Develop Bugs

Disabling Knox on Tab S 8.4 4G

I'm brand new to this website, and have only signed up because I cannot find a solution for this problem. I have always used the forum to get answers, but never though to join! My Galaxy Tab S 8.4 4G T705Y was put through the CF-Auto-Root method, and no a glitch at all. Very smooth. By the way I checked the ChainFire website to make sure I was using the latest. When my device started up I noticed, as I have done before with my Nexus phones, that SuperSU has been added. Good Sign!
But when I open SuperSU I was prompted to update the Binary. Then I pressed 'continue', used the 'normal' method, and waited. It then asked me if I would like to Disable Knox. Yes I would! FAILED TO DISABLE KNOX. Shut down SuperSU. Unhappy Face. As you can see at this point, I am not very up to speed with my rooting knowledge.
So then I decided to select the 'never' option to updating SuperSU, and still it failed to update the binary, I'd say due to Knox stopping it from gaining access.
So my pickle is this: I can't update SuperSU because Knox will not allow me to use SuperSU. I cannot simply hit yes to disabling Knox in SuperSU, as that didn't work for me. I also tried finding something called Knox on my tablet and it seems to be very elusive. I tried updating SuperSU on Play Store also, but to no avail!
I am also unable to use any third party app to do so as I need to grant them access in SuperSU before they can begin! And around I go...
There is a guide here http://forum.xda-developers.com/showthread.php?t=2540761 but it's not for my device so I'm a bit hesitant to start trying random things, as my device is working great atm!
Any info or help would be greatly appreciated!

Look in the android development section for my updated builds of cf_autoroot and flash that.
If you still get issues flash supersu v2.49 with twrp.

ashyx said:
Look in the android development section for my updated builds of cf_autoroot and flash that.
If you still get issues flash supersu v2.49 with twrp.
Click to expand...
Click to collapse
That seemed to at least do something, now it's saying there is no SU Binary installed. So I googled how to do that, then saw you needed TWRP to do so. And in order to get that, I needed the SDK and JDK, so I got them, but then in then couldn't find any of the right files in the SDK folder when trying to install through command prompt. There is a cool program called TWRP Manager that claims to do it, but you need root access. Lets not go there. So method 2: you needed to use a program like GooManager. But even then root access seems to be the order of the day. Ive tried Terminal Emulator and Package disabler also.

clint.fish said:
That seemed to at least do something, now it's saying there is no SU Binary installed. So I googled how to do that, then saw you needed TWRP to do so. And in order to get that, I needed the SDK and JDK, so I got them, but then in then couldn't find any of the right files in the SDK folder when trying to install through command prompt. There is a cool program called TWRP Manager that claims to do it, but you need root access. Lets not go there. So method 2: you needed to use a program like GooManager. But even then root access seems to be the order of the day. Ive tried Terminal Emulator and Package disabler also.
Click to expand...
Click to collapse
UPDATE: So now I have managed to try and install the version of superSU that you have released in the dev thread, using TWRP. seemed to work fine, but i still got the same binary missing error.

clint.fish said:
That seemed to at least do something, now it's saying there is no SU Binary installed. So I googled how to do that, then saw you needed TWRP to do so. And in order to get that, I needed the SDK and JDK, so I got them, but then in then couldn't find any of the right files in the SDK folder when trying to install through command prompt. There is a cool program called TWRP Manager that claims to do it, but you need root access. Lets not go there. So method 2: you needed to use a program like GooManager. But even then root access seems to be the order of the day. Ive tried Terminal Emulator and Package disabler also.
Click to expand...
Click to collapse
Whoah way way way over complicating things. You just install twrp with odin and that's it.
Then you flash this with twrp http://download.chainfire.eu/743/SuperSU/BETA-SuperSU-v2.52.zip

ashyx said:
Whoah way way way over complicating things. You just install twrp with odin and that's it.
Then you flash this with twrp
Click to expand...
Click to collapse
So this is what I do.
Power off device.
Restart in Download Mode.
Use Odin to install the cf-autoroot-twrp-t705.tar from the development section.
When device restarts I put supersu version 2.52 (beta) on the devices memory, then turn off device.
Restart in TWRP Recovery mode, hit install, choose the zip file, install, reboot device.
When device reboots, open superuser and get this message: "There is no SU binary installed, and SuperSU cannot install it. This is a problem! If you just upgraded to Android 4.3, you need to manually re-root - consult the relevant forums for your device".
I swear i'm not blonde. :good:

Something is blocking supersu from installing. Which firmware build is this device running and is reactivation lock disabled?

ashyx said:
Something is blocking supersu from installing. Which firmware build is this device running and is reactivation lock disabled?
Click to expand...
Click to collapse
**Googles how to check firmware version** Build Number KOT49H.T705YDOU1ANG1
**Googles how to bypass reactivation lock...** hmm seems hard. And I cant see it as an option in my security menu.

clint.fish said:
**Googles how to check firmware version** Build Number KOT49H.T705YDOU1ANG1
**Googles how to bypass reactivation lock...** hmm seems hard. And I cant see it as an option in my security menu.
Click to expand...
Click to collapse
UPDATE: So I went into my Samsung account and Performed a factory reset. Only had the device a few days so no biggy. Then as it reset i chose not to put in and Samsung details and skip all the options i could, assuming this would help. Flashed cf autoroot with odin, then updated supersu through twrp... still nothing

clint.fish said:
**Googles how to check firmware version** Build Number KOT49H.T705YDOU1ANG1
**Googles how to bypass reactivation lock...** hmm seems hard. And I cant see it as an option in my security menu.
Click to expand...
Click to collapse
UPDATE: SUCCESS! I used the latest version of Kingroot available on this forum. From looking around, you are a very patient person ashyx. Thanks for all your help!

clint.fish said:
UPDATE: SUCCESS! I used the latest version of Kingroot available on this forum. From looking around, you are a very patient person ashyx. Thanks for all your help!
Click to expand...
Click to collapse
This doesn't make sense. Something is amiss if you can't root with cf_autoroot or twrp. You are the only one as far as I'm aware that has experienced this.
Reactivation lock is under 'Find my phone' in security settings.

clint.fish said:
I'm brand new to this website, and have only signed up because I cannot find a solution for this problem. I have always used the forum to get answers, but never though to join! My Galaxy Tab S 8.4 4G T705Y was put through the CF-Auto-Root method, and no a glitch at all. Very smooth. By the way I checked the ChainFire website to make sure I was using the latest. When my device started up I noticed, as I have done before with my Nexus phones, that SuperSU has been added. Good Sign!
But when I open SuperSU I was prompted to update the Binary. Then I pressed 'continue', used the 'normal' method, and waited. It then asked me if I would like to Disable Knox. Yes I would! FAILED TO DISABLE KNOX. Shut down SuperSU. Unhappy Face. As you can see at this point, I am not very up to speed with my rooting knowledge.
So then I decided to select the 'never' option to updating SuperSU, and still it failed to update the binary, I'd say due to Knox stopping it from gaining access.
So my pickle is this: I can't update SuperSU because Knox will not allow me to use SuperSU. I cannot simply hit yes to disabling Knox in SuperSU, as that didn't work for me. I also tried finding something called Knox on my tablet and it seems to be very elusive. I tried updating SuperSU on Play Store also, but to no avail!
I am also unable to use any third party app to do so as I need to grant them access in SuperSU before they can begin! And around I go...
There is a guide here http://forum.xda-developers.com/showthread.php?t=2540761 but it's not for my device so I'm a bit hesitant to start trying random things, as my device is working great atm!
Any info or help would be greatly appreciated!
Click to expand...
Click to collapse
Chimed in with some feedback but noticed your problem solved after I replied. Unable to delete. Glad to see you're good to go though.

[Guide] Android Pay on rooted T-Mobile G5 - UPDATE: Workaround developed!

Android Pay use after rooting has been discussed in a few other threads, here on XDA, notably the 6P and 5X Nexi:
http://forum.xda-developers.com/nexus-6p/general/android-pay-root-t3309072
http://forum.xda-developers.com/nexus-5x/general/passing-safetynet-root-t3307659
With our newly rooted H830s (courtesy of http://forum.xda-developers.com/tmobile-lg-g5/development/root-h830-t3384526), it'd be nice to collect our information here.
I am very interested in how Android Pay may or may not work after our TOT flash. Here's a quick tutorial:
SuperSU must install via a 'systemless' root method due to security changes with Marshmallow. Thus, when SuperSU is flashed in TWRP as described in the TOT root thread, it can only install this way. It should not affect the /system partition.
Android Pay uses the "Safetynet API" to detect for tampering/root. What they classify as tampering is not entirely clear. But they do check /system among other things. It looks like apps that have altered the /system partition in some way are detected via this method.
(more boring info here http://www.howtogeek.com/241012/saf...y-and-other-apps-dont-work-on-rooted-devices/ )
It must also check the permissions of the /su/bin folder, as it should have a 751 permission profile (which is the described fix in the TOT root original post).
That is:
-Run "adb shell"
-From the shell run "su"
-On the # prompt run "chmod 751 /su/bin/"
Or, you can use root explorer to change the permissions octal to 751 for that folder.
It is set to this permission state in the rooted TOT upon first install. Obviously other root alterations you do may change it.
There are apps, such as Safetynet Helper sample (https://play.google.com/store/apps/details?id=com.scottyab.safetynet.sample), which can utilize the API to see if the API is tripped.
Right after installing the TOT and getting everything to boot properly, the app shows everything is still kosher. I was able to run Android Pay, add credit cards, and have confirmed with a payment transaction.
I believe any root app that doesn't make permanent changes to /system in and of itself will probably keep Android Pay working. Obviously, for instance, if you have a terminal program app with root, and run some commands that alter your system partition/files, it may trip SafetyNet, though just having the app installed does not.
EDIT1: As of 7/25/16, a change was made to the SafetyNet API and it now detects systemless root. Android Pay no longer works on rooted devices, regardless of method. A new method will need to be developed.
EDIT2: As of 8/22/16, a workaround has been developed and tested!​Developer @topjohnwu has created Magisk (http://forum.xda-developers.com/android/software/mod-magisk-v1-universal-systemless-t3432382). This is a new way of integrating systemless changes into Android devices. This includes root, xposed, etc. The unique thing with Magisk is that you can instantly un-root your device, run Android Pay, and then reactivate root, all without rebooting. It is pretty seamless.
See the referenced thread for the latest information. It does take some work to install but it's fairly straightforward.
If you want to start from a clean install, @Gungrave223 has detailed the steps here:
http://forum.xda-developers.com/showpost.php?p=68353051&postcount=22
If you want to keep your data, it's just slightly more work. Assuming you are starting with a rooted install, here is a quick summary on how to do this:
0. You may want to first un-register the cards you have in Android Pay. Some banks apparently only allow a set # of installs before they block additional installs, thus requiring you to call the bank directly to have them reset that number. If Android Pay resets (unsure what security changes trigger this), it will forget your cards, thus leaving those cards registered on a phantom install. Un-registering first may prevent this.
1. Get the Magisk flashable zip, the Magisk-altered phh-superuser.zip, and the Magisk manager apk from the referenced thread.
2. Go to SuperSU and select full unroot. DO NOT restore the stock boot.img. DO NOT restore the default recovery. The phone should reboot and your root will be lost.
3. You should now restore the stock boot.img. This can be done without losing your data or re-encrypting your data. There are 2 ways.
Flash autoprime's stock boot.img zip file through TWRP (recommended), OR
Flash the TWRP-ed TOT file through LGUP, using the UPGRADE (not refurbish) setting
Why not just allow SuperSU to restore the stock boot.img in step 2? Because it will reboot instantly into system and start encrypting your data, with no way for you to intervene and boot into TWRP first!
4. You likely did not have data encryption on your initial rooted installation. If you want to keep yourself un-encrypted, you MUST immediately boot into TWRP before the next power on. If you do not, it will re-encrypt your data. This is the default behavior of the stock boot partition, which you just restored in the step above. You can make this easy for yourself by TWRP flashing autoprime's stock boot.zip and then immediately doing the next steps. Note: Magisk can be installed just fine on a phone with an encrypted data partition if you don't care about data encryption.
Flash the magisk.zip from the Magisk thread. This installs Magisk and also disables the forced encryption (just like the dm-verity zip)
Re-establish root by then flashing the special modified phh-superuser.zip
Note: Chainfire's SuperSU is NOT compatible if you want to use Android Pay
5. Reboot into system. You need to then install from the Playstore phh's superuser app. You also need to install the Magisk manager apk. Grant all your usual apps root permission in the superuser app.
6. Run Magisk Manager and grant it superuser access. You'll find a simple toggle to mount/unmount root. Unmount! Check that SafetyNet will pass. If you've done everything right, it will!
7. Run Android Pay. Add your card(s) back. Mount root back and go about your business.
8. When you want to use Android Pay, unmount root and run the app. Here's a tricky part (and currently a work in progress). We do not know how often or when Android Pay checks for root. We DO know that it does this when you initiate adding a new card. So you can try an Android Pay transaction. If it fails (they often do, even if you are unmounted root at that time), pretend to add a card, cancel it, and then do the transaction again. It should work now!

pay was not working after I installed the Fluence patch, uninstalled xposed and Android Pay is working with no issues with root.

fatapia said:
pay was not working after I installed the Fluence patch, uninstalled xposed and Android Pay is working with no issues with root.
Click to expand...
Click to collapse
The Fluence patch has a huge # of system changes. I would totally expect xposed to break the SafetyNet.
So do you have Fluence still installed, with only xposed removed?

waylo said:
The Fluence patch has a huge # of system changes. I would totally expect xposed to break the SafetyNet.
So do you have Fluence still installed, with only xposed removed?
Click to expand...
Click to collapse
Yup you got it, I had been running Xposed off Fluence for a while until I left my wallet at home and didn't feel like starving. So I downloaded the Xposed uninstaller only, ran it in recovery and then let it reboot and Pay was working again.

I followed the instructions for rooting in this thread, http://forum.xda-developers.com/tmo...p-step-guides-rooting-t-mobile-lg-g5-t3388272 and then the instructions here to change the permissions but an still having problems. The only app root app I installed after rooting was an app to export google play music with track names intact.

What problems specifically are you having?
Did you install the safetynet helper app? What happens when you run it?
What root app did you install? Was it this one? http://forum.xda-developers.com/showthread.php?t=2620331 (play music exporter) aka https://www.david-schulte.de/en/play-music-exporter/
Looks like that app doesn't work in MM regardless, per the developer's page.

waylo said:
What problems specifically are you having?
Did you install the safetynet helper app? What happens when you run it?
What root app did you install? Was it this one? http://forum.xda-developers.com/showthread.php?t=2620331 (play music exporter) aka https://www.david-schulte.de/en/play-music-exporter/
Looks like that app doesn't work in MM regardless, per the developer's page.
Click to expand...
Click to collapse
Yes, that is the app. I noticed MM was not supported after I had it installed
I have installed and run the safetynet app and it shows it gets tripped on the CTS profile
---------- Post added at 02:03 PM ---------- Previous post was at 01:40 PM ----------
I just realized I also had Adguard installed. I have uninstalled it and turned off suppersu and restarted but the phone still does not pass the CTS profile check

Wondering if any of those apps made some changes to /system that were not completely reversed.
Doesn't look like that music app does any permanent changes anyway, rather just copies cache not normally accessible into another folder.
Can you check the permission profile of your /su/bin folder?
Briefly looking at the Adguard website I can't make out how its root version works exactly.
What other apps are listed under your SuperSU app list? You're not running xposed, right?

Apps listed in supersu are adb shell, root checker basic, and Titanium backup.
Titanium backup was installed after safetynet app test failed.
I'm not 100% sure what the permissions are but I followed your instructions above to change the permissions and it appeared to run correctly

eremeya said:
Apps listed in supersu are adb shell, root checker basic, and Titanium backup.
Titanium backup was installed after safetynet app test failed.
I'm not 100% sure what the permissions are but I followed your instructions above to change the permissions and it appeared to run correctly
Click to expand...
Click to collapse
SafetyNet still failing after the permissions change?

It was today. I can try changing them again tonight when I'm at my computer and report back.

I have confirmed that the folder permissions are set to 751

eremeya said:
I have confirmed that the folder permissions are set to 751
Click to expand...
Click to collapse
Well if we can't track down the actual changes made, and you're interested in getting Android pay to work, you could try reflashing the system partition.

It looks like from reports on other threads (Nexus mostly), that something has changed with the SafetyNet check. Phones that were working just fine yesterday now fail. Most likely something server-side was patched so now Android Pay will not work with systemless root.
Details updated as I find them.

For those interested in this topic, a pretty major development has occurred at this thread:
http://forum.xda-developers.com/android/software/mod-magisk-v1-universal-systemless-t3432382
Essentially, this is a brand new way to implement root systemless, which can be toggled via an app, without rebooting. This does allow the SafetyNet api to remain untripped. The steps involved include flashing back to stock kernel/system, flashing the application .zips, and flashing special SuperSU or SuperUser .zips. I have not done any of this yet as it is still very early.
There are some reports, unfortunately, such as this post:
http://forum.xda-developers.com/showpost.php?p=68045722&postcount=121
which reports that despite SafetyNet passing, Android Pay still does not work (user is on Nexus 6P).
I have read of no G5 users doing this yet, but there is a V10 user who has. Stay tuned.

I've been watching the Magisk threads for the past week and decided to take the plunge today. Many Nexus phones seem to have a lot of trouble with Android Pay, but other makes seem to do better. There were confirmations from LG G4 owners. As of this writing Magisk is on v3.
The install steps from the Magisk thread are this:
1. Reflash a stock boot.img to reset your systemless root
2. Flash Magisk.zip
3. Flash modified phh-superuser.zip (not the official one). Chainfire's SuperSU does not currently have as much support, but there is a modified supersu zip as well.
4. Boot and install phh's superuser app from the App store.
5. A 'magisk manager' app is installed via the flashed .zips. This allows you to turn off root for a set # of minutes, without rebooting.
Given the unique way the G5 is rooted, with automatic encryption, I figured it might not be so simple to install this if I wanted to keep my data without a full wipe. It quickly became much more complicated than what I wanted. Here's exactly what happened.
First, I made a full boot+system+data backup.
Then, these were my thoughts/concerns:
I have Adaway installed with the systemless addon zip and SuperSU installed. Magisk installation requests flashing back the stock boot.img. What would this do to the supersu install and Adaway?
The adaway systemless zip makes a script file which is kept in the /su/su.d/ folder. I removed this.
The SuperSU has a complete uninstall feature. As part of this uninstall process, it asks if you want to restore the boot.img (yes--this stock one is backed-up after the initial supersu.zip flash during our initial root/TOT process) and/or the recovery (no, don't do this, but it probably would not have done anything as there is no stock recovery backup). I thought this would accomplish our goal. It does warn you that you may have re-encrypting of the data partition if you go this route.
And unfortunately, after rebooting, it automatically and immediately encrypted the data partition.
Well shoot. Correct me if I'm wrong, but an encrypted data partition cannot be worked on. It booted just fine, but without root.
I started having some doubts at this time so I decided to try to restore back to my initial setup. Through TWRP, I wiped the data partition and flashed the no-verity.zip, to hopefully stop any re-encryption.
Then, after figuring out how to mount system properly (TWRP defaulted to mount system as r/o), I restored my nandroid backup in its entirety.
But upon reboot, it went immediately into bootloader mode. And it continued to do this after every battery pull and power on. I had never heard of this before! Finally, I realized I could still boot into TWRP. I flashed the 10Dcomplete.zip made by autoprime, restoring the boot and system partitions to stock. And then I flashed the magisk v3.zip and the modified phh-superuser zip.
It finally rebooted into Android, with data intact! Oddly, my unlock pattern had changed without my knowledge, but the backup PIN worked. I installed the market phh Superuser. Magisk is installed properly and it passes SafetyNet, and I can add cards to the app. I'll test out Android Pay next opportunity I have.
If I had to do it all again and wanted to keep data intact, this is what I would do.
1. Autoprime did make a 10D boot flashable zip. So this would restore the stock boot.img as intended. There are some files to clean up, such as data/su.img, but that can be dealt with later.
2. I do not know if just flashing the stock boot.img would result in re-encrypting. It probably would. So, immediately after flashing the boot.img in TWRP I would flash magisk and the phh-superuser.
Alternatively, they say you should not dirty flash for things this complex. So consider starting completely new from a 10Dcomplete flash with wiped data.

I've learned that Magisk will work fine with an encrypted data partition, so if you are set on having that, it won't be a problem.

waylo said:
I have a thread here discussing Android Pay while rooted on our G5s:
http://forum.xda-developers.com/tmob...le-g5-t3395036
I thought I was the only one who cared about this kind of stuff!
Which version Magisk did you install?
I just did this 2 days ago but haven't had the opportunity to test AP yet.
What rooted apps are you running? AdAway?
Click to expand...
Click to collapse
To answer your question... I'm using v3 with his v2 of his modified phh superuser.
As for rooted apps...yes AdAways still works perfectly....TB...my one time use of System App Remover etc...
I haven't been able to test Android util tomorrow....but SafetyNet did pass when Magisk was disabled and failed when enabled.
I'll report back tomorrow after I go buy my weekly chicken at my local Fresh Mart.

I'm using the same install as you.
I tried it this AM for the first time and it failed.
On the Magisk-AP thread, someone has posited that maybe the AP app caches any root inquires during that boot. So if you test out AP and it fails while the root is active, it will remember that failure until the next reboot.
That could explain how so many people are getting weird inconsistent results. I'm testing out that theory later today.

Bah, still doesn't work, even if done immediately after a reboot =(

Alternative to SuperSU

As far as I understand it many banking apps simply check for the existance of supersu.apk, and if found denies access. Is it correct that by using another method to getting root, this problem might be solved? And if so, which alternatives are there (can Magisk be used on a OP3)?

snegom said:
As far as I understand it many banking apps simply check for the existance of supersu.apk, and if found denies access. Is it correct that by using another method to getting root, this problem might be solved? And if so, which alternatives are there (can Magisk be used on a OP3)?
Click to expand...
Click to collapse
Yes it can be done (I can use banking apps and Android Pay on my OP3).
1. Disable any in-built root/remove exisiting SuperSU.
2. Flash Magisk
3. Install Magisk Manager
4. Enable Magisk Hide
5. Try app - If it still doens't work go back onto Magisk Hide and enable it on that specific app by pressing the checkbox and it should work. (Try rebooting if it doesn't work)
6. If possible turn off devloper options/ADB options in settings as these can stop banking apps from working.
I hope this helps

I confirm magisk is legit and fantastic!!!
Sent from my OnePlus 3 using XDA Labs

Magisk works perfectly for all the apps which checks for the SAFETYNET......some apps need not be hided using magisk hide ...just bypassing the safetynet is enough for A-pay and banking apps ...

check this thread out:
https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445

byAidan said:
Yes it can be done (I can use banking apps and Android Pay on my OP3).
1. Disable any in-built root/remove exisiting SuperSU.
2. Flash Magisk
3. Install Magisk Manager
4. Enable Magisk Hide
5. Try app - If it still doens't work go back onto Magisk Hide and enable it on that specific app by pressing the checkbox and it should work. (Try rebooting if it doesn't work)
6. If possible turn off devloper options/ADB options in settings as these can stop banking apps from working.
I hope this helps
Click to expand...
Click to collapse
Had this as a small project for this Easter. However for 1) above, is it as simple as just running "Change superuser app" in SuperSU free before proceeding with 2-6) ? Have seen some rather complicated install instructions elsewhere - and can also see that some users have experienced various problems.

snegom said:
Had this as a small project for this Easter. However for 1) above, is it as simple as just running "Change superuser app" in SuperSU free before proceeding with 2-6) ? Have seen some rather complicated install instructions elsewhere - and can also see that some users have experienced various problems.
Click to expand...
Click to collapse
The only way I could completely remove SuperSU was to dirty flash OOS. Otherwise safety net still detected SuperSU. Rooted with magisk and used magisk hide. Can now play Mario run and used Android pay.

How to install Magisk v12.0 root, re-enable Samsung Health, and pass safetynet

sorry guys Magisk currently does not pass safetynet checks (24-06-2017) so this guide is a bit out of date but you can still use it, I will make another guide for this once magisk v13 comes out and fixes this problem
Hi guys! just a quick guide on how to install magisk, re-enable use of Samsung Health, and pass SafetyNet and be play store certified.
This guide will be pretty brief as i don't have the time or commitment to do an in-depth guide and I believe if you are here that you should know what you are doing (if anyone wants to make this in-depth, please be my guest).
this guide is for people who have tripped knox and still want to use s health while still getting the most out of their phone
You will need:
Odin:
https://www.androidfilehost.com/?fid=529152257862705230
TWRP for your device (you should be able to find guides with the download link)(you should also flash back to complete stock if you are already rooted to avoid any problems with previous roots)
no-verity-no-encrypt_ashyx.zip:
https://www.androidfilehost.com/?fid=24591000424951049
Magisk v12.0:
https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
Now that you have those 4 files we can start.
Skip steps 1-6 if you already have root and only wish to use samsung health
1. put magisk v12.0 and dm-verity patch onto the sdcard in the phone
2. flash TWRP using odin
3. boot into recovery and swipe to allow modifications.
4. under wipe there should be a button to format data (its in the bottom right). you will need to do this to flash magisk and dm verity.
5. flash Magisk and THEN dm verity
6a. boot into phone and complete setup to get to home page.
6b. download any systemless root app that you want (adaway works you just have to turn on systemless host files in magisk settings + viper4andriod has a module in magisk that you download for it to work)
(DO NOT TURN ON HIDE MAGISK UNTIL THE END)
7. download the app buildprop editor, open it and grant it root. search for the line ro.config.tima=1 and change the value from 1 to 0.
8. reboot the phone and you should now be able to use s health.
continue following if you wish to pass safetynet and be playstore certified (set up your root apps like viper and adaway before doing this)
9. go into magisk settings and enable the setting Magisk Hide. reboot phone. check that you pass safetynet in magisk manager after booting up again
10. go into app manager, find google play store, tap storage and then clear the data.
11. open app again and you should be certified. (this took me a few tries. not sure if it was play store needing to update the property or me needing to reboot the phone)
12. Yay! your device should now be able to pass safetynet and will be play store certified in the play store app. you should soon be able to see netflix in the play store again.
source: I done this on my a520 just on the weekend to be able to update netflix

I'll try this next update, thnx!

Does this require an external sd card?

korwynkim said:
Does this require an external sd card?
Click to expand...
Click to collapse
Yes i believe so, although I have never tried doing it without

According to the XDA page of Magisk it already supports dm-verity and forceencrypt. So is the separate download of no-verity-no-encrypt_ashyx.zip still necessary?
Edit: What does the change " ro.config.tima=0" do?

reayard said:
According to the XDA page of Magisk it already supports dm-verity and forceencrypt. So is the separate download of no-verity-no-encrypt_ashyx.zip still necessary?
Edit: What does the change " ro.config.tima=0" do?
Click to expand...
Click to collapse
oh i did not know that it supported it already so maybe its not? not sure, try it out and see what happens?
the config change make it so that the rom thinks you still have knox enabled to you are able to use samsung health still (it got a "security update" that makes it so that phones with knox tripped will not be able to use it)

Good to know ! Thank so much !
But what's the real possibilities of this recent "magisk" ?
It can root with systemless ?
And in theory with systemless-root ,that don't trip the knox and we can use all apps and full hardware ....because it consider that the system is safe and untouched ===> i'm truth or wrong ?

Loulou-13 said:
And in theory with systemless-root ,that don't trip the knox...
Click to expand...
Click to collapse
According to some other threads (and if I remember correctly from my own experience with the S7) Knox gets triggered as soon as you flash a custom recovery.
A positive effect of Magisk vs. SuperSU could be that system updates are still possible as the system partition is still unchanged. On the other hand the custom recovery will most probably cause the update to fail.
What seems to make Magisk superior to SuperSU is MagiskHide so that the system appears to be unchanged for PlayStore and apps using SafetyNet.

reayard said:
According to some other threads (and if I remember correctly from my own experience with the S7) Knox gets triggered as soon as you flash a custom recovery.
A positive effect of Magisk vs. SuperSU could be that system updates are still possible as the system partition is still unchanged. On the other hand the custom recovery will most probably cause the update to fail.
What seems to make Magisk superior to SuperSU is MagiskHide so that the system appears to be unchanged for PlayStore and apps using SafetyNet.
Click to expand...
Click to collapse
Thank so much for sharing Samsung experience
Before i have had olds goods samsung fully customised ! It was funny before ,at this time ....and then always have had LG phones and just an unlock of bootloader+Systemless root din't have problem at all (full playstore&experience)
Now with the samsung evolution and my new A5 ,i don't want at all loose OTA updates,knox flag.... and all functions+playstore as you have said . And magisk is recent...
I want to be sure at 100....0000% that "magisk" systemless root doesn't affect anything .
i'm not interested at all by TWRP ...completely useless until there eventually have "real" customs developments and many things can be flashed by flashfire,flashify....

Loulou-13 said:
I want to be sure at 100....0000% that "magisk" systemless root doesn't affect anything .
i'm not interested at all by TWRP ...completely useless until there eventually have "real" customs developments and many things can be flashed by flashfire,flashify....
Click to expand...
Click to collapse
I doubt that FlashFire or Flashify can flash anything without root. The website of FlashFire for example says "FlashFire is the most advanced on-device firmware flasher available for rooted Android devices.". And the same for Flashify: [APP][4.0+][ROOT] Flashify.

reayard said:
I doubt that FlashFire or Flashify can flash anything without root. The website of FlashFire for example says "FlashFire is the most advanced on-device firmware flasher available for rooted Android devices.". And the same for Flashify: [APP][4.0+][ROOT] Flashify.
Click to expand...
Click to collapse
Yes yes....sure...i didn't have precised...
Root with a method who din't need twrp and don't touch samsung things....and then flash what we want with these apps ...

Hi, Im XxViRUsPRO.
1.You Need Magisk Manager (Removed Form PlayStore) So this is the Download Link https://mega.nz/#!olRzFRTZ!eNOb6yVtvsAlb3V8sIOaRRfsHtQG952_WU--3TCDvck
2.To Use S Health On Rooted Phone You Need To Edit /System/Build.prop
and Change ro.config.tima=1 to ro.config.tima=0 using (Es File Explorer or Root Browser)

safety net check does not pass in Samsung galaxy a5 2015
What is this dm verity and for encryption? I have the latest magisk and i see those options in my magisk manager but donot know its utilization! and probably for the same reason my safety net check does not pass in Samsung galaxy a5 2015
reayard said:
According to the XDA page of Magisk it already supports dm-verity and forceencrypt. So is the separate download of no-verity-no-encrypt_ashyx.zip still necessary?
Edit: What does the change " ro.config.tima=0" do?
Click to expand...
Click to collapse

Dis any one could enable the fm chip in nougat once rooted ,in Canada Samsung disable the fm chip and i would get it back

why does flashing magisk wipes all user data including internal storage?

Samsung A5 sm-a500f

Device uncertified after Magisk root on latest factory Android 11

Hi all,
Got a new phone and finally decided to see if I could root the old Pixel 2 XL. It's unlocked, bought directly from Google. Never before unlocked bootloader until now.
It was flashed to factory Android 11 2020-12, and rooted from there. Magisk 21.1 beta was installed from zip while booted into TWRP 3.0.4, as advised in this thread. The latest Play System Update (Oct 5, 2020) was automatically installed while I was messing around afterwords.
I confirmed root access thru a checker and Termux, which is pretty neat! Hadn't rooted a device in a long time!
Unfortunately, device certification fails in Play Store, Magisk SafetyNet check and being unable to add a credit card to Google Pay. Magisk says basicIntegrity passes, but CTSprofile fails.
Things I've tried, mostly from this exhaustive guide:
Hidden Magisk Manager
Enabled MagiskHide, rebooted
Remove Magisk zip from storage
Lock bootloader again, rebooted
Clear app storage for Play store and Play services, rebooted
Disable USB debugging
Disable Play Protect scanning
Looked over XDA boards, Magisk changelog/documentation/guides
Things I haven't done (yet?):
Spoofing device fingerprint. I wouldn't expect this to be necessary, since it's actually authentic! But maybe there's more to it that I don't understand?
Start over from scratch, with Magisk Canary build - doesn't appear to be any improvements to MagiskHide according in current release notes
Is this possible to achieve?

composition said:
Is this possible to achieve?
Click to expand...
Click to collapse
SafetyNet:Magisk and MagiskHide Installation and Troubleshooting guide
www.didgeridoohan.com
Google I believe is using hardware-backed CTS profiling, which Magisk cannot circumvent. Your only chance of passing CTS is to hope Google ISN'T using the hardware-backed version, so you can employ one of the workarounds I gave in the link above.

There is a setting in magisk manager that let's you switch the attestation check. I'm having a brain fart as to where it is atm but I'll poke around and if/when I find it, I'll reply again.

Larzzzz82 said:
There is a setting in magisk manager that let's you switch the attestation check. I'm having a brain fart as to where it is atm but I'll poke around and if/when I find it, I'll reply again.
Click to expand...
Click to collapse
Apparently we're both having brain farts. I didn't even think there was such a setting. Then again, I don't use Google Pay.