So I think most of you already know about Google's strict update to their SafetyNet API, which is used by Android Pay, and Pokemon Go among other apps.
If you don't, SafetyNet is a protocol used by Google Play Services that returns whether your device has been "tampered with". Having Root Access, Xposed installed, or a custom ROM or Kernel, have been known to trip this check, which will prevent the apps that utilize SafetyNet's functionality from running on the device.
Several developers on XDA and in the rooting community have been working overtime in an attempt to find a loophole in SafetyNet's code - enter the likes of Magisk and SuHide, each of which no longer work to hide root from SafetyNet as of the date of this writing.
Now, my personal belief is that after a person has purchased an Android device (and in effect that copy of the device's software) they should be free to make any and all modifications they choose to it - at the risk of their own security of course. Additionally, with apps like Pokemon Go, which offer in-game purchases and then change user agreements through app updates which block potential users after they may have made these same in-game purchases, the argument could be made that the SafetyNet API is even promoting fraud.
It isn't my intention to convince anyone of my position, only understand it. At this time, I am trying to gain a better understanding of exactly what elements found on a device prompt SafetyNet to return that a device has been tampered with. I was once rooted, with Xposed installed, but have since uninstalled both, and even re-flashed stock firmware. Even still, the SafetyNet Helper App I have been using for research always returns a failure. For posterity, I am also unable to log into Pokemon Go on stock firmware with no root or Xposed.
If root access is enabled, I have found that the SafetyNet check itself (step 1) will fail and the app will present a red screen, whereas if root access is not installed, the SafetyNet check will pass, but the Device Signature Verification with Google (step 2) will fail, which results in an overall failure where apps like Android Pay and Pokemon Go are concerned. The most modern counter I have found to hide root from SafetyNet is found here but even it states that the device must be able to pass the SafetyNet check on its own before this modifies SuperUser can be installed, so I feel a bit stuck.
I haven't seen anyone address SafetyNet and the Xperia Z5 Compact in the same sentence, and so my question is, can the Z5C pass SafetyNet at all since its most recent update? Please, download the SafetyNet Helper App from the Play Store and run it on your Z5C. Let me know if you get a red screen (failure at first step) a blue screen (failure at second step) or a green screen (passing). Also tell me about your device, and any modifications you have made to it. Seeing as how I can no longer pass the SafetyNet check at all on newly flashed stock firmware, I worry that the Xperia Z5C may not have been given Google's "Device Signiture Verification" - like many other international Android devices.
And if anyone else can shed some light on this situation, I would be most grateful.
Blue screen error.
Krypton custom rom based on .253 with zach's kernel. xposed installed
Sent from my iPad using Tapatalk
What about downgrading Google Play Services? as far as i remember the Safetynet APi is included in this package. Don't know if it is server based or written inside the package, though.
Has anyone found a way to bypass SafetyNet for Nougat?
grayleshy said:
Has anyone found a way to bypass SafetyNet for Nougat?
Click to expand...
Click to collapse
I also want to know this, when running safetynet test it shows me a red screen, even though I already removed root and flashed stock firmware.
rolo143 said:
I also want to know this, when running safetynet test it shows me a red screen, even though I already removed root and flashed stock firmware.
Click to expand...
Click to collapse
because of unlocked bootloader
im using magisksu + magiskhide and its bypassing the safetynet
meistr91 said:
because of unlocked bootloader
Click to expand...
Click to collapse
There is a workaround?
meistr91 said:
because of unlocked bootloader
Click to expand...
Click to collapse
Can I relock it again?
https://forum.xda-developers.com/z5-compact/general/recovery-nougat-7-0-android-bootable-t3609358
rolo143 said:
Can I relock it again?
Click to expand...
Click to collapse
Magisk changes the properties and "relocks" it for you during the start up procedures.
--- previous post
NeoBeum said:
https://forum.xda-developers.com/z5-compact/general/recovery-nougat-7-0-android-bootable-t3609358
Magisk changes the properties and "relocks" it for you during the start up procedures.
Click to expand...
Click to collapse
But magisk requires root. I remove root because there are some games and apps that detect it. So I wanted to pass SafetyNet but still can't.
I have Magisk working, I'm just rebuilding the recovery project and fixing some stuff
Has one been able to patch libandroid to make suhide work on Nougat with security patches after October 2016?
I have CarbonROM 5.1 Moo installed on my Zperia Z5 compact. This along with Magisk 14.3. (And... yeah... As it seems, the Magisk module "Universal SafetyNet Fix" is also required in my case. )
With this, it all works fine. SafetyNet checks out as valid/okay. No problems.
Ah safetynet, the thorn in the side of every technical android user who wants to use Android Pay.
It's even worse on a xiaomi device, because once you've been granted a bootloader unlock after waiting for days, you don't want to re-lock it for fear of locking yourself out of the device and having to wait another 30 days before you can get a new unlock permission!
There is a lot of old information around about hiding root, custom kernels, installing things in particular orders and I'm pretty sure I've tried them all - including compiling kernels from scratch with a few different versions of the unlocked bootloader hiding patch.... never getting past the dreaded CTS Mismatch
But all of a sudden I happened on a little known secret found by @kyasu that the build fingerprint is also checked : https://forum.xda-developers.com/showpost.php?p=70831797&postcount=3665
Also, conveniently, Magisk (since v9) patches the ro.boot.verifiedbootstate and related props that SafetyNet checks.
This now gives us two options to enable safetynet regardless of bootloader state.
You will need either a kernel with bootloader state hidden OR magisk, as well as a method of changing the build fingerprint.
This also assumes you've got TWRP installed and are comfortable using it.
Tested on Mi5 Lineage OS 14.1-20170206-NIGHTLY-gemini and various xiamoi.eu 7.2.X and 7.3.X versions:
NOTE: Magisk Hide on MIUI currently does not work (21st July 2017)
This has been widely reported and there are a number of open issues:
https://github.com/topjohnwu/Magisk/issues?utf8=✓&q=is:issue is:open miui
A fix may have been found, not ready to test however:
https://github.com/topjohnwu/Magisk/issues/298#issuecomment-316687923
Magisk:
Remove any previous root, usually this can be done by simply dirty flashing your current rom in twrp.
From TWRP install Magisk v13.3: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
Restart and Magisk Manager app should be installed.
Hit the test safetynet button in Magisk Manager, if it passes stop here! Latest lineage roms don't need my magisk fingerprint module anymore, they just work.
Otherwise, download this magisk module on your phone: https://gitlab.com/alelec/magisk-ge...2bbf9dc8/magisk-gemini-safetynet-props-v3.zip
In Magisk Manager, go to modules and install the magisk-gemini-safetynet-props zip just downloaded. It should prompt to restart to enable module, do so.
After restart, fire up Magisk Manager and "tap to start SafetyNet check", fingers crossed it comes up Green!
Note: After each rom update you will need to reinstall Magisk in twrp, but the safetynet enabling module above should stick just fine and not need reinstall.
Custom Kernel:
I don't test this as often, as I prefer the Magisk method, however this is an option for people who don't want any kind of root on their phones.
I also don't maintain any patched kernel for miui based roms as the one's I've tried are just too buggy.
Remove any previous root, usually this can be done by simply dirty flashing your current rom in twrp.
Install gemini-safetynetpass-stable-fingerprint-20170217.zip
this package is based on gemini-safetynetpass-20170213.zip by @kyasu but only changes the build prop fingerprint, the old custom kernel has been removed:
Install a patched kernel, you can either use my autobuild of a patched latest LineageOS kernel for Mi5 (includes fingerprint fix):
https://gitlab.com/alelec/android_kernel_xiaomi_msm8996/tags (LineageOS-gemini-safetynet-kernel_XXXXXX.zip links)
or recent DragonXia kernels appear to be patched
https://forum.xda-developers.com/mi-5/development/kernel-brand-kernel-cm13-alpha-1-0-t3480663 (LineageOS)
https://forum.xda-developers.com/mi-5/development/kernel-dragonxia-kernel-v1-0-t3546619 (MIUI)
Note: Both the kernel and fingerprint zip above will need to be re-installed after each rom update.
On a related note, if you want to use Android Pay on MIUI based roms, make sure the HCE wallet configuration and permissions are set correctly.
See the following for more details: http://en.miui.com/thread-405166-1-1.html
Once you unlock it once, you can unlock it again without waiting. I just unlocked and relocked my Mi5 about 3 times in a couple days.
Sent from my MI 5 using Tapatalk
Oh really? Wow, nothing I've read anywhere in the last few weeks has said that before, certainly simplifies things!
Do non stock kernels boot on a locked bootloader though? They didn't on my previous Sony.
coronafire said:
Oh really? Wow, nothing I've read anywhere in the last few weeks has said that before, certainly simplifies things!
Do non stock kernels boot on a locked bootloader though? They didn't on my previous Sony.
Click to expand...
Click to collapse
It does make it easy. I initially unlocked my bootloader to flash the global stable, then used mi flash to flash the ROM and relock my bootloader. I wasn't happy with the stable ROM, so I went back into the mi unlock tool, unlocked again, and flashed the dev ROM and relocked Then I see 8.2 is coming soon, so I went back to mi unlock and unlocked yet again so I can flash the new 8.2 when it comes out.
I'm not sure on kernels, haven't messed with them on Xiaomi devices.
Sent from my MI 5 using Tapatalk
Did anyone try this patch on MIUI?
Edit: Just tried on MIUI v7.2.9 Global Dev. CTS profile and Basic Integrity check both fails.... What a bummer...
the_poolee said:
Did anyone try this patch on MIUI?
Edit: Just tried on MIUI v7.2.9 Global Dev. CTS profile and Basic Integrity check both fails.... What a bummer...
Click to expand...
Click to collapse
Drats. If basic integrity is failing that's something else triggering the issue. Before I changed the fingerprint I only had cts failing, basic was usually fine. Sometimes a replacement kernel would cause it to fail basic, but I never narrowed down exactly what the cause was.
Works on LOS. Anyway my bank doesn't support android pay yet.
Ulver said:
It does make it easy. I initially unlocked my bootloader to flash the global stable, then used mi flash to flash the ROM and relock my bootloader. I wasn't happy with the stable ROM, so I went back into the mi unlock tool, unlocked again, and flashed the dev ROM and relocked Then I see 8.2 is coming soon, so I went back to mi unlock and unlocked yet again so I can flash the new 8.2 when it comes out.
Click to expand...
Click to collapse
Looked into it some more to confirm - I'm quite sure you can't re-lock the bootloader if using anything that's not an official xiaomi rom, ie if using lineage, or even the xiaomi.eu rom, you can't lock bootloader without having a bootloop.
And yeah, I've confimed this method doesn't work on xiaomi.eu rom 7.1.20 or 7.2.16 on mi5. It gets both failed basic integritry and failed cts profile match.
I've also tried on Global Stable 8.1.4.0 with unlocked bootloader and had no luck at all, same error.
This was a clean install, factory wipe, install magisk v11.1. Initially the check couldn't work at all, I had to get google play services updated for anything to work. Then the check operates, but fails on both counts.
I passed safety net on 8.1.2.0 global stable, but failed to add a card in Android Pay. I'm hoping 8.2 works.
Sent from my MI 5 using Tapatalk
Ulver said:
I passed safety net on 8.1.2.0 global stable, but failed to add a card in Android Pay. I'm hoping 8.2 works.
Sent from my MI 5 using Tapatalk
Click to expand...
Click to collapse
As described by @Ulver if you're on official builds, you should be able to re-lock the bootloader and avoid this issue (although without root I guess).
Aside from that, you definitely shouldn't need the zip I made for the build prop change, as you'll already have a stable build fingerprint
It turns out there's lots of versions of official rom that don't pass safetynet even when cleanly flashed with locked bootloader - xiaomi themselves keep breaking it!
A little search finds lots of references, such as this entire thread, and this post in particular: http://en.miui.com/forum.php?mod=redirect&goto=findpost&ptid=273319&pid=7515203
This certainly complicates things....
Turns out you can't always re-unlock....
To test more thoroughly I decided to flashtool wipe and lock my mi5 to stable release that's reported to pass safetynet; global_images_V8.0.2.0.MAAMIDG
My plan is to verify that it passed when locked (it did), then unlock and just install magisk to see if that worked to hide.
Well, MiUnlock has told me I can't unlock, I logged back into unlock web site and it now says my unlock request is rejected (on same account as I originally unlocked on). So now I have a locked device on global stable and have to wait for re-application to unlock.
FWIW I then allowed MIUI to OTA update itself to 8.1.2.0(MAAMIDI) and then safetynet helper originally told me no, fail on both basic and cts.
Ran it a couple more times though and now it's passing. go figure... safetynet is somewhat unreliable.
tl;dr don't re-lock your phone assuming you'll be able to immediately re-unlock it, it clearly works some of the time, not always though.
Good news, I've got SafetyNet pass on xiaomi.eu (MIUI) rom with unlocked bootloader
In the end it's basically the same as the original LOS method except that as we've all seen earlier Magisk v11.1 isn't working for MIUI.
This win was achieved with Magisk v9 and phh-superuser-magisk-r266-2 with the current Magisk Manager (4.2.6)
As per the screenshot I'm running xiaomi.eu MUIU 8.3 7.2.24 in Mi5
My procedure was:
* dirty flash rom to clean up prior attempts (Install) xiaomi.eu_multi_MI5_7.2.24_v8-7.0.zip
* Install gemini-safetynetpass-stable-fingerprint-20170217.zip
* Install Magisk-v9.zip
* Install phh-superuser-magisk-r266-2.zip
* Reboot.
Simple as that, Magisk Manager shows SafetyNet passing (after asking for root privs on first launch)
I've added a new card in Android Pay, haven't tested at a terminal yet though.
If anyone's interested I previously got SafetyNet passing on MIUI with a custom kernel instead of Magisk, this gave SafetyNet green without any kind of root.
The problem with custom kernel's at this stage is the capacitive buttons (back and app switch) have reduced sensitivity / only work well when the phone is charging. AFAIK this is only really a problem on phones with LGD lcd's (what I have), the other ones might work fine.
If anyone wants to try my kernel instead let me know and I'll share it, I found it to be a bit flaky though.
@up:
For me not working.. SafetyNet test always have CTS false.. I tried clean install and for now it's not works.
rafix96 said:
@up:
For me not working.. SafetyNet test always have CTS false.. I tried clean install and for now it's not works.
Click to expand...
Click to collapse
Which version of which rom did you try?
coronafire said:
Which version of which rom did you try?
Click to expand...
Click to collapse
I would definitely would like to confirm this on the latest miui official global dev
First i try this on 7.2.24 xiaomi.eu later i updated MIUI to 7.2.3 and unfortunately it does not working too...
rafix96 said:
First i try this on 7.2.24 xiaomi.eu later i updated MIUI to 7.2.3 and unfortunately it does not working too...
Click to expand...
Click to collapse
That's annoying, 7.2.24 is what works for me. It's been my daily driver since, and I've used android pay at a terminal no worries.
Do you definitely have Magisk v9 and phh-superuser-magisk-r266-2.zip ?
Magisk v11 cannot be installed else a dirty flash will be needed.
Oh, I just remembered I've also installed the 'phh's SuperUser' app from Play Store. This is probably needed
After that I opened Magisk Manager, which asked for root permissions the first time (which has to be granted).
@coronafire
Yes i tried everything but i have another one idea, when i come back to home i did MiFlash and then install eu 7.2.24 maybe will work.
Wysłane z mojego MI 5 przy użyciu Tapatalka
basically, if you don't need root, just flash
the latest zip in the following link (by kyasu)
https://www.androidfilehost.com/?w=files&flid=149919
will pass safetynet without locked bootloader. As they latest kernel is 2 weeks old, please consider there may be some drawback in flashing an old kernel to latest LOS build. By the way, would kyasu please update the file or let us know is there is any easy way to patch on our own?
hklam0 said:
basically, if you don't need root, just flash
the latest zip in the following link (by kyasu)
https://www.androidfilehost.com/?w=files&flid=149919
will pass safetynet without locked bootloader. As they latest kernel is 2 weeks old, please consider there may be some drawback in flashing an old kernel to latest LOS build. By the way, would kyasu please update the file or let us know is there is any easy way to patch on our own?
Click to expand...
Click to collapse
Just to note, this is only for LineageOS, not MIUI.
Personally I find it easier to not need to replace the kernel and just install magisk, if root isn't wanted it can be disabled in the magisk app.
But yes it's true you can replace the kernel with a patched one, avoiding installing any kind of root.
I've experimented with this quite a bit myself, however to update it requires at a minimum applying a patch/commit to a fork of the kernel source you're starting with and compiling it.
I've got a fork of the MIUI kernel from @Shaky156 with the appropriate patch:
https://github.com/andrewleech/Mi5-...mmit/66cbe734eb15d2508a5c80157a8af38d59373535
and example build script:
https://github.com/andrewleech/Mi5-MIUI8-Nougat-Kernel/blob/master/build.sh
Or there's the original patch by @Sultanxda which usually works as well, I did test this on a LineageOS kernel but this is pretty out of date too by now, and I started from a different forked kernel anyway.
https://github.com/andrewleech/andr...mmit/f8314c10146971979ad26c881be9bd17603c1e7d
Is anyone able to pass safety net test on their mi pad 4? If so can you let me know your set up.
I've tried many different methods of installing gapps but even on stock I can't pass it. Right now I'm on stock Chinese ROM 9.6.23.0 with gapps flashed through twrp from opengaps. Every time I try to submit a safety net request it fails, and on magisk manager checking safety net status results in an error, "the response is invalid".
I've tried Google installer apk, using a mi5 backup and twrp flashing and I'm still getting the same response. If anyone has gotten their device to pass safety net please let me know the ROM you're currently running and the method you used for flashing gapps.
unlock BL and use the xiaomu.eu beta ROM, apparently it passes safetynet (as long as you don't go ahead and root as well lol)
https://xiaomi.eu/community/threads/when-will-xiaomi-eu-be-available.45622/page-2
wintermute000 said:
unlock BL and use the xiaomu.eu beta ROM, apparently it passes safetynet (as long as you don't go ahead and root as well lol)
https://xiaomi.eu/community/threads/when-will-xiaomi-eu-be-available.45622/page-2
Click to expand...
Click to collapse
I have rooted mi pad 4 with xiaomi.eu MIUI 10 developer rom and safety net passing without any problems.
I have a doubt, I have tried the ROM oos and I love it, but the only negative thing is that after installing it and putting the dfe without root, safetynet does not pass and although it installs magisk hide, and if it passes safetynet but I can not play fortnite, I get out of the game when I jump from the bus, then I tried pixel expirience without installing root too, this ROM passes the safetynet and without doing anything I could play the fortnite, my question is that I see that the customized ROMs can not all be played fortnite, what is the difference between some ROMs and others so that you can play the fortnite, I want to try more ROM, but I do not want to lose the power to play the fortnite, what difference there is between these roms, thanks
luiwii said:
I have a doubt, I have tried the ROM oos and I love it, but the only negative thing is that after installing it and putting the dfe without root, safetynet does not pass and although it installs magisk hide, and if it passes safetynet but I can not play fortnite, I get out of the game when I jump from the bus, then I tried pixel expirience without installing root too, this ROM passes the safetynet and without doing anything I could play the fortnite, my question is that I see that the customized ROMs can not all be played fortnite, what is the difference between some ROMs and others so that you can play the fortnite, I want to try more ROM, but I do not want to lose the power to play the fortnite, what difference there is between these roms, thanks
Click to expand...
Click to collapse
The device fingerprint. There's a Magisk module that can spoof that for you. Use Search.
understood, but because one ROM implements it as standard and another does not, it is the Kernel, something must have to not have to be dizzy with magisk, if I do not want to root, because in pixel ROM you do not have to do anything