Well, I have this Moto G5 with LineageOS 16, Magisk 19.3 and TWRP 3.2.3-2-cedric-arm64 and unlocked bootloader.
When I test SafetyNet with Magisk Manager It says to me
SafetyNet check passed
ctsProfile: false
basicIntegrity: false
I have hidden Magisk Manager and changed the device fingerprint with the MagiskHide Props Config (I chosed the Moto G5 7.0 fingerprint)
What should do I do to get them both to true?
Srry for bad english
P.S. I'm having problems with Pokémon GO, this is why I'm doing this
If you flash the magisk uninstall zip and restart the device and run a safetynet check (use a 3rd party app from playstore) does basic integrity pass?
If so try an older version of magisk or try the canary build - if basic integrity still fails and you have tested it again after a clean flash then try a different rom
TheFixItMan said:
If you flash the magisk uninstall zip and restart the device and run a safetynet check (use a 3rd party app from playstore) does basic integrity pass?
If so try an older version of magisk or try the canary build - if basic integrity still fails and you have tested it again after a clean flash then try a different rom
Click to expand...
Click to collapse
I've uninstalled Magisk and checked safety net, it still gives both false.
So I should change rom?
OnionMaster03 said:
I've uninstalled Magisk and checked safety net, it still gives both false.
So I should change rom?
Click to expand...
Click to collapse
If it doesn't pass with a clean flash then yes
OnionMaster03 said:
I've uninstalled Magisk and checked safety net, it still gives both false.
So I should change rom?
Click to expand...
Click to collapse
Los16 doesn't support safetynet on our device, you can use the magisk safetynet Modul that fixed your problem.
OnionMaster03 said:
Well, I have this Moto G5 with LineageOS 16, Magisk 19.3 and TWRP 3.2.3-2-cedric-arm64 and unlocked bootloader.
When I test SafetyNet with Magisk Manager It says to me
SafetyNet check passed
ctsProfile: false
basicIntegrity: false
I have hidden Magisk Manager and changed the device fingerprint with the MagiskHide Props Config (I chosed the Moto G5 7.0 fingerprint)
What should do I do to get them both to true?
Srry for bad english
P.S. I'm having problems with Pokémon GO, this is why I'm doing this
Click to expand...
Click to collapse
I had the same problem, the ONLY thing that worked was installing the Magisk module "SafetyNet Fix" (you can find it the "Downloads" section of Magisk). The issue with that is that it creates a conflict with the "key" so you can an error message every time you start your phone, but you can ignore/clear it.
Tiki Thorsen said:
I had the same problem, the ONLY thing that worked was installing the Magisk module "SafetyNet Fix" (you can find it the "Downloads" section of Magisk). The issue with that is that it creates a conflict with the "key" so you can an error message every time you start your phone, but you can ignore/clear it.
Click to expand...
Click to collapse
If you try copying the fingerprint key from the system build.prop into the vendor build.prop replacing the existing value it should solve that issue
Not tried it as don't own device
Tiki Thorsen said:
I had the same problem, the ONLY thing that worked was installing the Magisk module "SafetyNet Fix" (you can find it the "Downloads" section of Magisk). The issue with that is that it creates a conflict with the "key" so you can an error message every time you start your phone, but you can ignore/clear it.
Click to expand...
Click to collapse
I have the same problem. When I install SafetyPatch, the phone hangs in an bootloop.
I choose pixel 2xl fingerprint. Its working fine for me
So this phone is used by my close relative and I usually update their phone for them. It worked great, no complaints.
Just today I wanted to do something in Magisk, but I didn't have the bottom options like I didn't have root.
Interesting. I thought something broke it, so I decided to update to latest OS and then try again.
Since the phone was running a few months old update, I thought I'd update + root to make sure everything works.
I used flash-all.bat to update, it flashed fine, the phone loaded fine, it shows September security update.
so I went ahead and tried to root like I always did.
got the latest image, updated via flash-all.bat (without -w switch), then copied over the boot.IMG, patched it on phone, copied back to my PC from /sdcard/Downloads, then used "fastboot boot magisk...img" to boot the patched img.
now, this is how I rooted my 9R and this 3a XL a dozen times. but not now.
I open Magisk once it boots up and it just shows me the same Install option.
It same as nothing happened.
like root just doesn't exist. wtf?
did Google mess remotely with Pixels? or what's going on?
ps.: I even tried to "flash" the img into the active slot, both slots, nothing.
like the .img itself is not getting patched.
using Magisk stable, 23.0.
update 1: Interestingly enough, Root Checker says I have root. But Magisk only has Patch File option, no Direct Install. Tried Canary too, nothing. Reinstalled Magisk app, nothing. So weird... like Magisk lost root access? But why? How do I fix that? So weird...
You can open a terminal app and type 'su' to see if it prompts you for root access. If not you can try uninstalling magisk, then rename the magisk.apk to .zip and sideload from recovery.
SOLVED!
Sorry for not updating my thread, it was pretty late when I cracked this.
Here is how I fixed it. (I'll format it a bit later.)
I went Termux, root with su.
went into /data/adb/ and there is a magisk.db file.
I copied that to /sdcard/ and then to PC (you can do this on phone too using SQLite editor apps but whatever. On PC it's easier, more screen estate, etc.)
I used SQLite Browser (free) to open the file, then Browse Data and Policies
here I saw all the apps that had root granted...
So I added a new line.
I used adb shell on PC to find out the data I needed.
first, pm list packages | grep magisk to find magisk's name (it's "com.topjohnwu.magisk")
then, dumpsys package com.topjohnwu.magisk | grep userId to find out the user ID (uid) for it.
I added these into the database, it looked like this in the end:
uid package_name policy until logging notification
10386 com.topjohnwu.magisk 2 0 1 1
(^ your userId will NOT be the same!
and the first line is the column names)
saved the file, copied it back to my phone in Windows, then used Termux to copy the file from /sdcard/magisk.db to /data/adb/magisk.db
then I shut down the phone, used "fastboot boot magisk_.. patched.img" so I'd have a rooted boot image loaded up.
and boom, Magisk app works again.....
how to tell if Magisk app loses root?
well, for me the screen went dark briefly for like 2 times when I opened the app on clean boot.
and of course, Direct Install was missing.
to verify root in this case - you can only use apps that are present in the .db file.
ie.: apps that you granted beforehand.
so I'd really recommend opening Termux then doing a "su" at least after a root.
Why does it happen?!?!
I THINK this happens when you repackage Magisk. So I'd recommend changing it back before doing a system update. Because after the system update, you most often need to reinstall the .APK and then its under the original package + app name. Thus, it's not in the Policy file -> ie.: the Magisk app will not have root.
How to root and pass SafetyNet on Sony Xperia 10 III (XQ-BT52)Tested on firmware 62.0.A.3.163.
Disclaimer:
This guide assumes you're familiar with the concepts of rooting, Magisk, SafetyNet, fastboot, adb and so on. I will explain why things are done but if I explained everything it would become too long.
This guide is limited to getting root and apps working on the stock Sony ROM. It doesn't cover installing other ROMs.
You can mess up your phone if you don't know what you're doing. This is not a beginner's guide.
Before you do anything else, do these preparations:
Make sure your device is updated to the latest firmware. Getting updates after you unlock the bootloader will be more complicated.
Use XperiFirm to grab a copy of your current firmware (after you've updated it). It can run on Linux too, either via Mono or in a virtual machine. It's basically just a downloader, it doesn't need any fancy hardware access.
Screenshot everything under Settings > System.
Open the dialer and enter *#*#7378423#*#*. Screenshot everything in the service submenus.
Unlock developer options (tap Settings > About > Build number 7 times) then find it under Settings > System > Advanced. Activate USB debugging. Activate OEM unlocking.
Install the Android SDK Platform Tools. On Linux they're most likely in a package provided by your distro.
Copy the screenshots to your PC because the phone will be reset at some point.
Boot into fastboot by turning the phone off, then connect it to PC via USB, and press POWER and VOLUME UP together. The phone led will turn blue. On PC run fastboot devices and make sure it lists your phone and has the serial number you got from the service menu.
Unlocking the bootloader:
This is the point of no return as far as warranty is concerned!
This will factory reset the phone! Make sure you got everything you needed off it.
Obtain the unlock code (you will need the IMEI of the 1st SIM slot).
Boot into fastboot, check again that fastboot devices lists the phone.
Issue the unlock command using the code you got earlier: fastboot oem unlock 0x<unlock code here>
Reboot the phone (you can say fastboot reboot). It will say "can't check for corruption" and "erasing" a couple of times but will eventually boot up to the factory setup.
Enabling Magisk & root:
Download the latest Magisk apk to the phone and install it. Right now that means v24+.
Open boot_X-FLASH-ALL-8A63.sin from the original firmware with any archive manager (it's a tar.xz), 7zip will work fine.
Extract boot.000, rename it to boot.img and put it on the phone.
Open the Magisk app, next to "Magisk" tap "install", choose "Select and patch a file", pick the "boot.img" file.
Download the patched img to PC (will be next to boot.img called something like magisk_patched-24100_MKPRJ.img).
Boot into fastboot, check again that fastboot devices lists the phone.
Flash the patched boot image: fastboot flash boot magisk_patched-24100_MKPRJ.img
Must say OKAY. Can then reboot the phone (you can say fastboot reboot).
Open the Magisk app again, it should say "installed" now next to "Magisk". Also the Superuser and Modules buttons should now be enabled.
Go into Magisk settings and activate "Hide the Magisk app". This is NOT MagiskHide, it does not hide Magisk from other apps, it hides the Magisk Manager app from other apps. More on this later.
Go into Magisk settings and activate Zygisk. This is a built-in replacement for Riru going forward.
Reboot!
Install a root checker app and verify that you get a prompt from Magisk to give root and that the checker says it got root.
Important changes about Magisk:
Riru is now obsolete. It has been replaced by a feature built-into Magisk called Zygisk (which is essentially Riru running in Zygote). It is strongly recommended to go into Magisk settings and activate Zygisk (even if you don't use Riru modules). Do not install Riru anymore. All modules that needed Riru should have Zygisk versions by now unless they're abandoned.
Magisk no longer maintains a module repository, To find and install modules install Fox's Magisk Module Manager. It's a dedicated module management app that supports the old Magisk repo as well as new ones. Inside Magisk you can still enable/disable/remove/install manually and can also update if the module has an update URL, so you can do without Fox if you get your modules directly from their XDA or GitHub pages.
MagiskHide has been replaced by a new feature called Deny list (it's in Magisk settings). It's much more powerful because the apps & processes added to the deny list will be completely excluded from anything based on Magisk so it's impossible for them to detect leaks anymore. On the downside, excluded apps can't be affected by any Magisk or LSPosed modules (LSPosed will grey out such apps and say "it's on the deny list".) This feature should be used sparingly (see below) because Magisk still does a good job of evading detection.
Passing SafetyNet:
Install YASNAC to check your SafetyNet status. At this point you're probably not passing either Basic or CTS check.
Go into Magisk settings. Enable "Enforce deny list". Enter "Configure deny list", find Google Services, check it, expand it, and select only the process ending in .gms and the one ending in .gms.unstable.
Reboot. Check YASNAC. At this point you should be passing Basic check but probably not CTS.
Install Universal SafetyNet Fix (aka USNF) by kdrag0n in Magisk. (Some GIS ROMs already include what this module does, so if you install a GIS ROM you may not need it.) This module hijacks the CTS verification and drops an error which causes the Google service to fall back to Basic verification, which we already fixed in the previous step.
Reboot. Check YASNAC. At this point you should be passing both Basic and CTS. That's it!
You may need to clear storage & cache for Google Play & Services. Go to Settings > Apps & notifications > See all apps, select "All apps", find them in the list, clear storage/cache and reboot. After that try searching for a restricted app such as Netflix on the Play store, if it shows up in results you're all good.
Remember to also add to deny list other apps that try to detect if you're using root, like banking apps.
Other SafetyNet related fixes:
People using non-stock GIS ROMs will probably need module MagiskHide Props Config by Didgeridoohan. This will install a props command line util that you can use (as root) to force Basic attestation, apply extra Magisk hiding techniques, spoof device fingerprint, change the way fingerprinting is checked, or even impersonate another device altogether. Install, reboot, enter adb shell, type su to go root (will need to grant root to shell on the phone when prompted), then run props and follow the options.
People running extra-stubborn banking apps (or other apps that try to detect root extra-hard) that don't work even when added to the Magisk deny list can try module Shamiko by LSPosed. This module adds extra hiding techniques for the apps on the deny list. Please note that Shamiko will disable the Magisk "enforce deny list" option but that's ok, that's an extra feature, the deny list is in effect even without it.
Working apps and modulesPlease note that this list is limited to stuff that I personally use. I can't and won't install other stuff to test it.
Root apps:
AFWall(+): Works, but configure it to use its own internal busybox and iptables. Applying rules fails occasionally and you need to retry.
Call Recorder by skvalex: Recording works out of the box, no fiddling required with either headset of mic recording.
JuiceSSH, Termux etc. and other terminal apps: No issues getting root with su.
Busybox: you can install zgfg's module which exposes Magisk's internal Busybox to the rest of the system (bonus: will be updated with Magisk); or you can install osm0sys's module which contains a standalone separate Busybox. As of now both of them provide Busybox 1.34.
MyBackup Pro: Works fine. Used it to transfer 15k+ SMS messages from Android 8.
Solid Explorer: Can access root partitions without issues.
Tasker: No issues.
Titanium Backup: Works but will hang when restoring APKs whose target API doesn't support the ROM's Android version (ie. APKs you can't install directly either).
OAndBackupX: Modern alternative to Titanium, works perfectly.
XPERI+: Version 6 works well and allows you to remap the assistant button and has another couple of features. Version 7 crashes.
Magisk modules:
AFWall Boot AntiLeak
Backup
Builtin BusyBox
Magisk Bootloop Protector
MagiskHide Props Config
Shamiko
SQLite for ARM aarch64 devices
Systemless Hosts (comes with Magisk, enable it in settings)
Universal SafetyNet Fix
Zygisk LSPosed
LSPosed modules:
App Settings Reborn: Works well. May require a couple of reboots before the targeted apps start showing the modifications.
Disable Flag Secure: com.varuns2002 is working, sort of. Please read the module's page. Apps got wise to rooted devices ignoring FLAG_SECURE so now they use hardware DRM or detect screenshots and show you something else (Netflix). So it works only in older versions of apps, or apps that haven't bothered to detect screenshots.
GravityBox [R]: Everything I tried works perfectly.
Physical Button Master Control: The module works as intended, the companion config app has some issues, hopefully they'll be solved soon.
XPrivacyLua: Works perfectly. No issues with SafetyNet.
Not working:
...
Other tested and working Root Apps:
AdAway
Fox's Magisk Module Manager
Franco Kernel Manager
Termux
Not testet yet:
Call Recorder
FolderSync
Total Commander
Vanced Manager
WireGuard
Other tested and working Magisk modules:
1Controller - 1 Module to support all Controllers
Call Recorder - SKVALEX
F-Droid Privileged Extension
Move Certificates (version by Androidacy)
Other tested and working LSPosed modules:
BubbleUPnP AudioCast
All instructions that I was able to find on how to pass SafetyNet on a rooted phone with a custom ROM were for older version of Magisk, so I figured I'd write a guide on how I did it on version 24.3. I'm running LineageOS 18.1 for microG (no gapps) but hopefully it works for other ROMs too (EDIT: it works on LineageOS 19 for microG too). Step 3 is probably not needed for phones using the stock ROM.
Prerequisites: POCO F3 rooted with Magisk>=24.0.
Steps:
Open Magisk and go to settings, enable both Zygisk and Enforce DenyList. Tap Configure DenyList and check all apps that need to pass SafetyNet, except for com.google.android.gms. Reboot.
Install the module Universal SafetyNet Fix. Make sure you install the latest Zygisk version and not the Riru one. Reboot. Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList.
Install module MagiskHide Props Config. Reboot. Open any terminal emulator. Type "su" (without the quotes) then hit enter, give root permission if requested. Type "props" then enter, type "1" then enter, type "f" then enter, type the number for POCO (should be 22) then enter, pick the version for your model, region and Android version then enter, answer yes to all questions including when asked to reboot.
I used this app to run a test after every step:
SafetyNet Helper Sample - Apps on Google Play
Sample app to check if your device passes the Google SafetyNet CTS test
play.google.com
I got a pass on basic integrity after step 2 and a pass on CTS profile match after step 3. I added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
If some apps still complain about root try hiding the Magisk app from Magisk's settings.
Ludoboii said:
All instructions that I was able to find on how to pass SafetyNet on a rooted phone with a custom ROM were for older version of Magisk, so I figured I'd write a guide on how I did it on version 24.3. I'm running LineageOS 18.1 for microG (no gapps) but hopefully it works for other ROMs too. Step 3 is probably not needed for phones using the stock ROM.
Prerequisites: POCO F3 rooted with Magisk>=24.0.
Steps:
Open Magisk and go to settings, enable both Zygisk and Enforce DenyList. Tap Configure DenyList and check all apps that need to pass SafetyNet. You should probably check all system apps by Google that are usually preinstalled in Android devices, except for com.google.android.gms. Reboot.
Install the module Universal SafetyNet Fix. Make sure you install the latest Zygisk version and not the Riru one. Reboot. Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList.
Install module MagiskHide Props Config. Reboot. Open any terminal emulator. Type "su" (without the quotes) then hit enter, give root permission if requested. Type "props" then enter, type "1" then enter, type "f" then enter, type the number for POCO (should be 22) then enter, pick the version for your model, region and Android version then enter, answer yes to all questions including when asked to reboot.
I used this app to run a test after every step:
SafetyNet Helper Sample - Apps on Google Play
Sample app to check if your device passes the Google SafetyNet CTS test
play.google.com
I got a pass on basic integrity after step 2 and a pass on CTS profile match after step 3. I added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
If some apps still complain about root try hiding the Magisk app from Magisk's settings.
Click to expand...
Click to collapse
Although you put your thread in the right place, I miss the Poco F3 in the title of this Guide.
This is why I came across this in a general search and that's actually a shame. Maybe you can edit your title ???
The content of your guide is interesting!
Hi,
I run the Descendant 12 rom and had issues with my banking apps detecting root even after i renamed magisk from within Magisk and adding my banking apps to the DenyList, after much research on XDA i found users freezing magisk to stop prying apps searching for it, the app is called SD MAID
thank you for the updated install instruction for Magisk/Zygisk
Ludoboii said:
All instructions that I was able to find on how to pass SafetyNet on a rooted phone with a custom ROM were for older version of Magisk, so I figured I'd write a guide on how I did it on version 24.3. I'm running LineageOS 18.1 for microG (no gapps) but hopefully it works for other ROMs too. Step 3 is probably not needed for phones using the stock ROM.
Prerequisites: POCO F3 rooted with Magisk>=24.0.
Steps:
Open Magisk and go to settings, enable both Zygisk and Enforce DenyList. Tap Configure DenyList and check all apps that need to pass SafetyNet. You should probably check all system apps by Google that are usually preinstalled in Android devices, except for com.google.android.gms. Reboot.
Install the module Universal SafetyNet Fix. Make sure you install the latest Zygisk version and not the Riru one. Reboot. Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList.
Install module MagiskHide Props Config. Reboot. Open any terminal emulator. Type "su" (without the quotes) then hit enter, give root permission if requested. Type "props" then enter, type "1" then enter, type "f" then enter, type the number for POCO (should be 22) then enter, pick the version for your model, region and Android version then enter, answer yes to all questions including when asked to reboot.
I used this app to run a test after every step:
SafetyNet Helper Sample - Apps on Google Play
Sample app to check if your device passes the Google SafetyNet CTS test
play.google.com
I got a pass on basic integrity after step 2 and a pass on CTS profile match after step 3. I added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
If some apps still complain about root try hiding the Magisk app from Magisk's settings.
Click to expand...
Click to collapse
Hi,
I would like to understand better how to use the list in Magisk, If in this list I put a tick on an app. what does it mean?
Sorry for hijacking the post, here is a Youtube video from,
the amazing "Munchy", i found it very helpfull, he has released loads of informative videos regarding android and custom roms.
johnr64 said:
Hi,
I run the Descendant 12 rom and had issues with my banking apps detecting root even after i renamed magisk from within Magisk and adding my banking apps to the DenyList, after much research on XDA i found users freezing magisk to stop prying apps searching for it, the app is called SD MAID
thank you for the updated install instruction for Magisk/Zygisk
Click to expand...
Click to collapse
Freezing Magisk can help, some banking apps are stubborn... Also, SD Maid can freeze apps?
For me personally, I only had to flash the SafetyNet Fix Magisk Module. Using Xiaomi.eu Weekly Android 12.
Ludoboii said:
... added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
...
Click to expand...
Click to collapse
Hi,
I have followed the procedure but checking with SafetyNet it tells me "SafetyNet request: success
Response signature validation: error".
I'm sorry but I didn't understand which app you are referring to that I have to put the flag in DenyList?
pegasoc said:
Hi,
I have followed the procedure but checking with SafetyNet it tells me "SafetyNet request: success
Response signature validation: error".
I'm sorry but I didn't understand which app you are referring to that I have to put the flag in DenyList?
Click to expand...
Click to collapse
I was referring to SafetyNet Helper Sample. I also get the same answer and apps that would previously complain about root have stopped doing it.
pegasoc said:
Hi,
I would like to understand better how to use the list in Magisk, If in this list I put a tick on an app. what does it mean?
Click to expand...
Click to collapse
It means the app will not be able to gain root access nor interact with Magisk in any way, and should not be able to detect Magisk. If you tap on the app name instead of the box you'll get the option to add its various services in the DenyList, I usually add all of them for apps that I want to put in the DenyList. You should also see some sort of progress bar above the app's name after ticking the box, it tells you how many services of that app are in the DenyList. In my case it's full for each app I ticked because I also ticked all its services.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I'm still not able to pass safetynet CTS profile, after all these steps :|
tegazinho said:
I'm still not able to pass safetynet CTS profile, after all these steps :|
Click to expand...
Click to collapse
I've been having issues with not passing CTS profile on a couple of roms even after following all tutorials, I wonder what the issue is? Arrowos and crDroid both fail but PixelOS passes (all android 12). Strange this is it doesn't seem to stop any of my banking apps from working. Did you upgrade to Miui 13 stock before unlocking bootloader? What app are you using to test safetynet? YASNAC?
SimpleStevie said:
I've been having issues with not passing CTS profile on a couple of roms even after following all tutorials, I wonder what the issue is? Arrowos and crDroid both fail but PixelOS passes (all android 12). Strange this is it doesn't seem to stop any of my banking apps from working. Did you upgrade to Miui 13 stock before unlocking bootloader? What app are you working u using to test safetynet? YASNAC?
Click to expand...
Click to collapse
No, my bootloader was unlocked back when I bought the phone with the android 11. I've had xiaomi.eu miui version though previously before getting back now to crDroid, which I tried everything in the guide plus a lot of more stuff, like matching the firmware version with the signature on props just, and nothing works.
As for the app, I tried them all, actually YASNAC is my favorite, but for the sake of following this guide I tried the OP suggested app too.
I've must have clean flashed my phone 10 times and rebooted more than 100 times today for everything I've tried. I even went back to magisk 23 to see if I got lucky, but since is not fully supported on A12 was just another miss.
EDIT: Also if PixelOS I can get the safety pass I will install it, I will trade less features for the safety passing, and anything is better than miui or miui look roms like xiaomi.eu (I really hate them).
It's super weird, I've been flashing roms on android phones for as long as I can remember and I've never had an issue that I couldn't fix up til now. I wonder if downgrading to one based on android 11 would work?
"Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList."
Thank you! That, I didn't know.
SimpleStevie said:
It's super weird, I've been flashing roms on android phones for as long as I can remember and I've never had an issue that I couldn't fix up til now. I wonder if downgrading to one based on android 11 would work?
Click to expand...
Click to collapse
Note that you may have to adjust the fingerprint of your device to make it appear like running a "legit" rom.
Ludoboii said:
All instructions that I was able to find on how to pass SafetyNet on a rooted phone with a custom ROM were for older version of Magisk, so I figured I'd write a guide on how I did it on version 24.3. I'm running LineageOS 18.1 for microG (no gapps) but hopefully it works for other ROMs too. Step 3 is probably not needed for phones using the stock ROM.
Prerequisites: POCO F3 rooted with Magisk>=24.0.
Steps:
Open Magisk and go to settings, enable both Zygisk and Enforce DenyList. Tap Configure DenyList and check all apps that need to pass SafetyNet. You should probably check all system apps by Google that are usually preinstalled in Android devices, except for com.google.android.gms. Reboot.
Install the module Universal SafetyNet Fix. Make sure you install the latest Zygisk version and not the Riru one. Reboot. Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList.
Install module MagiskHide Props Config. Reboot. Open any terminal emulator. Type "su" (without the quotes) then hit enter, give root permission if requested. Type "props" then enter, type "1" then enter, type "f" then enter, type the number for POCO (should be 22) then enter, pick the version for your model, region and Android version then enter, answer yes to all questions including when asked to reboot.
I used this app to run a test after every step:
SafetyNet Helper Sample - Apps on Google Play
Sample app to check if your device passes the Google SafetyNet CTS test
play.google.com
I got a pass on basic integrity after step 2 and a pass on CTS profile match after step 3. I added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
If some apps still complain about root try hiding the Magisk app from Magisk's settings.
Click to expand...
Click to collapse
The same problem with me, I used a MI 11 x indian veron, all apps including Banking apps working fine but Jio sim not working with error you used a rooted device. Any solution plz.
thanks. crdroid 8.5 mi 11x passed safetynet with step 1 and 2 only.
For LineageOS users, we have ih8sn. No need for Magisk/Root.
Odd. I just install magisk, activate zygisk, restart and compose my deny list. Hide magisk launcher. Clear all data for Play Services and Gpay. Restart.
Can use Gpay fine.
My banking apps work fine without Zygisk but Gpay doesn't.
On miui.eu