Better Mobile App

[GUIDE] Curently working Magisk Setup for MIUI Global Dev to pass SafetyNet

Hi all,
i've seen many people in the Magisk Beta thread having trouble to find a configuration to pass safety net on MIUI Roms. So i want to start a device specific thread in our mi 5s plus forum to help everbody out with a mi 5s plus.
My working setup:
Xiaomi Mi 5s Plus
MIUI Global Dev 7.5.4
MagiskManager 4.3.3
Magisk v12
BusyBox setting active
Magisk Hide Setting active
Systemless hosts setting active
(Magisk-v13.0 b3da28e, a90e8b6, 96f8efc are not working curently)
Universal SaferyNet Fix 1.10.1
XposedFramework MIUI Edition Magisk Version SDK23
(deactivated it breaks safety net, i've heard that in v12 every module breaks safety net because the module hiding is not working, we have to wait for a working v13)
Things that do not break safetynet for me:
* LBE Security Master (app rights management)
* AdAway
* SD Maid
* Titanium Backup
* Tasker
* Removing useless/bloatware system apps in system/app and system/priv-app
* Lucky Patcher
* USB Debugging active
I hope that helps. Every improvement and comment on this is appreciated. Good luck patching!

Today miui is in nougat in Version 7.0, there is a version of the universal safetynet fix that is running with the safetynet in miui 7.0 both global and dev european (miui EU) of Xposed there is a compilation of SDK 24 very green that seems Work on some phones with 7.0 and another in SDK 25 for 7.1, that if it breaks the safety.

Any luck getting it to pass safetynet with magisk 14.2 (or older), magisk manager 5.3.5 (or older) and MIUI Global Stable 8.5.2.0?
I can't even get magiskhide to work with that mix.

bmg002 said:
Any luck getting it to pass safetynet with magisk 14.2 (or older), magisk manager 5.3.5 (or older) and MIUI Global Stable 8.5.2.0?
I can't even get magiskhide to work with that mix.
Click to expand...
Click to collapse
Why are you using global stable? I believe there is no reason for it.
Sent from my Xiaomi MI 5s Plus using XDA Labs

khanjui said:
Why are you using global stable? I believe there is no reason for it.
Sent from my Xiaomi MI 5s Plus using XDA Labs
Click to expand...
Click to collapse
I was using global stable because that is what my phone came with. While switching to Dev is an option, I believe that requires a full wipe of your phone, does it not? If I can flash dev and not lose all of my apps and settings and such, I'm all for switching to dev. But if I am not mistaken, it requires a full wipe. That is the only reason I haven't switched - I don't want to lose all of my existing apps and settings.
Can I switch to dev without losing all of that? Do I just need to boot to TWRP, backup /data, use the built in update tool to flash the latest dev rom and restore /data?
Also, does Magisk work on the latest dev ROM?

bmg002 said:
I was using global stable because that is what my phone came with. While switching to Dev is an option, I believe that requires a full wipe of your phone, does it not? If I can flash dev and not lose all of my apps and settings and such, I'm all for switching to dev. But if I am not mistaken, it requires a full wipe. That is the only reason I haven't switched - I don't want to lose all of my existing apps and settings.
Can I switch to dev without losing all of that? Do I just need to boot to TWRP, backup /data, use the built in update tool to flash the latest dev rom and restore /data?
Also, does Magisk work on the latest dev ROM?
Click to expand...
Click to collapse
Magisk is working, you will have to unlock your bootloader and wipe because as I know global stable is still Marshmallow while latest developer is Nougat. Wiping is inevitable. You can make a backup but things probably won't work well. I personally recommend Xiaomi.eu weekly builds. You can update that weekly builds from TWRP without wiping anything. If you want to have stock Android experience with some additional features, you should try LineageOS.
Steps for Xiaomi.eu
1) Unlock your bootloader
2) Flash TWRP via fastboot
3) Boot to TWRP and format data (wipes everything including internal data)
4) Flash Xiaomi.eu zip from TWRP
5) Flash Magisk
Steps for LineageOS
1) Same as above
2) Same as above
3) Same as above
4) Flash latest firmware zip (7.9.22) from here
5) Flash LineageOS zip
6) Flash GApps (OpenGApps arm64 7.1.1)
7) Flash Magisk
Sent from my Xiaomi MI 5s Plus using XDA Labs

khanjui said:
Magisk is working, you will have to unlock your bootloader and wipe because as I know global stable is still Marshmallow while latest developer is Nougat. Wiping is inevitable. You can make a backup but things probably won't work well. I personally recommend Xiaomi.eu weekly builds. You can update that weekly builds from TWRP without wiping anything. If you want to have stock Android experience with some additional features, you should try LineageOS.
Steps for Xiaomi.eu
1) Unlock your bootloader
2) Flash TWRP via fastboot
3) Boot to TWRP and format data (wipes everything including internal data)
4) Flash Xiaomi.eu zip from TWRP
5) Flash Magisk
Steps for LineageOS
1) Same as above
2) Same as above
3) Same as above
4) Flash latest firmware zip (7.9.22) from here
5) Flash LineageOS zip
6) Flash GApps (OpenGApps arm64 7.1.1)
7) Flash Magisk
Sent from my Xiaomi MI 5s Plus using XDA Labs
Click to expand...
Click to collapse
From what I remember, both Xiaomi.eu and LineageOS don't support the dual camera though, do they? I thought that only the stock MIUI ROM supported dual camera?
I have already unlocked my bootloader and I have TWRP on disk and boot to it with fastboot (so as not to break my recovery partition). I am not sure why MIUI global stable 8.5.2.0 seems to not work with MagiskHide.
I suppose I could get TB and backup all of the app data and do it that way. I just know I have some games I've put a few hours into that I'd prefer not to have to start over if I could avoid it.
The above 2 reasons (dual camera and save data) are the main reasons for sticking with MIUI Global Stable.

bmg002 said:
From what I remember, both Xiaomi.eu and LineageOS don't support the dual camera though, do they? I thought that only the stock MIUI ROM supported dual camera?
I have already unlocked my bootloader and I have TWRP on disk and boot to it with fastboot (so as not to break my recovery partition). I am not sure why MIUI global stable 8.5.2.0 seems to not work with MagiskHide.
I suppose I could get TB and backup all of the app data and do it that way. I just know I have some games I've put a few hours into that I'd prefer not to have to start over if I could avoid it.
The above 2 reasons (dual camera and save data) are the main reasons for sticking with MIUI Global Stable.
Click to expand...
Click to collapse
Xiaomi EU is based on weekly China Developer MIUI ROMs. So it's basically stock ROM with additional features/fixes/optimizations and GApps is already integrated. All MIUI features works fine.
You can use both monochrome and color camera on LineageOS. It only lacks bokeh effect.
I think you shouldn't backup/restore your system apps and data because there is Android version difference between stable and developer ROMs. Most likely will cause issues like I said before. Just backup your important game and third party app data.

khanjui said:
Xiaomi EU is based on weekly China Developer MIUI ROMs. So it's basically stock ROM with additional features/fixes/optimizations and GApps is already integrated. All MIUI features works fine.
You can use both monochrome and color camera on LineageOS. It only lacks bokeh effect.
I think you shouldn't backup/restore your system apps and data because there is Android version difference between stable and developer ROMs. Most likely will cause issues like I said before. Just backup your important game and third party app data.
Click to expand...
Click to collapse
The Bokeh effect is entirely software driven. You can verify this by covering one of the cameras and taking a picture and then adjusting the focus.
The part I like with the dual camera is the slightly clearer picture you get out of it in low light. Bright light I notice no difference, but in low light I can see a pretty good difference (presuming I hold the camera very still).
I imagine that Xiaomi EU would have the stock MIUI camera and thus support both the dual camera and the bokeh effect? If so, I may look at migrating to that and just do a TB on my games as everything else I can re-setup.

bmg002 said:
The Bokeh effect is entirely software driven. You can verify this by covering one of the cameras and taking a picture and then adjusting the focus.
The part I like with the dual camera is the slightly clearer picture you get out of it in low light. Bright light I notice no difference, but in low light I can see a pretty good difference (presuming I hold the camera very still).
I imagine that Xiaomi EU would have the stock MIUI camera and thus support both the dual camera and the bokeh effect? If so, I may look at migrating to that and just do a TB on my games as everything else I can re-setup.
Click to expand...
Click to collapse
It's a stock MIUI ROM, everything works. I can't test that right now because I dropped my phone thus my camera socked is problematic, only monochrome one works. I should reassemble it.
I don't really care about that software things since I'm taking RAW pictures when I need a good result.
Sent from my Xiaomi MI 5s Plus using XDA Labs

khanjui said:
It's a stock MIUI ROM, everything works. I can't test that right now because I dropped my phone thus my camera socked is problematic, only monochrome one works. I should reassemble it.
I don't really care about that software things since I'm taking RAW pictures when I need a good result.
Sent from my Xiaomi MI 5s Plus using XDA Labs
Click to expand...
Click to collapse
Might need to give it a shot then. Would be an interesting test for magisk. at the moment I can't figure out why it is failing to hide anything so thinking that MIUI global stable 8.5.2 must be doing some weird voodoo on it.
Thanks for the tips
EDIT - I just flashed the global dev rom and it now passes 1/2 of safetynet. I think I need to flash usnf to get the ctsprofile to pass. But I've made progress!
EDIT 2 - flashed universal safetynet fix and I'm now passing 100%. woo!

Can't pass Safetynet test

Is anyone able to pass safety net test on their mi pad 4? If so can you let me know your set up.
I've tried many different methods of installing gapps but even on stock I can't pass it. Right now I'm on stock Chinese ROM 9.6.23.0 with gapps flashed through twrp from opengaps. Every time I try to submit a safety net request it fails, and on magisk manager checking safety net status results in an error, "the response is invalid".
I've tried Google installer apk, using a mi5 backup and twrp flashing and I'm still getting the same response. If anyone has gotten their device to pass safety net please let me know the ROM you're currently running and the method you used for flashing gapps.

unlock BL and use the xiaomu.eu beta ROM, apparently it passes safetynet (as long as you don't go ahead and root as well lol)
https://xiaomi.eu/community/threads/when-will-xiaomi-eu-be-available.45622/page-2

wintermute000 said:
unlock BL and use the xiaomu.eu beta ROM, apparently it passes safetynet (as long as you don't go ahead and root as well lol)
https://xiaomi.eu/community/threads/when-will-xiaomi-eu-be-available.45622/page-2
Click to expand...
Click to collapse
I have rooted mi pad 4 with xiaomi.eu MIUI 10 developer rom and safety net passing without any problems.

Magisk for Pixel 3

Will it work?

PuffDaddy_d said:
Will it work?
Click to expand...
Click to collapse
Most probably. The dev has one on order.

May not on day one, but I'd expect it very soon.

The question is how long will Magisk continue to work. According to an XDA:
Full documentation on the Titan Security Module is not yet available, but a few Google engineers have posted Tweets that give us some information. First, in response to a tweet by Dees_Troy, lead developer of TWRP, Google’s tech lead for Android hardware-backed security subsystems, Shawn Willden, states that the new security module will not be used for runtime system analysis. This is important for Magisk users because hardware-backed runtime system analysis would make systemless-root much more difficult. However, Google already opened up an API for the Trusted Execution Environment (TEE), so runtime system analysis could still happen in the future (in other words, there could still be bad news for Magisk.)
Click to expand...
Click to collapse

mycall0 said:
The question is how long will Magisk continue to work. According to an XDA:
Click to expand...
Click to collapse
I wouldn't expect Google to purposely use it to kill Magisk... however I would expect them to make it difficult to be rooted and still pass the SafetyNet check.

I'm just surprised that nobody has confirmed that Magisk works on the P3 yet.
I mean, my phone was delivered this morning, so I assumed that tons of people all over the country were eagerly unlocking bootloaders and flashing away.
But still all quiet here on this thread?

From what I understand, that's because the factory image is only out since a few hours...

Someone on the Xl forum tried and the phone didnt boot so he had to factory flash the image. So looks like its the waiting game for root.

TopJohnWu will have his pixel Friday. He is excited about it, I bet we have root by Monday.

I tried to patch the boot.img through the magisk app and then flash that through fastboot. Flashed successfully but would not boot.
I have noticed that as soon as I unlocked the bootloader I fail safety net. Has that always been the case even without any system modifications?

jsauder2 said:
I tried to patch the boot.img through the magisk app and then flash that through fastboot. Flashed successfully but would not boot.
I have noticed that as soon as I unlocked the bootloader I fail safety net. Has that always been the case even without any system modifications?
Click to expand...
Click to collapse
From what I understand that is the case, unless you use Magisk to "cloak" and "fool" the apps into thinking it isn't.

Eudeferrer said:
From what I understand that is the case, unless you use Magisk to "cloak" and "fool" the apps into thinking it isn't.
Click to expand...
Click to collapse
Guess I've not tried using my phone unlocked without magisk in awhile...

jsauder2 said:
I have noticed that as soon as I unlocked the bootloader I fail safety net. Has that always been the case even without any system modifications?
Click to expand...
Click to collapse
No, my Nexus 5 running LineageOS has always passed with Magisk and unlocked bootloader (and Pay, etc. works).

CSX321 said:
No, my Nexus 5 running LineageOS has always passed with Magisk and unlocked bootloader (and Pay, etc. works).
Click to expand...
Click to collapse
Does it pass when it's unlocked but doesn't have magisk though? That's what I was wondering. This is really the first time I've had a phone unlocked without root (since it doesn't work yet), so I've never actually thought about that until now.

jsauder2 said:
Does it pass when it's unlocked but doesn't have magisk though? That's what I was wondering. This is really the first time I've had a phone unlocked without root (since it doesn't work yet), so I've never actually thought about that until now.
Click to expand...
Click to collapse
Ah, good question. I don't know. I've always had my phone unlocked and rooted.

jsauder2 said:
Does it pass when it's unlocked but doesn't have magisk though? That's what I was wondering. This is really the first time I've had a phone unlocked without root (since it doesn't work yet), so I've never actually thought about that until now.
Click to expand...
Click to collapse
I want to say that it was relatively recently (maybe in the last 2-2.5 years) where if you only unlocked the bootloader, it would fail SafetyNet. For a while, you had to flash a kernel on top of unlocking the bootloader to pass SafetyNet.

tysj said:
I want to say that it was relatively recently (maybe in the last 2-2.5 years) where if you only unlocked the bootloader, it would fail SafetyNet. For a while, you had to flash a kernel on top of unlocking the bootloader to pass SafetyNet.
Click to expand...
Click to collapse
My experience is if I unlock bootloader, I fail SafetyNet unless Magisk is installed. Sometimes after a reboot, I still fail until I load the Magisk app and have it check once. Then the phone is fine again.
As to the original question: I installed the newest beta of Magisk on my Pixel 3 XL, downloaded the factory boot.img from Google and patched it using the app. Flashing to my active boot slot caused fastboot to complain about no valid boot images. Flashing the original boot.img allowed the phone to start normally again.

imsaguy said:
My experience is if I unlock bootloader, I fail SafetyNet unless Magisk is installed. Sometimes after a reboot, I still fail until I load the Magisk app and have it check once. Then the phone is fine again.
As to the original question: I installed the newest beta of Magisk on my Pixel 3 XL, downloaded the factory boot.img from Google and patched it using the app. Flashing to my active boot slot caused fastboot to complain about no valid boot images. Flashing the original boot.img allowed the phone to start normally again.
Click to expand...
Click to collapse
confirmed same results on Pixel 3 (non XL)

jsauder2 said:
I tried to patch the boot.img through the magisk app and then flash that through fastboot. Flashed successfully but would not boot.
I have noticed that as soon as I unlocked the bootloader I fail safety net. Has that always been the case even without any system modifications?
Click to expand...
Click to collapse
Yeah that's always been the case with unlocked bootloader

He just rooted the 3XL according to his Twitter. Release this weekend maybe?... Dude wasted no time, absolute machine.

[Solved] MIUI EU 11.0.6 Safety Net: CTS profile - False

Flashed the MIUI EU 11.0.6 and cts profile is false but basic integrity shows true. Also, play store shows "device not certified"
I've already used Magisk hide for Google Play services. Tried to re-flash magisk but still the same.
ROM: MIUI 11.0.6 EU Q
Kernel: Sesh 5.1 71Hz
Recovery: Official TWRP recovery
Magisk 20.3
Solution:
https://forum.xda-developers.com/poco-f1/themes/guide-edxposed-miui-11-0-4-android-q-t4050773/page3

MasterFURQAN said:
Flashed the MIUI EU 11.0.6 and cts profile is false but basic integrity shows true. Also, play store shows "device not certified"
I've already used Magisk hide for Google Play services. Tried to re-flash magisk but still the same.
ROM: MIUI 11.0.6 EU Q
Kernel: Sesh 5.1 71Hz
Recovery: Official TWRP recovery
Magisk 20.3
Click to expand...
Click to collapse
Google changed cts from their end. No matter what rom you flash on any phone you use, it'll fail CTS now. Wait for magisk to be updated.

Daruwalla said:
Google changed cts from their end. No matter what rom you flash on any phone you use, it'll fail CTS now. Wait for magisk to be updated.
Click to expand...
Click to collapse
Just read the article. Thanks anyways.

Xposed installed? If yes you should try this module for pass the safetynet
https://forum.xda-developers.com/showpost.php?p=81982121&postcount=80
Works for me

vjbenn said:
Xposed installed? If yes you should try this module for pass the safetynet
https://forum.xda-developers.com/showpost.php?p=81982121&postcount=80
Works for me
Click to expand...
Click to collapse
I found that out some days ago. I forgot to edit the OP.
FYI this module only fakes the status of the CTS profile. You can check your "true" status by using an app called safety net checker from play store.

Tried every one of the exposed module and all fail so that is no good for me...... anything else that will work..... even stock ROMs with unlocked bootloader with out root come up as device uncertified have a realme 5 with locked bootloader and it is fine have LG v20 it's fine and a Asus Zenfone 3 ultra locked no issues have pocof1 unlocked bootloader and it fails...........

It appears it is bootloader unlocked is what the issues is......the problem is you can't lock bootloader if you want custom recovery the problem is if you have a locked bootloader and you get jacked by someone you can't recover your device.......
Or maybe that's what Google wants to happen......

stinka318 said:
Tried every one of the exposed module and all fail so that is no good for me...... anything else that will work..... even stock ROMs with unlocked bootloader with out root come up as device uncertified have a realme 5 with locked bootloader and it is fine have LG v20 it's fine and a Asus Zenfone 3 ultra locked no issues have pocof1 unlocked bootloader and it fails...........
Click to expand...
Click to collapse
Mine passes the CTS check now even without the edXposed module.
stinka318 said:
It appears it is bootloader unlocked is what the issues is......the problem is you can't lock bootloader if you want custom recovery the problem is if you have a locked bootloader and you get jacked by someone you can't recover your device.......
Or maybe that's what Google wants to happen......
Click to expand...
Click to collapse

MasterFURQAN said:
Mine passes the CTS check now even without the edXposed module.
Click to expand...
Click to collapse
Flashed no gravity kernel and my problem went away as well I believe it has something to do with how Google receives information about the bootloader in the kernel.......

It was working ok for me till today. I had the problem with cts profile : false, then it clears from itself (google change something or revert the changes) , but now I checked randomly in magisk manager and this time I got both cts profile false and basic integrity false , so think google change the things again and even more restrictive than previous time , anyone else can confirm ?

[OUTDATED][GUIDE][CUSTOM ROM]Kali Nethunter installation

Only should work on Android 10 based ROMs
External wifi adapters need custom kernel compiling
I've suffered to get the Kali Nethunter working on custom ROMs
U need free storage available (not sure cuz I've formated data then installed and it's been a while but ig not less than 15 gbytes)
Here are the steps :
1.download the file from offensive security website
(Not sure if external links are allowed but here it is ) : https://www.offensive-security.com/kali-linux-nethunter-download/
(Just look for miui davinci file)
2.Download it and extract on whatever device u want the copy the extracted folder to the roo of the storage (of course not the "/" folder the "storage/emulated/0" one
3. Go into extractedFolder/data/app/
And make sure every app there is installed especially the nethunter.apk
4.copy the "kalifs-arm64-full.tar.xz" file to the root
"storage/emulated/0"
5.Open the Nethunter app and go into chroot manager and install chroot
5.Browse for the file location which you copied into the root "storage/emulated/0" and it will start installing it will take up too 10 to 15 minutes
6.You are done now but HID attacks aren't working
7.Go to USB arsenal and change "reset" into anything that has " hid" untill you see a successful toast message then save config to database
Done.
If it helped you hit the thanks button (your choice)
I'll be available asap if anyone has a question

how about monitor mode on wifi dongle? have you tested it?

yaro666 said:
how about monitor mode on wifi dongle? have you tested it?
Click to expand...
Click to collapse
Monitor mode works by default using the internal card
For external I don't have one to test it now
But I am sure it will work as long as it has a supported chip

batman957 said:
I've suffered to get the Kali Nethunter working on custom ROMs
U need free storage available (not sure cuz I've formated data then installed and it's been a while but ig not less than 15 gbytes)
Here are the steps :
1.download the file from offensive security website
(Not sure if external links are allowed but here it is ) :
(Just look for miui davinci file)
2.Download it and extract on whatever device u want the copy the extracted folder to the roo of the storage (of course not the "/" folder the "storage/emulated/0" one
3. Go into extractedFolder/data/app/
And make sure every app there is installed especially the nethunter.apk
4.copy the "kalifs-arm64-full.tar.xz" file to the root
"storage/emulated/0"
5.Open the Nethunter app and go into chroot manager and install chroot
5.Browse for the file location which you copied into the root "storage/emulated/0" and it will start installing it will take up too 10 to 15 minutes
6.You are done now but HID attacks aren't working
7.Go to USB arsenal and change "reset" into anything that has " hid" untill you see a successful toast message then save config to database
Done.
If it helped you hit the thanks button (your choice)
I'll be available asap if anyone has a question
Click to expand...
Click to collapse
i have a mi 9t with unlocked bootloader twrp also rooted using magisk, i flashed my nethunter kernel, but it gets stuck at the nethunter boot logo, how do i fix this, do i need a specific force encryption or something? ive restored the system couple times using mi flash, ive been trying for a couple days now, if you have any solutions please lmk a step by step guide, also is there a way i can do this without flashing it, but also get all the tools working?

Niksa2 said:
i have a mi 9t with unlocked bootloader twrp also rooted using magisk, i flashed my nethunter kernel, but it gets stuck at the nethunter boot logo, how do i fix this, do i need a specific force encryption or something? ive restored the system couple times using mi flash, ive been trying for a couple days now, if you have any solutions please lmk a step by step guide, also is there a way i can do this without flashing it, but also get all the tools working?
Click to expand...
Click to collapse
Sorry I wish I was able to help
But the tag says [CUSTOM ROM]
SO I HAVE No Idea
Maybe try this
Don't flash any thing just follow the procedure listed above and It may work
Just don't flash anything

It won't work, cuz you need kernel for monitoring for example wifi - stock kernels can't put wlan1 (internal or external) wifi to monitor mode, so you won't be able to pentest routers

batman957 said:
Sorry I wish I was able to help
But the tag says [CUSTOM ROM]
SO I HAVE No Idea
Maybe try this
Don't flash any thing just follow the procedure listed above and It may work
Just don't flash anything
Click to expand...
Click to collapse
Which custom ROM? Is it possible with AOSP based (I am on havoc 3.6 now)

hruaiapunte said:
Which custom ROM? Is it possible with AOSP based (I am on havoc 3.6 now)
Click to expand...
Click to collapse
Any whatever you want
I tested on evoX and titanium os

Niksa2 said:
i have a mi 9t with unlocked bootloader twrp also rooted using magisk, i flashed my nethunter kernel, but it gets stuck at the nethunter boot logo, how do i fix this, do i need a specific force encryption or something? ive restored the system couple times using mi flash, ive been trying for a couple days now, if you have any solutions please lmk a step by step guide, also is there a way i can do this without flashing it, but also get all the tools working?
Click to expand...
Click to collapse
Are you trying to install Nethunter onto stock miui rom?
If so, take a look at
https://forums.kali.org/showthread.php?48308-Xiaomi-Mi-9t-Not-Work-Hid-Monitor-Bad-USB
This worked for me
I'm running full Nethunter on Mi9t stock MiUi Global 11.0.4 rooted with Magisk.zip (via TWRP) and everything just works like a charm. No problems capturing packets, injection support is doing fine and HID seems to work (never tested it but NH App shows its working)
All i had to do was root the Mi9t with Magisk (flashed the zip via TWRP), after checking that everything went well ive booted back into TWRP and flashed the nethunter-2020.2-pre3-davinci-miui-ten-kalifs-full.zip downloaded at https://www.offensive-security.com/kali-linux-nethunter-download/
After that i had to reflash Magisk.zip again (directly after flashing the nethunter.zip without rebooting the device!) and thats it.
As the pre-build images you get at offensive-security allready come with the tweaked kernel u need for injection and monitor mode, theres no need to flash a 'nethunter kernel' afterwards...it works 'out of the box'
Flashing another nethunter kernel afterwards will most probably result in a bootloop... (tried myself a few times with hasty nethunter kernel)
Ive only tried this with the officiall pre-built images on a stock MiUi ROM.
If you want to flash NH on a Costum ROM, you should probably go with the Guide from OP
Happy Hunting

hello, after so many tests they managed like this:
1. twrp orange fox
2.format and wipe
3.flash: fw "miui_DAVINCIGlobal_V11.0.5.0.QFJMIXM_aaab5b40c7_1 0.0.zip" flash "AOSiP-10-Quiche-davinci-20200526-gapps.zip" flash "Magisk-v19.3.zip" flash "Disable_Dm-Verity_ForceEncrypt_03.04.2020.zip"
4.reboot
5.inizializza and upgrade Magisk (download update Magisk to phone)
6.download Busybox module (Magisk)
7.poweroff
8.twrp flash "nethunter-2020.2-davinci-miui-ten-kalifs-full.zip" flash (Magisk downloaded to phone) flash "Disable_Dm-rity_ForceEncrypt_03.04.2020.zip"
9.reboot

HardcodedString said:
Are you trying to install Nethunter onto stock miui rom?
If so, take a look at
https://forums.kali.org/showthread.php?48308-Xiaomi-Mi-9t-Not-Work-Hid-Monitor-Bad-USB
This worked for me
I'm running full Nethunter on Mi9t stock MiUi Global 11.0.4 rooted with Magisk.zip (via TWRP) and everything just works like a charm. No problems capturing packets, injection support is doing fine and HID seems to work (never tested it but NH App shows its working)
All i had to do was root the Mi9t with Magisk (flashed the zip via TWRP), after checking that everything went well ive booted back into TWRP and flashed the nethunter-2020.2-pre3-davinci-miui-ten-kalifs-full.zip downloaded at https://www.offensive-security.com/kali-linux-nethunter-download/
After that i had to reflash Magisk.zip again (directly after flashing the nethunter.zip without rebooting the device!) and thats it.
As the pre-build images you get at offensive-security allready come with the tweaked kernel u need for injection and monitor mode, theres no need to flash a 'nethunter kernel' afterwards...it works 'out of the box'
Flashing another nethunter kernel afterwards will most probably result in a bootloop... (tried myself a few times with hasty nethunter kernel)
Ive only tried this with the officiall pre-built images on a stock MiUi ROM.
If you want to flash NH on a Costum ROM, you should probably go with the Guide from OP
Happy Hunting
Click to expand...
Click to collapse
henghst69 said:
1. twrp orange fox
2.format and wipe
3.flash: fw "miui_DAVINCIGlobal_V11.0.5.0.QFJMIXM_aaab5b40c7_1 0.0.zip" flash "AOSiP-10-Quiche-davinci-20200526-gapps.zip" flash "Magisk-v19.3.zip" flash "Disable_Dm-Verity_ForceEncrypt_03.04.2020.zip"
4.reboot
5.inizializza and upgrade Magisk (download update Magisk to phone)
6.download Busybox module (Magisk)
7.poweroff
8.twrp flash "nethunter-2020.2-davinci-miui-ten-kalifs-full.zip" flash (Magisk downloaded to phone) flash "Disable_Dm-rity_ForceEncrypt_03.04.2020.zip"
9.reboot
Click to expand...
Click to collapse
Does Kali work with QFJEUXM 11.0.5?
By following the cited guide
https://forums.kali.org/showthread.php?48308-Xiaomi-Mi-9t-Not-Work-Hid-Monitor-Bad-USB
I don't see anything about:
- Format Data and wipe
Is it necessary?
-"AOSiP-10-Quiche-davinci-20200526-gapps.zip
Is it necessary to flash, maybe Kali breaks the stock built-in GApps?
-"Disable_Dm-rity_ForceEncrypt_03.04.2020.zip"
Is it also necessary to flash, Magisk cannot make it pass SafetyNet without?
Also, does installing Kali affect:
- Widevine L1 (dropping to L3)
- 4G/4G+ (by disabling some bands or carrier aggregation)?
One more question, what would be a procedure to go back to stock?
Manually updating to the stock Recovery/ZIP firmware from System update/Choose update package would be enough or flashing Fastboot/TGZ firmware by Mi Flash Tool will be needed?

zgfg said:
Does Kali work with QFJEUXM 11.0.5?
By following the cited guide
https://forums.kali.org/showthread.php?48308-Xiaomi-Mi-9t-Not-Work-Hid-Monitor-Bad-USB
I don't see anything about:
- Format Data and wipe
Is it necessary?
-"AOSiP-10-Quiche-davinci-20200526-gapps.zip
Is it necessary to flash, maybe Kali breaks the stock built-in GApps?
-"Disable_Dm-rity_ForceEncrypt_03.04.2020.zip"
Is it also necessary to flash, Magisk cannot make it pass SafetyNet without?
Also, does installing Kali affect:
- Widevine L1 (dropping to L3)
- 4G/4G+ (by disabling some bands or carrier aggregation)?
One more question, what would be a procedure to go back to stock?
Manually updating to the stock Recovery/ZIP firmware from System update/Choose update package would be enough or flashing Fastboot/TGZ firmware by Mi Flash Tool will be needed?
Click to expand...
Click to collapse
-Does Kali work with QFJEUXM 11.0.5?
Well, somewhere i've read that it should work with 11.0.5 too but dont remember where...would have to search for it again to provide a link to you...
- Format Data and wipe
Not sure if its necessary, but i did so. Its always a good thing to do before flashing any ROM.
Just try it without that step and you'll see...you can always reflash to stock if you get any errors, so just give it a shot mate
-"AOSiP-10-Quiche-davinci-20200526-gapps.zip
Nope, thats not necessary for sure. I'm using it with the stock built gapps and its working fine
-Disable_Dm-rity_ForceEncrypt_03.04.2020.zip
Thats pretty strange with that ForceEncrypt step, some say they had to others not. I did not flash it to be honest and everythings okay so far. But theres a Chance that you will have to! Maybe it belongs to which ROM you are using (global,eu,chinese) but cant tell for sure...
So this one you will have to figure out yourself, sry.
-4G and LTE is working good for me, so i'd say kali isnt affecting it
-About Widefine, well i dont know to be honest...im watching Prime and Sky Go on the Phone sometimes but for the Quality Prime just says 'optimal' and Sky Go 'HD'...it looks great for sure but i cant tell the exact Quality....if theres a way to check that, let me know and i'll be happy to do that for you
-One more question, what would be a procedure to go back to stock?
I would just do a wipe/format and flash the stock MiUI image or better, your backup via TWRP (or any other custom Recovery)
For me, Fastboot by MiFlashTool is always the last option. If nothing else works, Fastboot is a Livesaver but thats just 'my way' of doing it, there are probably many others who say otherwise!
Sometimes it needs a lot of testing to figure out the best way for your specific device, so always do a backup and flash a custom recovery before flashing Nethunter. That way, its always posible to get back to Stock if you encounter any bootloops/problems after the installation.
Its like always while playing around with any OS...if it wont work, you just have to "Try Harder"
Im happy to help anyway, if you got any more Questions just shout out mate

HardcodedString said:
-Does Kali work with QFJEUXM 11.0.5?
Well, somewhere i've read that it should work with 11.0.5 too but dont remember where...would have to search for it again to provide a link to you...
- Format Data and wipe
Not sure if its necessary, but i did so. Its always a good thing to do before flashing any ROM.
Just try it without that step and you'll see...you can always reflash to stock if you get any errors, so just give it a shot mate
-"AOSiP-10-Quiche-davinci-20200526-gapps.zip
Nope, thats not necessary for sure. I'm using it with the stock built gapps and its working fine
-Disable_Dm-rity_ForceEncrypt_03.04.2020.zip
Thats pretty strange with that ForceEncrypt step, some say they had to others not. I did not flash it to be honest and everythings okay so far. But theres a Chance that you will have to! Maybe it belongs to which ROM you are using (global,eu,chinese) but cant tell for sure...
So this one you will have to figure out yourself, sry.
-4G and LTE is working good for me, so i'd say kali isnt affecting it
-About Widefine, well i dont know to be honest...im watching Prime and Sky Go on the Phone sometimes but for the Quality Prime just says 'optimal' and Sky Go 'HD'...it looks great for sure but i cant tell the exact Quality....if theres a way to check that, let me know and i'll be happy to do that for you
-One more question, what would be a procedure to go back to stock?
I would just do a wipe/format and flash the stock MiUI image or better, your backup via TWRP (or any other custom Recovery)
For me, Fastboot by MiFlashTool is always the last option. If nothing else works, Fastboot is a Livesaver but thats just 'my way' of doing it, there are probably many others who say otherwise!
Sometimes it needs a lot of testing to figure out the best way for your specific device, so always do a backup and flash a custom recovery before flashing Nethunter. That way, its always posible to get back to Stock if you encounter any bootloops/problems after the installation.
Its like always while playing around with any OS...if it wont work, you just have to "Try Harder"
Im happy to help anyway, if you got any more Questions just shout out mate
Click to expand...
Click to collapse
Thank you a lot for your answer.
Btw, few days ago I upgraded to QFJEUXM v11.0.6 (so no more 11.0.5), which is newer than the Kali pre-built image, but according to v11.0.6 Changelog only Security patch was updated
I'm still tempting to try Kali (currently having new official TWRP v3.4.0, Magisk Canary 20416 and Hasty kernel)...
You can check your Widevine Security level (still interested if you have L1) by
https://play.google.com/store/apps/details?id=flar2.devcheck
https://play.google.com/store/apps/details?id=com.androidfung.drminfo
By going back to stock you said flashing MIUI. - so you mean flashing ZIP/Recovery firmware through TWRP?

zgfg said:
Thank you a lot for your answer.
Btw, few days ago I upgraded to QFJEUXM v11.0.6 (so no more 11.0.5), which is newer than the Kali pre-built image, but according to v11.0.6 Changelog only Security patch was updated
I'm still tempting to try Kali (currently having new official TWRP v3.4.0, Magisk Canary 20416 and Hasty kernel)...
You can check your Widevine Security level (still interested if you have L1) by
https://play.google.com/store/apps/details?id=flar2.devcheck
https://play.google.com/store/apps/details?id=com.androidfung.drminfo
By going back to stock you said flashing MIUI. - so you mean flashing ZIP/Recovery firmware through TWRP?
Click to expand...
Click to collapse
No problem, i'm happy to help wherever i can :good:
-Btw, few days ago I upgraded to QFJEUXM v11.0.6...
Yeah, im not surprised bout that...sorry for the late answer :/
Thank you for pointing out these two Apps mate!
I've checked my Widevine Security Level and both Apps showing Widefine L1 (Screenshots attached) so no downgrade after flashing Nethunter
Yes thats correct, to get back to stock you would have to flash the ZIP/Recovery firmware through TWRP.Only if that doesnt work you'd have to do it through Fastboot.
If you did a full backup (i.e. through TWRP) of your system before flashing Nethunter, you would be able to restore it by flashing the recovery,dtbo,boot and system images one by one through TWRP/Fastboot (not sure but i think it should be enough to just reflash the system.img, boot.img and dtbo.img to get your pre-Nethunter Setup/Specs back (English isnt my native Language so in case you dont get what im trying to explain...that means your stock 11.0.6 with TWRP v3.4.0, Magisk Canary 20416 and the Hasty kernel including all your Settings and Stuff)
You wouldnt have to flash a 'naked stock rom' if Nethunter doesnt work
If you're still not comfortable enough to install Nethunter onto your Device, just wait a few more Days.
I will try to get Nethunter running on the 11.0.6 ROM myself as soon as i have some more time!Will also try it with your Specs/Setup by then

Hi, i cant install chroot.
image transparente png

sinanlenfom said:
Hi, i cant install chroot.
image transparente png
Click to expand...
Click to collapse
Obviously you set the wrong Folder Name...just choose one of the three options from Screenshot 1!?
But to be honest, and i really dont want to offend you, if you couldnt figure that one out yourself you shouldnt install Nethunter at all...
@zgfg
Sorry mate, wasnt able to try it so far.....very busy at work atm! Will do the next few Days

HardcodedString said:
@zgfg
Sorry mate, wasnt able to try it so far.....very busy at work atm! Will do the next few Days
Click to expand...
Click to collapse
Thanks

HardcodedString said:
Sorry mate, wasnt able to try it so far.....very busy at work atm! Will do the next few Days
Click to expand...
Click to collapse
Ok, I installed NetHunter zip image for Davinci over QFJEUXM v11.0.6.0 and re-rooted with Magisk Canary v20419.
Ran NetHunter app and chroot.
I think it looks ok - screenshots attached

Btw, tried yesterday Wifite to 'break' three WPA WLANs (Private, not Enterprise) for whom I actually know passwords - their passwords are weak like vesna1970 or 136923457
Wifite was running for two or three hours, trying Pixie-Dust, NULL PIN, PIN Attack, Handshake capture but eventually failed for all three connections
I will set up a WEP AP at home next week to test again, but who nowadays still uses WEP. Almost everybody would be using WPA, and with stronger passwords than above
If so, I doubt it is of big (educational) use and I am suspect about YT movies where they successfully break WPA in 30 minutes (or more)

Receiving a notification to update NetHunter from Installed 2020.2 to 2020.2?!
But the Update fails with Error -110 - on screenshots
Btw, I have successfully updated (couple of times) packages from NetHunter app, currently there is nothing to update there
Edit:
Fixed the NH app update notification: open NetHunter Store, Settings, Expert mode and untick Privilege Extention.
Let it update the NetHunter app