Hi,
I could really use some help here with the i377m Canadian S4.
Basically, I want to make sure there is no root, that the bootloader is locked and that SafetyNet passes.
Here is what I did:
1) Downloaded Optimized LineageOS 14.1 and GApps, copied them on an SD card
2) Installed Samsung drivers and Odin
3) Installed the recommended TWRP (jfltecan) for LineageOS 14.1 , which is 3.1.0.
4) Installed TWRP via Odin
5) Booted to TWRP and cleared Dalvik, etc.
6) Installed Optimized LineageOS
7) Went to Developer Options, disabled Root
8) Flashed DisableSuperUser
9) Cleared Dalvik, etc. again
Safety Net Test says "CTS profile match: false" and "Basic Integrity: false"
I tried loading Pokémon GO (one of the few uses of this older device) and get "Unable to authenticate", another clue that SafeNet failed.
Also, I am getting the "Kernel is not Seandroid enforcing" and "Set Warranty Bit: Kernel" messages during bootup.
SELinux is set to "Permissive" and I read setting it to "Enforcing". The kernels found here for this model all seem to set to Permissive. At this point though I'm not sure and I would rather ask for guidance first.
Thanks for any help you may provide!
The bootloader on the sgh-i337m was never locked.
audit13 said:
The bootloader on the sgh-i337m was never locked.
Click to expand...
Click to collapse
Thanks... One thing I don't have to worry about.
I recall that at some point, I did give TWRP full access when prompted. Could this be one of the things that are triggering the Safety Net failures?
I don't know how to revoke the access I granted.
I don't think granting access to TWRP would affect the ROM since TWRP only runs when the phone boots into recovery.
Safetynet may be failing due to a custom ROM that hasn't been signed by Samsung.
You're getting the "not enforcing" because the phone has a custom ROM and recovery.
Related
Hello!
Now after Google seems to be tweaking the hell out of its Safetynet (bootloader check and whatever) I was wondered where this will lead us to. Especially since our devices, at least the Exynos ones come with an unlocked bootloader..
I tried a dozen of combinations from the above named tools without any success, as my mobile banking app seem to rely on that crap now too since it's latest update (I can live without Pokemon go ) it got me all little worried.
What are your experiences, how did you lock out Safetynet, do you guys ignore it? So many questions regarding that topic. Feel free to leave any comment.. :good:
From what I understand all s7 come with bootloader locked by default but on exynos variant, it's unlockable with a "OEM Unlock" toggle in developer option. So normal user who don't root or modified the phone don't affect by new safetynet.
So if you don't need root, you can turn off OEM Unlock and flash back stock rom. But if you need root, there's no known method for now to bypass safetynet.
Sent from my SM-G935F using Tapatalk
I haven't been able to log in PokemonGO with my S7 and on my OnePlus One for the last 24 hours
Samsung Galaxy S7
TWRP 3.0.2-3
Superman ROM v1.14 (SELinux status [kernel]: Permissive)
Supersu v2.78-sr1 systemless
topjohnwu's Xposed v86.2 systemless
Suhide v0.55
06suhide
RootSwitch 1.2.4
Click to expand...
Click to collapse
EDIT: It now works with my OnePlus One (removed the 06suhide fix and ticked the "Stop all SU deamons" option in RootSwitch), but stills doesn't work with my S7
OnePlus One
TWRP 3.0.2.0
Official ROM Cyanogen OS v13.1.2 Android 6.0.1
SELinux Status: Enforcing
Supersu v2.78-sr1 systemless
Suhide v0.55
06suhide
+Added RootSwitch 1.2.4
Click to expand...
Click to collapse
I've heard they can now detect and block Custom Recovery. I don't think it's true.
I tried that Again now, using Hydra Kernel 1.7.1 without that modified Boot stuff. Removed SuperSu and Xposed, flashed the new Root Free Kernel and safetynet i's Not Flagged. The Main Problem for me (and many others) ist, that the Phone wont Boot after installing SuHide 0.5x! I've used the Not Flagged System as testbase, TWRP doesnt Alter it in any Way, but once i install either Magisk v8 or SuperSu 1.78R1 it gets Flagged Again.. So without SuHide, which doesnt Boot the Phone at All its worthless..
Hello everyone, I went to root my phone today, I used a Youtube tutorial with the exact links/downloads given. Followed the steps but my device is having trouble rebooting, it is just stuck on the Samsung logo flashing and I'm not too sure what to do. Also when it boots up I get the error message in the top left of my screen saying "Recovery Is Not Seandroid Enforcing", hopefully that helps.
Thanks.
Hipp0123 said:
Hello everyone, I went to root my phone today, I used a Youtube tutorial with the exact links/downloads given. Followed the steps but my device is having trouble rebooting, it is just stuck on the Samsung logo flashing and I'm not too sure what to do. Also when it boots up I get the error message in the top left of my screen saying "Recovery Is Not Seandroid Enforcing", hopefully that helps.
Thanks.
Click to expand...
Click to collapse
Hard to help if you do not write in detail. Such as phone type, links you have used, etc etc
Hipp0123 said:
Hello everyone, I went to root my phone today, I used a Youtube tutorial with the exact links/downloads given. Followed the steps but my device is having trouble rebooting, it is just stuck on the Samsung logo flashing and I'm not too sure what to do. Also when it boots up I get the error message in the top left of my screen saying "Recovery Is Not Seandroid Enforcing", hopefully that helps.
Thanks.
Click to expand...
Click to collapse
You need to flash SuperSU manually.
1. Flash TWRP
2. Format data
3. Flash SR3-SuperSU-v2.79-SR3-20170114223742.zip
http://download.chainfire.eu/1021/SuperSU/SR3-SuperSU-v2.79-SR3-20170114223742.zip
You simply brick your phone. You need to know that there is not Chainfire-AUTO-Root for Nougat, so you need first flash Stock FIRMWARE from Sammobile, then flash TWRP and flash SuperSU
Or you can flash many of 100 roms with prerooted supersu and busybox.
Hi there,
After upgrading my S7 Edge G935F to stock version xxu1dqd7 (with latest May 2017 upgrades) I had to install TWRP (twrp-3.1.1-0-hero2lte.img) again.
Unfortunately this change will NOT recognise my pattern lock now! I had to re-install the stock image (DBT-G935FXXU1DQEF-20170523093738 with ODIN) using the HOME_CSC file to hold my data.
This re-installation brought me back to the game, but without TWRP and hope for root, but the pattern pin (the same) is now working...
Update 1
Installing TWRP (twrp-3.1.1-0-hero2lte.img) over the new stock image (DBT-G935FXXU1DQEF-20170523093738 with ODIN) without having the pattern lock enabled feature during start will result in stuck on
the samsung title.
Update 2
I had to repeat the step above (stock firmware), so stay now without root.
Will check later with other stock versions
>It seems you didn't format the data partition or dm-verity was not installed. Happened to me, won't boot if >anything is altered like when installing a custom recovery.
Yes, I did it with and without dm-verity, All 3 options,
TWRP (ok, but pattern lock will not recognized)
TWRP + supersu (2.82) (stuck on the samsung logo)
TWRP + supersu (2.82) + dm-verity (stuck on the samsung logo)
Yes, I didn'T format the data partition. Didn't want to lose my data ( Never had a problem to upgrade stock roms on my old S4 and root after).
Before the stock upgrade, I run with the Jan 2017 patch level (I bought this 2 days ago) and was able to root with the above method.
Today I wanted to jump the the latest stock version but run in trouble then.
Update 3
Downgrading to Stockrom from 2017-Jan-30 Germany 7 G935FXXU1DQB3 G935FDBT1DQA8 is not an option (anymore), The system boot up but with lot of errors and it's unresponsable and not usable.
Upgade then to the April patch status (2017-Apr-17 Germany 7 G935FXXU1DQD7 G935FDBT1DQD1) brought me back to operational,
but TWRP + supersu (2.82) + dm-verity (stuck on the samsung logo).
Will try it now with the Februar patch version
Downgrade to the Feb patch status (2017-Feb-23 Germany 7 G935FXXU1DQBX G935FOXJ1DQB2) had the same resut like the Jan version - not usable.
I'll give up now and install the April version without TWRP.
I need root to restore my apps AND data with Titanium Pro.
seppdep said:
Hi there,
After upgrading my S7 Edge G935F to stock version xxu1dqd7 (with latest May 2017 upgrades) I had to install TWRP (twrp-3.1.1-0-hero2lte.img) again.
Unfortunately this change will NOT recognise my pattern lock now! I had to re-install the stock image (DBT-G935FXXU1DQEF-20170523093738 with ODIN) using the HOME_CSC file to hold my data.
This re-installation brought me back to the game, but without TWRP and hope for root, but the pattern pin (the same) is now working...
Update 1
Installing TWRP (twrp-3.1.1-0-hero2lte.img) over the new stock image (DBT-G935FXXU1DQEF-20170523093738 with ODIN) without having the pattern lock enabled feature during start will result in stuck on
the samsung title.
Update 2
I had to repeat the step above (stock firmware), so stay now without root.
Will check later with other stock versions
>It seems you didn't format the data partition or dm-verity was not installed. Happened to me, won't boot if >anything is altered like when installing a custom recovery.
Yes, I did it with and without dm-verity, All 3 options,
TWRP (ok, but pattern lock will not recognized)
TWRP + supersu (2.82) (stuck on the samsung logo)
TWRP + supersu (2.82) + dm-verity (stuck on the samsung logo)
Yes, I didn'T format the data partition. Didn't want to lose my data ( Never had a problem to upgrade stock roms on my old S4 and root after).
Before the stock upgrade, I run with the Jan 2017 patch level (I bought this 2 days ago) and was able to root with the above method.
Today I wanted to jump the the latest stock version but run in trouble then.
Update 3
Downgrading to Stockrom from 2017-Jan-30 Germany 7 G935FXXU1DQB3 G935FDBT1DQA8 is not an option (anymore), The system boot up but with lot of errors and it's unresponsable and not usable.
Upgade then to the April patch status (2017-Apr-17 Germany 7 G935FXXU1DQD7 G935FDBT1DQD1) brought me back to operational,
but TWRP + supersu (2.82) + dm-verity (stuck on the samsung logo).
Will try it now with the Februar patch version
Downgrade to the Feb patch status (2017-Feb-23 Germany 7 G935FXXU1DQBX G935FOXJ1DQB2) had the same resut like the Jan version - not usable.
I'll give up now and install the April version without TWRP.
I need root to restore my apps AND data with Titanium Pro.
Click to expand...
Click to collapse
With the TWRP + supersu root method, no matter what 7.0 stock ROM you use, you will not succeed before you disable boot pin and format data. You can restore data after rooting.
So start with the latest stock ROM that is working 100% for you, flash twrp, format data, flash supersu, and it should work. You have to format data because root and stock rom currently does not work with encryption.
Or even simpler, use the new cf autoroot, however it seems you still have to format data.
I had high hopes that the new cf autoroot nougat binary would work with encryption, but alas it seems it doesnt, at least I had the same wrong pin code at boot issue as with twrp. I havent had time to test it, nor to format data and root, so I am currently not rooted.
doclorenzo said:
With the TWRP + supersu root method, no matter what 7.0 stock ROM you use, you will not succeed before you disable boot pin and format data. You can restore data after rooting.
So start with the latest stock ROM that is working 100% for you, flash twrp, format data, flash supersu, and it should work. You have to format data because root and stock rom currently does not work with encryption.
Or even simpler, use the new cf autoroot, however it seems you still have to format data.
I had high hopes that the new cf autoroot nougat binary would work with encryption, but alas it seems it doesnt, at least I had the same wrong pin code at boot issue as with twrp. I havent had time to test it, nor to format data and root, so I am currently not rooted.
Click to expand...
Click to collapse
Thank you doclorenzo.
I had success with the latest stock version (xxu1dqd7) and your recomendation to format data in TWRP.
In short: Boot in Download mode, Install TWRP via Odin, Boot into TWRP - format data, supersu (2.82) + dm-verity
and then restore all data. Unfortunately it requires lot of time (at least 4 hrs to restore the apps + more for fine tuning)
Thank you and hope to have a better way with the next stock update and TWRP
Hello friends, I am trying to install Magisk on a Galaxy s4 gt-i9515, non-rooted, with TWRP recovery device.
I tried both methods described in the official thread: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
Both tries failed. I will now explain in more detail what I've done.
Before, note that I have a TWRP recovery of the state before flashing any zips/boot.img s, so I am constantly going back to the previous state which passes safetynet.
First try:
I simply took the magisk-v14.zip file and installed through TWRP. The installation had no errors and in the end TWRP claimed "success". TWRP asked me to reboot now.
I clicked on "Reboot", and then TWRP told that "My device is currently not rooted" and asked if I want to install root or reboot anyways. I rebooted anyways (I didn't let TWRP install his own root).
When the device boot up, I got into magisk manager, but sadly it was written that I am not rooted, and I don't have a magisk installed. Now, it also failed to pass safetynet.
At this point I used my Backup and got back to the state which I could pass safetynet (I've checked it again to make sure).
Second try:
I got the boot.img of the stock firmware I am currently using (I recently flashed this firmware, so it has to be the right boot.img).
I got into Magisk Manager and patched the boot.img. Magisk patched it into a file called "patched_boot.img.tar".
I got into download mode on my device, and flashed the .tar file via ODIN (AP option, ODIN version 3.12.3).
The device rebooted after the installation was "complete" according to ODIN: <OSM> All threads completed. (succeed 1 / failed 0).
When the device booted up, I entered the Magisk manager, and still, no root + no magisk installed. This time tho, it passed SN.
I used my backup again.
Now I am stuck. I really don't know what can I try anymore. Please suggest me ideas.
Up. I still need answers.
i have mnanaged to install latest stable version of magisk using latest twrp 3.1.1.0, and root management is in function. however, i cannot install any magisk module, tested xposed api21 but it does not install, also greenify4magisk still nothing to be noticed, unfortunately as there is yet no response i suppose its a lost cause, well lets just root manually supersu or things like that.
hi, Samsung S4 i 9505 I have not solved with Magisk and I don't even try "patched_boot.img.tar" the problem in it is apk and not the file it TWRP starts I remember apk EdXposed 2 years ago there were failures I thought about installing stock firmware/Rom with Frja Tool we talk about android 10/11 is android 5.0.1 I think there is only one way is SuperSu this root does not pose problems there is a saying: the more cooks around a dish, the more they ruin it"
I was able to install Magisk v24.3 today on my Galaxy S4 Mini LTE (GT-I9195) using partially the "Patching Images" method and TWRP 3.2.3. I had Magisk v23 installed but since a couple of weeks ago it kept crashing. So, I did the big mistake of uninstalling it to update to the latest version. It costed me half a day around this.
I could not flash zips in TWRP recovery (it always failed with Updater process ended with ERROR:1)
1 - Get a copy of the boot.img (for this step I had to find the installation file of my ROM. I did not know for sure which was it since it was installed 2 years ago. I have an AOPK based ROM and all the files from their website are not available anymore. All I could find was an older one on androidfilehost "aokp_serranoltexx_pie_unofficial_2020-01-18_1053.zip". Uncompress this zip to get the boot.img file.
2 - Copy the boot.img to your device filesystem.
3 - Power on the phone with "vol down+home+power" to enter TWRP, choose Install, Image, and flash boot.img, reboot
4 - Download and install the latest Magisk v24.3 apk
5 - Press the Install button in Magisk app (this means pressing the second “Install”, the one on front of App.)
6 - It should ask you to choose “Select and Patch a File”. Search and select the boot.img
7 - If all goes well, it should create a file named magisk_patched_[random_strings].img
8 - Power on the phone with "vol down+home+power" to enter TWRP, choose Install, Image, and flash magisk_patched_[random_strings].img, reboot
9 - Reboot and confirm in Magisk app if it says “Installed 24.3 (24300)“.
Now I get a warning "Your device needs additional setup for magisk to work properly... reboot" when entering Magisk, but it seems to work fine.
I have a bottle of champagne saved for the day when windows laptops are miniaturized and android is discontinued from the market. Bootloaders, recoveries, ramdisk, getting root, knox, odin, oem unlockings, CSCs, APs, customs kernels, adb, vbmeta, adoptable storage, se policies, fastboot modes, download modes... damn. They couldn't make it more complex if they tried.
I'm running J500H. I noticed that when I go into recovery, kernel is not seandroid enforcing shows. Nonetheless, I wiped then flashed lineage os 14.1 NIGHTLY and Gapps 7.1 pico. After reboot, I installed SuperSU from the appstore as it says it is better to download it from there. It shows a popup msg saying "you are not rooted". Any help? I'm really new to this stuff.
Thanks in advance!
Bajao said:
I'm running J500H. I noticed that when I go into recovery, kernel is not seandroid enforcing shows. Nonetheless, I wiped then flashed lineage os 14.1 NIGHTLY and Gapps 7.1 pico. After reboot, I installed SuperSU from the appstore as it says it is better to download it from there. It shows a popup msg saying "you are not rooted". Any help? I'm really new to this stuff.
Thanks in advance!
Click to expand...
Click to collapse
1. its normal if its says "kernel not seandroid enforcing " if you use custom recovery(twrp or cwm for example)
2. you need to root it manually by flashing supersu from custom recovery(download here:
https://download.chainfire.eu/964/supersu/
Thanks! I thought it is not normal.
Done flashing superSU and it now says Im rooted. Thankyou very much :victory:
Thread Closed.
Hi All,
I have been running Lineage OS since it became available for OnePlus 5 with the Safety Net successfully being passed using Magisk and using firmware and modems from jamal2367.
That was up until Lineage required an updated firmware/modem to 5.1.4 and I found jamal2367 has stopped doing the firmware and modem for the OnePlus 5. I installed the firmware from shadowstep the new firmware provider and now I fail the safety net checks.
I have tired the following:
Flashing multiple weekly releases of Lineage OS
Flashing new version of TWRP
Flashing new version of TWRP blu_spark
Flashing new version of TWRP codeworkx
Flashing the ElementalX-OP5-3.10.zip
Flashing Boeffla-Kernel-2.0
Flashing blu_spark_r132
Flashing OSS 5.1.4
Flashing OSS 5.1.5
all with Magisk 17.1 installed
All with full wipes including the sdcard
The only thing that worked was installing OSS 5.1.5 with and relocking the bootloader.
Does anybody know what I have missed and how I can get the Safety Net to pass the ctsProfile.
Thanks in advance.
alrighte_then said:
Does anybody know what I have missed and how I can get the Safety Net to pass the ctsProfile.
Thanks in advance.
Click to expand...
Click to collapse
Relocking the Bootloader will of course work but you didn't need to do that.
What you missed:
That version of Magisk is clearly not working well with your setup and not hiding your Bootloader state properly. (Providing you set it up correctly).
Had you done all those steps without Magisk it would have passed. The custom Kernels alone would have gotten you a Pass due to them ignoring the Verified Boot state.
So, LOS+Kernel = Pass. If you need Magisk, try to find a version that is working properly with your setup. With Magisk working properly the custom Kernel is then optional.
Also, TWRP has nothing to do with it. Just use the latest Codeworkx.
Hi Dirk,
Thanks for your response, I have just tied to install it in the order you suggested
I install TWRP (twrp-3.2.3-0-20180822-codeworkx-cheeseburger.img)
I wiped everything including sdcard
I installed Element Kernel (ElementalX-OP5-3.10.zip)
I installed Lineage OS (lineage-15.1-20180903-nightly-cheeseburger-signed.zip)
I installed Gapps (MindTheGapps-8.1.0-arm64-20180808_153856.zip)
I installed a safety net tester called safetyNet 'attest'
When I run the safetynet test I am still getting CTS profile match: false.
Any ideas what I can do next to make this work?
Thanks for any help
alrighte_then said:
Hi Dirk,
Thanks for your response, I have just tied to install it in the order you suggested
I install TWRP (twrp-3.2.3-0-20180822-codeworkx-cheeseburger.img)
I wiped everything including sdcard
I installed Element Kernel (ElementalX-OP5-3.10.zip)
I installed Lineage OS (lineage-15.1-20180903-nightly-cheeseburger-signed.zip)
I installed Gapps (MindTheGapps-8.1.0-arm64-20180808_153856.zip)
I installed a safety net tester called safetyNet 'attest'
When I run the safetynet test I am still getting CTS profile match: false.
Any ideas what I can do next to make this work?
Thanks for any help
Click to expand...
Click to collapse
You flashed the Kernel before the ROM, so you overwrote that Kernel with the LOS one. Flash LOS then the custom Kernel.
On Magisk.. i've seen many people complain that they can't get the latest version to pass Safetynet. Again, it could just be people not configuring it correctly, or it might be better to try the previous version. Just to make sure you should tell us what you do to set it up.
You need to Hide Play Store, Banking Apps etc, and Magisk Manager too i believe. If you install Magisk and set it up when your current state is 'Uncertified', you will need to clear Data/Cache on Play Store for it to change to 'Certified'.
Also, don't rely on 'Safetynet Checker' apps. If the Play Store settings say 'Certified' try an app like Google Pay. It should work fine.
If you get cts profile mismatch. Download CTS props config from magisk modules and you will pass
Download magisk 17.1
Hi All,
Just to give you an update one where I got to with this.....
You where right the newer builds of Lineage OS do not pass safety net but the older ones do.
So after much playing around I and many flashes and wipes I found it impossible to boot a Lineage with a custom kernel, I believe this is probably down to the forced encryption.
The thing that worked for me in the end was installing "MagiskHide Props Config" and changing the figure print, I am it is very similar to the module Jamie suggested.
So I now have Lineage OS working fully with root, magisk and passing SafetyNet
Thanks everyone for you help.
The thing that worked for me in the end was installing "MagiskHide Props Config" and changing the figure print, I am it is very similar to the module Jamie suggested.
So I now have Lineage OS working fully with root, magisk and passing SafetyNet
Thanks everyone for you help.[/QUOTE]
Hello; can you explain to me in detail, step by step, how to do it? Thanks in advance.
" changing the figure print"