Edit device fingerprint disabled что делать
How to Pass Magisk SafetyNet on Rooted Android 11
UPDATE 1 (FEB 17, 2021): Added the Instructions to Flash Universal SafetyNet Fix Magisk Module after spoofing Fingerprint to Pixel 3A.
In this guide, we will show you how to pass the Magisk SafetyNet on your rooted Android 11 device. One of the biggest perks of having an open-source OS like Android is the fact that you could carry out a plethora of tweaks and customizations. The only requirement is that your device’s bootloader needs to be unlocked. Once that is done, you could install custom ROMs, flash custom recoveries like TWRP, Pixel Experience Recovery, etc. Along the same lines, you could gain administrative rights or access to the system partition. This is done by rooting the device via Magisk (with TWRP or without TWRP– by patching stock boot.img).
Once you have achieved root, you could then flash tons on Magisk Modules, Xposed Framework, Substratum Themes, and plenty of other mods. However, these tweaks have some associated risks and caveats. When it comes to risk, if the steps aren’t performed correctly, then you could end up with a bootloop, soft-brick, or hard-bricked devices. In most instances, all these could easily rectified0 by flashing stock firmware via Fastboot or using the EDL mode in case of hard-brick. But all these are just one aspect. If we talk about the caveats or drawback, then there are quite a few. The most common issues result in the inability of various apps to function normally.
For example, banking apps like Google Pay will just refuse to work. Likewise, games like Pokemon Go will not function on a rooted device. Talking about Netflix, its Widevine L1 certification degrades to L3, hence you wouldn’t be able to watch videos in HD. In all these cases, there was a simple workaround, just hide the device unlock and root status via Magisk. But now, with the latest Android version, things have become a little more complicated. However, there does still exists a nifty workaround through which you pass the Magisk SafetyNet on your rooted Android 11 device. And this tutorial will show you how this could be achieved. Follow along.
What is the Magisk SafetyNet Issue on Android 11?
I would try to keep this entire explanation as simple as possible, without incorporating any technical jargon. SafetyNet was introduced by Google to keep a check on device tampering. That is, if you have performed any system-level tweaks or installed any custom binary, then this SafetyNet will be trigged. it would then warn the installed apps to proceed ahead with caution. The reason for the same is that unlocking any device or rooting it breaks the security guarantee that the OEM has to offer.
Your system partition is now easily accessible and hence could be accessed by unauthorized users. However, that usually doesn’t happen because the user who opts for these tweaks very well knows the risks associated with it and also how to fix any issue if he comes across. With that said, Google does its part and so do other apps. They simply check if SafetyNet has been tripped or not. If it has been, then the app will just refuse to function or work under limited capacity.
However, Magisk came with a pretty nifty method to bypass this restriction: you could easily hide root and unlock status from your device using a baked-in feature of Magisk. This way Safetynet wouldn’t be able to detect any modifications on your device and hence all the apps will function without any issues. But with the release of Android 11, things have taken a turn, and for worse! Up until now, SafetyNet only used two parameters to check if the device has any custom binaries installed or not. These were the ctsProfileMatch and basicIntegrity. However, there’s now a third parameter added to this list in the form of evaluationType.
evaluationType: Basic vs Hardware
It is due to this third parameter, Magisk wouldn’t be able to hide the unlocked bootloader status from your device. On the other hand, the root hiding would still work along the expected lines. So the apps that verify if your device’s bootloader is unlocked or not, will no longer be able to work on a rooted device.
But there does exist a handy workaround through which you could pass the Magisk SafetyNet on your rooted Android 11 device. This in turn will allow SafetyNet to return a False status- both for unlocked bootloader and root, although your device will be rooted and having an unlocked bootloader (well, obviously!). Follow along for the detailed instructions.
Does your device Support SafetyNet’s Hardware-based Attestation?
Before we list out the instruction steps, let’s make you aware of an important. There is a simple way of testing if your device supports the latest Hardware-based Attestation or not.
How to Pass Magisk Safety Net on Android 11 Root
Now that you are aware of the method to check for evaluationType/Hardware attestation, let’s check out the steps to pass the Magisk SafetyNet on your rooted Android 11 device. We have broken down the below steps into separate sections for ease of understanding. Follow along.
STEP 1: Enable MagiskHide
STEP 2: Randomizing Magisk Manager with another name
It’s now time to hide the Magisk Manager app from being identified by other apps. This in turn will be done by randomizing the app’s package name to any other name of your choice! As an example, I will be renaming it to Droidwin, so if any apps check for Magisk installation, they wouldn’t be able to find it since it has been masked under the DroidWin name. Sounds impressive, right? Well, it definitely is! Here’s what needs to be done in this regard:
Do keep in mind that the first time you laucnh Magisk (by tapping on the name that you had given), Magisk will ask for an upgrade. Just tap on OK and wait for a few seconds. It will do the required backend work and will then boot up the Magisk Manager app for you. It is just one time process, next time onewards you could directly open the app.
STEP 3: Hide Magisk SafetyNet from Google Apps, Services, and Frameworks
Just to be double sure, we would also be hiding the apps from the Google ecosystem. Here’s how:
STEP 4: Spoofing your Device Fingerprints to Pixel 3A
Finally, it’s now time to change your device fingerprint identification and spoof it to Pixel 3A. But why? Well, this is because Pixel 3A was the last device in the Pixel series to use the old SafetyNet attestation method, which Magisk can hide from. So SafetyNet will hence perform its search using the old method itself and it wouldn’t be able to identify any system-level tweaks on your device. With the explanation now clear, here are the instructions to carry out this task:
STEP 5: Flash Universal SafetyNet Fix Magisk Module
So I went through all of your comments and it turns out that there are some users who aren’t able to pass the SafetyNet test on their rooted Android 11. It all seems to boil down to this hardware-backed attestation method. Here is what is actually happening with most users/ In order to verify and validate the CTS profile, Google Play Services is opting for the more stringent hardware-backed attestation even if you have selected the basic attestation.
So it seems that Google is straightaway neglecting the report from the SafetyNet Attestation API that the device is using basic attestation and is rather directly going for the hardware-backed attestation. But thanks to XDA Senior Member kdrag0n he has managed to bypass this limitation as well, that too via a magisk Module. With that said, you still need to complete the first four steps mentioned above and then only should try out the instructions mentioned below.
So this was from this guide on how to fix the how to pass the Magisk SafetyNet on your rooted Android 11 device. If you have any queries, do let us know in the comments section below. We will get back to you with a solution at the earliest.
About Chief Editor
Sadique Hassan
A technical geek by birth, he always has a keen interest in the Android platform right since the birth of the HTC Dream. The open-source environment always seems to intrigue him with the plethora of options available at his fingertips. “MBA by profession, blogger by choice!”
Google Pay и root права — как запустить и начать пользоваться
Google Pay и root права несовместимы. Приложение не установится из-за невозможности проверить устройство на соответствие стандартам безопасности. Тут на помощь придут способы, скрывающие рут.
Что такое рут-права, и на что они влияют
Под рутом подразумевается ничто иное, как профиль главного администратора. При получении Root-прав пользователь овладевает “суперспособностями”, он может пользоваться всеми скрытыми функциями смартфона, которые другим недоступны. Это:
Все это прельщает, но есть и обратная сторона медали.
После “рутирования” гаджета все программы перестают работать изолированно. То есть, файлы могут самостоятельно удаляться, редактироваться и т.д.
Если подробнее, то после получения рут-прав:
Случиться может все что угодно, поэтому перед установкой подумайте, действительно ли вам нужен root-доступ.
Можно ли установить Google Pay, если на телефоне есть root-права
Сервис бесконтактной оплаты Гугл Пей активировать не получиться, если на смартфоне имеются рут-права. Уже в момент скачивания программы от Google Pay придет оповещение о невозможности произвести задуманное действие.
Если удалять рут с гаджета не хочется, можно просто скрыть его. Для этого есть несколько способов.
Обязательно ли скрывать рут от Андроид Пей
Одним из главных условий свободного использования приложения Google Pay является отсутствие на смартфоне рута. Это требование объясняется стремлением компании Гугл обезопасить устройство от вредоносного программного обеспечения, способного похищать информацию пользователя, а также воровать его деньги. Таким образом, при наличии root-прав на смартфоне юзер попросту не сможет оплачивать товары и услуги бесконтактно.
Решить эту проблему пользователь может, скрыв root от Android Pay. Если человек не может обойтись без рута и Гугл Пэй, то ему потребуется воспользоваться одним из способов, позволяющих скрыть факт разблокировки загрузчика. Если пропустить этот шаг, то операционка просто не даст установить на смартфон приложения Гугл Пэй из-за наличия на смартфоне root-прав.
При этом можно будет полностью обойтись без удаления root. Юзеру нужно будет просто с помощью некоторых уловок скрыть от программы факт разблокировки загрузчика. Правда, решить этот вопрос простым сбросом настроек гаджета не получится.
Как обойти блокировку
Скрыть root от Гугл Пей можно при помощи некоторых приложений, модулей, временного отключения прав суперпользователя.
Применение Xposed и модуля RootCloak
Здесь нужно участие Xposed. Пользователь должен:
Программа Гугл Пей должна включиться, не увидев рутированное устройство. Если это не произошло, то можно воспользоваться другим модулем — «No Device Check». Он всегда отсылает на сервер Гугл положительный ответ о проверке безопасности телефона, вводя его таким образом в заблуждение.
После таких нехитрых манипуляций бесконтактная оплата должна заработать.
Также допускается воспользоваться модулем No Device Check. Он также помогает установить Гугл Пей, скрывая на телефоне рут-права.
Обход официального ПО
Первоначально задача пользователя — жестко перезагрузить смартфон. Название подобной очистки Hard Reset. Тут система сбросит все, до заводских настроек. Предварительно обязательно сделайте резервную копию.
После придерживайтесь следующих шагов:
После можно отключать ПК от телефона и устанавливать Гугл Пей.
Отключение рут на время
Тут придется временно отключить root. После установки Гугл Пей и загрузки в него карт можно снова вернуть на телефон права суперпользователя.
Имейте в виду! Все получиться, только если у вас стоит SuperSu.
После будет работать и Гугл Пей и рут-права останутся на смартфоне.
Использование командной строки
Чтобы воспользоваться этим способом, на смартфоне с рут правами, потребуется проделать следующие шаги:
Их лучше копировать чтобы не сделать ошибку при вводе.
Готово, теперь права суперпользователя не будут видны для программы Андроид Пей.
Помощь Magisk
Утилита Magisk также поможет установить Гугл Пей с правами рут. Исключением являются владельцы гаджетов Google Pixel, Pixel XL. На таких смартфонах способ буден нерезультативен.
Вначале посмотрите, чтобы у вас был:
Также немаловажно сделать резервную копию данных.
Если у вас MagiskSU или SuperSU, то ход действий будет таким:
При наличии другого рута сделать ничего не получится. Придется от него избавиться и установить один из двух приведенных в пример выше (MagiskSU или SuperSU).
Для удаления понадобится специальный скрипт. Скачать его можно тут http://4pda.ru/forum/index.php?showtopic=318487&st=420#entry60775238. Запускается через Clockworkmod Recovery.
Удалить можно только:
После установки утилиты Magisk приходит очередь скрытия рут-прав. Для этого:
При правильно выполненных действиях бесконтактный сервис установится даже на рутованном телефоне.
Инструменты TWRP, Magisk, Terminal Emulator
Чтобы каждый раз не бороться с обновлением гугла, отключите автообновления Google Play Service (сервисов Google Play) и Google Pay.
Если после всех испробованных способов установить рут не выходит, найдите другие причины проблемы. Может быть ваш смартфон имеет неофициальную прошивку или нужно скрыть разблокированный загрузчик.
Заключение
Есть несколько способов, которые дадут возможность пользователю установить Гугл Пей на телефоне с рут-правами. Это программа Magisk, модуль RootCloak, обход официального ПО и временное отключение root. Они позволят пользоваться бесконтактной оплатой и дальше продолжать пользоваться преимуществами, которые дает профиль главного администратора.
Breadcrumb
Didgeridoohan
Senior Moderator / Dev Committee / Dev Relations
What’s this?
If you are wondering anything about what this module can do and how it works or if you’re experiencing issues of some kind, take a look at the documentation on GitHub and see if whatever you wonder about is covered there (most things are). If they’re not, look again and then post in the thread.
If you’re wondering about the latest and greatest after an update, take a look at the changelog and accompanying release notes.
Usage
After installing and rebooting, run the command props in terminal (you can find a terminal emulator on F-Droid or in the Play Store), and then follow the instructions to set your desired options (also see the documentation on GitHub). You might have to call su before running the command.
Credits and mentions
@topjohnwu, for Magisk
@Zackptg5, @veez21 and @jenslody, for help and inspiration
@Some_Random_Username for all the OnePlus fingerprints
@Displax, for all the prints and the basic attestation workaround.
@ipdev, for being always helpful, bringing tons of fingerprints to the module list and the mHideGP script.
And of course, everyone that provides fingerprints for me to add to the list. The module wouldn’t be the same without you guys. Thank you!
Previous releases
Any previous releases can be found on GitHub.
Releases up until v2.4.0 are compatible with Magisk v15 to v16.7.
Releases from v2.4.1 are compatible with Magisk v17 to 18.1.
Releases from v4.0.0 are compatible with Magisk v19+.
Releases from v5.0.0 are recommended for Magisk v19.4+.
Releases from v5.2.5 will only install on Magisk v20+.
Releases from v5.4.0 will only install on Magisk v20.4+.
The current release is attached below:
Attachments
Didgeridoohan
Senior Moderator / Dev Committee / Dev Relations
Didgeridoohan
Senior Moderator / Dev Committee / Dev Relations
Current fingerprints list version
The fingerprints list will update without the need to update the entire module. Keep an eye on this thread for info about updates.
Edit device fingerprint disabled что делать
MagiskHide Props Config
By Didgeridoohan @ XDA Developers
The current release is always attached to the OP of the module support thread. Any previous releases can be found on GitHub.
After installing the module and rebooting, run the command props (as su) in a terminal emulator (you can find a one on F-Droid or in the Play Store), and follow the instructions to set your desired options.
Spoofing device’s fingerprint to pass the ctsProfile check
If your device can’t pass SafetyNet fully, the CTS profile check fails while basic integrity passes, that means MagiskHide is working on your device but Google doesn’t recognise your device as being certified.
This might be because your device simply hasn’t been certified or that the ROM you are using on your device isn’t recognised by Google (because it’s a custom ROM).
To fix this, you can use a known working fingerprint (one that has been certified by Google), usually from a stock ROM/firmware/factory image, and replace your device’s current fingerprint with this. You can also use a fingerprint from another device, but this will change how your device is perceived.
There are a few pre-configured certified fingerprints available in the module, just in case you can’t get a hold of one for your device. If you have a working fingerprint that could be added to the list, or an updated one for one already on there, please post that in the module support thread toghether with device details.
Can I use any fingerprint?
It’s possible to use any fingerprint that’s certified for your device. It doesn’t have to match, either device or Android version. If you don’t use a fingerprint for your device, the device might be percieved as the device that the fingerprint belongs to, in certain situations (Play Store, etc). The Android version doesn’t matter much, and if you’re using a ROM with an Android version much newer than what is officially available for your device, you are going to have to use an older fingerprint if you want to use the one for your device. But, like already stated, that doesn’t really matter.
Finding a certified fingerprint
The getprop method
If you don’t want to use one of the provided fingerprints, you can get one for your device by running the getprop command below on a stock ROM/firmware/factory image that fully passes SafetyNet.
If you’re already on a custom ROM that can’t pass the CTS profile check, this might not be an option. Head over to your device’s forum and ask for help. If someone can run the getprop command on their device for you, you’re good to go. Or, you can try the other method described below.
The stock ROM/firmware/factory image method
Another way to find a certified fingerprint is to download a stock ROM/firmware/factory image for your device and extract the fingerprint from there.
You can find the file to download in your device’s forum on XDA Developers (either as a firmware file, a proper stock ROM, or in the development section as a debloated stock ROM), from the manufacturer’s website, or elsewhere on the great interweb (just remember to be careful when downloading unknown files, it’s dangerous to go alone!).
Once you have the file downloaded, there are several different ways that the fingerprint can be found. In all cases you’ll have to access the file somehow, and in most cases it’s just a matter of unpackaging it. After that it depends on how the package is constructed.
Take a look below for an example of what a device fingerprint looks like.
Custom fingerprints list
I still can’t pass the ctsProfile check
If you’ve picked a certified fingerprint from the provided list, or you’re using a fingerprint that you know is certified but still can’t pass the ctsProfile check, try one or more of the following:
Keeping your device «certified»
If you’re using a custom ROM, the chances of it being perceived as uncertified by Google are pretty high. If your ROM has a build date later than March 16 2018, this might mean that you can’t even log into your Google account or use Gapps without whitelisting your device with Google first.
Magisk, and this module, can help with that.
Before setting up your device, install Magisk, this module and use the configuration file described below to pass the ctsProfile check. This should make your device be perceived as certified by Google and you can log into your Google account and use your device without having to whitelist it. Check here for usable fingerprints (only use the part to the right of the equal sign).
If you’re having issues getting your device certified, take a look in the Magisk troubleshooting guide linked below.
Current fingerprints list version
The fingerprints list will update without the need to update the entire module. Keep an eye on the module support thread for info.
Some apps and services look at the actual files, rather than the set prop values. With this module feature you can make sure that the actual prop in build.prop and default.prop is changed to match whatever value the prop has been set to by either MagiskHide or the module. If there’s a prop value set by the module (see «Set/reset MagiskHide Sensitive props» below), that value takes precedence.
Set/reset MagiskHide Sensitive props
By default, if MagiskHide detects certain sensitive prop values they will be changed to known safe values. These are currently:
If, for some reason, you need one or more of these to be kept as their original value (one example would be resetting ro.build.type to userdebug since some ROMs need this to work properly), you can reset to the original value with this module. Keep in mind that this might trigger some apps looking for these prop values as a sign of your device being rooted.
Change/set custom prop values
It’s quite easy to change prop values with Magisk. With this module it’s even easier. Just enter the prop you want to change and the new value and the module does the rest, nice and systemless. Any changes that you’ve previously done directly to build.prop, default.prop, etc, you can now do with this module instead.
Removing prop values
If you would like to delete a certain prop value from your system, that can be done with the Magisk resetprop tool. With this module you can easily set that up by adding whatever prop you want removed to the «Delete props» list. Be very careful when using this option, since removing the wrong prop may cause isses with your device. See «Device issues because of the module» below if this happens.
Prop script settings
It’s possible to move the execution of the boot script from the default late_start service to post-fs-data.d. This is required for the SafetyNet fix and custom props to work on some ROM/device combinations (known: LineageOS 15.1). The reason late_start service is default is that it’s best to try to keep the number of scripts running during post-fs-data mode as low as possible, but if late_start service doesn’t work, it needs to run in post-fs-data instead.
This option will disable or enable colours for the props script.
Fingerprints list check
You can use a configuration file to set your desired options, rather than running the props command. Download the settings file or extract it from the module zip (in the common folder), fill in the desired options (follow the instructions in the file), place it in /cache (or /data/cache if you’re using an A/B device) and reboot.
This can also be done directly at the first install (through Manager or recovery) and even on a brand new clean install of Magisk, before even rebooting your device. Upon detecting the file, the module boot script will load the configured values and then delete the the configuration file. Instant settings.
Setting up the module on a clean ROM flash
After having made a clean ROM flash, the configuration file can be used to set the module up as you want without even having to boot first. Just flash the ROM, Magisk and then the module. If you then place a configuration file with your desired settings (fingerprint, custom props, etc) in /cache (or /data/cache if you’re using an A/B device), this will be loaded during the first boot. It is possible that this won’t work an all device/ROM combinations. If you experience issues, let the ROM boot once before setting everything up.
Miscellaneous MagiskHide issues
If you’re having issues passing SafetyNet, getting your device certified, or otherwise getting MagiskHide to work, take a look in the Magisk and MagiskHide Installation and Troubleshooting Guide. Lots of good info there (if I may say so myself).
But first: have you tried turning it off and on again? Toggling MagiskHide off and on usually works if MagiskHide has stopped working after an update of Magisk or your ROM.
Issues, support, etc
If you have questions, suggestions or are experiencing some kind of issue, visit the module support thread @ XDA.
I can’t pass the ctsProfile check
I can’t pass the basicIntegrity check
This module can only really help with the ctsProfile check, by spoofing the device fingerprint. If you can’t pass basicIntegrity, there’s probably something else going on with your device. See «Miscellaneous MagiskHide issues» above.
Props don’t seem to set properly
If it seems like props you’re trying to set with the module don’t get set properly (ctsProfile still doesn’t pass, custom props don’t work, etc), go into the script options and change the execution of the boot script to post-fs-data. See «Boot stage» above.
Device issues because of the module
In case of issues, if you’ve set a prop value that doesn’t work on your device causing it not to boot, etc, don’t worry. There are options. You can follow the advice in the Magisk troubleshooting guide to remove or disable the module, or you can use the module’s built-in options to reset all module settings to the defaults.
Place a file named reset_mhpc in /cache (or /data/cache on A/B devices) and reboot.
It is possible to use this in combination with the configuration file described above to keep device fingerprint or any other settings intact past the reset. Just make sure to remove any custom props that might have been causing issues from the configuration file.
The logs will also automatically be saved to the root of the device’s internal storage if there’s an issue with the module scripts.
If you can’t run the props script for some reason, the logs are also stored in /cache (or /data/cache for A/B devices). The Magisk log and any files starting with «propsconf» would be useful for troubleshooting (if you don’t use the «Collect logs» option mentioned above). Providing the output from terminal might also be useful.
If you have the latest beta release of Magisk installed, the «magisk_debug.log» is also useful. If there’s no new beta released, there’s always a beta version of the latest stable Magisk release (the only difference is the more verbose logging), so that you can collect the debug log.
@topjohnwu @ XDA Developers, for Magisk
@osm0sis, for his busybox binaries
@Zackptg5, @veez21 and @jenslody @ XDA Developers, for help and inspiration