[DISCUSSION] Safetynet patch for our Gtab 2 kernels - Galaxy Tab 2 General

Safetynet is really becoming widely used in apps such as Netflix and Banking apps and while other devices pass safetynet through magisk easily, our devices could not. At best case scenario only the basic integrity check passes. Now, there is a kernel patch made by sultanxda to bypass the safetynet check on our kernels. Would it be worth it if someone recompiles Anykernel with the safetynet patch?

Lightracer said:
Safetynet is really becoming widely used in apps such as Netflix and Banking apps and while other devices pass safetynet through magisk easily, our devices could not. At best case scenario only the basic integrity check passes. Now, there is a kernel patch made by sultanxda to bypass the safetynet check on our kernels. Would it be worth it if someone recompiles Anykernel with the safetynet patch?
Click to expand...
Click to collapse
you should ask Android-andi directly, when he gets back his LG device

Disabling a security feature sounds stupid if i care about rom security all the time... Beside that i am not even sure if we would ever need that mentioned kernel patch.

ninestarkoko said:
you should ask Android-andi directly, when he gets back his LG device
Click to expand...
Click to collapse
Andi's AnyKernel thread mentions "No Feature Requests" so I don't really want to donate
$$$ to a charity because I'm broke

Android-Andi said:
Disabling a security feature sounds stupid if i care about rom security all the time... Beides that i am not even sure if we would ever need that mentiones kernel patch.
Click to expand...
Click to collapse
Maybe you're right, posts about that kernel patch dates back to October 2016 and I can't find any threads for it

Lightracer said:
Safetynet is really becoming widely used in apps such as Netflix and Banking apps and while other devices pass safetynet through magisk easily, our devices could not. At best case scenario only the basic integrity check passes. Now, there is a kernel patch made by sultanxda to bypass the safetynet check on our kernels. Would it be worth it if someone recompiles Anykernel with the safetynet patch?
Click to expand...
Click to collapse
i applied this patch on a non-public test build of rr 5.7.4. this patch dont solve the problem for now, because hide magisk is not working properly with our tab.

smart-t78 said:
i applied this patch on a non-public test build of rr 5.7.4. this patch dont solve the problem for now, because hide magisk is not working properly with our tab.
Click to expand...
Click to collapse
Oh, is the problem found yet or is it still a mystery?

Lightracer said:
Oh, is the problem found yet or is it still a mystery?
Click to expand...
Click to collapse
its still a mystery.
i worked on a rr version with inbuilt magisk some weeks ago. root works without problems but hide magisk dont do his job. so it doesnt matter if the patch applied or not. cts profile check fails.

This tablet P3110 used to do Netflix just fine... What was the last Netflix version before the switch? And is that version still working for Netflix viewing or is it blocked too?

ONLY FOR INFO
https://www.lineageos.org/Safetynet/

Just an small update: we don't need this freaking kernel workarounds other devices need because of the bootloader.
Latest slim6 and omni6 by me, also latest official lineage pass safetynet out of the box (not sure if lineage needs magisk to hide su, slim6 and omni6 are "user" builds and don't even allow adb root access)

Related

Magisk 16 and Honor 8

Did anybody using Magisk 16 on Honor 8? My main concern is the Magisk Hide and the safety checks...
Since Magisk 16 there are some support on Honor devices but in the real life I am not sure if is a point to going away from SuperSU...
It works fine. Supersu was taken over by a Chinese company. Chel stopped reviewing code for it. So unless you like your privacy, stick with supersu.
agraceful said:
It works fine. Supersu was taken over by a Chinese company. Chel stopped reviewing code for it. So unless you like your privacy, stick with supersu.
Click to expand...
Click to collapse
Everything is about privacy in this days...
Which is the last version of SuperSU, which was maintained by Chel?
So for privacy point is better Magisk. How is the privacy in Magisk? That's a big question
Which version of Magisk you're using? I have FRD-L09C432b394 but I am wondering if the Magisk Hide and the safety checks will work, because this s known problem with Honor/Huawei devices. I see the support from v16 for Honor devices but I don't know what's clearly mean that.
it's been working fine for me including safetynet. Interestingly, I have to keep USB debugging enabled to pass safetynet
jasonvxs4 said:
Interestingly, I have to keep USB debugging enabled to pass safetynet
Click to expand...
Click to collapse
THANK YOU, THANK YOU, THANK YOU!
I was looking everywhere as to why it was passing before the update to B404 and now was failing!
Flicked the option and passing safteynet again!
agraceful said:
It works fine. Supersu was taken over by a Chinese company. Chel stopped reviewing code for it. So unless you like your privacy, stick with supersu.
Click to expand...
Click to collapse
jasonvxs4 said:
it's been working fine for me including safetynet. Interestingly, I have to keep USB debugging enabled to pass safetynet
Click to expand...
Click to collapse
linkazoid said:
THANK YOU, THANK YOU, THANK YOU!
I was looking everywhere as to why it was passing before the update to B404 and now was failing!
Flicked the option and passing safteynet again!
Click to expand...
Click to collapse
What version of Magisk you're using on which firmware?
dewadi said:
What version of Magisk you're using on which firmware?
Click to expand...
Click to collapse
V16 on B404, was also using v16 on B403 too
I noticed earlier that my usb debugging was switching straight off after enabling. Make sure this isn't happening to you. Click the reset to default button at the bottom and then select it again
I'm using 16.3. Almost every single magisk version released has worked fine for me. Chel doesn't maintain it anymore. You can use an older version of supersu but I'm not sure why you'd want to do that. As far as usb debugging.. i always have that on anyway.. i have an L04 and I'm on 392 firmware. Magisk is much better. I was very very hesitant when I switched, specially since it wasn't at the state it is now, but I'm glad i switched.
linkazoid said:
V16 on B404, was also using v16 on B403 too
I noticed earlier that my usb debugging was switching straight off after enabling. Make sure this isn't happening to you. Click the reset to default button at the bottom and then select it again
Click to expand...
Click to collapse
agraceful said:
I'm using 16.3. Almost every single magisk version released has worked fine for me. Chel doesn't maintain it anymore. You can use an older version of supersu but I'm not sure why you'd want to do that. As far as usb debugging.. i always have that on anyway.. i have an L04 and I'm on 392 firmware. Magisk is much better. I was very very hesitant when I switched, specially since it wasn't at the state it is now, but I'm glad i switched.
Click to expand...
Click to collapse
Did you tried Magisk 16.4?
Sorry if I'm hijacking.
Since you're talking about 16.3 and 16.4, does Magisk hide works?
That was my previous problem with rooting. I would like to remove some apps and add AdAway, while using Google Pay.
zinko_pt said:
Sorry if I'm hijacking.
Since you're talking about 16.3 and 16.4, does Magisk hide works?
That was my previous problem with rooting. I would like to remove some apps and add AdAway, while using Google Pay.
Click to expand...
Click to collapse
Anyone have any clue about this?
zinko_pt said:
Anyone have any clue about this?
Click to expand...
Click to collapse
that's what I am running
jasonvxs4 said:
that's what I am running
Click to expand...
Click to collapse
Magisk hide working?
jasonvxs4 said:
it's been working fine for me including safetynet. Interestingly, I have to keep USB debugging enabled to pass safetynet
Click to expand...
Click to collapse
Thanks for this trick man! I was puzzled as to why I was failing the SN check after passing it for a few hours.
I will retry flashing Magisk 16 :good:
takichiman said:
Thanks for this trick man! I was puzzled as to why I was failing the SN check after passing it for a few hours.
I will retry flashing Magisk 16 :good:
Click to expand...
Click to collapse
Magisk 16.4 works fine with Hide and fingerprint sensor.
zinko_pt said:
Magisk 16.4 works fine with Hide and fingerprint sensor.
Click to expand...
Click to collapse
Thanks for the info. I will reflash magisk 16.4 on a fresh stock L04B395 ROM and update you if the Safetynet fails
takichiman said:
Thanks for the info. I will reflash magisk 16.4 on a fresh stock L04B395 ROM and update you if the Safetynet fails
Click to expand...
Click to collapse
Safetynet passes in my L09C432B405.
zinko_pt said:
Safetynet passes in my L09C432B405.
Click to expand...
Click to collapse
I confirm that it passes on my L04C567B395. But because of that stupid USB debugging option that keeps getting turned off, I have to continuously toggle/untoggle the option and eventually sometimes plugging the phone to a computer to trigger the adb, so I can pass the safetynet test.
For the record I'm using Magisk 16.4
linkazoid said:
THANK YOU, THANK YOU, THANK YOU!
I was looking everywhere as to why it was passing before the update to B404 and now was failing!
Flicked the option and passing safteynet again!
Click to expand...
Click to collapse
WOW finally pass the safetynet!!!
Thanks alot!! I'm using magisk v17.1 with h8 frd10, what a magic!:highfive:

Stock at&t device certified fingerprint

I'm on an lg-v350, originally from at&t but it is currently unlocked, rooted with magisk and running Android 9. My device has been "ctsprofile:failed" for a awhile now. Not the biggest deal but if anyone has a certified device fingerprint I'd be very appreciative.
You can get it to pass by installing a couple modules in Magisk. The first one is busybox as a requirement. The second on is MagiskHideProps; it does the work. Use it to change the fingerprint to a Pixel 3 on Pie. I do not know the drawbacks of doing this, but you will pass the ctsprofile check and be able to use GPay.
Meatmassuse said:
I'm on an lg-v350, originally from at&t but it is currently unlocked, rooted with magisk and running Android 9. My device has been "ctsprofile:failed" for a awhile now. Not the biggest deal but if anyone has a certified device fingerprint I'd be very appreciative.
Click to expand...
Click to collapse
cmrntnnr said:
You can get it to pass by installing a couple modules in Magisk. The first one is busybox as a requirement. The second on is MagiskHideProps; it does the work. Use it to change the fingerprint to a Pixel 3 on Pie. I do not know the drawbacks of doing this, but you will pass the ctsprofile check and be able to use GPay.
Click to expand...
Click to collapse
Yea, that's the eventual option I came too as well. Haven't noticed any ill effects yet but who knows if it'll work forever. One amusing side effect was a free 100gbs on google drive when I opened the app. Some pixel promo ot said, haha.
Meatmassuse said:
I'm on an lg-v350, originally from at&t but it is currently unlocked, rooted with magisk and running Android 9. My device has been "ctsprofile:failed" for a awhile now. Not the biggest deal but if anyone has a certified device fingerprint I'd be very appreciative.
Click to expand...
Click to collapse
From stock AT&T V35 with latest PIE and security update. These should work with the Magisk props module to pass CTSProfie. I haven't cross-flashed, unlocked or rooted mine due to concerns with widevine L1 and the lack of an AT&T stock backup ROM.
[ro.build.fingerprint]: [lge/judyp_lao_com/judyp:9/PKQ1.181105.001/200341345c8c9.FGN:user/release-keys]
[ro.build.version.security_patch]: [2020-02-01]
Config attached (remove txt extension and place in sdcard directory, then choose custom fingerprint in props module).
rlw6534 said:
From stock AT&T V35 with latest PIE and security update. These should work with the Magisk props module to pass CTSProfie. I haven't cross-flashed, unlocked or rooted mine due to concerns with widevine L1 and the lack of an AT&T stock backup ROM.
[ro.build.fingerprint]: [lge/judyp_lao_com/judyp:9/PKQ1.181105.001/200341345c8c9.FGN:user/release-keys]
[ro.build.version.security_patch]: [2020-02-01]
Config attached (remove txt extension and place in sdcard directory, then choose custom fingerprint in props module).
Click to expand...
Click to collapse
I want you too know that I'd divorce my wife for you sir haha. For real though, thanks bruv.
Meatmassuse said:
I want you too know that I'd divorce my wife for you sir haha. For real though, thanks bruv.
Click to expand...
Click to collapse
Glad to help. I learned a while back to back up my props before hacking on my android devices...
Does anyone have the Oreo fingerprint for AT&T V35? I would very, very much appreciate it. I have cross-flashed to Oreo ULM and can't get CTSprofile to pass using the Pie version.
Edit:
Nevermind. Fixed it by upgrading to ULM Pie and flashing FTM, modemst1 and modemst2 from AT&T.

[Question] Safetynet on Openbeta

Hey,
Long time. Rooter (since HTC desire HD) here.
I remember on my older Oneplus phones, installing an beta would stop you passing Safetynet, so banking apps wouldn't work etc. Is this still the case? Can anyone on the 11 betas see if it passes safetynet? I'm not rooted currently!
Anyone?
Havent tried the beta's yet either. But I am rooted and pass safetynet on my 8pro. One of my 1st rooted devices was the HTC DesireHD as well and I did like the Nexus 5 alot.
atm I'm using XXX flashed with magisk and the current Radioactive kernel and my phones gr8 and passes safetynet for banking apps , gpay , netflix etc.
mapester said:
Havent tried the beta's yet either. But I am rooted and pass safetynet on my 8pro. One of my 1st rooted devices was the HTC DesireHD as well and I did like the Nexus 5 alot.
atm I'm using XXX flashed with magisk and the current Radioactive kernel and my phones gr8 and passes safetynet for banking apps , gpay , netflix etc.
Click to expand...
Click to collapse
Yeah with magisk I know you can pass, but I havnt felt the need to root this phone (nor my 7 Pro when I had it) - especially since a lot of people have had a fingerprint enrollment problem (I know you have to backup the persist partition) - I just wanted to test out some android 11 stuff, but it used to be that if you were in a beta, you failed safetynet even if BL was locked. Was just curious, thats all!
manor7777 said:
Yeah with magisk I know you can pass, but I havnt felt the need to root this phone (nor my 7 Pro when I had it) - especially since a lot of people have had a fingerprint enrollment problem (I know you have to backup the persist partition) - I just wanted to test out some android 11 stuff, but it used to be that if you were in a beta, you failed safetynet even if BL was locked. Was just curious, thats all!
Click to expand...
Click to collapse
Just to clarify - the fingerprint enrollment problem has nothing to do with root. It's all about the bootloader. Something happened when the bootloader was relocked (manually or by msmdtool). I believe the issues is fixed on later OOS versions, but haven't really looked into it as I'm not relocking.
Your question, however, the answer depends on when you flash the OB. It seems the OB is released around the same time the build is sent too google for verification, so if you're too quick to flash safetynet fails. If you wait for google to verify the ROM it's all good. There is, as far as I know, no information about when builds are verified. If you flash the ob too soon you can clear ps data and it will pass once google has updated on their part.
Edit: That's how they do it with pre-11 betas, not sure about 11, I guess that's up to google as it's an unreleased OS version. I believe even pixels fail their safetynet checks at this time.
efex said:
Just to clarify - the fingerprint enrollment problem has nothing to do with root. It's all about the bootloader. Something happened when the bootloader was relocked (manually or by msmdtool). I believe the issues is fixed on later OOS versions, but haven't really looked into it as I'm not relocking.
Your question, however, the answer depends on when you flash the OB. It seems the OB is released around the same time the build is sent too google for verification, so if you're too quick to flash safetynet fails. If you wait for google to verify the ROM it's all good. There is, as far as I know, no information about when builds are verified. If you flash the ob too soon you can clear ps data and it will pass once google has updated on their part.
Edit: That's how they do it with pre-11 betas, not sure about 11, I guess that's up to google as it's an unreleased OS version. I believe even pixels fail their safetynet checks at this time.
Click to expand...
Click to collapse
Ah OK, that makes sense. Most of the OnePlus betas I've installed n the past have been after Google. Released the OS to pixels, and they still failed Safetynet, but I also know Google is constantly changing safetynet stuff so that's why I wondered. Thanks anyway!

Why does my stock rom not pass safetynet?

Hey,
I had the PixelElxperience custom rom installed until I heard about the new android 11 oxygenos beta. So I installed the new beta. Only problem there is I don't pass the safetynet anymore. I locked the bootloader which lets me pass google pays safety as I can add paypal. But my banking app doesn't let me log in. Magisk says basicIntegrity check and ctsProfile check and evalType Hardware. What can I do so that my Banking app works?
Thanks in advance!
No
still.no.skill said:
Hey,
I had the PixelElxperience custom rom installed until I heard about the new android 11 oxygenos beta. So I installed the new beta. Only problem there is I don't pass the safetynet anymore. I locked the bootloader which lets me pass google pays safety as I can add paypal. But my banking app doesn't let me log in. Magisk says basicIntegrity check and ctsProfile check and evalType Hardware. What can I do so that my Banking app works?
Thanks in advancE
Click to expand...
Click to collapse
Why you duplicate your posts? One is enough
Use magiskhide and hide that banking app.

Question Nothing OS 1.5 beta - CTS profile fail

I updated my NP1 to NOS 1.1.7( with fix) and today to 1.5 beta. My device is not rooted with locked bootloader and still is not google certified and fails CTS. Any ideas on how to fix this?
I tried the default Universal SafetyNet Fix and it didn't work, I also tried using a custom fingerprint but it would break my fingerprint scanner, I ended up using a modded version of the fix it CTS is passing for me.
MarcoReckless said:
I tried the default Universal SafetyNet Fix and it didn't work, I also tried using a custom fingerprint but it would break my fingerprint scanner, I ended up using a modded version of the fix it CTS is passing for me.
Click to expand...
Click to collapse
My device is not rooted and the bootloader is still locked. I just installed NOS 1.5 beta by downloading the update zip for EEA and installing it with *#*#682#*#* etc. I tried to certify my device with google and see if anything can be done....
Chaotick said:
My device is not rooted and the bootloader is still locked. I just installed NOS 1.5 beta by downloading the update zip for EEA and installing it with *#*#682#*#* etc. I tried to certify my device with google and see if anything can be done....
Click to expand...
Click to collapse
I'm afraid you can't do anything while locked, we were warned that bank apps would break.
Chaotick said:
I updated my NP1 to NOS 1.1.7( with fix) and today to 1.5 beta. My device is not rooted with locked bootloader and still is not google certified and fails CTS. Any ideas on how to fix this?
Click to expand...
Click to collapse
it is normal for SafetyNet to fail in beta
in the mail from nothing it also says that netflix and googel pay / wallet does not work.
as soon as it is official A13 everything works again
MarcoReckless said:
I tried the default Universal SafetyNet Fix and it didn't work, I also tried using a custom fingerprint but it would break my fingerprint scanner, I ended up using a modded version of the fix it CTS is passing for me.
Click to expand...
Click to collapse
Thanks, the modded version works very well.

Categories

Resources