How to root and pass SafetyNet on Sony Xperia 10 III (XQ-BT52)​Tested on firmware 62.0.A.3.163.
Disclaimer:
This guide assumes you're familiar with the concepts of rooting, Magisk, SafetyNet, fastboot, adb and so on. I will explain why things are done but if I explained everything it would become too long.
This guide is limited to getting root and apps working on the stock Sony ROM. It doesn't cover installing other ROMs.
You can mess up your phone if you don't know what you're doing. This is not a beginner's guide.
Before you do anything else, do these preparations:
Make sure your device is updated to the latest firmware. Getting updates after you unlock the bootloader will be more complicated.
Use XperiFirm to grab a copy of your current firmware (after you've updated it). It can run on Linux too, either via Mono or in a virtual machine. It's basically just a downloader, it doesn't need any fancy hardware access.
Screenshot everything under Settings > System.
Open the dialer and enter *#*#7378423#*#*. Screenshot everything in the service submenus.
Unlock developer options (tap Settings > About > Build number 7 times) then find it under Settings > System > Advanced. Activate USB debugging. Activate OEM unlocking.
Install the Android SDK Platform Tools. On Linux they're most likely in a package provided by your distro.
Copy the screenshots to your PC because the phone will be reset at some point.
Boot into fastboot by turning the phone off, then connect it to PC via USB, and press POWER and VOLUME UP together. The phone led will turn blue. On PC run fastboot devices and make sure it lists your phone and has the serial number you got from the service menu.
Unlocking the bootloader:
This is the point of no return as far as warranty is concerned!
This will factory reset the phone! Make sure you got everything you needed off it.
Obtain the unlock code (you will need the IMEI of the 1st SIM slot).
Boot into fastboot, check again that fastboot devices lists the phone.
Issue the unlock command using the code you got earlier: fastboot oem unlock 0x<unlock code here>
Reboot the phone (you can say fastboot reboot). It will say "can't check for corruption" and "erasing" a couple of times but will eventually boot up to the factory setup.
Enabling Magisk & root:
Download the latest Magisk apk to the phone and install it. Right now that means v24+.
Open boot_X-FLASH-ALL-8A63.sin from the original firmware with any archive manager (it's a tar.xz), 7zip will work fine.
Extract boot.000, rename it to boot.img and put it on the phone.
Open the Magisk app, next to "Magisk" tap "install", choose "Select and patch a file", pick the "boot.img" file.
Download the patched img to PC (will be next to boot.img called something like magisk_patched-24100_MKPRJ.img).
Boot into fastboot, check again that fastboot devices lists the phone.
Flash the patched boot image: fastboot flash boot magisk_patched-24100_MKPRJ.img
Must say OKAY. Can then reboot the phone (you can say fastboot reboot).
Open the Magisk app again, it should say "installed" now next to "Magisk". Also the Superuser and Modules buttons should now be enabled.
Go into Magisk settings and activate "Hide the Magisk app". This is NOT MagiskHide, it does not hide Magisk from other apps, it hides the Magisk Manager app from other apps. More on this later.
Go into Magisk settings and activate Zygisk. This is a built-in replacement for Riru going forward.
Reboot!
Install a root checker app and verify that you get a prompt from Magisk to give root and that the checker says it got root.
Important changes about Magisk:
Riru is now obsolete. It has been replaced by a feature built-into Magisk called Zygisk (which is essentially Riru running in Zygote). It is strongly recommended to go into Magisk settings and activate Zygisk (even if you don't use Riru modules). Do not install Riru anymore. All modules that needed Riru should have Zygisk versions by now unless they're abandoned.
Magisk no longer maintains a module repository, To find and install modules install Fox's Magisk Module Manager. It's a dedicated module management app that supports the old Magisk repo as well as new ones. Inside Magisk you can still enable/disable/remove/install manually and can also update if the module has an update URL, so you can do without Fox if you get your modules directly from their XDA or GitHub pages.
MagiskHide has been replaced by a new feature called Deny list (it's in Magisk settings). It's much more powerful because the apps & processes added to the deny list will be completely excluded from anything based on Magisk so it's impossible for them to detect leaks anymore. On the downside, excluded apps can't be affected by any Magisk or LSPosed modules (LSPosed will grey out such apps and say "it's on the deny list".) This feature should be used sparingly (see below) because Magisk still does a good job of evading detection.
Passing SafetyNet:
Install YASNAC to check your SafetyNet status. At this point you're probably not passing either Basic or CTS check.
Go into Magisk settings. Enable "Enforce deny list". Enter "Configure deny list", find Google Services, check it, expand it, and select only the process ending in .gms and the one ending in .gms.unstable.
Reboot. Check YASNAC. At this point you should be passing Basic check but probably not CTS.
Install Universal SafetyNet Fix (aka USNF) by kdrag0n in Magisk. (Some GIS ROMs already include what this module does, so if you install a GIS ROM you may not need it.) This module hijacks the CTS verification and drops an error which causes the Google service to fall back to Basic verification, which we already fixed in the previous step.
Reboot. Check YASNAC. At this point you should be passing both Basic and CTS. That's it!
You may need to clear storage & cache for Google Play & Services. Go to Settings > Apps & notifications > See all apps, select "All apps", find them in the list, clear storage/cache and reboot. After that try searching for a restricted app such as Netflix on the Play store, if it shows up in results you're all good.
Remember to also add to deny list other apps that try to detect if you're using root, like banking apps.
Other SafetyNet related fixes:
People using non-stock GIS ROMs will probably need module MagiskHide Props Config by Didgeridoohan. This will install a props command line util that you can use (as root) to force Basic attestation, apply extra Magisk hiding techniques, spoof device fingerprint, change the way fingerprinting is checked, or even impersonate another device altogether. Install, reboot, enter adb shell, type su to go root (will need to grant root to shell on the phone when prompted), then run props and follow the options.
People running extra-stubborn banking apps (or other apps that try to detect root extra-hard) that don't work even when added to the Magisk deny list can try module Shamiko by LSPosed. This module adds extra hiding techniques for the apps on the deny list. Please note that Shamiko will disable the Magisk "enforce deny list" option but that's ok, that's an extra feature, the deny list is in effect even without it.
Working apps and modules​Please note that this list is limited to stuff that I personally use. I can't and won't install other stuff to test it.
Root apps:
AFWall(+): Works, but configure it to use its own internal busybox and iptables. Applying rules fails occasionally and you need to retry.
Call Recorder by skvalex: Recording works out of the box, no fiddling required with either headset of mic recording.
JuiceSSH, Termux etc. and other terminal apps: No issues getting root with su.
Busybox: you can install zgfg's module which exposes Magisk's internal Busybox to the rest of the system (bonus: will be updated with Magisk); or you can install osm0sys's module which contains a standalone separate Busybox. As of now both of them provide Busybox 1.34.
MyBackup Pro: Works fine. Used it to transfer 15k+ SMS messages from Android 8.
Solid Explorer: Can access root partitions without issues.
Tasker: No issues.
Titanium Backup: Works but will hang when restoring APKs whose target API doesn't support the ROM's Android version (ie. APKs you can't install directly either).
OAndBackupX: Modern alternative to Titanium, works perfectly.
XPERI+: Version 6 works well and allows you to remap the assistant button and has another couple of features. Version 7 crashes.
Magisk modules:
AFWall Boot AntiLeak
Backup
Builtin BusyBox
Magisk Bootloop Protector
MagiskHide Props Config
Shamiko
SQLite for ARM aarch64 devices
Systemless Hosts (comes with Magisk, enable it in settings)
Universal SafetyNet Fix
Zygisk LSPosed
LSPosed modules:
App Settings Reborn: Works well. May require a couple of reboots before the targeted apps start showing the modifications.
Disable Flag Secure: com.varuns2002 is working, sort of. Please read the module's page. Apps got wise to rooted devices ignoring FLAG_SECURE so now they use hardware DRM or detect screenshots and show you something else (Netflix). So it works only in older versions of apps, or apps that haven't bothered to detect screenshots.
GravityBox [R]: Everything I tried works perfectly.
Physical Button Master Control: The module works as intended, the companion config app has some issues, hopefully they'll be solved soon.
XPrivacyLua: Works perfectly. No issues with SafetyNet.
Not working:
...
Other tested and working Root Apps:
AdAway
Fox's Magisk Module Manager
Franco Kernel Manager
Termux
Not testet yet:
Call Recorder
FolderSync
Total Commander
Vanced Manager
WireGuard
Other tested and working Magisk modules:
1Controller - 1 Module to support all Controllers
Call Recorder - SKVALEX
F-Droid Privileged Extension
Move Certificates (version by Androidacy)
Other tested and working LSPosed modules:
BubbleUPnP AudioCast
Related
It's been a while since I last rooted my 7t. Current oos 10.3.6. Magisk manager v8.0.3. Magisk was 20.4 I think.
So fetch rewards app detected root. I went to add the app to the magisk hide, cleared fetch rewards storage and still root was detected. Tried to run the rename option in the magisk settings but it appears to hang during the process. Phone screen timed out and when I get back into it, the hide magisk manager status pop up was still there. Rebooted the phone, went back to magisk manager. While magisk manager shows it's still installed, magisk is not. Safety net checks still passed.
To reinstall magisk, I need to get the patched oos image, correct?
Thanks
Hi
Think from the magisk manager app you would just install to inactive slot and reboot?
Refer to the Magisk root for 7T thread for patched boot image and instructions.
When I installed a root checker, it showed that I'm still rooted.
All this started when I used the Magisk function to repackage magisk's file name in an attempt to hide it from Fetch Rewards.
noodlenoggan said:
When I installed a root checker, it showed that I'm still rooted.
All this started when I used the Magisk function to repackage magisk's file name in an attempt to hide it from Fetch Rewards.
Click to expand...
Click to collapse
Ok I don't know what I'm missing but I can't seem to find that fetch rewards app in my play store to install and test at my end. Second, Magisk isn't installed according to you manager screenshot... So I'm at a loss. But their are threads better able to assist your efforts to have Magisk root up and running first cause I not knowledgeable enough to state why your root check detects root yet the manager does not indicate root installed.
But I'll hopefully be of more help and provide you this:
https://forum.xda-developers.com/oneplus-7t/how-to/guide-how-to-root-oneplus-7t-twrp-t3979307
So I'll copy and paste from the link above:
HOW TO UPDATE a ROM and KEEP ROOT:
Before all Disable all magisk modules
Be sure to use Canary Magisk Manager and Canary Magisk (debug)
You can update a stock rom from phone settings with local upgrade:
- Update the Rom WITHOUT REBOOT;
- Open Magisk Manager;
- In Magisk Manager, click on Install/Install/Direct Install;
- Again in Magisk Manager, click on Install/Install/Inactive Slot;
- Reboot.
So from thier I'd assume you need only the following:
- Open Magisk Manager;
- In Magisk Manager, click on Install/Install/Direct Install;
- Again in Magisk Manager, click on Install/Install/Inactive Slot;
But I am unsure so please verify b4 attempting.
Or may be someone else can confirm here?
Good luck and please consider letting me know how you made out. Thanks
I jumped on the xda magisk support forum and was able to sort out the whole mess I was in.
The android app is called Fetch - Receipts Scanner by Fetch Rewards. It's in Google store.
Hopefully for anyone else that is in the same situation will find their solution as I did below.
What I learned from the Magisk forum and closer examination of my phone were:
- Magisk and Magisk Manager are two separate components. Magisk handles the root and Magisk Manager handles additional root related features. Magisk Manager is not required to have a rooted phone continued to be rooted. I was not aware of this.
- When the repackaging routine was started, Magisk Manager did indeed repackaged and installed itself. There was not indication that the process completed successfully as the spinning progress icon did not stop. I had renamed it MagMan as part of the repackaging routing and was expecting the original icon Magisk icon to show for MagMan. Sorry, I had not read the Magisk Manager instructions and simply made a lot of assumptions of the repackaged process. What happened was that I assumed Magisk Manager would just switch over the new name as part of the repackaging routine. Also I didn't pay close enough attention that the new repackaged app, MagMan, which was literally next to Magisk Manager mainly because it had a generic Android icon instead of the Magisk Manager icon and was overlooked. This whole entire time, I was focusing on the original Magisk Manager app and icon but all of the functionality of Magisk Manager now resided in MagMan. I've uninstalled the original Magisk Manager app and now use the repackaged version.
The Fetch Rewards app was added to the Magisk Hide section via MagMan and it's now working properly.
Thanks for following up.
noodlenoggan said:
Thanks
Click to expand...
Click to collapse
Sweet - glad you have success. Enjoy
I just did more or less the same thing... Hid Magisk manager... Forgot... Flashed full update no prob... Installed new Magisk Manager (along with the previously hidden install of Magisk manager).
Then finally figured out to uninstall the hidden Magisk manager... Then, Magisk manager and was able to install Magisk Root. All good now lol. Glad your up and running.
This worked for me yesterday, but make sure to reboot the phone after doing the "hide magisk" option in Magisk Manager settings. The name also does not have to be "MagMan" it can be anything of your choice.
I also noticed that the proxy app (with blank icon) might not open but if it fails to open just force close it and try again, that seemed to make it open for me.
noodlenoggan said:
I jumped on the xda magisk support forum and was able to sort out the whole mess I was in.
The android app is called Fetch - Receipts Scanner by Fetch Rewards. It's in Google store.
Hopefully for anyone else that is in the same situation will find their solution as I did below.
What I learned from the Magisk forum and closer examination of my phone were:
- Magisk and Magisk Manager are two separate components. Magisk handles the root and Magisk Manager handles additional root related features. Magisk Manager is not required to have a rooted phone continued to be rooted. I was not aware of this.
- When the repackaging routine was started, Magisk Manager did indeed repackaged and installed itself. There was not indication that the process completed successfully as the spinning progress icon did not stop. I had renamed it MagMan as part of the repackaging routing and was expecting the original icon Magisk icon to show for MagMan. Sorry, I had not read the Magisk Manager instructions and simply made a lot of assumptions of the repackaged process. What happened was that I assumed Magisk Manager would just switch over the new name as part of the repackaging routine. Also I didn't pay close enough attention that the new repackaged app, MagMan, which was literally next to Magisk Manager mainly because it had a generic Android icon instead of the Magisk Manager icon and was overlooked. This whole entire time, I was focusing on the original Magisk Manager app and icon but all of the functionality of Magisk Manager now resided in MagMan. I've uninstalled the original Magisk Manager app and now use the repackaged version.
The Fetch Rewards app was added to the Magisk Hide section via MagMan and it's now working properly.
Thanks for following up.
Click to expand...
Click to collapse
This worked for me yesterday on Android 9 (OP5T), but make sure to reboot the phone after doing the "hide magisk" option in Magisk Manager settings. The name of the proxy app also does not have to be "MagMan" it can be anything of your choice.
I also noticed that sometimes the proxy app didn't open and if this occurred I just force closed it and then it seemed to work. Anyways good luck hope it works for someone else
I have a so ( SM-G980F) rooted with EFTsu, and Netflix cant work, reading in the forum I found that Magisk root have a module to solve this.
So my question is, can change the root? or can I install Magisk in my hpone if I rooted with EFTsu ?
me too i wanna
@Toryas
@detcla
Sure you can:
- All your data may be lost (backup it before proceeding)
- Install fresh firmware with Odin, but before you proceed it, patch AP file as I've stated here
- Boot device up and configure it as you're used to do
- Enter Magisk app, Settings, enable MagiskHide and reboot (waaay important step)
- After device reboots, enter Magisk app again just to make sure MagiskHide is enabled
- If you have EdXposed installed, enable 'Pass SafetyNet' setting end reboot again
- Install sefetynet-fix (safetynet-fix-v2.0.0-test2.zip) magisk module from here and reboot
- Enter Magisk app and make sure safetynet checks succeeded
- Clear Play Store app data
- You're done
I have installed Lineage 18.1 GSI and trying to install gapps. I have rooted and using franko to flash opengapps pico and get an error 70 that there is not enough space on /system. What is the way to get this done? Thanks in advance!
I would like to know that as well.
Tried to flash via stock recovery but that aborted because signature verification failed.
Apps like Flashify, Flash Gordon, Flashfire or Rashr didn't work either.
With MagiskGapps-basic-module from wacko1805 the playservice framework always crashed.
I think the easiest and best way would be to flash opengapps via TWRP.
@ada12 seems to have a TWRP build that still has some bugs, but can be used to flash unsigned zip files.
Maybe he can share this with us.
I feel like this should not be a collasal effort, but it has become one. I have spent the whole day trying to figure it out. I want to use Lineage OS 18.1 with gapps from Andyyan, not any other rom.
psychofaktory said:
I think the easiest and best way would be to flash opengapps via TWRP.
Click to expand...
Click to collapse
I suspect that Magisk should be able to do whatever TWRP is doing (which is just putting some files in certain places, for the most part). Have you tried to find a Magisk module with OpenGapps? Or you can try making your own (but be warned that lzip is not available by default on any Android or Linux).
Edit: nevermind, I see you found a LiteGapps Magisk module.
Thanks @wirespot
The hint with the linked script to create a custom Magisk module on the preferred OpenGapps bundle was worth gold!
Now I have another problem that comes from installing the OpenGapps via Magisk.
For passing SafetyNet I have to add com.google.android.gms and com.google.android.gms.unstable to the deny list.
But when restarting Magisk all modules are reloaded. So also the OpenGapps module.
As a result, the adjustments to the deny list for the Google Play services are discarded again with every restart and the SafetyNet check fails.
How can I prevent that the two entries are no longer removed from the deny list?
Or how can I ensure that the entries are automatically added to the deny list on restart?
Edit:
It seems that this is what Magisk intended and com.google.android.gms and ...gms.unstable are automatically added to the deny list.
But now I have the question, how can I pass the SafetyNet test?
wirespot said:
I suspect that Magisk should be able to do whatever TWRP is doing (which is just putting some files in certain places, for the most part). Have you tried to find a Magisk module with OpenGapps? Or you can try making your own (but be warned that lzip is not available by default on any Android or Linux).
Edit: nevermind, I see you found a LiteGapps Magisk module.
Click to expand...
Click to collapse
Yes, but there is an issue with litegapps, the google contacts sync is broken unfortunately...
psychofaktory said:
It seems that this is what Magisk intended and com.google.android.gms and ...gms.unstable are automatically added to the deny list.
But now I have the question, how can I pass the SafetyNet test?
Click to expand...
Click to collapse
The deny list only lets you pass Basic check. To also pass CTS you need the USNF module (Universal SafetyNet Fix) and possibly other modules too. More details in this thread (check the end of the post), but try with just deny list and USNF first.
Neither the basic integrity check, nor cts profile match are passed.
Besides the denial list, I tried the modules "Shamiko", "Universal SafetyNet Fix" and "MagiskHide Props Config".
With the latter I have also tried various combinations, unfortunately unsuccessful in each case.
It looks like the deny-list does not work.
I suspect here also a connection with the message together that Magisk displays with each call:
Code:
An "su" command that does no belong to Magisk is detected. Please remove the other unsupported su
I have already been able to disable Phh-su with these commands:
Code:
adb shell
phh-su
mount -o remount,rw /
mount -o remount,rw /system
remount
mount -o remount,rw /
mount -o remount,rw /system
/system/bin/phh-securize.sh system.img
But the message in Magisk still appears.
Yeah passing SafetyNet with a custom ROM may be tricky. Didgeridoohan has a few more tips on their website you can try.
OK, I am already a big step closer to the solution.
After installing Magisk regularly, I first installed the Franco Kernel Manager.
Through this I was then able to flash UnSu.zip, which completely removed phh-su.
This also removed the message "An "su" command that does no belong to Magisk is detected" from Magisk.
Magisk had to be set up again afterwards, since it was also cleaned up by the UnSu script.
YASNAC now already showed "Basic integrity -> Pass".
But now I have not found a way to pass the CTS-profile match.
Does anyone here know what settings to set via MagiskHideProps Config?
And could someone send me the fingerprint of the stock rom (62.0.A.9.11)?
Code:
getprop ro.build.fingerprint
After some tests I discovered a big disadvantage with the variant to flash OpenGapps via Magisk.
Push notifications do not seem to work.
I use too many services that rely on Google Push notifications, so I can't do without them.
Compared to the "normal" variant of flashing OpenGapps via recovery before the first boot, the Magisk variant seems to be missing important dependencies and permissions that are only set during the first boot of the rom.
Therefore, the only useful variant is to flash GApps via recovery.
I really hope that we will soon have the possibility to flash unsigned zip files here!
Another approach:
Opengapps-zip files cannot be flashed via the stock recovery because it fails signature verfication.
The GSI roms can be flashed via the stock recovery. So they seem to be signed correctly.
Would it be possible to sign the Opengapps-Zip files with the same signature keys as the GSI-Roms to be able to flash them via the stock recovery?
Aren't GSI ROMs flashed through fastboot? Since they're partition images not zip installers like OpenGapps.
Of course. You are right.
Would it be possible to merge a GAPPS zip file into a GSI image and then flash the image with fastboot?
All instructions that I was able to find on how to pass SafetyNet on a rooted phone with a custom ROM were for older version of Magisk, so I figured I'd write a guide on how I did it on version 24.3. I'm running LineageOS 18.1 for microG (no gapps) but hopefully it works for other ROMs too (EDIT: it works on LineageOS 19 for microG too). Step 3 is probably not needed for phones using the stock ROM.
Prerequisites: POCO F3 rooted with Magisk>=24.0.
Steps:
Open Magisk and go to settings, enable both Zygisk and Enforce DenyList. Tap Configure DenyList and check all apps that need to pass SafetyNet, except for com.google.android.gms. Reboot.
Install the module Universal SafetyNet Fix. Make sure you install the latest Zygisk version and not the Riru one. Reboot. Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList.
Install module MagiskHide Props Config. Reboot. Open any terminal emulator. Type "su" (without the quotes) then hit enter, give root permission if requested. Type "props" then enter, type "1" then enter, type "f" then enter, type the number for POCO (should be 22) then enter, pick the version for your model, region and Android version then enter, answer yes to all questions including when asked to reboot.
I used this app to run a test after every step:
SafetyNet Helper Sample - Apps on Google Play
Sample app to check if your device passes the Google SafetyNet CTS test
play.google.com
I got a pass on basic integrity after step 2 and a pass on CTS profile match after step 3. I added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
If some apps still complain about root try hiding the Magisk app from Magisk's settings.
Ludoboii said:
All instructions that I was able to find on how to pass SafetyNet on a rooted phone with a custom ROM were for older version of Magisk, so I figured I'd write a guide on how I did it on version 24.3. I'm running LineageOS 18.1 for microG (no gapps) but hopefully it works for other ROMs too. Step 3 is probably not needed for phones using the stock ROM.
Prerequisites: POCO F3 rooted with Magisk>=24.0.
Steps:
Open Magisk and go to settings, enable both Zygisk and Enforce DenyList. Tap Configure DenyList and check all apps that need to pass SafetyNet. You should probably check all system apps by Google that are usually preinstalled in Android devices, except for com.google.android.gms. Reboot.
Install the module Universal SafetyNet Fix. Make sure you install the latest Zygisk version and not the Riru one. Reboot. Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList.
Install module MagiskHide Props Config. Reboot. Open any terminal emulator. Type "su" (without the quotes) then hit enter, give root permission if requested. Type "props" then enter, type "1" then enter, type "f" then enter, type the number for POCO (should be 22) then enter, pick the version for your model, region and Android version then enter, answer yes to all questions including when asked to reboot.
I used this app to run a test after every step:
SafetyNet Helper Sample - Apps on Google Play
Sample app to check if your device passes the Google SafetyNet CTS test
play.google.com
I got a pass on basic integrity after step 2 and a pass on CTS profile match after step 3. I added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
If some apps still complain about root try hiding the Magisk app from Magisk's settings.
Click to expand...
Click to collapse
Although you put your thread in the right place, I miss the Poco F3 in the title of this Guide.
This is why I came across this in a general search and that's actually a shame. Maybe you can edit your title ???
The content of your guide is interesting!
Hi,
I run the Descendant 12 rom and had issues with my banking apps detecting root even after i renamed magisk from within Magisk and adding my banking apps to the DenyList, after much research on XDA i found users freezing magisk to stop prying apps searching for it, the app is called SD MAID
thank you for the updated install instruction for Magisk/Zygisk
Ludoboii said:
All instructions that I was able to find on how to pass SafetyNet on a rooted phone with a custom ROM were for older version of Magisk, so I figured I'd write a guide on how I did it on version 24.3. I'm running LineageOS 18.1 for microG (no gapps) but hopefully it works for other ROMs too. Step 3 is probably not needed for phones using the stock ROM.
Prerequisites: POCO F3 rooted with Magisk>=24.0.
Steps:
Open Magisk and go to settings, enable both Zygisk and Enforce DenyList. Tap Configure DenyList and check all apps that need to pass SafetyNet. You should probably check all system apps by Google that are usually preinstalled in Android devices, except for com.google.android.gms. Reboot.
Install the module Universal SafetyNet Fix. Make sure you install the latest Zygisk version and not the Riru one. Reboot. Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList.
Install module MagiskHide Props Config. Reboot. Open any terminal emulator. Type "su" (without the quotes) then hit enter, give root permission if requested. Type "props" then enter, type "1" then enter, type "f" then enter, type the number for POCO (should be 22) then enter, pick the version for your model, region and Android version then enter, answer yes to all questions including when asked to reboot.
I used this app to run a test after every step:
SafetyNet Helper Sample - Apps on Google Play
Sample app to check if your device passes the Google SafetyNet CTS test
play.google.com
I got a pass on basic integrity after step 2 and a pass on CTS profile match after step 3. I added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
If some apps still complain about root try hiding the Magisk app from Magisk's settings.
Click to expand...
Click to collapse
Hi,
I would like to understand better how to use the list in Magisk, If in this list I put a tick on an app. what does it mean?
Sorry for hijacking the post, here is a Youtube video from,
the amazing "Munchy", i found it very helpfull, he has released loads of informative videos regarding android and custom roms.
johnr64 said:
Hi,
I run the Descendant 12 rom and had issues with my banking apps detecting root even after i renamed magisk from within Magisk and adding my banking apps to the DenyList, after much research on XDA i found users freezing magisk to stop prying apps searching for it, the app is called SD MAID
thank you for the updated install instruction for Magisk/Zygisk
Click to expand...
Click to collapse
Freezing Magisk can help, some banking apps are stubborn... Also, SD Maid can freeze apps?
For me personally, I only had to flash the SafetyNet Fix Magisk Module. Using Xiaomi.eu Weekly Android 12.
Ludoboii said:
... added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
...
Click to expand...
Click to collapse
Hi,
I have followed the procedure but checking with SafetyNet it tells me "SafetyNet request: success
Response signature validation: error".
I'm sorry but I didn't understand which app you are referring to that I have to put the flag in DenyList?
pegasoc said:
Hi,
I have followed the procedure but checking with SafetyNet it tells me "SafetyNet request: success
Response signature validation: error".
I'm sorry but I didn't understand which app you are referring to that I have to put the flag in DenyList?
Click to expand...
Click to collapse
I was referring to SafetyNet Helper Sample. I also get the same answer and apps that would previously complain about root have stopped doing it.
pegasoc said:
Hi,
I would like to understand better how to use the list in Magisk, If in this list I put a tick on an app. what does it mean?
Click to expand...
Click to collapse
It means the app will not be able to gain root access nor interact with Magisk in any way, and should not be able to detect Magisk. If you tap on the app name instead of the box you'll get the option to add its various services in the DenyList, I usually add all of them for apps that I want to put in the DenyList. You should also see some sort of progress bar above the app's name after ticking the box, it tells you how many services of that app are in the DenyList. In my case it's full for each app I ticked because I also ticked all its services.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I'm still not able to pass safetynet CTS profile, after all these steps :|
tegazinho said:
I'm still not able to pass safetynet CTS profile, after all these steps :|
Click to expand...
Click to collapse
I've been having issues with not passing CTS profile on a couple of roms even after following all tutorials, I wonder what the issue is? Arrowos and crDroid both fail but PixelOS passes (all android 12). Strange this is it doesn't seem to stop any of my banking apps from working. Did you upgrade to Miui 13 stock before unlocking bootloader? What app are you using to test safetynet? YASNAC?
SimpleStevie said:
I've been having issues with not passing CTS profile on a couple of roms even after following all tutorials, I wonder what the issue is? Arrowos and crDroid both fail but PixelOS passes (all android 12). Strange this is it doesn't seem to stop any of my banking apps from working. Did you upgrade to Miui 13 stock before unlocking bootloader? What app are you working u using to test safetynet? YASNAC?
Click to expand...
Click to collapse
No, my bootloader was unlocked back when I bought the phone with the android 11. I've had xiaomi.eu miui version though previously before getting back now to crDroid, which I tried everything in the guide plus a lot of more stuff, like matching the firmware version with the signature on props just, and nothing works.
As for the app, I tried them all, actually YASNAC is my favorite, but for the sake of following this guide I tried the OP suggested app too.
I've must have clean flashed my phone 10 times and rebooted more than 100 times today for everything I've tried. I even went back to magisk 23 to see if I got lucky, but since is not fully supported on A12 was just another miss.
EDIT: Also if PixelOS I can get the safety pass I will install it, I will trade less features for the safety passing, and anything is better than miui or miui look roms like xiaomi.eu (I really hate them).
It's super weird, I've been flashing roms on android phones for as long as I can remember and I've never had an issue that I couldn't fix up til now. I wonder if downgrading to one based on android 11 would work?
"Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList."
Thank you! That, I didn't know.
SimpleStevie said:
It's super weird, I've been flashing roms on android phones for as long as I can remember and I've never had an issue that I couldn't fix up til now. I wonder if downgrading to one based on android 11 would work?
Click to expand...
Click to collapse
Note that you may have to adjust the fingerprint of your device to make it appear like running a "legit" rom.
Ludoboii said:
All instructions that I was able to find on how to pass SafetyNet on a rooted phone with a custom ROM were for older version of Magisk, so I figured I'd write a guide on how I did it on version 24.3. I'm running LineageOS 18.1 for microG (no gapps) but hopefully it works for other ROMs too. Step 3 is probably not needed for phones using the stock ROM.
Prerequisites: POCO F3 rooted with Magisk>=24.0.
Steps:
Open Magisk and go to settings, enable both Zygisk and Enforce DenyList. Tap Configure DenyList and check all apps that need to pass SafetyNet. You should probably check all system apps by Google that are usually preinstalled in Android devices, except for com.google.android.gms. Reboot.
Install the module Universal SafetyNet Fix. Make sure you install the latest Zygisk version and not the Riru one. Reboot. Note that after rebooting com.google.android.gms will not be in the DenyList anymore if you checked it during step 1, do not enable it again because you will not pass SafetyNet when it's in the DenyList.
Install module MagiskHide Props Config. Reboot. Open any terminal emulator. Type "su" (without the quotes) then hit enter, give root permission if requested. Type "props" then enter, type "1" then enter, type "f" then enter, type the number for POCO (should be 22) then enter, pick the version for your model, region and Android version then enter, answer yes to all questions including when asked to reboot.
I used this app to run a test after every step:
SafetyNet Helper Sample - Apps on Google Play
Sample app to check if your device passes the Google SafetyNet CTS test
play.google.com
I got a pass on basic integrity after step 2 and a pass on CTS profile match after step 3. I added the app to the DenyList, I'm not sure what the result would be if I didn't do that.
If some apps still complain about root try hiding the Magisk app from Magisk's settings.
Click to expand...
Click to collapse
The same problem with me, I used a MI 11 x indian veron, all apps including Banking apps working fine but Jio sim not working with error you used a rooted device. Any solution plz.
thanks. crdroid 8.5 mi 11x passed safetynet with step 1 and 2 only.
For LineageOS users, we have ih8sn. No need for Magisk/Root.
Odd. I just install magisk, activate zygisk, restart and compose my deny list. Hide magisk launcher. Clear all data for Play Services and Gpay. Restart.
Can use Gpay fine.
My banking apps work fine without Zygisk but Gpay doesn't.
On miui.eu
//Note for those who wants to know actual information. Thanks to V0latyle for pointing it out.
V0latyle said:
SafetyNet components like CTSProfile are no longer applicable, as SafetyNet has been replaced by Play Integrity. All of Google's apps such as GPay have long since switched.
More information here.
Click to expand...
Click to collapse
Recently i faced the problem where my CTS profile failed and thus Google Wallet (GPay) wasn't able to work properly.
I managed to fix this, and so decided to share my expirience to help thus in need to fix this issue aswell.
Previously i had this setup for around whole year which did work until now:
Device: oneplus 9 pro
Firmware: oos 11 11.2.10.10
Kernel: from Arter97
Magisk: Magisk Alpha 23.0 + magisk hide + module universal safetynet fix 1.1.1
Problem: Google Wallet (GPay) won't work / CTS profile failed
Now, these are steps which did help me to solve the issue:
1. Rolled back to stock kernel (boot, dtbo, vendor_boot partitions)
2. Set up Magisk Alpha 25205
Spoiler: How did you install Magisk Alpha 25205?
(there are different methods, like manual patch of stock kernel and then flasshing it via fastboot, or flashing it via TWRP (Keep in mind, that in this case you have to preinstall TWRP before installing custom kernel)
3. Activate Zygisk
4. Select in DenyList menu: Google Play Services, Google Play Store, Google Wallet (GPay) and other apps which you'd like to not find out about your modified system
5. DO NOT ENABLE Enforce DenyList option
6. Install Magisk modules: Shamiko 0.5.2 | Universal SafetyNet Fix 2.3.1 for Zygisk | MagiskHide Props Config 6.1.2
7. Using any terminal app, select newer Fingerpring thanks to MagiskHide Props Config module
Spoiler: How do i do that?
1. open any terminal app
2. type "su" (without quotes)
3. type "props"
4. now you can edit your device fingerprint)
8. Clear data of the following apps: Google Play Store, Google Services, Google Wallet (GPay)
9. Reboot
10. Now, when you open up your Google Wallet (GPay) app, it may work OR message that says that it's updating and you can't use it while the process isn't done may appear.
11. If you encounter such message, change your device language to other one and then open up Google Wallet (GPay) app again
12. Now the app should open up, it may take some time to update it's interface to the latest one
Google Wallet (GPay) now works fine and CTS profile passes succesefully.
Have a nice day
more_than_hater said:
Recently i faced the problem where my CTS profile failed and thus Google Wallet (GPay) wasn't able to work properly.
I managed to fix this, and so decided to share my expirience to help thus in need to fix this issue aswell.
Previously i had this setup for around whole year which did work until now:
Device: oneplus 9 pro
Firmware: oos 11 11.2.10.10
Kernel: from Arter97
Magisk: Magisk Alpha 23.0 + magisk hide + module universal safetynet fix 1.1.1
Problem: Google Wallet (GPay) won't work / CTS profile failed
Now, these are steps which did help me to solve the issue:
1. Rolled back to stock kernel (boot, dtbo, vendor_boot partitions)
2. Set up Magisk Alpha 25205
Spoiler: How did you install Magisk Alpha 25205?
(there are different methods, like manual patch of stock kernel and then flasshing it via fastboot, or flashing it via TWRP (Keep in mind, that in this case you have to preinstall TWRP before installing custom kernel)
3. Activate Zygisk
4. Select in DenyList menu: Google Play Services, Google Play Store, Google Wallet (GPay) and other apps which you'd like to not find out about your modified system
5. DO NOT ENABLE Enforce DenyList option
6. Install Magisk modules: Shamiko 0.5.2 | Universal SafetyNet Fix 2.3.1 for Zygisk | MagiskHide Props Config 6.1.2
7. Using any terminal app, select newer Fingerpring thanks to MagiskHide Props Config module
Spoiler: How do i do that?
1. open any terminal app
2. type "su" (without quotes)
3. type "props"
4. now you can edit your device fingerprint)
8. Clear data of the following apps: Google Play Store, Google Services, Google Wallet (GPay)
9. Reboot
10. Now, when you open up your Google Wallet (GPay) app, it may work OR message that says that it's updating and you can't use it while the process isn't done may appear.
11. If you encounter such message, change your device language to other one and then open up Google Wallet (GPay) app again
12. Now the app should open up, it may take some time to update it's interface to the latest one
Google Wallet (GPay) now works fine and CTS profile passes succesefully.
Have a nice day
Click to expand...
Click to collapse
Hello, thanks for posting but I have a question here. In step 7, in "props" I have to choose an option from Google smartphones and according to the Android I am on. Well, the module is outdated and no option appears with Android 13, which is my case. What do I do now?
Ursaotns said:
Hello, thanks for posting but I have a question here. In step 7, in "props" I have to choose an option from Google smartphones and according to the Android I am on. Well, the module is outdated and no option appears with Android 13, which is my case. What do I do now?
Click to expand...
Click to collapse
It seems that there exists an unofficial fork of this magisk module
And, as i understand, it's not that important to choose exactly the same android ver as yours, you can go up and down.
more_than_hater said:
It seems that there exists an unofficial fork of this magisk module
And, as i understands, it's not that important to choose exactly the same android ver as yours, you can go up and down.
Click to expand...
Click to collapse
Thanks. It helped a lot! I was able to resolve the issue here on my OnePlus Ace (10R) on Android 13 and OxygenOS 13. Only thing left for me to solve here is to remove youtube from the system as Wakelocks. Do you have any idea how to remove it permanently? Would you help me?
Ursaotns said:
Thanks. It helped a lot! I was able to resolve the issue here on my OnePlus Ace (10R) on Android 13 and OxygenOS 13. Only thing left for me to solve here is to remove youtube from the system as Wakelocks. Do you have any idea how to remove it permanently? Would you help me?
Click to expand...
Click to collapse
How to Stop Wakelocks from Any Android App Without Root
Have you ever wondered why your Android phone eats your battery life so fast when the screen is off? Wakelocks! Here's a tutorial on how to stop wakelocks!
www.xda-developers.com
SafetyNet components like CTSProfile are no longer applicable, as SafetyNet has been replaced by Play Integrity. All of Google's apps such as GPay have long since switched.
More information here.
I recently faced similar issue, but with newest version of Company portal (Intune) app as I have a work profile.
After updating the app it started detecting I am rooted maybe due to the mentioned change.
I already had configured the zygisk, deny list and safety net fix.
I found 2 ways to fix it.
1 As a workaround to download grade the app with previous version.
2. I just installed latest shamiko and disable enforcement of the deny list. I didn't used the MagiskHide Props Config. Basically all the steps mentioned above, but without MagiskHide Props Config. For now all is fine. I didn't had issues with gpay so far.
I am on Oneplus 9Pro OOS 13 F.72