safetynet question - cts profile false - ZTE Axon 7 Questions & Answers

I was running stock 7.1.1 and everything was fine. Then i decided to try LOS 15.1, with magisk 17.4 but encountered an issue with safetynet cts profile false that prevented me from using android pay. I then proceeded to flash B35 EDL, and then do the sd upgrage to Oreo B20, but i still have the same issue with failing cts profile.
AI'm no longer rooted, running stock but still fail safetynet. Any one have any ideas what I can try next? at this point i just want cts profile to pass on the current oreo b20 stock.
Thanks!

It could be that SafetyNet detects that you have an unlocked bootloader, but there are ways to hide that (custom kernel, Magisk, etc). Do you have Xposed installed? That's an automatic SN fail. You haven't changed system partition in any way at all? It's also possible that Google hasn't yet approved B20 despite it being official rather than beta. There could be other factors too. SN looks at lots of things, many of which Google won't talk about.

You need to install magisk hide props and then in a terminal
"Su"
Grant superuser
Then
"Props"
And follow the on-screen instructions. Stupid that Google pay has a problem with rooted phones as it's painfully simple to get around it
You can find magisk hide props in the "download" section of magisk manager

Check the settings in the Google play store, Device not certified can be an issue when you change Roms.
The link between the device and Google has been broken, hence the device not certified.
There is an app Device ID that can add the certification back to its original state.
Hope this helps

Turned out to be it was because of the unlocked bootloader.
funny story... i locked the bootloader without having oem unlock enabled . Got bricked, couldn't boot into EDL... so i had to take it apart and ground the test point to put it into EDL.

xavoc said:
Turned out to be it was because of the unlocked bootloader.
funny story... i locked the bootloader without having oem unlock enabled . Got bricked, couldn't boot into EDL... so i had to take it apart and ground the test point to put it into EDL.
Click to expand...
Click to collapse
There's a tool for that now; you may not have had to open it: https://forum.xda-developers.com/axon-7/how-to/salesmultidla2017-tool-to-unblick-dfu-t3854229

TPMJB said:
You need to install magisk hide props and then in a terminal
"Su"
Grant superuser
Then
"Props"
And follow the on-screen instructions. Stupid that Google pay has a problem with rooted phones as it's painfully simple to get around it
You can find magisk hide props in the "download" section of magisk manager
Click to expand...
Click to collapse
Im trying out Magisk 16.7 (I saw some posts that said 17 causes bootloops) and MM 6.0.1. I don't see hide props in downloads? What can I do to pass safetynet? Thanks
I'm now running twrp with Oreo B20 stock.

xavoc said:
Im trying out Magisk 16.7 (I saw some posts that said 17 causes bootloops) and MM 6.0.1. I don't see hide props in downloads? What can I do to pass safetynet? Thanks
I'm now running twrp with Oreo B20 stock.
Click to expand...
Click to collapse
try this thread https://forum.xda-developers.com/axon-7/development/kernel-magisk-17-stock-roms-t3856809/page2
Update to Magisk v17 and then try the above solution

xavoc said:
Im trying out Magisk 16.7 (I saw some posts that said 17 causes bootloops) and MM 6.0.1. I don't see hide props in downloads? What can I do to pass safetynet? Thanks
I'm now running twrp with Oreo B20 stock.
Click to expand...
Click to collapse
"Magisk hide props config" is literally what it is called. If you can't find it, you're doing it wrong.
If all else fails, google then install manually.

Had to upgrade to magisk 17 to see the hide prop module download. Still couldn't pass safetynet with Oreo B20. Switched to LOS 15.1 and now everything works.

Related

Anyone get Magisk working on B25?

Just upgraded from B19 to B25 via DrakenFX's zips, and it looks like Magisk has stopped working. I've tried uninstalling and re-installing the zip, but it looks like the superuser app just crashes after prompting for permission. Magisk thinks there's root, but its logs just end with "phh: starting su daemon." (And, of course, safetynet fails). I'd upload a screenshot, but I can't . I'm trying to use Magisk v10.3-beta2 with 17 me.phh.superuser cm-su topjohnwu.
Anyone figured this out, or found another way to get Android Pay working with an unlocked bootloader?
Thanks!
Apparently there is no functional Magisk for stock nougat. You can use 10.2 on MM or 12 on one of the custom (non stock based) nougat roms.
Actually, I did manage to get Magisk 10.3-beta2 working on B19 nougat, so I assumed that it'd work on B25. Looks like that's not the case, though.
That version of Magisk works for me on b25. Three green lights. What version of Magisk manager are you using? I have 4.3.3.
StickMonster said:
That version of Magisk works for me on b25. Three green lights. What version of Magisk manager are you using? I have 4.3.3.
Click to expand...
Click to collapse
Care to share the version of Magisk you have working?
Actually, looks like Magisk 12 works well enough to hide the bootloader on B25, which is all I really wanted, anyways .
lukanite said:
Actually, looks like Magisk 12 works well enough to hide the bootloader on B25, which is all I really wanted, anyways .
Click to expand...
Click to collapse
I want to run magisk so I can use android pay, I'm rooted, on stock nougat, unlocked BL. I've found very little axon 7 specific threads, so just wondering are there any gotcha's? Is it like TWRP where you need a version built for the phone?
thanks
If you're rooted already, I'm not sure if Magisk 12 is going to work, since Magisk Hide only hides MagiskSU. I'd try looking into the guide for Magisk 13, starting from no root, which might be able to get you root with Android Pay
lukanite said:
If you're rooted already, I'm not sure if Magisk 12 is going to work, since Magisk Hide only hides MagiskSU. I'd try looking into the guide for Magisk 13, starting from no root, which might be able to get you root with Android Pay
Click to expand...
Click to collapse
Hey, thanks for getting back. Actually I ended up removing supersu, flashing stock boot & system, then installing magisk again. Now I get the same as your screenshot, but the "rooted but no root permission" result.
Do you know how to fix that?
Aside from trying Magisk 13, that's where I ended up getting stuck, so I think that's just how things are with Magisk 12/10.3.
lukanite said:
Aside from trying Magisk 13, that's where I ended up getting stuck, so I think that's just how things are with Magisk 12/10.3.
Click to expand...
Click to collapse
Oh, ok, thanks. I'll try 13 I guess
Unfortunately it seems like 13 has similar behaviour .. it doesn't complain, but I don't seem to have root access, and on top of that the app crashes here and there. :/ I guess I may have to forego android pay for a little while.

SafetyNet failing

I'm having trouble getting SafetyNet to pass for the past 2 days or so. It fails on stock, unrooted rom, with an unlocked bootloader. It also fails with the latest Magisk. I also tried restoring a backup of /boot and /system that was passing SafetyNet a few days ago, and no luck.
Has SafetyNet suddenly stopped working for anyone else? Any tips for success?
Working fine on magisk 13.2 rooted TWRP all else stock currently.
Ok, I just tried dirty flashing OTA zip and latest Magisk 13.2 and still no luck. Will try a full reset tomorrow...
yubimusubi said:
Ok, I just tried dirty flashing OTA zip and latest Magisk 13.2 and still no luck. Will try a full reset tomorrow...
Click to expand...
Click to collapse
See the Magisk General Support Thread . There's been an update to SafetyNet and there's a temporary workaround on GitHub.
adrman said:
See the Magisk General Support Thread . There's been an update to SafetyNet and there's a temporary workaround on GitHub.
Click to expand...
Click to collapse
That did not fix it for me, but I'm glad to know I'm not the only one having issues lately. Will keep an eye on that thread.
Just to close the loop on this...
Even after a full wipe through TWRP I couldn't get SafetyNet to pass. I ended up re-locking bootloader, reflashing stock recovery and stock system, and once I confirmed it was passing, unlocked bootloader again and installed Magisk. It is working now, but no idea how my system got into such a state.
Yeah mine isn't working anymore either. Was working till I tried it last night and no go. Waiting for the 13.3 with a fix i guess
I had the same issue with magisk failing both SafetyNet checks using stock OOS 4.5.5, TWRP 3.1.1, Magisk 13.2. The fix from github which removes all build properties with "magisk" in the name worked for me (any resetprop errors can be ignored; it just means that specific property was not set).
Code:
$ adb shell
OnePlus5:/ $ su -
(accept magisk prompt on phone to allow root)
OnePlus5:/ # resetprop --delete init.svc.magisk_pfs; \
resetprop --delete init.svc.magisk_pfsd; \
resetprop --delete init.svc.magisk_service; \
resetprop --delete persist.magisk.hide; \
resetprop --delete ro.magisk.disable
After this both SafetyNet checks pass. This will be reset any time you change magisk settings, upgrade magisk, or reboot, and SafetyNet will fail again after. But you can run the same command to work around again. Haven't tried the "Universal Init.d Enabler" magisk module mentioned in the other thread, I just created a shell script with the above command and call it from from Terminal Emulator if needed.
There's no point in trying different versions, factory resetting, etc. You can either run the temporary fix posted by MonkeeSage (which worked for me), or wait for an update.
geoff5093 said:
There's no point in trying different versions, factory resetting, etc. You can either run the temporary fix posted by MonkeeSage (which worked for me), or wait for an update.
Click to expand...
Click to collapse
Agree. In my case something was totally bonk with my system to the point that none of the fixes would let it pass. I think it stemmed from a random crash that corrupted some data, and that it was just coincidence that a SafetyNet update happened about the same time. I know it sounds crazy, but nothing short of going full stock and locked then re-rooting worked. Trust me I didn't want to wipe my data so I tried everything else first.
I can confirm now that the workaround script is necessary, and works for me when run at each reboot.
@Funk Wizard put up a mention of this little apk that does the steps needed to make safetynet pass while the Google vs. US wars are on. Credits are due to @Agusyc15 ::
Here's the link: https://forum.xda-developers.com/oneplus-5/themes/app-pass-safetynet-2017-07-17-magisk-v13-t3638444
Magisk has been updated to 13.3 and has fixed the SafetyNet failing caused by the last update from Google.
Magisk 13.3
Confirmed working for me.
13.3 works for me too.
Yep all good here as well.
13.3 sorted my issues
Guys what is the safest way to install magisk 13.3 on our op5 so it passes android pay, gets op5 ota updates, etc?
Btw I dont flash twrp, I usually just boot into twrp from fastboot. That shouldnt make a difference right? I havent even unlocked this device yet.
LOL
My SafetyNet has failed this morning when checking.
Was perfectly fine yesterday morning, once updated to the 13.3 build.
L22EEW said:
LOL
My SafetyNet has failed this morning when checking.
Was perfectly fine yesterday morning, once updated to the 13.3 build.
Click to expand...
Click to collapse
Have you installed Magisk 5.1.1? This fixes it. Google seem to be really cracking down on.it though in general.
Batfink33 said:
Have you installed Magisk 5.1.1? This fixes it. Google seem to be really cracking down on.it though in general.
Click to expand...
Click to collapse
I have, as I had a OTA update for Magisk app this morning. When I updated the app, I carried out a SafetyNet check - which failed.
Grrr..
L22EEW said:
I have, as I had a OTA update for Magisk app this morning. When I updated the app, I carried out a SafetyNet check - which failed.
Grrr..
Click to expand...
Click to collapse
That's strange, 5.1.1 with 13.3 works fine for me. It didn't before 5.1.1.

Any OREO rom that doesn't trigger SafetyNet?

What the title says basically...
I don't like having my phone rooted and would rather not bother with Magisk.
You could install magisk and deactivate root. Then you're not able to give out or decline root access to apps.
JD. A said:
You could install magisk and deactivate root. Then you're not able to give out or decline root access to apps.
Click to expand...
Click to collapse
But why does all the Oreo rom fail SafetyNet?
I don't want yo use Magisk because I don't want to have to update every time SafetyNet is updated and Magisk fails.
I thought LinageOS would be out for this phone by now. They seem to be the only ones that are keen on keeping in SafetyNet friendly.
Back to Nougat for now I suppose.
mottokeki said:
But why does all the Oreo rom fail SafetyNet?
I don't want yo use Magisk because I don't want to have to update every time SafetyNet is updated and Magisk fails.
I thought LinageOS would be out for this phone by now. They seem to be the only ones that are keen on keeping in SafetyNet friendly.
Back to Nougat for now I suppose.
Click to expand...
Click to collapse
Someone correct me if I'm wrong, but safetynet checks if your bootloader is unlocked. If it's unlocked you fail the safetynet check. There's a workaround in custom kernels that disables that check or returns it false, makes saftynet thinks that bootloader is locked.
LOS is out 7.1.2. We just have to wait for Oreo. If you wanna try a oreo rom either install magisk or a custom kernel and that should fix safetynet for you.

cts profile fail

i went from stock everything, oem unlock, fastboot install of twrp fajita, flash stock rom downloaded from oneplus, then magisk
then i was having an issue with magisk , viper audio wasnt working properly
restarted to recovery, meant to wipe dalvik but pressed something else and borked the phone.
wiped everything, re installed the twrp recovery, re flashed zip. re flashed magisk again
now, i have to turn on magisk hide ( to pass cts profile ), which is something i never had to do before and i cant find netflix on the play store.
what can i do to correct the cts profile fail please.
Use this module: Magisk Hide Props Config
It requires: BusyBox, installer in this thread first post.
To activate the module and chose your new certified fingerprint you will need a terminal emulator, you can use any one you want really, personally I use this one.
Any questions ask.
Hi
I tried this, everything went through smoothly enough but it did not resolve the issue. To be clear this is what i did.
downloaded the magiskhide props module, installed through magisk
downloaded the busybox installer , installed through magisk
restarted
opened terminal, ran command 'props'
went through the process or redoing the files for the fingerprint reader according to make and model of my phone.
restarted
disabled magiskhide in magisk
restarted
still failing cts
did i miss something
it also mentioned that i am using a custom rom, i am using a stock rom downloaded from oneplus. i have unlocked the bootloader and am rooted using magisk .
do i need to re download and start again?
OhioYJ said:
Use this module: Magisk Hide Props Config
It requires: BusyBox, installer in this thread first post.
To activate the module and chose your new certified fingerprint you will need a terminal emulator, you can use any one you want really, personally I use this one.
Any questions ask.
Click to expand...
Click to collapse
leonzon said:
disabled magiskhide in magisk
Click to expand...
Click to collapse
Why are you disabling this? You need Magisk hide enabled. I rename Magisk as well. My phone passes safetynet and CTS. On the latest version of Magisk MagiskHide is off by default, it used to be on by default. TopJohnWu announced that a while back here.
OhioYJ said:
Why are you disabling this? You need Magisk hide enabled. I rename Magisk as well. My phone passes safetynet and CTS. On the latest version of Magisk MagiskHide is off by default, it used to be on by default. TopJohnWu announced that a while back here.
Click to expand...
Click to collapse
ok , so maybe thats all this is? damn, im sorry for wasting your time. What do you mean by you rename magisk, in the app drawer? the process?
thanks
leonzon said:
ok , so maybe thats all this is? damn, im sorry for wasting your time. What do you mean by you rename magisk, in the app drawer? the process?
thanks
Click to expand...
Click to collapse
In recent versions when you choose hide and it picks a random name for the Magisk Manager app it lets choose a name for the app instead of just Manager.

[GUIDE] Update and root RealmeUI 2.0 with Safetynet-fix (RUI 2.0 | Android 11) [Global/Indian]

[GUIDE] HOW TO UPDATE TO RUI 2.0 AND ROOT IT​
--> Disclaimer: I'm not responsible if you brick your device. Use at your own risk and always backup your data! <--
0. Download links​F.14 OTA: Download
Magisk app: Download
OrangeFox beta: Download
ADB/Fastboot tool: Download
Patched boot.img: Find attached
vbmeta.img: Find attached
Patched safetynet fix: Find attached
1. Update your device​Update your device to the latest firmware version (F.14). Therefor flash the provided OTA zip via stock recovery or OrangeFox beta recovery.
It is recommended to use the stock recovery. You can also update your device to the latest firmware by using the build in update function.
2. Root your device​Boot into fastboot mode. To boot into fastboot mode, shut down your device and then press the volume down button while clicking on the power button.
Now you have successfully booted into fastboot mode. Connect your device with your computer and flash the patched boot.img and also disable verified boot.
Therefor just type following 3 commands:
1. fastboot flash boot patched_boot.img
2. fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
3. fastboot reboot
Your device should boot up. Now install the Magisk app and you have successfully rooted RUI 2.0.
3. Fix Safetynet​Install the patched "safetynet-fix-v.2.2.0-zip" module via Magisk. It will fix safetynet (Basic integrity and CTS). It works perfectly and won't brick your fingerprint etc. Thanks to @osm0sis
4. Get Widevine L1​If you have unlocked your bootlader, Widevine will be set from L1 to L3. This will reduce the quality of certain streaming apps like Netflix from FullHD to SD quality.
However, you can get Widevine L1 back by contacting the Realme support. For more info, check the guide from @hack-os: Widevine L1 FIX
Reserved
DarkImperator said:
3. Fix Basic integrity check (Safetynet)​Unfortunately, it is not possible to pass safetynet with rooted RUI 2.0. However, you can still pass basic integrity, which should be fine for most banking apps.
To do so, open the Magisk Manger app and click on the settings button on the top-right corner. Enable "Zygisk" and "Denylist". Then click on "Configure DenyList".
Click on the 3-dots on the top-right corner and select system-apps. Now search for "gms". You should find "Google Play Services". Click it and enable "com.google.android.gms" and "com.google.android.gms.unsuable". Now reboot your device and it should pass basic integrity.
Click to expand...
Click to collapse
I have rooted with magisk alpha and my snet passed easily.
To pass snet using magisk alpha:
1. Keep zygisk disabled.
2. Enable MagiskHide.
3. Configure DenyList for "com.google.android.gms" and "com.google.android.gms.unsuable" then reboot and done.
Eng.Raman said:
I have rooted with magisk alpha and my snet passed easily.
To pass snet using magisk alpha:
1. Keep zygisk disabled.
2. Enable MagiskHide.
3. Configure DenyList for "com.google.android.gms" and "com.google.android.gms.unsuable" then reboot and done.
Click to expand...
Click to collapse
Thanks for the info. I already tried it once with Magisk Alpha and the same settings as you, but CTS still failed. I'm gonna try it again and update the guide.
Edit: @Eng.Raman Unfortunately, it doesn't work. Installed Magisk Alpha, also cleaned all data of Google Play Store and Google Play Services multiple times and rebooted multiple times. But CTS still fails.
Do you maybe have installed some modules, like Riru or LPosed?
DarkImperator said:
Thanks for the info. I already tried it once with Magisk Alpha and the same settings as you, but CTS still failed. I'm gonna try it again and update the guide.
Edit: @Eng.Raman Unfortunately, it doesn't work. Installed Magisk Alpha, also cleaned all data of Google Play Store and Google Play Services multiple times and rebooted multiple times. But CTS still fails.
Do you maybe have installed some modules, like Riru or LPosed?
Click to expand...
Click to collapse
Don't dirty-flashing alpha over canary. completely uninstall magisk canary then clean install magisk alpha.
Yes ,I have installed some modules but they don't affect the test result, even without magisk and lsposed modules I have passed snet.
Eng.Raman said:
Don't dirty-flashing alpha over canary. completely uninstall magisk canary then clean install magisk alpha.
Yes ,I have installed some modules but they don't affect the test result, even without magisk and lsposed modules I have passed snet.
Click to expand...
Click to collapse
Yes, I know. That's exactly what I did. I uninstalled Magisk Canary completely including the app and went back to stock boot. Afterwards I installed Magisk alpha app, patched boot.img, flashed patched boot.img an rebooted.
Just a couple of minutes ago a new version of magisk alpha was released, and also with that version CTS fails.
Nevertheless, I found out something interesting. With Magisk Canary, CTS fails and Advice tells me to Lock bootloader. With Magisk Alpha CTS still fails, but I get no advice.
DarkImperator said:
Yes, I know. That's exactly what I did. I uninstalled Magisk Canary completely including the app and went back to stock boot. Afterwards I installed Magisk alpha app, patched boot.img, flashed patched boot.img an rebooted.
Just a couple of minutes ago a new version of magisk alpha was released, and also with that version CTS fails.
Nevertheless, I found out something interesting. With Magisk Canary, CTS fails and Advice tells me to Lock bootloader. With Magisk Alpha CTS still fails, but I get no advice.
Click to expand...
Click to collapse
What is your Momo app and magisk Detector results? Can you screenshot ?
Eng.Raman said:
What is your Momo app and magisk Detector results? Can you screenshot ?
Click to expand...
Click to collapse
Yes. Have installed both and attached the screenshots. Have not added any of those apps to my DenyList.
DarkImperator said:
Yes. Have installed both and attached the screenshots. Have not added any of those apps to my DenyList.
Click to expand...
Click to collapse
Your momo app shows " The environment is broken" and this is related to enabling MagiskHide.
To get rid of this message and to see full results either add config "app_zygote_magic" or install momohider-mod zip attached.
Eng.Raman said:
Your momo app shows " The environment is broken" and this is related to enabling MagiskHide.
To get rid of this message and to see full results either add config "app_zygote_magic" or install momohider-mod zip attached.
Click to expand...
Click to collapse
EDIT: @Eng.Raman had to install MomoHider and add config "app_zygote_magic". Now Momo gives me the message.
DarkImperator said:
Installed MomoHider, but it still said "The environment is broken". So I disabled MagiskHide. Only as MagiskHide was disabled, I received a message from Momo. Screenshot attached.
Click to expand...
Click to collapse
That's weird you can't even hide magisk and su file.
Eng.Raman said:
That's weird you can't even hide magisk and su file.
Click to expand...
Click to collapse
Yeah, Magisk alpha seems not to fix CTS on my device. Safetynet-fix (https://github.com/kdrag0n/safetynet-fix) does, but it also bricks my in-display fingerprint reader. So at the moment it seems like I can't bypass CTS.
DarkImperator said:
Yeah, Magisk alpha seems not to fix CTS on my device. Safetynet-fix (https://github.com/kdrag0n/safetynet-fix) does, but it also bricks my in-display fingerprint reader. So at the moment it seems like I can't bypass CTS.
Click to expand...
Click to collapse
My fingerprint also works well.
Are you tried to pass the snet with the latest USNF-2.1.2? May it works for you.
Eng.Raman said:
My fingerprint also works well.
Are you tried to pass the snet with the latest USNF-2.1.2? May it works for you.
Click to expand...
Click to collapse
Yes, USNF and safetynet-fix both brick my in-display-fingerprint.
With Magisk alpha/canary there is no issue with my fingerprint.
DarkImperator said:
Yes, USNF and safetynet-fix both brick my in-display-fingerprint.
With Magisk alpha/canary there is no issue with my fingerprint.
Click to expand...
Click to collapse
Try clean installing magisk custom it has MagiskHide without DenyList, builtin snet checker and online modules repo as magisk stable, the latest custom magisk build is 23015.
Eng.Raman said:
Try clean installing magisk custom it has MagiskHide without DenyList, builtin snet checker and online modules repo as magisk stable, the latest custom magisk build is 23015.
Click to expand...
Click to collapse
What exactly do you mean with Magisk custom? I was not able to find other 23015 builds than from topjohnwu and vbb2060
DarkImperator said:
What exactly do you mean with Magisk custom? I was not able to find other 23015 builds than from topjohnwu and vbb2060
Click to expand...
Click to collapse
TheHitMan7 Custom Magisk ( Github Link ) updated 6 hours ago.
Also he has two TG channles one named as "Magisk Custom" for downloading the debug builds and the 2nd one named as "Custom Magisk" for supporting and discussions.
Eng.Raman said:
TheHitMan7 Custom Magisk ( Github Link ) updated 6 hours ago.
Also he has two TG channles one named as "Magisk Custom" for downloading the debug builds and the 2nd one named as "Custom Magisk" for supporting and discussions.
Click to expand...
Click to collapse
With enabled Magisk Hide it will fix basic integrity check, but not CTS. And it also bricks my in-display-fingerprint. Guess I'll stay with Magisk Canary, till there might be an update to fix those issues.
Hello guys.
When trying to add my bank card in google pay, I have an error that this phone can't be used to pay because it's rooted.
jalal.sy said:
Hello guys.
When trying to add my bank card in google pay, I have an error that this phone can't be used to pay because it's rooted.
Click to expand...
Click to collapse
I have the same issue with my banking app that doesn't allow NFC payments even though I've done everything to hide root.

Categories

Resources