Pass SafetyNet with Magisk - Huawei P9 Lite Questions & Answers

After a long time using SuperSU, I switched to Magisk yesterday, for it's modules and of course Magisk Hide. So, starting with a full stock B414 rom, I unlocked my BL, installed OldDroid's TWRP and flashed Magisk 16.0 .
Everything went fine, I'm able to give root access to my apps. What I'm trying to do now is passing SafetyNet check.
I downloaded SafetyNet "attest" from the store and ran a test -> Basic integrity : false and CTS profile match -> false :crying:
Reading various tutorials, I enabled magisk hide, selected a few google apps to hide (store, services framework) , enabled Host systemless and magisk Core (rebooted my phone between these changes), cleared Store data. Regardless of what I've done, I keep failing at SafetyNet check. Did I miss something basic ? Did someone manage to pass safetynet on a P9 Lite with Nougat ?

EinderJam said:
After a long time using SuperSU, I switched to Magisk yesterday, for it's modules and of course Magisk Hide. So, starting with a full stock B414 rom, I unlocked my BL, installed OldDroid's TWRP and flashed Magisk 16.0 .
Everything went fine, I'm able to give root access to my apps. What I'm trying to do now is passing SafetyNet check.
I downloaded SafetyNet "attest" from the store and ran a test -> Basic integrity : false and CTS profile match -> false :crying:
Reading various tutorials, I enabled magisk hide, selected a few google apps to hide (store, services framework) , enabled Host systemless and magisk Core (rebooted my phone between these changes), cleared Store data. Regardless of what I've done, I keep failing at SafetyNet check. Did I miss something basic ? Did someone manage to pass safetynet on a P9 Lite with Nougat ?
Click to expand...
Click to collapse
Hello,
i used it some times ago...
Try to enable usb-debugging together with magisk/hide,
then reboot and see what happen.. ( this is what i done )
All the best

Thanks for your answer ! However, it didn't changed anything, safetynet check failed. Interesting fact, after rebooting, both magisk hide and usb debugging are disabled... Is this normal ?
EDIT : It's more than that, usb debugging gets disabled as soon as I quit settings
managed to fix this using another xda thread, but safetynet keeps failing and magisk hide is always disabled on startup

https://twitter.com/topjohnwu/status/1029239685338419200

Related

SafetyNet Check on Rooted G5 Plus

I followed the directions about rooting with Magisk 11.6 and everything went well, root privileges work, and in general no problems.
However, I noticed on Magisk Manager that SafetyNet fails with a CTS profile mismatch and running SafetyNet Test says that basic integrity fails. I wouldn't particularly care, except that I have one app (Samsung Pay) that is failing to start because it detects root. (Yes, I've hidden it with MagiskHide).
Do any other magisk rooters out there have the SafetyNet problem? Are there some log files I could look at and provide to help track it down?

Unable to Pass Safety Net?

I've been trying very hard to pass safety net on my axon 7, I first tried when I had LineageOS, Magisk and Xposed (not systemlessly installed) and a few other tweaks that appeared to modify the system partition, then after realising they may be affecting safety net I completely wiped my device (data,cache,system) to make sure I had a completely fresh start. Then proceeded to flash the MicroG version of LineageOS, and install Magisk and Xposed Systemlessly making sure nothing I did affected the system partition. So I thought I would be set, did safety net check andddd it failed. Then I did some searching and found safety net will check for bootloader unlocked status, so I found a kernel (HELLSGATE.V1) which tricks safety net (or is supposed to) into believing bootloader is still locked. And safety net still fails, this is really annoying I'm just wanting to use Android Pay yet I can't. Does anyone have any idea as to what would be tripping safety net in my case, or how they manage to pass on their device?
Spooderman46 said:
I've been trying very hard to pass safety net on my axon 7, I first tried when I had LineageOS, Magisk and Xposed (not systemlessly installed) and a few other tweaks that appeared to modify the system partition, then after realising they may be affecting safety net I completely wiped my device (data,cache,system) to make sure I had a completely fresh start. Then proceeded to flash the MicroG version of LineageOS, and install Magisk and Xposed Systemlessly making sure nothing I did affected the system partition. So I thought I would be set, did safety net check andddd it failed. Then I did some searching and found safety net will check for bootloader unlocked status, so I found a kernel (HELLSGATE.V1) which tricks safety net (or is supposed to) into believing bootloader is still locked. And safety net still fails, this is really annoying I'm just wanting to use Android Pay yet I can't. Does anyone have any idea as to what would be tripping safety net in my case, or how they manage to pass on their device?
Click to expand...
Click to collapse
Xposed is causing safetynet to fail. No matter how Xposed is installed, it will always trigger safetynet. But with systemless xposed, you can disable xposed in the xposed installer app by toggling it at the top and rebooting
Teet1 said:
Xposed is causing safetynet to fail. No matter how Xposed is installed, it will always trigger safetynet. But with systemless xposed, you can disable xposed in the xposed installer app by toggling it at the top and rebooting
Click to expand...
Click to collapse
Still get 'invalid response' through magisk manager even after disabling xposed
This is why mine stayed stock......
Normally I would at least unlock, install TWRP and root to de-bloat, install V4A and maybe Xposed. Had to wean myself off those mods on this phone but used to it now. Life is much simpler
Nougat is pretty good. Be nice to see Oreo official soon.
Spooderman46 said:
Still get 'invalid response' through magisk manager even after disabling xposed
Click to expand...
Click to collapse
Safetynet doesn't check the bootloader. Look I can even pass safetynet while dualbooting LOS. Just wipe system and install LOS, OpenGApps and Magisk, maybe some other mod like the AK4490 patch and Viper4ARISE. That definitely will pass safetynet.

safetynet question - cts profile false

I was running stock 7.1.1 and everything was fine. Then i decided to try LOS 15.1, with magisk 17.4 but encountered an issue with safetynet cts profile false that prevented me from using android pay. I then proceeded to flash B35 EDL, and then do the sd upgrage to Oreo B20, but i still have the same issue with failing cts profile.
AI'm no longer rooted, running stock but still fail safetynet. Any one have any ideas what I can try next? at this point i just want cts profile to pass on the current oreo b20 stock.
Thanks!
It could be that SafetyNet detects that you have an unlocked bootloader, but there are ways to hide that (custom kernel, Magisk, etc). Do you have Xposed installed? That's an automatic SN fail. You haven't changed system partition in any way at all? It's also possible that Google hasn't yet approved B20 despite it being official rather than beta. There could be other factors too. SN looks at lots of things, many of which Google won't talk about.
You need to install magisk hide props and then in a terminal
"Su"
Grant superuser
Then
"Props"
And follow the on-screen instructions. Stupid that Google pay has a problem with rooted phones as it's painfully simple to get around it
You can find magisk hide props in the "download" section of magisk manager
Check the settings in the Google play store, Device not certified can be an issue when you change Roms.
The link between the device and Google has been broken, hence the device not certified.
There is an app Device ID that can add the certification back to its original state.
Hope this helps
Turned out to be it was because of the unlocked bootloader.
funny story... i locked the bootloader without having oem unlock enabled . Got bricked, couldn't boot into EDL... so i had to take it apart and ground the test point to put it into EDL.
xavoc said:
Turned out to be it was because of the unlocked bootloader.
funny story... i locked the bootloader without having oem unlock enabled . Got bricked, couldn't boot into EDL... so i had to take it apart and ground the test point to put it into EDL.
Click to expand...
Click to collapse
There's a tool for that now; you may not have had to open it: https://forum.xda-developers.com/axon-7/how-to/salesmultidla2017-tool-to-unblick-dfu-t3854229
TPMJB said:
You need to install magisk hide props and then in a terminal
"Su"
Grant superuser
Then
"Props"
And follow the on-screen instructions. Stupid that Google pay has a problem with rooted phones as it's painfully simple to get around it
You can find magisk hide props in the "download" section of magisk manager
Click to expand...
Click to collapse
Im trying out Magisk 16.7 (I saw some posts that said 17 causes bootloops) and MM 6.0.1. I don't see hide props in downloads? What can I do to pass safetynet? Thanks
I'm now running twrp with Oreo B20 stock.
xavoc said:
Im trying out Magisk 16.7 (I saw some posts that said 17 causes bootloops) and MM 6.0.1. I don't see hide props in downloads? What can I do to pass safetynet? Thanks
I'm now running twrp with Oreo B20 stock.
Click to expand...
Click to collapse
try this thread https://forum.xda-developers.com/axon-7/development/kernel-magisk-17-stock-roms-t3856809/page2
Update to Magisk v17 and then try the above solution
xavoc said:
Im trying out Magisk 16.7 (I saw some posts that said 17 causes bootloops) and MM 6.0.1. I don't see hide props in downloads? What can I do to pass safetynet? Thanks
I'm now running twrp with Oreo B20 stock.
Click to expand...
Click to collapse
"Magisk hide props config" is literally what it is called. If you can't find it, you're doing it wrong.
If all else fails, google then install manually.
Had to upgrade to magisk 17 to see the hide prop module download. Still couldn't pass safetynet with Oreo B20. Switched to LOS 15.1 and now everything works.

RR-N 5.8.3 Safety Net Basic Integrity Fail

Magisk shows Cts Profile False, Basic Integrity False tries every solution available on the web also downloaded Magisk Hide Module, Turn On Magisk Hide in Magisk Manager, Turn Core Only Mode, Insalled Osmosis Busy Box, Changed Fingerprint of device etc all failed to pass safety net due to this i am unable to use Snapchat, Like Magic App, Netflix etc
Any resolution with this problem?
I can get root and the root hide from Magisk to work on the stock rom; but I've installed CyanogenMod 14.1 (android 7.1.1, rooted) and I have not found a way for the ctsProfile or Basic Integrity to pass. Magisk does continue to hide the root, but there are still apps that look for those two and I have found no resolution other than going back to stock rom with root (which is okay, but the custom mod is better).
Let me know.

Fix safety net issue after magisk install ?

Hi. I have a safety net issue after following the rooting tutorial on this post. (to be precise, safety net was fine, i got the issue when i tried to install edexposed)
I've got a "cts profile mismatch".
I tried to get rid of it, uninstall magisk, wipe system, but it's still there.
I would like to try to make a factory reset using an ota file, but i can't find my version of the system.
I was on SKYW1907110OS00MP3 and i updated to SKYW1911010OS00MP5. Does someone have a factory ota update.zip for one of this two version ?
There is the MagiskHide Props Config module ( https://forum.xda-developers.com/apps/magisk/module-magiskhide-props-config-t3789228 ) for fixing this kind of issue, but there is no build-in fingerprint for the blackshark 2.
I tried to get one within an OTA file, but i can't find it.
I really don't know if i can do a << adb push stock_boot_b.img /dev/block/bootdevice/by-name/boot_b >> to restore the unpatched version of my rom or if that will brick my phone (or maybe do nothing to solve my issue)
If anyone have an idea, it would be great. Thanks.
Flashing the stock boot image of the ROM currently installed in your device will not cause bootloop. Tried and tested.
To pass Safetynet, you don't need to flash MagiskHide Props Config module. It doesn't really make your device pass Safetynet at all.
To pass Safetynet with EdXposed, follow these steps:
1. Make sure you enable Magisk Hide in the Magisk app.
2. Rename your Magisk package (optional - for banking apps).
3. Flash the latest EdXposed module from this repo: https://ci.appveyor.com/project/ElderDrivers/edxposed/history (the EdXposed in the Magisk app is outdated, and it breaks Safetynet), and the latest EdXposed Manager here: https://github.com/ElderDrivers/EdXposedManager
4. Go to EdXposed Manager's settings and enable App List mode and Pass SafetyNet options, then reboot your device.
Now, the trickiest part (sort of):
5. Clear Google Services Framework, Google Play services, and Google Play Store's data, then check for Safetynet. Sometimes, it still fails after your first attempt so just repeat this step until it passes Safetynet.
That's all. All of these worked 100% on my CN-converted-to-Global Black Shark 2 device. Hope it will work on yours, too.
Woot, thanks a lot, i will try that right away.

Categories

Resources