Passing SafetyNet - Moto G5 Questions & Answers

Well, I have this Moto G5 with LineageOS 16, Magisk 19.3 and TWRP 3.2.3-2-cedric-arm64 and unlocked bootloader.
When I test SafetyNet with Magisk Manager It says to me
SafetyNet check passed
ctsProfile: false
basicIntegrity: false
I have hidden Magisk Manager and changed the device fingerprint with the MagiskHide Props Config (I chosed the Moto G5 7.0 fingerprint)
What should do I do to get them both to true?
Srry for bad english
P.S. I'm having problems with Pokémon GO, this is why I'm doing this

If you flash the magisk uninstall zip and restart the device and run a safetynet check (use a 3rd party app from playstore) does basic integrity pass?
If so try an older version of magisk or try the canary build - if basic integrity still fails and you have tested it again after a clean flash then try a different rom

TheFixItMan said:
If you flash the magisk uninstall zip and restart the device and run a safetynet check (use a 3rd party app from playstore) does basic integrity pass?
If so try an older version of magisk or try the canary build - if basic integrity still fails and you have tested it again after a clean flash then try a different rom
Click to expand...
Click to collapse
I've uninstalled Magisk and checked safety net, it still gives both false.
So I should change rom?

OnionMaster03 said:
I've uninstalled Magisk and checked safety net, it still gives both false.
So I should change rom?
Click to expand...
Click to collapse
If it doesn't pass with a clean flash then yes

OnionMaster03 said:
I've uninstalled Magisk and checked safety net, it still gives both false.
So I should change rom?
Click to expand...
Click to collapse
Los16 doesn't support safetynet on our device, you can use the magisk safetynet Modul that fixed your problem.

OnionMaster03 said:
Well, I have this Moto G5 with LineageOS 16, Magisk 19.3 and TWRP 3.2.3-2-cedric-arm64 and unlocked bootloader.
When I test SafetyNet with Magisk Manager It says to me
SafetyNet check passed
ctsProfile: false
basicIntegrity: false
I have hidden Magisk Manager and changed the device fingerprint with the MagiskHide Props Config (I chosed the Moto G5 7.0 fingerprint)
What should do I do to get them both to true?
Srry for bad english
P.S. I'm having problems with Pokémon GO, this is why I'm doing this
Click to expand...
Click to collapse
I had the same problem, the ONLY thing that worked was installing the Magisk module "SafetyNet Fix" (you can find it the "Downloads" section of Magisk). The issue with that is that it creates a conflict with the "key" so you can an error message every time you start your phone, but you can ignore/clear it.

Tiki Thorsen said:
I had the same problem, the ONLY thing that worked was installing the Magisk module "SafetyNet Fix" (you can find it the "Downloads" section of Magisk). The issue with that is that it creates a conflict with the "key" so you can an error message every time you start your phone, but you can ignore/clear it.
Click to expand...
Click to collapse
If you try copying the fingerprint key from the system build.prop into the vendor build.prop replacing the existing value it should solve that issue
Not tried it as don't own device

Tiki Thorsen said:
I had the same problem, the ONLY thing that worked was installing the Magisk module "SafetyNet Fix" (you can find it the "Downloads" section of Magisk). The issue with that is that it creates a conflict with the "key" so you can an error message every time you start your phone, but you can ignore/clear it.
Click to expand...
Click to collapse
I have the same problem. When I install SafetyPatch, the phone hangs in an bootloop.

I choose pixel 2xl fingerprint. Its working fine for me

Related

[Magisk Module] enable Camera2api

This module adds in the system.props the two lines necessary to enable camera2api :
persist.camera.HAL3.enabled=1
persist.camera.eis.enabled=1
BR
mbgheban said:
This module adds in the system.props the two lines necessary to enable camera2api :
persist.camera.HAL3.enabled=1
persist.camera.eis.enabled=1
BR
Click to expand...
Click to collapse
Thanks for this.
Am I correct in assuming you made this to work with Magisk v18.1? I assume this based on MAGISK_VER_CODE inside update-binary. I'm trying to load it using Magisk v20.1 and it just freezes. Could I make it v20.1 compatible simply by adjusting MAGISK_VER_CODE?
Apologies if it's a real n00b question. I'm new to Magisk, although I read up on the common issues (Module Issues) and "Outdated Template" could be what I'm seeing.
EDIT: Never mind, it's now working, but not sure why it froze initially, and why it's working now. Sorry for the bother.
EDIT2: Actually, it claimed to have succeeded, but after I rebooted I see it hasn't actually made the changes. Will keep toying...
EDIT3: After accidentally wiping my data; I re-flash stock ROM image, but this time skipping the PIN/Fingerprint setup. Encryption appears to be off now, and the module now works. So it appears Magisk modules don't work with encryption enabled.
Hi, I'm using it with Magisk 20.1 without issues.
Magisk does not modify system files ,so you will not see the changes in system.prop or build.prop.
After loading the module and reboot you can check whit this app from GoglePlay: https://play.google.com/store/apps/details?id=com.airbeat.device.inspector
Sent from my Mi A2 Lite using Tapatalk

Help reinstall magisk

It's been a while since I last rooted my 7t. Current oos 10.3.6. Magisk manager v8.0.3. Magisk was 20.4 I think.
So fetch rewards app detected root. I went to add the app to the magisk hide, cleared fetch rewards storage and still root was detected. Tried to run the rename option in the magisk settings but it appears to hang during the process. Phone screen timed out and when I get back into it, the hide magisk manager status pop up was still there. Rebooted the phone, went back to magisk manager. While magisk manager shows it's still installed, magisk is not. Safety net checks still passed.
To reinstall magisk, I need to get the patched oos image, correct?
Thanks
Hi
Think from the magisk manager app you would just install to inactive slot and reboot?
Refer to the Magisk root for 7T thread for patched boot image and instructions.
When I installed a root checker, it showed that I'm still rooted.
All this started when I used the Magisk function to repackage magisk's file name in an attempt to hide it from Fetch Rewards.
noodlenoggan said:
When I installed a root checker, it showed that I'm still rooted.
All this started when I used the Magisk function to repackage magisk's file name in an attempt to hide it from Fetch Rewards.
Click to expand...
Click to collapse
Ok I don't know what I'm missing but I can't seem to find that fetch rewards app in my play store to install and test at my end. Second, Magisk isn't installed according to you manager screenshot... So I'm at a loss. But their are threads better able to assist your efforts to have Magisk root up and running first cause I not knowledgeable enough to state why your root check detects root yet the manager does not indicate root installed.
But I'll hopefully be of more help and provide you this:
https://forum.xda-developers.com/oneplus-7t/how-to/guide-how-to-root-oneplus-7t-twrp-t3979307
So I'll copy and paste from the link above:
HOW TO UPDATE a ROM and KEEP ROOT:
Before all Disable all magisk modules
Be sure to use Canary Magisk Manager and Canary Magisk (debug)
You can update a stock rom from phone settings with local upgrade:
- Update the Rom WITHOUT REBOOT;
- Open Magisk Manager;
- In Magisk Manager, click on Install/Install/Direct Install;
- Again in Magisk Manager, click on Install/Install/Inactive Slot;
- Reboot.
So from thier I'd assume you need only the following:
- Open Magisk Manager;
- In Magisk Manager, click on Install/Install/Direct Install;
- Again in Magisk Manager, click on Install/Install/Inactive Slot;
But I am unsure so please verify b4 attempting.
Or may be someone else can confirm here?
Good luck and please consider letting me know how you made out. Thanks
I jumped on the xda magisk support forum and was able to sort out the whole mess I was in.
The android app is called Fetch - Receipts Scanner by Fetch Rewards. It's in Google store.
Hopefully for anyone else that is in the same situation will find their solution as I did below.
What I learned from the Magisk forum and closer examination of my phone were:
- Magisk and Magisk Manager are two separate components. Magisk handles the root and Magisk Manager handles additional root related features. Magisk Manager is not required to have a rooted phone continued to be rooted. I was not aware of this.
- When the repackaging routine was started, Magisk Manager did indeed repackaged and installed itself. There was not indication that the process completed successfully as the spinning progress icon did not stop. I had renamed it MagMan as part of the repackaging routing and was expecting the original icon Magisk icon to show for MagMan. Sorry, I had not read the Magisk Manager instructions and simply made a lot of assumptions of the repackaged process. What happened was that I assumed Magisk Manager would just switch over the new name as part of the repackaging routine. Also I didn't pay close enough attention that the new repackaged app, MagMan, which was literally next to Magisk Manager mainly because it had a generic Android icon instead of the Magisk Manager icon and was overlooked. This whole entire time, I was focusing on the original Magisk Manager app and icon but all of the functionality of Magisk Manager now resided in MagMan. I've uninstalled the original Magisk Manager app and now use the repackaged version.
The Fetch Rewards app was added to the Magisk Hide section via MagMan and it's now working properly.
Thanks for following up.
noodlenoggan said:
Thanks
Click to expand...
Click to collapse
Sweet - glad you have success. Enjoy
I just did more or less the same thing... Hid Magisk manager... Forgot... Flashed full update no prob... Installed new Magisk Manager (along with the previously hidden install of Magisk manager).
Then finally figured out to uninstall the hidden Magisk manager... Then, Magisk manager and was able to install Magisk Root. All good now lol. Glad your up and running.
This worked for me yesterday, but make sure to reboot the phone after doing the "hide magisk" option in Magisk Manager settings. The name also does not have to be "MagMan" it can be anything of your choice.
I also noticed that the proxy app (with blank icon) might not open but if it fails to open just force close it and try again, that seemed to make it open for me.
noodlenoggan said:
I jumped on the xda magisk support forum and was able to sort out the whole mess I was in.
The android app is called Fetch - Receipts Scanner by Fetch Rewards. It's in Google store.
Hopefully for anyone else that is in the same situation will find their solution as I did below.
What I learned from the Magisk forum and closer examination of my phone were:
- Magisk and Magisk Manager are two separate components. Magisk handles the root and Magisk Manager handles additional root related features. Magisk Manager is not required to have a rooted phone continued to be rooted. I was not aware of this.
- When the repackaging routine was started, Magisk Manager did indeed repackaged and installed itself. There was not indication that the process completed successfully as the spinning progress icon did not stop. I had renamed it MagMan as part of the repackaging routing and was expecting the original icon Magisk icon to show for MagMan. Sorry, I had not read the Magisk Manager instructions and simply made a lot of assumptions of the repackaged process. What happened was that I assumed Magisk Manager would just switch over the new name as part of the repackaging routine. Also I didn't pay close enough attention that the new repackaged app, MagMan, which was literally next to Magisk Manager mainly because it had a generic Android icon instead of the Magisk Manager icon and was overlooked. This whole entire time, I was focusing on the original Magisk Manager app and icon but all of the functionality of Magisk Manager now resided in MagMan. I've uninstalled the original Magisk Manager app and now use the repackaged version.
The Fetch Rewards app was added to the Magisk Hide section via MagMan and it's now working properly.
Thanks for following up.
Click to expand...
Click to collapse
This worked for me yesterday on Android 9 (OP5T), but make sure to reboot the phone after doing the "hide magisk" option in Magisk Manager settings. The name of the proxy app also does not have to be "MagMan" it can be anything of your choice.
I also noticed that sometimes the proxy app didn't open and if this occurred I just force closed it and then it seemed to work. Anyways good luck hope it works for someone else

Question How to install gapps after installing GSI rom?

I have installed Lineage 18.1 GSI and trying to install gapps. I have rooted and using franko to flash opengapps pico and get an error 70 that there is not enough space on /system. What is the way to get this done? Thanks in advance!
I would like to know that as well.
Tried to flash via stock recovery but that aborted because signature verification failed.
Apps like Flashify, Flash Gordon, Flashfire or Rashr didn't work either.
With MagiskGapps-basic-module from wacko1805 the playservice framework always crashed.
I think the easiest and best way would be to flash opengapps via TWRP.
@ada12 seems to have a TWRP build that still has some bugs, but can be used to flash unsigned zip files.
Maybe he can share this with us.
I feel like this should not be a collasal effort, but it has become one. I have spent the whole day trying to figure it out. I want to use Lineage OS 18.1 with gapps from Andyyan, not any other rom.
psychofaktory said:
I think the easiest and best way would be to flash opengapps via TWRP.
Click to expand...
Click to collapse
I suspect that Magisk should be able to do whatever TWRP is doing (which is just putting some files in certain places, for the most part). Have you tried to find a Magisk module with OpenGapps? Or you can try making your own (but be warned that lzip is not available by default on any Android or Linux).
Edit: nevermind, I see you found a LiteGapps Magisk module.
Thanks @wirespot
The hint with the linked script to create a custom Magisk module on the preferred OpenGapps bundle was worth gold!
Now I have another problem that comes from installing the OpenGapps via Magisk.
For passing SafetyNet I have to add com.google.android.gms and com.google.android.gms.unstable to the deny list.
But when restarting Magisk all modules are reloaded. So also the OpenGapps module.
As a result, the adjustments to the deny list for the Google Play services are discarded again with every restart and the SafetyNet check fails.
How can I prevent that the two entries are no longer removed from the deny list?
Or how can I ensure that the entries are automatically added to the deny list on restart?
Edit:
It seems that this is what Magisk intended and com.google.android.gms and ...gms.unstable are automatically added to the deny list.
But now I have the question, how can I pass the SafetyNet test?
wirespot said:
I suspect that Magisk should be able to do whatever TWRP is doing (which is just putting some files in certain places, for the most part). Have you tried to find a Magisk module with OpenGapps? Or you can try making your own (but be warned that lzip is not available by default on any Android or Linux).
Edit: nevermind, I see you found a LiteGapps Magisk module.
Click to expand...
Click to collapse
Yes, but there is an issue with litegapps, the google contacts sync is broken unfortunately...
psychofaktory said:
It seems that this is what Magisk intended and com.google.android.gms and ...gms.unstable are automatically added to the deny list.
But now I have the question, how can I pass the SafetyNet test?
Click to expand...
Click to collapse
The deny list only lets you pass Basic check. To also pass CTS you need the USNF module (Universal SafetyNet Fix) and possibly other modules too. More details in this thread (check the end of the post), but try with just deny list and USNF first.
Neither the basic integrity check, nor cts profile match are passed.
Besides the denial list, I tried the modules "Shamiko", "Universal SafetyNet Fix" and "MagiskHide Props Config".
With the latter I have also tried various combinations, unfortunately unsuccessful in each case.
It looks like the deny-list does not work.
I suspect here also a connection with the message together that Magisk displays with each call:
Code:
An "su" command that does no belong to Magisk is detected. Please remove the other unsupported su
I have already been able to disable Phh-su with these commands:
Code:
adb shell
phh-su
mount -o remount,rw /
mount -o remount,rw /system
remount
mount -o remount,rw /
mount -o remount,rw /system
/system/bin/phh-securize.sh system.img
But the message in Magisk still appears.
Yeah passing SafetyNet with a custom ROM may be tricky. Didgeridoohan has a few more tips on their website you can try.
OK, I am already a big step closer to the solution.
After installing Magisk regularly, I first installed the Franco Kernel Manager.
Through this I was then able to flash UnSu.zip, which completely removed phh-su.
This also removed the message "An "su" command that does no belong to Magisk is detected" from Magisk.
Magisk had to be set up again afterwards, since it was also cleaned up by the UnSu script.
YASNAC now already showed "Basic integrity -> Pass".
But now I have not found a way to pass the CTS-profile match.
Does anyone here know what settings to set via MagiskHideProps Config?
And could someone send me the fingerprint of the stock rom (62.0.A.9.11)?
Code:
getprop ro.build.fingerprint
After some tests I discovered a big disadvantage with the variant to flash OpenGapps via Magisk.
Push notifications do not seem to work.
I use too many services that rely on Google Push notifications, so I can't do without them.
Compared to the "normal" variant of flashing OpenGapps via recovery before the first boot, the Magisk variant seems to be missing important dependencies and permissions that are only set during the first boot of the rom.
Therefore, the only useful variant is to flash GApps via recovery.
I really hope that we will soon have the possibility to flash unsigned zip files here!
Another approach:
Opengapps-zip files cannot be flashed via the stock recovery because it fails signature verfication.
The GSI roms can be flashed via the stock recovery. So they seem to be signed correctly.
Would it be possible to sign the Opengapps-Zip files with the same signature keys as the GSI-Roms to be able to flash them via the stock recovery?
Aren't GSI ROMs flashed through fastboot? Since they're partition images not zip installers like OpenGapps.
Of course. You are right.
Would it be possible to merge a GAPPS zip file into a GSI image and then flash the image with fastboot?

How To Guide Passing SafetyNet on Magisk>=24.0 [Poco F3, Mi 11x, Redmi K40]

All instructions that I was able to find on how to pass SafetyNet on a rooted phone with a custom ROM were for older version of Magisk, so I figured I'd write a guide on how I did it on version 24.3. I'm running LineageOS 18.1 for microG (no gapps) but hopefully it works for other ROMs too (EDIT: it works on LineageOS 19 for microG too). Step 3 is probably not needed for phones using the stock ROM.
Prerequisites: POCO F3 rooted with Magisk>=24.0.
Steps:
Open Magisk and go to settings, enable both Zygisk and Enforce DenyList. Tap Configure DenyList and check all apps that need to pass SafetyNet, except for com.google.android.gms. Reboot.
Install the module Universal SafetyNet Fix. Make sure you install the latest Zygisk version and not the Riru one. Reboot. Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList.
Install module MagiskHide Props Config. Reboot. Open any terminal emulator. Type "su" (without the quotes) then hit enter, give root permission if requested. Type "props" then enter, type "1" then enter, type "f" then enter, type the number for POCO (should be 22) then enter, pick the version for your model, region and Android version then enter, answer yes to all questions including when asked to reboot.
I used this app to run a test after every step:
SafetyNet Helper Sample - Apps on Google Play
Sample app to check if your device passes the Google SafetyNet CTS test
play.google.com
I got a pass on basic integrity after step 2 and a pass on CTS profile match after step 3. I added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
If some apps still complain about root try hiding the Magisk app from Magisk's settings.
Ludoboii said:
All instructions that I was able to find on how to pass SafetyNet on a rooted phone with a custom ROM were for older version of Magisk, so I figured I'd write a guide on how I did it on version 24.3. I'm running LineageOS 18.1 for microG (no gapps) but hopefully it works for other ROMs too. Step 3 is probably not needed for phones using the stock ROM.
Prerequisites: POCO F3 rooted with Magisk>=24.0.
Steps:
Open Magisk and go to settings, enable both Zygisk and Enforce DenyList. Tap Configure DenyList and check all apps that need to pass SafetyNet. You should probably check all system apps by Google that are usually preinstalled in Android devices, except for com.google.android.gms. Reboot.
Install the module Universal SafetyNet Fix. Make sure you install the latest Zygisk version and not the Riru one. Reboot. Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList.
Install module MagiskHide Props Config. Reboot. Open any terminal emulator. Type "su" (without the quotes) then hit enter, give root permission if requested. Type "props" then enter, type "1" then enter, type "f" then enter, type the number for POCO (should be 22) then enter, pick the version for your model, region and Android version then enter, answer yes to all questions including when asked to reboot.
I used this app to run a test after every step:
SafetyNet Helper Sample - Apps on Google Play
Sample app to check if your device passes the Google SafetyNet CTS test
play.google.com
I got a pass on basic integrity after step 2 and a pass on CTS profile match after step 3. I added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
If some apps still complain about root try hiding the Magisk app from Magisk's settings.
Click to expand...
Click to collapse
Although you put your thread in the right place, I miss the Poco F3 in the title of this Guide.
This is why I came across this in a general search and that's actually a shame. Maybe you can edit your title ???
The content of your guide is interesting!
Hi,
I run the Descendant 12 rom and had issues with my banking apps detecting root even after i renamed magisk from within Magisk and adding my banking apps to the DenyList, after much research on XDA i found users freezing magisk to stop prying apps searching for it, the app is called SD MAID
thank you for the updated install instruction for Magisk/Zygisk
Ludoboii said:
All instructions that I was able to find on how to pass SafetyNet on a rooted phone with a custom ROM were for older version of Magisk, so I figured I'd write a guide on how I did it on version 24.3. I'm running LineageOS 18.1 for microG (no gapps) but hopefully it works for other ROMs too. Step 3 is probably not needed for phones using the stock ROM.
Prerequisites: POCO F3 rooted with Magisk>=24.0.
Steps:
Open Magisk and go to settings, enable both Zygisk and Enforce DenyList. Tap Configure DenyList and check all apps that need to pass SafetyNet. You should probably check all system apps by Google that are usually preinstalled in Android devices, except for com.google.android.gms. Reboot.
Install the module Universal SafetyNet Fix. Make sure you install the latest Zygisk version and not the Riru one. Reboot. Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList.
Install module MagiskHide Props Config. Reboot. Open any terminal emulator. Type "su" (without the quotes) then hit enter, give root permission if requested. Type "props" then enter, type "1" then enter, type "f" then enter, type the number for POCO (should be 22) then enter, pick the version for your model, region and Android version then enter, answer yes to all questions including when asked to reboot.
I used this app to run a test after every step:
SafetyNet Helper Sample - Apps on Google Play
Sample app to check if your device passes the Google SafetyNet CTS test
play.google.com
I got a pass on basic integrity after step 2 and a pass on CTS profile match after step 3. I added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
If some apps still complain about root try hiding the Magisk app from Magisk's settings.
Click to expand...
Click to collapse
Hi,
I would like to understand better how to use the list in Magisk, If in this list I put a tick on an app. what does it mean?
Sorry for hijacking the post, here is a Youtube video from,
the amazing "Munchy", i found it very helpfull, he has released loads of informative videos regarding android and custom roms.
johnr64 said:
Hi,
I run the Descendant 12 rom and had issues with my banking apps detecting root even after i renamed magisk from within Magisk and adding my banking apps to the DenyList, after much research on XDA i found users freezing magisk to stop prying apps searching for it, the app is called SD MAID
thank you for the updated install instruction for Magisk/Zygisk
Click to expand...
Click to collapse
Freezing Magisk can help, some banking apps are stubborn... Also, SD Maid can freeze apps?
For me personally, I only had to flash the SafetyNet Fix Magisk Module. Using Xiaomi.eu Weekly Android 12.
Ludoboii said:
... added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
...
Click to expand...
Click to collapse
Hi,
I have followed the procedure but checking with SafetyNet it tells me "SafetyNet request: success
Response signature validation: error".
I'm sorry but I didn't understand which app you are referring to that I have to put the flag in DenyList?
pegasoc said:
Hi,
I have followed the procedure but checking with SafetyNet it tells me "SafetyNet request: success
Response signature validation: error".
I'm sorry but I didn't understand which app you are referring to that I have to put the flag in DenyList?
Click to expand...
Click to collapse
I was referring to SafetyNet Helper Sample. I also get the same answer and apps that would previously complain about root have stopped doing it.
pegasoc said:
Hi,
I would like to understand better how to use the list in Magisk, If in this list I put a tick on an app. what does it mean?
Click to expand...
Click to collapse
It means the app will not be able to gain root access nor interact with Magisk in any way, and should not be able to detect Magisk. If you tap on the app name instead of the box you'll get the option to add its various services in the DenyList, I usually add all of them for apps that I want to put in the DenyList. You should also see some sort of progress bar above the app's name after ticking the box, it tells you how many services of that app are in the DenyList. In my case it's full for each app I ticked because I also ticked all its services.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I'm still not able to pass safetynet CTS profile, after all these steps :|
tegazinho said:
I'm still not able to pass safetynet CTS profile, after all these steps :|
Click to expand...
Click to collapse
I've been having issues with not passing CTS profile on a couple of roms even after following all tutorials, I wonder what the issue is? Arrowos and crDroid both fail but PixelOS passes (all android 12). Strange this is it doesn't seem to stop any of my banking apps from working. Did you upgrade to Miui 13 stock before unlocking bootloader? What app are you using to test safetynet? YASNAC?
SimpleStevie said:
I've been having issues with not passing CTS profile on a couple of roms even after following all tutorials, I wonder what the issue is? Arrowos and crDroid both fail but PixelOS passes (all android 12). Strange this is it doesn't seem to stop any of my banking apps from working. Did you upgrade to Miui 13 stock before unlocking bootloader? What app are you working u using to test safetynet? YASNAC?
Click to expand...
Click to collapse
No, my bootloader was unlocked back when I bought the phone with the android 11. I've had xiaomi.eu miui version though previously before getting back now to crDroid, which I tried everything in the guide plus a lot of more stuff, like matching the firmware version with the signature on props just, and nothing works.
As for the app, I tried them all, actually YASNAC is my favorite, but for the sake of following this guide I tried the OP suggested app too.
I've must have clean flashed my phone 10 times and rebooted more than 100 times today for everything I've tried. I even went back to magisk 23 to see if I got lucky, but since is not fully supported on A12 was just another miss.
EDIT: Also if PixelOS I can get the safety pass I will install it, I will trade less features for the safety passing, and anything is better than miui or miui look roms like xiaomi.eu (I really hate them).
It's super weird, I've been flashing roms on android phones for as long as I can remember and I've never had an issue that I couldn't fix up til now. I wonder if downgrading to one based on android 11 would work?
"Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList."
Thank you! That, I didn't know.
SimpleStevie said:
It's super weird, I've been flashing roms on android phones for as long as I can remember and I've never had an issue that I couldn't fix up til now. I wonder if downgrading to one based on android 11 would work?
Click to expand...
Click to collapse
Note that you may have to adjust the fingerprint of your device to make it appear like running a "legit" rom.
Ludoboii said:
All instructions that I was able to find on how to pass SafetyNet on a rooted phone with a custom ROM were for older version of Magisk, so I figured I'd write a guide on how I did it on version 24.3. I'm running LineageOS 18.1 for microG (no gapps) but hopefully it works for other ROMs too. Step 3 is probably not needed for phones using the stock ROM.
Prerequisites: POCO F3 rooted with Magisk>=24.0.
Steps:
Open Magisk and go to settings, enable both Zygisk and Enforce DenyList. Tap Configure DenyList and check all apps that need to pass SafetyNet. You should probably check all system apps by Google that are usually preinstalled in Android devices, except for com.google.android.gms. Reboot.
Install the module Universal SafetyNet Fix. Make sure you install the latest Zygisk version and not the Riru one. Reboot. Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList.
Install module MagiskHide Props Config. Reboot. Open any terminal emulator. Type "su" (without the quotes) then hit enter, give root permission if requested. Type "props" then enter, type "1" then enter, type "f" then enter, type the number for POCO (should be 22) then enter, pick the version for your model, region and Android version then enter, answer yes to all questions including when asked to reboot.
I used this app to run a test after every step:
SafetyNet Helper Sample - Apps on Google Play
Sample app to check if your device passes the Google SafetyNet CTS test
play.google.com
I got a pass on basic integrity after step 2 and a pass on CTS profile match after step 3. I added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
If some apps still complain about root try hiding the Magisk app from Magisk's settings.
Click to expand...
Click to collapse
The same problem with me, I used a MI 11 x indian veron, all apps including Banking apps working fine but Jio sim not working with error you used a rooted device. Any solution plz.
thanks. crdroid 8.5 mi 11x passed safetynet with step 1 and 2 only.
For LineageOS users, we have ih8sn. No need for Magisk/Root.
Odd. I just install magisk, activate zygisk, restart and compose my deny list. Hide magisk launcher. Clear all data for Play Services and Gpay. Restart.
Can use Gpay fine.
My banking apps work fine without Zygisk but Gpay doesn't.
On miui.eu

How To Guide GPay / Play Integrity fix for unlocked bootloader

//Note for those who wants to know actual information. Thanks to V0latyle for pointing it out.
V0latyle said:
SafetyNet components like CTSProfile are no longer applicable, as SafetyNet has been replaced by Play Integrity. All of Google's apps such as GPay have long since switched.
More information here.
Click to expand...
Click to collapse
Recently i faced the problem where my CTS profile failed and thus Google Wallet (GPay) wasn't able to work properly.
I managed to fix this, and so decided to share my expirience to help thus in need to fix this issue aswell.
Previously i had this setup for around whole year which did work until now:
Device: oneplus 9 pro
Firmware: oos 11 11.2.10.10
Kernel: from Arter97
Magisk: Magisk Alpha 23.0 + magisk hide + module universal safetynet fix 1.1.1
Problem: Google Wallet (GPay) won't work / CTS profile failed
Now, these are steps which did help me to solve the issue:
1. Rolled back to stock kernel (boot, dtbo, vendor_boot partitions)
2. Set up Magisk Alpha 25205
Spoiler: How did you install Magisk Alpha 25205?
(there are different methods, like manual patch of stock kernel and then flasshing it via fastboot, or flashing it via TWRP (Keep in mind, that in this case you have to preinstall TWRP before installing custom kernel)
3. Activate Zygisk
4. Select in DenyList menu: Google Play Services, Google Play Store, Google Wallet (GPay) and other apps which you'd like to not find out about your modified system
5. DO NOT ENABLE Enforce DenyList option
6. Install Magisk modules: Shamiko 0.5.2 | Universal SafetyNet Fix 2.3.1 for Zygisk | MagiskHide Props Config 6.1.2
7. Using any terminal app, select newer Fingerpring thanks to MagiskHide Props Config module
Spoiler: How do i do that?
1. open any terminal app
2. type "su" (without quotes)
3. type "props"
4. now you can edit your device fingerprint)
8. Clear data of the following apps: Google Play Store, Google Services, Google Wallet (GPay)
9. Reboot
10. Now, when you open up your Google Wallet (GPay) app, it may work OR message that says that it's updating and you can't use it while the process isn't done may appear.
11. If you encounter such message, change your device language to other one and then open up Google Wallet (GPay) app again
12. Now the app should open up, it may take some time to update it's interface to the latest one
Google Wallet (GPay) now works fine and CTS profile passes succesefully.
Have a nice day
more_than_hater said:
Recently i faced the problem where my CTS profile failed and thus Google Wallet (GPay) wasn't able to work properly.
I managed to fix this, and so decided to share my expirience to help thus in need to fix this issue aswell.
Previously i had this setup for around whole year which did work until now:
Device: oneplus 9 pro
Firmware: oos 11 11.2.10.10
Kernel: from Arter97
Magisk: Magisk Alpha 23.0 + magisk hide + module universal safetynet fix 1.1.1
Problem: Google Wallet (GPay) won't work / CTS profile failed
Now, these are steps which did help me to solve the issue:
1. Rolled back to stock kernel (boot, dtbo, vendor_boot partitions)
2. Set up Magisk Alpha 25205
Spoiler: How did you install Magisk Alpha 25205?
(there are different methods, like manual patch of stock kernel and then flasshing it via fastboot, or flashing it via TWRP (Keep in mind, that in this case you have to preinstall TWRP before installing custom kernel)
3. Activate Zygisk
4. Select in DenyList menu: Google Play Services, Google Play Store, Google Wallet (GPay) and other apps which you'd like to not find out about your modified system
5. DO NOT ENABLE Enforce DenyList option
6. Install Magisk modules: Shamiko 0.5.2 | Universal SafetyNet Fix 2.3.1 for Zygisk | MagiskHide Props Config 6.1.2
7. Using any terminal app, select newer Fingerpring thanks to MagiskHide Props Config module
Spoiler: How do i do that?
1. open any terminal app
2. type "su" (without quotes)
3. type "props"
4. now you can edit your device fingerprint)
8. Clear data of the following apps: Google Play Store, Google Services, Google Wallet (GPay)
9. Reboot
10. Now, when you open up your Google Wallet (GPay) app, it may work OR message that says that it's updating and you can't use it while the process isn't done may appear.
11. If you encounter such message, change your device language to other one and then open up Google Wallet (GPay) app again
12. Now the app should open up, it may take some time to update it's interface to the latest one
Google Wallet (GPay) now works fine and CTS profile passes succesefully.
Have a nice day
Click to expand...
Click to collapse
Hello, thanks for posting but I have a question here. In step 7, in "props" I have to choose an option from Google smartphones and according to the Android I am on. Well, the module is outdated and no option appears with Android 13, which is my case. What do I do now?
Ursaotns said:
Hello, thanks for posting but I have a question here. In step 7, in "props" I have to choose an option from Google smartphones and according to the Android I am on. Well, the module is outdated and no option appears with Android 13, which is my case. What do I do now?
Click to expand...
Click to collapse
It seems that there exists an unofficial fork of this magisk module
And, as i understand, it's not that important to choose exactly the same android ver as yours, you can go up and down.
more_than_hater said:
It seems that there exists an unofficial fork of this magisk module
And, as i understands, it's not that important to choose exactly the same android ver as yours, you can go up and down.
Click to expand...
Click to collapse
Thanks. It helped a lot! I was able to resolve the issue here on my OnePlus Ace (10R) on Android 13 and OxygenOS 13. Only thing left for me to solve here is to remove youtube from the system as Wakelocks. Do you have any idea how to remove it permanently? Would you help me?
Ursaotns said:
Thanks. It helped a lot! I was able to resolve the issue here on my OnePlus Ace (10R) on Android 13 and OxygenOS 13. Only thing left for me to solve here is to remove youtube from the system as Wakelocks. Do you have any idea how to remove it permanently? Would you help me?
Click to expand...
Click to collapse
How to Stop Wakelocks from Any Android App Without Root
Have you ever wondered why your Android phone eats your battery life so fast when the screen is off? Wakelocks! Here's a tutorial on how to stop wakelocks!
www.xda-developers.com
SafetyNet components like CTSProfile are no longer applicable, as SafetyNet has been replaced by Play Integrity. All of Google's apps such as GPay have long since switched.
More information here.
I recently faced similar issue, but with newest version of Company portal (Intune) app as I have a work profile.
After updating the app it started detecting I am rooted maybe due to the mentioned change.
I already had configured the zygisk, deny list and safety net fix.
I found 2 ways to fix it.
1 As a workaround to download grade the app with previous version.
2. I just installed latest shamiko and disable enforcement of the deny list. I didn't used the MagiskHide Props Config. Basically all the steps mentioned above, but without MagiskHide Props Config. For now all is fine. I didn't had issues with gpay so far.
I am on Oneplus 9Pro OOS 13 F.72

Categories

Resources