Safetynet Fix is no longer working

[RamuSriram]

CTS profile match is being failed

Steps to reproduce the behavior:

1. Go to 'YASNAC app'
2. Click on 'Check'
3. See error - CTS profile match will be failed

Device info Device model: OnePlus 9RT Android version: Android 13

[adamerso]

I've got same issue :(

[mininmobile]

same here :( it used to be so slick it even worked w/ google pay

attestation fail	google pay fail

[mininmobile]

CTS profile match is being failed

Steps to reproduce the behavior:

1. Go to 'YASNAC app'

2. Click on 'Check'

3. See error - CTS profile match will be failed

Device info Device model: OnePlus 9RT Android version: Android 13

do you have google play services v23.26.17 too?

might be able to continue for a bit by using a google play services version a few versions before, whatever it was

[mininmobile]

probably related to these updates a week ago https://developers.google.com/android/guides/releases

[mattgyver-it]

Same issue here. ~~CTS Profile mismatch~~ on Lineage20 on OnePlus 8 Pro, after sunday's (8/6) nightly release. google play services v 23.30.13

[PeterNjeim]

1. Download latest Release of https://github.com/Displax/safetynet-fix/releases
2. Install in Magisk (no need to uninstall kdrag0n safetynet-fix)
3. Reboot
4. ???
5. Profit

[mininmobile]

that's nice

edit: seems to have been patched and does not work for me :(

[mattgyver-it]

I have the 2.0 mod version and that isn't helping.

CTS profile matches. Passes basic integrity, but fails strong integrity, which is needed for some apps.

/

[mattgyver-it]

[mattgyver-it]

[mattgyver-it]

I even installed Shamiko, just to see if that would help. It has to be the strong integrity check failing. Without that passing, I can't use my security apps for work. I'm using an old Pixel XL just so I can get into my servers using MFA.

[PeterNjeim]

I wasn't aware an app could just choose to not use basic integrity, thought that was Google's choice. The whole point of safetynet-fix is to force basic attestation, as hardware attestation isn't spoofable

[mattgyver-it]

I don't know.. All I know is I did a LineageOS update on Sunday evening, and Monday morning, my security MFA app won't work because it sees I'm rooted with an unlocked bootloader. CTS Profile was showing as a mismatch initially. I have everything set in the DenyList in Magisk, and it was working fine on Friday. the only thing that changed over the weekend was the lineage update.

[mattgyver-it]

ugh..... tested a little more now that I got caught up on some work stuff. It's Duo Mobile that's the issue. I downgraded to 4.39.0, and it's working fine. Apparently their 4.4x.x versions can detect root/tamper even when magisk is hidden... https://help.duo.com/s/article/introducing-tampered-devices?language=en_US

[PeterNjeim]

Yup, it says on that page that they switched from Safetynet to Play Integrity (PI) after that version, making this Magisk module useless for it. There was an exploit to pass strong integrity for PI but it was patched 2 days ago.

If you have a paid Duo plan you can modify the tampered devices policy in the Global Policy settings, otherwise yeah just stick to the old version

[mattgyver-it]

Heh, trying to convince my bosses to do that is going to be difficult. I'll stick with the old version for now. Sorry for the false alarm!

[LuminarySage]

I have the 2.0 mod version and that isn't helping.

CTS profile matches. Passes basic integrity, but fails strong integrity, which is needed for some apps.

/

Downgrading to v2.4.0 mod 1.3 fixed it for me

[mattgyver-it]

I have the 2.0 mod version and that isn't helping. CTS profile matches. Passes basic integrity, but fails strong integrity, which is needed for some apps. /

Downgrading to v2.4.0 mod 1.3 fixed it for me

For most apps, that should be all that's needed. 1.3 didn't work for my use case as the latest version of the duo app itself is looking at integrity, not safetynet.

[LuminarySage]

I have the 2.0 mod version and that isn't helping. CTS profile matches. Passes basic integrity, but fails strong integrity, which is needed for some apps. /

Downgrading to v2.4.0 mod 1.3 fixed it for me

For most apps, that should be all that's needed. 1.3 didn't work for my use case as the latest version of the duo app itself is looking at integrity, not safetynet.

Ah you must have not faced the latest problem with 2.0 then. 2.0 doesn't even pass device integrity for me so I had to downgrade

[mininmobile]

that's nice

edit: seems to have been patched and does not work for me :(

UPDATE: i just gave up and left 2.4 mod 1.3 on for a few days and it fixed itself no problem, google pay set up and i could use it just like before

still do not have strong integrity but i'm pretty sure i didn't before so shmeep

[MaxSMokeSkaarj]

Hello, is fix founded?

[blue-pine]

Same with me

[entr0pia]

MOD_1.3 works for me

[idanny76]

This safetynet mod 2.0 fix is working for me. https://github.com/Displax/safetynet-fix

[Jugrnot]

This safetynet mod 2.0 fix is working for me. https://github.com/Displax/safetynet-fix

BINGO! Thank you!!

[Xris65]

I'm having trouble with the fix, I've tried basically every safetynet-fix (2.4.0, Displax's safetynet-fix 2.0 , etc) and basically what happens is that all google apps (chrome, play store, wallet, etc) just don't respond at all and keep crashing over and over. Once I uninstall the module, they seem to be working perfectly.. Anyone else having this issue ?

[LuminarySage]

I'm having trouble with the fix, I've tried basically every safetynet-fix (2.4.0, Displax's safetynet-fix 2.0 , etc) and basically what happens is that all google apps (chrome, play store, wallet, etc) just don't respond at all and keep crashing over and over. Once I uninstall the module, they seem to be working perfectly.. Anyone else having this issue ?

Don't use mod 2.0. Use 1.3 instead for now

[Xris65]

I'm having trouble with the fix, I've tried basically every safetynet-fix (2.4.0, Displax's safetynet-fix 2.0 , etc) and basically what happens is that all google apps (chrome, play store, wallet, etc) just don't respond at all and keep crashing over and over. Once I uninstall the module, they seem to be working perfectly.. Anyone else having this issue ?

Don't use mod 2.0. Use 1.3 instead for now

Thanks for the reply, I have used 1.3 and it doesn't hang the apps, but neither basic integrity nor CTS profile check pass.. Can it be because I'm using MIUI stock rom on a unlocked bootloader? Or maybe because I'm using LSPosed ? What else could be causing this ?

[Xris65]

Ok just for update, I fixed the issue. I reinstalled the ROM and right after the installation I installed the safetynet-fix aswell as shamiko and LSPosed. It didn't cause an issue. So if anyone else if having the same issue, just re-flash the ROM and install safetynet-fix RIGHT AFTER INSTALLATION. If you don't do it right after the installation, it seems to be causing problems.

[omgiafs]

Just FYI. OnePlus8 IN2015. Root, Magisk 26.3.

With v2.4.0-MOD_2.0 installed - all SafetyNet checks passed successfully.

Basic integrity :heavy_check_mark: PASS CTS Profile match :heavy_check_mark: PASS Evaluation type BASIC