Can't enforce SELinux for SafetyNet (LineageOS 14.1, N910C) - Galaxy Note 4 Q&A, Help & Troubleshooting

Good evening everybody. Could anyone please assist me in a nuisance I'm currently facing?
You see, what I'm trying to do is to succesfully pass the Safetynet check on my device. As of now I fail both Integrity and CTS profile checks.
I've got Lineage OS installed from here https://forum.xda-developers.com/note-4/orig-development/n910c-n190h-lineageos-14-1-t3720964 and the latest TWRP as a Recovery.
Now, let me list all the attempts I've made so far:
I tried the console method. The "setenforce 1" command changes nothing (no, I did not forget to type "su" first). "Getenforce" always returns with 0.
I tried editing /sys/fs/selinux/enforce manually. The file instantly reverts back to 0. I tried to glue it with "chattr +i" command, but it returned with some nonsense about typewriters.
I tries iSU. Neither "Change SELinux state" nor "Fake Enforce" options help.
I tried Magisk. Did not help either.
I tried setenforce and the manual change of selinux/enforce from the terminal in TWRP. Good news: at least the getenforce command returns 1 after setenforce 1. Bad news: when I boot into the system I still get Permissive mode and 0 from getenforce.
I tried editing /proc/cmdline. It was already set to enforce, but the system did not care apparently.
I tried SELinuxModeChanger.
I tried SELinux Switch.
It feels like the only thing I did not try at this point is to throw my phone into the toilet, but I would like to keep it as a last resort.
If anyone has any ideas, I would be tremendously grateful.

Unofficial builds of LineageOS are not digitally signed to prove they don't contain any malicious code. That means they will never pass SafetyNet. Hopefully that all will change when (if) we get official support. Sorry mate ?

oddbehreif said:
Unofficial builds of LineageOS are not digitally signed to prove they don't contain any malicious code. That means they will never pass SafetyNet. Hopefully that all will change when (if) we get official support. Sorry mate
Click to expand...
Click to collapse
Oh. Well, thanks for the reply.

Passing safety net
This might not be helpful, but I've had some issues passing safety net on unofficial lineage builds before, but I've found a couple ways around it (keep in mind I'm using a different device). I added petnoire's safety net spoofer to magisk, used magisk hide that hides the magisk repo files, and made sure that no apps were granted root access, and now my phone is working perfectly fine with safety net apps.

Related

Need help to pass safetynet

I just flashed b35 and now I get a CTS profile mismatch.
Could someone who isn't getting that error run "getprop ro.build.fingerprint" and post the results so I can fix mine?
I stopped passing when I upgraded to magisk 16. I downgraded magisk to pass again.
It was a recent update that messed it up for me. I chose uninstall from within the app and have been fighting for 2 days just to get my phone back to functional. Finally got it to flash the EDL and I'm doing OTA updates before I put TWRP back on. Once I have a safe backup from there, I'll give 15.4 a try. Were you getting both options red or just CTS profile mismatch? If I can get a fingerprint before installing 16, we can get around that.
Test_subj said:
It was a recent update that messed it up for me. I chose uninstall from within the app and have been fighting for 2 days just to get my phone back to functional. Finally got it to flash the EDL and I'm doing OTA updates before I put TWRP back on. Once I have a safe backup from there, I'll give 15.4 a try. Were you getting both options red or just CTS profile mismatch? If I can get a fingerprint before installing 16, we can get around that.
Click to expand...
Click to collapse
You'll need 15.3 to pass Safety Net. Versions 15.4 and up require logd or Magisk Hide won't enable. The stock ROM doesn't have logd, which is why these versions of Magisk fail Safety Net checks.
Clear and concise answer that's going to save me a lot of time flashing. thanks a ton!
For whatever reason, I couldn't get any version of magisk to show as installed anymore regardless of b19/25/32/35. gave up and tried lineage. all green now and less of the stock crap to deal with.

Fix Safety Net (cts profile:false) on custom roms

Nowadays most of the roms of Galaxy S3 Neo has this issue.
After reading this guide by @Didgeridoohan I decided to work on safety net and bring it to Galaxy S3 Neo community.
Fortunately it worked fine.
https://didgeridoohan.com/magisk/MagiskHideSafetyNet
The thing is you need to find a fingerprint value which supports safetynet pass and add it to your device build.prop.
DO REMEMBER THAT THIS REQUIRES MAGISK WITH MAGISK HIDE ENABLED.
THE BELOW METHOD REQUIRES MAGISK v14.0+
Open the build.prop file located in /system.Delete the previous fingerprint value in build.prop and
add this line to the build.prop file-
ro.build.fingerprint=samsung/jackpot2ltexx/jackpot2lte:7.1.1/NMF26X/A730FXXU2ARD1:user/release-keys
I took this from my friend's J7 2015(running on on7 rom)
Save and Exit.
Make sure you have enabled Magisk Hide in Magisk setings.
Reboot.
Important Notes
1. The fingerprint values need to be exactly the same. Any small change will trigger safetynet.
2. You can use any fingerprint value for your device. It's not necessary for you to take value specific to your device. As long as the fingerprint is valid, it will work.
3. This same trick will work on every Marshmallow and Nougat Roms
Added a screenshot as a proof that it's working
This is my first thread in xda so please forgive me if I made any mistake
Sorry for my bad English
Thank you
Good work bro
Hope you the best
@zahidul.sifat Thanks for the credit, and nice guide. I just wanted to add that with Magisk it's also possible to do this systemlessly, which would mean you don't have to redo it when you update your ROM (as long as you don't wipe /data, so that the Magisk image is kept intact).
You can use a Magisk boot script with the resetprop tool, that you place in /sbin/.core/img/.core/service.d (or /magisk/.core/service.d if you're stuck on an older Magisk release). For the fingerprint you have here it would look like this:
Code:
#!/system/bin/sh
resetprop ro.build.fingerprint samsung/jackpot2ltexx/jackpot2lte:7.1.1/NMF26X/A730FXXU2ARD1:user/release-keys
You can name the file anything you want (fingerprint.sh is an obvious one), but just make sure to give it permission 755, so that it can execute at boot.
There are also Magisk modules available that can do this for you.
So after changing fingerprint value can we uninstall magisk and root?
Aman_preet said:
So after changing fingerprint value can we uninstall magisk and root?
Click to expand...
Click to collapse
Yeah sure.
Thanks, its working for me with magisk v18, but if i update to magisk 19.3 ctsprofile and basicintegrity = false. Is there a suggestion or should i stay on v18.
I also tried v18.2. With this Version ctsProfile ist also false. On my S3Neo it also seems not to work on Android 9
Humaxxx said:
Thanks, its working for me with magisk v18, but if i update to magisk 19.3 ctsprofile and basicintegrity = false. Is there a suggestion or should i stay on v18.
I also tried v18.2. With this Version ctsProfile ist also false. On my S3Neo it also seems not to work on Android 9
Click to expand...
Click to collapse
Sorry brother I don't have the device right now and It's been 2 years since I left S3 Neo community.I would suggest you to stay on v18 since it's an old device.
zahidul.sifat said:
Sorry brother I don't the device right now and It's been 2 years since I left S3 Neo community.I would suggest you to stay on v18 since it's an old device.
Click to expand...
Click to collapse
Thanks for replying. LOS16 for S3Neo passes SafetyNet successfully withourt any modification. On LOS14.1 its still possible with some magisk versions, but not all.

Pokemon Go on latest Oreo with ElementalX?

Has anyone gotten latest version of PoGo working on latest Oreo with ElementalX? I've never played but my friends keep asking me to join so I figured what the heck..
Slight problem... Device Not Compatible??
I had magisk and xposed, but I tried disabling, and even fully uninstalling xposed (and all additional xposed modules), and adding PoGo to the MagiskHide options, with no luck.
It still says that my device is not compatible...I would assume that's due to the rooting?
Or is it because I'm using ElementalX kernel?
I read somewhere that there's a (not pokemon go-specific) bypass sort of thing involving SatefyNet, but you have to install Magisk *before* going through initial phone setup, but any guide I've ever read about flashing/rooting ph-1 says to go through setup and then install magisk. I tried to find the post that talks about it but I can't find it right now. Anyway, I would imagine there's some kind of checksum against system and if magisk has been added after the fact, the checksum wont match? I really have no idea, just a guess.
I haven't seen any other posts specifically mentioning Essential being incompatible, so maybe it's just me.
I was originally thinking it was because of root or magisk remnants(?), but maybe it's the non-stock kernel.
If anyone could help, I'd really appreciate it.
I feel silly asking such a noob question, I've just never play PoGo...or any Pokemon...ever.
extra info:
I have successfully created an account using their google auth option.
I get through the first Professor Willow part, then character selection.
Usually part way through character selection, I get the error in the attached image.
Its not on any one specific section, however, it can/has occur at any point during the loading.
I've cleared cache and data a hundred times because it seems to get further each time if I do a fresh data wipe and start over -- I know the next step already so I can get through faster maybe lol
--update--
I finally got through character selection and made it to the first chance to catch pokemon. I hit a squirtle and it was trying to break free, and then that error popped up.
Haven't been able to get back in far enough again to see if it actually added to my PokeDex or not.
Sorry for the late reply, but you have to hide root detection under magisk.
For Pokemon go to work, go to Magisk > MagiskHide > then search for Pokemon go and select it then reboot.

New to Android: Is safetynet still by-passable as of now?

I only got my first Android device today, the G7, in order to run LineageOS, which I have gotten set up successfully. (I can't believe I didn't brick the phone!)
The only thing not working as far as I can tell (of course) is SafetyNet apps like Google Pay. From what I have read there are various workarounds but I can not be sure whether it's supposed to be working as of today, and whether my device/ROM makes that a hard no. I followed instructions and have installed Magisk, along with thesuggested modules (Didgeridoohan, Safetypatcher), and hidden all apps using Magisk hide. Before installing those modules, the SafetyNet check failed for "basicIntegrity"; afterwards, both tests fail, so that's a step backwards.
Is it possible to get this working given my configuration?

Luckypatcher Android 11 BOOTLOOP WARNING

I recently moved to OOS11 and had trouble rooting. Now that I have my phone rooted I can no longer restart it or it will bootloop. Does anyone have any idea why that would be?
This will be the 3rd time I have MSMed my phone in the last 3 days.
As many problems as I'm having I'm thinking of just going back to Android 10.
Thanks in advance.
night hawk said:
I recently moved to OOS11 and had trouble rooting. Now that I have my phone rooted I can no longer restart it or it will bootloop. Does anyone have any idea why that would be?
This will be the 3rd time I have MSMed my phone in the last 3 days.
As many problems as I'm having I'm thinking of just going back to Android 10.
Thanks in advance.
Click to expand...
Click to collapse
Can you provide a bit more background, do you have any Magisk modules installed, does your phone boot at all? Did you patch your own boot.img just so that we can help you out better
Shredz98 said:
Can you provide a bit more background, do you have any Magisk modules installed, does your phone boot at all? Did you patch your own boot.img just so that we can help you out better
Click to expand...
Click to collapse
I'm patching my own boot.img and I only have skyvalex call recorder installed as a module. When it happens I just get stuck in an infinite boot animation with the two dots circling continuously.
I think I may have narrowed down the problem by going through the steps that I normally go through after MSMing my phone (I've done it 4 times now lol) and rebooting after each step to see what triggers it. Here are the steps in order.
1. MSM the phone and do bare minimum to get to home screen so I can enable OEM ulocking and usb debugging. (rebooted just fine)
2. Unlock bootloader with adb. (rebooted just fine)
3. Install magisk manager, switch to beta update channel, patch boot.img, flash patched boot.img (rebooted just fine)
4. Setup up phone with google account, set up fingerprint, etc (rebooted just fine)
5. Enable magisk hide and systemless hosts (rebooted just fine)
6. Restore a backup using oneplus switch from before this all started happening. (rebooted just fine)
7. Use luckypatcher to remove ads from a few games (BOOTLOOP)
Well it would appear that luckypatcher is the problem. I'm wondering if the new "use magisk module" mode in the newest version is causing the problem. Maybe if I installed EdXposed and used that like I used to maybe it would remedy the problem. Or maybe I should just use an adblock magisk module. However its far passed my bedtime so I will confirm this tomorrow if possible.
Disable the modules you have installed.
Reboot, does it loop?
If no then it's a module
If it does then it's your boot img
I'd recommend booting your patched boot img then directly installing via magisk (do not reboot until you have)
Hope this helps
night hawk said:
I'm patching my own boot.img and I only have skyvalex call recorder installed as a module. When it happens I just get stuck in an infinite boot animation with the two dots circling continuously.
I think I may have narrowed down the problem by going through the steps that I normally go through after MSMing my phone (I've done it 4 times now lol) and rebooting after each step to see what triggers it. Here are the steps in order.
1. MSM the phone and do bare minimum to get to home screen so I can enable OEM ulocking and usb debugging. (rebooted just fine)
2. Unlock bootloader with adb. (rebooted just fine)
3. Install magisk manager, switch to beta update channel, patch boot.img, flash patched boot.img (rebooted just fine)
4. Setup up phone with google account, set up fingerprint, etc (rebooted just fine)
5. Enable magisk hide and systemless hosts (rebooted just fine)
6. Restore a backup using oneplus switch from before this all started happening. (rebooted just fine)
7. Use luckypatcher to remove ads from a few games (BOOTLOOP)
Well it would appear that luckypatcher is the problem. I'm wondering if the new "use magisk module" mode in the newest version is causing the problem. Maybe if I installed EdXposed and used that like I used to maybe it would remedy the problem. Or maybe I should just use an adblock magisk module. However its far passed my bedtime so I will confirm this tomorrow if possible.
Click to expand...
Click to collapse
The issue is definitely lucky patcher, I had the same problem and my phone was useless until I got rid of it. So it seems it's not playing well with A11 or OOS11 in any case do not use it or you'll end up in a boot loop.
Cheers!
Ah lucky patcher..oh dear, can't help you with that crap.
Best advice, get rid
Bummer about Lucky Patcher....
In b4 the lock.
I can confirm the same findings, lucky patcher seems to break reboots later.
Hopefully a new version will find and resolve the issue, but until then not much we can do but to wait.
Unfortunately doesn't appear to be any way to get around this or recover from the bootloops without a wipe/reimage. Can't get access for adb during bootanimation, cant boot from a boot img, just basically stuck.
@OP, perhaps you can put a message in your thread's title just warning against LP on A11 for the time being.
uaktags said:
Unfortunately doesn't appear to be any way to get around this or recover from the bootloops without a wipe/reimage. Can't get access for adb during bootanimation, cant boot from a boot img, just basically stuck.
@OP, perhaps you can put a message in your thread's title just warning against LP on A11 for the time being.
Click to expand...
Click to collapse
I changed the title. Do we know if LP can be used with xposed on Android 11 with success still?
night hawk said:
I changed the title. Do we know if LP can be used with xposed on Android 11 with success still?
Click to expand...
Click to collapse
Did xposed work on 11?
night hawk said:
...
7. Use luckypatcher to remove ads from a few games (BOOTLOOP)
Well it would appear that luckypatcher is the problem. ...
Click to expand...
Click to collapse
@night hawk
Hi!
You better read the XDA Forum Rules and refrain from such topics. We don't accept discussions about issues with warez!
6. Do not post or request warez.
If a piece of software requires you to pay to use it, then pay for it. We do not accept warez nor do we permit members to request, post, promote or describe ways in which warez, cracks, serial codes or other means of avoiding payment, can be obtained or used. This is a site of developers, i.e. the sort of people who create such software. When you cheat a software developer, you cheat us as a community.
Click to expand...
Click to collapse
THREAD CLOSED!

Categories

Resources