Droid Tools
Bypass SafetyNet hardware attestation with an unlocked bootloader

Bypass SafetyNet hardware attestation with an unlocked bootloader

Cristian Penisoara
Cristian PenisoaraEditor
PublishedFebruary 9, 2021
Read Time3 Mins
Trust this source on Google
Add trusted source

Over the last few years, the challenge of bypassing SafetyNet Attestation has evolved from a simple cat and mouse game between Google and the modding community to a burgeoning battle full of obscure barriers. Thanks to the rise of hardware-backed certification techniques, it is very difficult to bypass the boot image integrity verification routine and hide root access. Installing Magisk on its own would not be enough to circumvent the latest update to SafetyNet, especially on newer devices. This is where the Universal SafetyNet Fix Magisk module comes in.

While legacy device owners, as well as custom ROM users, often use modules such as MagiskHide Props Config to spoof the CTS profile to pass basic certification, as long as the method in question relies on a valid combination of device and model names, fingerprint building, and security patch levels, there is no guarantee that the root hiding trick will remain useful in the future. This is due to the fact that Google Play Services is starting to use CTS profile validation hardware certification in many cases, even when a basic certificate is selected.

In case you have an Android device that has an unlocked bootloader (or locked using custom verified boot keys) and thus doesn’t pass hardware attestation, then the Universal SafetyNet Fix Magisk module may fix that. Created by Danny Lin AKA XDA Senior Member kdrag0n, the module works by taking advantage of the opportunistic nature of the hardware attestation routine. Quoting the developer:

… it (hardware attestation) falls back to basic attestation if key attestation fails to run — and prevent GMS from using key attestation at the framework level. This causes it to gracefully fall back to basic attestation and pass SafetyNet with an unlocked bootloader.

The “not implemented” error code from Keymaster is used to simulate the most realistic failure condition to evade detection, i.e. an old device that lacks support for key attestation.

The workaround is already available pre-integrated on the ProtonAOSP ROM from the same developer, which lets you pass SafetyNet without Magisk on fairly modern devices such as the Google Pixel 5. If you are a custom ROM maintainer and you wish to integrate this method with your build, you can do so by cherry-picking the necessary patches from this repository. On the other hand, the latest version of the ready-to-flash Magisk Module variant can be found here. Note that MagiskHide is still required if the target device is rooted.

Universal SafetyNet Fix: XDA Thread ||| GitHub Repo

Trust this source on Google
Add trusted source
Tags:#apps#bootloader#bypass#hardware#play services#play store#SafetyNet#unlocked
Cristian Penisoara
ByCristian Penisoara
Author
Follow:X
Cristian Penisoara is a Guides Writer and Android specialist at Droid Tools. An Android user since version 2 and a professional event photographer, he combines technical curiosity with a detail-oriented approach - every guide he publishes is tested step-by-step on a real device before it goes live.

Comments & Discussions

Join the conversation! We use Disqus to handle comments. Click the button below to load the comment section.

Hidden Android Memory Tool Shows Which Apps Are Using the Most RAM

Hidden Android Memory Tool Shows Which Apps Are Using the Most RAM

There comes a point where upgrading your smartphone every year or two just does not make much sense anymore. My Google Pixel 9 Pro from 2024 is still performing well, and unless the next upgrade brings something meaningful, I do not see myself moving to the Pixel 11 Pro either. The trade-off for keeping a […]

How to Scan Documents and Save Them as PDFs on Android and iOS for Free

How to Scan Documents and Save Them as PDFs on Android and iOS for Free

At some point, there’s a good chance you’ll need to create and send a PDF from your Android phone. The instinct is usually to head straight to the Google Play Store — but with ongoing reports of malicious apps turning up on both Android and iOS, that search can quickly become a security minefield. Before […]

Your Galaxy Watch Is Sluggish? Here’s the Fix That Actually Works

Your Galaxy Watch Is Sluggish? Here’s the Fix That Actually Works

Your Galaxy Watch has a lot in common with a cluttered desk. The longer you use it – jumping between apps, running things in the background, switching modes – the more it accumulates invisible junk that slows everything down. Frozen screens, laggy responses, battery that drains faster than it should. Sound familiar? The good news: […]

Android 16’s Best Security Feature Is Just One Tap Away – Here’s How to Turn It On

Android 16’s Best Security Feature Is Just One Tap Away – Here’s How to Turn It On

Android 16 quietly shipped with a feature called Advanced Protection, and it’s the closest thing Android has to a panic button for your privacy. Instead of digging through a maze of settings menus to harden your phone, you flip one switch — and Google activates its strongest security defenses all at once. Think of it […]

Read Next

Hidden Android Memory Tool Shows Which Apps Are Using the Most RAM

Hidden Android Memory Tool Shows Which Apps Are Using the Most RAM