Related
Has anyone tried magisk 14?
I installed it (upgraded from previous release), no issues
Updated from within magisk. Seams to work fine
Someone could install modules?
Someone was able to pass on safetynet?
Modules NO, Safetynet YES
atheart said:
Modules NO, Safetynet YES
Click to expand...
Click to collapse
Safetynet yes? How?
I don't know anything about safetynet but when I run it using magisk 14 I get
Safetynet Check Was Successful
ctsprofile: false
basicIntegrity: false
both ctsprofile and basicIntegrity have a white x in a small red circle in front of them.
Every thing including root apps work fine. I'm very pleased that magisk Hide works so my banking apps work.
scallawag said:
I don't know anything about safetynet but when I run it using magisk 14 I get
Safetynet Check Was Successful
ctsprofile: false
basicIntegrity: false
both ctsprofile and basicIntegrity have a white x in a small red circle in front of them.
Every thing including root apps work fine. I'm very pleased that magisk Hide works so my banking apps work.
Click to expand...
Click to collapse
if what you said is true then you did not pass the safetynet.
What I said is true. I still don't know what difference it makes to me.
Why would you question what I said?
> Why would you question what I said?
If SafetyNet Check is successful, basicIntegrity will be "true". But that does not mean you are lying, it could be also a bug in Magisk
romhippo.com said:
> Why would you question what I said?
If SafetyNet Check is successful, basicIntegrity will be "true". But that does not mean you are lying, it could be also a bug in Magisk
Click to expand...
Click to collapse
I checked again this morning and the same results. Must be a bug. I wish someone else would jump in and tell us there findings.
I did a little reading on SafetyNet to see what it does and than downloaded the stand alone "SafetyNet Test" app from the play store.
It said the following
"Your Moto Z2 Play Failed"
"Safety Net Request: success" (Could this be what magisk 14 is saying was successful?)
every thing else failed
I can pass safety net.
Try clearing the Magisk app cache and data (Settings->Apps->Magisk Manager->Storage then click "Clear Data"). Then open Magisk Manager, go to settings and disable then enable the Magisk Hide option. Then try the SafetyNet check again.
> "SafetyNet Request: success"
That just means, Magisk was able to "check SafetyNet" (if you don't have internet access, you won't be able to check, for example). But your device did not pass the check.
romhippo.com said:
> "SafetyNet Request: success"
That just means, Magisk was able to "check SafetyNet" (if you don't have internet access, you won't be able to check, for example). But your device did not pass the check.
Click to expand...
Click to collapse
I realize that. What I'm trying to ask is could "SafetyNet Request: success" in the "Safety Net Test" app mean the same as "Safety Net Check was successful" in Magisk.
If so that would explain why Safety Net Check in Magisk was successful and every thing else failed.
Could I check this by taking my phone offline turning Mobile Data and WiFi off and running the SafetyNet checks in both apps?
> Could I check this by taking my phone offline turning Mobile Data and WiFi off and running the SafetyNet checks in both apps?
I don't really know what you want to check? Your device failed the SafetyNet check ("ctsProfileMatch" and "basicIntegrity"). It is that simple.
https://developer.android.com/training/safetynet/attestation.html#possible-results
This really seems like an error because even though the magisk indicates that safetynet has passed, Playstore apps that are not available to root devices (for example: Netflix) are not available.
Has anyone reported this bug?
Navegante13 said:
This really seems like an error because even though the magisk indicates that safetynet has passed, Playstore apps that are not available to root devices (for example: Netflix) are not available.
Has anyone reported this bug?
Click to expand...
Click to collapse
I can see Netflix on the Play Store. Pokemon GO works too.
Guys sorry I m a little lazy.
Yes I can install all this stuff. But what about ota update?
There's no factory images on motorola. So I have no idea for the future
Crostantin said:
There's no factory images on motorola. So I have no idea for the future
Click to expand...
Click to collapse
There is one motorola stock image mirrored at https://mirrors.lolinet.com/firmware/moto/albus/official/RETAIL/
However it is not really clear for what variant this image is for. For all? Or just one?
atheart said:
I can see Netflix on the Play Store. Pokemon GO works too.
Click to expand...
Click to collapse
But I do not see.
Have you made any settings?
I don't know what happen but SafetyNet starts passing. I have rooted Moto Z3 Play, unlocked bootloader, Magisk 20.4, EdXposed 91.0 (YAHFA v0.4.6.4, updated today), a few Magisk, and EdXposed modules. Before hardware SafetyNet checks I could pay by phone. After Google forcing SafetyNet hardware attestation I could not. I accepted it because I was more concerned with control than with the possibility of paying by phone in the store.
Today morning I updated Riru - EdXposed (YAHFA) module in Magisk Manager. Then reboot. During the day I rebooted the phone once again. In the evening I ran Google Play Store to update my apps. I was surprised that Play was updating Netflix. Normally I updated it manually by downloading the apk file. Then I was testing Safety Net with Magisk, SafetyNet attest and SafetyNet test - all green. I was able to add a card to GPay. Even "attest" records in dg.db has 0, without blocking write mode. Here some screenshots.
The new update of EdXposed in the Magisk Manager passes SN, nothing new.
But John Wu (Magisk developer) said there was no way for hardware attestation on unlocked devices. Any software hiding will not work. That what he said.
QkiZMR said:
I don't know what happen but SafetyNet starts passing. I have rooted Moto Z3 Play, unlocked bootloader, Magisk 20.4, EdXposed 91.0 (YAHFA v0.4.6.4, updated today), a few Magisk, and EdXposed modules. Before hardware SafetyNet checks I could pay by phone. After Google forcing SafetyNet hardware attestation I could not. I accepted it because I was more concerned with control than with the possibility of paying by phone in the store.
Today morning I updated Riru - EdXposed (YAHFA) module in Magisk Manager. Then reboot. During the day I rebooted the phone once again. In the evening I ran Google Play Store to update my apps. I was surprised that Play was updating Netflix. Normally I updated it manually by downloading the apk file. Then I was testing Safety Net with Magisk, SafetyNet attest and SafetyNet test - all green. I was able to add a card to GPay. Even "attest" records in dg.db has 0, without blocking write mode. Here some screenshots.
Click to expand...
Click to collapse
Will gpay work, can you pay in shops?
Sent from my BASIC using Tapatalk
I added card successfully to gpay. I suppose that it will be working but I need to check. I wasn't in shop yet ?
I think that is working because evaluation type is basic.
QkiZMR said:
I added card successfully to gpay. I suppose that it will be working but I need to check. I wasn't in shop yet [emoji846]
I think that is working because evaluation type is basic.
Click to expand...
Click to collapse
When you're in the gpay app and you turn on nfc, does it say-hold to reader?
Sent from my BASIC using Tapatalk
Al765436 said:
When you're in the gpay app and you turn on nfc, does it say-hold to reader?
Click to expand...
Click to collapse
Text in Polish, but it means "move closer to the reader".
QkiZMR said:
Text in Polish, but it means "move closer to the reader".
Click to expand...
Click to collapse
Yes that means it should be working, thx
Sent from my BASIC using Tapatalk
Al765436 said:
Yes that means it should be working, thx
Click to expand...
Click to collapse
I confirm payments works fine.
QkiZMR said:
I don't know what happen but SafetyNet starts passing.
Click to expand...
Click to collapse
I second you mate ( see it here ) :good:
Hardware attestation hack to basic attestation is needed, I gotta say.
serajr said:
I second you mate ( see it here ) :good:
Hardware attestation hack to basic attestation is needed, I gotta say.
Click to expand...
Click to collapse
I know. I said it in my third post. The best thing is that I not needed to clear any google play/google services data. It just began working ?
Hi all,
Got a new phone and finally decided to see if I could root the old Pixel 2 XL. It's unlocked, bought directly from Google. Never before unlocked bootloader until now.
It was flashed to factory Android 11 2020-12, and rooted from there. Magisk 21.1 beta was installed from zip while booted into TWRP 3.0.4, as advised in this thread. The latest Play System Update (Oct 5, 2020) was automatically installed while I was messing around afterwords.
I confirmed root access thru a checker and Termux, which is pretty neat! Hadn't rooted a device in a long time!
Unfortunately, device certification fails in Play Store, Magisk SafetyNet check and being unable to add a credit card to Google Pay. Magisk says basicIntegrity passes, but CTSprofile fails.
Things I've tried, mostly from this exhaustive guide:
Hidden Magisk Manager
Enabled MagiskHide, rebooted
Remove Magisk zip from storage
Lock bootloader again, rebooted
Clear app storage for Play store and Play services, rebooted
Disable USB debugging
Disable Play Protect scanning
Looked over XDA boards, Magisk changelog/documentation/guides
Things I haven't done (yet?):
Spoofing device fingerprint. I wouldn't expect this to be necessary, since it's actually authentic! But maybe there's more to it that I don't understand?
Start over from scratch, with Magisk Canary build - doesn't appear to be any improvements to MagiskHide according in current release notes
Is this possible to achieve?
composition said:
Is this possible to achieve?
Click to expand...
Click to collapse
SafetyNet:Magisk and MagiskHide Installation and Troubleshooting guide
www.didgeridoohan.com
Google I believe is using hardware-backed CTS profiling, which Magisk cannot circumvent. Your only chance of passing CTS is to hope Google ISN'T using the hardware-backed version, so you can employ one of the workarounds I gave in the link above.
There is a setting in magisk manager that let's you switch the attestation check. I'm having a brain fart as to where it is atm but I'll poke around and if/when I find it, I'll reply again.
Larzzzz82 said:
There is a setting in magisk manager that let's you switch the attestation check. I'm having a brain fart as to where it is atm but I'll poke around and if/when I find it, I'll reply again.
Click to expand...
Click to collapse
Apparently we're both having brain farts. I didn't even think there was such a setting. Then again, I don't use Google Pay.
Yesterday I rooted my device thanks to you guys, which went really well and passing SafetyNet was a breeze. I just have a few questions that I'd like to get solved:
1) Play Store Certification - I accomplished this by using the fingerprint mask Magisk module, and I chose OnePlus 8 Pro Android 11 for my fingerprint. Play Store certification is now accomplished, but should I have had to do this? This leads on to question 2....
2) I thought I would be able to get certification by adding the Play Store to Magisk hide, but Play Store doesn't appear in the list of apps in Magisk. Same with Netflix. I was confused by this, as a) I thought that all apps should appear and b) the root tutorial pinned to the forum specifically says to add Play Store and Netflix to Magisk hide
3) My Netflix Widevine is now L3. Did I mess up somewhere? I've read that on OOS11, unlocking the bootloader doesn't trip Widevine
samwhiteUK said:
Yesterday I rooted my device thanks to you guys, which went really well and passing SafetyNet was a breeze. I just have a few questions that I'd like to get solved:
1) Play Store Certification - I accomplished this by using the fingerprint mask Magisk module, and I chose OnePlus 8 Pro Android 11 for my fingerprint. Play Store certification is now accomplished, but should I have had to do this? This leads on to question 2....
2) I thought I would be able to get certification by adding the Play Store to Magisk hide, but Play Store doesn't appear in the list of apps in Magisk. Same with Netflix. I was confused by this, as a) I thought that all apps should appear and b) the root tutorial pinned to the forum specifically says to add Play Store and Netflix to Magisk hide
3) My Netflix Widevine is now L3. Did I mess up somewhere? I've read that on OOS11, unlocking the bootloader doesn't trip Widevine
Click to expand...
Click to collapse
Well you could have gone much easier.
1) Turn on Magisk Hide and Systemless Hosts.
2) Right bottom of Magisk Hide theres the Magnifying glass to search. Click on it and click Show System Apps. Then Play Store and Google Services will be shown. Hide everything in Play Store tab and Google Play Services Tab. Also Netflix tab.
3) Clear cache of Play Store, Google Play Services, Netflix(might even unistall updates here just to be sure, thats what i did).
4) Reboot Phone, Go Play Store and update Netflix through Play Store at this point. Should be at Widevine L1
Ninxha said:
Well you could have gone much easier.
1) Turn on Magisk Hide and Systemless Hosts.
2) Right bottom of Magisk Hide theres the Magnifying glass to search. Click on it and click Show System Apps. Then Play Store and Google Services will be shown. Hide everything in Play Store tab and Google Play Services Tab. Also Netflix tab.
3) Clear cache of Play Store, Google Play Services, Netflix(might even unistall updates here just to be sure, thats what i did).
4) Reboot Phone, Go Play Store and update Netflix through Play Store at this point. Should be at Widevine L1
Click to expand...
Click to collapse
Ok I will try this, thanks for the pointer. I had hit that System Apps thing before but perhaps it didn't refresh. I can see it now
I can't install Netflix from the Play Store, it says the app is no longer compatible with my device. If I search for it, it doesn't appear. I can only get there by clicking the pre-installed icon, and then I can't do anything
samwhiteUK said:
I can't install Netflix from the Play Store, it says the app is no longer compatible with my device
Click to expand...
Click to collapse
Download it from apkmirror. Give it some time should be available soon on playstore after it gets Certified. Wasnt for me on playstore at first. give it some time and check again. BTW did you delete your module of fingerprint?
Ninxha said:
Download it from apkmirror. Give it some time should be available soon on playstore after it gets Certified. Wasnt for me on playstore at first. give it some time and check again. BTW did you delete your module of fingerprint?
Click to expand...
Click to collapse
I will download from there, that's what I did before. I deleted the fingerprint, and hid the Play Store, and I'm now certified with Play Protect without all that rubbish. Is it just a matter of time then before Netflix shows up again? I will install the APK - presumably I will still be able to get updates through the Play Store after that. I will let you know if I get Widevine L1
Nope, still L3. I don't even watch Netflix that much on my phone, so it's not urgent, but I'd just like to know that everything was working as a standard phone would :/
To me it was shown after some time. got a update of netflix through playstore and got widevine L1. Unistall udpates on Netflix and wait maybe u will get it from playstore after some time
Did you start off with Widevine L3 when you first unlocked? If it's supposed to remain at L1 and it hasn't for me, then I don't know if it's worth waiting. Can it go back up?
samwhiteUK said:
Did you start off with Widevine L3 when you first unlocked? If it's supposed to remain at L1 and it hasn't for me, then I don't know if it's worth waiting. Can it go back up?
Click to expand...
Click to collapse
I dont actually know that. Netflix was not available after rooting. And since i had just unlocked bootloader phone was resetted. So i was installing all apps and updates and netflix was not available. I managed to install all updates of apps and installed new apps, did magisk hide and hide netflix, play store, google services, clear cache, reboot. still netflix wasnt available but i did not open it, until later when i got an update through netflix, logged in, checked it was L1
Got the update, just came through. Added to Magisk hide, logged in, but it's still L3.
samwhiteUK said:
Got the update, just came through. Added to Magisk hide, logged in, but it's still L3.
Click to expand...
Click to collapse
:/.. clear cache again idk... damn
samwhiteUK said:
Got the update, just came through. Added to Magisk hide, logged in, but it's still L3.
Click to expand...
Click to collapse
Does Playstore says certified? There would be no reason for L3 if you already got netflix on play store working fine... Try unistall it again, clear data again, reboot and go install it again from playstore..... meh
I'll wait and see if anyone else comes along, and I'll do some more searching. Thanks for your help!
Ninxha said:
Does Playstore says certified? There would be no reason for L3 if you already got netflix on play store working fine... Try unistall it again, clear data again, reboot and go install it again from playstore..... meh
Click to expand...
Click to collapse
Yeah, Play Store certified, assuming I'm checking in the right place (in the settings menu)
samwhiteUK said:
Yeah, Play Store certified, assuming I'm checking in the right place (in the settings menu)
Click to expand...
Click to collapse
Yes play store settings and then about in the end... Try one more time what i told you and idk what else. I got L1, dont think i was just lucky...
Ninxha said:
Yes play store settings and then about in the end... Try one more time what i told you and idk what else. I got L1, dont think i was just lucky...
Click to expand...
Click to collapse
Yeah, uninstalled and reinstalled and it's still L3. DRMInfo says L3 as well
Although Widevine L1 is displayed, it becomes L3 and gives an error when watching Netflix downloaded content. not working properly.
samwhiteUK said:
I can't install Netflix from the Play Store, it says the app is no longer compatible with my device. If I search for it, it doesn't appear. I can only get there by clicking the pre-installed icon, and then I can't do anything
Click to expand...
Click to collapse
Reset you fingerprint and reboot, then wipe play store and services and try again also make sure to rename hide magisk app in magisk settings
toolhas4degrees said:
Reset you fingerprint and reboot, then wipe play store and services and try again also make sure to rename hide magisk app in magisk settings
Click to expand...
Click to collapse
I have Netflix installed now. The only issue I have now is the DRM is L3
Hi,
after bricked my device, I wipe, reinstalled new on July patch and root.
All is working but not the certified in Play Store.
SafetyNet is passes.
Male a new fingerprint with props and the OS isn't loading.
Anyone has an idea?
Hi,
try redoing a fingerprint, reboot. Have had this problem myself and that solved it.
Leave it for a few days, normally it will be certified back after 2 days
Close the Play Store and clear the app data/cache and it'll fix the certification.
You shouldn't have to do anything to the fingerprint to pass.
Latest Magisk (25.1)
Universal SafetyNet Fix 2.3.1
DenyList enabled on Google Play Store
This is on a Pixel 5, but it shouldn't make any difference. SafetyNet passes, and device is Play Certified.
Spoiler: Screenshots
This is old story - Please clean google play store data and cache and then reopen google play store to make it download necessary files to certify again and then it will pass certification.
Not an old story, there's much discussion on the release of a new "aggressive" API that passes safteynet but failed other, stronger tests that Netflix and Gpay use to detect root. So far, I have not seen anyone overcome it on P6P without changing fingerprint.
rhetorician said:
Not an old story, there's much discussion on the release of a new "aggressive" API that passes safteynet but failed other, stronger tests that Netflix and Gpay use to detect root. So far, I have not seen anyone overcome it on P6P without changing fingerprint.
Click to expand...
Click to collapse
I've had no problem with Magisk zygisk and UNSF 2.3.1 with Google pay/wallet and netflix. Google play has always shown my P6P as certified.
Go to the GitHub page and look at the discussion posted on this issue. If you're able to use GPay on the July firmware with updated Google services, then you appear to be in the minority.
New Google Integrity API update breaks universal safetynet fix · Issue #203 · kdrag0n/safetynet-fix
New Google Integrity API update breaks universal safetynet fix Describe the bug Google Play device is certified. YASNAC safety net passes. Google Pay is now Google Wallet which detects device as ro...
github.com
I am also running July firmware on a rooted P6P, can use GPay and PlayStore says its certified. I've applied all updates, Play Store says it's up to date at v31.6.13-21.
YASNAC passes. Magisk 25.2, Shamiko for Denylist enforcement. Play Store, GPay, and Netflix on denylist.
A modified safetynet fix should fix this problem. Make sure to clear data from google play services. Goodluck.
wanttotree said:
A modified safetynet fix should fix this problem. Make sure to clear data from google play services. Goodluck.
Click to expand...
Click to collapse
Where did you get this from? The official USNF file has only reached V2.3.1.
@Lughnasadh Ahh, thanks for the clarification. I appreciate it =).
NippleSauce said:
Where did you get this from? The official USNF file has only reached V2.3.1.
Click to expand...
Click to collapse
That's from Displax. He actually updated the mod but also lowered the version number so it would coincide with kdragons. So the latest, updated version of Displax's mod is 2.3.1, not 2.3.2.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
I apologize for not crediting Displax.
Seems I am doing something wrong, play store certification status of the devices will still stay on "not certified".
Pixel 5, lineageos 20 freshly installed, magisk (zygisk enabled, enforce deny list, play store + play services fully checked), Displax' USNF v.2.4.0-Mod_1.2 installed, wiped data+cache from play store + play services, Google Services Framework ID registered. Safetynet basic integrity + CTS profile match passed.
Any idea?
ssdnvv said:
Seems I am doing something wrong.
Pixel 5, lineageos 20 freshly installed, magisk (zygisk enabled, enforce deny list, play store + play services fully checked), Displax' USNF v.2.4.0-Mod_1.2 installed, wiped data+cache from play store + play services, Google Services Framework ID registered.
Any idea?
Click to expand...
Click to collapse
You need to install Shamiko to hide su binary (disabling enforce deny list) and check Play Integrity, SafetyNet is depracated: https://play.google.com/store/apps/details?id=gr.nikolasspyr.integritycheck
swer45 said:
You need to install Shamiko to hide su binary (disabling enforce deny list) and check Play Integrity, SafetyNet is depracated: https://play.google.com/store/apps/details?id=gr.nikolasspyr.integritycheck
Click to expand...
Click to collapse
Thanks for your quick answer, but still not certified. Does this "let the device wait for some time"-idea help?
ssdnvv said:
Thanks for your quick answer, but still not certified. Does this "let the device wait for some time"-idea help?
Click to expand...
Click to collapse
Oh, you are using Lineage, I don't like it because doesn't include any patch of this. Try this module: https://github.com/Magisk-Modules-Alt-Repo/sensitive_props/releases/latest
But I recommend you to use another ROM, Lineage is for testing purposes.
ssdnvv said:
play store + play services fully checked
Click to expand...
Click to collapse
wipe the app data of Play Store and force stop it. another option would be flashing the 'Universal SafetyNet Fix' as Magisk module.
Seems shamiko does anyways not bypass CTS on lineageos which I'd like to keep - used to it for several years by now ;-). Or can you recommend another AOSP android 13 ROM, that is still well maintained?
Displax' Universal SafetyNet Fix mod is working in combination with deny list to pass safetyNet but not Playstore integrity check.
The sensitive_props module doesn't seem to change the situation. I just freshly reinstalled and only logged in into google account and entered playstore after YASNAC showed both checks passed.
edit: for the record - I just had to wait roughly two days and the certification was shown in playstore. But even with this not all apps run fine - Microsoft Intune / Teams for accessing company networks for example refuse to connect (yet can be installed, so this seems to be some security initiative from M$).