Related
PetNoire's SafetyNet Spoofer
This module tries to pass SafetyNet on devices/roms that don't.
This started when i put LineageOS on my phone and couldn't play Pokemon GO anymore. much sadness was had.
i searched around for a fix and found universal-safetynet-fix. Awesome! it let me play pokemon again but it broke everything else root related while it was enabled.
So, i worked on updating it to be compatible with magisk 17. and i got it! (download at the bottom)
but, well.. there was a lot in that code that didn't need to be there anymore. (does anyone even use magisk 12?!)
and worse still, my phones stock image used a thumbprint, not a fingerprint. with it in usnf, it didnt even pass basic integrity!
so i got to work and PetNoire's SafetyNet Spoofer was born!
Disclaimer:
I am not responsible for bricked devices, dead SD cards,
thermonuclear war, or you getting fired because the alarm app failed.
I also do not support hacking/altering any other apps with your root powers.
i made this purely to legitimately play a game on a customized system.
Information
Features:
Resets system props to a factory state
spoofs the device fingerprint or thumbprint
has a friendly command tool to change finger/thumbprint settings
Use:
Flash it with TWRP or MM.
by default, it spoofs the same device that unsf did which is enough for most uses. Congrats, you're done!
you can also use the pnss command as root to change, reset, or disable the fingerprint spoofing.
run the 'pnss' command from terminal for usage information
example command:
Code:
su
pnss set thumb MyDeviceThumbprint/8.1/etc/etc
Requeriments
Magisk v17
Installation
Flash the .ZIP from TWRP or MM Module page
Reboot
Known issues
thumbprint mode is only passing BasicIntegrity, not CTS
Donations
If you feel I helped you, you can buy me a coffee here
Credits
@Deic - the original creator of universal-safetynet-fix here
@PetNoire - porting it to magisk 17, breaking it further, and adding thumbprint support
Download
Please DO NOT share the module itself or the download link, share the thread only.
vv
@PetNoire May I ask a favour (as I've done to other users that hav updated @Deic's module to the current template in the past)? If you're going to re-release the module with the current template, at least please fix it so that it no longer replaces Magisk's internal Busybox with it's own. Really bad practice and we never did get @Deic to fix that before he disappeared...
If you need a specific module Busybox, place it in the module folder instead and call the commands from there, or make sure that the users know that they have to install @osm0sis Busybox, or if you're really in a pinch just use the internal Magisk Busybox then, but at least don't replace it with one that have the possibility to mess up Magisk's internal functions.
Also, it would be a good idea if you gave @Deic a bit more credit than you're doing right now (a tiny, tiny link at the top of your post just isn't enough), no matter that he's MIA. All you've really done is to transfer his module to the current template and added a check for the current Magisk version and it's paths. I'd suggest you make that more apparent so you don't risk being accused of passing someone else's work off as your own.
Didgeridoohan said:
@PetNoire May I ask a favour (as I've done to other users that hav updated @Deic's module to the current template in the past)? If you're going to re-release the module with the current template, at least please fix it so that it no longer replaces Magisk's internal Busybox with it's own. Really bad practice and we never did get @Deic to fix that before he disappeared...
If you need a specific module Busybox, place it in the module folder instead and call the commands from there, or make sure that the users know that they have to install @osm0sis Busybox, or if you're really in a pinch just use the internal Magisk Busybox then, but at least don't replace it with one that have the possibility to mess up Magisk's internal functions.
Also, it would be a good idea if you gave @Deic a bit more credit than you're doing right now (a tiny, tiny link at the top of your post just isn't enough), no matter that he's MIA. All you've really done is to transfer his module to the current template and added a check for the current Magisk version and it's paths. I'd suggest you make that more apparent so you don't risk being accused of passing someone else's work off as your own.
Click to expand...
Click to collapse
Thanks for the tip on busybox. I thought it was pretty weird that it replaced it like that for 2 commands but was more concerned about getting it to work at all. I'll look into fixing that soon.
update: i think i almost have it working on magisk's busybox but still working out some bugs.
And I'll edit it to give him some more credit right away.
PetNoire said:
Thanks for the tip on busybox. I thought it was pretty weird that it replaced it like that for 2 commands but was more concerned about getting it to work at all. I'll look into fixing that soon.
Click to expand...
Click to collapse
That would be great.
I thought I'd give some insight into what the module actually does, for those that are wondering, since it might get lost in translation between the different updates to the module by others than @Deic.
The USNF module is made up of two parts. For one, it changes the device fingerprint to a certified one to pass the ctsProfile check (the in-built one is a Xiaomi print, but IIRC you can also use the device stock fingerprint if it's already certified). This is also something that can be done with a Magisk boot script (post-fs-data.d or service.d) and the resetprop tool:
Code:
resetprop ro.build.fingerprint <certified fingerprint value>
There are also Magisk modules available that do the same thing (apart from USNF).
Device Spoofing Tool by @Dreamer(3MF) is one (although it also changes a whole lot of other props to simulate a OnePlus 2).
And there's also my MagiskHide Props Config that changes the build fingerprint to one of your choice.
Or, if you don't care about the systemlessness, you can directly edit your build.prop file and change the current ro.build.fingerprint to a certified one.
So, for the device fingerprint and passing the ctsProfile there are a few options.
The second part of USNF is the custom MagiskHide (as described in the OP). The thing here though, is that for the majority of devices it is not necessary anymore, since (as it also says in the OP) @topjohnwu have fixed most of those issues. From what it seems, from user reports in different threads, this is only necessary on some MIUI releases (Xiaomi devices). The module actually started out as a "Xiaomi SafetyNet fix" (check the module id), but the build fingerprint part turned out to be useful for other devices, so @Deic changed the name to "Universal". All other devices should be good with only changing the device fingerprint.
So far, it doesn't seem like the custom MagiskHide from the module is interfering in any way with the real thing. But, considering that it hasn't been updated in over a year, who knows.
Class dismissed.
Is there any reason to keep the code for old magisk? Does anyone still use 12-14?
Seems to have helped on my S8 with KingROM
My Magisk updated to 17.1 and then GooglePay started getting upset that I had rooted, mucked around with various things including the 'MagiskHide Props Config' module which my S8 never seems happy with (random reboots when installed) but this seems to do the trick.
I installed via Magisk Manager but it seemed to kill the Magisk install when I rebooted, reinstalled Magisk and now all seems ok so a big thumbs up from me
I wonder how the magiskhide part (at least the "add", etc. scripts) can work, because you use the old outdated "/magisk"-folder, that is no longer supported since 16.3 (or so).
Oberth said:
My Magisk updated to 17.1 and then GooglePay started getting upset that I had rooted, mucked around with various things including the 'MagiskHide Props Config' module which my S8 never seems happy with (random reboots when installed) but this seems to do the trick.
I installed via Magisk Manager but it seemed to kill the Magisk install when I rebooted, reinstalled Magisk and now all seems ok so a big thumbs up from me
Click to expand...
Click to collapse
For some reason it doesn't always work the first time. Usually just rebooting fixes it.
jenslody said:
I wonder how the magiskhide part (at least the "add", etc. scripts) can work, because you use the old outdated "/magisk"-folder, that is no longer supported since 16.3 (or so).
Click to expand...
Click to collapse
I thought I changed it all. You sure there isnt some kind of version check? I'll look at it later
Again first goal was to get it working. Next goal is to make it awesome
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
winzzzzz said:
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
Click to expand...
Click to collapse
In-Case Of Facing A Bootloop/Bootscreen Issue Due To Flashing A Module, Download CoreOnlyMode4Magisk From This Thread https://forum.xda-developers.com/apps/magisk/module-core-mode-bootloop-solver-modules-t3817366 Then Flash It Thru TWRP Recovery.
winzzzzz said:
Hmm.. this doesn't work with my phone (HTC one M8). After I flashed it, wiped cache (TWRP), it said "complete" on the log, then it will never boot to my OS, stuck on the HTC logo, no boot animation. I use TWRP
Click to expand...
Click to collapse
Does it boot after disabling the module?
From twrp>advanced>terminal:
HTML:
Mount -o loop /data/adb/magisk.img /mnt
Touch /mnt/universal-safetynet-fix/disable
The reboot
so.. i kind of deleted the whole magiskhide clone from the module and just left the prop configs and its totally passing safetynet now. so i guess the normal magiskhide is enough and is just missing some prop resets.
@PetNoire I still failed to pass safetynet, When I flashed the module, my magisk was erased, but then I just saw from this thread that a reboot is needed. After reboot my magisk came back, but It' says "Requires Additional Setup" I ignore it and then checked if safetynet will pass, It failed.
I'm using stock CM FLARE S4 ROM android 5.1.
Sorry for my English.
Thankyou for the reviving this module. :good:
Godbless you.
PetNoire said:
so.. i kind of deleted the whole magiskhide clone from the module and just left the prop configs and its totally passing safetynet now. so i guess the normal magiskhide is enough and is just missing some prop resets.
Click to expand...
Click to collapse
That was kind of the point of my longish text above... All you need to pass on a device that doesn't fully pass SafetyNet (ctsProfile fails while basicIntegrity passes), is usually just to change ro.build.fingerprint to a certified fingerprint (and there are several ways to go about that, but the Magisk way always involves the resetprop tool somehow). Custom ROMs, developer versions of OEM firmwares (Oneplus 6 beta, for example), and otherwise uncertified devices can usually pass SafetyNet like this.
Didgeridoohan said:
That was kind of the point of my longish text above... All you need to pass on a device that doesn't fully pass SafetyNet (ctsProfile fails while basicIntegrity passes), is usually just to change ro.build.fingerprint to a certified fingerprint (and there are several ways to go about that, but the Magisk way always involves the resetprop tool somehow). Custom ROMs, developer versions of OEM firmwares (Oneplus 6 beta, for example), and otherwise uncertified devices can usually pass SafetyNet like this.
Click to expand...
Click to collapse
This was just the first one that gave me any success so I initially assumed it was because of the hiding. I wasn't even able to pass basic integrity without this one and most others didn't help either. I tries yours at one point with no success. Do you change all the "dangerous props" that this one does?
PetNoire said:
This was just the first one that gave me any success so I initially assumed it was because of the hiding. I wasn't even able to pass basic integrity without this one and most others didn't help either
Click to expand...
Click to collapse
Basic integrity passing has nothing to do with the device fingerprint or other props. With Magisk, that usually means that MagiskHide isn't working (for whatever reason, most of the times it just needs a restart) or you have something installed that MagiskHide can't hide (like Xposed, remnants of other kinds of root, etc).
Edit: Scroll down a little here for a table of examples of what will cause a true or false cts profile or basic integrity response.
https://developer.android.com/training/safetynet/attestation#compat-check-response
iamcurseal said:
@PetNoire I still failed to pass safetynet, When I flashed the module, my magisk was erased, but then I just saw from this thread that a reboot is needed. After reboot my magisk came back, but It' says "Requires Additional Setup" I ignore it and then checked if safetynet will pass, It failed.
I'm using stock CM FLARE S4 ROM android 5.1.
Sorry for my English.
Thankyou for the reviving this module. :good:
Godbless you.
Click to expand...
Click to collapse
I don't know what Tue additional setup does, but I always do it and its been working. Also your device may have thumbprint props instead of fingerprint.
Run this in a terminal and let me know what you get
Code:
getprop | grep print
PetNoire said:
I tries yours at one point with no success. Do you change all the "dangerous props" that this one does?
Click to expand...
Click to collapse
My module changes all the common fingerprint props, but as far as I know, it's only ro.build.fingerprint that is important for the ctsProfile check.
Didgeridoohan said:
Basic integrity passing has nothing to do with the device fingerprint or other props. With Magisk, that usually means that MagiskHide isn't working (for whatever reason, most of the times it just needs a restart) or you have something installed that MagiskHide can't hide (like Xposed, remnants of other kinds of root, etc).
Edit: Scroll down a little here for a table of examples of what will cause a true or false cts profile or basic integrity response.
https://developer.android.com/training/safetynet/attestation#compat-check-response
Click to expand...
Click to collapse
I wiped all partitions, installed lineage 15, installed magisk and enabled hide and it wouldn't pass basic at any point. Even still its never passed it without this module. It didn't even pass it on the clean install, before magisk
This worked for me on latest build of havoc os, might work for other Roms too.
Step 1 :
Open Magisk manager, download and install both
MagiskHide Props Config (link) and Busybox for android NDK modules from downloads, after installing reboot your phone.
Step 2:
Install terminal emulator from playstore(link)
Step 3:
open terminal emulator
enter command :
Code:
su
Grant superuser access when prompted
Step 4:
type in command:
Code:
props
Step 6 :
and follow the on screen options
select option 1 - edit device fingerprint
by typing : 1
then type in f to Pick a certified fingerprint
from the list pick your mobile manufacturer
select your mobile model
select the latest available android version
finally reboot your phone by typing in
Code:
reboot
this should fix the ctsProfile issue,
to use banking or wallet apps, hide magisk by using magisk hide option and select the app you want to hide root access from
thanks to this awesome dev Didgeridoohan for making this possible
https://forum.xda-developers.com/member.php?u=4667597
for people who want a video to look at the process here is the video
credits :
Thread link for magisk hide props config module: https://forum.xda-developers.com/apps/magisk/module-magiskhide-props-config-t3789228
DEV for magisk hide props config module : Didgeridoohan
you can donate him at : https://www.paypal.me/didgeridoohan
does it affect the fingerprint?
is it safe?
this process works to solve cts Profile check, but banking apps still doesn't work
Doesn't work for me.
I used:
Google Pixel XL (Android 10)
Magisk 20.4
Magisk Manager 7.5.1
Edit: Enable "Magisk Hide" in the Settings -> reboot -> now it works.
Doesn't work for me either.
Pixel 4
It didn't give me an option to select an Android version.
I managed to make banking apps to work by disabling usb debugging.
Enviado desde mi F8331 mediante Tapatalk
I did exactly as it described above but still ctsprofile: false. Google pay sees root on my Poco F2 Pro.
Unfortunately does not work for Google Pixel 4 XL (Android 10)
For everyone that's struggling with trying to pass CTS:
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Unlocked_bootloader_3
Google seemed to do something, i.e. Google Pay has been working for a long time. But when I was sleeping, Google sneaked in to my bedroom and made so that ctsProfile returned false in Magisk when I wake up.
A new unknown and uninvented method needs to be done? A Magisk update?
Vantskruv said:
Google seemed to do something, i.e. Google Pay has been working for a long time. But when I was sleeping, Google sneaked in to my bedroom and made so that ctsProfile returned false in Magisk when I wake up.
A new unknown and uninvented method needs to be done? A Magisk update?
Click to expand...
Click to collapse
Ha!
I concur!
did the whole process with my Mi A3 with Android 10 and my device is stuck on Mi logo. how to fix?
Interesting. Woke up jul 8th as well with as notification that Google pay cannot be used any more. Seems like they flipped a switch.... I tried unroofing until I realized I had to do a factory reset to relock the bootloader. So back on root without Google pay. I hope for a quick solution though
Heh...
I have tried this method. It was suprising that Mi 10 is not on the props list...
The best thing in my phone is that the CTS is false (for - as I can remember - three weeks) but GP payements work.
Banking apps not working even though hided in the magisk. Any fix for it?
Not working with Magisk 20.4
Try disabling usb debugging and/or magisk hidding
Enviado desde mi F8331 mediante Tapatalk
vamsi209 said:
This worked for me on latest build of havoc os, might work for other Roms too.
Step 1 :
Open Magisk manager, download and install both
MagiskHide Props Config (link) and Busybox for android NDK modules from downloads, after installing reboot your phone.
Step 2:
Install terminal emulator from playstore(link)
Step 3:
open terminal emulator
enter command :
Code:
su
Grant superuser access when prompted
Step 4:
type in command:
Code:
props
Step 6 :
and follow the on screen options
select option 1 - edit device fingerprint
by typing : 1
then type in f to Pick a certified fingerprint
from the list pick your mobile manufacturer
select your mobile model
select the latest available android version
finally reboot your phone by typing in
Code:
reboot
this should fix the ctsProfile issue,
to use banking or wallet apps, hide magisk by using magisk hide option and select the app you want to hide root access from
thanks to this awesome dev Didgeridoohan for making this possible
https://forum.xda-developers.com/member.php?u=4667597
for people who want a video to look at the process here is the video
credits :
Thread link for magisk hide props config module: https://forum.xda-developers.com/apps/magisk/module-magiskhide-props-config-t3789228
DEV for magisk hide props config module : Didgeridoohan
you can donate him at : https://www.paypal.me/didgeridoohan
Click to expand...
Click to collapse
Hi!
At the end of the tutorial my phone was not there (redmi note 8 pro) so what i need to do if my phone is not to the list????
roberto_1986 said:
Hi!
At the end of the tutorial my phone was not there (redmi note 8 pro) so what i need to do if my phone is not to the list????
Click to expand...
Click to collapse
Pick whatever device on the list that's closest, or help with finding a working, certified print for your device.
Didgeridoohan said:
Pick whatever device on the list that's closest, or help with finding a working, certified print for your device.
Click to expand...
Click to collapse
its safe??? because it change my phone fingerprint....
---------- Post added at 02:04 AM ---------- Previous post was at 01:09 AM ----------
roberto_1986 said:
its safe??? because it change my phone fingerprint....
Click to expand...
Click to collapse
also for get fingerprint u need to have both CTS profile and basic integrity set to true (not in my case because CTS is set to false)
so someone can get his finger pring from a redmi note 8 pro???
This is how to fix safetynet and device not certified (May not work on 11, but will on 10). Tested on magisk 20.4 stable.
1. Install magisk, i get basic integrity and cts both false.
2. Turn on magisk hide, and check several times, basic integrity will be true and cts still false. Device still not certified. Basic integrity must true in this step to go to next step.
In this step, you must make sure that basic integrity is true, or you will get basic and cts will true at the end but your device wont certified. For make sure, in step 2, i hide the magisk manager also.
3. Install busybox and magisk hide prop config, reboot.
4. Open terminal, type :
- su
- props
- 1
- f
- and choose fp model what you want (use android 10 model for 10 and sunfish 11 preferably for 11), reboot.
5. Check, cts should be true.
6. Clear data for playstore.
7. Check playstore several times, and you will see your device should be certified.
If this tutorial was helpful for you, feel free to leave a thanks to show your appreciation.
Don't work on stock rom. I have xposed installed. Before 10.2 it was working.
micgeb said:
Don't work on stock rom. I have xposed installed. Before 10.2 it was working.
Click to expand...
Click to collapse
I'm not on OOS right now, otherwise I'd be able to help you better. Maybe it's Xposed that's causing you to not be able to pass? Try uninstalling it and see if it passes for you after
micgeb said:
Don't work on stock rom. I have xposed installed. Before 10.2 it was working.
Click to expand...
Click to collapse
Misuto said:
I'm not on OOS right now, otherwise I'd be able to help you better. Maybe it's Xposed that's causing you to not be able to pass? Try uninstalling it and see if it passes for you after
Click to expand...
Click to collapse
I also cover this in my Guide about Installing Lineage, Step 5. I found the Android 10 fingerprint does not pass safety net reliably so I always use the Android 9 fingerprint (even on Android 10 ROMs).
Don't get hung up on device type or Android version. I have tablets that run Android 9 and 10, that use a Android 7 fingerprint. If your device isn't available choose another one.
OhioYJ said:
I also cover this in my Guide about Installing Lineage, Step 5. I found the Android 10 fingerprint does not pass safety net reliably so I always use the Android 9 fingerprint (even on Android 10 ROMs).
Don't get hung up on device type or Android version. I have tablets that run Android 9 and 10, that use a Android 7 fingerprint. If your device isn't available choose another one.
Click to expand...
Click to collapse
I used the key already for Android 9/10. It is only one key in the list.
micgeb said:
I used the key already for Android 9/10. It is only one key in the list.
Click to expand...
Click to collapse
On the 7 one, I meant for another device (Since I was talking tablets at that point) I should have made that clearer. My overall point was that the make / model of the fingerprint does not necessarily matter, just as long as it passes safety net for you.
Great guide and extremely easy to follow. Thanks OP. My 6T is on 10.3.4 and it was from T mobile and converted to international. Now it passed ctsprofile.
So does that mean I could use google pay now? I haven't checked yet. But I still cannot install netflix and disney+ from play store.
xman099 said:
Great guide and extremely easy to follow. Thanks OP. My 6T is on 10.3.4 and it was from T mobile and converted to international. Now it passed ctsprofile.
So does that mean I could use google pay now? I haven't checked yet. But I still cannot install netflix and disney+ from play store.
Click to expand...
Click to collapse
Just give it a little time. Also you may want to delete play store app's storage and reboot. As long as you pass ctsprofile, those apps will be available.
phaino00 said:
Just give it a little time. Also you may want to delete play store app's storage and reboot. As long as you pass ctsprofile, those apps will be available.
Click to expand...
Click to collapse
Thanks. After storage cleaned, now it is certified.
Misuto said:
I originally posted this in another thread to help some people out, and I decided to make a new thread here to help more people, so here is the guide.
Download MagiskHide Props Module from Magisk, install it and reboot your phone. After you do that, go to the play store and download an app call Termux, open it and type su and hit enter, and after that type props and hit enter, a menu will load up in a few seconds, type 1 and hit enter, after that type f and hit enter then type 20 for the OnePlus fingerprint, hit enter, after typing 20 type 9 next for the 6T fingerprint, type 2 for Android 10 and type y for yes and hit enter, wait for it to complete and type y one last time to reboot your phone. That should fix it for you.
P.S. Also don't forget to enable Magisk Hide toggle in the Magisk app settings, in recent builds it's no longer enabled by default.
Click to expand...
Click to collapse
Thanks for the great guide, TMobile converted to international on 10.3.4 now showing certified.
I'm seeing around that people are still wondering how to fix safetynet on their devices, so I've updated the guide with better wording to help people out.
I'm currently using v10.3.6 OOS on my converted OnePlus 6t and this worked perfect. Not that it matters as I'm quite sure this will work long as Android 10 is selected in props and you're on Android 10 but I chose Pixel 3XL Android 10 for my fingerprint change in props. I'm using latest magisk canary. Appreciate this @Misuto !
flash713 said:
I'm currently using v10.3.6 OOS on my converted OnePlus 6t and this worked perfect. Not that it matters as I'm quite sure this will work long as Android 10 is selected in props and you're on Android 10 but I chose Pixel 3XL Android 10 for my fingerprint change in props. I'm using latest magisk canary. Appreciate this @Misuto !
Click to expand...
Click to collapse
You're welcome. Glad I could help.
working for me almost perfect. except one banking app works fine.
Misuto said:
This is how to fix safetynet and device not certified (May not work on 11, but will on 10). Tested on magisk 20.4 stable.
1. Install magisk, i get basic integrity and cts both false.
2. Turn on magisk hide, and check several times, basic integrity will be true and cts still false. Device still not certified. Basic integrity must true in this step to go to next step.
In this step, you must make sure that basic integrity is true, or you will get basic and cts will true at the end but your device wont certified. For make sure, in step 2, i hide the magisk manager also.
3. Install busybox and magisk hide prop config, reboot.
4. Open terminal, type :
- su
- props
- 1
- f
- and choose fp model what you want (use android 10 model for 10 and sunfish 11 preferably for 11), reboot.
5. Check, cts should be true.
6. Clear data for playstore.
7. Check playstore several times, and you will see your device should be certified.
If this tutorial was helpful for you, feel free to leave a thanks to show your appreciation.
Click to expand...
Click to collapse
Worked on Oneplus Nord.
Thank you.
Misuto said:
This is how to fix safetynet and device not certified (May not work on 11, but will on 10). Tested on magisk 20.4 stable.
1. Install magisk, i get basic integrity and cts both false.
2. Turn on magisk hide, and check several times, basic integrity will be true and cts still false. Device still not certified. Basic integrity must true in this step to go to next step.
In this step, you must make sure that basic integrity is true, or you will get basic and cts will true at the end but your device wont certified. For make sure, in step 2, i hide the magisk manager also.
3. Install busybox and magisk hide prop config, reboot.
4. Open terminal, type :
- su
- props
- 1
- f
- and choose fp model what you want (use android 10 model for 10 and sunfish 11 preferably for 11), reboot.
5. Check, cts should be true.
6. Clear data for playstore.
7. Check playstore several times, and you will see your device should be certified.
If this tutorial was helpful for you, feel free to leave a thanks to show your appreciation.
Click to expand...
Click to collapse
Tested and passed on Oneplus 8 Pro IN2025, Latest LineageOS 18.1. OP be praised.
Edit: I have to have the universal SafetyNet Fix installed in the meantime to achieve the success. Otherwise it doesn't work. Now it also worked on my old pixel 2 XL following this way.
It doesn't show that I passed safety net and the rest. But my bank apps and netflix now working flawlessly.
Misuto said:
This is how to fix safetynet and device not certified (May not work on 11, but will on 10). Tested on magisk 20.4 stable.
1. Install magisk, i get basic integrity and cts both false.
2. Turn on magisk hide, and check several times, basic integrity will be true and cts still false. Device still not certified. Basic integrity must true in this step to go to next step.
In this step, you must make sure that basic integrity is true, or you will get basic and cts will true at the end but your device wont certified. For make sure, in step 2, i hide the magisk manager also.
3. Install busybox and magisk hide prop config, reboot.
4. Open terminal, type :
- su
- props
- 1
- f
- and choose fp model what you want (use android 10 model for 10 and sunfish 11 preferably for 11), reboot.
5. Check, cts should be true.
6. Clear data for playstore.
7. Check playstore several times, and you will see your device should be certified.
If this tutorial was helpful for you, feel free to leave a thanks to show your appreciation.
Click to expand...
Click to collapse
This seems like a very easy-to-follow guide. Before I actually execute it, I was wondering if this would work on my unrooted OP6T running Lineage OS 18.1 (official) with lineage os recovery. Doing this just so that I can use Amazon pay, Paytm and other banking apps. Any idea?
Misuto said:
This is how to fix safetynet and device not certified (May not work on 11, but will on 10). Tested on magisk 20.4 stable.
1. Install magisk, i get basic integrity and cts both false.
2. Turn on magisk hide, and check several times, basic integrity will be true and cts still false. Device still not certified. Basic integrity must true in this step to go to next step.
In this step, you must make sure that basic integrity is true, or you will get basic and cts will true at the end but your device wont certified. For make sure, in step 2, i hide the magisk manager also.
3. Install busybox and magisk hide prop config, reboot.
4. Open terminal, type :
- su
- props
- 1
- f
- and choose fp model what you want (use android 10 model for 10 and sunfish 11 preferably for 11), reboot.
5. Check, cts should be true.
6. Clear data for playstore.
7. Check playstore several times, and you will see your device should be certified.
If this tutorial was helpful for you, feel free to leave a thanks to show your appreciation.
Click to expand...
Click to collapse
Thanks man. It worked perfectly on Lineage OS 17.1
Misuto said:
This is how to fix safetynet and device not certified (May not work on 11, but will on 10). Tested on magisk 20.4 stable.
1. Install magisk, i get basic integrity and cts both false.
2. Turn on magisk hide, and check several times, basic integrity will be true and cts still false. Device still not certified. Basic integrity must true in this step to go to next step.
In this step, you must make sure that basic integrity is true, or you will get basic and cts will true at the end but your device wont certified. For make sure, in step 2, i hide the magisk manager also.
3. Install busybox and magisk hide prop config, reboot.
4. Open terminal, type :
- su
- props
- 1
- f
- and choose fp model what you want (use android 10 model for 10 and sunfish 11 preferably for 11), reboot.
5. Check, cts should be true.
6. Clear data for playstore.
7. Check playstore several times, and you will see your device should be certified.
If this tutorial was helpful for you, feel free to leave a thanks to show your appreciation.
Click to expand...
Click to collapse
This worked for me. Thanks
This is a discussion and help thread for the newer versions of Magisk.
The main goal of this thread is to help users migrate to Magisk v24+
SafetyNet
Basic integrity Pass
CTS profile match Pass
Play Protect certification
Device is certified
Feel free to discuss or give links to other Magisk related issues.
Fixes for gPay, banking apps and/or other apps and games that detect a 'compromised' Android system.
Please try to restrain from discussing alternative (unofficial) Magisk builds that include changes that were removed or can not be included in the official Magisk builds.
Please read John's State of Magisk (medium.com)
State of Magisk: 2021
State of Magisk: 2020
Starting with the Magisk 23 (23010) canary builds.
MagiskHide is removed.
MagiskHide masked the sensitive properties of the device to hide it from SafetyNet.
Renaming (repackaging) the Magisk app is/was not part of MagiskHide.
You still have the option to Hide the Magisk app under setting.
Magisk Module online Repo is removed.
The Magisk Module online Repo is still available and can be accessed outside of the Magisk app.
Everything SafetyNet is removed.
This includes the SafetyNet check that was incorporated into the Magisk app.
Zygisk is introduced.
Zygote + Magisk = Zygisk
The Deny list replaces the Hide list.
The Hide list (more or less) hid Magisk from the process on the list.
The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.
Starting with the Magisk 23 (23017) canary builds.
Magisk supports update channels per module.
Each module can include it's own update link.
Hide Magisk offline.
You do not need internet connection to rename (repackage) the Magisk app.
What does this mean?
Not much.
It is just the next step in Magisk's development.
Zygisk is a big step forward.
Even before these changes in Magisk, the xda family and the Android community have always been active and willing to share.
Jump to PostMagisk - Modules - Apps - Force Basic Attestation - Basic Attestation - Adjust Prop values - Notes - Points of Interest
This is post will be updated once Magisk v24 is released.
MagiskThe Magic Mask for Android.
Magisk Links:
GitHub
Installation Instruction
Frequently Asked Questions
Magisk Documentation
Magisk Troubleshoot Wiki (by Didgeridoohan)
Release Notes
Download Links:
Stable and Beta releases.
GitHub
Canary
GitHub
The notes.md file is the change log.
The app-debug.apk is Magisk canary.
Click on app-debug.apk and choose View Raw or click on the Download option.
Credits:
topjohnwu
All who contribute and support this project.
Modules
MagiskHide Props Config
This module allows you to add, change and adjust prop values systemlessly using Magisk.
MagiskHide Props Config Links:
GitHub
xdaThread
Download Links:
GitHub
Credits:
Didgeridoohan
All who contribute and support this project.
Universal SafetyNet Fix
It has been a year now since kdrag0n figured out how to 'trick' SafetyNet.
This 'trick' has been implemented properly into quite a few custom roms.
For custom roms that do not include it and/or stock roms, he turned it into a module.
Universal SafetyNet Fix Links:
GitHub
xdaThread
Download Links:
GitHub
Credits:
kdrag0n
All who contribute and support this project.
Apps
Fox's Magisk Module Manager
This app allows you to manage and install Magisk modules.
Including from an online repo.
Fox's Magisk Module Manager Links:
GitHub
Download Links:
GitHub
Credits:
Fox2Code
All who contribute and support this project.
Play Intergrity API Checker
This app shows info about your device integrity as reported by Google Play Services.
If any of this fails could mean your device is rooted or tampered in a way (for example you have an unlocked bootloader).
Development:
GitHub
Download Links:
PlayStore
Credits:
1nikolas
All who contribute and support this project.
YASNAC - Yet Another SafetyNet Attestation Checker
YASNAC (short for Yet Another SafetyNet Attestation Checker) is an Android app that demonstrates SafetyNet Attestation API.
YASNAC Links:
GitHub
PlayStore
Download Links:
GitHub
PlayStore
Credits:
RikkaW
All who contribute and support this project.
Force Basic Attestation
Newer devices are designed to support hardware attestation.
Currently there is no way to hide the sensitive device properties when checked using hardware attestation.
To get around this, kdrag0n figured out how trick SafetyNet that the device does not support hardware attestation.
SafetyNet will then fall back to check using basic attestation.
Note:
This method will work for devices that support hardware attestation and devices that do not.
Enable Zygisk.
Install the USNF module.
Reboot
To keep posts short, the instructions are hid by spoiler tags.
Spoiler: Instructions
If you have not installed Magisk.
Follow the installation link in the Magisk post.
Download the Universal SafetyNet Fix module.
Download link is in the Modules post.
Enable Zygisk
Open the Magisk app.
Go to Settings.
Scroll down to the Magisk section.
Toggle Zygisk on.
Go back to the Magisk Home screen.
Go to Modules.
Select Install from storage.
Navigate to the Universal SafetyNet Fix module zip file and select it.
Reboot.
The USNF module will adjust the sensitive props that are needed to pass SafetyNet.
Depending on the device and system (ROM) configuration, you might need to adjust a few more.
See the Adjust Prop values post.
Basic Attestation<Reserve>
Older devices that can not support hardware attestation there are other options.
Enable Zygisk.
Enable Denylist.
Add com.google.android.gms.unstable to the Denylist.
Add com.google.android.gms to the Denylist if needed.
Reset the sensitive prop values for the device.
Click to expand...
Click to collapse
Due to other modules and methods that require DenyList to be inactive, this method is more for reference.
For ease of use and compatibility, I would recommend using the USNF module instead.
See the Force Basic Attestation post.
This post will be updated in a few days.
Adjust Prop values<Reserve>
Reset sensitive prop values.
Spoiler: Instructions
Download the MagiskHide Props Config module.
Open the Magisk app and select the Modules option.
Select Install from storage option.
Navigate to where you saved the MHPC module and select it.
When the install is done, reboot.
Open a terminal app (or adb shell) and type props in the command line.
Make sure to grant root access
Select the Edit MagiskHide props (active) option.
(Currently option number 4)
It will show you the sensitive props that need to be adjusted.
If they all show (active) no changes needed.
If there is a prop value that shows as (enabled, not active) then you need to activate it by selecting it or a for all.
You will be prompted to set MagiskHide sensitive props?
Enter y(es), n(o) or e(xit):
If you are using a custom rom, you might also have to adjust the build fingerprint and security date.
From the MHPC main menu select Edit device fingerprint option.
(Currently option number 1)
Select Pick a certified fingerprint option.
(Currently option f)
Select the latest certified print for your device.
If your device is not listed, choose a device that is close to yours.
This post will be updated soon.
NotesandCommon Issues<Reserve>
Spoiler: SafetyNet
<Reserve>
Spoiler: Play Protect certification
<Reserve>
Spoiler: PlayStore App Purchases and Updates
<Reserve>
Points of Interest.
LSPosed
Zygisk releases are now included.
Download Links:
GitHub - Releases
Shamiko
Download Links:
GitHub - Releases
Denylist Unmount
Download Links:
GitHub - Releases
Yay! I get post no. 10!
Good to see this thread up Doc! ... How are you linking / promoting it?
Want mentions in Magisk General Discussion thread, or not for now?...
I note that this thread has the advantage of having an active OP...
So what? - Means I can post rubbish and it will be cleaned! ... Love a clean house... Hope you're a good housekeeper @ipdev! PW
zputnyq said:
Hi all,
I'm on TJW's canary 23019.
Does anyone know/could explain what is/are the difference(s) with enforce denylist activated and not activated ?
Click to expand...
Click to collapse
denylist (which preserves some of MagiskHide infrastructure) is active, or not active...
Nb. For Zy-Shamiko hiding module solution to work, this needs to be deactivated for Shamiko to do the hiding itself; Shamiko just uses the same list for convenience / simplicity... PW
Edit: Lets kickstart things here!
pndwal said:
denylist (which preserves some of MagiskHide infrastructure) is active, or not active...
Nb. For Zy-Shamiko hiding module solution to work, this needs to be deactivated for Shamiko to do the hiding itself; Shamiko just uses the same list for convenience / simplicity... PW
Edit: Lets kickstart things here!
Click to expand...
Click to collapse
Ok, I get it. Thank you.
I was confused since I use an old device which doesn't really need this part to do the hiding & on v23017 John made that part work along with the configure denylist, I mean configure denylist is greyed out when denylist part isn't active.
zputnyq said:
Ok, I get it. Thank you.
I was confused since I use an old device which doesn't really need this part to do the hiding & on v23017 John made that part work along with the configure denylist, I mean configure denylist is greyed out when denylist part isn't active.
Click to expand...
Click to collapse
You could do worse than read the first 5 posts here! PW
Thanks @ipdev
I tried to put a short help for probably the most frequent posts/questions soon to expect.
(Sorry for cross-posting, I first put to the old and cluttered General Magisk thread but this is now better place)
===
Please carefully read Magisk Changelog and OP posts in this thread
Study the Magisk documentation from the official Magisk Github page - particularly about installing Magisk (if not familiar with patching the image in Magisk app and flashing the patched img from Fastboot- different from the old school about flashing Magisk zip through TWRP)
a) No more MagiskHide. New technology instead (for more or less the same - to help hiding root): Zygisk+DenyList
b) No more built in SafetyNet checker. Install from PlayStore e g: YASNAC to check your SN
c) Modules window does no more connect to the old Modules repository.
You must download module zip files manually and "Install from local storage".
Or search for and install Fox Magisk Module Manager (Fox Mmm) app - it will connect to the new, alternative repository and the old 'official' repo, allowing you to install from both
---
0) If upgrading Magisk and if you previously did "Hide Magisk app/Mngr" from Magisk app/mngr - always "Restore Magisk app/Mngr" before upgrading Magisk
1) Make sure that both Magisk app and Magisk are installed and updated to the new version v24 version. Inspect version numbers on the main Magisk window/page
2) Make sure to uninstall all Riru modules (Riru is not compatible with Zygisk that comes with Magisk v24)
3) Settings, Enable Zygisk and reboot.
Then check on the main window does it show Zygisk Yes
4) Settings, enable Enforce DenyList.
Configure DenyList, enable filters to Show OS and System apps.
Find Google Play Services and check-in only the two processes ending with gms and gms.unstable.
You will have to check in all your banking apps and so as you used with MagiskHide.
Always reboot upon reconfiguring DenyList
5) If SafetyNet does not pass, install USNF 2.2.1 and test again.
Always reboot upon installing a module, also if/when you enable Systemless Hosts
Note: Once you install/enable USNF 2.2.1, it will remove Google Play Services from your DenyList - but don't worry, USNF takes care of GMS
6) If you are on non-certified custom ROM and you still don't pass SN - then you will need Magisk Hide Props Config module - check for and consult the MHCP thread
---
If you want to hide Zygisk, then instal Shamiko module - and you must disable Enforce DenyList (although DenyList must stay configured).
But Shamiko is really not essential (might help for some banking apps but it's irrelevant for SafetyNet)
---
Banking apps - out of scope for this post (also, this thread is about the Magisk v24 itself, not abkut the particular banking apps)
Go to Magisk Github documentation, read Wiki, there is a section with tips you should try first
If putting your banking app to DenyList (now, instead of the old Magisk Hide) and hiding Magisk app does not help, and the other tips from Wiki do not help (like renaming TWRP folder and so), search in this thread how to use Hide My Applist (Zygisk-LSPosed module)
Every time you apply another tip to your troublesome banking app - go to Settings, Apps, and delete Cache and Data for that banking app before you try to open it again (some apps will cache that they previously found the phone was rooted)
Even with HMA, there are certain banking apps that cannot be tricked (on some phones like Xiami, etc)
---
Momo - absolutely not essential for your life
When you pass SN, Momo might still detect that your Bootloader is unlocked - you cannot hide it from Momo on e.g. Xiaomi phones
Generally, treat Momo as 'banking' apps (add to DenyList and reboot)
Momo does not look for apps (Magisk app, LSPosed mngr, LSPosed modules), hence for Momo you don't need to bother with HMA
Basic tips for Momo: Remove/rename TWRP folder, disable USB Debugging - for the rest, search for Momo posts in this thread - but still, there will be findings you could not hide from Momo (not encrypted Data, custom ROM, etc)
===
PS: Magisk Alpha v24.1 (vvb2060 and her team) has departed their way (different package name, revival of MagiskHide?), hence this post is now (mainly) for the official TJW Magisk Stable and Canary v24
(Some parts do apply also to Alpha but use Alpha on your own risk and ask the other Alpha users about the Alpha status and practices)
===
Last but not the list - there night be specifics for certain phones (like flashing with Odin for Samsung, end so on)
This post is generic, for your specific practices read/search through this thread and also on your phone/model subforuns on XDA
Hello - sorry if obvious but I'm having issues getting some apps checking for root to pass. I think the issue might well be the statement related to "Google Play Services and check-in only the two processes ending with gms and gms.unstable."
Regardless of whether I tick just these two, or if I tick the whole of Google Play Services, once I reboot and if I go back into Magisk the app reports that these services are no longer hidden.
This is Pixel6Pro Stock, January update, Magisk canary (but 24001 that synced with the public build) + Zygisk + USNF 2.2.1
Thank you
Chris
@ipdev
Thread was pinned. Thx for your effort
Nice. Will we be able to run a module like fakegapps without riru/LSPosed?
crypticc said:
Hello - sorry if obvious but I'm having issues getting some apps checking for root to pass. I think the issue might well be the statement related to "Google Play Services and check-in only the two processes ending with gms and gms.unstable."
Regardless of whether I tick just these two, or if I tick the whole of Google Play Services, once I reboot and if I go back into Magisk the app reports that these services are no longer hidden.
This is Pixel6Pro Stock, January update, Magisk canary (but 24001 that synced with the public build) + Zygisk + USNF 2.2.1
Thank you
Chris
Click to expand...
Click to collapse
No, you don't need to add Play Services processes w/ Zy-USNF as I explained here:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-86321879
Download YASNAC and check if you pass SafetyNet, then that you have Play Protect Device is certified in Play Store settings... If you have these, Bank app is using its own custom detection methods... PW
kurtn said:
Nice. Will we be able to run a module like fakegapps without riru/LSPosed?
Click to expand...
Click to collapse
Yes, Use Zygisk-LSPosed. PW
pndwal said:
No, you don't need to add Play Services processes w/ Zy-USNF as I explained here:
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-86321879
Download YASNAC and check if you pass SafetyNet, then that you have Play Protect Device is certified in Play Store settings... If you have these, Bank app is using its own custom detection methods... PW
Click to expand...
Click to collapse
Yes I appreciate that. I guess my question was if it is correct that after reboot USNF deselects the gms and gms.unstable
Thanks for the explanation.
FYI found what was triggering the app and got it working. Before I had just renamed Magisk (I renamed to MagicApp if that matters) but that didn't work. Also "pausing" the app wasn't enough.
I needed to actually uninstall the Magisk Manager app itself.
So the mechanism being used by the other app wasn't looking for Magisk/SU, but the app iself.
The App failing doesn't have any local file permissions so must've been something else.
Actually I found two apps failing root check and both were resolved by uninstalling the (renamed) Magisk APK.
So I wondered if the app was simply listening to debug messages.
So I reinstalled and then reproduced the failure looking into ADB logcat.
I could see during opening and just before the protection was triggered logcat events against the ".Magisk" app related to denying access. Uninstalling Magisk app stopped those messages and then the app was able to start.
Should Magisk "hiding" the magisk manager app by renaming it from ".Magisk" also have relabelled all of the messages and such related to the app?
I just realized there was a new public Magisk release yesterday, v24, and reading through the changes I see there are two that kind of impact me: MagiskHide and the central module repository removals.
So far I had been using MagiskHide because of its ease of use, list apps, tick box, and that's it (I haven't encountered apps that detected Magisk or root status, although I know it's insufficient for some). For modules, for example, the one that moves user certs to the system store, I just searched directly from the Magisk app and it was all good as well.
But things change from now on with those things being deprecated and removed and because there isn't much to go about in the release notes I was wondering if someone could direct me to the way of doing things now.
- What's the most apt, prevalent, or recommended replacement for MagiskHide? From the release notes I gather its a module, but I'm clueless as to which one or whether there are more than one option.
- If searching for mods and directly installing them is not available through the app, is there anything like it? Or is it all manual now? I.e. look for a module around the net, download it, copy it / decompress it somewhere in the device and install it.
Thanks for everything!
KaoDome said:
I just realized there was a new public Magisk release yesterday, v24, and reading through the changes I see there are two that kind of impact me: MagiskHide and the central module repository removals.
So far I had been using MagiskHide because of its ease of use, list apps, tick box, and that's it (I haven't encountered apps that detected Magisk or root status, although I know it's insufficient for some). For modules, for example, the one that moves user certs to the system store, I just searched directly from the Magisk app and it was all good as well.
But things change from now on with those things being deprecated and removed and because there isn't much to go about in the release notes I was wondering if someone could direct me to the way of doing things now.
- What's the most apt, prevalent, or recommended replacement for MagiskHide? From the release notes I gather its a module, but I'm clueless as to which one or whether there are more than one option.
- If searching for mods and directly installing them is not available through the app, is there anything like it? Or is it all manual now? I.e. look for a module around the net, download it, copy it / decompress it somewhere in the device and install it.
Thanks for everything!
Click to expand...
Click to collapse
[Discussion] Magisk - The Age of Zygisk.
This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com
Here. First 5 post and you should know all you need
So, I read through that thread. It certainly solved a few issues for me. Like getting safety net, getting a repository, etc.
But it didn't have anything I see to replace magisk hide, even in the Fox Magisk Module Manager.
Do I just need to know other terminology now? Or is there something else I'm missing?
Quantumrabbit said:
So, I read through that thread. It certainly solved a few issues for me. Like getting safety net, getting a repository, etc.
But it didn't have anything I see to replace magisk hide, even in the Fox Magisk Module Manager.
Do I just need to know other terminology now? Or is there something else I'm missing?
Click to expand...
Click to collapse
I don't get it, Magisk Hide is good for passing SafetyNet and you said you got it. Anyway, for SafetyNet you can use the Universal SafetyNet Fix module.
If you meant the hide list, there's now the Deny list. To quote:
The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.
Click to expand...
Click to collapse
Porpet said:
I don't get it, Magisk Hide is good for passing SafetyNet and you said you got it. Anyway, for SafetyNet you can use the Universal SafetyNet Fix module.
If you meant the hide list, there's now the Deny list. To quote:
Click to expand...
Click to collapse
Yes, it's for some banking apps, Concur, and others, none of which have any business checking for root, but all check for Magisk and such in other ways, and prevent usage.
If the deny list is how to do that now, I'll give that a go. Thank you
Quantumrabbit said:
Yes, it's for some banking apps, Concur, and others, none of which have any business checking for root, but all check for Magisk and such in other ways, and prevent usage.
If the deny list is how to do that now, I'll give that a go. Thank you
Click to expand...
Click to collapse
And where did you find the deny list?
fusk said:
And where did you find the deny list?
Click to expand...
Click to collapse
Settings enforce deny list. You need to enable zygisk and reboot prior also in settings.
Also there is an add on module shamiko that has more hide features after you configure denylist
H
toolhas4degrees said:
Settings enforce deny list. You need to enable zygisk and reboot prior also in settings.
Also there is an add on module shamiko that has more hide features after you configure denylist
Click to expand...
Click to collapse
How to add modules shamiko & how to more hide features
Spartacus500 said:
H
How to add modules shamiko & how to more hide features
Click to expand...
Click to collapse
Shamiko is a flashable only need to slash magisk module. You can find it in the magisk alpha thread on telegram. You need to configure denylist first and reboot then turn off the enforce denylist toggle and flash the shamiko module.
If you are using lsposed download hide my applist xposed module and search how to use it if you want more coverage
Pm me if you want links
I'm having a lot of trouble. Duo Mobile (a 2FA app) is still able to detect that I'm rooted. Here's what I've done:
1) Installed Magisk & Manager app version 24.1 (24100)
2) Enabled Zygisk (and rebooted of course)
3) Enabled Enforce DenyList
4) Added com.duosecurity.duomobile and ALL Google Play Services submodules to the DenyList
5) Installed Universal SafetyNet Fix v2.2.1 from https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.2.1
6) Hidden the Magisk app
7) Completely uninstalled & reinstalled Duo Mobile (and verified that it's still on the DenyList
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Drakinite said:
I'm having a lot of trouble. Duo Mobile (a 2FA app) is still able to detect that I'm rooted. Here's what I've done:
1) Installed Magisk & Manager app version 24.1 (24100)
2) Enabled Zygisk (and rebooted of course)
3) Enabled Enforce DenyList
4) Added com.duosecurity.duomobile and ALL Google Play Services submodules to the DenyList
5) Installed Universal SafetyNet Fix v2.2.1 from https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.2.1
6) Hidden the Magisk app
7) Completely uninstalled & reinstalled Duo Mobile (and verified that it's still on the DenyList
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Click to expand...
Click to collapse
This is quite weird and definitely shows how different devices handle root detection. I a Samsung S10+ and just installed Magisk 24 with enforce DenyList earlier this week. Today I just installed Duo Mobile and it works fine. I do not have it in the DenyList, and Magisk is not hidden. I use a custom SafetyNet fix that was installed when I originally installed an AIO TWRP/Magisk/SafetyNet fix after unlocking my bootloader. I also fail SafetyNet checks.
Have you tried Shamiko? It didn't help me pass SafetyNet so I removed it.
Unfortunately I don't have any other fixes for you but you can check SafetyNet with apps from the play store, I use YASNAC and SafetyNet 'attest'.
What phone are you using?
Drakinite said:
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Click to expand...
Click to collapse
There are SafetyNet checker apps you can download from the Play Store or F-Droid such as YASNAC.
danbest82 said:
Have you tried Shamiko? It didn't help me pass SafetyNet so I removed it.
Unfortunately I don't have any other fixes for you but you can check SafetyNet with apps from the play store, I use YASNAC and SafetyNet 'attest'.
What phone are you using?
Click to expand...
Click to collapse
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
anonymous-bot said:
There are SafetyNet checker apps you can download from the Play Store or F-Droid such as YASNAC.
Click to expand...
Click to collapse
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Drakinite said:
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Click to expand...
Click to collapse
Get VD Infos and use it to scan your files. You can find it on XDA.
Drakinite said:
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
Click to expand...
Click to collapse
Hmm ok. Like I said shimako didn't work for me either. I'm not sure why Duo is still detecting root. For reference this is what is on my DenyList:
Drakinite said:
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Click to expand...
Click to collapse
YASNAC is the replacement for Momo it looks like since Momo is Riru based (https://github.com/canyie/Riru-MomoHider)
simplydat said:
Get VD Infos and use use to scan your files. You can find it in XDA
Click to expand...
Click to collapse
Ok so this one is more helpful, but I'm not sure how to hide these that appeared. Any idea what ro.kernel.qemu.gles is? I looked through my list of installed apps and nothing like that showed up.
Should we switch to private messages to not spam the thread? Or perhaps staying in here can be helpful for those with the same problem?
Drakinite said:
Ok so this one is more helpful, but I'm not sure how to hide these that appeared. Any idea what ro.kernel.qemu.gles is? I looked through my list of installed apps and nothing like that showed up.
Should we switch to private messages to not spam the thread? Or perhaps staying in here can be helpful for those with the same problem?
Click to expand...
Click to collapse
OMG WAIT, it finally worked! I don't know what changed, but Duo is now no longer detecting root. Gotta love when things magically start working when you don't know what changed.
Drakinite said:
OMG WAIT, it finally worked! I don't know what changed, but Duo is now no longer detecting root. Gotta love when things magically start working when you don't know what changed.
Click to expand...
Click to collapse
Awesome. Hope it stays that way!
Hi,
I've switched to the new method with the DenyList & Shamiko (v0.5.0) on OnePlus 6 recently - Magisk (v24.3), however it doesn't seem to hide root from Google Pay. Can it still be a bug with Magisk, when it can't hide system apps? In the changelog of Shamiko it mentioned that it was fixed in Magisk "24102+", I'm not sure what version is this, but I imagine it's not released yet. If so, is there a way of installing this version early?
Thank you!
antivirtel said:
Hi,
I've switched to the new method with the DenyList & Shamiko (v0.5.0) on OnePlus 6 recently - Magisk (v24.3), however it doesn't seem to hide root from Google Pay. Can it still be a bug with Magisk, when it can't hide system apps? In the changelog of Shamiko it mentioned that it was fixed in Magisk "24102+", I'm not sure what version is this, but I imagine it's not released yet. If so, is there a way of installing this version early?
Thank you!
Click to expand...
Click to collapse
Version 24102 would be v24.102. So your Magisk 24.300 is newer.