New Stable 12.0.8 Google Play Store Uncertified and CTS Profile just Failed - Redmi K30 Pro Zoom


jimlwk

Members
11 Sep 2020
3
13
Hi, would like to report this bug that Play Store and CTS Profile match failed on 17 Oct 2020. Previously, it was all fine. I am guessing Google might have detected something within the rom recently. So as of now, Google Pay cannot work.

I tried to use Magisk Hide, MagiskHide Prop Config and managed to get Google Pay to work BUT my other security apps (like Mcdonald's and another national security app) detected the Root no matter what I did.

Personally, I didn't wanna explore deeper into this Rooting stuff as it's taking alot of my time.

Just wanna use EU ROM without root so hope the devs can look into this issue asap.

EU ROM: 12.0.8
Phone: Redmi K30 Pro Zoom
Main Issue: Google Play Store is not certified. Safetynet CTS Profile Match Fail.
 
Same here on Mi 9 Lite.
Xiaomi.eu stable 12.0.2.
I don't use any kind of root.
Screenshot_2020-10-22-15-36-18-803_org.freeandroidtools.safetynettest.jpgScreenshot_2020-10-22-15-38-19-695_com.android.settings.jpg
 
[September 2021] New workaround: https://xiaomi.eu/community/threads...k-xiaomi-eu-rom-with-magisk.63158/post-628631

;)

[Jan 2021]: Workaround to fix SafetyNet on "old" xiaomi.eu ROMs (=all ROMs released before January, 13th 2021) => It's recommended to use the Magisk method:



IMPORTANT: After Magisk installation, do not forget to enable "Magisk Hide" option in Magisk app.



|||--- Magisk method = Install Magisk v22.0 (check this for help => https://xiaomi.eu/community/threads...nstalling-android-11-update.60181/post-594671) THEN install this Magisk module in Magisk app (in the "puzzle" icon page) => safetynet-fix-v1.1.2.zip (mirror link: here) [Source: https://github.com/wulan17/safetynet-fix ]



After reboot, "Clear all data" of these following apps (in phone's settings):



- Google Play Store

- Google Play Services

- Google Service Framework



Then reboot your device and it's done! :)



P.S.: If Google Pay still not working, "Clear all data" of this app too. ;)







|||--- TWRP method = Install this zip in TWRP (but it may not work) => TWRP_SafetyNetFix-v2.0.2.zip (mirror link: here)



Reinstall the zip again to uninstall the fix if it doesn't work/if the phone doesn't boot.

Three workarounds to pass the new SafetyNet "hardware" attestation (= "CTS Profile Match" fail result)

- 1 ] (WORKS ON DEVICES SHIPPED WITH ANDROID 9 OR LESS ONLY!) - If you care about Widevine L1 certification but you don't want to install Magisk (root), install this => https://xiaomi.eu/community/threads...t-compatibility-test-failed.58100/post-568717


- 2 ] If you care about Widevine L1 certification, you can use Magisk (root) and do these steps:


1. Donwload and install Magisk Manager v8.0.7 apk => MagiskManager-v8.0.7.apk
2. Download and install Magisk v21.4 in TWRP => Magisk-v21.4.zip
3. Reboot your device
4. Open Magisk Manager and go the "Module" page and install "MagiskHide Props Config" Module (Reboot your device after installation)
5. Download and install Termux app (available on Google Play)
6. Start Termux and type "su" and hit enter , after this termux ask Magisk-Manager to prompt for root access => Grant it
7. Type "props" command and hit enter
8. After MagiskHide-Props loaded successfully, type "2" to chose 'Force BASIC key attestation' option
9. Type "y" and hit enter for activating this option
10. Type "y" and hit enter to rebot your phone

P.S.: To properly hide Magisk, go in Magisk Manager => Settings => "Hide Magisk Manager". If you get "can't install" error, you need to enable "Install via USB" option in "Developer options" menu (in phone's settings).
Then you can enable "Magisk Hide" feature to hide root for desired apps.
;)

IMPORTANT: Do not forget to clear "All app data" of "Google Play store", "Google Play services" and "Google Service Framework" apps then reboot your device.


- 3 ] If you DON'T care about Widevine L1 certification, do these steps:


1. IMPORTANT - Create a backup of your current persist partition: Download and flash this zip in TWRP => Persist_backup.zip

2. Download the latest "Global" fastboot ROM for your device => Here
3. Extract it and copy "persist.img" file to the internal memory of your phone (and make sure to put the file in root of internal storage rather than in any folder)
4. in TWRP: Go to "Advanced" => "Terminal"
5. Type:
Code:
dd if=/sdcard/persist.img of=/dev/block/bootdevice/by-name/persist
6. Reboot your device and check SafetyNet results

8. ONLY iIF YOU HAVE FINGERPRINT/CAMERA/SENSOR ISSUE => Download and flash this zip in TWRP then reboot your device => Persist_restore_v2.zip

IMPORTANT: Do not forget to clear "All app data" of "Google Play store", "Google Play services" and "Google Service Framework" apps then reboot your device.
 
Last edited:
Thanks a lot!
But I prefer to wait for an official solution in future updates. I don't use NFC payment often, so I can wait without a problem.
 
For Mi 10 not need simg2img /sdcard/persist.img /sdcard/persist_EXT4.img, need only dd if=/sdcard/persist.img of=/dev/block/bootdevice/by-name/persist
 
  • Like
Reactions: Poney70
Two workarounds:

- 1 ] Do you care about Widevine L1 certification? If answer is NOT, do these steps:


1. Download the latest "Global" fastboot ROM for your device => Here
2. Extract it and copy "persist.img" file to the internal memory of your phone (and make sure to put the file in internal storage rather than in any folder)
3. Now, boot into TWRP
4. Go to "Advanced" => "Terminal"
5. IMPORTANT - Create a backup of your current persist partition: Download and flash this zip in TWRP => Persist_backup.zip

6. Type this line then enter:
Code:
simg2img /sdcard/persist.img /sdcard/persist_EXT4.img

[ Step 7A if simg2img command returns no error ]
7A. Type this line then enter:
Code:
dd if=/sdcard/persist_EXT4.img of=/dev/block/bootdevice/by-name/persist

[ Step 7B if simg2img command returns an error ]
7B. Type this line then enter:
Code:
dd if=/sdcard/persist.img of=/dev/block/bootdevice/by-name/persist

8. Reboot the Phone and check SafetyNet results

[ Step 9 ONLY if you have fingerprint/camera/sensor issue(s) after that ]
9. Download and flash this zip in TWRP => Persist_restore.zip
Then reboot your Device


- 2 ] If you care about Wdevine L1 certification, you can use Magisk (root) and do these steps:

1. Donwload and install Magisk Manager v8.0.2 apk => MagiskManager-v8.0.2.apk

[ Step 2A for Android 9/10 ROMs only ]
2A. Download and install Magisk-v20.4.zip => Magisk-v20.4.zip

[ Step 2B for Android 11 ROMs only ]
2B_1. Download Magisk_11.zip and Magisk-v21.0.zip, put these two files in the root of your phone storage
2B_2. Boot to TWRP and install Magisk_11.zip first, then Magisk-v21.0.zip

3. Reboot your device
4. Open Magisk Manager and go the "Module" page and install "Busybox for Android NDK" then "MagiskHide Props Config" Modules
5. Download and install Terminal Emulators like "Termux"
6. Start Termux and type "su" and hit enter , after this termux ask Magisk-Manager to prompt for root access => Grant it
7. Type "props" command and hit enter
8. After MagiskHide-Props loaded successfully, type "2" to chose 'Force BASIC key attestation' option
9. Type "y" and hit enter for activating this option
10. Type "y" and hit enter to rebot your phone

P.S.: To properly hide Magisk, go in Magisk Manager => Settings => "Hide Magisk Manager". Then you can enable "Magisk Hide" feature to hide root for some apps. ;)
Really thank you!
Two workarounds:

- 1 ] Do you care about Widevine L1 certification? If answer is NOT, do these steps:


1. Download the latest "Global" fastboot ROM for your device => Here
2. Extract it and copy "persist.img" file to the internal memory of your phone (and make sure to put the file in internal storage rather than in any folder)
3. Now, boot into TWRP
4. Go to "Advanced" => "Terminal"
5. IMPORTANT - Create a backup of your current persist partition: Download and flash this zip in TWRP => Persist_backup.zip

6. Type this line then enter:
Code:
simg2img /sdcard/persist.img /sdcard/persist_EXT4.img

[ Step 7A if simg2img command returns no error ]
7A. Type this line then enter:
Code:
dd if=/sdcard/persist_EXT4.img of=/dev/block/bootdevice/by-name/persist

[ Step 7B if simg2img command returns an error ]
7B. Type this line then enter:
Code:
dd if=/sdcard/persist.img of=/dev/block/bootdevice/by-name/persist

8. Reboot the Phone and check SafetyNet results

[ Step 9 ONLY if you have fingerprint/camera/sensor issue(s) after that ]
9. Download and flash this zip in TWRP => Persist_restore.zip
Then reboot your Device


- 2 ] If you care about Wdevine L1 certification, you can use Magisk (root) and do these steps:

1. Donwload and install Magisk Manager v8.0.2 apk => MagiskManager-v8.0.2.apk

[ Step 2A for Android 9/10 ROMs only ]
2A. Download and install Magisk-v20.4.zip => Magisk-v20.4.zip

[ Step 2B for Android 11 ROMs only ]
2B_1. Download Magisk_11.zip and Magisk-v21.0.zip, put these two files in the root of your phone storage
2B_2. Boot to TWRP and install Magisk_11.zip first, then Magisk-v21.0.zip

3. Reboot your device
4. Open Magisk Manager and go the "Module" page and install "Busybox for Android NDK" then "MagiskHide Props Config" Modules
5. Download and install Terminal Emulators like "Termux"
6. Start Termux and type "su" and hit enter , after this termux ask Magisk-Manager to prompt for root access => Grant it
7. Type "props" command and hit enter
8. After MagiskHide-Props loaded successfully, type "2" to chose 'Force BASIC key attestation' option
9. Type "y" and hit enter for activating this option
10. Type "y" and hit enter to rebot your phone

P.S.: To properly hide Magisk, go in Magisk Manager => Settings => "Hide Magisk Manager". Then you can enable "Magisk Hide" feature to hide root for some apps. ;)
Thank you very much!
 
I had the same problem last night .
Gpay stopped working with the message that the device is not certified (although it had been working for weeks before, mi 10 device )
I just uninstalled the gpay app and reinstalled it and normally everything works as before again
 
it stopped again .. I didn't update my cell phone at all and it worked gpay for a few weeks (android 10, eu weekly 20.6.18)
 
  • Like
Reactions: Maximhtc
Three workarounds:


- 1 ] If you care about Widevine L1 certification but you don't want to install Magisk (root), try this => https://xiaomi.eu/community/threads...t-compatibility-test-failed.58100/post-568717



- 2 ] If you care about Widevine L1 certification, you can use Magisk (root) and do these steps:


1. Donwload and install Magisk Manager v8.0.2 apk => MagiskManager-v8.0.3.apk

[ Step 2A for Android 9/10 ROMs only ]
2A. Download and install Magisk-v20.4.zip => Magisk-v20.4.zip

[ Step 2B for Android 11 ROMs only ]
2B_1. Download Magisk_11.zip and Magisk-v21.0.zip, put these two files in the root of your phone storage
2B_2. Boot to TWRP and install Magisk_11.zip first, then Magisk-v21.0.zip directly after

3. Reboot your device
4. Open Magisk Manager and go the "Module" page and install "Busybox for Android NDK" then "MagiskHide Props Config" Modules
5. Download and install Terminal Emulators like "Termux"
6. Start Termux and type "su" and hit enter , after this termux ask Magisk-Manager to prompt for root access => Grant it
7. Type "props" command and hit enter
8. After MagiskHide-Props loaded successfully, type "2" to chose 'Force BASIC key attestation' option
9. Type "y" and hit enter for activating this option
10. Type "y" and hit enter to rebot your phone

P.S.: To properly hide Magisk, go in Magisk Manager => Settings => "Hide Magisk Manager". If you get "can't install" error, you need to enable "Install via USB" option in "Developer options" menu (in phone's settings).
Then you can enable "Magisk Hide" feature to hide root for some apps. ;)



- 3 ] If you DON'T care about Widevine L1 certification, do these steps:

1. Download the latest "Global" fastboot ROM for your device => Here
2. Extract it and copy "persist.img" file to the internal memory of your phone (and make sure to put the file in internal storage rather than in any folder)
3. Now, boot into TWRP
4. Go to "Advanced" => "Terminal"
5. IMPORTANT - Create a backup of your current persist partition: Download and flash this zip in TWRP => Persist_backup.zip

6. Type this line then enter:
Code:
simg2img /sdcard/persist.img /sdcard/persist_EXT4.img

[ Step 7A if simg2img command returns no error ]
7A. Type this line then enter:
Code:
dd if=/sdcard/persist_EXT4.img of=/dev/block/bootdevice/by-name/persist

[ Step 7B if simg2img command returns an error ]
7B. Type this line then enter:
Code:
dd if=/sdcard/persist.img of=/dev/block/bootdevice/by-name/persist

8. Reboot the Phone and check SafetyNet results

[ Step 9 ONLY if you have fingerprint/camera/sensor issue(s) after that ]
9. Download and flash this zip in TWRP => Persist_restore_v2.zip
Then reboot your Device

Option 2, taking proper account of P.S. (Install via USB) allowed me to download Widevine L1 for fingerprint, Netflix woking also with Widevine L1 (Full HD content), also FHD content on Prime Video. All done in my RN9S. With Miui 12.0.2.0 Stable.

Thanks a lot!
 
  • Wow
Reactions: Poney70
Thank you!
Option 2 worked for me (Mi10, Android 11)
How did you flashed Magisk? I mean the version of TWRP which supports android 11 isn't able to decrypt data partition. Did you use USB otg?
Thanks!
 
How did you flashed Magisk? I mean the version of TWRP which supports android 11 isn't able to decrypt data partition. Did you use USB otg?
Thanks!
It was difficult: I went by trial and error.
After some fails, I used TWRP-3.4.2B-0623-XIAOMI10-CN-wzsx150.
Before booting from TWRP (don't flash it!), remember to disable password, PIN and fingerprint: this way, TWRP is able to decrypt data partition.
 
  • Like
Reactions: folfix
It was difficult: I went by trial and error.
After some fails, I used TWRP-3.4.2B-0623-XIAOMI10-CN-wzsx150.
Before booting from TWRP (don't flash it!), remember to disable password, PIN and fingerprint: this way, TWRP is able to decrypt data partition.
I followed your instruction with success using 1206 twrp version: available here
It wasn't required to disable password and so on. Just cancel when it's asking for password.
(there is a touchscreen problem with this recovery, you need to press a little bit lower than it's displayed)

But I decided to uninstall Magisk (via manager, complete uninstall), and I am stuck with bootloop. (the reason why I decided to do so is Microsoft Teams - I didn't find a solution to hide root for this app).

EDIT: I flashed rom (the same version) and it's working. Of course root is gone, and safenet check fails.
 
Last edited:
For Mi 10 not need simg2img /sdcard/persist.img /sdcard/persist_EXT4.img, need only dd if=/sdcard/persist.img of=/dev/block/bootdevice/by-name/persist
Where did you find persist.img? I downloaded Global ROM from here and I can't find this file. I tried EU Global ROM as well.
Can you post it here?
Thanks!
 
Where did you find persist.img? I downloaded Global ROM from here and I can't find this file. I tried EU Global ROM as well.
Can you post it here?
Thanks!
This file is created when installing only xiaomi.eu firmware. In the official global firmware (only for fastboot), this file is located in the images folder. I could post mine, but it may not suit you.
 
  • Like
Reactions: folfix
Hi, is there any rom update planned to solve this?
I would prefer not to root and/or flash random partitions :D

Phone: Poco x3
 
"persist.img" should be present in all "Fastboot" ROMs (and not in "Full OTA/Recovery" ROMs). ;)

Check this website for download links (Mi 10 "umi") => https://mirom.ezbox.idv.tw/en/phone/umi/

:)
@Troj80 and @Poney70 , thanks for it!

I successfully downloaded persist.img. Following guide (3rd method) brought me to passing SafetyNet. In the same time fingerprint stopped working - on lock screen "finger sign" didn't display at all. I didn't check if adding/removing fingers would help.

Then I restored previously backed up persist.img, and now SafetyNet passes and fingerprint scanner works as well.
I'll check if payments work soon.
 
  • Like
Reactions: Poney70
Hello there,
I have the Xiaomi Mi 9 Pro 5G running on Android 10, MIUI 12.3.
The magisk safettynet says: Attestation failed, basicintegrity V, ctsprofile - , evaltype BASIC.
My play store is certified but my google pay says that the device is rooted.

I have tried the method 1 and 2. None of them worked. On method 2, there is NO 'Force BASIC key attestation' in that list. Instead I see on 2- Device simulation (disabled).

What should I do to solve my google pay problem ?
Thanks in advance
 
Hello there,
I have the Xiaomi Mi 9 Pro 5G running on Android 10, MIUI 12.3.
The magisk safettynet says: Attestation failed, basicintegrity V, ctsprofile - , evaltype BASIC.
My play store is certified but my google pay says that the device is rooted.

I have tried the method 1 and 2. None of them worked. On method 2, there is NO 'Force BASIC key attestation' in that list. Instead I see on 2- Device simulation (disabled).

What should I do to solve my google pay problem ?
Thanks in advance
Hello! :)

My 3 methods are outdated... new workaround is available (#3).

;)
 
Hi, would like to report this bug that Play Store and CTS Profile match failed on 17 Oct 2020. Previously, it was all fine. I am guessing Google might have detected something within the rom recently. So as of now, Google Pay cannot work.

I tried to use Magisk Hide, MagiskHide Prop Config and managed to get Google Pay to work BUT my other security apps (like Mcdonald's and another national security app) detected the Root no matter what I did.

Personally, I didn't wanna explore deeper into this Rooting stuff as it's taking alot of my time.

Just wanna use EU ROM without root so hope the devs can look into this issue asap.

EU ROM: 12.0.8
Phone: Redmi K30 Pro Zoom
Main Issue: Google Play Store is not certified. Safetynet CTS Profile Match Fail.
Same problem on redmi K30 pro v.12.5.5 rebuild