Better Mobile App

[KERNEL] [NMF26U] [Jan 4] Stock Kernel + SafetyNet Patch

Stock Pixel/PixelXL Kernel + SafetyNet Patch
Current version: android-msm-marlin-3.18-nougat-mr1
Suitable for build: NMF26U
Security patch level: January 5, 2017
I compiled the stock kernel for the Pixel/PixelXL (they both use the same kernel) and applied the SafetyNet patch by sultanxda. The kernel name says marlin, but this also works on sailfish. Google just created one kernel that works on both sailfish (Pixel) and marlin (Pixel XL) devices.
I posted this over in the Pixel thread (as I have the regular Pixel), but thought I'd share it over here as well.
Use case for this kernel:
- If you want to stay completely stock, but have an unlocked bootloader, the SafetyNet is tripped which disables features such as Android Pay.
- This kernel is completely stock except for the addition of a patch that removes the SafetyNet check.
- If you do not have an unlocked bootloader there is no need to use this kernel. It's exactly the same as the kernel included in the stock builds, except with the addition of the SafetyNet patch.
Installation:
- Download attached .zip and unzip into a folder
- Reboot device into bootloader (power down device, then Power + Volume down)
- Connect device to computer
- Verify connection by typing 'fastboot devices'. Your device should show up (check serial number)
- Enter command: fastboot flash kernel <kernel_image>
- Once flashing is complete, enter command: fastboot reboot
- Disconnect device and wait for reboot sequence to complete.
- You now have a stock Pixel with an unlocked bootloader that can use Android Pay
**WARNING**
If flashing this kernel for whatever reason ruins your device, please don't hold me accountable. Use this at your own risk!
And otherwise, I'm not a professional developer, just a hobbyist. Please don't ask me for a ton of help, I only created this kernel because I want to run completely stock, but still use Android Pay while having an unlocked bootloader in case I ever decide to root my device in the future (am running a Verizon Pixel). I will try to maintain this kernel with each new release until I lose interest
Downloads:
NMF26U
All versions

Not sure why no ones replied here yet! - it's no use to me but thank you very much

Just downloaded and tried to install using fastboot but my device is stuck in a bootloop My bootloader is unlocked and I had previously rooted using twrp but I was using the stock recovery. I was on version NMF26O. I'm going to try re-rooting again and see if that fixes it.

I don't know how this will interact with rooted devices. I'm personally not rooted and I don't have any issues with this kernel. Try being fully stock first before flashing this.

Sakete said:
I don't know how this will interact with rooted devices. I'm personally not rooted and I don't have any issues with this kernel. Try being fully stock first before flashing this.
Click to expand...
Click to collapse
I might try out a few things later and try different versions of root and post if anything works Thanks mate

THANK YOU! I've been looking for a completely stock kernel that would let me use Android Pay with an unlocked bootloader! Any plans to do this for other Nexus phones, like the 5X?

iissmart said:
THANK YOU! I've been looking for a completely stock kernel that would let me use Android Pay with an unlocked bootloader! Any plans to do this for other Nexus phones, like the 5X?
Click to expand...
Click to collapse
I'll only do it for the Pixel as that's the only phone I have. It's not super difficult to do this yourself though, if you're somewhat technical it's pretty straightforward to do.

I have TWRP updated, newest build F260 and followed the steps but still unable to use Android Pay. Says it cant verify the device or software.
EDIT:Im dumb didn't read that it wasn't compatible with root.. just unlocked bootloader.

ghostENVY said:
I have TWRP updated, newest build F260 and followed the steps but still unable to use Android Pay. Says it cant verify the device or software.
EDIT:Im dumb didn't read that it wasn't compatible with root.. just unlocked bootloader.
Click to expand...
Click to collapse
Yeah, if you're rooted, Android Pay will not work. There is a workaround however. You can add cards to Android Pay before you're rooted. If you root after that, Android Pay should work with the cards you've added. You just won't be able to add new cards.

Thanks for the kernel, just want to ask one question:
I have unlocked bootloader + systemless root, when I power up my phone, there is a yellow warning on the boot screen, if I use this patched kernel, will the yellow waning be gone as well ?

churchmice said:
Thanks for the kernel, just want to ask one question:
I have unlocked bootloader + systemless root, when I power up my phone, there is a yellow warning on the boot screen, if I use this patched kernel, will the yellow waning be gone as well ?
Click to expand...
Click to collapse
You mean the orange warning? That's because unlocked bootloader. Only with locked bootloader the warning disappears.

Tylog said:
You mean the orange warning? That's because unlocked bootloader. Only with locked bootloader the warning disappears.
Click to expand...
Click to collapse
I see, thanks for your explanation. AP is actually not available in my country ( China ), what a pity.

Sakete said:
Yeah, if you're rooted, Android Pay will not work. There is a workaround however. You can add cards to Android Pay before you're rooted. If you root after that, Android Pay should work with the cards you've added. You just won't be able to add new cards.
Click to expand...
Click to collapse
Holy **** thanks for the advice I went ahead and unistalled SuperSU and I added my cards! Thanks!

EDIT: I went to my local McDonalds and tried to pay it said "it couldn't authenticate the device" after adding my cards. This is with root just fyi maybe systemless root will have success.

anybody managed to get AP working with root?

nbhadusia said:
anybody managed to get AP working with root?
Click to expand...
Click to collapse
Not going to happen! Maybe when/if Xposed comes out but until then I don't imagine so
Sent from my Google Pixel XL using XDA Labs

DaveHTC200 said:
Not going to happen! Maybe when/if Xposed comes out but until then I don't imagine so
Sent from my Google Pixel XL using XDA Labs
Click to expand...
Click to collapse
I believe a clue of posts up in this thread, someone posted that if you add the cards before you root, Android pay will work for those cards.
Sent from my Pixel using XDA-Developers mobile app

Protibus said:
I believe a clue of posts up in this thread, someone posted that if you add the cards before you root, Android pay will work for those cards.
Sent from my Pixel using XDA-Developers mobile app
Click to expand...
Click to collapse
Correct, try adding cards before rooting. Once cards are added, root your phone and Android Pay should still work for making payments, you just can't add new cards to it (you'll have to unroot first for that).

ghostENVY said:
EDIT: I went to my local McDonalds and tried to pay it said "it couldn't authenticate the device" after adding my cards. This is with root just fyi maybe systemless root will have success.
Click to expand...
Click to collapse
Oh weird, maybe it doesn't work then? Or it could be another issue. I got this idea from someone else who said it works for him. I myself am not rooted so can't verify otherwise.

Hello, will this still get OTA's and install them / or be able to sideload them???

[KERNEL] Stock Kernel + SafetyNet Patch

Stock Pixel/Pixel XL Kernel + SafetyNet Patch
Current version: android-9.0.0_r0.111
Suitable for build(s): August 2019
Suitable for devices(s): Pixel XL (marlin) | Pixel (sailfish)
I compiled the stock kernel for the Pixel/Pixel XL and applied the SafetyNet patch by sultanxda. The kernel name says marlin, but this also works on sailfish. Google just created one kernel that works on both sailfish (Pixel) and marlin (Pixel XL) devices.
Use case for this kernel:
- If you want to stay completely stock, but have an unlocked bootloader, the SafetyNet is tripped which disables features such as Android Pay and Netflix.
- This kernel is completely stock except for the addition of a patch that removes the SafetyNet check.
- This kernel is only for the builds listed above!!!! This will not work on any prior build.
- All stock features will work with this kernel (since it's just the stock kernel + patch).
- If you do not have an unlocked bootloader there is no need to use this kernel. It's exactly the same as the stock kernel, except with the addition of the SafetyNet patch.
- This will not prevent SafetyNet from tripping for other reasons, like rooting.
- This will not remove the "device corrupted" warning when the phone is turned on or rebooted.
Installation:
- Be prepared with backups or the factory image from Google in case you do something wrong
- Extract kernel from zip file
- Test with command: fastboot boot <filename>
- Flash with command: fastboot flash kernel <filename>
**WARNING**
If flashing this kernel for whatever reason ruins your device, I am not accountable. Use this at your own risk!
The current version will always be attached to this post. Older versions can be found HERE.
(shamelessly copied from Sakete's kernel for the Pixel/Pixel XL, which is no longer being maintained. Thanks for the inspiration, Sakete!)

Wow. I literally just compiled the patched kernel myself just now. What a ninja! While I'll be running my own, thanks for posting this so I didn't have to

For those who already downloaded the kernel, I checked and saw a new mr2.1 update so I've attached an updated kernel.

iissmart said:
For those who already downloaded the kernel, I checked and saw a new mr2.1 update so I've attached an updated kernel.
Click to expand...
Click to collapse
Mine is based on that but mr2 and mr2.1 have the same commit so I'm pretty sure it's the same kernel.
Cheers

I'm running a pixel on the nof27b build I don't really want to flash a new kernel would it be possible for you to make the patch a flashable zip

Cardflip said:
Mine is based on that but mr2 and mr2.1 have the same commit so I'm pretty sure it's the same kernel.
Cheers
Click to expand...
Click to collapse
Good catch, I didn't look that closely before recompiling but they are indeed the same. Oh well! Maybe I'll start going off of tag names instead of branches...
ipeedalil said:
I'm running a pixel on the nof27b build I don't really want to flash a new kernel would it be possible for you to make the patch a flashable zip
Click to expand...
Click to collapse
Curious - what difference is there between flashing a kernel using fastboot and using a flashable zip? Isn't the end result the same?

iissmart said:
Curious - what difference is there between flashing a kernel using fastboot and using a flashable zip? Isn't the end result the same?
Click to expand...
Click to collapse
I think he's asking for the patch itself to be a flashable zip so he can patch the boot image while it's already compiled and on the phone. Which AFAIK is impossible

We need one for the Non-Verizon models (N2G47E) & (N2G47J). This modified kernel is only for the Verizon version. If you can compile two more versions for Non-Verizon builds.

puertorecon said:
We need one for the Non-Verizon models (N2G47E) & (N2G47J). This modified kernel is only for the Verizon version. If you can compile two more versions for Non-Verizon builds.
Click to expand...
Click to collapse
I was thinking the same thing, That K is for the Verizon model. good to know.

puertorecon said:
We need one for the Non-Verizon models (N2G47E) & (N2G47J). This modified kernel is only for the Verizon version. If you can compile two more versions for Non-Verizon builds.
Click to expand...
Click to collapse
I'll look into it tomorrow!

Thank you.

puertorecon said:
We need one for the Non-Verizon models (N2G47E) & (N2G47J). This modified kernel is only for the Verizon version. If you can compile two more versions for Non-Verizon builds.
Click to expand...
Click to collapse
I believe the kernel would still work.

It looks like the same kernel is used among NHG47K, N2G47J, and N2G47E, so my patched one should work for all of them. I'll update the post.

I'm just curious... So assuming you have the Google version and the oem unlock switch is fuctional and turned on, if you are not intending to root the device why would you unlock the bootloader? I mean you can always unlock it if you want or need to root, right?

bobby janow said:
I'm just curious... So assuming you have the Google version and the oem unlock switch is fuctional and turned on, if you are not intending to root the device why would you unlock the bootloader? I mean you can always unlock it if you want or need to root, right?
Click to expand...
Click to collapse
In the past I would always root or install a custom ROM on my phone. I would like to with the Pixel, but I want to keep Android Pay since I use it almost daily and I haven't been satisfied with the root solutions I've seen for the Pixel so far. It seems like Google is doing a good job of making it difficult to root, given the three or four different ways to root a Pixel that I've seen. Also, with the advent of monthly security patches I would imagine it is a growing headache to unroot, flash the update, then re-root each month. Google has also done a great job with the stock experience on the Pixel that the reasons I'd root are fairly minor.
It's also just been a habit of mine that the first thing I do with a phone is to unlock the bootloader. I don't like the idea of artificially restricting full access to a device, whether it's software or hardware. Plus I don't have to deal with the silly anti-theft checks that people encounter when they wipe the phone and sell it legitimately (like with Swappa or eBay). There was also a time when Nexus phones would bootloop after receiving an OTA, and if you weren't already unlocked before the OTA hit you'd be stuck with a bricked phone.

iissmart said:
In the past I would always root or install a custom ROM on my phone. I would like to with the Pixel, but I want to keep Android Pay since I use it almost daily and I haven't been satisfied with the root solutions I've seen for the Pixel so far. It seems like Google is doing a good job of making it difficult to root, given the three or four different ways to root a Pixel that I've seen. Also, with the advent of monthly security patches I would imagine it is a growing headache to unroot, flash the update, then re-root each month. Google has also done a great job with the stock experience on the Pixel that the reasons I'd root are fairly minor.
It's also just been a habit of mine that the first thing I do with a phone is to unlock the bootloader. I don't like the idea of artificially restricting full access to a device, whether it's software or hardware. Plus I don't have to deal with the silly anti-theft checks that people encounter when they wipe the phone and sell it legitimately (like with Swappa or eBay). There was also a time when Nexus phones would bootloop after receiving an OTA, and if you weren't already unlocked before the OTA hit you'd be stuck with a bricked phone.
Click to expand...
Click to collapse
Ok, fair enough. As I said I was just curious as to the reasoning. But what do you mean by anti-theft checks? I've never sold a phone so I don't really run into anything like that. But if you ever did need to sell it and you could unlock it at a moment notice wouldn't that suffice? I have a Verizon model locked bl so this is all rather moot to my situation, but I do have a 5x that I can unlock if I had to. I like the idea of being able to toggle the oem switch even though I would still remain locked. Something about being able to flash a factory image that I like. Thanks for your reasoning. Not that I agree or disagree with you entirely hehe. Personally, I just like the security of not being able to access my data if it's ever lost or stolen, but I suppose a concerted effort would get in.

bobby janow said:
Ok, fair enough. As I said I was just curious as to the reasoning. But what do you mean by anti-theft checks? I've never sold a phone so I don't really run into anything like that. But if you ever did need to sell it and you could unlock it at a moment notice wouldn't that suffice? I have a Verizon model locked bl so this is all rather moot to my situation, but I do have a 5x that I can unlock if I had to. I like the idea of being able to toggle the oem switch even though I would still remain locked. Something about being able to flash a factory image that I like. Thanks for your reasoning. Not that I agree or disagree with you entirely hehe. Personally, I just like the security of not being able to access my data if it's ever lost or stolen, but I suppose a concerted effort would get in.
Click to expand...
Click to collapse
If a locked phone is wiped/factory reset then only the Google account that was previously on the phone is allowed to be added back to the device. Tons of people were selling Nexus phones when this change rolled out, and the people that bought the phones were unable to add their accounts even after factory resetting. By unlocking the bootloader it disables this restriction. Yeah, I could do it at the time of selling the phone but there's always a chance I'd forget if I got out of the habit of unlocking the bootloader.
I thought about it a lot - and I've never lost a phone before so I'm OK with having my phone accessible in that regard. If I lose my phone I'll have bigger issues (like 2FA locking me out of my accounts) anyway.
I'm on Verizon, but I intentionally bought the phone from Google just to be able to unlock the bootloader .

iissmart said:
If a locked phone is wiped/factory reset then only the Google account that was previously on the phone is allowed to be added back to the device. Tons of people were selling Nexus phones when this change rolled out, and the people that bought the phones were unable to add their accounts even after factory resetting. By unlocking the bootloader it disables this restriction. Yeah, I could do it at the time of selling the phone but there's always a chance I'd forget if I got out of the habit of unlocking the bootloader.
I thought about it a lot - and I've never lost a phone before so I'm OK with having my phone accessible in that regard. If I lose my phone I'll have bigger issues (like 2FA locking me out of my accounts) anyway.
I'm on Verizon, but I intentionally bought the phone from Google just to be able to unlock the bootloader .
Click to expand...
Click to collapse
I've seen the term 2FA bandied about. I presume that's what you're talking about regarding the lockout. So to clarify, if you don't have an unlocked bootloader you can't sell the device? That seems weird. How do you get your account off? If I gave the phone to my wife she can't add her account?
I've never lost a device either although I have smashed one of them disastrously. But now I have a lot more stuff on the device including some personal pics and videos, password files, banking app and of course AP. I actually think my reasoning was more of like there is so much hacking and theft going on that rather than take a chance let me see what it's like being locked like normal people. It's hasn't been bad at all so far as I'm sure you know since you're not really modded either. I get the OTA on another slot and while it's updating I can use the device and a simple reboot updates it. But the bigger reason is that I got a Verizon model (Pixel 32gb) for $240 and not the $650 the Google one would have cost. I'm not sorry although I will revisit that once the Pixel 2 is released. Black Friday is your friend. I would even have bought the Google Pixel for $350 if they had a deal but they didn't. With a fully functioning 5X I just couldn't justify the full price.

Hmm I extracted the file and used fastboot flash kernel kernel_marlin-3.18-nougat-mr2.img and it gives me an error "error: cannot load 'kernel_marlin-3.18-nougat-mr2.img"

coldconfession13 said:
Hmm I extracted the file and used fastboot flash kernel kernel_marlin-3.18-nougat-mr2.img and it gives me an error "error: cannot load 'kernel_marlin-3.18-nougat-mr2.img"
Click to expand...
Click to collapse
After extracting the file I just renamed it to sailfish-image and used that in the command fastboot flash kernel sailfish-image. Flashed fine.
Sent from my Pixel using XDA-Developers Legacy app

ctsProfile false?

I had Stock Android 9 with Magisk before without TWRP, but somehow it automatically downloaded the OTA and it started asking to restart my device to update the Android version. I tried to uninstall Magisk through the manager but I messed up since it forced restarted the device. It bootlooped afterwards. I tried to install stock firmware for 9, then 10, both didn't work. Other threads say that I should change the active partition, it worked but now the Manager says the ctsProfile is false. I tried to hide the Magisk through its settings but it didn't work. I also tried to reflash with stock firmware but it didn't work as well. I don't know what to do next. Any advice for what I should do?

The only guaranteed way how to pass the SafetyNet test is to have 100% stock phone (stock ROM and locked bootloader).
Unguaranteed way (possible until Google deploys HW verification which can't be spoofed) is to root phone with Magisk and enable Magisk hide and reboot the phone (default options should be enough). Some modules will automatically break Safetynet (e.g. Xposed).
Edit: I am failing CTS profile test too, so I'd say that Google started with improved SafetyNet deployment again and we're out of luck. You can search main Magisk support thread for further info (e.g. https://forum.xda-developers.com/showpost.php?p=82935207&postcount=40370)

Thank you so much! It seems that the only way for me to pass Safetynet is to relock the bootloader, and I'm worried that it will fail since it is a risky move. Glad that it worked and it prompted me to factory reset, and now updated again to A10 . Guess I will stay in stock for now.

Its very easy! Just have to flash some zip

Sami Devo said:
Its very easy! Just have to flash some zip
Click to expand...
Click to collapse
Congrats, you just earned yourself a bounty for breaking the TEE (about $100.000). You just need to provide this "some zip" and demonstrate the mechanism.

_mysiak_ said:
Congrats, you just earned yourself a bounty for breaking the TEE (about $100.000). You just need to provide this "some zip" and demonstrate the mechanism.
Click to expand...
Click to collapse
???
---------- Post added at 09:41 PM ---------- Previous post was at 09:34 PM ----------
Just use magisk flash modules
https://drive.google.com/folderview?id=1-D9RKn9bWYQLbm3ODX_xZ_0Xe9mJmROi
And in magisk. Use system hide . Etc
Once its okk pass all cts okk.. u will find Netflix in play store ??

Sami Devo said:
[emoji1787][emoji1787][emoji1787]
---------- Post added at 09:41 PM ---------- Previous post was at 09:34 PM ----------
Just use magisk flash modules
https://drive.google.com/folderview?id=1-D9RKn9bWYQLbm3ODX_xZ_0Xe9mJmROi
And in magisk. Use system hide . Etc
Once its okk pass all cts okk.. u will find Netflix in play store [emoji1787][emoji1787]
Click to expand...
Click to collapse
Yeah, sure.. Just read a bit about HW Safetynet test, you can't spoof it.

i'm planning to unlock the bootloader and flash a custom rom leaving the bootloader unlock. mi qnoob question is:
having the bootloader unlock, does it fail the safetynet pass?
thanks in advance for your comments.

d_g_m_2000 said:
i'm planning to unlock the bootloader and flash a custom rom leaving the bootloader unlock. mi qnoob question is:
having the bootloader unlock, does it fail the safetynet pass?
thanks in advance for your comments.
Click to expand...
Click to collapse
Currently it does not (well on some of the custom ROMs I tried, do t know about stock) but Google are implementing hardware attestation which was mentioned in the comment above which will allow safety net to see an unlocked bootloader status and automatically fail safety net.
It's completely ridiculous but it's happening now. I dont know what this means for custom ROMs but for rooting it's a disaster

d_g_m_2000 said:
i'm planning to unlock the bootloader and flash a custom rom leaving the bootloader unlock. mi qnoob question is:
having the bootloader unlock, does it fail the safetynet pass?
thanks in advance for your comments.
Click to expand...
Click to collapse
As far as I know, Google is staging the rollout of HW Safetynet test to random people, but it will most probably reach all phones eventually. I am already on "BASIC,HARDWARE_BACKED" type. It should not matter if you have stock or custom ROM, you will fail the CTS test right away with unlocked bootloader as soon as you are migrated to HW test.

garylawwd said:
Currently it does not (well on some of the custom ROMs I tried, do t know about stock) but Google are implementing hardware attestation which was mentioned in the comment above which will allow safety net to see an unlocked bootloader status and automatically fail safety net.
It's completely ridiculous but it's happening now. I dont know what this means for custom ROMs but for rooting it's a disaster
Click to expand...
Click to collapse
_mysiak_ said:
As far as I know, Google is staging the rollout of HW Safetynet test to random people, but it will most probably reach all phones eventually. I am already on "BASIC,HARDWARE_BACKED" type. It should not matter if you have stock or custom ROM, you will fail the CTS test right away with unlocked bootloader as soon as you are migrated to HW test.
Click to expand...
Click to collapse
I thought it only break magisk hide but i see now that it does hurt a lot more. thank you guys for your replies.

d_g_m_2000 said:
I thought it only break magisk hide but i see now that it does hurt a lot more. thank you guys for your replies.
Click to expand...
Click to collapse
Magisk hide actually still works fine, Safetynet is independent from it. My banking app doesn't use Safetynet (yet) and Magisk hides root successfully, so I can use it freely..

_mysiak_ said:
Magisk hide actually still works fine, Safetynet is independent from it. My banking app doesn't use Safetynet (yet) and Magisk hides root successfully, so I can use it freely..
Click to expand...
Click to collapse
My banking app is outrageous. It recognises root, gives me a warning and I'm allowed to proceed with my login as normal. Sorry for ot

garylawwd said:
My banking app is outrageous. It recognises root, gives me a warning and I'm allowed to proceed with my login as normal. Sorry for ot
Click to expand...
Click to collapse
That's exactly how I imagine an ideal banking app. Give a warning or two, maybe request some extra acknowledgement that you are aware of risks and let you use the app in an unrestricted mode. I can't fathom why some apps are so "afraid" of root (especially those which don't work with sensitive personal data or money). But well, eventually I'll have to carry two phones (rooted + stock) or stop using such apps.. [emoji846]

1st time ever Android owner gets a Redmi K30 Ultra and wants to install Magisk. Help!

Hello very friendly helping people!
Im a 10 year iPhone user, but over time i came to hate all the restrictions and so i got myself a K30 Ultra and later today it should finally arrive!
Unfortunately i found out that it doesnt check the Google SafetyNet thingy and i can't use Google Pay with it. That kinda sucks, I never thought about stuff like this on iOS, but I'm confident there is a solution for it.
I found out about rooting my device, but it somehow isn't possible because of the Mediatek chip. But then I also found out that apperenty there IS a way to use the program/thingy that makes the phone pass SafetyNet (Magisk) without the need of a custom ROM.
I'm sorry if im confusing words like rooting im very noobish about all this.
So here are my questions in short form:
1. Can I make Google Pay Work in any way on my Redmi K30 Ultra?
2. Does this also affect my banking apps (I'm using DKB and Kontist) and can this be solved, too?
3. Could you link me some guides how to do it?
4. Is there any danger doing it (like deleting my phone if it doesnt work) and is there a possibility to safe my device on the PC or something like this to be safe?
5. Are their any safety concerns doing "it" (not sure what the solution will be) and should I install an anti virus program on the device? I just read about the cerberus trojan and its kinda scary. I think iOS systems were always pretty safe against those.
6. Anything else i need to know?
Thank you so much! I appreciate it a lot that there is a place where i can go to get help on those things! <3

Google Pay and any other banking apps refuse to work when a rooted Android gets detected by them. BTW: SafetyNet API doesn't purely check whether the device's Android is rooted, as the API is designed to check the overall integrity of device's Android.

jwoegerbauer said:
Google Pay and any other banking apps refuse to work when a rooted Android gets detected by them. BTW: SafetyNet API doesn't purely check whether the device's Android is rooted, as the API is designed to check the overall integrity of device's Android.
Click to expand...
Click to collapse
Hey, thanks for your post!
Are you implying that there is no way around that and its doomed to forever not work on my device?

To clarify things: SafetyNet is run by an app that has implemented this API, it's not run by Android OS itself. Yes, Magisk allows you to lever out this test by manipulating device's fingerprint so you will possibly be able to use Google Pay etc.pp
FYI: Any app not having SafetyNet API implemented easily can check whether Android got rooted / tampered or not. The app simply runs functions like
Code:
isRootNative
isDetectedDevKeys
isDetectedTestKeys
isFoundBusyboxBinary
isFoundDangerousProps
isFoundHooks
isFoundResetprop
isFoundSuBinary
isFoundWrongPathPermission
isFoundXposed
isNotFoundReleaseKeys
isPermissiveSelinux
isSuExists
isMagiskSUExists
isFoundMagisk
isFoundRootCloakingApps
what can't get prevented by Magisk.

jwoegerbauer said:
Yes, Magisk allows you to lever out this test by manipulating device's fingerprint so you will possibly be able to use Google Pay etc.pp
Click to expand...
Click to collapse
Ok, perfect. Would you be able to link me to a guide that shows me how to install Magisk on my device? It has a Mediatek chip so a custom ROM isn't possible (as far as I understand).

Mirardt said:
Ok, perfect. Would you be able to link me to a guide that shows me how to install Magisk on my device? It has a Mediatek chip so a custom ROM isn't possible (as far as I understand).
Click to expand...
Click to collapse
How to install Magisk without a Custom ROM is explained here.
If a Custom ROM like TWRP isn't officially made public for your device then you have to compile TWRP at your own.

This is TWRP and Magisk for the latest firmware on the K30 Ultra. https://mifirm.net/downloadtwrp/166
---------- Post added at 07:39 PM ---------- Previous post was at 07:37 PM ----------
Google Pay on a rooted device with Magisk installed /is/ possible, my Galaxy Note 9 with Dr. Ketan's ROM works with Google Pay and I believe it's due to the CTS Profile fix which is available in its ROM Tool app. So there's going to be some way to make it work with the K30 Ultra.

JaboJG said:
This is TWRP and Magisk for the latest firmware on the K30 Ultra. https://mifirm.net/downloadtwrp/166
Click to expand...
Click to collapse
Oh wow how cool is that, that is custom for the K30 ultra
And do I install that with the guide linked above or do I need some certain skill and experience to do that. It says it isn't tested yet. If I do a mirror of my phone before nothing really bad can happen right?
Google Pay on a rooted device with Magisk installed /is/ possible, my Galaxy Note 9 with Dr. Ketan's ROM works with Google Pay and I believe it's due to the CTS Profile fix which is available in its ROM Tool app. So there's going to be some way to make it work with the K30 Ultra.
Click to expand...
Click to collapse
Nice!!!
Yeah the only think that failed SafetyNet Test is the "CTS profile match". But I can't use those roms for my K30 ultra, right, so I just do it with Magisk?
Thanks so much!!

You need to unlock your bootloader with the Mi Unlock tool then flash TWRP over fastboot, and in TWRP make the appropriate backups and flash Magisk. There's many guides and it's relatively straight forward.
K30 Ultra is basically a brand new phone, it's like a month old. It'll be a while but keep an eye on XDA Forums, on the internet, and on YouTube. Somebody will eventually describe or figure out how to fix the CTS Profile.
I think I'm not gonna modify mine and I'll just wear my Apple Watch to use it for contactless payments.

JaboJG said:
You need to unlock your bootloader with the Mi Unlock tool then flash TWRP over fastboot, and in TWRP make the appropriate backups and flash Magisk. There's many guides and it's relatively straight forward.
K30 Ultra is basically a brand new phone, it's like a month old. It'll be a while but keep an eye on XDA Forums, on the internet, and on YouTube. Somebody will eventually describe or figure out how to fix the CTS Profile.
I think I'm not gonna modify mine and I'll just wear my Apple Watch to use it for contactless payments.
Click to expand...
Click to collapse
Alright, so I read 12384 guides and had a very tiny sense of it. The Mi Unlock tool stopped me, though, and now I'll have to wait another 6 days.
As I understood it, my data will be erased, but can be just be restored by MIUI if backed up before. I'm gonna let you know how it worked after I'll do it in about a week.
Probably I won't have to patience to wait. Google Pay is a really nice to have, but neither voLTE, nor voWifi works on my device, so I for sure have do hack that some weird way, because i have no mobile network at all at home and absolutely need voWifi.
Thank you very much for your kind help! <3

No problem at all.
I'm not sure if Wifi-Calling (voWifi) works with my carrier as I've turned it on with the carrier and in the phone, and it doesn't seem to be making calls over wifi. Not a big deal for me though as I've got Unlimited calls with my carrier.
Please let us know if and when you do flash the TWRP as I'd like feedback before flashing it myself.

Do your banking apps refuse to work or is it only google pay that fails due to the safetynet fail?

JaboJG said:
No problem at all.
I'm not sure if Wifi-Calling (voWifi) works with my carrier as I've turned it on with the carrier and in the phone, and it doesn't seem to be making calls over wifi. Not a big deal for me though as I've got Unlimited calls with my carrier.
Please let us know if and when you do flash the TWRP as I'd like feedback before flashing it myself.
Click to expand...
Click to collapse
Yeah, me too, but I have a very bad connection in my flat so I do need voWifi anyway. I will let you know and hope I won't brick my device. But as I understand it, bricking the device just by flashing twrp is very unlikely, right?
MerlijnD said:
Do your banking apps refuse to work or is it only google pay that fails due to the safetynet fail?
Click to expand...
Click to collapse
Only Google Pay, both of my banking apps work perfectly. I couldnt scan the security bar code though, some internal google app wouldn't allow it. So i had to put in both the (very long) idendification and security numbers in manually.

Alright thanks. Another thing im interested in is if Snapchat works when safetynet fails. Did you do any tests regarding that?

MerlijnD said:
Alright thanks. Another thing im interested in is if Snapchat works when safetynet fails. Did you do any tests regarding that?
Click to expand...
Click to collapse
Not using Snapchat, but I just installed it and it starts without problems. Didn't made an account though.

So I'm gonna be able to flash twrp and Magisk in exactly 14 hours and have some questions i would really appreciate an answer to <3
Using this: https://mifirm.net/downloadtwrp/166
1. The thing i want to flash first is twrp and it is the file called "recovery.img" in the downloaded folder, is that correct?
2. Just flashing twrp is "relatively" safe and if I do a backup and the device bricks by installing Magsik after, i can recover it through twrp, correct?
3. Should I not install todays new security update to MIUI or does that not matter at all?
edit: 4. Do I need/want to have "USB debugging", "Install via USB" and "USBebugging (Security Settings)" enabled or just "OEM unlocking"?
Thank you so much! I'm very nervous since i didn't read any experiences of rooting the K30 Ultra before and I'm scared of killing it.

Hey Mirardt, good luck. Let us know how you get on!
1. Yeah, you'll use fastboot to flash the recovery.img for TWRP.
2. Do a full backup with TWRP and you should be safe.
3. Doesn't matter, it's just the September Android security update.
4. Yeah turn on USB Debugging and connect your phone to your computer - it will ask you if you want to allow this computer to debug your phone, choose accept and always (or something similar to those words.) Do this before flashing TWRP.
Mirardt said:
So I'm gonna be able to flash twrp and Magisk in exactly 14 hours and have some questions i would really appreciate an answer to <3
Using this: https://mifirm.net/downloadtwrp/166
1. The thing i want to flash first is twrp and it is the file called "recovery.img" in the downloaded folder, is that correct?
2. Just flashing twrp is "relatively" safe and if I do a backup and the device bricks by installing Magsik after, i can recover it through twrp, correct?
3. Should I not install todays new security update to MIUI or does that not matter at all?
edit: 4. Do I need/want to have "USB debugging", "Install via USB" and "USBebugging (Security Settings)" enabled or just "OEM unlocking"?
Thank you so much! I'm very nervous since i didn't read any experiences of rooting the K30 Ultra before and I'm scared of killing it.
Click to expand...
Click to collapse

JaboJG said:
Hey Mirardt, good luck. Let us know how you get on!
1. Yeah, you'll use fastboot to flash the recovery.img for TWRP.
2. Do a full backup with TWRP and you should be safe.
3. Doesn't matter, it's just the September Android security update.
4. Yeah turn on USB Debugging and connect your phone to your computer - it will ask you if you want to allow this computer to debug your phone, choose accept and always (or something similar to those words.) Do this before flashing TWRP.
Click to expand...
Click to collapse
Hey Jabo, nice, I'm gonna do just that! Just for clarification, I use Mi Unlock Tool first, THEN twrp, then backup, then magisk?
I'll let you know and thanks for the good luck!
edit: so the command would be "fastboot flash recovery recovery.img", right?
I'm VERY sorry for the noobish questions.

I'm going to quickly use this thread to ask how to actually unlock the K30 Ultra Bootloader. I did everything the guides said, but Mi Unlock still doesn't recognize the phone when it's plugged in. Any Advice?

Hey guys (especially JaboJG). quick update: Flashing twrp and Magsik both just worked perfectly. no brick. Thanks for your help!!
The only issue is that it didnt help in passing Google Safety Check. I tried almost everything there is and will post my logs of MagiskHide Props in their thread soon.
Also, now some apps don't work anymore because they detect the root. I hope we will find a fix.
macrett said:
I'm going to quickly use this thread to ask how to actually unlock the K30 Ultra Bootloader. I did everything the guides said, but Mi Unlock still doesn't recognize the phone when it's plugged in. Any Advice?
Click to expand...
Click to collapse
No idea, sorry. It just worked for me.

Question Lost root out of the blue

I've lost root on my Pixel 6. Been rooted since I got it, I update every month then root it. On July 22 update, rooted fine.. I think yesterday I just lost root out of nowhere. I've been sideloading OTAs and fastboot flashing Magisk patched boot image, no issues until suddenly losing it. Any ideas why?

Having root alone voids the warranty on most devices. I'd say somewhere in your venture of installing and changing things you messed something up, triggered an error of some kind.

Serpent.king said:
Having root alone voids the warranty on most devices. I'd say somewhere in your venture of installing and changing things you messed something up, triggered an error of some kind.
Click to expand...
Click to collapse
I haven't installed or changed anything in a few months besides updates...

pbsavages said:
I haven't installed or changed anything in a few months besides updates...
Click to expand...
Click to collapse
If your device isn't crashing or anything else I wouldn't worry Abt the root. I'm guessing the updates have something to do with it. Most operating systems will have auto triggers that stop or disable certain things

pbsavages said:
I've lost root on my Pixel 6. Been rooted since I got it, I update every month then root it. On July 22 update, rooted fine.. I think yesterday I just lost root out of nowhere. I've been sideloading OTAs and fastboot flashing Magisk patched boot image, no issues until suddenly losing it. Any ideas why?
Click to expand...
Click to collapse
Not sure why you lost it but do you continue to lose it after flashing the patched image again? On the latest Magisk I take it?

Since your rank is senior member imma ask where do I start a thread I got a problem with this stupid tablet i need solved

Lughnasadh said:
Not sure why you lost it but do you continue to lose it after flashing the patched image again? On the latest Magisk I take it?
Click to expand...
Click to collapse
Yeah, latest Magisk is what I patched it with for the July update. I'm at work but I'll flash the patched boot image when I get home. This hasn't happened before, just wanted to see if it's happened to anyone else.

Serpent.king said:
Since your rank is senior member imma ask where do I start a thread I got a problem with this stupid tablet i need solved
Click to expand...
Click to collapse
Go to the device's forum, click on "Post Thread" at the top and choose the appropriate section (e.g. General, Question, etc...).

pbsavages said:
I've lost root on my Pixel 6. Been rooted since I got it, I update every month then root it. On July 22 update, rooted fine.. I think yesterday I just lost root out of nowhere. I've been sideloading OTAs and fastboot flashing Magisk patched boot image, no issues until suddenly losing it. Any ideas why?
Click to expand...
Click to collapse
I'm in exactly the same situation. I updated, patched boot.img with latest Magisk (25200) and flashed -> had root. Then I lost it I think after the first restart.
I'm not sure but I'm suspicious that I forgot to open Magisk and do install -> direct install to have permanent root. Maybe that's your case as well?
I just flashed a patched boot.img, tried to restart a few times and so far so good, root stays. Let's see if that works long term.

mic3r said:
I'm in exactly the same situation. I updated, patched boot.img with latest Magisk (25200) and flashed -> had root. Then I lost it I think after the first restart.
I'm not sure but I'm suspicious that I forgot to open Magisk and do install -> direct install to have permanent root. Maybe that's your case as well?
I just flashed a patched boot.img, tried to restart a few times and so far so good, root stays. Let's see if that works long term.
Click to expand...
Click to collapse
Nope, I've had it direct installed for almost a whole month

mic3r said:
I'm not sure but I'm suspicious that I forgot to open Magisk and do install -> direct install to have permanent root. Maybe that's your case as well?
Click to expand...
Click to collapse
You don't need to use direct install to have permanent root. That option is there for when you are already rooted and want to update Magisk itself via direct install instead of patching the boot image again, or if you fastboot boot rather than fastboot flash the patched image.
If you just fastboot booted the patched image rather than fastboot flashed it, then you will only have temporary root until you do a direct install or fastboot flash the patched image.

Serpent.king said:
Having root alone voids the warranty on most devices. I'd say somewhere in your venture of installing and changing things you messed something up, triggered an error of some kind.
Click to expand...
Click to collapse
No. Does not void warranty. Do not spread crap like this.

I've seen it get pissed off with the contents of the boot partition and "revert" it and/or somehow swap boot_b into boot_a. After this happened a few times, I just make sure to write the patched boot.img to BOTH boot_a and boot_b and haven't had it happen since.