Phone: Redmi Note 7 Pro (Violet)
Bootloader: Unlocked
Issues: Magisk ctsprofile false
Troubleshooting:
I'm caught up in a very weird tough situation.
All was going good until I installed edxposed and gravitybox and some modules and since then Magisk kept returning ctsprofile false.
So I flashed stock MI rom using MIFlash tool and also re-locked BL.
So at this time the phone is just like a factory one..no magisk/xposed etc.
Then UL Bootloader and re-flashed twrp and same rom.
This time it should had worked but again Magisk kept returning ctsprofile false.
This is so frustrating.
I tried other roms as well like pixel exp. without any xposed crapp etc. but all showing ctsprofile false.
Tried updating magisk to latest and even downgrading but to no vail.
I even tried MagiskHidePropsConf-v4.0.3 but it didnt worked.
Tried magisk hide but no luck.
All safetynet check apps fail test.
Tried SafetyPatch-v3 and it worked but keep giving very annoying error on system boot about some huawei thing and have to ok everytime.
Any valuable suggestions to fix this for good??
If Safetypatch works, then MagiskHide Props Config should work as well. Did you set up a certified fingerprint after having installed the module? It's not a flash-and-forget module, it takes a bit of setup as well.
Safetypatch uses the same method, but doesn't let you pick a fingerprint, which is why you might get the error you're seeing. If you really want to use Safetypatch, you can get around that by editing the module boot script and replace the default fingerprint with one of your own, and also enabling editing of the vendor fingerprint (that's disabled by default in that module).
More info on SafetyNet, with tips and tricks can be found here:
https://didgeridoohan.com/magisk/MagiskHide#hn_SafetyNet
Didgeridoohan said:
editing the module boot script and replace the default fingerprint with one of your own, and also enabling editing of the vendor fingerprint (that's disabled by default in that module).
Click to expand...
Click to collapse
Hey thanks for the reply.
Can you please post a noob guide as to where to/how to find or define my own fingerprint and also edit vendor fingerprint?
Also, as I described, initially all was good but after xposed all screwed up. Even stock miui rom and then unlocking of BL isn't helping.
May I know the actual reason behind it as why reflashing different roms even after starting from scratch isnt helping to CSprofile True.
Those ROMs likely don't have a certified device fingerprint. It's also possible that Google tightened up something about that recently, so that fingerprints that did work without a correspond safety patch date now don't. That's pure guesswork on my part though, don't take it as fact.
The noob way of doing it would be to use MagiskHide Props Config and pick a fingerprint from the included list. Unfortunately I don't have a violet print in there at the moment... Luckily you can use whatever print that is certified, but if you really want a print from your device you can take a look a little further down in the docs for instructions.
If you find a matching print, you can use it in the module (by entering it manually), but also submit it in the module thread for me to include it in the list. Of course, you could also use it with Safetypatch by editing the module files found in /data/adb/modules/safetypatch (just replace the Huawei print with yours).
Didgeridoohan said:
Those ROMs likely don't have a certified device fingerprint. It's also possible that Google tightened up something about that recently, so that fingerprints that did work without a correspond safety patch date now don't. That's pure guesswork on my part though, don't take it as fact.
The noob way of doing it would be to use MagiskHide Props Config and pick a fingerprint from the included list. Unfortunately I don't have a violet print in there at the moment... Luckily you can use whatever print that is certified, but if you really want a print from your device you can take a look a little further down in the docs for instructions.
If you find a matching print, you can use it in the module (by entering it manually), but also submit it in the module thread for me to include it in the list. Of course, you could also use it with Safetypatch by editing the module files found in /data/adb/modules/safetypatch (just replace the Huawei print with yours).
Click to expand...
Click to collapse
Just wanna know what if I reflash stock miui rom and just extract its fingerprint from build.prop and after flashing back Havoc rom and rooting, use this original fingerprint with SafetyPatch-v3.zip, will this work?
And currently most of the suers have already flashed SafetyPatch-v3.zip which uses huawei fingerprint, will it be possible google might blacklist/block that as well?
nri_tech1183 said:
Just wanna know what if I reflash stock miui rom and just extract its fingerprint from build.prop and after flashing back Havoc rom and rooting, use this original fingerprint with SafetyPatch-v3.zip, will this work?
Click to expand...
Click to collapse
As long as that ROM is CTS certified it should work just fine.
And currently most of the suers have already flashed SafetyPatch-v3.zip which uses huawei fingerprint, will it be possible google might blacklist/block that as well?
Click to expand...
Click to collapse
Possible but very unlikely.
Nice.
So I finally found 3 fingerprints from stock redmi violet from earlier updates.
10.3.5.0
10.3.7.0
10.3.13.0
What now I plan is to edit post-fs-data.sh file in SafetyPatch-v3.zip to replace the Huawei fingerprints with redmi ones.
But before that how to remove existing SafetyPatch-v3?
Shall I reflash it from recovery to get uninstalled or simply delete from magisk module list to reset it so I can then flash the edited SafetyPatch created properly from twrp?
And most importantly, after flashing redmi fingerprint will the CTSprofile return True value or is it a hit or miss?
And will I still get this similar alert later on as well? Actually want to get rid of this alert on every boot.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Do we need to edit vendor.img for this??
You don't have to remove anything... Just edit the file as it is in the module directory under /data/adb/modules and reboot.
To get rid of the warning message, just make sure to also remove the # in front of the vendor prop (and replace all the fingerprints with your own).
It is not certain that the prints will work for you, since you might also need the security patch date from the release you're using. Or the prints aren't actually certified. Only way to know is to test.
Would you mind posting the prints (and security patch date) so I can test them and add to the list included in MagiskHide Props Config?
Didgeridoohan said:
You don't have to remove anything... Just edit the file as it is in the module directory under /data/adb/modules and reboot.
Click to expand...
Click to collapse
Do I need to do it from the twrp terminal, adb, or simply can be done from the OS itself using some file explorer?
Didgeridoohan said:
To get rid of the warning message, just make sure to also remove the # in front of the vendor prop (and replace all the fingerprints with your own).
Click to expand...
Click to collapse
You mean that inside SafetyPatch-v3, edit "post-fs-data" file
and remove "#" resetprop ro.vendor.build.fingerprint 'HUAWEI/CLT-L29/HWCLT:8.1.0/HUAWEICLT-L29/128(C432):user/release-keys' right?
I hope it wont result into any bootloop.
Or is there any other seperate vendor.prop file (which I didnt found in roms nor in my phone).
Didgeridoohan said:
It is not certain that the prints will work for you, since you might also need the security patch date from the release you're using. Or the prints aren't actually certified. Only way to know is to test..
Click to expand...
Click to collapse
True, we need to keep experimenting but I wonder how come some other devices fingerprints helps us to pass ctsprofile safetynet test?
For latest devices can we use old devices fprints like redmi note 3 or nexus or pixel? I think pixel will be too good as its google device and spoof free!
Didgeridoohan said:
Would you mind posting the prints (and security patch date) so I can test them and add to the list included in MagiskHide Props Config?
Click to expand...
Click to collapse
Surely mate I will message you all of them. I found those fprints in prop.default file so will share the file contents with you.
nri_tech1183 said:
Do I need to do it from the twrp terminal, adb, or simply can be done from the OS itself using some file explorer?
Click to expand...
Click to collapse
From OS works fine. That file is only run during boot.
You mean that inside SafetyPatch-v3, edit "post-fs-data" file
and remove "#" resetprop ro.vendor.build.fingerprint 'HUAWEI/CLT-L29/HWCLT:8.1.0/HUAWEICLT-L29/128(C432):user/release-keys' right?
Click to expand...
Click to collapse
That's exactly it.
True, we need to keep experimenting but I wonder how come some other devices fingerprints helps us to pass ctsprofile safetynet test?
For latest devices can we use old devices fprints like redmi note 3 or nexus or pixel? I think pixel will be too good as its google device and spoof free!
Click to expand...
Click to collapse
Some print are certified by Google, others are not. And old (before March 2018) certified prints don't need the safety patch date to match. Everything about SafetyNet is pretty thoroughly explained in the links I've posted here previously, so I suggest you also take a look there.
Didgeridoohan said:
From OS works fine. That file is only run during boot.
That's exactly it.
Some print are certified by Google, others are not. And old (before March 2018) certified prints don't need the safety patch date to match. Everything about SafetyNet is pretty thoroughly explained in the links I've posted here previously, so I suggest you also take a look there.
Click to expand...
Click to collapse
Hey I succeeded in removing the Huawei warning error prompt.
In your file "post-fs-data.sh"
you stated:
resetprop ro.vendor.build.fingerprint 'HUAWEI/CLT-L29/HWCLT:8.1.0/HUAWEICLT-L29/128(C432):user/release-keys'
#The above caused issues (critical services not starting) on my Honor
What do you meant by #The above caused issues (critical services not starting) on my Honor
What all services failed to or were not running in your Honor?
I didnt find anything unusual on my phone, but would still like to verify if any critical services arent running.
How to check them out?
That's not my statement... I'm the creator of MagiskHide Props Config, not Safetypatch. I don't know what he was referring to.
Didgeridoohan said:
That's not my statement... I'm the creator of MagiskHide Props Config, not Safetypatch. I don't know what he was referring to.
Click to expand...
Click to collapse
How to share redmi note 7 pro stock fingerprints with you? Shall I pm you?
nri_tech1183 said:
How to share redmi note 7 pro stock fingerprints with you? Shall I pm you?
Click to expand...
Click to collapse
That works. Thank you.
Didgeridoohan said:
That works. Thank you.
Click to expand...
Click to collapse
Have sent you fingerprints.
Also wanna ask, now that I'm using huawei fingerprint with SafetyPatch-v3 and ctsprofile is reporting true, can I still install edxposed and yet retain ctsprofile values to true?
nri_tech1183 said:
Have sent you fingerprints.
Also wanna ask, now that I'm using huawei fingerprint with SafetyPatch-v3 and ctsprofile is reporting true, can I still install edxposed and yet retain ctsprofile values to true?
Click to expand...
Click to collapse
Thank you. Received.
As far as I know (I don't use EdXposed) Google can't detect (or doesn't yet look for) EdXposed so you should be good to go.
Didgeridoohan said:
Thank you. Received.
As far as I know (I don't use EdXposed) Google can't detect (or doesn't yet look for) EdXposed so you should be good to go.
Click to expand...
Click to collapse
Asking as installing exposed kills the cts thing and makes it false.
In short if you installed Xposed then there is no possible way to pass safety net.
If you can research and do let me know it will be great as I really need some exposed modules to run which aren't yet available in magisk modules.
nri_tech1183 said:
Asking as installing exposed kills the cts thing and makes it false.
In short if you installed Xposed then there is no possible way to pass safety net.
If you can research and do let me know it will be great as I really need some exposed modules to run which aren't yet available in magisk modules.
Click to expand...
Click to collapse
You're talking about different things now...
It's true that Xposed will trigger SafetyNet, no matter what, but from what I've seen EdXposed doesn't (although I might not be up-to-date on that).
Note the difference in names. They're very similar, but work slightly different.
nri_tech1183 said:
Have sent you fingerprints.
Also wanna ask, now that I'm using huawei fingerprint with SafetyPatch-v3 and ctsprofile is reporting true, can I still install edxposed and yet retain ctsprofile values to true?
Click to expand...
Click to collapse
Didgeridoohan said:
Thank you. Received.
As far as I know (I don't use EdXposed) Google can't detect (or doesn't yet look for) EdXposed so you should be good to go.
Click to expand...
Click to collapse
@nri_tech1183 / @Didgeridoohan can you pls send me too the device fingerprints for violet?
I am using xiaomi.eu ROM on my Redmi Note 7 Pro (violet) and recently updated to xiaomi.eu MIUI 11 and Playstore is not ceritifed. It seems xiaomi.eu has been using lavender fingerprints which is not the best case. And also works on & off.
PS: Happy to test out if required.
Didgeridoohan said:
You're talking about different things now...
It's true that Xposed will trigger SafetyNet, no matter what, but from what I've seen EdXposed doesn't (although I might not be up-to-date on that).
Note the difference in names. They're very similar, but work slightly different.
Click to expand...
Click to collapse
Now that all is working good I wanna risk running Edxposed on my phone.
Just let me know what all backups do I need to take inside TWRP before flashing Edxposed so that if safetynet check fails later I can restore my phone toe earlier state.
Related
Hi
I'm using a Samsung Galaxy S4
I rooted the stock Samsung rom with SuperSU prior to install Magisk
At first I couldn't install 13.3 I had to install 12.0 because of some unknown reason installing 13.3 I got the error image mount failed same with all previous 13. versions however now 13.3 is now installed and SuperSU isn't installed.
When I run the SafetyNet Check in Magisk it reports:
ctsProfile: false
basicIntegrity: false
I want to be able to use apps like Android pay and such
Can someone please help me with getting this to work
Thanks!
Magisk v12.0 can't pass SafetyNet without workarounds like Universal SafetyNet fix module (and since the last update to SafetyNet a few days ago I've no idea if that works either).
You can't use Magisk to pass SafetyNet with SuperSU installed.
Here's some reading for you:
https://forum.xda-developers.com/apps/magisk/magisk-magisk-hide-troubleshooting-tips-t3561828
Pro tip: Try using the search function and browse the stickied threads before posting. There are very few things that hasn't been covered already in one way or another...
Didgeridoohan said:
Magisk v12.0 can't pass SafetyNet without workarounds like Universal SafetyNet fix module (and since the last update to SafetyNet a few days ago I've no idea if that works either).
You can't use Magisk to pass SafetyNet with SuperSU installed.
Here's some reading for you:
https://forum.xda-developers.com/apps/magisk/magisk-magisk-hide-troubleshooting-tips-t3561828
Pro tip: Try using the search function and browse the stickied threads before posting. There are very few things that hasn't been covered already in one way or another...
Click to expand...
Click to collapse
I've got 13.3 installed and SuperSU isn't installed plus I've already read a lot on this subject and most of my searches did nothing for me that's why I thought I would make a thread to see if anyone could help me.
AyanamiRei0 said:
I've got 13.3 installed and SuperSU isn't installed plus I've already read a lot on this subject and most of my searches did nothing for me that's why I thought I would make a thread to see if anyone could help me.
Click to expand...
Click to collapse
That was not very clear from your first post...
If you haven't already, start by reading through the link I posted. You wan't post #4.
Didgeridoohan said:
That was not very clear from your first post...
If you haven't already, start by reading through the link I posted. You wan't post #4.
Click to expand...
Click to collapse
Interesting trying to start magiskhide manually does nothing.
You could have remnants of Su on your phone. Even if you use the full uninstall method you can have leftovers. Tried a complete fresh reinstall?
phuhcue said:
You could have remnants of Su on your phone. Even if you use the full uninstall method you can have leftovers. Tried a complete fresh reinstall?
Click to expand...
Click to collapse
Oh it's working fine now installing Lineage OS and then install Magisk and it works perfectly.
With me my experiments with magisk in the past left some files in my data partition behind which makes safetynet fail.
I found them by going into twrp recovery, starting and adb shell and then executing find . | grep -i magisk
the two files i found were:
data/data/com.google.android.gms/files/backup_diff_script/com.topjohnwu.magisk
data/property/persist.magisk.hide
i deleted them with rm and safety net worked again.
So I can confirm that for my phone, unlocked bootloader, custom modem and custom recovery does not matter at all. But if your filesystem still contains traces of magisk, is a nono for google safetynet, pretty silly this road they are taking here.
safety net
i have the same problem on galaxy note 3 with magisk 15.3 on my galaxy s7 everything is ok but in note 3 i have safety net false...
can anyone help me?
spanpana said:
i have the same problem on galaxy note 3 with magisk 15.3 on my galaxy s7 everything is ok but in note 3 i have safety net false...
can anyone help me?
Click to expand...
Click to collapse
Old device... If the kernel version is lower than 3.8 it'll likely not have support for mount namespace and MagiskHide won't work. A custom kernel or ROM might work...
Didgeridoohan said:
Old device... If the kernel version is lower than 3.8 it'll likely not have support for mount namespace and MagiskHide won't work. A custom kernel or ROM might work...
Click to expand...
Click to collapse
thank's for your reply...!
i have custom rom resurection remix v.5.8.2 but i didnt change the kernel can you explain me how to do that please because i don't know...?
spanpana said:
thank's for your reply...!
i have custom rom resurection remix v.5.8.2 but i didnt change the kernel can you explain me how to do that please because i don't know...?
Click to expand...
Click to collapse
Check your kernel version first (usually found in Settings - About Phone). If it's less than 3.8, ask for help in your device's forum for if there's any custom kernels or ROMs available with an updated kernel.
Didgeridoohan said:
Check your kernel version first (usually found in Settings - About Phone). If it's less than 3.8, ask for help in your device's forum for if there's any custom kernels or ROMs available with an updated kernel.
Click to expand...
Click to collapse
ok my friend thank you very much...!:laugh::good:
Didgeridoohan said:
Old device... If the kernel version is lower than 3.8 it'll likely not have support for mount namespace and MagiskHide won't work. A custom kernel or ROM might work...
Click to expand...
Click to collapse
That's interesting. I get the same message on my old phone (running the 3.4.113 kernel), but I'm unable to even open Mario Run if MagiskHide is disabled. But when it's enabled, the game runs just fine. Is that normal? I thought Mario Run made use of SafetyNet... I'm using microG + DroidGuard Helper. I've tried running Android Pay, but I get this error message. But I'm not even sure if Android Pay is supposed to work since I'm using microG... What other apps use SafetyNet so I can try them?
Thanks.
robotsrules said:
That's interesting. I get the same message on my old phone (running the 3.4.113 kernel), but I'm unable to even open Mario Run if MagiskHide is disabled. But when it's enabled, the game runs just fine. Is that normal? I thought Mario Run made use of SafetyNet... I'm using microG + DroidGuard Helper. I've tried running Android Pay, but I get this error message. But I'm not even sure if Android Pay is supposed to work since I'm using microG... What other apps use SafetyNet so I can try them?
Thanks.
Click to expand...
Click to collapse
MagiskHide can't do it's thing to hide itself on such an old kernel, but it can still hide sensitive prop values. That's why Mario Run works... IIRC it looks for ro.debuggable, on of the props changed to "safe" values by MagiskHide.
Didgeridoohan said:
MagiskHide can't do it's thing to hide itself on such an old kernel, but it can still hide sensitive prop values. That's why Mario Run works... IIRC it looks for ro.debuggable, on of the props changed to "safe" values by MagiskHide.
Click to expand...
Click to collapse
Oh, I get it now... Thanks
This module hides bootloader unlock from the entire system, including GMS, meaning that stock ROMs can pass custom verification, as well as custom ROMs with magisk enabled. Module code is here. The actual code of this module (see post-fs-data.sh) can be used to pass safetynet on stock ROMs, even without magisk, provided your /system is unmodified! :angel::highfive:
The module is tested on my Honor 9 Lite, unlocked, lineageos 15.1, MM 5.6.3, Magisk 16.0
Download: Magisk Downloads page
WARNING: phhusson ROMs, as well as official Google gsi's without a fingerprint patch cannot pass safetynet without V2 or higher, or magiskhide props config
Debugging:
Please open a root shell and run
Code:
safetypatch
and select option 1 to debug.
If, in /proc/cmdline, androidboot.verifiedbootstate is green, this module is functioning correctly and some other aspect of your system is detected by safetynet.
Note: Pie ROMs might need ianmacd magisk builds to pass any kind of safetynet. In my experience you need this module and ianmacd magisk.
hackintosh5 said:
This module hides bootloader unlock from the entire system, including GMS, meaning that stock ROMs can pass custom verification, as well as custom ROMs with magisk enabled. Module code is here. The actual code of this module (see post-fs-data.sh) can be used to pass safetynet on stock ROMs, even without magisk, provided your /system is unmodified! :angel::highfive:
The module is tested on my Honor 9 Lite, unlocked, lineageos 15.1, MM 5.6.3, Magisk 16.0
Download: https://github.com/penn5/SafetyPatch/releases/tag/v1
Click to expand...
Click to collapse
Hello, thanks for your work, but i don't understand how this module, by this shell:
Code:
mount -o bind /data/local/tmp/cmdline /proc/cmdline
sed 's/ORANGE/GREEN/' /proc/cmdline > /data/local/tmp/cmdline
is supposed to fix the SN ?
Also i don't think that it could help to fix the SN if Xposed is installed ? Tell me if i'm wrong..
Rom said:
Hello, thanks for your work, but i don't understand how this module, by this shell:
is supposed to fix the SN ?
Also i don't think that it could help to fix the SN if Xposed is installed ? Tell me if i'm wrong..
Click to expand...
Click to collapse
This is not for SN, but to fix safetynet fail. Use HCU to fix SN.
Sent from my kminiltexx using XDA Labs
Doesn't Magisk itself already hides the unlocked BL state?
Sent from my Xiaomi Redmi Note 5 using XDA Labs
VincentJoshuaET said:
Doesn't Magisk itself already hides the unlocked BL state?
Click to expand...
Click to collapse
No. Magisk hides itself
Sent from my kminiltexx using XDA Labs
hackintosh5 said:
No. Magisk hides itself
Sent from my kminiltexx using XDA Labs
Click to expand...
Click to collapse
Wrong...
MagiskHide does hide a few system properties, among others an unlocked bootloader.
https://github.com/topjohnwu/Magisk...2cebb240c4/native/jni/magiskhide/hide_utils.c
If you have an additional method for hiding an unlock bootloader, that would make a great addition to MagiskHide. You could open a pull request for it to be included in a future release.
Didgeridoohan said:
Wrong...
MagiskHide does hide a few system properties, among others an unlocked bootloader.
https://github.com/topjohnwu/Magisk...2cebb240c4/native/jni/magiskhide/hide_utils.c
If you have an additional method for hiding an unlock bootloader, that would make a great addition to MagiskHide. You could open a pull request for it to be included in a future release.
Click to expand...
Click to collapse
Correct...
MagiskHide doesn't hide anything in the cmdline. If you're going to disclaim my module, at least do your research. Even in the README, I tell the commands that the module uses.
Yes, that's a good idea. I will submit a PR, thanks for the idea!
Sent from my kminiltexx using XDA Labs
hackintosh5 said:
If you're going to disclaim my module, at least do your research.
Click to expand...
Click to collapse
Calm down... There was no disclaiming of your module in my post. Just your statement that Magisk does not hide an unlocked bootloader. It does...
But of course, there are many different Android devices and there are many different ways of doing things, and they don't work the same universally. Which is why I suggested you make a PR of the method you have. :good:
I'm using a pixel xl on dp3 and this doesn't help to pass basic integrity. Both basic and cts are still failing
bkkzak said:
I'm using a pixel xl on dp3 and this doesn't help to pass basic integrity. Both basic and cts are still failing
Click to expand...
Click to collapse
Official ROMs not designed for production use will intentionally force the system to fail safetynet. This will be detected and so fail
Sent from my kminiltexx using XDA Labs
hackintosh5 said:
This module hides bootloader unlock from the entire system, including GMS, meaning that stock ROMs can pass custom verification, as well as custom ROMs with magisk enabled. Module code is here. The actual code of this module (see post-fs-data.sh) can be used to pass safetynet on stock ROMs, even without magisk, provided your /system is unmodified! :angel::highfive:
The module is tested on my Honor 9 Lite, unlocked, lineageos 15.1, MM 5.6.3, Magisk 16.0
Download: https://github.com/penn5/SafetyPatch/releases/tag/v1
WARNING: phhusson ROMs cannot pass safetynet.
Click to expand...
Click to collapse
Excuse me, how do I install the module?
Twixy13 said:
Excuse me, how do I install the module?
Click to expand...
Click to collapse
Magisk Manager -> Modules -> + -> Find the zip.
Sent from my kminiltexx using XDA Labs
Do i need a custom kernel for this to work?
It's not working on my stock honor 8. I even tried it with magiskhide props config with a honor 9 and galaxy 6 fingerprint and play store is still uncertified which means safetynet fails
JimZiii said:
play store is still uncertified which means safetynet fails
Click to expand...
Click to collapse
The two are related, yes, but one doesn't exclude the other (you can pass SafetyNet and still be uncertified).
Check SafetyNet with the Magisk Manager or a separate app. If it passes, clear data for the Play Store and reboot. That should be it...
Didgeridoohan said:
The two are related, yes, but one doesn't exclude the other (you can pass SafetyNet and still be uncertified).
Check SafetyNet with the Magisk Manager or a separate app. If it passes, clear data for the Play Store and reboot. That should be it...
Click to expand...
Click to collapse
Ok, for some reason I still can't pass. I've checked it with magisk and a separate app. Even after I factory reset my phone, flashed new firmware and the first thing I installed was magisk to try the safetynet and still I couldn't pass. First I thought it might be something in the new firmware so I tried a bunch of older firmwares which all had the same result.
JimZiii said:
Ok, for some reason I still can't pass. I've checked it with magisk and a separate app. Even after I factory reset my phone, flashed new firmware and the first thing I installed was magisk to try the safetynet and still I couldn't pass. First I thought it might be something in the new firmware so I tried a bunch of older firmwares which all had the same result.
Click to expand...
Click to collapse
This is getting slightly OT for this thread (but that's up to @hackintosh5, of course). Take a look here (start with the Basics and then move on to the SafetyNet chapter) and if you still need help after that, I think you'd better move it to the General support thread:
https://www.didgeridoohan.com/magisk/MagiskHide
And don't forget this part:
https://www.didgeridoohan.com/magisk/MagiskHideHelp
Didgeridoohan said:
This is getting slightly OT for this thread (but that's up to @hackintosh5, of course). Take a look here (start with the Basics and then move on to the SafetyNet chapter) and if you still need help after that, I think you'd better move it to the General support thread:
https://www.didgeridoohan.com/magisk/MagiskHide
And don't forget this part:
https://www.didgeridoohan.com/magisk/MagiskHideHelp
Click to expand...
Click to collapse
Ok, I think I found the problem, magiskhide don't seem to be working. I get logs so logging must be on and namespace is working because there's no error on proc_monitor or anywhere else in the magisk logs. But if I hide a root checker our another app using root they still get root.
Do you have any ideas?
JimZiii said:
Ok, I think I found the problem, magiskhide don't seem to be working. I get logs so logging must be on and namespace is working because there's no error on proc_monitor or anywhere else in the magisk logs. But if I hide a root checker our another app using root they still get root.
Do you have any ideas?
Click to expand...
Click to collapse
Is magisk hide actually turned on?
Sent from my kminiltexx using XDA Labs
hackintosh5 said:
Is magisk hide actually turned on?
Sent from my kminiltexx using XDA Labs
Click to expand...
Click to collapse
yes its on, i've added specific apps to try if they still got root and there's no difference when i check the box in magisk hide for apps
JimZiii said:
yes its on, i've added specific apps to try if they still got root and there's no difference when i check the box in magisk hide for apps
Click to expand...
Click to collapse
Apps can still detect root, even if you pass safetynet. Run the magisk inbuilt checker
Sent from my kminiltexx using XDA Labs
I got a problem. My Google Pay app doesn't work. I got magisk v18 with 2 modules: "universal safetynet fix v3-beta1 (magisk v17 fix)" and google face unlock. When I check the status it shows the two "ctsprofile" and "basicintegrity" as true both. In magisk hide, I selected "Google Pay" and "NFC service" apps, but also without their selection it isn't still recognized by a pos. Now, I'm really sure my payment card works, my bro one with a phone unrooted works fine.
How should I do for make pos recognize my LG H815 rooted Gpay?
Sorry my bad english
p.s. I haven't any xposed or similar installed.
On my OP6 with OOS 9.0.3, CTS returns false without any additional modules and Google Pay and other apps detect root and refuse to work. That happened with the update from 17.2 to 18.0
Unfortunately, I got no helping hint in the main support thread or in the other thread here reporting on failing banking apps.
Later... after downgrading to Magisk 17.2, MagiskHide is working again... an issue is open on Github on that.
Yeah but gpay still not working in my phone, also with magisk 17.2
theicecave said:
Yeah but gpay still not working in my phone, also with magisk 17.2
Click to expand...
Click to collapse
I'll try that when I'm next time in a shop here... but as Safetynet works, GPay should too...
akxak said:
I'll try that when I'm next time in a shop here... but as Safetynet works, GPay should too...
Click to expand...
Click to collapse
And that's the paradox. Lemme know.
Just was at a shop and paid successfully with Google Pay. 17.2 rocks.
Idk why mine is not recognized by pos. And for sure I can say that my NFC works, I use it with my headsets. It's a problem with my phone, it's rooted, and that's it. Gpay cannot be used with root, although it accepted my card payment card after I protected my ctsprofile etc. I lost hope
My OP6 is unlocked and rooted with Magisk. Back on 17.2 SafetyNet checks succeed again and I just could pay... with Magisk 18 though it failed.
What phone and how did you root?
akxak said:
My OP6 is unlocked and rooted with Magisk. Back on 17.2 SafetyNet checks succeed again and I just could pay... with Magisk 18 though it failed.
What phone and how did you root?
Click to expand...
Click to collapse
Which module do you use to protect safetynet, ctsprofile etc?
Just asking.. 'cause, as I told, also with magisk 17.2 it doesn't work.
No module, just plain Magisk and MagiskHide on Google Pay.
akxak said:
No module, just plain Magisk and MagiskHide on Google Pay.
Click to expand...
Click to collapse
No module? I need necessary to use "universal safetynet fix" to activating all 4 green checks on main page of magisk. Without it, last 2 (inside safetynet fix) are red: ctsprofile:false and basicintegrity:false.
And magisk hide with or not selecting gpay doesn't change anything.
However I'm considering the main problem is my rom, resurrection remix.
On OOS I have only two arrows...
ctsProfile and basicIntegrity
But I am on a stock rom
Yeah sorry my bad, I mean just these two.
I'm considering to flash my stock rom again. But it was Android 6. I should set nova launcher and lots of changes to modernize it : D
Also my bro used a stock one to let gpay work. Modded all ones seems not working.
I'm on Android 9 Pie... Nova is great, I use it myself.. with starting on the Oneplus, I stuck to the stock OS and had gold experiences... on the OP6 even mire as I can update it and keep it rooted from within the OS not needing TWRP anymore... allowing an easy upgrade process.
Just flashed up the stock rom of my H815. I installed magisk 17.2 (it's an android nougat). I activated MagiskHide only for Google Pay; now safety net says ctsProfile: false and basicIntegrity: true. I watched this thread and just at beginning of section Safetynet fix - changing device fingerprint seems to be my problem. But my phone hasn't fingerprint (rofl). So after installing modules MagiskHide Props Config and Busybox by osm0sis cts is still false. Watched this because seems the only well built guide about; this problem is splitted anywhere. No more ideas.
theicecave said:
Just flashed up the stock rom of my H815. I installed magisk 17.2 (it's an android nougat). I activated MagiskHide only for Google Pay; now safety net says ctsProfile: false and basicIntegrity: true. I watched this thread and just at beginning of section Safetynet fix - changing device fingerprint seems to be my problem. But my phone hasn't fingerprint (rofl). So after installing modules MagiskHide Props Config and Busybox by osm0sis cts is still false. Watched this because seems the only well built guide about; this problem is splitted anywhere. No more ideas.
Click to expand...
Click to collapse
If I understand you correctly, I think you've misunderstood... It's not about a fingerprint scanner, it's the device fingerprint property that needs to change. You'll have to run the props script and select a certified fingerprint from the list (the module is not a flash and forget module). But if you're on a stock ROM I would expect the CTS check to pass, so there might be something else going on. Anyway, try changing the device fingerprint and see if anything changes.
Didgeridoohan said:
If I understand you correctly, I think you've misunderstood... It's not about a fingerprint scanner, it's the device fingerprint property that needs to change. You'll have to run the props script and select a certified fingerprint from the list (the module is not a flash and forget module). But if you're on a stock ROM I would expect the CTS check to pass, so there might be something else going on. Anyway, try changing the device fingerprint and see if anything changes.
Click to expand...
Click to collapse
Idk how to do this and where is this list. He just attached a .zip on his thread.
Or maybe I do not understand english enough. Very probably.
theicecave said:
Idk how to do this and where is this list. He just attached a .zip on his thread.
Or maybe I do not understand english enough. Very probably.
Click to expand...
Click to collapse
If you're talking about the thread you linked, the "he" is me...
Take a look in the module documentation, most things should be covered there. But basically, what you need is a Terminal emulator where you just type 'props' and press enter. After that you can just follow the ui to do the rest.
Didgeridoohan said:
If you're talking about the thread you linked, the "he" is me...
Take a look in the module documentation, most things should be covered there. But basically, what you need is a Terminal emulator where you just type 'props' and press enter. After that you can just follow the ui to do the rest.
Click to expand...
Click to collapse
Solved following this. In effect, not so different on what were you talking about in your guide. At the moment both ctsprofile and basicintegrity are true, I just need to try Google Pay in a pos.
I know other folks had issues with earlier updates, but this is the first time I've seen this. I skipped the last few updates. Does the Magisk patch method no longer work for rooting the Pixel 4 XL? Or is there some way to fix this?
The "hardware off" module from Displax might help you.
Sent from my Google Pixel 4 XL using XDA Labs
It's hardware based so nothing you can do about it
Patching your boot image with Magisk still works. With the recent implementation of hardware attestation, apps can now recognize if your bootloader is unlocked and safetynet checks result in ctsProfile failing. Magisk Hide still works and you can still hide root from most apps but cannot hide that your bootloader is unlocked unless you use either the hardwareoff mod or the Magisk Props mod.
Lughnasadh said:
Patching your boot image with Magisk still works. With the recent implementation of hardware attestation, apps can now recognize if your bootloader is unlocked and safetynet checks result in ctsProfile failing. Magisk Hide still works and you can still hide root from most apps but cannot hide that your bootloader is unlocked unless you use either the hardwareoff mod or the Magisk Props mod.
Click to expand...
Click to collapse
I tried MagiskHide Props Config but that didn't work - unless I need to do more than just replace the fingerprint. Replacing the fingerprint did not fix the problem. It's likely the Pixel 4 XL uses hardware backed key attestation to check the bootloader state, which I think means MagiskHide Props Config won't solve the problem.
I did find and install the hardwareoff mod and that fixed the problem. Thanks everyone who mentioned that. It was not available for download in Magisk but I found it buried deep in a 4000+ post thread on XDA.
https://forum.xda-developers.com/ap...systemless-t3432382/post83028387#post83028387
fuarkgl3 said:
It's hardware based so nothing you can do about it
Click to expand...
Click to collapse
Eventually you will be right, once Google makes hardware backed key attestation permanent. But for now the hardwareoff mod works.
No work for me
Basic integrity and CTS profile remains false.
madmartian said:
I tried MagiskHide Props Config but that didn't work - unless I need to do more than just replace the fingerprint.
Click to expand...
Click to collapse
Just for clarification: you would also have had to use the "Force BASIC attestation" option. It basically does the same thing as the hardware off mod, so you're good to go already...
So I have the same problem basic integrity but the cts profile fails. Iam in the January update.
I've done anything to fix it but 0 for me. And the problem is that it just happened from nowhere it was everything ok I was passing the safety net and in a moment the gpay made me a warning about contactless payments and the problem started.
Escribis said:
So I have the same problem basic integrity but the cts profile fails. Iam in the January update.
I've done anything to fix it but 0 for me. And the problem is that it just happened from nowhere it was everything ok I was passing the safety net and in a moment the gpay made me a warning about contactless payments and the problem started.
Click to expand...
Click to collapse
Go over to the Magisk thread. It's discussed there in detail and there has been a Magisk Mod released to fix it..
Lughnasadh said:
Go over to the Magisk thread. It's discussed there in detail and there has been a Magisk Mod released to fix it..
Click to expand...
Click to collapse
Can you give me the link my friend?
Lughnasadh said:
Go over to the Magisk thread. It's discussed there in detail and there has been a Magisk Mod released to fix it..
Click to expand...
Click to collapse
Found it, thank you very much sir.
Can you share the link please?
I also woke up to Google Pay warning, an update, than lost Magisk. I've re-installed it but now failing safetynet. Been attempting to fix it for 2 hours now
mushtafa said:
Can you share the link please?
I also woke up to Google Pay warning, an update, than lost Magisk. I've re-installed it but now failing safetynet. Been attempting to fix it for 2 hours now
Click to expand...
Click to collapse
Magisk General Support / Discussion
This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases. All information, including troubleshoot guides and notes, are in the Announcement Thread
forum.xda-developers.com
Found the link. It works, just need to setup Google Pay again https://github.com/kdrag0n/safetynet-fix
I've fastboot flashed the official stock rom, MIUI EU and others. They all don't pass safetynet the CTS profile mismatch which means my device isn't certified in google play store. Other OSS roms like arrowOS works and passes.
How can I fix it
Found a potential fix here. Testing it in a few. Will update. https://droidholic.com/fix-safetynet-failed-cts-profile-false/
TechV said:
I've fastboot flashed the official stock rom, MIUI EU and others. They all don't pass safetynet the CTS profile mismatch which means my device isn't certified in google play store. Other OSS roms like arrowOS works and passes.
How can I fix it
Click to expand...
Click to collapse
Download and enable "MagiskHide Props Config" module from the magisk modules section. Reboot. The method provided from droidholic did not work for me on Motorola G Power 2021 Boost Mobile USA variant Magisk rooted. Nor did MagiskHide props. However, My play store and certain easily triggered apps still work thanks to the Magisk Hide props module.
DrRoxxo said:
Download and enable "MagiskHide Props Config" module from the magisk modules section. Reboot. The method provided from droidholic did not work for me on Motorola G Power 2021 Boost Mobile USA variant Magisk rooted. Nor did MagiskHide props. However, My play store and certain easily triggered apps still work thanks to the Magisk Hide props module.
Click to expand...
Click to collapse
I don't want to use magisk. My phone can't be rooted because of work related reasons. I flashed the latest fastboot rom and it still doesn't pass CT profile check. My play store says device is not certified.
How can this be?
TechV said:
I don't want to use magisk. My phone can't be rooted because of work related reasons. I flashed the latest fastboot rom and it still doesn't pass CT profile check. My play store says device is not certified.
How can this be?
Click to expand...
Click to collapse
Unlocked bootloader
Why you flash stock without to wanna root, instead only update original fw if it's a company phone?
You can try to lock the bootloader again with miflash but I recommend to read exactly the manuals before locking again.
DrRoxxo said:
Found a potential fix here. Testing it in a few. Will update. https://droidholic.com/fix-safetynet-failed-cts-profile-false/
Click to expand...
Click to collapse
This fix worked for me. Thank you!
Sweet + OctaviOS 2.8
Koerschgen said:
This fix worked for me. Thank you!
Sweet + OctaviOS 2.8
Click to expand...
Click to collapse
I am absolutely ecstatic to hear that!
TechV said:
I don't want to use magisk. My phone can't be rooted because of work related reasons. I flashed the latest fastboot rom and it still doesn't pass CT profile check. My play store says device is not certified.
How can this be?
Click to expand...
Click to collapse
I am no expert, but I do believe once the bootloader is unlocked, it triggers a flag at boot level. It does warn against unlocking the bootloader on most devices prior to unlocking. I'd say that once anything is flashed, another flag is triggered. It's like Knox, but for the boot level I think. If you check the bootloader, there is usually some red and yellow colored text output that helps to diagnose the current state of the device. I am no pro, so I hope this makes sense and provides answers.
DrRoxxo said:
I am no expert, but I do believe once the bootloader is unlocked, it triggers a flag at boot level. It does warn against unlocking the bootloader on most devices prior to unlocking. I'd say that once anything is flashed, another flag is triggered. It's like Knox, but for the boot level I think. If you check the bootloader, there is usually some red and yellow colored text output that helps to diagnose the current state of the device. I am no pro, so I hope this makes sense and provides answers.
Click to expand...
Click to collapse
No unlocked bootloader has nothing to do with it. Google broke safetynet for almost all ROMS starting sep 2 I think. The latest Arrow OS ROM and a few other ROMS that just released new builds pass safetynet once again.
hi
I have A video on it all Necessary information and modules are in a single zip file to pass safety net, follow v the video and pass Safetynet
link here
@TechV did you find a solution to this?