Trying to pass safetynet to use my banks app and pokemon go, using the latest LOS14.1
I tried going the Magisk way, but it still fails CTS.
Is there anyway to make it happen with root and passing safetynet?
You have to use Magisk for root. SuperSU and LineageOS's versions of root will not pass safetynet from my experience. I don't know if it helps but I also have the Play Store and Nintendo's games enabled on Magisk Hide.
eMadman said:
You have to use Magisk for root. SuperSU and LineageOS's versions of root will not pass safetynet from my experience. I don't know if it helps but I also have the Play Store and Nintendo's games enabled on Magisk Hide.
Click to expand...
Click to collapse
I used this guide and it didn't work. Is there another MagiskSU that I'm missing?
EDIT: I got it to work! In the guide above, it says to flash SU in Systemless mode. I just flashed Magisk without SU and it worked! Thanks!
You need Magisk v12 and kernel that includes bootloader status patch. I'm using old version of AX7Kernel, but Beastmode also has it. Not sure about other ones. I'm running relatively recent build and using Android Pay pretty frequently.
@edit And make sure to enable Magisk Hide
I'm currently running stock rom with Blu_spark kernel. I've been using magisk, lately updated to 14.3 version.
My problem is I can not pass SafetyNet check. Both ctsProfile and basicIntegrity are false.
I tried Universal SaftyNet Fix but it didn't help at all.
Is there any hope to pass it on stock rom?
Do you have Xposed installed?
Thanks, I completely forgot about it
The other safety net problem people are currently having with Magisk is that if you update Magisk within Magisk Manager some scripts needed to pass safety net are no longer installed by default. If you flash Magisk instead through TWRP it seems to install like normal and you don't need to perform additional steps to pass safety net.
Hi All,
I have been running Lineage OS since it became available for OnePlus 5 with the Safety Net successfully being passed using Magisk and using firmware and modems from jamal2367.
That was up until Lineage required an updated firmware/modem to 5.1.4 and I found jamal2367 has stopped doing the firmware and modem for the OnePlus 5. I installed the firmware from shadowstep the new firmware provider and now I fail the safety net checks.
I have tired the following:
Flashing multiple weekly releases of Lineage OS
Flashing new version of TWRP
Flashing new version of TWRP blu_spark
Flashing new version of TWRP codeworkx
Flashing the ElementalX-OP5-3.10.zip
Flashing Boeffla-Kernel-2.0
Flashing blu_spark_r132
Flashing OSS 5.1.4
Flashing OSS 5.1.5
all with Magisk 17.1 installed
All with full wipes including the sdcard
The only thing that worked was installing OSS 5.1.5 with and relocking the bootloader.
Does anybody know what I have missed and how I can get the Safety Net to pass the ctsProfile.
Thanks in advance.
alrighte_then said:
Does anybody know what I have missed and how I can get the Safety Net to pass the ctsProfile.
Thanks in advance.
Click to expand...
Click to collapse
Relocking the Bootloader will of course work but you didn't need to do that.
What you missed:
That version of Magisk is clearly not working well with your setup and not hiding your Bootloader state properly. (Providing you set it up correctly).
Had you done all those steps without Magisk it would have passed. The custom Kernels alone would have gotten you a Pass due to them ignoring the Verified Boot state.
So, LOS+Kernel = Pass. If you need Magisk, try to find a version that is working properly with your setup. With Magisk working properly the custom Kernel is then optional.
Also, TWRP has nothing to do with it. Just use the latest Codeworkx.
Hi Dirk,
Thanks for your response, I have just tied to install it in the order you suggested
I install TWRP (twrp-3.2.3-0-20180822-codeworkx-cheeseburger.img)
I wiped everything including sdcard
I installed Element Kernel (ElementalX-OP5-3.10.zip)
I installed Lineage OS (lineage-15.1-20180903-nightly-cheeseburger-signed.zip)
I installed Gapps (MindTheGapps-8.1.0-arm64-20180808_153856.zip)
I installed a safety net tester called safetyNet 'attest'
When I run the safetynet test I am still getting CTS profile match: false.
Any ideas what I can do next to make this work?
Thanks for any help
alrighte_then said:
Hi Dirk,
Thanks for your response, I have just tied to install it in the order you suggested
I install TWRP (twrp-3.2.3-0-20180822-codeworkx-cheeseburger.img)
I wiped everything including sdcard
I installed Element Kernel (ElementalX-OP5-3.10.zip)
I installed Lineage OS (lineage-15.1-20180903-nightly-cheeseburger-signed.zip)
I installed Gapps (MindTheGapps-8.1.0-arm64-20180808_153856.zip)
I installed a safety net tester called safetyNet 'attest'
When I run the safetynet test I am still getting CTS profile match: false.
Any ideas what I can do next to make this work?
Thanks for any help
Click to expand...
Click to collapse
You flashed the Kernel before the ROM, so you overwrote that Kernel with the LOS one. Flash LOS then the custom Kernel.
On Magisk.. i've seen many people complain that they can't get the latest version to pass Safetynet. Again, it could just be people not configuring it correctly, or it might be better to try the previous version. Just to make sure you should tell us what you do to set it up.
You need to Hide Play Store, Banking Apps etc, and Magisk Manager too i believe. If you install Magisk and set it up when your current state is 'Uncertified', you will need to clear Data/Cache on Play Store for it to change to 'Certified'.
Also, don't rely on 'Safetynet Checker' apps. If the Play Store settings say 'Certified' try an app like Google Pay. It should work fine.
If you get cts profile mismatch. Download CTS props config from magisk modules and you will pass
Download magisk 17.1
Hi All,
Just to give you an update one where I got to with this.....
You where right the newer builds of Lineage OS do not pass safety net but the older ones do.
So after much playing around I and many flashes and wipes I found it impossible to boot a Lineage with a custom kernel, I believe this is probably down to the forced encryption.
The thing that worked for me in the end was installing "MagiskHide Props Config" and changing the figure print, I am it is very similar to the module Jamie suggested.
So I now have Lineage OS working fully with root, magisk and passing SafetyNet
Thanks everyone for you help.
The thing that worked for me in the end was installing "MagiskHide Props Config" and changing the figure print, I am it is very similar to the module Jamie suggested.
So I now have Lineage OS working fully with root, magisk and passing SafetyNet
Thanks everyone for you help.[/QUOTE]
Hello; can you explain to me in detail, step by step, how to do it? Thanks in advance.
" changing the figure print"
Hi guys,
Im im on stock nougat B12 rom , bootloader unlock and rooted. Bank apps etc when trying to unlock with fingerprint say "failed to get authorisation data"
Anyone had this issue?
crazyazz said:
Hi guys,
Im im on stock nougat B12 rom , bootloader unlock and rooted. Bank apps etc when trying to unlock with fingerprint say "failed to get authorisation data"
Anyone had this issue?
Click to expand...
Click to collapse
Rooted with what? If Magisk, check if you pass safetynet. If you don't, you may want to try the MagiskHide Props Config module, though i don't know if it would work on stock where props are already fine.
Thanks for the reply, rooted with magisk 16.7 other versions cause boot loops, i got the response is invalid to safetynet test
MagiskHide Props Config module need atleast v17.0 anything above 16.7 causes boot loops. Maybe I will give up on stock rom, what do you recommend?
crazyazz said:
MagiskHide Props Config module need atleast v17.0 anything above 16.7 causes boot loops. Maybe I will give up on stock rom, what do you recommend?
Click to expand...
Click to collapse
You could try going Treble, liquid remix is a good candidate with Speedy vendor or at least Kranoner's vendor.
There was a kernel that fixed the Magisk problems, mayhe check that up before switching
I did have an issue with this on Nougat B12 too. It worked to unlock the phone but not for my banking app.
On Oreo it's working really well, although the app has been updated too.
[GUIDE] HOW TO UPDATE TO RUI 2.0 AND ROOT IT
--> Disclaimer: I'm not responsible if you brick your device. Use at your own risk and always backup your data! <--
0. Download linksF.14 OTA: Download
Magisk app: Download
OrangeFox beta: Download
ADB/Fastboot tool: Download
Patched boot.img: Find attached
vbmeta.img: Find attached
Patched safetynet fix: Find attached
1. Update your deviceUpdate your device to the latest firmware version (F.14). Therefor flash the provided OTA zip via stock recovery or OrangeFox beta recovery.
It is recommended to use the stock recovery. You can also update your device to the latest firmware by using the build in update function.
2. Root your deviceBoot into fastboot mode. To boot into fastboot mode, shut down your device and then press the volume down button while clicking on the power button.
Now you have successfully booted into fastboot mode. Connect your device with your computer and flash the patched boot.img and also disable verified boot.
Therefor just type following 3 commands:
1. fastboot flash boot patched_boot.img
2. fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
3. fastboot reboot
Your device should boot up. Now install the Magisk app and you have successfully rooted RUI 2.0.
3. Fix SafetynetInstall the patched "safetynet-fix-v.2.2.0-zip" module via Magisk. It will fix safetynet (Basic integrity and CTS). It works perfectly and won't brick your fingerprint etc. Thanks to @osm0sis
4. Get Widevine L1If you have unlocked your bootlader, Widevine will be set from L1 to L3. This will reduce the quality of certain streaming apps like Netflix from FullHD to SD quality.
However, you can get Widevine L1 back by contacting the Realme support. For more info, check the guide from @hack-os: Widevine L1 FIX
Reserved
DarkImperator said:
3. Fix Basic integrity check (Safetynet)Unfortunately, it is not possible to pass safetynet with rooted RUI 2.0. However, you can still pass basic integrity, which should be fine for most banking apps.
To do so, open the Magisk Manger app and click on the settings button on the top-right corner. Enable "Zygisk" and "Denylist". Then click on "Configure DenyList".
Click on the 3-dots on the top-right corner and select system-apps. Now search for "gms". You should find "Google Play Services". Click it and enable "com.google.android.gms" and "com.google.android.gms.unsuable". Now reboot your device and it should pass basic integrity.
Click to expand...
Click to collapse
I have rooted with magisk alpha and my snet passed easily.
To pass snet using magisk alpha:
1. Keep zygisk disabled.
2. Enable MagiskHide.
3. Configure DenyList for "com.google.android.gms" and "com.google.android.gms.unsuable" then reboot and done.
Eng.Raman said:
I have rooted with magisk alpha and my snet passed easily.
To pass snet using magisk alpha:
1. Keep zygisk disabled.
2. Enable MagiskHide.
3. Configure DenyList for "com.google.android.gms" and "com.google.android.gms.unsuable" then reboot and done.
Click to expand...
Click to collapse
Thanks for the info. I already tried it once with Magisk Alpha and the same settings as you, but CTS still failed. I'm gonna try it again and update the guide.
Edit: @Eng.Raman Unfortunately, it doesn't work. Installed Magisk Alpha, also cleaned all data of Google Play Store and Google Play Services multiple times and rebooted multiple times. But CTS still fails.
Do you maybe have installed some modules, like Riru or LPosed?
DarkImperator said:
Thanks for the info. I already tried it once with Magisk Alpha and the same settings as you, but CTS still failed. I'm gonna try it again and update the guide.
Edit: @Eng.Raman Unfortunately, it doesn't work. Installed Magisk Alpha, also cleaned all data of Google Play Store and Google Play Services multiple times and rebooted multiple times. But CTS still fails.
Do you maybe have installed some modules, like Riru or LPosed?
Click to expand...
Click to collapse
Don't dirty-flashing alpha over canary. completely uninstall magisk canary then clean install magisk alpha.
Yes ,I have installed some modules but they don't affect the test result, even without magisk and lsposed modules I have passed snet.
Eng.Raman said:
Don't dirty-flashing alpha over canary. completely uninstall magisk canary then clean install magisk alpha.
Yes ,I have installed some modules but they don't affect the test result, even without magisk and lsposed modules I have passed snet.
Click to expand...
Click to collapse
Yes, I know. That's exactly what I did. I uninstalled Magisk Canary completely including the app and went back to stock boot. Afterwards I installed Magisk alpha app, patched boot.img, flashed patched boot.img an rebooted.
Just a couple of minutes ago a new version of magisk alpha was released, and also with that version CTS fails.
Nevertheless, I found out something interesting. With Magisk Canary, CTS fails and Advice tells me to Lock bootloader. With Magisk Alpha CTS still fails, but I get no advice.
DarkImperator said:
Yes, I know. That's exactly what I did. I uninstalled Magisk Canary completely including the app and went back to stock boot. Afterwards I installed Magisk alpha app, patched boot.img, flashed patched boot.img an rebooted.
Just a couple of minutes ago a new version of magisk alpha was released, and also with that version CTS fails.
Nevertheless, I found out something interesting. With Magisk Canary, CTS fails and Advice tells me to Lock bootloader. With Magisk Alpha CTS still fails, but I get no advice.
Click to expand...
Click to collapse
What is your Momo app and magisk Detector results? Can you screenshot ?
Eng.Raman said:
What is your Momo app and magisk Detector results? Can you screenshot ?
Click to expand...
Click to collapse
Yes. Have installed both and attached the screenshots. Have not added any of those apps to my DenyList.
DarkImperator said:
Yes. Have installed both and attached the screenshots. Have not added any of those apps to my DenyList.
Click to expand...
Click to collapse
Your momo app shows " The environment is broken" and this is related to enabling MagiskHide.
To get rid of this message and to see full results either add config "app_zygote_magic" or install momohider-mod zip attached.
Eng.Raman said:
Your momo app shows " The environment is broken" and this is related to enabling MagiskHide.
To get rid of this message and to see full results either add config "app_zygote_magic" or install momohider-mod zip attached.
Click to expand...
Click to collapse
EDIT: @Eng.Raman had to install MomoHider and add config "app_zygote_magic". Now Momo gives me the message.
DarkImperator said:
Installed MomoHider, but it still said "The environment is broken". So I disabled MagiskHide. Only as MagiskHide was disabled, I received a message from Momo. Screenshot attached.
Click to expand...
Click to collapse
That's weird you can't even hide magisk and su file.
Eng.Raman said:
That's weird you can't even hide magisk and su file.
Click to expand...
Click to collapse
Yeah, Magisk alpha seems not to fix CTS on my device. Safetynet-fix (https://github.com/kdrag0n/safetynet-fix) does, but it also bricks my in-display fingerprint reader. So at the moment it seems like I can't bypass CTS.
DarkImperator said:
Yeah, Magisk alpha seems not to fix CTS on my device. Safetynet-fix (https://github.com/kdrag0n/safetynet-fix) does, but it also bricks my in-display fingerprint reader. So at the moment it seems like I can't bypass CTS.
Click to expand...
Click to collapse
My fingerprint also works well.
Are you tried to pass the snet with the latest USNF-2.1.2? May it works for you.
Eng.Raman said:
My fingerprint also works well.
Are you tried to pass the snet with the latest USNF-2.1.2? May it works for you.
Click to expand...
Click to collapse
Yes, USNF and safetynet-fix both brick my in-display-fingerprint.
With Magisk alpha/canary there is no issue with my fingerprint.
DarkImperator said:
Yes, USNF and safetynet-fix both brick my in-display-fingerprint.
With Magisk alpha/canary there is no issue with my fingerprint.
Click to expand...
Click to collapse
Try clean installing magisk custom it has MagiskHide without DenyList, builtin snet checker and online modules repo as magisk stable, the latest custom magisk build is 23015.
Eng.Raman said:
Try clean installing magisk custom it has MagiskHide without DenyList, builtin snet checker and online modules repo as magisk stable, the latest custom magisk build is 23015.
Click to expand...
Click to collapse
What exactly do you mean with Magisk custom? I was not able to find other 23015 builds than from topjohnwu and vbb2060
DarkImperator said:
What exactly do you mean with Magisk custom? I was not able to find other 23015 builds than from topjohnwu and vbb2060
Click to expand...
Click to collapse
TheHitMan7 Custom Magisk ( Github Link ) updated 6 hours ago.
Also he has two TG channles one named as "Magisk Custom" for downloading the debug builds and the 2nd one named as "Custom Magisk" for supporting and discussions.
Eng.Raman said:
TheHitMan7 Custom Magisk ( Github Link ) updated 6 hours ago.
Also he has two TG channles one named as "Magisk Custom" for downloading the debug builds and the 2nd one named as "Custom Magisk" for supporting and discussions.
Click to expand...
Click to collapse
With enabled Magisk Hide it will fix basic integrity check, but not CTS. And it also bricks my in-display-fingerprint. Guess I'll stay with Magisk Canary, till there might be an update to fix those issues.
Hello guys.
When trying to add my bank card in google pay, I have an error that this phone can't be used to pay because it's rooted.
jalal.sy said:
Hello guys.
When trying to add my bank card in google pay, I have an error that this phone can't be used to pay because it's rooted.
Click to expand...
Click to collapse
I have the same issue with my banking app that doesn't allow NFC payments even though I've done everything to hide root.