Pixel 4a, Android 11
safteynet-fix 1.1.1
magiskhide props 5.4.0-v125
magisk 22.1

Seems to brake fingerprint functionality on my s10e with android 10.
I do pass safetynet with this, but the applications depend on the fingerprint throw errors or crash. Unlocking the phone with fingerprint is not affected.
Disabling it the applications work again and i pass basic integrity but fail on cts.

Keepass2offline:

Noble Rom Note 9 OneUI 3.1
Using your beta 2.0 fix.
Magisk hide is on but still fail..

this method uses a hardcoded string to determine what app to block, while this is useful in bypassing SafteyNet perhaps implementing a way of reading a custom list from disk? there are other apps I would like to block from using Hardware attestation without having to recompile this repo every time

Perhaps read a config from disk? be mindful of FBE though

[Method in question]

static android::status_t interceptTransaction(uint32_t code, uint32_t attestKey_code) {
    // TRANSACTION_attestKey, varies by Android version
    if (code == attestKey_code) {
        pid_t pid = android::IPCThreadState::self()->getCallingPid();
        std::string cmdline;
        std::ifstream cmdlineFile("/proc/" + std::to_string(pid) + "/cmdline");
        std::getline(cmdlineFile, cmdline);
        cmdlineFile.close();

        std::string gmsPrefix("com.google.android.gms");
        if (!cmdline.compare(0, gmsPrefix.size(), gmsPrefix)) {
            ALOGI("Blocking key attestation attempt from %s", cmdline.c_str());
            return android::INVALID_OPERATION;
        }
    }

    return android::NO_ERROR;
}

For users

Universal SafetyNet Fix is not compatible with heavy OEM skins such as Samsung One UI and MIUI. You can try it at your own risk, but don't expect it to work. Instability and/or bootloops are likely. Common issues include broken fingerprint unlocking, broken biometric authentication in apps, crashing apps, and more.

DO NOT report issues if you are using a heavy OEM skin.

For developers

Replacing the keystore service causes breakage on heavily-customized OEM ROMs where the vendor has made intrusive changes that don't work with the AOSP keystore service. The most prominent example of this is Samsung One UI, but there are other vendors doing this.

Patching the keystore service executable is not a scalable solution, so this needs to be fixed another way. The current proposal is to shim the system's existing service (#13, blocked by #33), but I'm open to other ideas.

Feel free to propose alternative ideas or submit an implementation PR.

Hi,

When trying to flash safetynet-fix from Magisk, I get this error: Nexus 7 2013: Unsupported CPU architecture: armeabi-v7a

How could we compile for Nexus 7 2013 ?
Thanks a lot

Kindly add support x86 architecture.

I'm using A9 MIUI11 and have exactly the same problem described in the issue #6 - fingerprint doesn't work for authentication in any apps. Is it possible to apply the same method to fix it on MIUI? I've already tried safetynet fix for samsung devices and it didn't help.

As reported by @bwegge:

Hi, firstly thanks a lot for this effort and quick remedy.

My phone is a Huawei Mate 10 Pro on EMUI 9.1.0.345, which worked with Magisk and SafetyNet passing until earlier this week.

On that phone, for some reason, the ro.vendor.build.security_patch is set to a lower date (2018-06-19) than the ro.build.version.security_patch (2019-12-01) out of the (unrooted) box. So for SafetyNet to pass, the correct value for ro.build.version.security_patch should NOT be changed to the vendor patch date and instead remain unchanged at 2019-12-01.
So unfortunately, this code in post-fs-data.sh actually destroys the correct security_patch version and SafetyNet/ctsProfile fails if I use this module.
I disabled this script, and indeed this got SafetyNet to pass with ctsProfile on my phone again :)

Hi. I'm happy that your patch is going to bypass hardware attestation in SafetyNet mechanism. Is there any chance to use it with Android x86 with MagiskHide Props Config module in order to spoof device fingerprint and pass SafetyNet on a Android x86 device?

On my oneplus nord when I check for saftetynet in magisk it does nothing for a long time and then it says eval type n/a. I assume there is some kind of timeout and there is just no response coming back. I see similar effects in my banking app. There used to be a error saying "Your phone is rooted, this app can't be used". Now it's just stuck at the start-sequence. I assume it's waiting for some kind of safetyNet response. Would it be possible to mock a positive response? I think then it should work.

are the complete snet reflective dex files sdownloaded to /data/data/com.topjohnwu.magisk/snet/oat?
I see this happening in line 99 here https://github.com/topjohnwu/Magisk...wu/magisk/ui/safetynet/CheckSafetyNetEvent.kt
If not how to snag and decompile the full snet.dex?

Android 10, MIUI 12. Could microG be the problem?

Edit : my mistake. After uninstalling Magisk Hide Props, everything's ok. This issue can be closed
Since the RQ3A.210605.005 update of the Pixel 3a, even if the evalType remains "Basic", I get a "false" for ctsProfile.
Does Google updated SafetyNet again ? Or am I missing something ?

A lot of industrial Android Devices does have Android 7.1.2. Could you please add support?

Breaks Fingerprint Authentication on SM-998B/DS.

In Google Play
Banking Apps

I have a cellphone with Android 7.1 that it doesn't have any 8.x upgrade in plan. This patch can be used? If it isn't, there will be support for 7.x versions soon?

Biometrics works in the phone if I want to unlock the screen, the problem is when I try to add x app biometric auth on setting the app donst d recognize the biometrics.

I test the phone and the biometrics are not recognized.
magisk module says that biometrics are not sported on the device or not enabled.

Not working with samsung M31 (SM-M315F) ROM v11
For bypassing safetynet

I noticed after installation of v1.1.1 that it works but after while - some hours, it breaks somehow the menu when i enter pin unlock on my phone. It,s not SIM pin but one i need to use for every phone restart. Im entering my pin but the service restarts and ask my again for pin. Unfortunatelly factory reset was my only option in this case. I run lineage 16 by OpenKirin group. Any option for resolving that?

Would be nice to have this on magisk repo https://github.com/Magisk-Modules-Repo/submission

Android 11 (SM-N9860 TGY) has an issue with this patch - StrongSwan VPN client (with certificates authenticaton) can't reconnect (reauthenticate) due to this patch and hangs connection. Error in the logs - keystore object is dead. Details TBD.

I am working on a Samsung A6 (sm-A600fn), trying to fix ctsProfile. Installing the Safetynet-fix v1.1.1 I get

• Unsupported CPU architecture: armeabi-v7a
• Installation failed

What's wrong?

The phone reboots continuously. Sometimes the phone keeps on and I check Safetynet and it passes the test. But if I restart it will bring back the keep restarting issue again.

Fix v1.1.1
Magisk v22.1
Android 11
Device SM-N975F

magisk_log_2021-04-15T11_08_52Z.log

I have read #2 and am wondering if your patches could be replicated for One UI. Using https://opensource.samsung.com/ I have downloaded the source of my phones current rom. Your v1.1.1 causes my Galaxy S20+ to bootloop. Using the files provided on Samsungs open source website do you think your safety net patches could be ported to phones running One UI or other heavy oem skins like mine? Maybe developers could port your patches per device and firmware. This is assuming that the source code provided on samsungs open source page have the source code for keystore and/or libkeystore-attestation-application-id.so binaries.

I hope this is the right place to ask this. My device doesn't pass the safetynet check. There's a tick for basicIntegrity, but ctsProfile has a minus next to it.

• I'm on LineageOS 10 on a Fairphone FP3.
• I've got an unlocked bootloader.
• I've enabled MagiskHide.
• I patched the Lineage boot/recovery image with Universal SafetyNet Fix, and flashed it to the phone.
• I've installed MagiskHide Props Config (although I tried it without that first).

Here's my log file:
magisk_log_2021-02-22T011324Z.log

Thanks for your help!

Redmi K30 pro also called poco f2. It Doesn't work on miui12. Redmi K30 pro

Samsung SM-T510 2019 model
Stock Android 9
TWRP and Magisk installed

When I try to install I get the following:

• Extracting module files
  Unsupported CPU architecture: armeabi-v7a
  ! Installation failed

I know Samsung is heavily skinned. Hope we can still get some help, and have sent a few beers if that helps.

Enabling the fix breaks 3rd party apps from using fingerprint sensor. Two things I noticed:

1. after enabling the fix, one of those apps complained about "fingerprints have changed, please enroll again" or something to that effect

2. system.prop in the fix's zip sets ro.boot.veritymode=enforcing and ro.boot.vbmeta.device_state=locked. However, if the fix is not enabled, getprop returns empty for those properties. Are these needed? What would happen if I tried to remove those lines from system.prop?

Any other idea of what I could test?

May security update Safety Net ctsProfile fails. Android 10 and Android 11

I found out that when i use this module on my s20+ and s10+ it get random soft reboots after unlock my phone around 3 times in a row

After installing Riru and EdXposed through magisk, SafetyNet check fails.

What CPU does the zip file support?
I am trying to install on an ARM v7a 32bit platform? 32bit Lineage OS was the only one available for the Fire HD8 tablet. Let me know if there is any chance for compile version to support this CPU.

That said.

After installing safetynet check succeeds, but first reboot makes it loose root.

Firmware is

samloader -m SM-G998B -r TNL download -v G998BXXU1AUAC/G998BOXM1AUAC/G998BXXU1AUAC/G998BXXU1AUAC --do-decrypt -O .

I'm unable to get Magisk to recognize the zip in order to install it. Here are the guidelines: https://www.didgeridoohan.com/magisk/MagiskModuleIssues. If you have an easy way around it already, please let me know!

On some ROMs (such as certain versions of Samsung One UI), there have been enough changes to the keystore service that the attestKey transaction is no longer assigned to the same ID as AOSP, so the shim solution doesn't work at all.

It is technically possible to obtain the transaction ID at install time by decompiling the framework, but this is very fragile and needs to be done on every update.

My proposal is to inspect the contents of the AIDL Parcel object to determine the call instead of relying on the transaction code. attestKey takes a unique set of arguments:

• IKeystoreCertificateChain callback (AIDL service)
• String alias
• KeymasterArguments params

This allows to identify the transaction by checking the data in the Parcel. For IKeystoreCertificateChainCallback, the client sends a Binder to its implementation of the callback as a value in the Parcel, so we can check whether the service is correct by doing the equivalent of Java's Binder#queryLocalInterface("android.security.keystore.IKeystoreCertificateChainCallback") in C++. The other arguments should be easy to inspect as they are either primitive Parcel data types or Parcelables composed of primitives.

It must be noted, however, that the raw Parcel data format is not necessarily stable across major Android versions to the best of my knowledge. Attempting to read the data blindly using the C++ Parcel API is also dangerous because it could cause an out-of-bounds read when attempting to read a string at the wrong position.

Implementations are free to be submitted to the shim branch for #13. This is currently blocking #32.

After upgrade from LineageOS17.1 to 18.1 the system bootloop, I dont know what log I should upload to help solve this issue (Im not familiar with this anymore, please help)

MagiskHide Props is working too (SafetyNet sucess), but I dont remeber why I'm using this too

Sorry for asking such a stupid question but would this work with LineageOS to make SafetyNet pass? Thank you.

I tried all module versions and all of them gave me a boot loop, how to fix this?

First of all thank you so much for the fix. You're insane!

I've hooked the attestKey method and printed all the outputs from mContext.getPackageName(), but I didn't receive "com.google.android.gms" string at any time (but other packages). Any clue?

Thanks in advance.

I'm using a Pixel 3a XL. When this module is installed and I try to put in my pattern, the screen goes black for a few seconds and I get kicked back to the lock screen. Everything works normally if I remove the module.

logcat.txt

It seems that \bin\keystore and libkeystore-attestation-application-id.so provided in module have missing functions for samsung one ui 3.0 . Some times it works and somtimes i get infinite reboots after unlocking. Also Secure folder does not saves the password and get configured. Thanks Great Module

Many armv7-a devices (motorola devices especially) that have low-end processors.
Is there any way to make a multi-platform installer that covers every build? I wouldn't think that you'd need to compile the entire firmware for every device, just the keystore file (with the patches).

The build could detect which cpu you have like it does now, but with a for loop (magisk does this).

after installing this module 1.1.1 version:

1. 1st of all always on restarting and immediately unlocking the lock screen it causes reboot of ui , but if i give some time like 20-30 seconds with screen turned on before unlocking the phone ,the issue doesn't occur( Con: If I have emergency then I can't immediately unlock phone but have to wait for 20-30 seconds)

2. Now after successfully unlocking by above methods , opening play store and turning on biometric authentication for payments causes the play store to abruptly close as if force stopped ,whether i press cancel or ok after entering password for biometric authentication ,in both cases play store closes abruptly.

3)I also noticed that after installing the module my samsung account asks for relogin again and again until I relogin.

4. now module was successful in passing cts profile(both true) , earlier hardware attestation caused partial failure of safetynet (basic still true). Google play store also shows certified.

6)after uninstalling the module ,
i) issue of biometric authentication is gone
ii) safetynet fails
iii)
iv) the lockscreen reboot issue is also gone and I can Immediately unlock my device after restarting my device without my phone again rebooting.

Thats all

I want this module to be error free, if you have taken to read this then I thank you . I hope my observation can help in improving this excellent module just some bugs to fix.

And yes I forgot to mention, versions from 1.0.2 and below only cause bootloop without even entering system, versions after 1.0.2 cause restart after I immediately unlock after a restart. Also , I tried the test version 2.0.0 for samsung uis and it didn't even pass safetynet, with other issues staying same.
Thank you

Here's the log:

A/linker: CANNOT LINK EXECUTABLE "/system/bin/keystore": cannot locate symbol "_ZN9keymaster19SoftKeymasterDeviceC1Ev" referenced by "/system/bin/keystore"...

E/SystemServer: BOOT FAILURE making Connectivity Service ready
java.lang.NullPointerException: Attempt to invoke interface method 'int android.security.keystore.IKeystoreService.exist(java.lang.String, int)' on a null object reference
at android.security.KeyStore.contains(KeyStore.java:292)
at android.security.KeyStore.contains(KeyStore.java:300)

E/AndroidRuntime: *** FATAL EXCEPTION IN SYSTEM PROCESS: ConnectivityServiceThread
java.lang.RuntimeException: Error receiving broadcast Intent { act=android.intent.action.USER_STARTED flg=0x50000010 (has extras) } in com.android.server.ConnectivityService$3@d80d198
at android.app.LoadedApk$ReceiverDispatcher$Args.lambda$getRunnable$0$LoadedApk$ReceiverDispatcher$Args(LoadedApk.java:1635)
at android.app.-$$Lambda$LoadedApk$ReceiverDispatcher$Args$YBWo_pyjHgkQEJgfA2r9yWoWRQA.run(Unknown Source:2)
at android.os.Handler.handleCallback(Handler.java:938)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loopOnce(Looper.java:201)
at android.os.Looper.loop(Looper.java:288)
at android.os.HandlerThread.run(HandlerThread.java:67)
Caused by: java.lang.NullPointerException: Attempt to invoke interface method 'int android.security.keystore.IKeystoreService.exist(java.lang.String, int)' on a null object reference

Hi,

I'm using an Android Pixel 2 XL with Android 8.0 rom stock that I just patched using the latest version of Magisk which is 22.0.

After installing one of the patch you kindly brought up to the community, Android can't start and shows me a black screen indicating the system is corrupted and asks me to repair ( recover).

thanks a lot for helping me

This isn't really an issue but when I apply the fix onto my phone and restart, the phone restarts again (shows boot screen), then it works fine shortly after. Why does this happen?

Hi
Installed 1.1.1 work very good
But having two problems

1. Some apps like keePassDroid stop authentication with a fingerprint.
2. Google backup also stopped working.

When i disabled the it and reboot they work.
My phone is S20 stock with latest canary

.