Hi folks,
I got the new update 24.1 of my good old Magisk on top of my Lineage OS on payton device.
But I guess the safetynet check is gone and/or no more working since last update as of the banking app and also the game i.n.g.r.e.s.s is no more working..
What do I have to do in order to get back a positive safetynet check?
I have no much experiencies behind the scenes but all you are made a great job in your laisure time but please give me a chance to understand how and what must I configure to get working Magisk (MagiskHide and SafetyNet Check passed). Maybe there is a additional module that makes the SafetyNet check being passed.
Thank you
Tom
Tom_Scott said:
Hi folks,
I got the new update 24.1 of my good old Magisk on top of my Lineage OS on payton device.
But I guess the safetynet check is gone and/or no more working since last update as of the banking app and also the game i.n.g.r.e.s.s is no more working..
What do I have to do in order to get back a positive safetynet check?
I have no much experiencies behind the scenes but all you are made a great job in your laisure time but please give me a chance to understand how and what must I configure to get working Magisk (MagiskHide and SafetyNet Check passed). Maybe there is a additional module that makes the SafetyNet check being passed.
Thank you
Tom
Click to expand...
Click to collapse
Please consult this thread, especially first few posts:
[Discussion] Magisk - The Age of Zygisk.
This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com
Lord Sithek said:
Please consult this thread, especially first few posts:
Click to expand...
Click to collapse
Thank you for the answer, but I dont understand the thing being written in the discussion thread. Can you give a hint what do I have to do in order to solve the problem?
Thanks
Tom
Tom_Scott said:
Thank you for the answer, but I dont understand the thing being written in the discussion thread. Can you give a hint what do I have to do in order to solve the problem?
Thanks
Tom
Click to expand...
Click to collapse
Well... In short:
MagiskHide is gone now, replaced by Zygisk & DenyList. DenyList doesn't do any hide itself, but it can be used by additional modules to do it. SafetyNet check is also removed, but you can replace it by installing a checker from Play Store. Recommended one is YASNAC, search and install.
If you don't pass SafetyNet, first enable Zygisk & Enfoce DenyList, then go to Configure DenyList, tap on three dots in right upper corner and enable system apps. Then search for Google Play Services, expand the list of processes and mark com.google.android.gms and com.google.android.gms.unstable. [Additionally mark every app that search for root access]. Clear the data of Google Play Services and Google Play Store and check in YASNAC if you pass SafetyNet now. If not, download this module and flash in Magisk:
Releases · kdrag0n/safetynet-fix
Google SafetyNet attestation workarounds for Magisk - kdrag0n/safetynet-fix
github.com
Then reboot and check SafetyNet again.
Usually this should be enough to pass SafetyNet, but if not, let me know, we can try another things. If you use official LineageOS, probably you will have to spoof the device's fingerprint, but... one thing at a time
As for bank apps (and some games too), it depends how much enforcements they use. If they rely only on SafetyNet, passing it will be sufficient to run them. But many bank apps use addtional measures to prevent running on rooted devices nowadays. But there are other workarounds which we can try if just passing SafetyNet isn't enough.
Thank you very much. Your guide enables passing the Safety Net check so I can use my special apps again.
In order to understand the new working principle: Please, can you explain what the DenyList denies? And do you know why the CTS check is gone?
Thank you very much
Tom
Tom_Scott said:
Thank you very much. Your guide enables passing the Safety Net check so I can use my special apps again.
In order to understand the new working principle: Please, can you explain what the DenyList denies? And do you know why the CTS check is gone?
Thank you very much
Tom
Click to expand...
Click to collapse
I think you should get familiar with the Topjohnwu statement on Magisk: https://topjohnwu.medium.com/state-of-magisk-2021-fe29fdaee458
Those changes were obviously well-thought and although they may look like a step back, they will allow to achieve much progress in time
Related
Hello everyone!
Since Snapchat is one of my most used social app and unfortunately i use a rooted device with custom ROM.
I've seemed to try all the hiding methods on the forums inuding, Playstore Visa, Magisk HideProps and all.
Tried Magisk Hide, but that fails to. Enabling core only module messes up my Magisk Completely, i dont know how
So i need to to know what factors trigger Safetynet.
My Device -
Samsung galaxy core prime
CrDroid 7.1.2
Magisk 16.2 Beta
Kernel SElinux permissive (if it matters)
Thanks!
If you scroll down here, you'll find a table with examples over the different things that'll trigger SafetyNet:
https://developer.android.com/training/safetynet/attestation#compat-check-response
But, are you passing SafetyNet or not? You're only talking about Snapchat, and if I remember correctly you can pass SafetyNet and Snapchat will still complain.
Didgeridoohan said:
If you scroll down here, you'll find a table with examples over the different things that'll trigger SafetyNet:
https://developer.android.com/training/safetynet/attestation#compat-check-response
But, are you passing SafetyNet or not? You're only talking about Snapchat, and if I remember correctly you can pass SafetyNet and Snapchat will still complain.
Click to expand...
Click to collapse
No i do not pass Safetynet.
SnapDrag910 said:
No i do not pass Safetynet.
Click to expand...
Click to collapse
I'm going to assume you've checked here (if not, here's a great link):
https://www.didgeridoohan.com/magisk/MagiskHide#hn_SafetyNet
And you can always take a look at the basics (what Magisk can't hide, as an example):
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Magisk_can_not_hide
And if nothing else, here's some info on what to provide when having problems:
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Asking_for_help
Didgeridoohan said:
I'm going to assume you've checked here (if not, here's a great link):
https://www.didgeridoohan.com/magisk/MagiskHide#hn_SafetyNet
And you can always take a look at the basics (what Magisk can't hide, as an example):
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Magisk_can_not_hide
And if nothing else, here's some info on what to provide when having problems:
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Asking_for_help
Click to expand...
Click to collapse
Whoa! thanks alot @Didgeridoohan
Sometimes rooted phones , and custom ROMs
Also kernel in rare cases and Xposed
Cherifiali said:
Sometimes rooted phones , and custom ROMs
Also kernel in rare cases and Xposed
Click to expand...
Click to collapse
Ok. Thanks to all for helping me. Ill give my phone one more shot.
Also @Cherifiali my phone has -
Rooted -
Custom Kernel -
Xposed -
Custom ROM -
SnapDrag910 said:
Ok. Thanks to all for helping me. Ill give my phone one more shot.
Also @Cherifiali my phone has -
Rooted -
Custom Kernel -
Xposed -
Custom ROM -
Click to expand...
Click to collapse
Maybe you ROM so
Try saftynet modules for Magisk
Hello,
For latest news from topjohnwho, Google fixed Safetynet check for hardware based key attestation. So no Google Pay in future with UB.
Is latest Android 10 for XZ2/C affected with this or is magisk working with GPay flawlessly?
Thank you for answer if anyone tried that.
it works on stock android 10
edit: u can install magiskhide props config and enable magiskhide in the settings to get it pass completely although things can change with the next security update
Thank you.
He wrote that Safetynet check is made on google servers, so magiskhide will lost purpose in future, right.
Have you tried GPay? That is only reason why I stay on 9, because here it works.
Vi.sr said:
Thank you.
He wrote that Safetynet check is made on google servers, so magiskhide will lost purpose in future, right.
Have you tried GPay? That is only reason why I stay on 9, because here it works.
Click to expand...
Click to collapse
GPay works on my rooted XZ2 on android 10
Lately I upgraded to Magisk 24.1 from 23 and lost the usual stealth features then reverted back to 23 again. Everything works fine except for hiding the app. Now some apps detect root and don't work. When I use the feature an extra icon for Magisk named "Settings" is created that does not open the app. The original icon is not removed and opens the app like usual. If I leave it like that, I eventually lose root, then I have to uninstall the Settings app for Magisk to work again. I tried to uninstall and reinstall Magisk many times but still experience the same behavior. Something is clearly broken but I don't know how to fix it. Anyone faced the same problem or has any idea what to try?
if the feature doesn't work please try to contact me later thank you!
koryonp10 said:
if the feature doesn't work please try to contact me later thank you!
Click to expand...
Click to collapse
It does not work. I've been fighting with it for a couple days now.
ok so you need to try to restart your phone and if that doesn't work please try to email me at [email protected] i know a lot more than people think
also send me a video
The solution to your issue has been posted here: https://forum.xda-developers.com/t/rename-hide-magisk-not-working-for-v23.4396841/
Why do you want to downgrade though? v24.1 has denylist which works similar to magisk hide. All you need to do is install Universal Safetynet Fix (Magisk modules) and everything should work.
simplydat said:
The solution to your issue has been posted here: https://forum.xda-developers.com/t/rename-hide-magisk-not-working-for-v23.4396841/
Why do you want to downgrade though? v24.1 has denylist which works similar to magisk hide. All you need to do is install Universal Safetynet Fix (Magisk modules) and everything should work.
Click to expand...
Click to collapse
Worked a treat, thank you very much! Basically I downgraded because everything worked fine with the old version of Magisk and I didn't bother to search for a different solution. Is that the best module to pass Safetynet? I think I saw there's a few solutions available.
ser848 said:
Worked a treat, thank you very much! Basically I downgraded because everything worked fine with the old version of Magisk and I didn't bother to search for a different solution. Is that the best module to pass Safetynet? I think I saw there's a few solutions available.
Click to expand...
Click to collapse
Magisk 23 + Magisk Hide was detected by many bank apps I have and I was tired of dealing with it, so I decided to upgrade.
Magisk 24 + Universal Safetynet Fix + Shamiko worked like a charm and everything has been hidden and I have a feeling I won't have to deal with root hiding for a long time.
simplydat said:
Magisk 23 + Magisk Hide was detected by many bank apps I have and I was tired of dealing with it, so I decided to upgrade.
Magisk 24 + Universal Safetynet Fix + Shamiko worked like a charm and everything has been hidden and I have a feeling I won't have to deal with root hiding for a long time.
Click to expand...
Click to collapse
Thanks a lot again, I will give it a try.
koryonp10 said:
if the feature doesn't work please try to contact me later thank you!
Click to expand...
Click to collapse
koryonp10 said:
ok so you need to try to restart your phone and if that doesn't work please try to email me at [email protected] i know a lot more than people think
also send me a video
Click to expand...
Click to collapse
Hello and a very warm welcome to XDA, @koryonp10. I hope you'll always get the assistance you require, and much more we appreciate your intentions to provide your knowledge and expertise to other members. Thanks very much for that!
Please allow me to share with you the principle of this website:
XDA Developers was founded on the simple principle that SHARING IS GOOD and when many people SHARE what they know, EVERYONE benefits. We exist upon this ethos. We RESPECT each other, we SHARE with each other, we do not judge one another, and we HELP all who ask.
Click to expand...
Click to collapse
In order to live this spirit, I suggest to consider to publicly share your knowledge in the threads and not to drag the XDA members to your email, private messages or outside of XDA. Only from what you publicly posts, all can learn and are able to ask corresponding questions. Thanks very much for your cooperation!
Regards
Oswald Boelcke
Senior Moderator
I have Magisk 24 + Universal Safetynet Fix + Shamiko installed on Android 11. It warns me that Shamiko not active as "denylist is enforced'. Regardless, I still get a warning message when I start my HSBC banking app.
simplydat said:
Magisk 24 + Universal Safetynet Fix + Shamiko worked like a charm and everything has been hidden and I have a feeling I won't have to deal with root hiding for a long time.
Click to expand...
Click to collapse
Hi, have read the changelog from magisk 24 that hide not included.
Saftynet Fix i think i have read this in past, i hope i find it. I have find this thread, but how get Shamiko?? And is Zygisk also needed?
At Moment i have HTC U11 with magisk 23 + riru lsexposed, because i need xprivacy.
richardmace said:
I have Magisk 24 + Universal Safetynet Fix + Shamiko installed on Android 11. It warns me that Shamiko not active as "denylist is enforced'. Regardless, I still get a warning message when I start my HSBC banking app.
Click to expand...
Click to collapse
Same issue here not on android 11 though.
richardmace said:
I have Magisk 24 + Universal Safetynet Fix + Shamiko installed on Android 11. It warns me that Shamiko not active as "denylist is enforced'. Regardless, I still get a warning message when I start my HSBC banking app.
Click to expand...
Click to collapse
Hi @richardmace have you fixed for HSBC Banking App? I had same issue
No, not fixed but not a major issue as app still works. I am now not enforcing the deny list and Shamiko is now active.
I am new to the subject but have similar issue. There is an medical application for diabetes in Google Play. It is called Freestyle Libre 3. "3" is important as there are "1" and "2" versions of this app. This app is used to monitor glucose with the help of external device that is placed on the body via bluetooth. The application has two "features" so far:
1) it is available only on a few smartphones (a few Apple's and a few Samsung's)
2) it is available only in few countries (GB, DE, NL, SE and just a few more)
All my bank apps work with zygisk but this medical app doesn't. I added this app and all google play services on deny list. YASNAC shows passed for basic integrity and cts profile. I tried Shamiko and Universal Safety Fix too. Hiding Magisk doesn't help. still no success. But once Magisk is uninstalled the app starts and works.
Could it be somehow an unusual case when application devs made up some one trick more than Magisk is assuming for apps that check for root? Is there any hope to have this app working on LineageOS with Magisk installed?
The working solution is to allow "USB Debugging" in "Developer options", and additionally by Xiaomi, turn off "MIUI Optimization".
Did you have problems with some app that detects the root ?
Here is your place.
We will try to help you.
Keep attention, this is just a help thread, nothing is guaranteed.
Be patient and cordial.
If there is acceptance of the community on the subject, certainly the thread will grow.
Before posting your reply, please describe some questions:
- What is the version of Android ?
- What is the name of the app, the package of the app and where can we download the app ?
- When does exactly the app crash ?
- Are you using a custom/modded ROM or a stock ROM ?
- Which magisk modules are enabled ?
- Which xposed modules are enabled ?
Don't forget to attach some screenshots.
Some Useful Content For Bypassing Detections:
Shamiko:
https://github.com/LSPosed/LSPosed.github.io
DenylistUnmount:
https://github.com/mywalkb/DenylistUnmount
XPrivacyLua:
https://repo.xposed.info/module/eu.faircode.xlua
https://github.com/M66B/XPrivacyLua
https://forum.xda-developers.com/t/app-xposed-6-0-xprivacylua-android-privacy-manager.3730663/
Universal SafetyNet Fix:
https://github.com/kdrag0n/safetynet-fix
https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/
InitRcHider
https://forum.xda-developers.com/t/module-initrchider.4369285/
Magisk Hide Props Config:
https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf
https://forum.xda-developers.com/t/...safetynet-prop-edits-and-more-v6-1-2.3789228/
Hide My Applist:
https://github.com/Dr-TSNG/Hide-My-Applist
RootCloak:
https://repo.xposed.info/module/com.devadvance.rootcloak
https://repo.xposed.info/module/com.devadvance.rootcloak2
https://github.com/devadvance/rootcloak
https://github.com/devadvance/rootcloakplus
https://forum.xda-developers.com/t/...e-root-from-specific-apps-2014-01-14.2574647/
MomoHider:
https://github.com/canyie/Riru-MomoHider
RiruUnshare:
https://github.com/vvb2060/riru-unshare
XPrivacy:
https://repo.xposed.info/module/biz.bokhorst.xprivacy
https://github.com/M66B/XPrivacy
https://forum.xda-developers.com/t/xprivacy-the-ultimate-yet-easy-to-use-privacy-manager.2320783/
Some Useful Content For Checking Detections:
VD Infos:
https://forum.xda-developers.com/t/VDInfos.4097379/
Momo:
https://t.me/magiskalpha/517
XposedDetector:
https://github.com/vvb2060/XposedDetector
MagiskDetector:
https://github.com/vvb2060/MagiskDetector
ApplistDetector:
https://github.com/Dr-TSNG/ApplistDetector
NativeDetector:
https://github.com/LSPosed/NativeDetector
YASNAC - SafetyNet Checker:
https://github.com/RikkaW/YASNAC/releases
Reserved.
It appears July patch defeated Magisk Deny List and USNF.
No Netflix install/update
No Wallet/Pay
mingkee said:
It appears July patch defeated Magisk Deny List and USNF.
No Netflix install/update
No Wallet/Pay
Click to expand...
Click to collapse
hi, good idea! So I use magisk 25.2, denylist, zygisk, shamiko.
i'm on LOS 19.1 on samsung galaxy tab a (sm-t 550). Hiding root works, but MOMo detects 'abnormal' circumstances (see attachment). Banking apps (S pushTan und VR securego crashes.
i renamed TWRP folder, Magisk and TitaniumBackup, freezed magisk app, I deactivated Developer options and debugging - guess I tried everything Didgeridoohan advices. cleared cache and data - the banking apps won't work. What can I do further?
abagm said:
hi, good idea! So I use magisk 25.2, denylist, zygisk, shamiko.
i'm on LOS 19.1 on samsung galaxy tab a (sm-t 550). Hiding root works, but MOMo detects 'abnormal' circumstances (see attachment). Banking apps (S pushTan und VR securego crashes.
i renamed TWRP folder, Magisk and TitaniumBackup, freezed magisk app, I deactivated Developer options and debugging - guess I tried everything Didgeridoohan advices. cleared cache and data - the banking apps won't work. What can I do further?
Click to expand...
Click to collapse
Try NOT to use Shamiko (crashes in some/many apps), try this for an alternative
Stillhard said:
Try NOT to use Shamiko (crashes in some/many apps), try this for an alternative
Click to expand...
Click to collapse
abagm said:
okay. did so, loaded initRcHider as well - no luck. Denylist seems working, Momo does not mention magisk or zygisk or lsposed. Maybe SELinux permissive is the culprit? Seems that banking apps have got too strict - LOS 17 and pure old magisk hide did the job. Broken TEE, Seccomp???
Click to expand...
Click to collapse
Custom ROMs will always shown as abnormal because they are abnormal.
If they were not abnormal, they could not work.
About seliux permissive, this will always be a big red alert.
Hi @VD171
Thanks for creating this thread!
Please keep up the good work
abagm said:
Seems that banking apps have got too strict
Click to expand...
Click to collapse
If banking app is too intrusive then you can simply access your online banking website through browser app and do your transactions from there
Browser app will never check if you got root or if your selinux is permissive or other things! Because it's none of its business!
lebigmac said:
Hi @VD171
Thanks for creating this thread!
Please keep up the good work
If banking app is too intrusive then you can simply access your online banking website through browser app and do your transactions from there
Browser app will never check if you got root or if your selinux is permissive or other things! Because it's none of its business!
Click to expand...
Click to collapse
lebigmac said:
Hi @VD171
Thanks for creating this thread!
Please keep up the good work
If banking app is too intrusive then you can simply access your online banking website through browser app and do your transactions from there
Browser app will never check if you got root or if your selinux is permissive or other things! Because it's none of its business!
Click to expand...
Click to collapse
You're right- I can access the online banking via browser. But to do transaction, I need apps - that's why I complain 🫠
VD171 said:
Custom ROMs will always shown as abnormal because they are abnormal.
If they were not abnormal, they could not work.
About seliux permissive, this will always be a big red alert.
Click to expand...
Click to collapse
lebigmac said:
Hi @VD171
Thanks for creating this thread!
Please keep up the good work
Click to expand...
Click to collapse
Thank you, sir. I will help always as I can
lebigmac said:
If banking app is too intrusive then you can simply access your online banking website through browser app and do your transactions from there
Browser app will never check if you got root or if your selinux is permissive or other things! Because it's none of its business!
Click to expand...
Click to collapse
We need ways for distinguishing unexperienced users and users who assume full responsibility for their own use.
Apps delivers many new possibilities and services, banking through browser app isn't enough actually.
abagm said:
Thank you for this thread!
Yeah, that is true. i hoped there are ways to disguise the complaints of MOMo (for example such a thing like renaming addon.d in /system to disguise "running custom rom"). And LOS 17 did run the banking apps, so I wanted to understand the difference.
Click to expand...
Click to collapse
Are you having problem with any specific app?
VD171 said:
Thank you, sir. I will help always as I can
We need ways for distinguishing unexperienced users and users who assume full responsibility for their own use.
Apps delivers many new possibilities and services, banking through browser app isn't enough actually.
Click to expand...
Click to collapse
It's true - doing your financial transactions through the web browser feels a little bit prehistoric to say the least but it works and you don't need to waste your precious time trying to hide your root and other customizations from some intrusive apps that shouldn't be intruding on your privacy like that in the first place
I know it's not the perfect solution but the more solutions we have to avoid this annoying safetynet 'feature' altogether the better. I am so happy that I don't need to bother with this useless safetynet 'feature'
lebigmac said:
It's true banking through browser app is a little bit prehistoric but it works and you don't need to waste your precious time trying to hide your root and other customizations from some intrusive apps that shouldn't be intruding on your privacy like that
I know it's not the perfect solution but the more solutions we have to overcome these annoying safetynet requirements the better. I am so happy that I don't need to bother with all this useless safetynet this safetynet that
Click to expand...
Click to collapse
Any type of detection can be bypassed.
Even native methods can be bypassed, because Android app's run on java.
So, at sometime and somewhere, results are given to/from java.
VD171 said:
Are you having problem with any specific app?
Click to expand...
Click to collapse
abagm said:
Yes, those banking apps BestSign (it detects root immediatly but can be used), S-PushTAN and VR-SecureGo. these three worked on rooted 'unnormal' LOS 17.1 but don't work now in 19.1. Momo said magisk and LSPosed were hidden butcomplains about that unnormal enviroment.
Click to expand...
Click to collapse
When does exactly the app crash?
May you attach some screenshots?
I've tried all them.
All them are working fine for me.
VD171 said:
When does exactly the app crash?
May you attach some screenshots?
I've tried all them.
All them are working fine for me.
Click to expand...
Click to collapse
---throwing in the towel - can't get it work as I wanted to. WIll return to the working version of ROM - and be proud to be outdated ...
So, recently i just got into rooting stuff and all. I loved the things with rooting but there is one problem in magisk that I'm facing which that the deny list isn't working for my banking apps it used to but now it's not. Kindly help me fix it.
Retr0_680 said:
So, recently i just got into rooting stuff and all. I loved the things with rooting but there is one problem in magisk that I'm facing which that the deny list isn't working for my banking apps it used to but now it's not. Kindly help me fix it.
Click to expand...
Click to collapse
[Discussion] Magisk - The Age of Zygisk.
This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
[Discussion] Google Pay Magisk Discussion Thread
This thread is inspired by the PoGo Magisk discussion thread. It's meant to keep the clutter of "Google Pay doesn't work" posts out of the main Magisk threads. Please use this to discuss issues with Google Pay and possible solutions. There's a...
forum.xda-developers.com
[Discussion] Magisk Delta - Another unofficial third-party Magisk fork
This is not an officially supported topjohnwu project. If you are looking for official Magisk source, please go to this page Introduction Custom Magisk fork by HuskyDG. Sync with official Magisk adding back MagiskHide...
forum.xda-developers.com
You have to do your own work because things tends to differ depending on a device. Basically, official Magisk does not do any hide anymore. Deny List itself does not serve for hiding root. Hiding usually requires additional modules. Also a Magisk fork called Magisk Delta has some success in this field since it restores MagiskHide funcionality. But be aware - hiding root is more and more difficult because Google step by step enforces security measurments. Search through these threads I linked, especially a few last pages