Xposed getting detected by app while passing safetynet - Xposed General

Oneplus 5
ACIP 10
Lastest magisk with magisk hide enabled
When I use the app whisper (sh. Whisper), it works fine and dandy. When I install edxposed (sandhook/yafha) it some how detects edxposed and ghosts my account, meaning I can't make posts or send DMs.
It's not detecting the edxposed manager app, because when I uninstall edxposed using the zip, it works. Even the riru module is installed and it still works.
How is this app detecting edxposed being installed and how can I hide it from the app?
I tried with the hiddencore xposed module too and it passes safetynet, Google
Pay works, but only that app detects and ceases use of the app.

ahb83 said:
... When I install edxposed (sandhook/yafha) it some how detects edxposed and ghosts my account, meaning I can't make posts or send DMs.
It's not detecting the edxposed manager app, because when I uninstall edxposed using the zip, it works. Even the riru module is installed and it still works.
Click to expand...
Click to collapse
It probably looks for the package name, or just runs keywords to detect the xposed presence.
I suggest you to install rootcloak, you can hide specific keywords and commands from an apps list you can set, usually after that it stops detecting xposed.
Be careful it probably trips safetynet, but since it's still working for you maybe it doesn't cause any hassle.

Related

Install Xposed from Magisk or Standalone?

removed
My Experience, A standalone Install did not pass "SafetyNet" checks, even the basic integrity check failed.
I just installed it from Magisk as a module but again the same, both the checks (basic and cts) are failing., Just wanted to post this reply to see if somebody has a suggestion so that I can also follow.
Update:
I can conclude that Xposed from magisk is the best choice right now.
Installing Xposed in anyway makes this thing called "safetyNet" fail, and you cannot use apps like Netflix and Google pay.
If you install Xposed as standalone, you have to uninstall xposed to set the safetyNet back to true. (I tried that disabling from 'xposed installer' app isn't helping)
But if you install Xposed via Magisk, it is as good as a module and you can disable Xposed whenever needed from the modules menu of magisk and reboot to use the apps mentioned above..
To put it simple, if a friend were to ask me to send money via Google pay, it is better to ask for 2 minutes to disable Xposed and reboot via magisk.. instead of saying that i have Xposed installed and i cant use the Google pay app.
sagar2208 said:
My Experience, A standalone Install did not pass "SafetyNet" checks, even the basic integrity check failed.
I just installed it from Magisk as a module but again the same, both the checks (basic and cts) are failing., Just wanted to post this reply to see if somebody has a suggestion so that I can also follow.
Update:
I can conclude that Xposed from magisk is the best choice right now.
Installing Xposed in anyway makes this thing called "safetyNet" fail, and you cannot use apps like Netflix and Google pay.
If you install Xposed as standalone, you have to uninstall xposed to set the safetyNet back to true. (I tried that disabling from 'xposed installer' app isn't helping)
But if you install Xposed via Magisk, it is as good as a module and you can disable Xposed whenever needed from the modules menu of magisk and reboot to use the apps mentioned above..
To put it simple, if a friend were to ask me to send money via Google pay, it is better to ask for 2 minutes to disable Xposed and reboot via magisk.. instead of saying that i have Xposed installed and i cant use the Google pay app.
Click to expand...
Click to collapse
Way to go[emoji41][emoji1419]
Sent from my SM-N920T using Tapatalk

Magisk safetynet no longer passing

Within the past month Magisk can no longer pass the safetynet check. Ctsprofile fails and basicintegrity fails. I am on Magisk v20(20000) and Magisk manager v7.3.5(243). I've performed the following steps...
1. Turned off USB debug
2. Confirmed root check fails when hidden by Magisk and does NOT fail when not hidden by Magisk.
Any suggestions?
I found out it was Riru Exposed module. I went into Edexposed, enabled black/whitelist, rebooted, black listed Google play and Google play services, rebooted and safetynet check passed in Magisk.
JDubbed said:
I found out it was Riru Exposed module. I went into Edexposed, enabled black/whitelist, rebooted, black listed Google play and Google play services, rebooted and safetynet check passed in Magisk.
Click to expand...
Click to collapse
I was just about to post the same. Blacklisting those in Edxposed worked for me when nothing else did.
Does this indicate that Google is deploying countermeasures against Xposed framework?
I swapped out the Xposed installer for the Xposed manager and now the blacklist method is working at the moment. Google pay works.
gboybama said:
Does this indicate that Google is deploying countermeasures against Xposed framework?
Click to expand...
Click to collapse
Google has ALWAYS updated SafetyNet to block root users and Xposed users-- That's a large reason why both Magisk and edXposed were created, in the first place. LOL! While it's there to prevent hacking/abuse to understandably legitimate sources (banking apps, auction sites and storefronts, etc.), it's collaborated heavily with Niantic (developers of Pokémon GO) and updated a bunch of its more strict checks because of Pokémon GO.
Thanks to everyone for the tips, though!
Sent from my LG V20 (VS995), Alpha Omega ROM, Oreo 8.0, rooted (Magisk 19.3), using Tapatalk

edxposed v0.4.6.1 + EdXposed Manager = Safetynet Fail

Saw an update, thought cool finally out of beta, but upon upgrading, safetynet fails.
I didn't take a look too much into it, I did see on github that at least some users also had failing safetynet, but this was right at the same time as the google update to safetynet for magisk, so I couldn't rule that out for other users.
I've reverted back to v0.4.5.1 and edxposed installer and safetynet passes. I *think* it might be because edxposed installer has blacklist functionality. I couldn't find the equivalent setting on edxposed manager.
anonxlg said:
Saw an update, thought cool finally out of beta, but upon upgrading, safetynet fails.
I didn't take a look too much into it, I did see on github that at least some users also had failing safetynet, but this was right at the same time as the google update to safetynet for magisk, so I couldn't rule that out for other users.
I've reverted back to v0.4.5.1 and edxposed installer and safetynet passes. I *think* it might be because edxposed installer has blacklist functionality. I couldn't find the equivalent setting on edxposed manager.
Click to expand...
Click to collapse
Latest Xposed Manager try in settings menu scroll down to framework options enable:
App List mode
Pass Safetynet
To enable blacklist function - App List mode has to be enable. Then from main menu select Applications.
thanks, after some testing and restarting that did the trick.
I didn't see that the 'app list mode' is the blacklist and only turned on 'pass safetynet' thinking that was the only think I needed to do
I updated lineage and I can't get safetynet to pass again.
I verified that with edxposed disabled, it passes safetynet. I tried uninstalling/reinstalling edxposed and tried both sandhook and yahfa versions and it doesn't pass.
Scratching my head on how it doesn't working work anymore because from lineage update (my only guess).
anonxlg said:
I updated lineage and I can't get safetynet to pass again.
I verified that with edxposed disabled, it passes safetynet. I tried uninstalling/reinstalling edxposed and tried both sandhook and yahfa versions and it doesn't pass.
Scratching my head on how it doesn't working work anymore because from lineage update (my only guess).
Click to expand...
Click to collapse
In Edxposed Manager try downloading the canary release and flash through Magisk.
Also note that Google is starting to tighten it's grip in regards to Safety Net. Very basically it will fail with an unlocked bootloader.
https://mobile.twitter.com/topjohnwu/status/1237830555523149824
spawnlives said:
In Edxposed Manager try downloading the canary release and flash through Magisk.
Also note that Google is starting to tighten it's grip in regards to Safety Net. Very basically it will fail with an unlocked bootloader.
https://mobile.twitter.com/topjohnwu/status/1237830555523149824
Click to expand...
Click to collapse
I'm aware of that, but in my case, phone passed safetynet (with magisk, edxposed, and all modules the same) before updating lineage.
I should note that this is lineage 15.1 (A8.1) if it matters.
And that phones pre-pie are currently immune to that safetynet check because of old security hardware.
this work: https://repo.xposed.info/module/com.cofface.ivader
anonxlg said:
I'm aware of that, but in my case, phone passed safetynet (with magisk, edxposed, and all modules the same) before updating lineage.
I should note that this is lineage 15.1 (A8.1) if it matters.
And that phones pre-pie are currently immune to that safetynet check because of old security hardware.
Click to expand...
Click to collapse
On my spare S8 I've reinstall unofficial lineage 17.1 ( Android 10 ).
Using latest:
Stable version of magisk / manager
Edxposed manager - 4.5.7
Edxposed canary - 0.4.6.3 ( 4545 ) - Yahfa
Riru core - 19.8
This combination at the moment is passing safety net. Checked using magisk manager + two other apps from playstore. Also have Device is certified through play store. The latest play store version is 19.5.13 for my region.
Edxposed modules installed at moment
Xprivacylua
Minminguard
Resolver Activity Tweaks
installing HiddenCore Module did the trick, but i'm still curious why updating lineage broke safetynet or that using the older rirucore + edxposed passes safety net
I might have figured this problem, let me know if it helps you pass safetynet too as it did work on my device ( OP6T ):
Install everything just as the above steps,
-config magiskhide, install the fingerprints
-Install riru etc, install the canary version of sandhook
-put in airplane mode as soon as you reboot
-enable applist and blacklist google framework and services and playstore (also assuming you have done hidden these in magisk too)
-clear data from services, framework, playstore
- open playstore and check if youre logged in and its working
- Go check safetynet
Gpay is working for me flawlessly
As of april 25 this solution seems to work for me.
nousernamesorry said:
I might have figured this problem, let me know if it helps you pass safetynet too as it did work on my device ( OP6T ):
Install everything just as the above steps,
-config magiskhide, install the fingerprints
-Install riru etc, install the canary version of sandhook
-put in airplane mode as soon as you reboot
-enable applist and blacklist google framework and services and playstore (also assuming you have done hidden these in magisk too)
-clear data from services, framework, playstore
- open playstore and check if youre logged in and its working
- Go check safetynet
Gpay is working for me flawlessly
As of april 25 this solution seems to work for me.
Click to expand...
Click to collapse
I followed your order, but in magisk I have passed safetynet, but CTS and basicIntegrity is false
This the screenshot... S9 rooted + custom rom android 10 + kernel custom
Without xposed I had both positives
bmw320cd said:
I followed your order, but in magisk I have passed safetynet, but CTS and basicIntegrity is false
This the screenshot... S9 rooted + custom rom android 10 + kernel custom
Without xposed I had both positives
Click to expand...
Click to collapse
Sorry man, this solution no more works. It broke after April 27th.
So is there no current method to have edxposed/ru working while passing safetynet? Thanks
djjohnnyblaze said:
So is there no current method to have edxposed/ru working while passing safetynet? Thanks
Click to expand...
Click to collapse
At the moment still passing safety net using latest Riru core module + latest canary release of Edxposed.
System Crashes
nousernamesorry said:
I might have figured this problem, let me know if it helps you pass safetynet too as it did work on my device ( OP6T ):
Install everything just as the above steps,
-config magiskhide, install the fingerprints
-Install riru etc, install the canary version of sandhook
-put in airplane mode as soon as you reboot
-enable applist and blacklist google framework and services and playstore (also assuming you have done hidden these in magisk too)
-clear data from services, framework, playstore
- open playstore and check if youre logged in and its working
- Go check safetynet
Gpay is working for me flawlessly
As of april 25 this solution seems to work for me.
Click to expand...
Click to collapse
My system UI is crashing sometimes. Is it because of edxposed? I followed these steps and successfully passed the SafetyNet check. But my system is crashing sometimes!
I'm using sudohide module only!
romee_ahuja said:
My system UI is crashing sometimes. Is it because of edxposed? I followed these steps and successfully passed the SafetyNet check. But my system is crashing sometimes!
I'm using sudohide module only!
Click to expand...
Click to collapse
Hey, it could be that, maybe you have a module like gravitybox installed which is conflicting with your system configurations.
If not that, try disabling edxposed modules from magisk itself. If that fixes the solution, then it might be edxposed
One solution is disable module like gravitybox or update gravitybox

Cannot pass safetynet after uninstalling edxposed

This is a weird one.
To start, my phone has latest magisk, and passed safety net.
I once again am trying out edxposed (seeing if the game I'm playing still detects, and yes it does).
So, I managed to install edxposed (with hiddencore), magisk working and passing safetynet (check screenshot), however, as mentioned, game still detects something and refuses to start (another note is that the game starts without issues with just magisk and safetynet passed).
Because game doesn't work, I uninstalled hiddencore, edxposed, and riru core (in that order) and somehow magisk cannot pass safetynet anymore.
I've tried everything over again plus countless restarts to get a screenshot of my phone with edxposed and safetynet passed.
-edit-
clearing playstore data did the trick
Hi,
Did u fix your problem ?
Thanks!
Just to be clear, you have only Magisk and Edxposed WITHOUT HiddenCore module installed, and you're passing SN and your game runs fine without detecting root?
I'm a little confused about the order of events and the steps you took, because it reads like you installed edxposed and HiddenCore at the same time (HiddenCore will merely mask SN success test in magisk, it doesn't actually fix the issue as other tester apps more accurately fail to pass SN with edxposed installed. Then you describe you uninstalled all of riru/edxposed framework and hiddencore and then a screen shot of edxposed with Magisk SN test passing??? Okay so, did you reinstall hiddencore? Did you run the test after several reboots to confirm reliability? The game you mentioned, did that quit detecting edxposed? What did you do here exactly?
1. don't consider Magisk's SafetyNet as trustable. Test with other apps like org.freeandroidtools.safetynettest (SafetyNet Test 1.2.1). Or open google play and search for Netflix, and see in Setting at the bottom should say Device is/not certified. Before that clear the Google Play Store Cache и Data Storage because it will remember the previous state and will show an old state.
2. Dont need to uninstall the whole EdXposed and frameworks. Just go in Magisk and turn off the Riru Core framework. Restart. And the SafetyNet should work again. But then GravityBox (and other apps using edXposed) will stop working
3. Yes, recently it stop working for me too, coz Google did next dirty thing. Before I was passing SafetyNet. I had Riru Core 21.3 + EdXposed YAHFA v0.5.0.6 Canary + EdXposedManager v4.5.7 + GravityBox
4. I solve the problem, now I pass SafetyNet again, my GravityBox is working, Google Play show device is certified, all good, so I am happy again. What I did is:
5. Restored my old backup. If I have installed EdXposed-SandHook-v0.5.0.6 Canary I am not able to uninstall it preperly and restore the phone, so whatever I do after it always break SafetyNet. Somehow SandHook mess the phone in irreversible way so the only way out is to flash old backup. That's why I was using EdXposed YAHFA v0.5.0.6 Canary which dont mess the phone and after uninstall phone can pass SafetyNet. So maybe is was not necessary to restore the old backup...
I use LG V20 with LineageOS 17.1 Android 10
6. installed the taichi-v6.2.2.zip framework in Magisk.
https://magiskroot.net/download-xposed-for-android-10/
https://magiskroot.net/taichi-magisk-module/
https://github.com/taichi-framework/TaiChi/releases
https://virtualxposed.com/tai-chi/
https://taichi.cool/download.html
https://github.com/taichi-framework/TaiChi/issues/1153
installed TaiChi 6.4.0.apk
in Modules I enable GravityBox only. Do NOT enable HiddenCore Module because it is detected and if I enable it fail the SafetyNet
in /system/etc/hosts I put this to block connections:
127.0.0.1 techavenue.net
127.0.0.1 www.techavenue.net
127.0.0.1 chinatelecom.com.cn
127.0.0.1 www.chinatelecom.com.cn
127.0.0.1 alibaba.com
127.0.0.1 www.alibaba.com
Click to expand...
Click to collapse
I dont advice you using TaiChi blindly. I just share what I did to have GravityBox with SafetyNet working. You can Thanks me if you find my tips helpful.... But choosing TaiChi is your decision, you can take a look some controversial topic about TaiChi here https://forum.xda-developers.com/xposed/warning-taichi-t4012681

HushSms Do not Work on Edxposed or LSposed

I have tried Edxposed and LSposed with Riru on Android 10 (Samsung A30) and 8.1 (Samsung j7 Prime), HushSms can not send Class 0 SMS. Then I tried Xposed from Magisk modules it also did not work because it says Xposed Installed but not Active" (This happen on my device because It is Samsung J7 Prime (Probably because of A/B partitions))". So I manually Installed exposed through exposed installer app. It worked amazingly.
So It proves there is some issues in Edxposed and LSposed that is why they can not send Class 0 SMS even they show Green message like properly installed in their respective manager apps. But they do not actually provide full functionality as compared to former Systemless Xposed Installer.
I managed to get it working with LSposed on my OnePlus 8 Pro rooted with Magisk running Android 11 (I've also flashed systemrw_1.32 for other reasons but I'm not sure if that made any difference here).
First you need to install LSposed through magisk, then install the HushSMS apk. Then enable the module through LSposed and give it access to system framework and all system apps (I'm sure some aren't needed but I haven't gotten a chance to see which are and aren't yet). Then you need to install the old xposed installer apk and run the app. It will say xposed is not installed, but this is fine. It seems the HushSMS apk itself just checks to see if this app is installed. Finally, you can reboot and it should work fine.
Also after installing the old xposed installer, you should see "HushSMS (version #) using Xposed Framework" in green at the top of the app if it's working.
Partial Science said:
I managed to get it working with LSposed on my OnePlus 8 Pro rooted with Magisk running Android 11 (I've also flashed systemrw_1.32 for other reasons but I'm not sure if that made any difference here).
First you need to install LSposed through magisk, then install the HushSMS apk. Then enable the module through LSposed and give it access to system framework and all system apps (I'm sure some aren't needed but I haven't gotten a chance to see which are and aren't yet). Then you need to install the old xposed installer apk and run the app. It will say xposed is not installed, but this is fine. It seems the HushSMS apk itself just checks to see if this app is installed. Finally, you can reboot and it should work fine.
Also after installing the old xposed installer, you should see "HushSMS (version #) using Xposed Framework" in green at the top of the app if it's working.
Click to expand...
Click to collapse
You are a star sir!
I'm so glad I came across your post, I can confirm I have managed to get it working on my Samsung S20+ Android 12 with LSPosed Zgisk
I didn't need to install the systemrw, all I did was install the old xposed installer apk and gave access in LSPosed to system framework and a few other by typing "com.samsung" in search.
Thank you so much. ☺

Categories

Resources