By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Droid Tools
  • News
  • ROMs
  • Download
    • Apps
    • Tools
  • Devices
  • Guides
    • Starter Guides
    • Tips & Tricks
    • Flashing
  • Code
Search
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of Use
Reading: Bypass SafetyNet hardware attestation with an unlocked bootloader
Share
Aa
Aa
Droid Tools
  • News
  • ROMs
  • Download
  • Devices
  • Guides
  • Code
Search
  • Home
  • News
  • Download
  • ROMs
  • Devices
  • Guides
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of Use
Follow US
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of Use

Home – Tips & Tricks – Bypass SafetyNet hardware attestation with an unlocked bootloader

Tips & Tricks

Bypass SafetyNet hardware attestation with an unlocked bootloader

12 Views
Share
3 Min Read
SHARE

Over the last few years, the challenge of bypassing SafetyNet Attestation has evolved from a simple cat and mouse game between Google and the modding community to a burgeoning battle full of obscure barriers. Thanks to the rise of hardware-backed certification techniques, it is very difficult to bypass the boot image integrity verification routine and hide root access. Installing Magisk on its own would not be enough to circumvent the latest update to SafetyNet, especially on newer devices. This is where the Universal SafetyNet Fix Magisk module comes in.

While legacy device owners, as well as custom ROM users, often use modules such as MagiskHide Props Config to spoof the CTS profile to pass basic certification, as long as the method in question relies on a valid combination of device and model names, fingerprint building, and security patch levels, there is no guarantee that the root hiding trick will remain useful in the future. This is due to the fact that Google Play Services is starting to use CTS profile validation hardware certification in many cases, even when a basic certificate is selected.

In case you have an Android device that has an unlocked bootloader (or locked using custom verified boot keys) and thus doesn’t pass hardware attestation, then the Universal SafetyNet Fix Magisk module may fix that. Created by Danny Lin AKA XDA Senior Member kdrag0n, the module works by taking advantage of the opportunistic nature of the hardware attestation routine. Quoting the developer:

… it (hardware attestation) falls back to basic attestation if key attestation fails to run — and prevent GMS from using key attestation at the framework level. This causes it to gracefully fall back to basic attestation and pass SafetyNet with an unlocked bootloader.
…
The “not implemented” error code from Keymaster is used to simulate the most realistic failure condition to evade detection, i.e. an old device that lacks support for key attestation.

The workaround is already available pre-integrated on the ProtonAOSP ROM from the same developer, which lets you pass SafetyNet without Magisk on fairly modern devices such as the Google Pixel 5. If you are a custom ROM maintainer and you wish to integrate this method with your build, you can do so by cherry-picking the necessary patches from this repository. On the other hand, the latest version of the ready-to-flash Magisk Module variant can be found here. Note that MagiskHide is still required if the target device is rooted.

Read More

K2 compiler appears in Kotlin

Speed up Xiaomi devices – make cheap devices fast

Telegram Premium – coming in June 2022

DuckDuckGo’s search not so private afterall

AppGallery from Huawei bug allows paid apps to be downloaded for free

Universal SafetyNet Fix: XDA Thread ||| GitHub Repo

TAGGED: apps, bootloader, bypass, hardware, play services, play store, SafetyNet, unlocked
rob February 9, 2021
Share this Article
Facebook Twitter Pinterest Whatsapp Whatsapp LinkedIn Reddit Telegram Email Copy Link Print
Share
Previous Article 990a2624 892f 40b6 9803 f2822327586b Huawei’s US ban isn’t going away under the Biden administration
Next Article How to unlock bootloader and root Samsung Galaxy M31 No twrp TWRP on Samsung Galaxy M31 (SM-M315F) – Android 10
Leave a comment Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

You Might Also Like

New K2 Compiler Blog Twitter
Code

K2 compiler appears in Kotlin

June 15, 2022
xiaomi
Tips & Tricks

Speed up Xiaomi devices – make cheap devices fast

June 14, 2022
telegram premium officially confirmed 535545 2
Apps

Telegram Premium – coming in June 2022

June 13, 2022
duckduckgo logo
News

DuckDuckGo’s search not so private afterall

May 26, 2022
Show More
Droid Tools
Follow US
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of Use

Removed from reading list

Undo
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?