I'm just flashed my phone to the latest LineageOS by jrior with SU Addon, and I realise Im unable to use Android Pay due to SafetyNet.
I've tried installing Magicks that's downloaded from Google PlayStore's Magicks Manager, but it failed and my phone would stuck at TWRP.
I couldn't find Xposed Framework for LineageOS 14.1, I suppose it wasn't out yet?
Is there any ways I could bypass SafetyNet to at least able to use Android Pay?
Thanks in advance guys!
xposed is the problem atm, u can use magisk's su and magisk hide or a few other methods to pass safetynet checks for root but bc exposed directly hooks into the framework there is no current method to bypass xposed detection..
on another note from my experience in the past, not sure if this still applies bc i dont have time needed to research into bypassing it, but when PoGo was first starting to use safetynet i noticed then that the google services framework runs a check on the device for then sends it to the google servers verifies info (things like do the fingerprints match the device in question) then returns with encrypted response... from that knowledge it would seem to be simpler to just hook safetynet and modify the requests it sends to the google servers...
someone else that has time should look into this
there is an exposed module that can help gain information its called inspeckage
Related
Lately it seems more and more developers are relying on safetynet for apps and features (especially google, i REALLY miss getting surveys with opinion rewards :[ )
So I'm curious if anyone has an idea what currently triggers a failed response.
Does busybox fail?
Does selinux need to be enforcing?
Does system status need to be "official"
Etc.
Lastly, bonus question:
Are there any custom kernels for g920p that don't auto root and install busybox?
It is fairly complex.
1) https://developer.android.com/training/safetynet/index.html
"SafetyNet examines software and hardware information on the device where your app is installed to create a profile of that device. The service then attempts to find this same profile within a list of device models that have passed Android compatibility testing. "
2) https://www.howtogeek.com/241012/sa...y-and-other-apps-dont-work-on-rooted-devices/
"Google uses something called SafetyNet to detect whether your device is rooted or not, and blocks access to those features. Google isn’t the only one, either–plenty of third-party apps also won’t work on rooted Android devices, although they may check for the presence of root in other ways."
You may already know this from the other thread regarding Magisk, but my suggestion is to return to stock via Odin, then follow the instructions from the Magisk thread here: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
koop1955 said:
It is fairly complex.
1) https://developer.android.com/training/safetynet/index.html
"SafetyNet examines software and hardware information on the device where your app is installed to create a profile of that device. The service then attempts to find this same profile within a list of device models that have passed Android compatibility testing. "
2) https://www.howtogeek.com/241012/sa...y-and-other-apps-dont-work-on-rooted-devices/
"Google uses something called SafetyNet to detect whether your device is rooted or not, and blocks access to those features. Google isn’t the only one, either–plenty of third-party apps also won’t work on rooted Android devices, although they may check for the presence of root in other ways."
You may already know this from the other thread regarding Magisk, but my suggestion is to return to stock via Odin, then follow the instructions from the Magisk thread here: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
Click to expand...
Click to collapse
Thanks for chiming in!
Dang there's a lot going on, i guess google is being pretty tight lipped about exactly what info they use.
But yea, at the moment I'm completely stock with magisksu and magisk v11.1
The issue is that magisk has to be re-installed after every boot, meaning there are a few minutes where safetynet and gms have the opportunity to see my root before i re-install magisk. (From what i gather from the magisk op thread, this could be fixed with a custom kernel... tested succesfully with skyhigh, but then failed safetynet and i don't know why.)
The other issue with the magisk set-up on complete stock is that Titanium backup and some other root-related apps seem to be almost entirely broken. Magisk OP thread sheds some light about that, something about system needing to mounted as rw (which I'm unable to change, since root hardly works at all)... a couple weeks ago the magisk dev said he was going to work on a fix for that, but I'm not banking on it.
So to summarize, I'm trying to figure out how to run a custom kernel (or even rom if possible) without failing safetynet... because even if i flash skyhigh on stock, Uninstall busybox, set se linux to enforced, uninstall supersu, and wipe davlik i still fail safetynet.
Or I'm i just too greedy wanting the freedom of root AND the comfort of stock behavior? (android pay, google opinion rewards, consistent play service function and updates etc)
I would guess that a custom kernel alone (no SuperSU or BusyBox) would cause a failure. It seems like any kernel mod would do so.
Magisk is an attempt to solve this, but doesn't seem quite there.
koop1955 said:
I would guess that a custom kernel alone (no SuperSU or BusyBox) would cause a failure. It seems like any kernel mod would do so.
Magisk is an attempt to solve this, but doesn't seem quite there.
Click to expand...
Click to collapse
I'd believe that, i guess that'd really be the obvious first step in profiling a device's environment.
Given that I'm guessing it'd just check the system info, all the info on the about device page in settings and compare it to which kernel i should have.
So in the interest of crawling deeper down this rabbit hole, I'm going to see what can be done to mock that info >
Also in defense of magisk, from what i gather, magisk is an extremely effective hands-off root solution... unless you have a samsung device.
@Nye-uhls, you should definitely check this out: https://forum.xda-developers.com/showpost.php?p=71398440&postcount=342
New kernel with built-in Magisk support.
koop1955 said:
@Nye-uhls, you should definitely check this out: https://forum.xda-developers.com/showpost.php?p=71398440&postcount=342
New kernel with built-in Magisk support.
Click to expand...
Click to collapse
Thats huge. I'm officially no longer putting effort into getting magisk working in anticipation of that new kernel.
Thank you for the heads up, probably wouldve kept sweating over this for a few more days lol.
I am looking for any ROM that can be installed and allows Android Pay to work. I sometimes forget my wallet and would like to have the ability to use Android Pay. I was excited when I got AICP to install and pass safety check, but it doesn`t actually work at the terminal. I now read that all AOSP based roms have problems with NFC payments.
Does anyone have this working on an M8. There are some old threads, but none that actually report that it works.
Are you rooted with Magisk?
redpoint73 said:
Are you rooted with Magisk?
Click to expand...
Click to collapse
Yes. So far I have tried AICP 7.1 Rom, which passed safetynet check, but would not actually work on a store's terminal. Perhaps an NFC issue with AOSP Rom? I also tried Lineage 15, but could not get it to recognize google play services and could not get the play store to work as a result. I am now on lineage 14.1, which agains passes safetynet check but will not work at the terminal.
As I am aware, Magisk only allows Android Pay to be installed, but when it comes time to validate the purchase, there is either an NFC problem or something prevents the purchase from being validated.
So if anyone has a non stock rom that works with android pay on the m8, I would like to know about it. There have been a few threads, but none seem to offer a current resolution.
I'm not personally a user of AOSP ROMs, nor Android Pay, so my advice is limited. Just chiming in, as long as you are passing SafetyNet, and have Magisk Hide enabled (in Magisk Manager settings) than I don't think it's a safety net or root issue. Like you said, it might be an issue with AOSP ROMs and NFC.
I tried Resurrection Remix. Same result. Passed safety check but would not work at the store terminal.
Cannot use payments on nougat. Have to go to marshmellow.
NFC works, but HCE does not, which is whats required.
Success. I went to ViperOneM8 6.1.0. Installed the rom. Then deactivated Su in the Su app. Then properly installed Magisk by creating a new boot.img file and then flashing that new boot.img file with twrp. Magisk 14 showed safetynet passed both test. Off I went to the store to buy a chocolate bar, unlocked the phone, tapped it on the terminal and buzz buzz, payment approved. Very nice.
So, yesterday I installed Lineage OS 15.0 and with that rooted my phone. The roms great but I'm facing certain difficulty with some apps. For e.g. Snapchat won't log in, Netflix doesn't appear in playstore which I think is also related to this.
I believe this is because of the root. Didn't know it would be such a big problem. Please give me suggestions and help me fix this.
Thank you
*Willing to unroot if that fixes the problem.
Did you root by SuperSU or Magisk?
SuperSU has suhide feature. Magisk has hide feature also.
Netflix not showing is definitely due to root. I don't use Snapchat, but that problem I believe is due to root, also. Rooting breaks a security feature called Safety Net, which is probably the cause if your issues.
Not sure if Lineage itself is enough to break Safety Net or not (some custom ROMs will break Safety Net). You can try to "dirty" flash Lineage (which will remove root) and run Lineage without root, and see if Netflix and Snapchat work. Then go from there (try suhide, or Magisk root and Magisk hide).
Hi all,
Got a new phone and finally decided to see if I could root the old Pixel 2 XL. It's unlocked, bought directly from Google. Never before unlocked bootloader until now.
It was flashed to factory Android 11 2020-12, and rooted from there. Magisk 21.1 beta was installed from zip while booted into TWRP 3.0.4, as advised in this thread. The latest Play System Update (Oct 5, 2020) was automatically installed while I was messing around afterwords.
I confirmed root access thru a checker and Termux, which is pretty neat! Hadn't rooted a device in a long time!
Unfortunately, device certification fails in Play Store, Magisk SafetyNet check and being unable to add a credit card to Google Pay. Magisk says basicIntegrity passes, but CTSprofile fails.
Things I've tried, mostly from this exhaustive guide:
Hidden Magisk Manager
Enabled MagiskHide, rebooted
Remove Magisk zip from storage
Lock bootloader again, rebooted
Clear app storage for Play store and Play services, rebooted
Disable USB debugging
Disable Play Protect scanning
Looked over XDA boards, Magisk changelog/documentation/guides
Things I haven't done (yet?):
Spoofing device fingerprint. I wouldn't expect this to be necessary, since it's actually authentic! But maybe there's more to it that I don't understand?
Start over from scratch, with Magisk Canary build - doesn't appear to be any improvements to MagiskHide according in current release notes
Is this possible to achieve?
composition said:
Is this possible to achieve?
Click to expand...
Click to collapse
SafetyNet:Magisk and MagiskHide Installation and Troubleshooting guide
www.didgeridoohan.com
Google I believe is using hardware-backed CTS profiling, which Magisk cannot circumvent. Your only chance of passing CTS is to hope Google ISN'T using the hardware-backed version, so you can employ one of the workarounds I gave in the link above.
There is a setting in magisk manager that let's you switch the attestation check. I'm having a brain fart as to where it is atm but I'll poke around and if/when I find it, I'll reply again.
Larzzzz82 said:
There is a setting in magisk manager that let's you switch the attestation check. I'm having a brain fart as to where it is atm but I'll poke around and if/when I find it, I'll reply again.
Click to expand...
Click to collapse
Apparently we're both having brain farts. I didn't even think there was such a setting. Then again, I don't use Google Pay.
If you rooted using the method on this forum, and your Google Pay app was recently upgraded to Google Wallet, you will probably find that it doesn't work anymore. Even if you have the Universal SafetyNet Fix installed and SafetyNet shows as passing, the new payment app will still detect your device as rooted. This is because it now uses Google Play Integrity instead of SafetyNet.
There's a lot of discussion in this thread. But the short version is, if you want to get payments working again:
1. Install MagiskHide Props Config.
2. Follow the instructions on that page to change your device fingerprint to Samsung Galaxy S21 (A11).
That's it! Some people in the thread also cleared data for Google Play Services but I don't think I did. Also in that thread is a verification app (first version, official version) for Google Play Integrity that you can use to make sure your device fingerprint setting is correct.
So far I haven't noticed any side effects from changing the fingerprint. I was unable to receive any SMS messages after first changing, but I rebooted a second time and that issue went away.
Just install safetynet-fix-v2.3.1-MOD.zip in Magisk. That worked on my OnePlus Nord CE (EU).
Vattu said:
Just install safetynet-fix-v2.3.1-MOD.zip in Magisk. That worked on my OnePlus Nord CE (EU).
Click to expand...
Click to collapse
Yeah this thread is now out of date. The updated safetynet fix is a much better option now.
You don't need just the safetynet module. You need Shamiko along that.
So latest Safetynet + Shamiko 0.5.2 (the latest version right now) and you're all set. You gotta whitelist the banking apps you use and they'll work perfectly fine. These 2 were enough to allow my preferred ridiculous banking app to work without an issue, without any other modules or tweaking and such.
dragos281993 said:
You don't need just the safetynet module. You need Shamiko along that.
Click to expand...
Click to collapse
You only need Shamiko if you use LSposed, right? I don't use LSposed and it's been enough for me to put all of my annoying apps on the Magisk denylist.
aurny said:
You only need Shamiko if you use LSposed, right? I don't use LSposed and it's been enough for me to put all of my annoying apps on the Magisk denylist.
Click to expand...
Click to collapse
No. I only had Magisk installed with Zygisk turned on. I first installed Safetynet Fix then Shamiko. The first module wasn't enough for my preffered banking app to not detect that the bootloader was unlocked. Shamiko fixed that. I simply installed it as a module in Magisk
Thanks, good to know. I haven't had that issue yet but I'll remember this in case I need it in the future!
aurny said:
If you rooted using the method on this forum, and your Google Pay app was recently upgraded to Google Wallet, you will probably find that it doesn't work anymore. Even if you have the Universal SafetyNet Fix installed and SafetyNet shows as passing, the new payment app will still detect your device as rooted. This is because it now uses Google Play Integrity instead of SafetyNet.
There's a lot of discussion in this thread. But the short version is, if you want to get payments working again:
1. Install MagiskHide Props Config.
2. Follow the instructions on that page to change your device fingerprint to Samsung Galaxy S21 (A11).
That's it! Some people in the thread also cleared data for Google Play Services but I don't think I did. Also in that thread is a verification app (first version, official version) for Google Play Integrity that you can use to make sure your device fingerprint setting is correct.
So far I haven't noticed any side effects from changing the fingerprint. I was unable to receive any SMS messages after first changing, but I rebooted a second time and that issue went away.
Click to expand...
Click to collapse
Thank you very much, it worked perfectly.
This actually worked, thank you!