How do i cleanly remove the root and flash the latest MIUI?
It should pass saftynet and the cts profile check after this.
Well, you could simply flash stock. Goes without saying, but you need to backup everything you want to keep. If your device isn't compatible with the latest miui, then magisk would actually help you. Search the universal safety net fix. Also, for cts incompatibility, you could spoof your device, sometimes this can fix your problem.
you have any guide for flashing stock ? TO flash throguh the mi flash tool we need authorized account right ?
Also if possible please share for the cts profile spoofing process. Will try it first..
The issue came with magisk 24.1(they stoped magiskhide) . I updated and when i tried to rollback to 23 all things broke. Device bootloped had to flash the rom again(miui12.5). After that I was not able to make magisk work .Have some work related app that needs safetynet approval.
nivednk14 said:
you have any guide for flashing stock ? TO flash throguh the mi flash tool we need authorized account right ?
Also if possible please share for the cts profile spoofing process. Will try it first..
The issue came with magisk 24.1(they stoped magiskhide) . I updated and when i tried to rollback to 23 all things broke. Device bootloped had to flash the rom again(miui12.5). After that I was not able to make magisk work .Have some work related app that needs safetynet approval.
Click to expand...
Click to collapse
Authorized account is only needed if you are flashing the rom using BootROM or EDL mode.
Just boot it up in fastboot mode, load a fastboot rom in miflash then flash it.
nivednk14 said:
you have any guide for flashing stock ? TO flash throguh the mi flash tool we need authorized account right ?
Also if possible please share for the cts profile spoofing process. Will try it first..
The issue came with magisk 24.1(they stoped magiskhide) . I updated and when i tried to rollback to 23 all things broke. Device bootloped had to flash the rom again(miui12.5). After that I was not able to make magisk work .Have some work related app that needs safetynet approval.
Click to expand...
Click to collapse
You can try using Shamiko if you want to pass SafetyNet in 24.1. It's an alternative to MagiskHide.
Install the module then use Configure DenyList to hide the apps you want
Don't forget to turn off the Enforce DenyList switch.
Shamiko 0.4.1.zip
drive.google.com
Thanks Everyone I got it working for now.
Downgraded to magisk 23 and used riru and universal Safetynet fix.
Not going up update till this is working.
If update is must i think will try with zygisk fix.
Will give shamiko atry that time.
Related
Hi there,
It might be a dumb question, but im kinda clueless.
I have my device not rooted and the SavetyNet-Check of Magisk says ctsProfile: false.
My bootloader is unlocked since the beginning. Could that be the reason for it? And if so how could I avoid it? Rooting or Relocking the bootloader?
Background:
Because I experience problems with a couple of banking apps that they dont start/crash on startup and one of them saying it might be of having my device rooted.
So thats why I thought maybe SafetyNet Check is not good and checked it and figured out one check is not passing.
wsjoke said:
Some kernels lack the feature needed to pass cts without magisk installed you can either
1. install magisk to pass CTS
2. Use a kernel that has the patch (loki and my own kernel "chunchunmaru" should have it but both are for Q only as off now)
Click to expand...
Click to collapse
First, in what rom you are? Why u install magisk manager if u don't have root? What apps don't open? We aren't magicians or clairvoyants, please always mention more details
wsjoke said:
Hi there,
It might be a dumb question, but im kinda clueless.
I have my device not rooted and the SavetyNet-Check of Magisk says ctsProfile: false.
My bootloader is unlocked since the beginning. Could that be the reason for it? And if so how could I avoid it? Rooting or Relocking the bootloader?
Background:
Because I experience problems with a couple of banking apps that they dont start/crash on startup and one of them saying it might be of having my device rooted.
So thats why I thought maybe SafetyNet Check is not good and checked it and figured out one check is not passing.
Click to expand...
Click to collapse
I assume that you are from stock. It is the problem from Mi A2 Lite's device fingerprint that somehow it is not certified. Probably for reasons:
1. Magisk manager is present
2. Unlocked bootloader
3. Usually, it will pass when fingerprint has the same value from 10.0.1.0. After that, it fails for no reason. One theory suggests it might have to do with vulnerabilities present from our device (the System Toolkit app, when you dial *#*#64663#*#*), thus revoking certification from Play Store.
If you're on custom ROM, that would be it, except from POSP that has passed CTS. Also it could be the GApps you are using.
Os_Herdz said:
First, in what rom you are? Why u install magisk manager if u don't have root? What apps don't open? We aren't magicians or clairvoyants, please always mention more details
Click to expand...
Click to collapse
Stock rom, I previously had my phone rooted, thats why I still have installed magisk.
Various Banking Apps doesnt work as intended. For example https://play.google.com/store/apps/details?id=de.commerzbanking.mobil&hl=de cant unlock with fingerprint anymore. https://play.google.com/store/apps/details?id=com.starfinanz.mobile.android.dkbpushtan&hl=de doesnt open at all and opens a website which says a rooted phone could cause this issue.
Hey everyone,
So with pokemon GO dropping support for 32-bit devices soon (and Motorola decided to give us a 32-bit OS on 64-bit hardware....), I was wondering if there was any way I could flash a 64-bit ROM and still pass the SafetyNet CTS check? I guess I'd have to flash something without built in root, and then re-lock the bootloader, has anyone done this before?
Currently running stock ROM on my XT1676.
Thanks in advance,
J.e.v.a
Jimmy_The_Squid said:
Hey everyone,
So with pokemon GO dropping support for 32-bit devices soon (and Motorola decided to give us a 32-bit OS on 64-bit hardware....), I was wondering if there was any way I could flash a 64-bit ROM and still pass the SafetyNet CTS check? I guess I'd have to flash something without built in root, and then re-lock the bootloader, has anyone done this before?
Currently running stock ROM on my XT1676.
Thanks in advance,
J.e.v.a
Click to expand...
Click to collapse
Why would you want to re-lock the bootloader? You couldn't do that anyway without flashing a stock unmodified firmware image and even then its not advisable because if something happens in the future you may not be able to reflash firmware as the bootloader is locked
Anyway to answer your question - most 64bit roms pass safetynet by default (lineage 17.1 & AOSP for example) as they contain a hack that changes the device fingerprint (you will get a message on boot about contacting the manufacturer due to the mismatch of fingerprints but this can be ignored)
If you want root flash magisk and then hide pokemon go in magisk hide assuming magisk still supports hiding of root as I haven't tested it for a while
Also no roms should be rooted by default - you need to root it yourself if you want to
Jimmy_The_Squid said:
Hey everyone,
So with pokemon GO dropping support for 32-bit devices soon (and Motorola decided to give us a 32-bit OS on 64-bit hardware....), I was wondering if there was any way I could flash a 64-bit ROM and still pass the SafetyNet CTS check? I guess I'd have to flash something without built in root, and then re-lock the bootloader, has anyone done this before?
Currently running stock ROM on my XT1676.
Thanks in advance,
J.e.v.a
Click to expand...
Click to collapse
Just use MintOS with Magisk
It will work out of the box
Thanks for the advice both, I wanted to relock the bootloader as I believe the CTS check fails if it is detected as being unlocked. I'll have a go with one of the recommended ROMs and let you know how it turns out. I don't have any need for Root.
J.e.v.a.
Jimmy_The_Squid said:
Thanks for the advice both, I wanted to relock the bootloader as I believe the CTS check fails if it is detected as being unlocked. I'll have a go with one of the recommended ROMs and let you know how it turns out. I don't have any need for Root.
J.e.v.a.
Click to expand...
Click to collapse
The bootloader tripping CTS does not work on this phone, it's too old
And you ironically need Magisk to pass SafetyNet! Magisk Hide hides Custom ROM things too that will trap SafetyNet.
nift4 said:
The bootloader tripping CTS does not work on this phone, it's too old
And you ironically need Magisk to pass SafetyNet! Magisk Hide hides Custom ROM things too that will trap SafetyNet.
Click to expand...
Click to collapse
Ah good to hear having an old phone works in my favour sometimes.
I'm in same boat : wanted to flash the Lineage OS 64 bit version on the G5.
I don't understand why we need to use Magisk, I used to do the same last year on a Samsung J3 and flash a Lineage 14.1 (32bits and without root).
And it pass Safetynet checks wihout Magisk, is Magisks reaaly required on the G5 if we don't root the phone ?
Thanks
foosee said:
I'm in same boat : wanted to flash the Lineage OS 64 bit version on the G5.
I don't understand why we need to use Magisk, I used to do the same last year on a Samsung J3 and flash a Lineage 14.1 (32bits and without root).
And it pass Safetynet checks wihout Magisk, is Magisks reaaly required on the G5 if we don't root the phone ?
Thanks
Click to expand...
Click to collapse
It depends if the rom passes safetynet by default
If it doesn't you need magisk to either flash a safetynet module or change device fingerprint in order to pass cts
You also need it to hide the fact you're rooted from apps using magisk hide
So to clarify - if the rom passes basic integrity & cts there shouldn't be a need to root
If it doesn't you need to use magisk to help you pass these things and to hide root
foosee said:
I'm in same boat : wanted to flash the Lineage OS 64 bit version on the G5.
I don't understand why we need to use Magisk, I used to do the same last year on a Samsung J3 and flash a Lineage 14.1 (32bits and without root).
And it pass Safetynet checks wihout Magisk, is Magisks reaaly required on the G5 if we don't root the phone ?
Thanks
Click to expand...
Click to collapse
Try it. You can unroot and root your phone with the zips.
Hi,
I have read and tried many things on the Internet to be able to pass safety on my Moto G5 (XT1676) under LOS 17.1 and then 18.1 but I did not managed to make it pass safetynet tests...
Using Magisk latest version and Hide/Props (fingerprints) makes in fact things worse than just LOS installed.
With LOS installed, I have only "CTS profile" failed but after using Magisk, depending on modules used, CTS profile is still "failed" and other categories are "failed" too.
Does anyone know how to pass safetynet tests on G5 (cedric) as of May 2021 with LOS 18.1 from Jarl-Penguin (Which tools/version/settings) ?
I just want to be able to use my banking app... I do not need to root my phone.
If not possible, my guess is I have to go back to stock ROM and to relock bootloader ?... I have tried once and I lost IMEIs... which I only managed to recover by reflashing LOS ! (other methods found on XDA did not apply and/or work for me)
Thank you
alxsj said:
Hi,
I have read and tried many things on the Internet to be able to pass safety on my Moto G5 (XT1676) under LOS 17.1 and then 18.1 but I did not managed to make it pass safetynet tests...
Using Magisk latest version and Hide/Props (fingerprints) makes in fact things worse than just LOS installed.
With LOS installed, I have only "CTS profile" failed but after using Magisk, depending on modules used, CTS profile is still "failed" and other categories are "failed" too.
Does anyone know how to pass safetynet tests on G5 (cedric) as of May 2021 with LOS 18.1 from Jarl-Penguin (Which tools/version/settings) ?
I just want to be able to use my banking app... I do not need to root my phone.
If not possible, my guess is I have to go back to stock ROM and to relock bootloader ?... I have tried once and I lost IMEIs... which I only managed to recover by reflashing LOS ! (other methods found on XDA did not apply and/or work for me)
Thank you
Click to expand...
Click to collapse
You can try flashing MicroG via TWRP (suggest the NanoDroid version plus their patcher) BUT you will have to uninstall Magisk, since I never knew how to pass the SafetyNet using a custom URL with in the settings of MicroG.
Tiki Thorsen said:
You can try flashing MicroG via TWRP (suggest the NanoDroid version plus their patcher) BUT you will have to uninstall Magisk, since I never knew how to pass the SafetyNet using a custom URL with in the settings of MicroG.
Click to expand...
Click to collapse
Thank you for your answer. Have you ever made it work this way or is it just a guess ?
alxsj said:
Thank you for your answer. Have you ever made it work this way or is it just a guess ?
Click to expand...
Click to collapse
Last time check it did (when i posted that), but AFAIK Google did some changes into SafetyNet and is not working anymore.
Tiki Thorsen said:
Last time check it did (when i posted that), but AFAIK Google did some changes into SafetyNet and is not working anymore.
Click to expand...
Click to collapse
OK. Thank you for the up-to-date information !
The latest version of MicroG now passes includes a Safetynet check and it passes.
Hi, with this tuto (https://forum.xda-developers.com/t/...motorola-moto-g5-stock-to-android-11.4524049/) I fail CTS check but Netflix and Disney+ work
As the title implies, the universal safetynet fix 2.2.0 has been released for those that want root + Google Pay + Netflix + banking apps + etc
Release v2.2.0 (Zygisk) · kdrag0n/safetynet-fix
Changes Ported module to Zygisk Fixed screen-off Voice Match in Google Assistant Fixed poor microphone quality with Voice Match enabled on Pixel 5 Fixed At a Glance weather display on Android 12 F...
github.com
Yep thanks. Just uninstalled Alpha channel with Riru and USNF v2.1.1 and installed official Canary with Zygist and USNF v2.2. Passing all checks and all root detecting apps are working.
Just for info: root detection and SN are 2 different things ... all my banking apps work OK once they are in Magisk's DenyList, so they check for root (e.g. check su binary or check if com.topjohnwu.magisk exists) but don't check SN. Google pay (which I personally do not use) does not work (only works with SN). Netflix needs SNF for it to appear on the Play store but does not care about root. Of course just unlocking the BL means that you have tampered with the device and that will make SN fail (even when youy are still unrooted).
foobar66 said:
Just for info: root detection and SN are 2 different things ... all my banking apps work OK once they are in Magisk's DenyList, so they check for root (e.g. check su binary or check if com.topjohnwu.magisk exists) but don't check SN. Google pay (which I personally do not use) does not work (only works with SN). Netflix needs SNF for it to appear on the Play store but does not care about root. Of course just unlocking the BL means that you have tampered with the device and that will make SN fail (even when youy are still unrooted).
Click to expand...
Click to collapse
Just wondering before I install this and try it is it safe to use? I understand there is a risk just like anything linked to rooting. However based on this posted you make it sound like this isn't needed, so just making sure before I install it, bc I do use Gpay.
Also is it the same as:
Working SafetyNet with Pixel 6 Pro Android 12
This is no longer using an Unofficial Magisk app, it's the official Canary and USNF 2.2.0 1. Download the latest Magisk Canary build 2. Patch the boot.img from the Factory Images in Magisk, you'll also need the vbmeta.img if you aren't already...
forum.xda-developers.com
Some banking apps check for SN, other's don't. Most banking apps check for root nowadays ... Anyway does not "harm" if you install it (on the contrary). You will need it for GPay.
collegencmc said:
Just wondering before I install this and try it is it safe to use? I understand there is a risk just like anything linked to rooting. However based on this posted you make it sound like this isn't needed, so just making sure before I install it, bc I do use Gpay.
Also is it the same as:
Working SafetyNet with Pixel 6 Pro Android 12
This is no longer using an Unofficial Magisk app, it's the official Canary and USNF 2.2.0 1. Download the latest Magisk Canary build 2. Patch the boot.img from the Factory Images in Magisk, you'll also need the vbmeta.img if you aren't already...
forum.xda-developers.com
Click to expand...
Click to collapse
It is the same as this but is now free instead of behind the Patreon/one time paywall. I can confirm it works with LSposed and I'm passing Safetynet.
Great thanks for the info on this!
Hi there.
I have an unrooted realme 6 pro. 2 days ago I tried to use Google pay and it did not work. It said that "You can´t pay contactless using this device. It may be rooted or running uncertified software.
I went to google play and I saw that my device is certified. After running some SafetyNet checks it says that CTS profile match failed. evakuation type: BASIC HARDWARE_BACKED. And then after reading some blogs I saw that on Google Play my netflix isn´t supported on my device although I have already installed it.
Any help or advice?
Thanks
Is your bootloader unlocked?
There's only 2 reliable ways to pass SafetyNet including CTS. The first is a completely stock device running pure OEM firmware with a locked bootloader.
The second is with Magisk, using DenyList and 2 modules: Universal SafetyNet Fix and MagiskHide Props Config.
A stock ROM on an unlocked bootloader will fail.
A custom ROM on a locked bootloader will fail.
V0latyle said:
Is your bootloader unlocked?
There's only 2 reliable ways to pass SafetyNet including CTS. The first is a completely stock device running pure OEM firmware with a locked bootloader.
The second is with Magisk, using DenyList and 2 modules: Universal SafetyNet Fix and MagiskHide Props Config.
A stock ROM on an unlocked bootloader will fail.
A custom ROM on a locked bootloader will fail.
Click to expand...
Click to collapse
I have also checked that. It has always been locked. I do not know if the problem is caused due to the new android update since is now running on android 11. Plus I dont want to root my phone
V0latyle said:
Is your bootloader unlocked?
There's only 2 reliable ways to pass SafetyNet including CTS. The first is a completely stock device running pure OEM firmware with a locked bootloader.
The second is with Magisk, using DenyList and 2 modules: Universal SafetyNet Fix and MagiskHide Props Config.
A stock ROM on an unlocked bootloader will fail.
A custom ROM on a locked bootloader will fail.
Click to expand...
Click to collapse
... You cannot have custom rom on unlocked bootloader LOL. Just saying. Unless a device is ancient, back in the days where you could run custom roms without unlocked bootloader.
JhinCuatro said:
... You cannot have custom rom on unlocked bootloader LOL. Just saying. Unless a device is ancient, back in the days where you could run custom roms without unlocked bootloader.
Click to expand...
Click to collapse
But that's the thing. I don't have a custom from. I did not root my phone. The only thing I did is to open the developer options. The bootloader was always locked. That started happening after the update to android 11. I sent my phone to the customer service now but I do not think they will do anything.
JhinCuatro said:
... You cannot have custom rom on unlocked bootloader LOL. Just saying. Unless a device is ancient, back in the days where you could run custom roms without unlocked bootloader.
Click to expand...
Click to collapse
You can, you just have to set a custom root of trust. See Android Boot Flow
V0latyle said:
You can, you just have to set a custom root of trust. See Android Boot Flow
Click to expand...
Click to collapse
Oops I misstated. I meant custom rom on locked bootloader**.
manu3732 said:
But that's the thing. I don't have a custom from. I did not root my phone. The only thing I did is to open the developer options. The bootloader was always locked. That started happening after the update to android 11. I sent my phone to the customer service now but I do not think they will do anything.
Click to expand...
Click to collapse
Same problem with my OnePlus Nord.
oOEDGUYOo said:
Same problem with my OnePlus Nord.
Click to expand...
Click to collapse
Did you find any fix yet... Am having the same issue
happy619 said:
Did you find any fix yet... Am having the same issue
Click to expand...
Click to collapse
I ended up installing the Pixel Experience rom. It was the only way to fix it
oOEDGUYOo said:
I ended up installing the Pixel Experience rom. It was the only way to fix it
Click to expand...
Click to collapse
I have been on custom ROMs for over 6 months on nord ... Some have bad update cycles .. Some are unstable and many more issues although my Device was certified
I have the same problem, bootloader is normally unlocked and I have Universal SafetyNet Fix and MagiskHide Props Config installed, using lineage 18.1 on my redmi 9 pro device
I have flashed both ...( Magisk hide prop conf & universal safety net )
But still "CTS failed, can somebody help me please....
I have this problem too. Any solutions ? I tried magisk with prop conf and safety net-fix and still have cts failed...
Finally success
of course magisk with deny list setup and the rest
1. remove universal safety fix
2. reboot
3. install displax fork mod 3.0 here
4. reboot
5. clear cache from google wallet
The rest ? What you mean ? Cause i have problem with CTS failed and im desperatly looking for solution
Oshvitzon said:
Finally success
of course magisk with deny list setup and the rest
1. remove universal safety fix
2. reboot
3. install displax fork mod 3.0 here
4. reboot
5. clear cache from google wallet
Click to expand...
Click to collapse
The rest ? What you mean ? Cause i have problem with CTS failed and im desperatly looking for solution
Mrlama112 said:
The rest ? What you mean ? Cause i have problem with CTS failed and im desperatly looking for solution
Click to expand...
Click to collapse
The regular instructions:
Magisk with zygisk , hide app , configure deny list and then as i said in the previous post
Oshvitzon said:
Finally success
of course magisk with deny list setup and the rest
1. remove universal safety fix
2. reboot
3. install displax fork mod 3.0 here
4. reboot
5. clear cache from google wallet
Click to expand...
Click to collapse
Thank you! Worked like a charm! IDK why my CTS Profile suddenly started failing, but this seemed to have fixed it.
Oshvitzon said:
Finally success
of course magisk with deny list setup and the rest
1. remove universal safety fix
2. reboot
3. install displax fork mod 3.0 here
4. reboot
5. clear cache from google wallet
Click to expand...
Click to collapse
Thanks so much it worked well. Am I able to update the Google Wallet without it affecting the mod 3.0?