Develop Bugs

Problem with Rooted Stock Rom with AirWatch

My company is now enforcing and managing BYOD with AirWatch. I'm trying to enrol my Magisk-rooted Pixel 2 XL. I've searched around XDA and other sites and I was able to enrol the phone when I use Magisk Hide to hide from the AirWatch agent, aka now the Intelligent Hub. It creates a Work profile and installed several work related apps. The only other app aside from Intelligent Hub I've tested so far is Boxer and it works for the few minutes during my test.
When I say Boxer works for a few minutes, that is because next I attempted to open Workspace One. As it loads, I'm guessing it checks other details about the phone, then it would popup a message saying Work apps and profile removing because the device is "compromised" and uninstall the work apps and Word profile.
I would like to use Magisk Hide and hide from Workspace One app, but Magisk Hide doesn't even list that and other apps in the Work profile. An admin at work checked the AirWatch server and it shows the device compromised detection with the status "Malicious file found - Check files in system or exec folder".
So my question is, outside of troubleshooting step by step from wiping phone and setting up each thing from scratch, anyone else have an insight on what else I can check?
FYI, these are the following setup I have on my phone
- Pixel 2 XL
- Rooted with latest version of Magisk and Manager
- Latest Pie 9.0 Aug 2019 Update
- Magisk Modules Installs: Busybox, Viper4Android
- Apps with Root Access: AdAway, BetterBatteryStats, Franco Kernel Manager, Material Terminal, Titanium Backup

s0l1dsn8k3 said:
My company is now enforcing and managing BYOD with AirWatch. I'm trying to enrol my Magisk-rooted Pixel 2 XL. I've searched around XDA and other sites and I was able to enrol the phone when I use Magisk Hide to hide from the AirWatch agent, aka now the Intelligent Hub. It creates a Work profile and installed several work related apps. The only other app aside from Intelligent Hub I've tested so far is Boxer and it works for the few minutes during my test.
When I say Boxer works for a few minutes, that is because next I attempted to open Workspace One. As it loads, I'm guessing it checks other details about the phone, then it would popup a message saying Work apps and profile removing because the device is "compromised" and uninstall the work apps and Word profile.
I would like to use Magisk Hide and hide from Workspace One app, but Magisk Hide doesn't even list that and other apps in the Work profile. An admin at work checked the AirWatch server and it shows the device compromised detection with the status "Malicious file found - Check files in system or exec folder".
So my question is, outside of troubleshooting step by step from wiping phone and setting up each thing from scratch, anyone else have an insight on what else I can check?
FYI, these are the following setup I have on my phone
- Pixel 2 XL
- Rooted with latest version of Magisk and Manager
- Latest Pie 9.0 Aug 2019 Update
- Magisk Modules Installs: Busybox, Viper4Android
- Apps with Root Access: AdAway, BetterBatteryStats, Franco Kernel Manager, Material Terminal, Titanium Backup
Click to expand...
Click to collapse
The following works but I am not sure if all the steps are crucial and which ones may be superfluous. Those instructions in (parentheses) may be not necessary).
I am not a programmer (Basic on a C-64 doesn't count, I take it), don't know anything about computer architectures etc., just able to follow instructions and wrap my mind around them to tweak my devices.
The main part is to "Hide Magisk Manager" after Boxer is installed (but before it is opened/setup) as that also creates another Magisk app (instance?) with the new name for the work profile where Boxer etc. show up and can be hidden with Magisk Hide.
The other (first) part is to hide anything that would alert and conflict with Hub before or during setting up the work profile - I pretty much hid everything under Magisk Hide...
I don't know BYOD nor Workspace One, so the solution below may not work.
- uninstall Hub (that's the only app remaining after the auto-uninstall, right?)
- if Magisk Manager is already hidden: go to Settings\Restore Magisk Manager "with original package and app names" - that seems to be important, as hiding it later and with another name will then also create a Work Profile where one can see and click and hide the work profile apps such as Boxer (not sure if it works the other way around, i.e. starting off hidden with a different name and then later restoring to original will create a Magisk work profile)
- Magisk Hide: click almost every system app, not just the Google ones, but almost everything, camera, calendar, contacts etc. and your phone maker's versions as well (not sure what is necessary, but only Google system apps didn't seem to do it...), also all root and SU related apps like BusyBox etc. (not sure what Hub looks for)
(- System\Apps > clear storage data for Google Play Store and other Play Apps, also make sure Hub is really uninstalled. If not or having problems at least clear data storage as well)
- reboot (can also go into TWRP and wipe cache/Dalvik, not sure if necessary)
- install Hub, don't open it
- open Magisk, go to Magisk Hide: click Hub
(- close Magisk)
(- reboot)
- open Hub, let setup run its course creating the work profile
- if there are conflicts showing in Hub (and/or on your employer's MDM website for your device), e.g. root certificate not installed, don't install any apps yet such as Boxer etc. and reboot instead
- Are those conflicts resolved after reboot?
- install Boxer and other apps (trough Hub itself, MDM website push (or Google Play)) but don't open/start them
(- reboot)
- open Magisk, go to Settings\Hide Magisk Manager and click on it, pick a name and confirm: this will then change the name of Magisk AND create a another Magisk app (with the new name) for the work profile.
- open that new Magisk work profile and go to Magisk Hide: click Boxer (and other apps controlled by Hub); Hub itself and everything already hidden in the private (= non-work) profile Magisk app should show up here as already hidden. Double and triple check.
(- reboot)
- open Boxer and start set-up
That's it. Stable, even after another reboot.

Did this solution work for you @s0l1dsn8k3?

I am in a similar boat. @s0l1dsn8k3 please let me know if you found an alternate solution.

I am in a similar boat. @s0l1dsn8k3 please let me know if you found an alternate solution.

Question Magisk-safety net verification error / Google pay

I can't use a credit card via google pay. Google pay writes that I have a root device even though it is marked in magisk in exceptions.
Magisk show - safety net verification error.
Please help.
Thanks

jkmaxfli said:
I can't use a credit card via google pay. Google pay writes that I have a root device even though it is marked in magisk in exceptions.
Magisk show - safety net verification error.
Okrasné help.
Thanks
Click to expand...
Click to collapse
You have to hide it fully in magisk. And then reboot

Are you using stock rom? Or any other custom rom? If you can't pass safetynet, Magisk hide doesn't "hide", so we have to locate the error.

I using Stock Rom.
Fully hide, reboot And nothing change.

Flash magisk module and you will be ok
https://github.com/kdrag0n/safetynet-fix/releases/download/v1.1.1/safetynet-fix-v1.1.1.zip

In Google Play:
Certification play protect - the device is not certified.
what should I do with it now

hexisg said:
Flash magisk module and you will be ok
https://github.com/kdrag0n/safetynet-fix/releases/download/v1.1.1/safetynet-fix-v1.1.1.zip
Click to expand...
Click to collapse
Thanks ill try it

after flashing the module test your safetunet status.
after clear data of Goole Play Store , google Services and google Pay.And you should be good to use Google Pay.

Safety net is successful, Google play is also successful, but the payment card cannot be added - error:
request failed - transaction could not be performed. When adding a credit card.
Edit:
...the current credit card cannot be removed, it is said to be associated with some one payment method. I wanted to try removing it completely and signing in again. :-(

jkmaxfli said:
Safety net is successful, Google play is also successful, but the payment card cannot be added - error:
request failed - transaction could not be performed. When adding a credit card.
Edit:
...the current credit card cannot be removed, it is said to be associated with some one payment method. I wanted to try removing it completely and signing in again. :-(
Click to expand...
Click to collapse
Try deleting all data a of Google Play Services and Google Pay app, restart the phone, and try if you u can do it now

I tried that, unfortunately no change.

Try this:
Working: Magisk with Google Pay as of gms 17.1.22 on Pie
Ok. I tried this and it worked on gms 17.1.22, allowing one to add cards and pay in store. Warning YMMV, but this is the process I did to get this working. One caveat is that I suspect users will have to reverse some step if gms is updated and...
forum.xda-developers.com
Release GPay SQLite Fix v2.4 · stylemessiah/GPay-SQLite-Fix
Changes to service.sh: -Fixed broken/mangled pipes that left the log file blank - dont ask me why If you need logging (only useful if youre having an issue and want to troubleshoot) you can choose ...
github.com

UnderscoreKer said:
Try this:
Working: Magisk with Google Pay as of gms 17.1.22 on Pie
Ok. I tried this and it worked on gms 17.1.22, allowing one to add cards and pay in store. Warning YMMV, but this is the process I did to get this working. One caveat is that I suspect users will have to reverse some step if gms is updated and...
forum.xda-developers.com
Release GPay SQLite Fix v2.4 · stylemessiah/GPay-SQLite-Fix
Changes to service.sh: -Fixed broken/mangled pipes that left the log file blank - dont ask me why If you need logging (only useful if youre having an issue and want to troubleshoot) you can choose ...
github.com
Click to expand...
Click to collapse
Dont work :-(
So for now, to sum it up:
magisk safety net is pass-ok.
In magisk I have two fix modules (screenshots) and google pay adding a credit card still not working. Still error OR-TAPSH-08.
I also read on the net that it helped someone wait 1 day and then the payment card went to add.
Next:
when I run clean and select the security check, it turns out to me that there is a problem in the payment environment.(screenshots)

jkmaxfli said:
Dont work :-(
So for now, to sum it up:
magisk safety net is pass-ok.
In magisk I have two fix modules (screenshots) and google pay adding a credit card still not working. Still error OR-TAPSH-08.
I also read on the net that it helped someone wait 1 day and then the payment card went to add.
Next:
when I run clean and select the security check, it turns out to me that there is a problem in the payment environment.(screenshots)
Click to expand...
Click to collapse
Not trying to be mean or anything but, have you enabled magisk hide?
Uninstall universal safety net fix first and restart.
IMPORTANT: Make sure that you are running the latest version of magisk.
Make sure hide is on and you have selected all core Google services and gpay.
Then install magiskhide props config and restart.
Install an command terminal from the play store and type "props". You may have to enter "su" first.
Type "1" then “f”
Then follow the steps to select your phone model.
Then apply the fingerprint and restart.
If you cannot find your phone model, then ignore this step.
Go into magisk settings and click on the option to hide the magisk app. The app should reinstall itself under the "settings" name.
Restart again.
Then, turn data and WiFi off, go into settings and clear the storage/data of all Google apps and especially Google play services. Then just reflash the gpay fix (DON'T RESTART). Turn connection back on and try to add your cards as well as any nfc setup for those cards.
Then restart your phone.
Then go into Google play store, and into settings, and ensure that the device is certified.
This allowed me to get gpay working, however, I'm running a custom rom though.
You may want to carry your cards physically in case the phone doesn't work for the first month or so.

Hello.
I have a magisk hide.
For the item google services framework, if I check, after leaving and re-entering the already checked google services framework is not, the check mark does not hold.(screenshot)

jkmaxfli said:
Hello.
I have a magisk hide.
For the item google services framework, if I check, after leaving and re-entering the already checked google services framework is not, the check mark does not hold.(screenshots)
Click to expand...
Click to collapse
Hi, sorry, I had to edit my reply several times.
Just enable them all just in case. For the 2nd screenshot, enable the hide thing. I have it enabled so the option says to restore it.

For the services framework bugthing, ignore it. The gpay fix was the one that added it. Just expand it and ensure its on

I'll try it all, thank you. I'll get back to you today

I'm tangled in it, you wrote a lot. Please send me one more steps 1 to ..... Thank you very much

!!!!!!!!!!!!!!!!!!!!!!!!! Dude, you're really a giant, it all works !!!!!!!!!!!!!!!!!!!!!!!
Safety net in magisk PASS.
Google play store - device is certified.
Credit card added successfully.
Tomorrow I will try payment using a mobile phone and NFC and see if it is fully functional.
I'll let you know tomorrow if the payments are working.
BIG BIG thanks

Question Change Device INFO everything to make it FRESH

Hello can u help me.
I am currently using POCO F3, there is an APP called SHOPEE PH. and i am banned in using that app.
i want to use the app again without Reset / install new custom rom.
i tried using apps like device changer, etc that mask device info but i am still banned. is there a way to mask the device info that will look like a new fresh one.
what modules in LPosed should i check for it to work on shopee. i already did some research

I suppose it is not device banned but root prevention. You use magisk and you should in the newest version :
- hide magisk by renaming it
- activate zygisk
- activate enforce denylist
- add your app to denylist
- install universal safety net fix
- install hidepropsconf , restart and set correct fingerprint in termux
- remove cache and data of your app (and for playstore and google play services)
- restart smartfon
You should have playstore certified and your app working.

Tomek0000 said:
I suppose it is not device banned but root prevention. You use magisk and you should in the newest version :
- hide magisk by renaming it
- activate zygisk
- activate enforce denylist
- add your app to denylist
- install universal safety net fix
- install hidepropsconf , restart and set correct fingerprint in termux
- remove cache and data of your app (and for playstore and google play services)
- restart smartfon
You should have playstore certified and your app working.
Click to expand...
Click to collapse
it is really device banned https://prnt.sc/vl8iY8qU8WwT

Try using any android device ID change app, probably will work as long as you have root permission

Question Security message when running an app

Hello
I installed the Marriott app this morning, and when I go to run it, i get that security message along the bottom third of the screen, and the app shuts down.
What is causing that?

It is detecting root/magisk.
Add Marriott to Zygisk hide list, then clear Marriott storage&cache, force close and reopen.
I downloaded the app and installed it to test. If you don't clear the app cache (and only force close and reopen) it will not work. You must clear that before opening again

Thank you App
I followed your instructions, but I still get that message.
Should I have rebooted after adding to the list??

nabril15 said:
Thank you App
I followed your instructions, but I still get that message.
Should I have rebooted after adding to the list??
Click to expand...
Click to collapse
No. That's not necessary. The following 3 steps is all you need

I cleared storage, force closed, and run it.
I get that initial welcome screen of the app, and before I can press on the SIGN IN button, it closes forcefully.
This happens no matter how many times I repeat the steps.

nabril15 said:
I cleared storage, force closed, and run it.
I get that initial welcome screen of the app, and before I can press on the SIGN IN button, it closes forcefully.
This happens no matter how many times I repeat the steps.
Click to expand...
Click to collapse
What magisk version and modules are you using?
Also, what Android/oos version are you using?
Do you have device certification in play store? Or what's your YASNAC result?

nabril15 said:
I cleared storage, force closed, and run it.
I get that initial welcome screen of the app, and before I can press on the SIGN IN button, it closes forcefully.
This happens no matter how many times I repeat the steps.
Click to expand...
Click to collapse
After some more poking around, that app detects everything. I attempted to monitor the https traffic to see what contacts are made at app-boot. It detects that I'm monitoring traffic. I attempted to use frida to bypass the ssl pinning so I can monitor traffic. It detects that I'm using frida. All of those cause a close condition.
This could mean, if it detects anything abnormal, you're gonna get force closed. The whole toast not showing up is annoying. You might be able to adjust your font/text size for the system in Accessibility, to see the full text.
If you have busybox or anything else you can think of that might be detected, try disabling them or any questionable modules like lsposed, restart, then see if you can open the app.
I looked inside the app and don't see some of the stuff as strings, and existing strings are already using some reflected values in another index. It appears to use some kind of library that is checking for root, certification, ssl certificate pins, frida, probably xposed and so on. Then retrieving the response from an api.
My thought was to repackage the apk without root checks for you but if they're doing that much for security, there's almost no chance I will be able to launch the app with self signing for the apk.
Having the full toast response would be helpful here

Wow App.. How detailed, you are.
Here are my modules plus Universal Safetynet fix. I'm running a13 f.17 build.
I'm not sure how to proceed. I installed it on my wife's phone and used it..

Here's a reddit thread with someone else fighting with the Marriott Bonvoy app.
old.reddit.com/r/Magisk/comments/yf8gyu/help_hotel_app_detecting_root/
Its quite ridiculous that a Hotel app is so restrictive and difficult.
I just (briefly) tried running the app inside Island, but still got the toast nags / close.
Interestingly I get one of two nags "you're on an unsecure network" or "we've detected magisk, etc)

I wish that I had twrp to blame, but I don't have it installed.

Hey there,
I did some looking at older versions of the app (apkpure has them). On my phone (Android 9, Magisk 23) the last version that will run (using MagiskHide with all the 3 boxes ticked for the marriott app), is 10.4.0.
Marriott Bonvoy™ 10.4.0 (Android 9.0+) APK Download by Marriott International - APKMirror
Marriott Bonvoy™ 10.4.0 (Android 9.0+) APK Download by Marriott International - APKMirror Free and safe Android APK downloads
www.apkmirror.com
Version 10.5.0 starts giving me nags.
(Sometimes it is just easier to use an older version of an app, than fighting to get the very latest to work!)

Mine is 10.13.1. not sure what got updated. I usually don't want to get stuck with old version, so I'll just use the website to make reservation and redemption. Yikes

I heard Magisk Delta by HuskyG could hide it from detection. Has anyone been brave enough to try? Well, I tried and it didn't work. I tried the whitelist mode by leaving Marriott out of the SuList and many other banking apps too. But it still detects root. Marriott app version 10.13.1. Older version say 10.12.0 and below should survive.

MicroG Lineage 20 - Anyone managed to get SafetyNet passing ?

Hi,
I installed microG Lineage 20 on my Moto G 5G Plus. Everything works fine except that one (banking) app that complains that "Google Play Services are not Installed".
I assume that means SafetyNet?
I tried to get it to work using the path depicted here: https://forum.xda-developers.com/t/safetynet-on-lineageos-20-microg.4558065/, but no luck on this phone.
Is there anyway to get safety net to pass, ideally without rooting the phone/using magisk?
EDIT: there's a switch in the microG settings "Allow Device Attestation" but it's greyed out ...
Best,
N

Ok, first of all, you have to enable "Device Registration" in the microG settings. Didn't know that.
That way, I got to the point where I can check for device attestation, and get the notorious "CTS Profile Doesn't Match" error.
I've tried using Magisk and Zygisk, and the Univesal SafetyNet fix, but to no avail, still not passing.
EDIT: tried the modded universal safety net fix by displax, not the check says "integrity check failed" ... not sure whether I sould count that as progress or not

Hi,
I had the same problem, but I found the solution and now I successfully pass safetynet with LOS 20 microG.
You have to do 3 steps:
Enable zygisk in Magisk and configure denylist to hide root from 'microG Services Core'
Enable 'Device Registration' and 'Google SafetyNet' at microG settings
Install Magisk module MagiskHidePropsConf, reboot, then configure it in any Terminal Emulator as follows:
su (start root shell)
props (run props command line tool)
1 (edit device fingerprint)
f (choose from the list)
select any fingerprint you like, then proceed and reboot
This third step solves CTS profile mismatch error by changing the device's fingerprint to one trusted by Google.
It should work.
Edit: I did not use any 'Universal SafetyNet fix' module.

Hmm ok, I have read about it but never tried, as the page states is a deprecated project ... That'd probably mean I'd have to install an older version of Magisk, right ?

Hmm... I haven't noticed yet. Good to know.
It's working fine for me with the latest Magisk version.