My device: SM-M315F (M31), Android 11, OneUI3,1
SafetyNet can detect if you have rooted your device. If you don't pass the SafetyNet check, some secure apps (e.g. Google Pay) wont work!
Here's how I got around it (starting from stock):
Install TWRP and flash Magisk (root): https://forum.xda-developers.com/t/recovery-unofficial-3-5-2-twrp-for-galaxy-m31.4260181/
Make changes with Magisk to bypass SafetyNet: https://www.droidwin.com/pass-magisk-safetynet-android-11-root/
Make sure to also do Step #5 in the second link! Without that, my device failed the ctsProfile test.
M315FXXU2ATIC (Android 10) Magisk v23 stable. Google Pay.
Enabled Magisk hide, then installed modules - Riru v26.1.3 (from repo), LSPosed v1.6.5 (from repo), Universal SafetyNet Fix v2.1.2 (Riru version), then reboot. Now Google Pay accepted the card but still reported the device was not compliant. Clearing data (not cache) of Google Pay and Google Services helped.
PS: updated to M315FXXU2BUAD (Android 11) via ODIN and HOME_CSC, flashed Magisk again - all modules remained - Google Pay works.
Related
Well, I have this Moto G5 with LineageOS 16, Magisk 19.3 and TWRP 3.2.3-2-cedric-arm64 and unlocked bootloader.
When I test SafetyNet with Magisk Manager It says to me
SafetyNet check passed
ctsProfile: false
basicIntegrity: false
I have hidden Magisk Manager and changed the device fingerprint with the MagiskHide Props Config (I chosed the Moto G5 7.0 fingerprint)
What should do I do to get them both to true?
Srry for bad english
P.S. I'm having problems with Pokémon GO, this is why I'm doing this
If you flash the magisk uninstall zip and restart the device and run a safetynet check (use a 3rd party app from playstore) does basic integrity pass?
If so try an older version of magisk or try the canary build - if basic integrity still fails and you have tested it again after a clean flash then try a different rom
TheFixItMan said:
If you flash the magisk uninstall zip and restart the device and run a safetynet check (use a 3rd party app from playstore) does basic integrity pass?
If so try an older version of magisk or try the canary build - if basic integrity still fails and you have tested it again after a clean flash then try a different rom
Click to expand...
Click to collapse
I've uninstalled Magisk and checked safety net, it still gives both false.
So I should change rom?
OnionMaster03 said:
I've uninstalled Magisk and checked safety net, it still gives both false.
So I should change rom?
Click to expand...
Click to collapse
If it doesn't pass with a clean flash then yes
OnionMaster03 said:
I've uninstalled Magisk and checked safety net, it still gives both false.
So I should change rom?
Click to expand...
Click to collapse
Los16 doesn't support safetynet on our device, you can use the magisk safetynet Modul that fixed your problem.
OnionMaster03 said:
Well, I have this Moto G5 with LineageOS 16, Magisk 19.3 and TWRP 3.2.3-2-cedric-arm64 and unlocked bootloader.
When I test SafetyNet with Magisk Manager It says to me
SafetyNet check passed
ctsProfile: false
basicIntegrity: false
I have hidden Magisk Manager and changed the device fingerprint with the MagiskHide Props Config (I chosed the Moto G5 7.0 fingerprint)
What should do I do to get them both to true?
Srry for bad english
P.S. I'm having problems with Pokémon GO, this is why I'm doing this
Click to expand...
Click to collapse
I had the same problem, the ONLY thing that worked was installing the Magisk module "SafetyNet Fix" (you can find it the "Downloads" section of Magisk). The issue with that is that it creates a conflict with the "key" so you can an error message every time you start your phone, but you can ignore/clear it.
Tiki Thorsen said:
I had the same problem, the ONLY thing that worked was installing the Magisk module "SafetyNet Fix" (you can find it the "Downloads" section of Magisk). The issue with that is that it creates a conflict with the "key" so you can an error message every time you start your phone, but you can ignore/clear it.
Click to expand...
Click to collapse
If you try copying the fingerprint key from the system build.prop into the vendor build.prop replacing the existing value it should solve that issue
Not tried it as don't own device
Tiki Thorsen said:
I had the same problem, the ONLY thing that worked was installing the Magisk module "SafetyNet Fix" (you can find it the "Downloads" section of Magisk). The issue with that is that it creates a conflict with the "key" so you can an error message every time you start your phone, but you can ignore/clear it.
Click to expand...
Click to collapse
I have the same problem. When I install SafetyPatch, the phone hangs in an bootloop.
I choose pixel 2xl fingerprint. Its working fine for me
I have a so ( SM-G980F) rooted with EFTsu, and Netflix cant work, reading in the forum I found that Magisk root have a module to solve this.
So my question is, can change the root? or can I install Magisk in my hpone if I rooted with EFTsu ?
me too i wanna
@Toryas
@detcla
Sure you can:
- All your data may be lost (backup it before proceeding)
- Install fresh firmware with Odin, but before you proceed it, patch AP file as I've stated here
- Boot device up and configure it as you're used to do
- Enter Magisk app, Settings, enable MagiskHide and reboot (waaay important step)
- After device reboots, enter Magisk app again just to make sure MagiskHide is enabled
- If you have EdXposed installed, enable 'Pass SafetyNet' setting end reboot again
- Install sefetynet-fix (safetynet-fix-v2.0.0-test2.zip) magisk module from here and reboot
- Enter Magisk app and make sure safetynet checks succeeded
- Clear Play Store app data
- You're done
How to root and pass SafetyNet on Sony Xperia 10 III (XQ-BT52)Tested on firmware 62.0.A.3.163.
Disclaimer:
This guide assumes you're familiar with the concepts of rooting, Magisk, SafetyNet, fastboot, adb and so on. I will explain why things are done but if I explained everything it would become too long.
This guide is limited to getting root and apps working on the stock Sony ROM. It doesn't cover installing other ROMs.
You can mess up your phone if you don't know what you're doing. This is not a beginner's guide.
Before you do anything else, do these preparations:
Make sure your device is updated to the latest firmware. Getting updates after you unlock the bootloader will be more complicated.
Use XperiFirm to grab a copy of your current firmware (after you've updated it). It can run on Linux too, either via Mono or in a virtual machine. It's basically just a downloader, it doesn't need any fancy hardware access.
Screenshot everything under Settings > System.
Open the dialer and enter *#*#7378423#*#*. Screenshot everything in the service submenus.
Unlock developer options (tap Settings > About > Build number 7 times) then find it under Settings > System > Advanced. Activate USB debugging. Activate OEM unlocking.
Install the Android SDK Platform Tools. On Linux they're most likely in a package provided by your distro.
Copy the screenshots to your PC because the phone will be reset at some point.
Boot into fastboot by turning the phone off, then connect it to PC via USB, and press POWER and VOLUME UP together. The phone led will turn blue. On PC run fastboot devices and make sure it lists your phone and has the serial number you got from the service menu.
Unlocking the bootloader:
This is the point of no return as far as warranty is concerned!
This will factory reset the phone! Make sure you got everything you needed off it.
Obtain the unlock code (you will need the IMEI of the 1st SIM slot).
Boot into fastboot, check again that fastboot devices lists the phone.
Issue the unlock command using the code you got earlier: fastboot oem unlock 0x<unlock code here>
Reboot the phone (you can say fastboot reboot). It will say "can't check for corruption" and "erasing" a couple of times but will eventually boot up to the factory setup.
Enabling Magisk & root:
Download the latest Magisk apk to the phone and install it. Right now that means v24+.
Open boot_X-FLASH-ALL-8A63.sin from the original firmware with any archive manager (it's a tar.xz), 7zip will work fine.
Extract boot.000, rename it to boot.img and put it on the phone.
Open the Magisk app, next to "Magisk" tap "install", choose "Select and patch a file", pick the "boot.img" file.
Download the patched img to PC (will be next to boot.img called something like magisk_patched-24100_MKPRJ.img).
Boot into fastboot, check again that fastboot devices lists the phone.
Flash the patched boot image: fastboot flash boot magisk_patched-24100_MKPRJ.img
Must say OKAY. Can then reboot the phone (you can say fastboot reboot).
Open the Magisk app again, it should say "installed" now next to "Magisk". Also the Superuser and Modules buttons should now be enabled.
Go into Magisk settings and activate "Hide the Magisk app". This is NOT MagiskHide, it does not hide Magisk from other apps, it hides the Magisk Manager app from other apps. More on this later.
Go into Magisk settings and activate Zygisk. This is a built-in replacement for Riru going forward.
Reboot!
Install a root checker app and verify that you get a prompt from Magisk to give root and that the checker says it got root.
Important changes about Magisk:
Riru is now obsolete. It has been replaced by a feature built-into Magisk called Zygisk (which is essentially Riru running in Zygote). It is strongly recommended to go into Magisk settings and activate Zygisk (even if you don't use Riru modules). Do not install Riru anymore. All modules that needed Riru should have Zygisk versions by now unless they're abandoned.
Magisk no longer maintains a module repository, To find and install modules install Fox's Magisk Module Manager. It's a dedicated module management app that supports the old Magisk repo as well as new ones. Inside Magisk you can still enable/disable/remove/install manually and can also update if the module has an update URL, so you can do without Fox if you get your modules directly from their XDA or GitHub pages.
MagiskHide has been replaced by a new feature called Deny list (it's in Magisk settings). It's much more powerful because the apps & processes added to the deny list will be completely excluded from anything based on Magisk so it's impossible for them to detect leaks anymore. On the downside, excluded apps can't be affected by any Magisk or LSPosed modules (LSPosed will grey out such apps and say "it's on the deny list".) This feature should be used sparingly (see below) because Magisk still does a good job of evading detection.
Passing SafetyNet:
Install YASNAC to check your SafetyNet status. At this point you're probably not passing either Basic or CTS check.
Go into Magisk settings. Enable "Enforce deny list". Enter "Configure deny list", find Google Services, check it, expand it, and select only the process ending in .gms and the one ending in .gms.unstable.
Reboot. Check YASNAC. At this point you should be passing Basic check but probably not CTS.
Install Universal SafetyNet Fix (aka USNF) by kdrag0n in Magisk. (Some GIS ROMs already include what this module does, so if you install a GIS ROM you may not need it.) This module hijacks the CTS verification and drops an error which causes the Google service to fall back to Basic verification, which we already fixed in the previous step.
Reboot. Check YASNAC. At this point you should be passing both Basic and CTS. That's it!
You may need to clear storage & cache for Google Play & Services. Go to Settings > Apps & notifications > See all apps, select "All apps", find them in the list, clear storage/cache and reboot. After that try searching for a restricted app such as Netflix on the Play store, if it shows up in results you're all good.
Remember to also add to deny list other apps that try to detect if you're using root, like banking apps.
Other SafetyNet related fixes:
People using non-stock GIS ROMs will probably need module MagiskHide Props Config by Didgeridoohan. This will install a props command line util that you can use (as root) to force Basic attestation, apply extra Magisk hiding techniques, spoof device fingerprint, change the way fingerprinting is checked, or even impersonate another device altogether. Install, reboot, enter adb shell, type su to go root (will need to grant root to shell on the phone when prompted), then run props and follow the options.
People running extra-stubborn banking apps (or other apps that try to detect root extra-hard) that don't work even when added to the Magisk deny list can try module Shamiko by LSPosed. This module adds extra hiding techniques for the apps on the deny list. Please note that Shamiko will disable the Magisk "enforce deny list" option but that's ok, that's an extra feature, the deny list is in effect even without it.
Working apps and modulesPlease note that this list is limited to stuff that I personally use. I can't and won't install other stuff to test it.
Root apps:
AFWall(+): Works, but configure it to use its own internal busybox and iptables. Applying rules fails occasionally and you need to retry.
Call Recorder by skvalex: Recording works out of the box, no fiddling required with either headset of mic recording.
JuiceSSH, Termux etc. and other terminal apps: No issues getting root with su.
Busybox: you can install zgfg's module which exposes Magisk's internal Busybox to the rest of the system (bonus: will be updated with Magisk); or you can install osm0sys's module which contains a standalone separate Busybox. As of now both of them provide Busybox 1.34.
MyBackup Pro: Works fine. Used it to transfer 15k+ SMS messages from Android 8.
Solid Explorer: Can access root partitions without issues.
Tasker: No issues.
Titanium Backup: Works but will hang when restoring APKs whose target API doesn't support the ROM's Android version (ie. APKs you can't install directly either).
OAndBackupX: Modern alternative to Titanium, works perfectly.
XPERI+: Version 6 works well and allows you to remap the assistant button and has another couple of features. Version 7 crashes.
Magisk modules:
AFWall Boot AntiLeak
Backup
Builtin BusyBox
Magisk Bootloop Protector
MagiskHide Props Config
Shamiko
SQLite for ARM aarch64 devices
Systemless Hosts (comes with Magisk, enable it in settings)
Universal SafetyNet Fix
Zygisk LSPosed
LSPosed modules:
App Settings Reborn: Works well. May require a couple of reboots before the targeted apps start showing the modifications.
Disable Flag Secure: com.varuns2002 is working, sort of. Please read the module's page. Apps got wise to rooted devices ignoring FLAG_SECURE so now they use hardware DRM or detect screenshots and show you something else (Netflix). So it works only in older versions of apps, or apps that haven't bothered to detect screenshots.
GravityBox [R]: Everything I tried works perfectly.
Physical Button Master Control: The module works as intended, the companion config app has some issues, hopefully they'll be solved soon.
XPrivacyLua: Works perfectly. No issues with SafetyNet.
Not working:
...
Other tested and working Root Apps:
AdAway
Fox's Magisk Module Manager
Franco Kernel Manager
Termux
Not testet yet:
Call Recorder
FolderSync
Total Commander
Vanced Manager
WireGuard
Other tested and working Magisk modules:
1Controller - 1 Module to support all Controllers
Call Recorder - SKVALEX
F-Droid Privileged Extension
Move Certificates (version by Androidacy)
Other tested and working LSPosed modules:
BubbleUPnP AudioCast
Here is an short guide on running your stock rom with microG
microG Project
Prerequisites
You need root and magisk installed
Use adb or some appcontrol app to uninstall all google parts: play, gmscore, etcetera. I use https://adbappcontrol.com/en/
1:
Download Riru magisk module: https://github.com/RikkaApps/Riru/releases (or zygisk)
Download LSPosed: https://github.com/LSPosed/LSPosed/releases (riru version)
Download Fakegapps: https://github.com/nift4/FakeGApps/releases
Download microG_Installer_Revived: https://github.com/nift4/microg_installer_revived
Copy the downloaded files to your phone
2:
Install Riru (magisk/modules install from storage), reboot
Install LSPosed (magisk/modules install from storage), reboot
Install fakegapp.apk, reboot
After reboot LSPosed will popup, enable it
Install microG_Installer_Revived (magisk/modules install from storage), reboot
Now you should have microg installed and signature spoofing enabled.
Check screenshot (S22, enyxnos)
does it works even when i can´t mount system RW?
johanstvm said:
does it works even when i can´t mount system RW?
Click to expand...
Click to collapse
Magisk modules are there to circumvent it
I don't get it to work. The microg installer's log always sais «Failure»
Failure [INSTALL_FAILED_VERSION_DOWNGRADE: Package Verification Result]
- Real Play Store not found, installing Fake Store
Failure [INSTALL_FAILED_VERSION_DOWNGRADE: Package Verification Result]
- Done
What can i do?
//Note for those who wants to know actual information. Thanks to V0latyle for pointing it out.
V0latyle said:
SafetyNet components like CTSProfile are no longer applicable, as SafetyNet has been replaced by Play Integrity. All of Google's apps such as GPay have long since switched.
More information here.
Click to expand...
Click to collapse
Recently i faced the problem where my CTS profile failed and thus Google Wallet (GPay) wasn't able to work properly.
I managed to fix this, and so decided to share my expirience to help thus in need to fix this issue aswell.
Previously i had this setup for around whole year which did work until now:
Device: oneplus 9 pro
Firmware: oos 11 11.2.10.10
Kernel: from Arter97
Magisk: Magisk Alpha 23.0 + magisk hide + module universal safetynet fix 1.1.1
Problem: Google Wallet (GPay) won't work / CTS profile failed
Now, these are steps which did help me to solve the issue:
1. Rolled back to stock kernel (boot, dtbo, vendor_boot partitions)
2. Set up Magisk Alpha 25205
Spoiler: How did you install Magisk Alpha 25205?
(there are different methods, like manual patch of stock kernel and then flasshing it via fastboot, or flashing it via TWRP (Keep in mind, that in this case you have to preinstall TWRP before installing custom kernel)
3. Activate Zygisk
4. Select in DenyList menu: Google Play Services, Google Play Store, Google Wallet (GPay) and other apps which you'd like to not find out about your modified system
5. DO NOT ENABLE Enforce DenyList option
6. Install Magisk modules: Shamiko 0.5.2 | Universal SafetyNet Fix 2.3.1 for Zygisk | MagiskHide Props Config 6.1.2
7. Using any terminal app, select newer Fingerpring thanks to MagiskHide Props Config module
Spoiler: How do i do that?
1. open any terminal app
2. type "su" (without quotes)
3. type "props"
4. now you can edit your device fingerprint)
8. Clear data of the following apps: Google Play Store, Google Services, Google Wallet (GPay)
9. Reboot
10. Now, when you open up your Google Wallet (GPay) app, it may work OR message that says that it's updating and you can't use it while the process isn't done may appear.
11. If you encounter such message, change your device language to other one and then open up Google Wallet (GPay) app again
12. Now the app should open up, it may take some time to update it's interface to the latest one
Google Wallet (GPay) now works fine and CTS profile passes succesefully.
Have a nice day
more_than_hater said:
Recently i faced the problem where my CTS profile failed and thus Google Wallet (GPay) wasn't able to work properly.
I managed to fix this, and so decided to share my expirience to help thus in need to fix this issue aswell.
Previously i had this setup for around whole year which did work until now:
Device: oneplus 9 pro
Firmware: oos 11 11.2.10.10
Kernel: from Arter97
Magisk: Magisk Alpha 23.0 + magisk hide + module universal safetynet fix 1.1.1
Problem: Google Wallet (GPay) won't work / CTS profile failed
Now, these are steps which did help me to solve the issue:
1. Rolled back to stock kernel (boot, dtbo, vendor_boot partitions)
2. Set up Magisk Alpha 25205
Spoiler: How did you install Magisk Alpha 25205?
(there are different methods, like manual patch of stock kernel and then flasshing it via fastboot, or flashing it via TWRP (Keep in mind, that in this case you have to preinstall TWRP before installing custom kernel)
3. Activate Zygisk
4. Select in DenyList menu: Google Play Services, Google Play Store, Google Wallet (GPay) and other apps which you'd like to not find out about your modified system
5. DO NOT ENABLE Enforce DenyList option
6. Install Magisk modules: Shamiko 0.5.2 | Universal SafetyNet Fix 2.3.1 for Zygisk | MagiskHide Props Config 6.1.2
7. Using any terminal app, select newer Fingerpring thanks to MagiskHide Props Config module
Spoiler: How do i do that?
1. open any terminal app
2. type "su" (without quotes)
3. type "props"
4. now you can edit your device fingerprint)
8. Clear data of the following apps: Google Play Store, Google Services, Google Wallet (GPay)
9. Reboot
10. Now, when you open up your Google Wallet (GPay) app, it may work OR message that says that it's updating and you can't use it while the process isn't done may appear.
11. If you encounter such message, change your device language to other one and then open up Google Wallet (GPay) app again
12. Now the app should open up, it may take some time to update it's interface to the latest one
Google Wallet (GPay) now works fine and CTS profile passes succesefully.
Have a nice day
Click to expand...
Click to collapse
Hello, thanks for posting but I have a question here. In step 7, in "props" I have to choose an option from Google smartphones and according to the Android I am on. Well, the module is outdated and no option appears with Android 13, which is my case. What do I do now?
Ursaotns said:
Hello, thanks for posting but I have a question here. In step 7, in "props" I have to choose an option from Google smartphones and according to the Android I am on. Well, the module is outdated and no option appears with Android 13, which is my case. What do I do now?
Click to expand...
Click to collapse
It seems that there exists an unofficial fork of this magisk module
And, as i understand, it's not that important to choose exactly the same android ver as yours, you can go up and down.
more_than_hater said:
It seems that there exists an unofficial fork of this magisk module
And, as i understands, it's not that important to choose exactly the same android ver as yours, you can go up and down.
Click to expand...
Click to collapse
Thanks. It helped a lot! I was able to resolve the issue here on my OnePlus Ace (10R) on Android 13 and OxygenOS 13. Only thing left for me to solve here is to remove youtube from the system as Wakelocks. Do you have any idea how to remove it permanently? Would you help me?
Ursaotns said:
Thanks. It helped a lot! I was able to resolve the issue here on my OnePlus Ace (10R) on Android 13 and OxygenOS 13. Only thing left for me to solve here is to remove youtube from the system as Wakelocks. Do you have any idea how to remove it permanently? Would you help me?
Click to expand...
Click to collapse
How to Stop Wakelocks from Any Android App Without Root
Have you ever wondered why your Android phone eats your battery life so fast when the screen is off? Wakelocks! Here's a tutorial on how to stop wakelocks!
www.xda-developers.com
SafetyNet components like CTSProfile are no longer applicable, as SafetyNet has been replaced by Play Integrity. All of Google's apps such as GPay have long since switched.
More information here.
I recently faced similar issue, but with newest version of Company portal (Intune) app as I have a work profile.
After updating the app it started detecting I am rooted maybe due to the mentioned change.
I already had configured the zygisk, deny list and safety net fix.
I found 2 ways to fix it.
1 As a workaround to download grade the app with previous version.
2. I just installed latest shamiko and disable enforcement of the deny list. I didn't used the MagiskHide Props Config. Basically all the steps mentioned above, but without MagiskHide Props Config. For now all is fine. I didn't had issues with gpay so far.
I am on Oneplus 9Pro OOS 13 F.72