Universal fix for Google SafetyNet on Android devices with hardware attestation and unlocked bootloaders.

Overview

Universal SafetyNet Fix

This is a universal fix for SafetyNet on devices with hardware-backed attestation and unlocked bootloaders (or custom verified boot keys). It defeats both hardware attestation and the SafetyNet CTS profile updates released in 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels. MagiskHide is required as a result.

Passing basic attestation is out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Use MagiskHide Props Config to spoof your CTS profile if you have trouble passing basic attestation. This is a common issue on old devices and custom ROMs.

Android versions 7–12 are supported, including OEM skins such as Samsung One UI and MIUI. This module requires Zygisk (for Magisk Canary) or Riru (for stable Magisk).

Installation

The module must be installed using Magisk Manager, not TWRP or any other custom recovery.

Always make sure you have the latest version of the module installed before reporting any issues.

Zygisk

If you are using Magisk Canary, you need the Zygisk version of this module. Download and install the latest Zygisk version of this module from GitHub Releases.

Riru

If you are using stable Magisk, you need the Riru version of this module. Download and install the latest Riru version of this module from GitHub Releases. You will also need to install "Riru" through Magisk Manager.

How does it work?

Google Play Services opportunistically uses hardware-backed attestation to enforce SafetyNet security (since January 12, 2021), and enforces its usage based on the device model name (since September 2, 2021).

This module uses Riru to inject code into the Google Play Services process and then register a fake keystore provider that overrides the real one. When Play Services attempts to use key attestation, it throws an exception and pretends that the device lacks support for key attestation. This causes SafetyNet to fall back to basic attestation, which is much weaker and can be bypassed with existing methods.

However, blocking key attestation alone does not suffice because basic attestation fails on devices that are known by Google to support hardware-backed attestation. This module bypasses the check by appending a space character to the device model name. This has minimal impact on UX when only applied to Google Play Services, but it's sufficient for bypassing enforcement of hardware-backed attestation.

Unlike many other approaches, this doesn't break other features because key attestation is only blocked for Google Play Services, and even within Play Services, it is only blocked for SafetyNet code. As a result, other attestation-based features (such as using the device as a security key) will still work.

ROM integration

Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module. See the ProtonAOSP website for more information.

Support

If you found this module helpful, please consider supporting development with a recurring donation on Patreon for benefits such as exclusive behind-the-scenes development news, early access to updates, and priority support. Alternatively, you can also buy me a coffee. All support is appreciated.

Comments
  • New Google Integrity API update breaks universal safetynet fix

    New Google Integrity API update breaks universal safetynet fix

    New Google Integrity API update breaks universal safetynet fix

    Describe the bug Google Play device is certified. YASNAC safety net passes. Google Pay is now Google Wallet which detects device as rooted regardless of safetynet pass status.

    To reproduce Steps to reproduce the behavior:

    1. Go to play store
    2. Update to Google Wallet
    3. Attempt to add payment method
    4. See error

    Expected behavior To be able to add payment method credit or debit card to new Google Wallet.

    Screenshots Screenshot_20220721-214651_Google Play services

    Device info Device model: Samsung Galaxy S22 Ultra SM-S908E Snapdragon Android version: 12 ROM name/version: Stock rom with Magisk and TWRP

    bug 
    opened by wiredroid 153
  • Biometrics on Samsung (S10, android 10)

    Biometrics on Samsung (S10, android 10)

    I know Samsung is heavily skinned. Hope we can still get some help, and have sent a few beers if that helps.

    Enabling the fix breaks 3rd party apps from using fingerprint sensor. Two things I noticed:

    1. after enabling the fix, one of those apps complained about "fingerprints have changed, please enroll again" or something to that effect

    2. system.prop in the fix's zip sets ro.boot.veritymode=enforcing and ro.boot.vbmeta.device_state=locked. However, if the fix is not enabled, getprop returns empty for those properties. Are these needed? What would happen if I tried to remove those lines from system.prop?

    Any other idea of what I could test?

    opened by gvb1234 106
  • Shim the keystore service instead of replacing it

    Shim the keystore service instead of replacing it

    This method is more portable, does not require a different executable for each Android version, and avoids breaking ROMs with heavy keystore customizations. It works by injecting a shared library into the keystore service and wrapping the Binder transaction handler in the generated AIDL interface.

    Because the actual attestKey implementation is statically linked into the keystore service executable, we can't hijack it directly without messy and error-prone code patching. Instead, we check each Binder transaction handled by the AIDL stub and hijack transactions with the TRANSACTION_attestKey code.

    In order to keep key attestation working for apps, we only block Google Play Services by checking the command line of the calling process through Binder. This is not infallible and can be spoofed, but it's much easier to do in C++ than looking up the calling UID's package name through PackageManagerService. There are no negative security implications as the only difference is a denied operation.

    We can't set LD_PRELOAD for the keystore service because Magisk modules start too late to modify its init.rc, so we inject the shim library as a dependency instead using patchelf and build it with the DF_1_GLOBAL ELF flag to make the dynamic linker prioritize it in symbol resolution.

    TRANSACTION_attestKey values and AIDL stub names by Android version:

    Android 10 - 11     (SDK 29-30): TX# 28, android::security::keystore::BnKeystoreService
    Android 9           (SDK 28   ): TX# 35, android::security::BnKeystoreService
    Android 7.0 - 8.1.0 (SDK 24-27): TX# 36, android::BnKeystoreService
    

    This needs testing in many different scenarios before it can be considered stable.

    Fixes #32.

    Blocked by #33.

    Scenarios and issues to test

    • 32-bit ARM devices
    • Heavy OEM skins
    • Samsung One UI
    • MIUI
    • Broken biometric authentication in apps
    • Unstable system (i.e. rebooting and/or crashing)
    opened by kdrag0n 66
  • ctsProfile check failed

    ctsProfile check failed

    Hi,

    I tried both 2.0.0 and 2.1.0 (preview) versions of safetynet-fix -- I still can't pass ctsProfile. Using XPrivacyLua works, so I expect the problem is on safetynet-fix side.

    opened by abbradar 35
  • Does not passes CTS profile match in android 12

    Does not passes CTS profile match in android 12

    After successfully installing latest module in magisk these are the output of SafetyNet test Safety Net Request success Response signature validation success Basic Integrity success CTS profile match fail

    bug 
    opened by crossdefalt 21
  • Oneplus 8T oxygen os 12 FOD error

    Oneplus 8T oxygen os 12 FOD error

    Describe the bug Oxygen os 12 FOD issue is present. Whenever flashing module the safety net fixes but FOD disappear

    To reproduce Steps to reproduce the behavior:

    1. Go to 'Magisk flash safety net fix module,after that reboot,then try to add fingerprint it'll not work'
    2. Click on 'fingerprint enrollment..'
    3. Scroll down to '.fingerprint enrollment.'
    4. See error

    Expected behavior Fingerprint should work after flashing module

    Screenshots If applicable, add screenshots to help explain your problem.

    Device info Device model: Oneplus 8T kb2005 Android version:12 ROM name/version: Oxygen OS 12 Stable build

    Logs Connect your phone to a computer and run adb logcat > issue.log. Attach the log file to this issue.

    Additional context Add any other context about the problem here.

    Checklist

    • [ ] All information is present
    • [ ] Logs are attached
    • [ ] I have tried installing and configuring [MagiskHide Props Config]https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf)
    bug 
    opened by assassinjahid 20
  • 2.1.0 Breaks Fingerprint Sensor - OP8T

    2.1.0 Breaks Fingerprint Sensor - OP8T

    Installing the latest release of safetynet-fix "breaks" the fingerprint sensor on the OnePlus 8T. After installing the finger print sensor will say hardware unavailable. Removing the module and rebooting will make the sensor function again. At first I thought it was just a coincidence, however I did get confirmation of this behavior on the 8T on the telegram group as well. Please let me know what other information I can supply that maybe helpful, it diagnosing this issue. I'll be happy to help.

    opened by ohioyj 20
  • Zygisk breaks Riru in new Canary Magisk

    Zygisk breaks Riru in new Canary Magisk

    Just a heads-up really.

    While Riru and Zygisk (as well as USNF 2.x.x) were working nicely together in vvb2060 Alpha Magisk before todays builds, Riru is now is broken with Zygisk w/ latest TJW commits in both Alpha and TJW's new Canary Magisk.

    John has just provided documentation for "Develping Zygisk Modules"

    "The Zygisk API and sample module is online! Start developing and testing Zygisk modules with the latest canary release 😀" https://github.com/topjohnwu/zygisk-module-sample

    Hope it helps. PW

    opened by pndwal 17
  • mod causing full phone lockup

    mod causing full phone lockup

    Phones I know of it doing it are 3a, 3a xl and 4a all running stock roms. It'll mostly happen when you plug the phone in to charge, but it'll also happen seemingly at random. I thought I was the one one having this issue until I decided to ask @Skittles9823 if he had any idea why WiFi would cause a lockup as it seemed to stop if you killed WiFi and or mobile data together

    image

    After finding out he had the same issue I was having I decided to ask in another group and found out they were having the same problem. So I started testing, I disabled the pixel launcher like I said in the picture and it didn't lockup for a few days, then last night it did. Well I had scoop running to try and grab the crash and I wasn't able to get a log of the issue. Well it didn't catch the lockup as the entire system locked up. I was able to grab some logs after it rebooted by dumb luck, I got WiFi off apparently mid crash and it grabbed all the logs and then locked up for a few seconds but then came out of it. These are those logs.

    gps.zip

    When I opened the log to read it to see if I could find whats causing it, they were all complaining about the keystore. So I asked the people I knew having the issue if they had your fix installed and they all did. One of them was using 2.0 instead of 1.1

    image

    I figured having the logs might be helpful

    opened by pbanj 17
  • Please explain the networking calls in v2.1

    Please explain the networking calls in v2.1

    First I would like to say how grateful I am to the contributions made to the community by the awesomely smart people (such as kdrag0n) who work so hard to bring these fixes and work-arounds to us.

    The early access (paid) version of safetynet-fix v2.1 contains obfuscated network calls which appear to connect to a backend controlled by kdrag0n and upload/download encrypted data.

    As this is not present in v2.0, is undocumented and with the module running with root access on a user's phone, this raises significant security concerns. Eg, how can anyone know that this is not malware?

    Please could this be explained? Thank you

    opened by huxley101 16
  •  under-display fingerprint sensor does not work on Oneplus KB2000 devices

    under-display fingerprint sensor does not work on Oneplus KB2000 devices

    Describe the bug under-display fingerprint sensor does not work

    To reproduce Steps to reproduce the behavior:

    1. open gpay
    2. press finger
    3. no response

    Expected behavior unlock by fingerprint

    Screenshots If applicable, add screenshots to help explain your problem.

    Device info Device model:Oneplus KB2000 Android version: 12 ROM name/version: Coloros 12.1

    Logs Connect your phone to a computer and run adb logcat > issue.log. Attach the log file to this issue.

    Additional context Add any other context about the problem here.

    Checklist

    • [x] All information is present
    • [ ] Logs are attached
    • [ ] I have tried installing and configuring [MagiskHide Props Config]https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf)
    bug 
    opened by jiang-yuan 13
  • fix CTS profile mismatch basic attestation without rooting ?

    fix CTS profile mismatch basic attestation without rooting ?

    Hello sir is there a way to fix CTS profile mismatch using twrp and not magisk module as i can't root the phone cuz of the many problems related to bank apps and magisk etc .. . . .

    can i do something like editing build.prop or somethng else

    Thanks

    opened by midozalouk 1
  • Added sys.oem_unlock_allowed prop reset

    Added sys.oem_unlock_allowed prop reset

    Makes bank apps and Google Pay happy, since even if the prop is otherwise spotless, those apps still wouldn't work because this prop is set to 1.

    Was the only thing that I had to do to get my bank app to allow biometric unlock, and Google Pay to let me add my payment cards

    opened by TheJebForge 0
  • Set shipping level to 32 for devices >=33

    Set shipping level to 32 for devices >=33

    If ro.product.first_api_level is 33, its forced to use HW attestation even though the safteynet checker app shows BASIC Setting it to 32 allows for software attestation and passing CTS

    Reference tweet: https://twitter.com/anirudhgupta109/status/1581187443478274048

    opened by anirudhgupta109 2
  • Fingerprint not working

    Fingerprint not working

    I have a one plus 7 pro with lineage OS. I have recently rooted it with magisk however the fingerprint to unlock the lock screen and creating new finger prints does not work. I have seen that there are fixes related to oxygen os / color os for the fingerprints with the safetynet-fix module however with this module as well as hide props config nothing works unfortunately. Would like some guidance thanks.

    opened by ghost 1
  • It's in not working on magisk 25.2

    It's in not working on magisk 25.2

    Describe the bug A clear and concise description of what the bug is.

    To reproduce Steps to reproduce the behavior:

    1. Go to '...'
    2. Click on '....'
    3. Scroll down to '....'
    4. See error

    Expected behavior A clear and concise description of what you expected to happen.

    Screenshots If applicable, add screenshots to help explain your problem.

    Device info Device model: Android version: ROM name/version:

    Logs Connect your phone to a computer and run adb logcat > issue.log. Attach the log file to this issue.

    Additional context Add any other context about the problem here.

    Checklist

    • [ ] All information is present
    • [ ] Logs are attached
    • [ ] I have tried installing and configuring MagiskHide Props Config
    bug 
    opened by bLACKbEAST0 0
Releases(v2.3.1)
  • v2.3.1(Jun 27, 2022)

    Changes

    Highlights

    • Fixed fingerprint on OxygenOS/ColorOS 12 (@osm0sis)
    • Support for Magisk 24+ module updates (@benjibobs)
    • Restored support for Android 7

    Other changes

    • Spoofed OnePlus OEM unlock status for futureproofing (@osm0sis)
    • Minor code improvements

    This version only supports Zygisk (Magisk 24 and newer).

    Donate

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support. Alternatively, you can also buy me a coffee. All support is appreciated :heart:

    Source code(tar.gz)
    Source code(zip)
    safetynet-fix-v2.3.1.zip(92.96 KB)
  • v2.2.1(Dec 23, 2021)

    Changes

    • Fixed under-display fingerprint sensor on Realme devices (thanks @osm0sis, @byxiaorun, @Jowat97)
    • Clarified definition of "basic attestation" in readme
    • Add check to prevent installation on unsupported Android versions (7.x and older)

    This version only supports Zygisk. See v2.1.3 for a Riru version.

    Donate

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support. Alternatively, you can also buy me a coffee. All support is appreciated :heart:

    Source code(tar.gz)
    Source code(zip)
    safetynet-fix-v2.2.1.zip(93.14 KB)
  • v2.1.3(Dec 23, 2021)

    Changes

    • Fixed under-display fingerprint sensor on Realme devices (thanks @osm0sis, @byxiaorun, @Jowat97)
    • Clarified definition of "basic attestation" in readme
    • Add check to prevent installation on unsupported Android versions (7.x and older)

    This version only supports Riru. See v2.2.1 for a Zygisk version.

    Donate

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support. Alternatively, you can also buy me a coffee. All support is appreciated :heart:

    Source code(tar.gz)
    Source code(zip)
    safetynet-fix-v2.1.3.zip(26.72 KB)
  • v2.2.0(Nov 16, 2021)

    Changes

    • Ported module to Zygisk
    • Fixed screen-off Voice Match in Google Assistant
    • Fixed poor microphone quality with Voice Match enabled on Pixel 5
    • Fixed At a Glance weather display on Android 12
    • Fixed At a Glance settings on Android 12

    This version only supports Zygisk. See v2.1.2 for a Riru version.

    Donate

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support. Alternatively, you can also buy me a coffee. All support is appreciated.

    Source code(tar.gz)
    Source code(zip)
    safetynet-fix-v2.2.0.zip(122.30 KB)
  • v2.1.2(Nov 16, 2021)

    Changes

    • Fixed screen-off Voice Match in Google Assistant
    • Fixed poor microphone quality with Voice Match enabled on Pixel 5
    • Fixed At a Glance weather display on Android 12
    • Fixed At a Glance settings on Android 12

    This version only supports Riru. See v2.2.0 for a Zygisk version.

    Donate

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support. Alternatively, you can also buy me a coffee. All support is appreciated.

    Source code(tar.gz)
    Source code(zip)
    safetynet-fix-v2.1.2.zip(26.63 KB)
  • v2.1.1(Sep 15, 2021)

  • v2.1.0(Sep 14, 2021)

    Changes

    • Fixed new SafetyNet CTS profile failures as of September 2, 2021
    • Added MagiskHide features that will be removed in future versions of Magisk

    Donate

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support. Alternatively, you can also buy me a coffee. All support is appreciated.

    Source code(tar.gz)
    Source code(zip)
    safetynet-fix-v2.1.0.zip(26.78 KB)
  • v2.0.0(Sep 6, 2021)

    Changes

    • Added support for heavy OEM skins (One UI, MIUI, etc.)
    • Added support for Android 12 Beta 4 and future versions
    • Fixed broken Play Services features other than SafetyNet
    • Fixed rare system freezes caused by Play Services breakage
    • Android 12: Fixed face unlock on Pixel 4 series
    • Added support for Android 7.0 and 7.1
    • Rewritten as a Riru module

    Donate

    If you found this helpful, please consider supporting development with a recurring donation for rewards such as early access to updates, exclusive behind-the-scenes development news, and priority support. Alternatively, you can also buy me a coffee. All support is appreciated.

    Source code(tar.gz)
    Source code(zip)
    safetynet-fix-v2.0.0.zip(25.39 KB)
  • v1.2.0(Jul 4, 2021)

  • v1.1.1(Jan 16, 2021)

    Changes

    • Removed security patch fixup to fix CTS profile mismatches on some devices

    Some devices will now need to use MagiskHide Props Config in addition to this module in order to pass CTS profile checks as part of basic attestation. Altering the CTS profile is no longer in scope for this module as it breaks more devices than it fixes.

    Donate

    If this module helped you, please consider a recurring donation for sustainable support, or alternatively buy me a coffee. Everything helps, but a recurring donation is the best way to keep the project alive in the long term.

    Source code(tar.gz)
    Source code(zip)
    safetynet-fix-v1.1.1.zip(705.64 KB)
  • v1.1.0(Jan 14, 2021)

  • v1.0.2(Jan 14, 2021)

  • v1.0.1(Jan 14, 2021)

Owner
Danny Lin
Android & full-stack web developer
Danny Lin
Somewhat Universal Widescreen Fix

SUWSF Somewhat Universal Widescreen Fix is intended to enable widescreen aspect ratios (e.g. 21:9, 32:9, 48:9) in games where it is unsupported. WARNI

Chris Yeninas 35 Oct 9, 2022
This is a library that can fix the crash on android 5.0 and 5.1 caused by modified utf8 converting.

FixModifiedUtf8ConvertError This is a library that can fix the crash on android 5.0 and 5.1 caused by modified utf8 converting. What's this On Android

Windy 1 Nov 23, 2021
Universal State Monitor software for home automation input devices

Universal State Monitor Copyright 2019-2021 SuperHouse Automation Pty Ltd www.superhouse.tv A binary state monitor for DIY home automation projects. T

SuperHouse Automation 3 Aug 24, 2021
Single source file ASTC texture decompression in C++ (derived from Google's open source Android project)

astc_dec astc_dec is a single source file ASTC texture decompressor with the Apache 2.0 license, derived from Google's open source Android sources. Th

Rich Geldreich 30 Oct 22, 2022
Identify I2C devices from a database of the most popular I2C sensors and other devices

I2C Detective Identify I2C devices from a database of the most popular I2C sensors and other devices. For more information see http://www.technoblogy.

David Johnson-Davies 20 Oct 14, 2022
A light-weight Flutter Engine Embedder based on HADK ,which for Android devices that runs without any java code

flutter-hadk A light-weight Flutter Engine Embedder based on HADK ,which for Android devices that runs without any java code 1.Build by android-ndk-to

null 12 Jun 15, 2022
First open source android modding library for Geometry Dash Based on Hooking-and-Patching-android-template

Android-ML First open source android modding library for Geometry Dash Based on Hooking-and-Patching-android-template Installation Download this githu

BlackTea ML 21 Jul 17, 2022
A repository for experimenting with elf loading and in-place patching of android native libraries on non-android operating systems.

droidports: A repository for experimenting with elf loading and in-place patching of android native libraries on non-android operating systems. Discla

João Henrique 25 Nov 25, 2022
A customized LGL Android mod menu, containing ESP only for PUBG Mobile 1.3.0 for Android

PUBG Mobile ESP Mod Menu A customized LGL mod menu, containing ESP only for PUBG Mobile 1.3.0 for Android. Everything are fixed so it works with both

null 42 Mar 19, 2022
A simple library that helps Android developers to execute JavaScript code from Android native side easily without using Webview.

AndroidJSModule A simple library that helps Android developers to execute JavaScript code from Android native side easily without using Webview. Insta

Hung Nguyen 5 May 24, 2022
Android NDK samples with Android Studio

NDK Samples This repository contains Android NDK samples with Android Studio C++ integration. These samples use the new CMake Android plugin with C++

Android 9.2k Dec 1, 2022
Decompilation of the Berry Fix Program included in Pokémon Emerald and FireRed/LeafGreen

Berry Fix This is a decompilation of the "Berry Program" multiboot image which comes compressed within Pokémon FireRed, LeafGreen, and Emerald. It is

null 8 Nov 13, 2022
null 295 Nov 29, 2022
Quick fix to iphone usb tethering with ios14 or higher for Linux kernel lower than 5.10.4

Quick fix to Linux Iphone USB tethering with IOS 14 or higher (Tested with ubuntu 18.04, kernel 5.4.0-65, if you fail in the build, please download yo

null 24 Sep 18, 2022
Fix for various issues in the PC port of Ace Attorney Chronicles.

Hackfix for a few issues in the PC port - Animation framerate can now be set to arbitrary rate. (defaults to 60 but can be freely adjusted in the ini

Admiral H. Curtiss 81 Oct 14, 2022
Wrapper DLL for NieR Automata (PC ver.) to disable LODs & fix AO issues

NieRAutomata-LodMod An XInput/DXGI wrapper DLL that hooks into NieR Automata (Steam ver.) and disables object LODs, improving visual quality & fixing

emoose 24 Jul 9, 2022
Windows 11 Drag & Drop to the Taskbar (Partial Fix)

Windows 11 Drag & Drop to the Taskbar (Partial Fix) This program partially fixes the missing "Drag & Drop to the Taskbar" support in Windows 11. In th

null 1.3k Nov 27, 2022
Windows 11 Drag & Drop to the Taskbar (Fix)

Windows 11 Drag & Drop to the Taskbar (Fix) This program fixes the missing "Drag & Drop to the Taskbar" support in Windows 11. In the best case, such

null 1.3k Nov 26, 2022
Fix some extrinsic parameter importing problems. 6-axis IMU works now. Lidar without ring works now.

LVI-SAM-MODIFIED This repository is a modified version of LVI-SAM. Modification Add function to get extrinsic parameters.The original code assumes the

null 86 Nov 9, 2022