
Click to expand...
Click to collapse
Yes, Canary builds 25206 (831a398b) or 25209 (2717feac) and patch accordingly. Plus the modified safetynet-fix module.

manjaroid said:
Yes, Canary builds 25206 (831a398b) or 25209 (2717feac) and patch accordingly. Plus the modified safetynet-fix module.
Click to expand...
Click to collapse
Wait wait, I'm not familiar with that, how do I get the APK or if it's a Magisk module where do I get the .ZIP?
And what do you mean with "patch accordingly"?
Thanks a lot!

andrea_x said:
Wait wait, I'm not familiar with that, how do I get the APK or if it's a Magisk module where do I get the .ZIP?
And what do you mean with "patch accordingly"?
Thanks a lot!
Click to expand...
Click to collapse
Browse the repo and download app-release.apk. On a PC click the <> symbol to the right. If you're navigating from a phone tap the Browse files button to locate the file. I suggest caution and go with 25206. Anything after it has problems except maybe 25209, which worked ok for me but not for everybody. Once Canary is installed avoid the update button.
First, uninstall your current Magisk and restore init_boot.img back to stock. The phone is unrooted at this point.
Whichever Magisk release you install next, patch init_boot.img with that release. The phone should be rooted at this point.
Then your modules and Magisk configuration.
The safetynet-fix module you want is named safetynet-fix-v2.4.0-MOD_1.2.zip.

andrea_x said:
Wait wait, I'm not familiar with that, how do I get the APK or if it's a Magisk module where do I get the .ZIP?
And what do you mean with "patch accordingly"?
Thanks a lot!
Click to expand...
Click to collapse
magisk-files/canary.json at master · topjohnwu/magisk-files
Magisk File Host. Contribute to topjohnwu/magisk-files development by creating an account on GitHub.
github.com

ziddey said:
magisk-files/canary.json at master · topjohnwu/magisk-files
Magisk File Host. Contribute to topjohnwu/magisk-files development by creating an account on GitHub.
github.com
Click to expand...
Click to collapse
Thanks for your help, but I've installed and the "CTS profile match" test stil fails. and I still can't install some apps.

manjaroid said:
Once Canary is installed avoid the update button.
Click to expand...
Click to collapse
Thanks a lot fr your detailed explanation, you're very kind!
Buuut...the update button is exactly where the install button is, how can I patch the init_boot.img?
Should I really go back to the original init_boot.img first?

andrea_x said:
Thanks a lot fr your detailed explanation, you're very kind!
Buuut...the update button is exactly where the install button is, how can I patch the init_boot.img?
Should I really go back to the original init_boot.img first?
Click to expand...
Click to collapse
I don't know what's up with the buttons. Install is needed to select your file to patch. And yes, when starting over it's usually best to clean patch the boot image with the Magisk release that's running, although not always. If you don't mind posting a screen shot of Magisk it might help get a better perspective.

manjaroid said:
I don't know what's up with the buttons. Install is needed to select your file to patch. And yes, when starting over it's usually best to clean patch the boot image with the Magisk release that's running, although not always. If you don't mind posting a screen shot of Magisk it might help get a better perspective.
Click to expand...
Click to collapse
Here it is the screenshot