Tips & Tricks

[2023 FIX] Working Fix for Magisk SafetyNet/CTS Profile FAILED

UPDATE – JANUARY, 2023 – UPDATED SAFETYNET FIX BY kdrag0n (Magisk 24 and newer)

Kdrag0n released a new version at the beginning of 2023, and here are the highlights of the v2.4.0 – 

  • Play Integrity bypass without breaking device checks or causing other issues
  • Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)
  • Updated instructions for newer Android and Magisk versions
  • Better debugging for future development

Kdrag0n mentioned that he wanted to make sure that this module won’t cause any unnecessary breakage. The spoofing will happen dynamically at runtime and only when necessary, minimizing the adverse effects.

DOWNLOAD UNIVERSAL SAFETYNET FIX v2.4.0

UPDATE – JUNE 2022 – UPDATED SAFETYNET FIX BY kdrag0n (Zygisk only)

After almost six months, Kdrag0n has released the new version of the SafetyNet fix, and this one only supports Zygisk (Magisk 24 and newer). Here are the highlights of this new version – 

  • Fixed fingerprint on OxygenOS/ColorOS 12
  • Support for Magisk 24+ module updates
  • Restored support for Android 7

DOWNLOAD UNIVERSAL SAFETYNET FIX v2.3.1

UPDATE – DECEMBER 2021 – UNIVERSAL SAFETYNET FIX BY kdrag0n (Zygisk and Riru versions)

kdrag0n has released new versions of the Universal SafetyNet Fix, both Riru and Zygisk versions.  So what to choose?

Well, for those using Magisk Canary, go with the Zygisk Version

For those using the stable Magisk, go with the Riru version. Remember that if you go with the Riru version of this universal SafetyNet fix, you must install the Riru module through Magisk Manager.  

Here are the links to the two versions – 

DOWNLOAD UNIVERSAL SAFETYNET FIX v2.2.1 (Zygisk)

DOWNLOAD UNIVERSAL SAFETYNET FIX v2.2.1 (Riru)

Android versions 7–12 are supported, including OEM skins such as Samsung One UI and MIUI.

UPDATE – SEPTEMBER 2021 – NEW FIX FOR SAFETYNET FAILED ISSUE

So recently, for some reason, SafetyNet has started failing even after installing the below-mentioned Universal Fix by kdrag0n. Thanks to TeamFiles on Telegram., we have another fix that works for this new issue. This fix requires you first to download a few files. Here are the ones you need to download and keep on your phone before starting with the steps – 

  1. Riru – Latest Release
  2. LSPosed – Latest Release
  3. XPrivacyLua – Download the Apk

You can also download a Zip file that has all these three files included in it. Here is the link to that. 

Before starting, make sure you back up everything as this fix has not been tested for all the devices, so it may cause issues in your phone. Also, make sure the latest Stable version of Magisk is there on your phone. We won’t be responsible for any damage happening to your phone. 

Here are the steps – 

  1. First, go to Magisk and install the Riru Module. Once the installation succeeds, come back to the modules page. Do not reboot yet!
  2. Next, install the LSPosed Module. Once that installs successfully, reboot your phone. This is important! Do not reboot in the first step.
  3. Once the phone reboots, you will see a new LSPosed app installed. 
  4. Now, you need to install the third apk file that you downloaded. Once that installs, go to the LSPosed app and go to Modules.
  5. There, choose the XPrivacyLua and ensure you “Enable Module.” Initially, make sure the “System Framework” and “Settings Storage” options are checked. 
  6. Now, go to the top right and tap on the three-dot menu. Select “Hide” and uncheck the “System Apps.” 
  7. So now, you need to scroll down and find Google Play Services among all the apps. Just Check that. Now Reboot your phone again.
  8. When your phone reboots, you must go back to the LSPosed app and ensure that three options are checked in the XPrivacyLua module. There are – “System Framework,” “Settings Storage,” and “Google Play Services.” 
  9. Once that is all right, close LSPosed, and there will be another app installed on your phone named “XPrivacyLua.” Open that. Click “I Agree.”
  10. Here, find Google Play Services and tap on that. Now, you need to check only one option there. And that’s “Use Tracking.” That should be the last option there.
  11. Finally, Clear all the data and cache of the Google Play Store and Google Play Services. Also, Hide Magisk and change its name. 
  12. And now, do a final reboot! 

And that’s it! If everything goes well, you will no longer have the SafetyNet Failed Issue on your phone, and the Play Store will show Device is Certified. If Banking apps are not working even after fixing the SafetyNet with this method, then you need to check “Use Tracking” for those apps in “XPrivacyLua.” Just like what we did with Play Services. And then, the same steps, i.e., clear data and reboot.  For a better understanding, here is the full video tutorial by Munchy – 

UPDATE – JULY 4, 2021 – UNIVERSAL FIX FOR SAFETYNET (ALL THANKS TO kdrag0n

kdrag0n has shared a Universal Fix for Google SafetyNet on Android devices with hardware attestation and unlocked bootloaders. You can now install a Magisk Module that will fix the ctsProfile Failed issue. On the official Github page, kdrag0n has mentioned that – 

This Fix defeats both hardware attestation and the new CTS profile updates, without any changes to device or model names, as long as you can pass basic attestation (i.e. fingerprints). No device-specific features (such as the Pixel-exclusive Google Assistant design) will be lost. MagiskHide is required if the device is rooted. Android versions 8–11 are supported. Heavy OEM skins are not officially supported, but they may work depending on your luck and the particular ROM in question.

Anyways, here are the steps – 

  1. Download this Magisk Module (For Android 8-11) – SAFETYNET-FIX-v1.2.0
  2. Open Magisk and go to the Modules tab
  3. Install the Magisk Module that you downloaded 
  4. Reboot your phone, and that’s it. 

v1.2.0 Changelog:

  • Added support for Android 12 Beta 2
  • Fixed boot loop after major Android updates

PREVIOUS VERSIONS OF THE FIX – 

NOTE – DONT INSTALL MODULE FOR Android 11 on Android 10 and vice versa as it will result in BOOTLOOP !!!

UPDATE – HERE IS ANOTHER METHOD THAT WILL HOPEFULLY HELP YOU FIX THE CTS PROFILE FALSE ISSUE

NOTE – TRY THESE STEPS ON YOUR OWN RISK. WE WON’T BE RESPONSIBLE IF ANYTHING GOES WRONG.

Here are the steps – 

  1. First, go to the Google Play Store & download “Termux,” an Android terminal emulator and Linux environment app. 
  2. Next, open Magisk Manager & from the left side menu and select the “Downloads” option.
  3. There, you need to Install two Magisk Modules –  Busybox for Android NDK & MagiskHide Props Config.
  4. You can either Install one Module & then reboot and then Install the other, or Install One, go back, install the second, and then reboot. Both will work. 
  5. Once the phone reboots, we need to do one final thing, which is the most important step. Before moving to the next step, check if both modules are shown as installed or not in Magisk Manager.
  6. Open the Termux app & then type “su” and press Enter. This will grant Superuser Rights to the app. 
  7. Next, type “props” & press Enter. You will see a lot of options & numbers in front of them to choose from.
  8. You need to choose the option that says “Edit Device Fingerprint.” It should be the Number “1,” but double-check it on your device. 
  9. Enter that Number & press Enter.
  10. Again, you’ll see some options & from there, choose the one that says “Pick a certified fingerprint.” This time, instead of numbers, you will see letters in front of each option like “f,” “v,” “s,” “b,” etc. Enter the letter in front of the option (Pick a Certified Fingerprint) & press Enter. 
  11. Now, you’ll see a long list of various Smartphone companies, so from here, you need to choose your phone’s company. For Example, if your phone is the Asus Zenfone Max Pro M1, choose “Asus.” Here also, you need to type the number in front of the company name & then press Enter. 
  12. Now, it’ll show you various devices from that company. If your device is there on the list, you’re good to go. Otherwise, you’re not lucky, so you will have to wait for another method. 
  13. Select the number in front of your Phone’s name & then press Enter.
  14. Finally, it will ask if you want to continue. If you have followed everything above & selected the right options, write “y” & press Enter. 
  15. Finally, press “y” to reboot your device & press Enter. Now, your phone will reboot.

After all these steps, you will see that in the Magisk Manager, it no longer says “false” in front of the ctsProfile option. Also, in the play store, it’ll say “Device in Certified.” Hopefully, you will also be able to use Payment apps like Google Pay on your device (Hopefully). 

Thanks to Crazy Customization (YouTube) for the video tutorial.

UPDATE: 2020 – IN MARCH 2020, GOOGLE MADE SOME CHANGES THAT RESULTED IN MAGISK NOT BEING ABLE TO PASS SAFETYNET. HERE IS A WORKAROUND FOR THAT TO FIX THE CTS PROFILE FALSE ERROR (SAFETYNET FAILED). 

We will use Xposed Framework for the Workaround, but you need to have your device rooted via Magisk and have the Magisk Manager installed on your phone since we need the Magisk Modules. Now, there is no way to know if Xposed Framework will work on all the devices, so there are chances of it not working on your device. 

First of all, here are all the files that you need to download on your device – 

Table of Contents

HERE ARE THE STEPS TO FIX THE MAGISK CTS PROFILE FALSE ERROR WITH THE NEW METHOD

  1. First, Install Riru Manager. If you get the Unknown Sources error, enable ‘Allow from this source and Install it.
  2. Once you install it, go to Magisk Manager, then, from the left side menu, go to the Modules section. Tap on the Plus Button.
  3. If you don’t have the ‘Show Internal Storage’ option enabled in File Manager, tap on the three dots in the top right corner and select it. In case it is already enabled, you will see the ‘Hide Internal Storage’ option in its place. So you don’t need to do anything. 
  4. Navigate to the folder in the internal storage where you have all the downloaded files, and then select the ‘MAGISK RIRU-CORE’ ZIP file. Once installed, Reboot the phone. (Check the Modules section in the Magisk Manager to see if the module has been installed properly. You will see a checkmark if it is installed successfully). 
  5. In the App Drawer, you will now see a new app called ‘Riru.’ Open it, and if it says ‘Everything Looks Fine,’ you’re all set to follow the next steps. If you get any errors, try installing Riru Module again.
  6. Now, once again, go to the Magisk Manager > Modules and then press the Plus button. Now, we need to install the ‘EdExposed Module,’ and as mentioned above, there are two versions to choose from. You have to try and see which one works for your device. We will recommend starting with the ‘Yahfa’ version first. Once again, once installed, reboot the phone. After reboot, once again, confirm if the module is installed properly.
  7. Go to the File Manager and install the ‘EdExposed Manager’ via the APK file. You will see the App in the App Drawer.
  8. Open it to see if there are any errors or not. If there are any, the ‘Yahfa’ version didn’t work. So, in that case, go to the Module section, remove the Yahfa version, reboot the phone, and then install the ‘Sandhook’ version.
  9. Finally, install the ‘HiddenCore’ Xposed Module via its APK file. Now, go to ‘EdExposed Manager,’ swipe from the left side, select the ‘Modules’ option, then enable the ‘HiddenCore’ Module. Now, reboot your phone.
  10. After Reboot, you should check if the ‘HiddenCore’ module has been enabled successfully in the EdExposed Manager. 

Well, that’s it! Now, go to Magisk Manager, tap to start the SafetyNet Check, and see that the ‘ctsProfile’ shows as True! This means we successfully did the SafetyNet Bypass. 

NOTE THAT IF THIS METHOD ALSO DOESN’T WORK, THEN WE WILL HAVE TO WAIT FOR THE DEVELOPERS TO FIND ANOTHER FIX FOR THIS. 

Props to ‘Munchy‘ for sharing this method on his YouTube Channel. 

CONCLUSION

This detailed guide was about fixing the CTS Profile Mismatch Error or Magisk Basic integrity False error even with Magisk installed. If the steps mentioned above don’t work, you need to start from scratch, i.e., flash Stock ROM, install TWRP, flash Magisk ZIP and do the same thing again. Did the steps work for you? Do let us know via the comments section.

What is CTS profile mismatch?

CTS means Compatibility Test Suite & CTS Profile Mismatch is an error that causes SafetyNet check to fail, even if you have Magisk on your device.

What is the SafetyNet Check?

Google Developed SafetyNet & it is an API (Application Programming Interface) that is used to detect if a certain device is in a good state or not.

How Do I Fix How do I fix Magisk SafetyNet?

1. Use MagiskSu2. Try unSU3. Turn OFF USB Debugging4. Set Selinux Back to Enforcing5. Try a Custom Kernel

How do I Enable Magisk Hide?

Open Magisk Manager App, then swipe from the left & select Magisk Hide. Now, you can turn on and off it for certain apps.

7 5 17 6 4 17
Arvind Rana
A Tech Aficionado who loves writing on smartphones and also the one handling DroidHolic's YouTube channel. Hobbies include programming, gaming, and making videos. And yeah! He is the one who started DroidHolic.
Related
Show Comments (35)

35 Comments

  1. Hey Arvind, need some help here. I installed Resurrection Remix in my Moto G4 Play and don’t know what to do for passing the Safetynet. Do I have to change my rom or something? I only want to install Netflix.

    Reply

  2. I am on a Samsung Galaxy Note 5. I have tried everything in your list except the Franco Kernel since it doesn’t work on the Note5. I am running the LineageOS 7.1.1 by RaymanFX. Still getting “ctsProfile: false” in Magisk Manager. Any suggestions?

    Reply

  4. thanks for the guide. for me i think it was just a matter of enabling magisk hide, after an update and re-root that option was not enabled. I am not sure but i think it was enabled automatically the first root. I also cleared play store data.
    -all’s right with the world now.

    Reply

  5. thanks for the post
    it works for me the old method used riru and edexposed

    should i uninstall all of this after make magisk work or not..?
    once again thanks for the effort

    Reply

  6. Method at top of this page did not work. Pixel 2XL, latest build of 11.

    Magisk otherwise looking good

    ctsProfile still fails

    Phone is otherwise operational; root and Superuser App verified OK

    Reply

  7. “Next, open Magisk Manager & swipe from the left side. From there, select the “Downloads” option.”

    Magisk doesn’t have a UI where swiping does anything.

    Reply

  8. I have samsung galaxy s20 5g (sm-g981bd/s) 2020

    This site has been the best for instruction in order to make it SUCCESS in the Mariska safetynet.

    This worked brilliant followed instructions and valaaa.

    Reply

  10. Pixel 2 on stock image on A10 was fixed by using the latest version – safetynet-fix-v1.1.1.zip. Thanks for posting your January update!

    Reply

  11. Confirming that I was able to get a pass with Magisk 24.1 (8.0.7 Manager) on a Motorola G7 Power (ocean) running Revenge 4.0 (Android 11, Jan 24 2021 Build), with NikGapps-R Core (Also Jan 24 2021).

    My first attempt was to use the Magisk-Hide module, that didn’t work
    Second attempt was to use the SafetyNet Fix v1.11, that only passed Basic Integrity but not cts
    Third attempt (while keeping the last two) was to do the props config step just after, that passed completely (I picked 16 Motorola, then 16 again for Motorola G7 Power 9/10, and picked Android 10 for the final step, as only 9 and 10 were options).

    Nutshell : MagiskHide module, Safteynet Fix v1.11, Props with Termux (before the 2020 update), picking Motorola G7 Power 9/10 and Android 10.

    I cleared cache and data for the Google Play Store app, and it now starts showing and installing apps that would normally be hidden without passing SafteyNet such as Netflix, etc.

    Reply

    1. Cheers…I’m running stock Android 10 on the same phone as you and I was able to pass safetynet using the terminal method cause the g7 is listed…no other method worked for me

      Reply

  12. Bravo! SafetyNetFix 1.1.1 worked perfectly on fully-patched and updated Pixel 2XL. We’ll see if it “sticks.” Many thanks!!

    Reply

  15. I did the first few steps (magical hide, safety net fix,BusyBox) I didn’t found Mi note 10 lite on list of fingerprints but I tried an Mi note 10 Europe, after reboot magisk didn’t looked liked it was fixed (got an error) but gPay is working just fine (I got custom ROM spice os and it has custom kernel called Vantom, don’t know what fixed it, just leaving comment if anybody got same phone 🙂

    Reply

  16. Thank you so much!
    I tried so many things, which even broked my phone. And this worked, only after enabling this module and reboot.
    First time since yeqrs with safety net. THANKS!

    Reply

  18. Hi,

    I installed the zip as recommended. After reboot, the phone (Samsung S9+) asked me for the pin on startup to enable the fingerprint unlock feature. So far, so normal.
    But then it locked itself within 1 to 2 seconds telling me to enter the pin to unlock the fingerprint feature RIGHT AFTER STARTUP. Startup again? Yes, the phone was running normal but “thought” it’s still right after bootup and it’s the first time to unlock the screen.
    It was not easy to disable the module again having a time frame of 1 to 2 seconds. Finally it worked. Before uninstalling I checked the Safety.net status which was passed. Now, after uninstalling the phone works as before: Safety.net check failed

    Anyone experiencing the same? Is there any cure for this?

    Reply

  21. well…, for me the september fix doesn’t work on the galaxy S9 phone. But, if I want to start with fresh installation, could you please describe the steps?

    Reply

  22. Thanks for the awesome help! In my case (this might be a coincidence) since I followed the steps (about 4 days by now) the moisture detected alert had been on and so I haven’t been able to charge my phone with a wire (I have cleaned the port thoroughly). Please let me know if anyone else has encountered this issue.

    Reply

  23. I followed every step on the September 21 update precisely and found everything like a charm. But sadly after the last reboot, the ctsProfile still fails.

    bq Aquaris X Pro 128GB wirh Lineage 18.1 nightly-09-11-21 with openGapps Nano

    Any advice?

    Reply

  24. I rooted my new OnePlus 8T with twrp and Magisk but safetynet keep failing. After following the instructions to install riru, it fixed the issue and it is now passing with flying colours.
    Great work!

    Reply

  25. Hi,
    I did all with my OnePlus 5, Lineage 19.
    Magisk 25.2 and SafetyNet 2.4.0.
    But I still have issues.
    It passes and I configure apps like Wallet.
    After hours or if I restart the phone it resets all denylist and the apps stop working again and I have to perform the process another time.
    Did I miss anything? Do you know if it is normal behavior?
    Many thanks in advance!

    Reply

Your email address will not be published. Required fields are marked *