Hi all,
Got a new phone and finally decided to see if I could root the old Pixel 2 XL. It's unlocked, bought directly from Google. Never before unlocked bootloader until now.
It was flashed to factory Android 11 2020-12, and rooted from there. Magisk 21.1 beta was installed from zip while booted into TWRP 3.0.4, as advised in this thread. The latest Play System Update (Oct 5, 2020) was automatically installed while I was messing around afterwords.
I confirmed root access thru a checker and Termux, which is pretty neat! Hadn't rooted a device in a long time!
Unfortunately, device certification fails in Play Store, Magisk SafetyNet check and being unable to add a credit card to Google Pay. Magisk says basicIntegrity passes, but CTSprofile fails.
Things I've tried, mostly from this exhaustive guide:
Hidden Magisk Manager
Enabled MagiskHide, rebooted
Remove Magisk zip from storage
Lock bootloader again, rebooted
Clear app storage for Play store and Play services, rebooted
Disable USB debugging
Disable Play Protect scanning
Looked over XDA boards, Magisk changelog/documentation/guides
Things I haven't done (yet?):
Spoofing device fingerprint. I wouldn't expect this to be necessary, since it's actually authentic! But maybe there's more to it that I don't understand?
Start over from scratch, with Magisk Canary build - doesn't appear to be any improvements to MagiskHide according in current release notes
Is this possible to achieve?
composition said:
Is this possible to achieve?
Click to expand...
Click to collapse
SafetyNet:Magisk and MagiskHide Installation and Troubleshooting guide
www.didgeridoohan.com
Google I believe is using hardware-backed CTS profiling, which Magisk cannot circumvent. Your only chance of passing CTS is to hope Google ISN'T using the hardware-backed version, so you can employ one of the workarounds I gave in the link above.
There is a setting in magisk manager that let's you switch the attestation check. I'm having a brain fart as to where it is atm but I'll poke around and if/when I find it, I'll reply again.
Larzzzz82 said:
There is a setting in magisk manager that let's you switch the attestation check. I'm having a brain fart as to where it is atm but I'll poke around and if/when I find it, I'll reply again.
Click to expand...
Click to collapse
Apparently we're both having brain farts. I didn't even think there was such a setting. Then again, I don't use Google Pay.
Related
Hey guys. So I have the latest magisk beta v19 and latest magisk manager. My safety net is passing but Google pay doesn't work. Did the new March update make it detect unlocked bootloader? My bootloader is unlocked with TWRP installed. Has anyone tested with and without TWRP installed?
zee24 said:
Hey guys. So I have the latest magisk beta v19 and latest magisk manager. My safety net is passing but Google pay doesn't work. Did the new March update make it detect unlocked bootloader? My bootloader is unlocked with TWRP installed. Has anyone tested with and without TWRP installed?
Click to expand...
Click to collapse
Works for me but I had to make sure to hide the needed apps in MagiskHide (GPay, G Play Services, Framework) and even then, it required me to clear data in Pay, Services > then reboot > then proceed to add a card.
Also check to make sure that auto updates are not on for Google Pay. I think the version matters. My version is currently 2.84.237487748.
SageWilliams said:
Works for me but I had to make sure to hide the needed apps in MagiskHide (GPay, G Play Services, Framework) and even then, it required me to clear data in Pay, Services > then reboot > then proceed to add a card.
Also check to make sure that auto updates are not on for Google Pay. I think the version matters. My version is currently 2.84.237487748.
Click to expand...
Click to collapse
Wow so idk which one of the things you said did it but it worked, I downgraded my app, but I didn't have Google framework hidden from magisk so I did that I cleared the data and then rebooted that worked! Thanks so much and anyone else who's having this issue try this
zee24 said:
Wow so idk which one of the things you said did it but it worked, I downgraded my app, but I didn't have Google framework hidden from magisk so I did that I cleared the data and then rebooted that worked! Thanks so much and anyone else who's having this issue try this
Click to expand...
Click to collapse
Great, I will say its hit or miss sometimes. Mine worked in stores for a few days, then stopped saying I was rooted so I had to redo the method to get it back.
This is the fix
Magisk stable build, all latest official builds of everything else, nothing special. and Magisk hide on google play store, google play services and google pay then - Renaming com.google.android.gms to com.google.android.gms.bak (found in Data/Data) in root browser and then rebooting is the answer .
prot- said:
This is the fix
Magisk stable build, all latest official builds of everything else, nothing special. and Magisk hide on google play store, google play services and google pay then - Renaming com.google.android.gms to com.google.android.gms.bak (found in Data/Data) in root browser and then rebooting is the answer .
Click to expand...
Click to collapse
Great. Finally a fix. All like above but used Magisk 19.0. Thanks. I hope we're able to keep finding fixes like this. Google pay is a convenience.
According to this, it is to be expected on Pixel devices, vs others.
Advantages:
If you will see the list of the advantages and the list is too long of the magisk. This is the best Android application which you can use on your device. Let’s take a dive in the advantages of the Magisk.
You can use Financial/Banking applications.
You can use Snapchat without any issues.
You can also play Pokemon Go on your rooted Android device.
You can install OTA updates on your device.
You can also install System-less Xposed framework on your lollipop and marshmallow devices.
You can use Android Pay.
You can also bypass SafetyNet.
You might Face issues in:
Google Pixel and Google Pixel XL devices. The work is in progress, and we are working on i.
Magisk Manager cannot be placed in adaptable storage, or superuser will not work
MagiskSU does not support multi-user, and we are working on it to make multi-user support.
MagiskSU does not work on Android O preview, and we are working on it.
Click to expand...
Click to collapse
https://******************/
Since when are we not allowed to post links? Go to: magiskmanager dot com
Droid_Nut said:
According to this, it is to be expected on Pixel devices, vs others.
https://******************/
Since when are we not allowed to post links? Go to: magiskmanager dot com
Click to expand...
Click to collapse
Ever since that site was verified to be a fake.
https://www.google.com/amp/s/www.xd...kmanager-com-not-official-website-magisk/amp/
prot- said:
This is the fix
Magisk stable build, all latest official builds of everything else, nothing special. and Magisk hide on google play store, google play services and google pay then - Renaming com.google.android.gms to com.google.android.gms.bak (found in Data/Data) in root browser and then rebooting is the answer .
Click to expand...
Click to collapse
Thanks so much dude....much appreciated
I was running Android 9 Aug?2018 update with a custom kernel and Magisk. A few weeks ago Google Pay stopped working and i read the long thread here about the Google Play store update and Magisk no longer hiding root. I dirty flashed an updated stock rom and removed the format (-w) switch. I stayed with the stock kernel. Re-rooted with update Magisk root and Magisk app. In Magisk i pass SafetyNet Check ctsProfile and basicIntegrity. When i try to use Google Pay I still get the error message that i cannot use GooglePay there. I am very close to just going completely stock with no root as I am not jacking with my phone as much as i did years ago, android is progressing nicely and plus many devs have moved on from the P2XL. I just really dont want to have to re setup my phone. Any thing else i can try to use GooglePay before i go back to stock?
P2XL Bootloader unlocked
Android: 9.0 3/5/19
Magisk V19.0 (19000)
Magisk Manager 7.1.1
Not running any Magisk Modules
Thanks for any help or suggestions
fortillian said:
I was running Android 9 Aug?2018 update with a custom kernel and Magisk. A few weeks ago Google Pay stopped working and i read the long thread here about the Google Play store update and Magisk no longer hiding root. I dirty flashed an updated stock rom and removed the format (-w) switch. I stayed with the stock kernel. Re-rooted with update Magisk root and Magisk app. In Magisk i pass SafetyNet Check ctsProfile and basicIntegrity. When i try to use Google Pay I still get the error message that i cannot use GooglePay there. I am very close to just going completely stock with no root as I am not jacking with my phone as much as i did years ago, android is progressing nicely and plus many devs have moved on from the P2XL. I just really dont want to have to re setup my phone. Any thing else i can try to use GooglePay before i go back to stock?
P2XL Bootloader unlocked
Android: 9.0 3/5/19
Magisk V19.0 (19000)
Magisk Manager 7.1.1
Not running any Magisk Modules
Thanks for any help or suggestions
Click to expand...
Click to collapse
There is a lot of talk in many threads about this. There is a good tutorial or two around that do work but seemingly only temporarily then it breaks again. Seems Google would a way to detect stuff that is not patched yet. I am at work so I don't have much time to go searching but it should not be hard to find. It includes deleting a folder and reinstalling and hiding magisk.
CyberpodS2 said:
There is a lot of talk in many threads about this. There is a good tutorial or two around that do work but seemingly only temporarily then it breaks again. Seems Google would a way to detect stuff that is not patched yet. I am at work so I don't have much time to go searching but it should not be hard to find. It includes deleting a folder and reinstalling and hiding magisk.
Click to expand...
Click to collapse
Yea, I've been through that 106 page thread and a few others. Renamed folders, deleted folders, reinstalled apps, hid services in magisk hide. I was never a fan of NFC payment until I started using it lol.
Try safety patch module in Magisk to pass Safetynet
HueyT said:
Try safety patch module in Magisk to pass Safetynet
Click to expand...
Click to collapse
I appreciate the reply. installed this plugin. cleared cache/data for Google Pay and Deleted the GMS folder again. Reinstalled GPay, no joy
Trying to decide on checking out Android Q or Dirty Unicorn. I dont jack with my phone much anymore, may be worth it to checkout Q and lock it up for GPAY atleast for now.
fortillian said:
I appreciate the reply. installed this plugin. cleared cache/data for Google Pay and Deleted the GMS folder again. Reinstalled GPay, no joy
Trying to decide on checking out Android Q or Dirty Unicorn. I dont jack with my phone much anymore, may be worth it to checkout Q and lock it up for GPAY atleast for now.
Click to expand...
Click to collapse
I'm thinking the same
Since updating to C.48 (2125 [phone], coming from C.47, my Google Play and Pay have stopped working on my rooted phone (Magisk 24.3), even though it passes SafetyNet with YASNAC. When I try to open Play I get a "Try Again" screen. When I try to open Pay, I get "Google Pay is updating right now...". I've got Universal SafetyNet Fix 2.2.1 and MagiskHide Props Config installed, and Play and Pay in the Deny List. Tried using Shamiko 0.4.4 (while disabling deny) with no better results. Cleared cache and data on both apps multiple times. Uninstalled Magisk and unrooted, and everything worked again. Re-rooted w/o opening either app, put them both into "deny" and, for a brief time, both worked -- but eventually (without my doing anything that I could tell), they both reverted to the behavior described above.
I'm wondering if this behavior has anything to do with the April security update included in C.48? Because it's really odd that I YASNAC still shows safetynet as having passed. More likely, it's user error on my part, but has anyone else run into this yet on C.48?
I have a LE2127 running your firmware and I don't notice issues. One thing you could try is just flashing the update zip over your current OS using the OPlocalupdate apk here https://oxygenos.oneplus.net/OPLocalUpdate_For_Android12.apk
Thanks. I presume you're rooted? Which version of Magisk are you using and are you using Deny List or Shamiko?
rogerinnyc said:
Thanks. I presume you're rooted? Which version of Magisk are you using and are you using Deny List or Shamiko?
Click to expand...
Click to collapse
Yes, I'm rooted. I'm using Denylist on Magisk 24.3.
No problems on my end with Gpay while rooted
I gave up and did a total restore with MSM and then made sure to root and fill up the Deny List (and add SafetyNet Fix) before opening up Google Pay or Play. That seemed to work. Not sure how I messed it up in the first place, but I think it was in upgrading from C47 to C48 and my sequencing of unrooting, upgrading, clearing storage in the apps and re-rooting. Thanks all.
Hi,
after bricked my device, I wipe, reinstalled new on July patch and root.
All is working but not the certified in Play Store.
SafetyNet is passes.
Male a new fingerprint with props and the OS isn't loading.
Anyone has an idea?
Hi,
try redoing a fingerprint, reboot. Have had this problem myself and that solved it.
Leave it for a few days, normally it will be certified back after 2 days
Close the Play Store and clear the app data/cache and it'll fix the certification.
You shouldn't have to do anything to the fingerprint to pass.
Latest Magisk (25.1)
Universal SafetyNet Fix 2.3.1
DenyList enabled on Google Play Store
This is on a Pixel 5, but it shouldn't make any difference. SafetyNet passes, and device is Play Certified.
Spoiler: Screenshots
This is old story - Please clean google play store data and cache and then reopen google play store to make it download necessary files to certify again and then it will pass certification.
Not an old story, there's much discussion on the release of a new "aggressive" API that passes safteynet but failed other, stronger tests that Netflix and Gpay use to detect root. So far, I have not seen anyone overcome it on P6P without changing fingerprint.
rhetorician said:
Not an old story, there's much discussion on the release of a new "aggressive" API that passes safteynet but failed other, stronger tests that Netflix and Gpay use to detect root. So far, I have not seen anyone overcome it on P6P without changing fingerprint.
Click to expand...
Click to collapse
I've had no problem with Magisk zygisk and UNSF 2.3.1 with Google pay/wallet and netflix. Google play has always shown my P6P as certified.
Go to the GitHub page and look at the discussion posted on this issue. If you're able to use GPay on the July firmware with updated Google services, then you appear to be in the minority.
New Google Integrity API update breaks universal safetynet fix · Issue #203 · kdrag0n/safetynet-fix
New Google Integrity API update breaks universal safetynet fix Describe the bug Google Play device is certified. YASNAC safety net passes. Google Pay is now Google Wallet which detects device as ro...
github.com
I am also running July firmware on a rooted P6P, can use GPay and PlayStore says its certified. I've applied all updates, Play Store says it's up to date at v31.6.13-21.
YASNAC passes. Magisk 25.2, Shamiko for Denylist enforcement. Play Store, GPay, and Netflix on denylist.
A modified safetynet fix should fix this problem. Make sure to clear data from google play services. Goodluck.
wanttotree said:
A modified safetynet fix should fix this problem. Make sure to clear data from google play services. Goodluck.
Click to expand...
Click to collapse
Where did you get this from? The official USNF file has only reached V2.3.1.
@Lughnasadh Ahh, thanks for the clarification. I appreciate it =).
NippleSauce said:
Where did you get this from? The official USNF file has only reached V2.3.1.
Click to expand...
Click to collapse
That's from Displax. He actually updated the mod but also lowered the version number so it would coincide with kdragons. So the latest, updated version of Displax's mod is 2.3.1, not 2.3.2.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
I apologize for not crediting Displax.
Seems I am doing something wrong, play store certification status of the devices will still stay on "not certified".
Pixel 5, lineageos 20 freshly installed, magisk (zygisk enabled, enforce deny list, play store + play services fully checked), Displax' USNF v.2.4.0-Mod_1.2 installed, wiped data+cache from play store + play services, Google Services Framework ID registered. Safetynet basic integrity + CTS profile match passed.
Any idea?
ssdnvv said:
Seems I am doing something wrong.
Pixel 5, lineageos 20 freshly installed, magisk (zygisk enabled, enforce deny list, play store + play services fully checked), Displax' USNF v.2.4.0-Mod_1.2 installed, wiped data+cache from play store + play services, Google Services Framework ID registered.
Any idea?
Click to expand...
Click to collapse
You need to install Shamiko to hide su binary (disabling enforce deny list) and check Play Integrity, SafetyNet is depracated: https://play.google.com/store/apps/details?id=gr.nikolasspyr.integritycheck
swer45 said:
You need to install Shamiko to hide su binary (disabling enforce deny list) and check Play Integrity, SafetyNet is depracated: https://play.google.com/store/apps/details?id=gr.nikolasspyr.integritycheck
Click to expand...
Click to collapse
Thanks for your quick answer, but still not certified. Does this "let the device wait for some time"-idea help?
ssdnvv said:
Thanks for your quick answer, but still not certified. Does this "let the device wait for some time"-idea help?
Click to expand...
Click to collapse
Oh, you are using Lineage, I don't like it because doesn't include any patch of this. Try this module: https://github.com/Magisk-Modules-Alt-Repo/sensitive_props/releases/latest
But I recommend you to use another ROM, Lineage is for testing purposes.
ssdnvv said:
play store + play services fully checked
Click to expand...
Click to collapse
wipe the app data of Play Store and force stop it. another option would be flashing the 'Universal SafetyNet Fix' as Magisk module.
Seems shamiko does anyways not bypass CTS on lineageos which I'd like to keep - used to it for several years by now ;-). Or can you recommend another AOSP android 13 ROM, that is still well maintained?
Displax' Universal SafetyNet Fix mod is working in combination with deny list to pass safetyNet but not Playstore integrity check.
The sensitive_props module doesn't seem to change the situation. I just freshly reinstalled and only logged in into google account and entered playstore after YASNAC showed both checks passed.
edit: for the record - I just had to wait roughly two days and the certification was shown in playstore. But even with this not all apps run fine - Microsoft Intune / Teams for accessing company networks for example refuse to connect (yet can be installed, so this seems to be some security initiative from M$).
If you rooted using the method on this forum, and your Google Pay app was recently upgraded to Google Wallet, you will probably find that it doesn't work anymore. Even if you have the Universal SafetyNet Fix installed and SafetyNet shows as passing, the new payment app will still detect your device as rooted. This is because it now uses Google Play Integrity instead of SafetyNet.
There's a lot of discussion in this thread. But the short version is, if you want to get payments working again:
1. Install MagiskHide Props Config.
2. Follow the instructions on that page to change your device fingerprint to Samsung Galaxy S21 (A11).
That's it! Some people in the thread also cleared data for Google Play Services but I don't think I did. Also in that thread is a verification app (first version, official version) for Google Play Integrity that you can use to make sure your device fingerprint setting is correct.
So far I haven't noticed any side effects from changing the fingerprint. I was unable to receive any SMS messages after first changing, but I rebooted a second time and that issue went away.
Just install safetynet-fix-v2.3.1-MOD.zip in Magisk. That worked on my OnePlus Nord CE (EU).
Vattu said:
Just install safetynet-fix-v2.3.1-MOD.zip in Magisk. That worked on my OnePlus Nord CE (EU).
Click to expand...
Click to collapse
Yeah this thread is now out of date. The updated safetynet fix is a much better option now.
You don't need just the safetynet module. You need Shamiko along that.
So latest Safetynet + Shamiko 0.5.2 (the latest version right now) and you're all set. You gotta whitelist the banking apps you use and they'll work perfectly fine. These 2 were enough to allow my preferred ridiculous banking app to work without an issue, without any other modules or tweaking and such.
dragos281993 said:
You don't need just the safetynet module. You need Shamiko along that.
Click to expand...
Click to collapse
You only need Shamiko if you use LSposed, right? I don't use LSposed and it's been enough for me to put all of my annoying apps on the Magisk denylist.
aurny said:
You only need Shamiko if you use LSposed, right? I don't use LSposed and it's been enough for me to put all of my annoying apps on the Magisk denylist.
Click to expand...
Click to collapse
No. I only had Magisk installed with Zygisk turned on. I first installed Safetynet Fix then Shamiko. The first module wasn't enough for my preffered banking app to not detect that the bootloader was unlocked. Shamiko fixed that. I simply installed it as a module in Magisk
Thanks, good to know. I haven't had that issue yet but I'll remember this in case I need it in the future!
aurny said:
If you rooted using the method on this forum, and your Google Pay app was recently upgraded to Google Wallet, you will probably find that it doesn't work anymore. Even if you have the Universal SafetyNet Fix installed and SafetyNet shows as passing, the new payment app will still detect your device as rooted. This is because it now uses Google Play Integrity instead of SafetyNet.
There's a lot of discussion in this thread. But the short version is, if you want to get payments working again:
1. Install MagiskHide Props Config.
2. Follow the instructions on that page to change your device fingerprint to Samsung Galaxy S21 (A11).
That's it! Some people in the thread also cleared data for Google Play Services but I don't think I did. Also in that thread is a verification app (first version, official version) for Google Play Integrity that you can use to make sure your device fingerprint setting is correct.
So far I haven't noticed any side effects from changing the fingerprint. I was unable to receive any SMS messages after first changing, but I rebooted a second time and that issue went away.
Click to expand...
Click to collapse
Thank you very much, it worked perfectly.
This actually worked, thank you!