Hello,
I've rooted with Magisk v11.6 and v13 beta, on both versions safetynet check fails. On v13 both ctsProfile and basicIntegrity show as false.
Also in fastboot mode it says "software status: modified" despite the fact that I am on the stock rom(with TWRP). Any way to fix this?
Related
Hi,
I'm currently running Android Nougat Stock (4.28.401.3), with the Bootloader unlocked, but without TWRP or Magisk. My device is currently failing the SafetyNet Check due to Basic Integrity and CTS profile mismatch (Image attached).
I also get the error "Security checking fail GT_CONNECT_FAIL" when booting into Bootloader Mode (Image attached, Source).
I updated several months ago from Marshmallow to Nougat, via OTA. When I had Marshmallow, I had TWRP and Magisk installed, but didn't reinstall them afterwards.
Now I would like to try and fix this error. Would installing Magisk (using MagiskHide) fix this issue? Does the Bootloader need to be re-locked now in order to pass the SafetyNet Check?
Any help appreciated.
I can only help you with safetynet since I haven't seen that Security checking fail GT_CONNECT_FAIL error before. For making sure everything is fine with the software of your phone I'd flash a RUU, nonetheless, if I were you. If the error gets caused by a hardware failure (e.g. the infamous nand death) then there's not much you can do for fixing it aside from sending it to HTC for a repair.
Safetynet fails as soons as you unlock the bootloader. You have two choices now. Either you re-lock the bootloader or you install magisk and activate magisk hide. If you choose the latter the bootloader can stay unlocked.
Flippy498 said:
I can only help you with safetynet since I haven't seen that Security checking fail GT_CONNECT_FAIL error before. For making sure everything is fine with the software of your phone I'd flash a RUU, nonetheless, if I were you. If the error gets caused by a hardware failure (e.g. the infamous nand death) then there's not much you can do for fixing it aside from sending it to HTC for a repair.
Safetynet fails as soons as you unlock the bootloader. You have two choices now. Either you re-lock the bootloader or you install magisk and activate magisk hide. If you choose the latter the bootloader can stay unlocked.
Click to expand...
Click to collapse
It looks like the Security checking fail GT_CONNECT_FAIL error is unrelated to the phone not passing the SafetyNet Check. Installing Magisk solved that problem (Though the Security checking fail GT_CONNECT_FAIL error still pops up).
Did the SafetyNet Check get updated or changed? My phone used to pass this check when on the Stock ROM.
Google constantly updates safetynet since they try to make magisk hide useless (aka make apps that rely on safetynet more secure). It's a cat and mouse game.
An unlocked bootloader results in a safetynet fail for quite some time, now, even if you use the stock rom.
Sent from my HTC One M9 using XDA Labs
Hi all,
It's surprisingly hard to find a current state of affairs on this.
Well the title says it all really. I understand that this verifies the block device using a hash tree. Obviously, flashing a different kernel or recovery should make it trip. If that trips, I expect the phone no longer to pass safetynet which is a problem.
So for those who have rooted, did you trip dm-verity?
How can I tell if I tripped it?
I flashed Magisk, and my device still works, and still passes safetynet, but I've not really encountered dm-verity before?
I do have a warning at boot due to unlocking bootloader but still passing safetynet without issue.
Stock Kernel, BlueSpark TWRP
Blu Spark twrp and SimpleGX kernel and it passes safetynet.
Was reading the twrp website earlier and it said as soon as you swipe to allow modification in TWRP that unless you format data and decrypt that it will fail to boot, yet I've never formatted data and my phone has never not booted due to this.
Lum_UK said:
How can I tell if I tripped it?
I flashed Magisk, and my device still works, and still passes safetynet, but I've not really encountered dm-verity before?
Click to expand...
Click to collapse
If you pass safetynet, you're good to go I believe. It seems the root apps are taking care of this then. Anyway, It should display some kind of warning if it is tripped.
https://source.android.com/security/verifiedboot/verified-boot
I wanted to double check this--if you flash something and re-lock the bootloader, I think you've tripped dm-verity if you still have a boot message saying that the OS has changed. I'm having this issue after flashing Magisk (15.3). Can anyone confirm or deny that it is possible to flash Magisk and retain dm-verity?
Edit: After some Google searching it *seems* like it's not possible to have a green verified boot if you're applying Magisk, unless you have the OEM key.
https://source.android.com/security/verifiedboot/verified-boot
I have never tripped dm verity on my 5t and I never will. There is a no verity zip. Always flash that zip Last when flashing roms and you will be fine.
Magisk automatically disables DM verity. I think it is not possible to root without tripping it, but I never tried. DM verity doesn't interest me as long as SafetyNet is fine.
I rooted my phone about 6 months ago using the custom OEM unlock fix files and guide by Dr. Ketan. I'm on Magisk 18.0 and Manager ver. 7.0.0, which is the version that came with the guide since I think it's made specifically for my device (SM-G960F). For some reason, it's no longer passing SafetyNet even though it was before.
It's no longer passing the ctsProfile or basicintegrity checks. I'm afraid to update Magisk through the manager, as I'm not sure it will work on my device since I had to use a unique method to root it in the first place. Can someone help me so that my phone can pass SafetyNet again? Thanks!
Hi,
I have read and tried many things on the Internet to be able to pass safety on my Moto G5 (XT1676) under LOS 17.1 and then 18.1 but I did not managed to make it pass safetynet tests...
Using Magisk latest version and Hide/Props (fingerprints) makes in fact things worse than just LOS installed.
With LOS installed, I have only "CTS profile" failed but after using Magisk, depending on modules used, CTS profile is still "failed" and other categories are "failed" too.
Does anyone know how to pass safetynet tests on G5 (cedric) as of May 2021 with LOS 18.1 from Jarl-Penguin (Which tools/version/settings) ?
I just want to be able to use my banking app... I do not need to root my phone.
If not possible, my guess is I have to go back to stock ROM and to relock bootloader ?... I have tried once and I lost IMEIs... which I only managed to recover by reflashing LOS ! (other methods found on XDA did not apply and/or work for me)
Thank you
alxsj said:
Hi,
I have read and tried many things on the Internet to be able to pass safety on my Moto G5 (XT1676) under LOS 17.1 and then 18.1 but I did not managed to make it pass safetynet tests...
Using Magisk latest version and Hide/Props (fingerprints) makes in fact things worse than just LOS installed.
With LOS installed, I have only "CTS profile" failed but after using Magisk, depending on modules used, CTS profile is still "failed" and other categories are "failed" too.
Does anyone know how to pass safetynet tests on G5 (cedric) as of May 2021 with LOS 18.1 from Jarl-Penguin (Which tools/version/settings) ?
I just want to be able to use my banking app... I do not need to root my phone.
If not possible, my guess is I have to go back to stock ROM and to relock bootloader ?... I have tried once and I lost IMEIs... which I only managed to recover by reflashing LOS ! (other methods found on XDA did not apply and/or work for me)
Thank you
Click to expand...
Click to collapse
You can try flashing MicroG via TWRP (suggest the NanoDroid version plus their patcher) BUT you will have to uninstall Magisk, since I never knew how to pass the SafetyNet using a custom URL with in the settings of MicroG.
Tiki Thorsen said:
You can try flashing MicroG via TWRP (suggest the NanoDroid version plus their patcher) BUT you will have to uninstall Magisk, since I never knew how to pass the SafetyNet using a custom URL with in the settings of MicroG.
Click to expand...
Click to collapse
Thank you for your answer. Have you ever made it work this way or is it just a guess ?
alxsj said:
Thank you for your answer. Have you ever made it work this way or is it just a guess ?
Click to expand...
Click to collapse
Last time check it did (when i posted that), but AFAIK Google did some changes into SafetyNet and is not working anymore.
Tiki Thorsen said:
Last time check it did (when i posted that), but AFAIK Google did some changes into SafetyNet and is not working anymore.
Click to expand...
Click to collapse
OK. Thank you for the up-to-date information !
The latest version of MicroG now passes includes a Safetynet check and it passes.
Hi, with this tuto (https://forum.xda-developers.com/t/...motorola-moto-g5-stock-to-android-11.4524049/) I fail CTS check but Netflix and Disney+ work
How do i cleanly remove the root and flash the latest MIUI?
It should pass saftynet and the cts profile check after this.
Well, you could simply flash stock. Goes without saying, but you need to backup everything you want to keep. If your device isn't compatible with the latest miui, then magisk would actually help you. Search the universal safety net fix. Also, for cts incompatibility, you could spoof your device, sometimes this can fix your problem.
you have any guide for flashing stock ? TO flash throguh the mi flash tool we need authorized account right ?
Also if possible please share for the cts profile spoofing process. Will try it first..
The issue came with magisk 24.1(they stoped magiskhide) . I updated and when i tried to rollback to 23 all things broke. Device bootloped had to flash the rom again(miui12.5). After that I was not able to make magisk work .Have some work related app that needs safetynet approval.
nivednk14 said:
you have any guide for flashing stock ? TO flash throguh the mi flash tool we need authorized account right ?
Also if possible please share for the cts profile spoofing process. Will try it first..
The issue came with magisk 24.1(they stoped magiskhide) . I updated and when i tried to rollback to 23 all things broke. Device bootloped had to flash the rom again(miui12.5). After that I was not able to make magisk work .Have some work related app that needs safetynet approval.
Click to expand...
Click to collapse
Authorized account is only needed if you are flashing the rom using BootROM or EDL mode.
Just boot it up in fastboot mode, load a fastboot rom in miflash then flash it.
nivednk14 said:
you have any guide for flashing stock ? TO flash throguh the mi flash tool we need authorized account right ?
Also if possible please share for the cts profile spoofing process. Will try it first..
The issue came with magisk 24.1(they stoped magiskhide) . I updated and when i tried to rollback to 23 all things broke. Device bootloped had to flash the rom again(miui12.5). After that I was not able to make magisk work .Have some work related app that needs safetynet approval.
Click to expand...
Click to collapse
You can try using Shamiko if you want to pass SafetyNet in 24.1. It's an alternative to MagiskHide.
Install the module then use Configure DenyList to hide the apps you want
Don't forget to turn off the Enforce DenyList switch.
Shamiko 0.4.1.zip
drive.google.com
Thanks Everyone I got it working for now.
Downgraded to magisk 23 and used riru and universal Safetynet fix.
Not going up update till this is working.
If update is must i think will try with zygisk fix.
Will give shamiko atry that time.