Latest Magisk 2.4/ cts Profile: false - OnePlus 6T Questions & Answers

Hey team,
Having a bit of an issue with my OnePlus 6T.
On a fresh OOS 10.3.2 I cannot pass cts Profile with latest version of Magisk 2.4, it works perfect with Magisk 2.3 and both cts profile and basic integrity passes as true. But with the latest version of Magisk 2.4 no matter what I do I always get cts Profile: false...
I followed same installation procedures as always, flash magisk>downloads>+>osmosis BusyBox>install>reboot.
The back again to Magisk the install magiskhide props config then reboot, then after boot go to termix terminal and su>grant>props> chose finger print etc etc... Chose the one for OnePlus 6t android 10 install and reboot and still after boot the cts profile is false! Have tried everything and nothing with latest Magisk 2.4 but if I uninstall everything all modules and Magisk properly and flash magisk but this time the older version of Magisk 2.3 everything works fine after following all mentioned steps above and now cts profile is true and everything checks.
So is this a known issue with latest version of Magisk?
If so is there a workaround to be able to update to latest version? Or I'm I doing something wrong here. Trust me I googled it couldn't find anything in specific.
I thank you for your time in advance!

Magisk hide is off by default in now in version 20.4, it was enabled in 20.3. make sure you are enabling it on 20.4. See my Guide Installing Lineage, Section 5 Very Optional Magisk. I bring this up. The Android 10 fingerprint no longer passes reliably. You need to choose the Android 9 one.
---------- Post added at 03:49 PM ---------- Previous post was at 03:44 PM ----------
See this post about the change to Magism. There are changes coming that work arounds need to be found for otherwise undetected root / unlocked bootloaders, will no longer be a thing.

OhioYJ said:
Magisk hide is off by default in now in version 20.4, it was enabled in 20.3. make sure you are enabling it on 20.4. See my Guide Installing Lineage, Section 5 Very Optional Magisk. I bring this up. The Android 10 fingerprint no longer passes reliably. You need to choose the Android 9 one.
---------- Post added at 03:49 PM ---------- Previous post was at 03:44 PM ----------
See this post about the change to Magism. There are changes coming that work arounds need to be found for otherwise undetected root / unlocked bootloaders, will no longer be a thing.
Click to expand...
Click to collapse
Hey thank you for your answer/ it helped me tremendously! I was able to enable magiskhide and now both are true.
For now the android 10 fingerprint for OnePlus 6t passes fine as both true, my understanding is that will change soon..?
Thank you for the link, very good information.
So that means Magisk will eventually completely not work to pass Google certificates..? Once Google enforces the new key rules?

@OhioYJ

badpanda said:
So that means Magisk will eventually completely not work to pass Google certificates..? Once Google enforces the new key rules?
Click to expand...
Click to collapse
Essentially. Basically if no new work around is found before this happens Magisk would provide root, but any app that wants to look for root will know about it. Google flipped the switch a while back, but then had to reverse course some because some OEMs hadn't implemented things correctly.
TopJohnWu post about key attestation.

Related

passing safetynet with magisk 10.2 on x727 or x720?

Has anyone taken the recent magisk/superuser upgrades and been able to keep safetynet passing?
squandry said:
Has anyone taken the recent magisk/superuser upgrades and been able to keep safetynet passing?
Click to expand...
Click to collapse
If it's in the context of getting pokemon go working, I think this might help get what you need: https://www.reddit.com/r/TheSilphRo...around_for_the_pokémon_go/?sort=new&limit=500
squandry said:
Has anyone taken the recent magisk/superuser upgrades and been able to keep safetynet passing?
Click to expand...
Click to collapse
It's working for me with android pay.
Safetynet is passing for me using Magisk v9 & phh's Superuser r266-2, but a new version of each was released last week that chatter in other forums seem to suggest device-specific trouble with. I might try but first wanted to know if anyone else in the LePro3 world already has and had problems. My current interest in safetynet is for Android Pay and DirectvNow.
suhridkhan said:
It's working for me with android pay.
Click to expand...
Click to collapse
Thanks!
robertzas said:
If it's in the context of getting pokemon go working, I think this might help get what you need: https://www.reddit.com/r/TheSilphRo...around_for_the_pokémon_go/?sort=new&limit=500
Click to expand...
Click to collapse
Linked method is outdated ever since the introduction of November security patch.
Magisk V10 and phh SU r266 working fine for me on 20s
Upgrading worked for me too and I like how safety net check is part of the new status screen.
Seems like known issue but installing Xposed caused safetynet to fail, both before and after upgrade. Uninstalling Xposed caused safety net to pass again.
Root working and safetynet still passing on my x727 after taking the Magisk Manager upgrade to Magisk 11.1 and MagiskSu.
are all of you on a stock ROM and bootloader locked, I am using lineage OS 13, but safety net fails? do you have any idea how to fix this, just wanted to use ANDROID PAY, or do I need to be on STOCK ROM, just don't like the EUI and the status bar icons and the way they look(it's just me). Any help would greatly be appreciated=)
I am on stock ROM and unlocked bootloader. Magisk lets the unlocked bootloader stay. I don't see how safetynet could be expected to fully pass on a non-OEM supported ROM, especially over the longhaul of the cat-and-mouse game.
I don't like EUI either but changing out the launcher and even the notifications pulldown with Play Store apps helps immensely, along with using Titanium to freeze the bloatware. The main EUI remnants left after that is the lockscreen, the settings application, and the recents screen which I tolerate so as to have safetynet.
I could not pass safety net, got CM13, with MAGISK installed. Dang=)
squandry said:
I am on stock ROM and unlocked bootloader. Magisk lets the unlocked bootloader stay but I don't see how safetynet could ever pass on a custom ROM.
I don't like EUI either but changing out the launcher and even the notifications pulldown with Play Store apps helps immensely, along with using Titanium to freeze the bloatware. The main EUI remnants left after that is the lockscreen and the recents screen which I tolerate so as to have safetynet.
Click to expand...
Click to collapse
Hi, Did this but after installing MAGISK, everything passed, except FINGERPRINT got disabled, says hardware not supported. Android Pay works,just went to gas station and tried it, works flawlessly. FINGERPRINT is the problem I'm seeing now. Thanks for any help.
Sent from my LEX727 using XDA-Developers Legacy app
You mean you can't use the fingerprint sensor to unlock your phone? I am not sure, that works fine for me.
squandry said:
You mean you can't use the fingerprint sensor to unlock your phone? I am not sure, that works fine for me.
Click to expand...
Click to collapse
Yup, what boot image did you install? I think the problem was the boot image I used, are you on the 20's now? thanks
I am running the aboot from dr4stic's 19s unlocked bootloader zip, everything else is from the stock 20s OTA zip.
Ok, I have spent several hours trying to make it work and now time to ask for help. I got Leeco LePro 3 with custom Ron based on EUI, and trying to get Magisk working. First I tried installing system less SuperSU and Magisk, but it failed safety check multiple times, so I tried uninstalling SuperSU and use Magisksu, but not I am not able to move forward. I installed Magisk manager and when it try to install Magisk manager it downloads but doesn't show way to install it, I even try flashing Magisk 12 zip using TWRP, but it fails to update. Can someone please help me with getting Magisk working with safety check?
bocondo said:
I even try flashing Magisk 12 zip using TWRP, but it fails to update. Can someone please help me with getting Magisk working with safety check?
Click to expand...
Click to collapse
Flashing Magisk with TWRP should work. What do you mean by it fails to update?

Fix Safety Net (cts profile:false) on custom roms

Nowadays most of the roms of Galaxy S3 Neo has this issue.
After reading this guide by @Didgeridoohan I decided to work on safety net and bring it to Galaxy S3 Neo community.
Fortunately it worked fine.
https://didgeridoohan.com/magisk/MagiskHideSafetyNet
The thing is you need to find a fingerprint value which supports safetynet pass and add it to your device build.prop.
DO REMEMBER THAT THIS REQUIRES MAGISK WITH MAGISK HIDE ENABLED.
THE BELOW METHOD REQUIRES MAGISK v14.0+
Open the build.prop file located in /system.Delete the previous fingerprint value in build.prop and
add this line to the build.prop file-
ro.build.fingerprint=samsung/jackpot2ltexx/jackpot2lte:7.1.1/NMF26X/A730FXXU2ARD1:user/release-keys
I took this from my friend's J7 2015(running on on7 rom)
Save and Exit.
Make sure you have enabled Magisk Hide in Magisk setings.
Reboot.
Important Notes
1. The fingerprint values need to be exactly the same. Any small change will trigger safetynet.
2. You can use any fingerprint value for your device. It's not necessary for you to take value specific to your device. As long as the fingerprint is valid, it will work.
3. This same trick will work on every Marshmallow and Nougat Roms
Added a screenshot as a proof that it's working
This is my first thread in xda so please forgive me if I made any mistake
Sorry for my bad English
Thank you
Good work bro
Hope you the best
@zahidul.sifat Thanks for the credit, and nice guide. I just wanted to add that with Magisk it's also possible to do this systemlessly, which would mean you don't have to redo it when you update your ROM (as long as you don't wipe /data, so that the Magisk image is kept intact).
You can use a Magisk boot script with the resetprop tool, that you place in /sbin/.core/img/.core/service.d (or /magisk/.core/service.d if you're stuck on an older Magisk release). For the fingerprint you have here it would look like this:
Code:
#!/system/bin/sh
resetprop ro.build.fingerprint samsung/jackpot2ltexx/jackpot2lte:7.1.1/NMF26X/A730FXXU2ARD1:user/release-keys
You can name the file anything you want (fingerprint.sh is an obvious one), but just make sure to give it permission 755, so that it can execute at boot.
There are also Magisk modules available that can do this for you.
So after changing fingerprint value can we uninstall magisk and root?
Aman_preet said:
So after changing fingerprint value can we uninstall magisk and root?
Click to expand...
Click to collapse
Yeah sure.
Thanks, its working for me with magisk v18, but if i update to magisk 19.3 ctsprofile and basicintegrity = false. Is there a suggestion or should i stay on v18.
I also tried v18.2. With this Version ctsProfile ist also false. On my S3Neo it also seems not to work on Android 9
Humaxxx said:
Thanks, its working for me with magisk v18, but if i update to magisk 19.3 ctsprofile and basicintegrity = false. Is there a suggestion or should i stay on v18.
I also tried v18.2. With this Version ctsProfile ist also false. On my S3Neo it also seems not to work on Android 9
Click to expand...
Click to collapse
Sorry brother I don't have the device right now and It's been 2 years since I left S3 Neo community.I would suggest you to stay on v18 since it's an old device.
zahidul.sifat said:
Sorry brother I don't the device right now and It's been 2 years since I left S3 Neo community.I would suggest you to stay on v18 since it's an old device.
Click to expand...
Click to collapse
Thanks for replying. LOS16 for S3Neo passes SafetyNet successfully withourt any modification. On LOS14.1 its still possible with some magisk versions, but not all.

Question about flashing Android P (preview #2)

It's been a while since I've flashed a ROM, and I've forgotten a couple of things. I'm thinking of trying preview #2 of Android P on my PH-1.
After I've played around with Android P, I expect I'll want to return to where I am now on Oreo 8.1. I know I'll need to reload 8.1 from an official image file and that my data and (most) apps will have skedaddled.
Question: What's the best way to (1) back up and (2) restore my Oreo 8.1 system exactly as I have it?
I'm not planning to root this phone, though I've rooted several in the past. Can I back up and restore without rooting?
Thanks.
If you use stock launcher and without root, I don't see how you can get everything exactly as it was. But you can get almost everything except the actual placement of apps on screen with the default Google back up. You get all your apps, call history, sms, network configuration, etc.
---------- Post added at 01:11 PM ---------- Previous post was at 01:09 PM ----------
By the way, I've been using P for three days. So far, I find no good reason to go back. My only bug is that Google Pay doesn't work.
Thanks, pmicho. I'll probably go ahead with the preview.
pmicho said:
If you use stock launcher and without root, I don't see how you can get everything exactly as it was. But you can get almost everything except the actual placement of apps on screen with the default Google back up. You get all your apps, call history, sms, network configuration, etc.
---------- Post added at 01:11 PM ---------- Previous post was at 01:09 PM ----------
By the way, I've been using P for three days. So far, I find no good reason to go back. My only bug is that Google Pay doesn't work.
Click to expand...
Click to collapse
Just in case if you want Google Pay to start working, flash magisk 16.4 and reboot twice until the safety net starts passing.
mikamika83 said:
Just in case if you want Google Pay to start working, flash magisk 16.4 and reboot twice until the safety net starts passing.
Click to expand...
Click to collapse
P preview #2 passes safety net ?
Thanks, guys. I sideloaded the P preview 2 just now and it went fine.
Last night I had tried the fastboot method and my results weren't as good. Wifi didn't work, for some reason. Anyway, after two failed fastboot attempts, I re-flashed stock 8.1 and used Google's backup to restore most data and apps.
Then this morning I decided to use the sideload method, which was far easier and which didn't touch my data. Why doesn't Essential recommend this method instead of providing detailed instructions for the fastboot flashing method?
To use magisk you need a custom recovery and unlocked bootloader. I feel I don't need root so I keep my bootloader locked. Wit a locked bootloader there shouldn't be safety net issues. In fact, I think its not safety net issue that causes Pay to not work.4
pmicho said:
To use magisk you need a custom recovery and unlocked bootloader. I feel I don't need root so I keep my bootloader locked. Wit a locked bootloader there shouldn't be safety net issues. In fact, I think its not safety net issue that causes Pay to not work.4
Click to expand...
Click to collapse
Magisk passes SafetyNet. That's why Pay, Snapchat, etc, have worked previously. I believe Pay just isn't working with P at the moment.
spotmark said:
Magisk passes SafetyNet. That's why Pay, Snapchat, etc, have worked previously. I believe Pay just isn't working with P at the moment.
Click to expand...
Click to collapse
Isn't working on P for Essential I guess. On P on a Pixel 2 Pay works.....lots of P.
pmicho said:
lots of P.
Click to expand...
Click to collapse
Ewwww.
P preview 2 definitely did not pass the safety net for me, I'm assuming that's why it caused Google pay to stop working. After rooting with magisk, Google Pay started working just fine.

Custom Rom - Magisk/microG - Magisk Stops Doing SafetyNet Check

I'm running AospExtended-5.8, no Gapps installed and Xposed/FakeGapps, with microG.
From what I've read Xposed needs to be either uninstalled or disabled, so I disabled it, unchecked FakeGapps, and rebooted.
SafetyNet is enabled in microG and 'Use Offical Server'.
When I try to do a SafetyNet check in Magisk, I get a popup saying Magisk has stopped.
I have two different model phones, and each one does the same thing, running different versions of Magisk and different ROMs. I don't know why Magisk keeps stopping running the SafetyNet check?
I hope someone knows how to work this out?
Thanks
DoR3M3 said:
I'm running AospExtended-5.8, no Gapps installed and Xposed/FakeGapps, with microG.
From what I've read Xposed needs to be either uninstalled or disabled, so I disabled it, unchecked FakeGapps, and rebooted.
SafetyNet is enabled in microG and 'Use Offical Server'.
When I try to do a SafetyNet check in Magisk, I get a popup saying Magisk has stopped.
I have two different model phones, and each one does the same thing, running different versions of Magisk and different ROMs. I don't know why Magisk keeps stopping running the SafetyNet check?
I hope someone knows how to work this out?
Thanks
Click to expand...
Click to collapse
Because of Google have changed the SafetyNet api
Old safetynet check won't work at the time of this comment.
topjohnwu already have fixed SN check u have to wait until new version of magisk release or u can install unofficial magisk version from this developer
Link : https://github.com/ianmacd/MagiskBuilds
Actually since I don't have Gapps installed, that means no Play Services, I was told that's the problem and Magisk should of given me a message saying this...

Magisk + Google Pay

Hi,
I have a issue with Google Pay,
first of all I've made a succeful contact-less payment while BL was locked (linked paypal to g pay), but now after unlocking BL and flashing Magisk - I can't, it gives me an error on terminal 'Transaction rejected'
Ofc SafetyNet test passes, and google play store sees my phone as certified device;
Google play services, google pay, google play, paypal and phone are hidden in magisk manager.
So the question is - Have somebody made a succeful contact-less payment with unlocked BL on our OP6T?
Thanks!
it works here perfectly fine using magisk 17.3
Pokemon Go works also (and everything else)
I use Gpay everyday no issue
My op6t is also unlocked and root via magisk and I face the same problem, it worked the first time but now I keep trying to gpay in each store but it fails every time.
I'm using gpay on daily basis, I didn't need to hide it in magisk but you can try to clear gpay/paypal cache or reinstall it.
I'm on OOS 9.0.7 with Magisk 18.0
Yep, got the phone the day it came out, rooted it 5 minutes after it arrived, used pay every day since, never hid anything in magisk. I know that's little help but at least you know you've something going on with your specific configuration. I'm .7 with Magisk 18.0.
I've been using Google Pay on my phone every day since launch with unlocked Bootloader and Magisk. I never had a problem. Magisk 18 and OOS 9.0.7 right now.
Same here no issue with GPay linked with my Revolut credit card
And I have been using gpay with Magisk without issues. Bootloader is unlocked.
Unfortunately I'm not having the same luck with Pokemon go. Can you lead me in the right direction.... Do you have anything specifically set up in magisk hide I should be aware of. Main reason I still root is Pokemon Go.
Setup: OS 9.0.2 Magisk v.18.
---------- Post added at 09:56 AM ---------- Previous post was at 09:53 AM ----------
OnkeIM said:
it works here perfectly fine using magisk 17.3
Pokemon Go works also (and everything else)
Click to expand...
Click to collapse
Unfortunately I'm not having the same luck with Pokemon go. Can you lead me in the right direction.... Do you have anything specifically set up in magisk hide I should be aware of. Main reason I still root is Pokemon Go.
Setup: OS 9.0.2 Magisk v.18.
Sent from my [device_name] using XDA-Developers Legacy app
unlocked bootloader + root works always for me with this config:
- Magisk 18.0
- marked needed apps in "Magisk Hide"
- use " change Magisk package name"-option in settings
- install Magisk modul "MagiskHide Props Config"
- modul needs to setup in a terminal/console-app (open terminal, type "props" , follow option 1)
works for for me on Pokemon, GooglePay, Ingress and other all other apps that didn't started due root detection
Flakito97 said:
Unfortunately I'm not having the same luck with Pokemon go. Can you lead me in the right direction.... Do you have anything specifically set up in magisk hide I should be aware of. Main reason I still root is Pokemon Go.
Setup: OS 9.0.2 Magisk v.18.
---------- Post added at 09:56 AM ---------- Previous post was at 09:53 AM ----------
Unfortunately I'm not having the same luck with Pokemon go. Can you lead me in the right direction.... Do you have anything specifically set up in magisk hide I should be aware of. Main reason I still root is Pokemon Go.
Setup: OS 9.0.2 Magisk v.18.
Sent from my [device_name] using XDA-Developers Legacy app
Click to expand...
Click to collapse
main reason should not be Pokemon Go since it is a multiplayer game...
The only thing i always do is
1. Change package name from magisk
2. Activate desired app in magisk hide
It always worked with every app I tried like Telekom App or Banking App.
Right now I don't have root anymore, I got my 6T replaced because of a dead pixel and currently don't want to increase my widevine level
OnkeIM said:
main reason should not be Pokemon Go since it is a multiplayer game...
The only thing i always do is
1. Change package name from magisk
2. Activate desired app in magisk hide
It always worked with every app I tried like Telekom App or Banking App.
Right now I don't have root anymore, I got my 6T replaced because of a dead pixel and currently don't want to increase my widevine level
Click to expand...
Click to collapse
Gotcha, well yes I did those but no luck.
No worries. Thanks for the response!
Sent from my [device_name] using XDA-Developers Legacy app
Randomly today without any change or update to my OnePlus 6t Google Pay told me "you can no longer use Google Pay in stores." My CTS match is good everything looks fine. Did they patch anything recently?
Sent from my ONEPLUS A6013 using Tapatalk
xlxcrossing said:
Randomly today without any change or update to my OnePlus 6t Google Pay told me "you can no longer use Google Pay in stores." My CTS match is good everything looks fine. Did they patch anything recently?
Sent from my ONEPLUS A6013 using Tapatalk
Click to expand...
Click to collapse
I am seeing the same error starting last night and continuing into today.
alryder said:
I am seeing the same error starting last night and continuing into today.
Click to expand...
Click to collapse
Well at least I'm not alone which tells me they patched the CTS exploit...guess we will have to wait for a possible magisk update.
Sent from my ONEPLUS A6013 using Tapatalk
Before I begin this is just a workaround but works flawlessly and you will be able to use google pay again. uninstall the current version of google play services and google pay. You want to be on the previous version of google pay.. Then Google search previous version of google play services (I believe its 14.7.99). Install then restrict background data on both google play store and google play services and all will work great... Do not update either until magisk comes out with an update that will work with the latest play services update versions... This was driving me crazy until I gave this a try after all else failed... Have Fun Spending your Money!!!lol
anthony10126 said:
Before I begin this is just a workaround but works flawlessly and you will be able to use google pay again. uninstall the current version of google play services and google pay. You want to be on the previous version of google pay.. Then Google search previous version of google play services (I believe its 14.7.99). Install then restrict background data on both google play store and google play services and all will work great... Do not update either until magisk comes out with an update that will work with the latest play services update versions... This was driving me crazy until I gave this a try after all else failed... Have Fun Spending your Money!!!lol
Click to expand...
Click to collapse
Which version of Google Pay are you using? I got 2.84.237487748 and it's still working for now. At least the app opens normally & hasn't told me I can't use it. I haven't actually tried paying for something in a few days. And I think I just updated the GPay app within the last week.
FWIW, I'm still using Magisk 17.3 on OOS 9.0.12. With Magisk 18.x, Magisk Hide would stop working, SafetyNet checks would fail and the device would become uncertified. I've had no such issues with 17.3. Although I don't know if any of those things would cause Google Pay to stop working because even with those things happening, Google Pay has never stopped working for me. But now that I've said that, it'll probably will in 3, 2, 1....
sharksfan7 said:
Which version of Google Pay are you using? I got 2.84.237487748 and it's still working for now. At least the app opens normally & hasn't told me I can't use it. I haven't actually tried paying for something in a few days. And I think I just updated the GPay app within the last week.
FWIW, I'm still using Magisk 17.3 on OOS 9.0.12. With Magisk 18.x, Magisk Hide would stop working, SafetyNet checks would fail and the device would become uncertified. I've had no such issues with 17.3. Although I don't know if any of those things would cause Google Pay to stop working because even with those things happening, Google Pay has never stopped working for me. But now that I've said that, it'll probably will in 3, 2, 1....
Click to expand...
Click to collapse
I downgraded Google pay to 2.81. If you haven't used you're Google pay in the past few days chances are you're Google pay is not working. Google play services updates in the background without you knowing which is why I suggested turning off background data.. staying on magisk 17 shouldn't make a difference..
Even with only an unlocked bootloader it won't let you set up google pay (no twrp, no magisk, no root, just unlocked bootloader).

Categories

Resources