Anyone experiencing GPay issues on EU ROM, I got this working by updating the certificate.
Fingerprint payments - Widevine L1 - Update Certificate
Not tested in store yet, will report back when I get a chance
Before updating cert GPay check had cross on last point re phone security
This is the only thing that stopped me from unlocking the bootloader and flashing the EU Rom. I don't want any problems with GPay in the future so will stick with the Chinese Rom for now.
and this doesn't work for me. I'm going a bit crazy, I use Gpay religiously.
Any ideas?
Just flash back the latest Chinese stock ROM until a fix is found.
I am on the eu rom, with latest magisk, the modified trwp for thos device, and the latest Edxpos3d Canary build installed as well. Initially had an issue with with Pokemon Go not working and Gpay stopped working after I realized that Cts profile in Magisk wasn't passing anymore. I also use Workspace for work and it wouldn't work as well. My Chase and Barclays app worked fine though. I reinstalled the EU Rom again through Twrp and Gpay and Pokemon go worked again with location spoofer as well using Smali Patcher. But today at these store after trying to used Gpay I kept on receiving an error stating thaty device was modified. I tried Rehiding Magisk, installing random Safety Modules to pass safety and it still wouldn't pass. I just installed the MagiskHide Props module from Magisk and I changed my fingerprint to prop to the Pixel 4xls, restarted the phone, and now my Pokemon Go and Gpay work again as well as Passing the Cts Profile in Magisk. I also Forced Basic key attestation in the MagiskHide props module using terminal. The command in terminal for this module is used by executing "su" (without quotes) for root access in terminal and then running command "props" without quotes
offiiciallialngl said:
I am on the eu rom, with latest magisk, the modified trwp for thos device, and the latest Edxpos3d Canary build installed as well. Initially had an issue with with Pokemon Go not working and Gpay stopped working after I realized that Cts profile in Magisk wasn't passing anymore. I also use Workspace for work and it wouldn't work as well. My Chase and Barclays app worked fine though. I reinstalled the EU Rom again through Twrp and Gpay and Pokemon go worked again with location spoofer as well using Smali Patcher. But today at these store after trying to used Gpay I kept on receiving an error stating thaty device was modified. I tried Rehiding Magisk, installing random Safety Modules to pass safety and it still wouldn't pass. I just installed the MagiskHide Props module from Magisk and I changed my fingerprint to prop to the Pixel 4xls, restarted the phone, and now my Pokemon Go and Gpay work again as well as Passing the Cts Profile in Magisk. I also Forced Basic key attestation in the MagiskHide props module using terminal. The command in terminal for this module is used by executing "su" (without quotes) for root access in terminal and then running command "props" without quotes
Click to expand...
Click to collapse
interesting - changing the build.prop passes CTS? If so then it can be fixed with next EU rom release
offiiciallialngl said:
I am on the eu rom, with latest magisk, the modified trwp for thos device, and the latest Edxpos3d Canary build installed as well. Initially had an issue with with Pokemon Go not working and Gpay stopped working after I realized that Cts profile in Magisk wasn't passing anymore. I also use Workspace for work and it wouldn't work as well. My Chase and Barclays app worked fine though. I reinstalled the EU Rom again through Twrp and Gpay and Pokemon go worked again with location spoofer as well using Smali Patcher. But today at these store after trying to used Gpay I kept on receiving an error stating thaty device was modified. I tried Rehiding Magisk, installing random Safety Modules to pass safety and it still wouldn't pass. I just installed the MagiskHide Props module from Magisk and I changed my fingerprint to prop to the Pixel 4xls, restarted the phone, and now my Pokemon Go and Gpay work again as well as Passing the Cts Profile in Magisk. I also Forced Basic key attestation in the MagiskHide props module using terminal. The command in terminal for this module is used by executing "su" (without quotes) for root access in terminal and then running command "props" without quotes
Click to expand...
Click to collapse
Have you commented on the bug list for the 10 ultra in the Xiaomi.EU forum to let them know how you fixed yours? It is them who can get it added to the next fixes
Hello, thanks a looot for sharing your solution!
I've a little problem with this part: "and I changed my fingerprint to prop to the Pixel 4xls"
I don't find whereor how change this setting!
Please could you let me know how?
Thanks you so much!
Inviato dal mio M2007J1SC utilizzando Tapatalk
I haven't posted how I fixed this on the Xiaomi EU forum.
The curious thing is that I bootlooped my phone two days ago by installing the Viper Module from Magisk and again I couldn't pass the Cts profile in Magisk. My safetynet failed. Pokemon Go would keep on asking me to login and Gpay wouldn't work.
I fixed this again by using MagiskHide Module but this time using the latest Magisk Canary build. The normal Magisk 20.4 works fine as well.
The fix is to root your phone using Magisk, install Magisk via Twrp, install the Magisk Manager Apk. Once in Magisk Manager install the HideMagisk Module.
Also have a terminal app installed. Once you have gotten to this step in terminal run command "su" without quotes.
After execute command "props"
Follow the instructions that the terminal gives to you but only updating Force Basic Key Attestation and change the Fingerprint prop value. Both values can be set to the Pixel 4xls. This only seems to break Google Chrome for me. I can only fix the chrome issue by uninstalling the MagiskHide Prop.
Installing Edexposed after all of this breaks everything again so don't attempt to install Edxposed. It breaks SafetyNet.
Any news about a Google Pay fix? Thanks a lot
Inviato dal mio M2007J1SC utilizzando Tapatalk
So is Gpay working on EU rom?
Do you have to root your phone to install the EU rom?
The issue is with the rom or the root?
Thanks
Tried today at 5 Guys, the phone scanned about 30cm from the card reader.
No issues.
I've finally fixed Gpay or it seems working now...
Thanks a lot to this thread and the authors!!!
So after installing Magisk and MagiskHide (i've activated it and also selected every Google app in my phone, also if unecessary), I've used a terminal app, like Termux, then I've typed:
Su
Props
In this menu I've changed the fingerprint profile with Google Pixel 4x (worked for me), then I've enabled "Force the basic key attestation", rebooted the smartphone and WOW!
Cts profile fixed!!!
Thanks a lot!!!!
NOTE: I think the most important part after Magisk and MagiskHide was enable "Force Basic key attestation", so perhaps is unuseful change also the fingerprint profile... How I can re-set the original profile in Mi 10 Ultra?
Same fixed I posted on another thread and this one for this forum. Glad it worked for you as well. So it confirms that changing the prop values fixes this issue
I'm running 20.9.3and this doesn't work for me. I'm going a bit crazy, I use Gpay religiously.
Security Screen on gpay
Error I get
All my certs are up to date
Any ideas?
Click to expand...
Click to collapse
Exact same issue here. Any solution would be great SafetyNet passed, Widevine L1 but still
It seems to be an issue with the (for now latest weekly) 20.9.24 eu rom. This didn't seem to happen with the first weekly (20.9.3) and the latest stable rom (xiaomi.eu_multi_MI10Ultra_V12.0.10.0.QJJCNXM_v12-10) also doesn't seem to have safetynet or L1 problems. Thus no need to root the device with either of those roms to solve the issue. Imo, rooting to solve the issue is creating another issue which needs constant attention and thus a bigger problem (security risk) than the one it is supposed to be a sollution for.
In my opinion some ppl like to take risk while modifying their device. I root my phones for the purpose of breaking it and fixing in while it being my daily driver.
Just like why unlock the bootloader on your device if you are already compromising the security of your device for trying to install the eu rom.
Appelsap said:
It seems to be an issue with the (for now latest weekly) 20.9.24 eu rom. This didn't seem to happen with the first weekly (20.9.3) and the latest stable rom (xiaomi.eu_multi_MI10Ultra_V12.0.10.0.QJJCNXM_v12-10) also doesn't seem to have safetynet or L1 problems. Thus no need to root the device with either of those roms to solve the issue. Imo, rooting to solve the issue is creating another issue which needs constant attention and thus a bigger problem (security risk) than the one it is supposed to be a sollution for.
Click to expand...
Click to collapse
Are you sure that V12.0.10.0 has no problems? As I have 20.9.3 and it's broken for me.
Odd, it was fine with that beta for me earlier, just did a check and the 12.0.10.0 now fails the CTS - although I haven't had any problems with it. Widevine is still L1 though.
Verstuurd vanaf mijn M2007J1SC met Tapatalk
For me this worked fine. I had no Problems. I just flashed the eu rom and it worked fine out of the box.
Related
I got a problem. My Google Pay app doesn't work. I got magisk v18 with 2 modules: "universal safetynet fix v3-beta1 (magisk v17 fix)" and google face unlock. When I check the status it shows the two "ctsprofile" and "basicintegrity" as true both. In magisk hide, I selected "Google Pay" and "NFC service" apps, but also without their selection it isn't still recognized by a pos. Now, I'm really sure my payment card works, my bro one with a phone unrooted works fine.
How should I do for make pos recognize my LG H815 rooted Gpay?
Sorry my bad english
p.s. I haven't any xposed or similar installed.
On my OP6 with OOS 9.0.3, CTS returns false without any additional modules and Google Pay and other apps detect root and refuse to work. That happened with the update from 17.2 to 18.0
Unfortunately, I got no helping hint in the main support thread or in the other thread here reporting on failing banking apps.
Later... after downgrading to Magisk 17.2, MagiskHide is working again... an issue is open on Github on that.
Yeah but gpay still not working in my phone, also with magisk 17.2
theicecave said:
Yeah but gpay still not working in my phone, also with magisk 17.2
Click to expand...
Click to collapse
I'll try that when I'm next time in a shop here... but as Safetynet works, GPay should too...
akxak said:
I'll try that when I'm next time in a shop here... but as Safetynet works, GPay should too...
Click to expand...
Click to collapse
And that's the paradox. Lemme know.
Just was at a shop and paid successfully with Google Pay. 17.2 rocks.
Idk why mine is not recognized by pos. And for sure I can say that my NFC works, I use it with my headsets. It's a problem with my phone, it's rooted, and that's it. Gpay cannot be used with root, although it accepted my card payment card after I protected my ctsprofile etc. I lost hope
My OP6 is unlocked and rooted with Magisk. Back on 17.2 SafetyNet checks succeed again and I just could pay... with Magisk 18 though it failed.
What phone and how did you root?
akxak said:
My OP6 is unlocked and rooted with Magisk. Back on 17.2 SafetyNet checks succeed again and I just could pay... with Magisk 18 though it failed.
What phone and how did you root?
Click to expand...
Click to collapse
Which module do you use to protect safetynet, ctsprofile etc?
Just asking.. 'cause, as I told, also with magisk 17.2 it doesn't work.
No module, just plain Magisk and MagiskHide on Google Pay.
akxak said:
No module, just plain Magisk and MagiskHide on Google Pay.
Click to expand...
Click to collapse
No module? I need necessary to use "universal safetynet fix" to activating all 4 green checks on main page of magisk. Without it, last 2 (inside safetynet fix) are red: ctsprofile:false and basicintegrity:false.
And magisk hide with or not selecting gpay doesn't change anything.
However I'm considering the main problem is my rom, resurrection remix.
On OOS I have only two arrows...
ctsProfile and basicIntegrity
But I am on a stock rom
Yeah sorry my bad, I mean just these two.
I'm considering to flash my stock rom again. But it was Android 6. I should set nova launcher and lots of changes to modernize it : D
Also my bro used a stock one to let gpay work. Modded all ones seems not working.
I'm on Android 9 Pie... Nova is great, I use it myself.. with starting on the Oneplus, I stuck to the stock OS and had gold experiences... on the OP6 even mire as I can update it and keep it rooted from within the OS not needing TWRP anymore... allowing an easy upgrade process.
Just flashed up the stock rom of my H815. I installed magisk 17.2 (it's an android nougat). I activated MagiskHide only for Google Pay; now safety net says ctsProfile: false and basicIntegrity: true. I watched this thread and just at beginning of section Safetynet fix - changing device fingerprint seems to be my problem. But my phone hasn't fingerprint (rofl). So after installing modules MagiskHide Props Config and Busybox by osm0sis cts is still false. Watched this because seems the only well built guide about; this problem is splitted anywhere. No more ideas.
theicecave said:
Just flashed up the stock rom of my H815. I installed magisk 17.2 (it's an android nougat). I activated MagiskHide only for Google Pay; now safety net says ctsProfile: false and basicIntegrity: true. I watched this thread and just at beginning of section Safetynet fix - changing device fingerprint seems to be my problem. But my phone hasn't fingerprint (rofl). So after installing modules MagiskHide Props Config and Busybox by osm0sis cts is still false. Watched this because seems the only well built guide about; this problem is splitted anywhere. No more ideas.
Click to expand...
Click to collapse
If I understand you correctly, I think you've misunderstood... It's not about a fingerprint scanner, it's the device fingerprint property that needs to change. You'll have to run the props script and select a certified fingerprint from the list (the module is not a flash and forget module). But if you're on a stock ROM I would expect the CTS check to pass, so there might be something else going on. Anyway, try changing the device fingerprint and see if anything changes.
Didgeridoohan said:
If I understand you correctly, I think you've misunderstood... It's not about a fingerprint scanner, it's the device fingerprint property that needs to change. You'll have to run the props script and select a certified fingerprint from the list (the module is not a flash and forget module). But if you're on a stock ROM I would expect the CTS check to pass, so there might be something else going on. Anyway, try changing the device fingerprint and see if anything changes.
Click to expand...
Click to collapse
Idk how to do this and where is this list. He just attached a .zip on his thread.
Or maybe I do not understand english enough. Very probably.
theicecave said:
Idk how to do this and where is this list. He just attached a .zip on his thread.
Or maybe I do not understand english enough. Very probably.
Click to expand...
Click to collapse
If you're talking about the thread you linked, the "he" is me...
Take a look in the module documentation, most things should be covered there. But basically, what you need is a Terminal emulator where you just type 'props' and press enter. After that you can just follow the ui to do the rest.
Didgeridoohan said:
If you're talking about the thread you linked, the "he" is me...
Take a look in the module documentation, most things should be covered there. But basically, what you need is a Terminal emulator where you just type 'props' and press enter. After that you can just follow the ui to do the rest.
Click to expand...
Click to collapse
Solved following this. In effect, not so different on what were you talking about in your guide. At the moment both ctsprofile and basicintegrity are true, I just need to try Google Pay in a pos.
Hi guys
I recently decided to root my Exynos S21U, all fine to far but I'm fighting to get Google Pay to work properly - so far without success.
Has anybody here got a rooted S21U with working Gpay and could kindly share what you did to make it work?
Thanks,
Axel
U dont need root to have google pay.
Download apk from here and install it on your device:
https://apkpure.com/google-pay/com.google.android.apps.walletnfcrel
Beso said:
U dont need root to have google pay.
Download apk from here and install it on your device:
https://apkpure.com/google-pay/com.google.android.apps.walletnfcrel
Click to expand...
Click to collapse
I don't think he's rooting to get Google Pay.
He wants a rooted phone, but is dealing with the side effect that it renders GPay un-usable.
Correct me if I'm wrong @s3axel
BTW @s3axel , have you tried Magisk Hide?
Yes, my device is rooted and I want to get Gpay to work
What I tried so far, all without success (of course all With Magisk Hide enabled for at least Gpay, Google Play Services and Google Framework)
- Magisk Stable
- Magisk Canary
- Props Magisk module
- Safetynet Fix 1.1.1
Funny enough everything is working fine in my other phone (Mi11U) with Magisk Stable and Magisk Hide enabled, nothing else...
Thus I was curious for reports from people who use their S21U rooted and with Gpay to learn what I need to do.....
s3axel said:
Yes, my device is rooted and I want to get Gpay to work
What I tried so far, all without success (of course all With Magisk Hide enabled for at least Gpay, Google Play Services and Google Framework)
- Magisk Stable
- Magisk Canary
- Props Magisk module
- Safetynet Fix 1.1.1
Funny enough everything is working fine in my other phone (Mi11U) with Magisk Stable and Magisk Hide enabled, nothing else...
Thus I was curious for reports from people who use their S21U rooted and with Gpay to learn what I need to do.....
Click to expand...
Click to collapse
It's possible to make it work (I'm on S21 Ultra 5G, latest Magisk canary, AUC8).
Follow these instructions to the letter and you'll get going ;-)
Working: Magisk with Google Pay as of gms 17.1.22 on Pie
Ok. I tried this and it worked on gms 17.1.22, allowing one to add cards and pay in store. Warning YMMV, but this is the process I did to get this working. One caveat is that I suspect users will have to reverse some step if gms is updated and...
forum.xda-developers.com
By the way, once you succeed in make it work, I suggest you update the thread title with something like [SOLVED] or [WORKING], so other newcomers can benefit from it
rodrigofd said:
It's possible to make it work (I'm on S21 Ultra 5G, latest Magisk canary, AUC8).
Follow these instructions to the letter and you'll get going ;-)
Working: Magisk with Google Pay as of gms 17.1.22 on Pie
Ok. I tried this and it worked on gms 17.1.22, allowing one to add cards and pay in store. Warning YMMV, but this is the process I did to get this working. One caveat is that I suspect users will have to reverse some step if gms is updated and...
forum.xda-developers.com
By the way, once you succeed in make it work, I suggest you update the thread title with something like [SOLVED] or [WORKING], so other newcomers can benefit from it
Click to expand...
Click to collapse
Thanks, this worked fine once I found the correct Magisk module
Just for reference flashing this module did its magic and kept the fingerprint in 3rd party apps working...
I rooted magisk so I could get LogoPlus but the ctsprofile won't clear for the safety net check. I am running the latest LineageOS and have tried the latest kdrag0n universal fix and followed this guide:
. Play Protect is still showing that the device is not certified. I am not using Magisk Canary I don't know if that matters or not.
Solution: I ended up getting the MagiskHide Props Config Module and using a virtual terminal to change the fingerprint. Fixed my issue.
AlphaWolf627 said:
I rooted magisk so I could get LogoPlus but the ctsprofile won't clear for the safety net check. I am running the latest LineageOS and have tried the latest kdrag0n universal fix and followed this guide:
. Play Protect is still showing that the device is not certified. I am not using Magisk Canary I don't know if that matters or not.
Solution: I ended up getting the MagiskHide Props Config Module and using a virtual terminal to change the fingerprint. Fixed my issue.
Click to expand...
Click to collapse
Which fingerprint did you go with?
Anonymous11289 said:
Which fingerprint did you go with?
Click to expand...
Click to collapse
I tried all the Google pixel ones and the razer phone ones both worked pretty sure you could select anything
Hi
I succeded in rooting this phone without TWRP following this guide and applied the SafetyNet Fix without success.
I have also a rooted Poco X3 NFC with stock MIUI 12.5 where SafetynetFix is working fine. I have not flashed TWRP on the POCO, but I just use TWRP to boot into recovery, when needed.
Anyone succeded in having the RN 10s rooted with GPay working?
Thanks
no success for me too
Yup google pay is working for me. Make sure safetynet passes. I followed this: Root then install magisk as an app with different name, enabled magisk hide, enable safetynet fix, reboot and then install google pay
abhinavprateek said:
Yup google pay is working for me. Make sure safetynet passes. I followed this: Root then install magisk as an app with different name, enabled magisk hide, enable safetynet fix, reboot and then install google pay
Click to expand...
Click to collapse
Safetynet unfortunately does not pass.
Which version of SafetyNet Fix did you use?
I will check again.
Thanks
This one: https://github.com/kdrag0n/safetynet-fix
You need to install magisk and riru for it to work
abhinavprateek said:
Yup google pay is working for me. Make sure safetynet passes. I followed this: Root then install magisk as an app with different name, enabled magisk hide, enable safetynet fix, reboot and then install google pay
Click to expand...
Click to collapse
When you say "install magisk as an app with different name" you mean that I have to install Magisk normally, then from the Magisk settings, reinstall with different name to hide it from other app.
Is it correct?
Thanks
THANKS @abhinavprateek
Finally it's working!!!
Probably the issue was the correct version of SafetyNet Fix that has to be the Riru one, version 2.1.2 actually (and Riru has to be installed in Magisk previously, as you wrote).
After installing Safetynet fix I cleared all data in those apps:
Google Pay
Play Store
Play Services
and rebooted
Then the safetynet check in Magisk was working ad also Google Pay
So I'm trying to get Android 12 working with root and SafetyNet passing. I found that all the guides to be wrong or outdated. Problem with the latest Magisk canary is that it does not support MagiskHide. Problem with the latest stable Magisk (v23) is that it doesn't support Android 12. Here are the combinations I've tried:
Canary Magisk APK, Canary Magisk boot image, with Universal SafetyNet Fix v2.2.1 (Zygisk)
Result: No way to test if safety net passes within Magisk, but it doesn't seem to work.
Canary Magisk APK, Stable Magisk v23 boot image, with Universal SafetyNet Fix v2.1.3 (Riru)
Result: Does not work. MagiskHide automatically turns off after every reboot, probably because the canary boot image does not support it.
Stable Magisk v23 APK, Stable Magisk v23 boot image
Result: Device fails to boot. fast food indicates in an invalid signature. presumably happening because stable magisk v23 does not support Android 12.
Based on these test results these are my assumptions:
1. There is no way to run Magisk 23 on Android 12, and this article and its screenshot are fake:
https://www.droidwin.com/how-to-roo...k-on-android-12/#STEP_6_Boot_to_Fastboot_Mode
and this also does not work: https://krispitech.com/how-to-pass-safetynet-on-rooted-android-12/
OR
It was possible and Android 12 September 5th patch level but somehow not the latest December build?
There is no advantage to running mismatched Magisk APK and boot image versions
Both the Zygisk and Riru versions of the SafetyNet Fix do not work on the latest Android 12 builds.
The new DenyList system does nothing in allowing a SafetyNet bypass.
The ONLY working method That can possibly bypass safety net on Android 12 is using either of these 2 Magisk forks:
Custom Magisk by TheHitMan7 (Can’t find download link)
Alpha Magisk by vvb2060 (Can’t find download link)
Are these assumptions correct? Can someone please correct my misunderstandings?
You need Universal Safetynet Fix v2.2.0 or v2.2.1 which was just released 10 days ago.
To be honest, I haven't tried v2.2.1 yet, but I would imagine it will work. I'm on v2.2.0 right now.
Get it from here: https://github.com/kdrag0n/safetynet-fix
I have been using Magisk Canary 23016, USNF 2.2.0, and MagiskHide Props Config 6.1.2 on my Pixel 5 running the December Android 12 release. SafetyNet passes, GPay works.
I have DenyList blocking both GPay and Google Play Store..
Either you have something configured wrong, or you're having a unique issue. Others have been able to pass SafetyNet using a similar configuration.
No, Magisk Stable does not currently support Android 12. You MUST use Canary 23016; none of the previous builds properly handle the vbmeta flags in the boot image header.
I'm using the latest magisk canary, USNF 2.2.1 and no magisk hide props and am passing. I have Zygisk enabled, but that's about it. Install was flawless. Followed V0latyle's thread on going from A11 to A12 when the canary update dropped.
Thank you everyone, I got it working the way you said! I was super close.
-----------------------------------
V0latyle said:
I have been using Magisk Canary 23016, USNF 2.2.0, and MagiskHide Props Config 6.1.2 on my Pixel 5 running the December Android 12 release. SafetyNet passes, GPay works.
I have DenyList blocking both GPay and Google Play Store..
Either you have something configured wrong, or you're having a unique issue. Others have been able to pass SafetyNet using a similar configuration.
No, Magisk Stable does not currently support Android 12. You MUST use Canary 23016; none of the previous builds properly handle the vbmeta flags in the boot image header.
Click to expand...
Click to collapse
I only blocked play services with deny list and it worked.
One of the guides told me to flash stock vbmeta (idk what this is), and this bricked it until I re-flashed the ROM. But I guess that's not needed anymore.
flyoffacliff said:
Thank you everyone, I got it working the way you said! I was super close.
-----------------------------------
I only blocked play services with deny list and it worked.
One of the guides told me to flash stock vbmeta (idk what this is), and this bricked it until I re-flashed the ROM. But I guess that's not needed anymore.
Click to expand...
Click to collapse
Which guide?
V0latyle said:
Which guide?
Click to expand...
Click to collapse
How to Root Pixel Devices via Magisk on Android 12
In this comprehensive tutorial, we will show you detailed steps to root your Pixel device via Magisk running Android 12.
www.droidwin.com
On step 7. It says it's not necessary for some reason on newer devices but pixel 5 and older still require it. What does flashing this file actually do? Like what's the file made of?
flyoffacliff said:
How to Root Pixel Devices via Magisk on Android 12
In this comprehensive tutorial, we will show you detailed steps to root your Pixel device via Magisk running Android 12.
www.droidwin.com
On step 7. It says it's not necessary for some reason on newer devices but pixel 5 and older still require it. What does flashing this file actually do? Like what's the file made of?
Click to expand...
Click to collapse
Nothing needs to be done with vbmeta as long as you're using Magisk 23016.
I'll try to explain what it is and what it does as simply as I can but there isn't really a simple explanation...
Some components of Android system security, such as Verified Boot, incorporate a means by which the data being loaded from critical partitions is checked in real time as it is loaded. This is called "device-mapper verity". The raw data itself is read at the block device level and used to create a hash; this hash is then compared to a reference hash to determine the data has not been modified. The partition that contains this reference hash is vbmeta.
When the Android 12 beta was first released, Magisk had not yet been updated to properly handle Android 12 boot image headers. Verified Boot is disabled for the most part when the bootloader is unlocked; however some elements still remain to ensure you're booting a proper device boot image. Magisk did not preserve necessary information in the boot headers, so the device wouldn't boot; we would get a message in bootloader stating failed to load/verify boot images
We figured out a workaround for this: disable dm-verity and vbmeta verification altogether. This was done by flashing the vbmeta partition with those two options:
Code:
flash vbmeta vbmeta.img --disable-verity --disable-verification
The problem with this is it has some sort of safety interlock that prevents system from loading if verity/verification are disabled and /data isn't clean. So, rooting required wiping data. You probably discovered this during your "brick": you got a screen reading Cannot load Android system. Your data may be corrupt.
We also discovered that the vbmeta workaround had to be performed every time vbmeta was flashed - meaning no OTA updates, because if vbmeta was flashed without the disable options, we wouldn't be able to boot a patched boot image, and even if we re-disabled verity/verification, the device still wouldn't boot unless data was clean. The only way to update AND reroot AND keep data was to ensure that verity and verification were disabled every time the device was updated.
Fortunately, Magisk 23016 fixed all of this. We don't have to mess with vbmeta anymore. Magisk properly preserves the flags in the boot header, meaning that AVB recognizes it as a legitimate boot image, and the device is happy.
has anyone able to pass safety CTSprofile ?
Basic integrity is pass but CTSprofile Check isnt passed...
anybody able to pass in A12 (OnePlus Nord)
tried all effort but dint work, even Universal SafetyNet Fix v2.2.1 (Zygisk) isnt working..
its makes Basic Integrity Fail after Flash ( Universal SafetyNet Fix v2.2.1 (Zygisk).
I roll back to A11 then sadly....
shhahidxda said:
has anyone able to pass safety CTSprofile ?
Basic integrity is pass but CTSprofile Check isnt passed...
anybody able to pass in A12 (OnePlus Nord)
tried all effort but dint work, even Universal SafetyNet Fix v2.2.1 (Zygisk) isnt working..
its makes Basic Integrity Fail after Flash ( Universal SafetyNet Fix v2.2.1 (Zygisk).
I roll back to A11 then sadly....
Click to expand...
Click to collapse
You're doing something wrong. Don't overlook anything. I'm on Android 12.1 and pass safety net, Google pay works, Netflix works.
Have you configured the deny list in magisk?? If not do that then. I'd start fresh, don't connect to anything on first start. Hide everything about those Google apps. Then add your accounts etc etc. This is what worked for me no problem
thatsupnow said:
You're doing something wrong. Don't overlook anything. I'm on Android 12.1 and pass safety net, Google pay works, Netflix works.
Have you configured the deny list in magisk?? If not do that then. I'd start fresh, don't connect to anything on first start. Hide everything about those Google apps. Then add your accounts etc etc. This is what worked for me no problem
Click to expand...
Click to collapse
I would like to know, how you are able to pass? I mean It is passed using Universal safetynet fix by Kdragon?
or without fix?
as you mention in your screenshot that you have put all google services in denylist,
I've already done that..
anything else ? you done it? can you show screenshot of your safetynet pass??
shhahidxda said:
I would like to know, how you are able to pass? I mean It is passed using Universal safetynet fix by Kdragon?
or without fix?
as you mention in your screenshot that you have put all google services in denylist,
I've already done that..
anything else ? you done it? can you show screenshot of your safetynet pass??
Click to expand...
Click to collapse
I'm using the latest safetynet fix v2.2.1 Kdragon
thatsupnow said:
I'm using the latest safetynet fix v2.2.1 Kdragon
Click to expand...
Click to collapse
Yes, you are able to pass both .. but i am having issue with OnePlus Nord A12..
On A11 i was able to pass without Universal fix..
but as I applied OTA of A12...
I lose safetynet pass.
let me know do you have any workaround?
I've applied Universal fix by Kdragon.. but before flashing Universal fix of Zygisk I was able to pass Basic Integrity but as soon as I flash Kdragon Universal fix of Zygisk both CTS profile & Basic Integrity gets failed... !!!!
I am still looking for solution to fix this issue..!! if you have any work around.. let me know.. I will do my best.. may be i need to modify device fingerprints with Security patch.? what you say?
shhahidxda said:
Yes, you are able to pass both .. but i am having issue with OnePlus Nord A12..
On A11 i was able to pass without Universal
I've applied Universal fix by Kdragon.. but before flashing Universal fix of Zygisk I was able to pass Basic Integrity but as soon as I flash Kdragon Universal fix of Zygisk both CTS profile & Basic Integrity gets failed... !!!!
Click to expand...
Click to collapse
shhahidxda said:
Yes, you are able to pass both .. but i am having issue with OnePlus Nord A12..
On A11 i was able to pass without Universal fix..
but as I applied OTA of A12...
I lose safetynet pass.
let me know do you have any workaround?
I've applied Universal fix by Kdragon.. but before flashing Universal fix of Zygisk I was able to pass Basic Integrity but as soon as I flash Kdragon Universal fix of Zygisk both CTS profile & Basic Integrity gets failed... !!!!
I am still looking for solution to fix this issue..!! if you have any work around.. let me know.. I will do my best.. may be i need to modify device fingerprints with Security patch.? what you say?
Click to expand...
Click to collapse
You do realise that your posting on the pixel 5 forum right?? I'd maybe go checkout what they are doing on the OnePlus side of the tracks
thatsupnow said:
You do realise that your posting on the pixel 5 forum right?? I'd maybe go checkout what they are doing on the OnePlus side of the tracks
Click to expand...
Click to collapse
Yes, I knew i am posting in Pixel 5 and this topic isnt mention on Oneplus section..
I am looking for a solution of this issue.. but nobody has mention it till now.
Android 12.1 + Magisk 25.1 + Zygisk + Google Play services on enforced Denylist > Works charmingly
Note 1: Enforce Denylist for all the Google Play services modules on Magisk.
Note 2: After reboot, clear data of Google Play services and Play Store to make a fresh start.
pseudokawaii said:
Android 12.1 + Magisk 25.1 + Zygisk + Google Play services on enforced Denylist > Works charmingly
Note 1: Enforce Denylist for all the Google Play services modules on Magisk.
Note 2: After reboot, clear data of Google Play services and Play Store to make a fresh start.
Click to expand...
Click to collapse
I have the same running on a Galaxy S10, but every time I put Google Play Services on the enforce Denylist and reboot it no longer shows there. I'm trying to be able to use my banking app, it worked charmingly on magisk 24 but not anymore. Any advice?
El3ssar said:
I have the same running on a Galaxy S10, but every time I put Google Play Services on the enforce Denylist and reboot it no longer shows there. I'm trying to be able to use my banking app, it worked charmingly on magisk 24 but not anymore. Any advice?
Click to expand...
Click to collapse
What do you mean by "it no longer shows there"? Does the Google Play services disappear after putting on denylist? Did you enable the "Enforce Denylist" option? Did you do a retest of SafetyNet after reboot?
El3ssar said:
I have the same running on a Galaxy S10, but every time I put Google Play Services on the enforce Denylist and reboot it no longer shows there. I'm trying to be able to use my banking app, it worked charmingly on magisk 24 but not anymore. Any advice?
Click to expand...
Click to collapse
Yea and it won't stick I've tried that too. You don't need to add Google Play services to the deny list anyway
thatsupnow said:
Yea and it won't stick I've tried that too. You don't need to add Google Play services to the deny list anyway
Click to expand...
Click to collapse
If you're using Universal Safetynet Fix, Play Services is blocked out of the box. I had the same thing happen in one of the newer releases and thought it was an issue. It isn't. Play Services is blocked even though it doesn't show it.