SafetyNet pass disabling


MikeZh

Members
29 Mar 2023
9
5
Hello!

As I know there is the ROM attestation fix ("SafetyNet passed (Google Pay)" from FAQ). What should I do to disable (or to remove) SafetyNet pass fix provided be the xiaomi.eu ROM?

The problem is YASNAC's timeout while attestation checking. After the reboot there are minutes (or even hours) when SafetyNet and PlayIntegrity checking work fine, but later there is "Attestation response timeout" and nothing helps to make it workable again. So there is an opinion to disable the ROM's fix and try the Magisk modules fixes only.

Maybe there is an another way to do with "Attestation response timeout", so please feel free to suggest - I'm a bit tired to guess the reason
 
The answer to your question is no, there is no way to disable or remove our SafetyNet workaround.
 
there is no way to disable or remove our SafetyNet workaround.
Our opinion is to not use Magisk at all..
UPD: seems Google have updated their own Services to provide more effective checking routines. So your SafetyNet workaround stopped working from the box in xiaomi.eu ROMs. But the other way to use Magisk + USNF cannot be used due to your ROM's SafetyNet workaround behavior. I'm trapped in a vicious circle and hope there is a way to break this.
 
you still can flash official ROM and lock your bootloader..
 
UPD: seems Google have updated their own Services to provide more effective checking routines. So your SafetyNet workaround stopped working from the box in xiaomi.eu ROMs. But the other way to use Magisk + USNF cannot be used due to your ROM's SafetyNet workaround behavior. I'm trapped in a vicious circle and hope there is a way to break this.
Did it though? I can still pass SafetyNet.
 
  • Like
Reactions: mik101
I still pass SafetyNet too.
Using Magisk along with LSposed and Shamiko to hide root from:
Google Play Store (com.android.vending)
Google Play Services (com.google.android.gms)
Google Services Framework (com.google.android.gsf)
And also YASNAC
 
I still pass SafetyNet too.
Using Magisk along with LSposed and Shamiko to hide root from:
Google Play Store (com.android.vending)
Google Play Services (com.google.android.gms)
Google Services Framework (com.google.android.gsf)
And also YASNAC
If you use Magisk, you can just use the built-in DenyList for these apps and it'll pass as well.
 
  • Like
Reactions: kcorrea1 and mik101
I still pass SafetyNet too.
Using Magisk along with LSposed and Shamiko to hide root from:
Google Play Store (com.android.vending)
Google Play Services (com.google.android.gms)
Google Services Framework (com.google.android.gsf)
And also YASNAC
You don't even need to go that far. On some devices having them in the deny list is enough, or the Universal SafetyNet Fix plugin still works (2.4.0). No need for LSposed or Shamiko.
 
You don't even need to go that far. On some devices having them in the deny list is enough, or the Universal SafetyNet Fix plugin still works (2.4.0). No need for LSposed or Shamiko.
I wouldn't advice using Universal SafetyNet Fix with our ROMs. It touched props that it should never have touched, and creates a race condition with our workaround.
 
  • Like
Reactions: mik101
I wouldn't advice using Universal SafetyNet Fix with our ROMs. It touched props that it should never have touched, and creates a race condition with our workaround.
Oh yeah? I've been using it with .EU for as long as I can remember. What are the symptoms/effects? I'll have to take a look at my logs when I get a chance.

Edit: Everything is still working fine on the current dev build with the SafetyNetFix removed. Not sure why I was getting "uncertified" in some older builds without it. Thanks Igor.

Edit2: Poco F3 does fail YASNAC without the SafetyNetFix installed, even if YASNAC included in the deny list, but all of my apps that historically caused issues continue to work fine -- Samsung Pay, WestJet, Google Play Store, banking and hotel apps. Netflix is still available in the play store etc. So I'll try without it for a while and see how things go.
 
Last edited:
Oh yeah? I've been using it with .EU for as long as I can remember. What are the symptoms/effects? I'll have to take a look at my logs when I get a chance.
Hard to say for sure, it's simply not needed.
One change it does is to prop ro.boot.hwc=GLOBAL which is not valid (on Xiaomi devices it's GL or CN) which will force global device name in camera watermark even on Chinese models, among other possible side effects, we can't possibly know all of the cases where this prop is checked, but touching it is not even needed for SafetyNet.
The module might also mess up how the device is identified by Google Play services.
 
  • Like
Reactions: mik101
Hard to say for sure, it's simply not needed.
One change it does is to prop ro.boot.hwc=GLOBAL which is not valid (on Xiaomi devices it's GL or CN) which will force global device name in camera watermark even on Chinese models, among other possible side effects, we can't possibly know all of the cases where this prop is checked, but touching it is not even needed for SafetyNet.
The module might also mess up how the device is identified by Google Play services.
Is it supposed to be GL or CN on a Global Poco F3 running the latest MIUI14 dev? Ill change it from terminal. Or I guess I can just reflash the ROM from Friday/Saturday to get the same result, since the USNF may have played with other props as well and do some more testing. But I can concur so far that YASNAC is failing the checks without USNF installed.
 
In my phone Safetynet stops working for minutes after reboot. And YASNAC says Attestation attempts timeout.
I guess I somehow haven't run into that issue. Currently testing without USNF installed and all of my apps still work correctly, even those I used to require USNF for. Google Play Store still says certified, but YASNAC fails both basic integrity and cts match profile checks. Testing on a Poco F3 on this week's dev build.
 
I guess I somehow haven't run into that issue. Currently testing without USNF installed and all of my apps still work correctly, even those I used to require USNF for. Google Play Store still says certified, but YASNAC fails both basic integrity and cts match profile checks. Testing on a Poco F3 on this week's dev build.
This means you have no problems at the moment. Play Services check the integrity (== safetynet attestation) via a periodically push message starting the update, so there is just the period to use a previously generated token. And the other apps do similar like checking the integrity during registration. You can checks this for example with McDonalds app: it provides the checks at registration and at the qt generation for propositions.

Also could you please check this. Install YASNAC while USNF using, reboot the phone and try to test. The results will be OK. Use the phone as usual but try not to reboot. Since last reboot check YASNAC for example every hour. For me during one day (24h) YASNAC starts to show "Attest timeout". So since that moment you are not able to use any app checking the attestation right now. McDonalds app even not to be registered (401.2 or .3 error). Then revolt and the all of this will be OK for the minutes or hours.
 
This means you have no problems at the moment. Play Services check the integrity (== safetynet attestation) via a periodically push message starting the update, so there is just the period to use a previously generated token. And the other apps do similar like checking the integrity during registration. You can checks this for example with McDonalds app: it provides the checks at registration and at the qt generation for propositions.

Also could you please check this. Install YASNAC while USNF using, reboot the phone and try to test. The results will be OK. Use the phone as usual but try not to reboot. Since last reboot check YASNAC for example every hour. For me during one day (24h) YASNAC starts to show "Attest timeout". So since that moment you are not able to use any app checking the attestation right now. McDonalds app even not to be registered (401.2 or .3 error). Then revolt and the all of this will be OK
I have NEVER had an issue with the McDonalds app with USNF installed in the past year. And when I'm on the road, it gets used more than it probably should lol.
 
I'm on the latest weekly build on my Mi 11 Ultra.

I'm rooted via Magisk and use the Universal Safetynet Fix module.

Have no issues that I can tell honestly.

I'll continue to use it till something breaks.

Can't stand ads at all and hence need root.

--
Sent from my M2102K1G
 
Hello
Can you help me
I have my Xiaomi 12T Pro with Root (with miui 14 global), but I am unable to certify google play.
I have tried safetynet and LSPosed. And it keeps telling me with is not certified.
I have everything checked in google play and play store services.
Thanks