Passing Safety Net - OnePlus 5 Questions & Answers

Hi All,
I have been running Lineage OS since it became available for OnePlus 5 with the Safety Net successfully being passed using Magisk and using firmware and modems from jamal2367.
That was up until Lineage required an updated firmware/modem to 5.1.4 and I found jamal2367 has stopped doing the firmware and modem for the OnePlus 5. I installed the firmware from shadowstep the new firmware provider and now I fail the safety net checks.
I have tired the following:
Flashing multiple weekly releases of Lineage OS
Flashing new version of TWRP
Flashing new version of TWRP blu_spark
Flashing new version of TWRP codeworkx
Flashing the ElementalX-OP5-3.10.zip
Flashing Boeffla-Kernel-2.0
Flashing blu_spark_r132
Flashing OSS 5.1.4
Flashing OSS 5.1.5
all with Magisk 17.1 installed
All with full wipes including the sdcard
The only thing that worked was installing OSS 5.1.5 with and relocking the bootloader.
Does anybody know what I have missed and how I can get the Safety Net to pass the ctsProfile.
Thanks in advance.

alrighte_then said:
Does anybody know what I have missed and how I can get the Safety Net to pass the ctsProfile.
Thanks in advance.
Click to expand...
Click to collapse
Relocking the Bootloader will of course work but you didn't need to do that.
What you missed:
That version of Magisk is clearly not working well with your setup and not hiding your Bootloader state properly. (Providing you set it up correctly).
Had you done all those steps without Magisk it would have passed. The custom Kernels alone would have gotten you a Pass due to them ignoring the Verified Boot state.
So, LOS+Kernel = Pass. If you need Magisk, try to find a version that is working properly with your setup. With Magisk working properly the custom Kernel is then optional.
Also, TWRP has nothing to do with it. Just use the latest Codeworkx.

Hi Dirk,
Thanks for your response, I have just tied to install it in the order you suggested
I install TWRP (twrp-3.2.3-0-20180822-codeworkx-cheeseburger.img)
I wiped everything including sdcard
I installed Element Kernel (ElementalX-OP5-3.10.zip)
I installed Lineage OS (lineage-15.1-20180903-nightly-cheeseburger-signed.zip)
I installed Gapps (MindTheGapps-8.1.0-arm64-20180808_153856.zip)
I installed a safety net tester called safetyNet 'attest'
When I run the safetynet test I am still getting CTS profile match: false.
Any ideas what I can do next to make this work?
Thanks for any help

alrighte_then said:
Hi Dirk,
Thanks for your response, I have just tied to install it in the order you suggested
I install TWRP (twrp-3.2.3-0-20180822-codeworkx-cheeseburger.img)
I wiped everything including sdcard
I installed Element Kernel (ElementalX-OP5-3.10.zip)
I installed Lineage OS (lineage-15.1-20180903-nightly-cheeseburger-signed.zip)
I installed Gapps (MindTheGapps-8.1.0-arm64-20180808_153856.zip)
I installed a safety net tester called safetyNet 'attest'
When I run the safetynet test I am still getting CTS profile match: false.
Any ideas what I can do next to make this work?
Thanks for any help
Click to expand...
Click to collapse
You flashed the Kernel before the ROM, so you overwrote that Kernel with the LOS one. Flash LOS then the custom Kernel.
On Magisk.. i've seen many people complain that they can't get the latest version to pass Safetynet. Again, it could just be people not configuring it correctly, or it might be better to try the previous version. Just to make sure you should tell us what you do to set it up.
You need to Hide Play Store, Banking Apps etc, and Magisk Manager too i believe. If you install Magisk and set it up when your current state is 'Uncertified', you will need to clear Data/Cache on Play Store for it to change to 'Certified'.
Also, don't rely on 'Safetynet Checker' apps. If the Play Store settings say 'Certified' try an app like Google Pay. It should work fine.

If you get cts profile mismatch. Download CTS props config from magisk modules and you will pass
Download magisk 17.1

Hi All,
Just to give you an update one where I got to with this.....
You where right the newer builds of Lineage OS do not pass safety net but the older ones do.
So after much playing around I and many flashes and wipes I found it impossible to boot a Lineage with a custom kernel, I believe this is probably down to the forced encryption.
The thing that worked for me in the end was installing "MagiskHide Props Config" and changing the figure print, I am it is very similar to the module Jamie suggested.
So I now have Lineage OS working fully with root, magisk and passing SafetyNet
Thanks everyone for you help.

The thing that worked for me in the end was installing "MagiskHide Props Config" and changing the figure print, I am it is very similar to the module Jamie suggested.
So I now have Lineage OS working fully with root, magisk and passing SafetyNet
Thanks everyone for you help.[/QUOTE]
Hello; can you explain to me in detail, step by step, how to do it? Thanks in advance.
" changing the figure print"

Related

CTS Mistmatch... tried 'everything'. Help me fix?

Hi, my set up was working fine, safety net passed etc.
I'm on the latest 7.1 rom, patched stock kernel (ta_poc etc)
But today I encrypted my device and then flashed the new TWRP we have - https://forum.xda-developers.com/x-compact/development/recovery-twrp-3-1-1-xperia-x-compact-t3640914
I then notice in Magisk that there is a CTS mismatch...
Maybe the cause of the CTS mismatching happened a few days ago, I'm not sure.
Anyway, I want to fix it!
I tried flashing the latest rom via flashtool, I did a factory restore from system settings, I also tried flashtool again + wipe data in flashtool, I tried using the 'old' TWRP.
Each time, I flash Magisk v12, install the magisk manager 4.3.3.
I still get a CTS mismatch.
I have tried toggling magisk hide, then rebooting, toggling core mode, then rebooting, nothing seems to work.
Does anyone have any advice that can help me?
Will anything bad happen if I tick all of the boxes to 'wipe' in flashtool? (apps_log, diag, persist, qnovo, ssd? userdata - (that one's safe I know))
I would really appreciate it.
Thank you.
Ok, some news.
From what I understand, the safety net check is online.
So, it can be updated and improved by Google/Android, to detect our hacks.
I can only assume that whatever state my system was in, was no longer good enough or no longer hidden enough to pass the check.
I flashed the only true custom kernel we have, Genesis kernel (1.05), I didn't patch my TA keys in using ta_poc, I read Magisk v13 has problems with ta_poc.
I simply used the drm_fix version, as long as the features are all there (I read drmfix fixes everything apart from wideside, I don't know what that is...)
I flashed the drmfix version, installed Magisk v13, it is recognized and works! (unlike on my patched stock kernel) -- and my device passes safety check again
qvmuhuuxz said:
I read Magisk v13 has problems with ta_poc.
Click to expand...
Click to collapse
Don't you have to use ta_poc and the RootKernel tool together for Magisk to work properly?
XperienceD said:
Don't you have to use ta_poc and the RootKernel tool together for Magisk to work properly?
Click to expand...
Click to collapse
Yes I did that, and it was working with magisk v12 but not 13.
https://forum.xda-developers.com/x-compact/how-to/android-pay-safety-net-rooted-unlocked-t3610342
" 4. Tobias tool has to be used to repack the boot image because I found that if PoC image is used directly, phone will reboot unexpectedly after Magisk is installed. "
With genesis kernel I have updated magisk and safety net passes, plus I am using the new trwp we have so my device is encrypted.
I'm very happy

How to pass SafetyNet?

I'm currently running stock rom with Blu_spark kernel. I've been using magisk, lately updated to 14.3 version.
My problem is I can not pass SafetyNet check. Both ctsProfile and basicIntegrity are false.
I tried Universal SaftyNet Fix but it didn't help at all.
Is there any hope to pass it on stock rom?
Do you have Xposed installed?
Thanks, I completely forgot about it
The other safety net problem people are currently having with Magisk is that if you update Magisk within Magisk Manager some scripts needed to pass safety net are no longer installed by default. If you flash Magisk instead through TWRP it seems to install like normal and you don't need to perform additional steps to pass safety net.

Magisk hell resolved??!!!!!!!??!!!!!!!!!!??

im new at thisxda stuff but i am 90 percent sure i figured out how to keep magisk from uninstalling after a reboot... YOU MAY NEED TO UNINSTALL MAGISK AND ALL MODULES BEFORE DOING THIS USING MAGISK UNINSTALLER basically you have to also install an older version of supersu and it has to be an aroma installer and install as SYSTEM also make a backup of the boot.img just incase you get bricked if you install the supersu app it will say su binary occupied but install should stay install supersu aroma (2.78v2) from https://forum.xda-developers.com/attachment.php?attachmentid=3879523&d=1474248173 before and possibly after magisk install...only tested with magisk 16.2 beta channel and regular install not patched boot on Axon 7 with RR 8.1 weekly 6.0.0 20180225 (us variant) but should work on others probably...let me know how this goes for you
TRY AT OWN RISK I AM NOT RESPONSIBLE FOR DEVICE BOOTLOOPS OR BRICKS
If anyone has a better way to get magisk to hold after a few restarts please let me know
sidenote:this supersu does work with magisk not installed and definately keeps root
(stock boot.img is in initial zip for custom rom) select intall imgs in twrp and flash the boot partition as needed)
ALSO YOU CAN ALWAYS DIRTY FLASH CUSTOM ROM same build or higher IF ALL GOES TO **** AND WONT LOOSE APPS OR DATA AT LEAST ON RR
works for me without problems after last 2 years on any Rom.
dont know what you doing wrong?!
I cant get to bypass safetynet V: other than that root works fine
J0nhy said:
I cant get to bypass safetynet V: other than that root works fine
Click to expand...
Click to collapse
this actually fixed sn for me without the fix installed
Ever tried magisk v15.3? I never had problems with uninstalling, but everything above 15.3 won't pass safety net,at least for me/on stock nougat b10 rom.
desu1337 said:
Ever tried magisk v15.3? I never had problems with uninstalling, but everything above 15.3 won't pass safety net,at least for me/on stock nougat b10 rom.
Click to expand...
Click to collapse
Maybe on stock roms...it should work on l8r versions tho...
try this already https://forum.xda-developers.com/apps/magisk/xiaomi-safetynet-fix-t3600431
also cant have xposed installed with the sn fix

safetynet question - cts profile false

I was running stock 7.1.1 and everything was fine. Then i decided to try LOS 15.1, with magisk 17.4 but encountered an issue with safetynet cts profile false that prevented me from using android pay. I then proceeded to flash B35 EDL, and then do the sd upgrage to Oreo B20, but i still have the same issue with failing cts profile.
AI'm no longer rooted, running stock but still fail safetynet. Any one have any ideas what I can try next? at this point i just want cts profile to pass on the current oreo b20 stock.
Thanks!
It could be that SafetyNet detects that you have an unlocked bootloader, but there are ways to hide that (custom kernel, Magisk, etc). Do you have Xposed installed? That's an automatic SN fail. You haven't changed system partition in any way at all? It's also possible that Google hasn't yet approved B20 despite it being official rather than beta. There could be other factors too. SN looks at lots of things, many of which Google won't talk about.
You need to install magisk hide props and then in a terminal
"Su"
Grant superuser
Then
"Props"
And follow the on-screen instructions. Stupid that Google pay has a problem with rooted phones as it's painfully simple to get around it
You can find magisk hide props in the "download" section of magisk manager
Check the settings in the Google play store, Device not certified can be an issue when you change Roms.
The link between the device and Google has been broken, hence the device not certified.
There is an app Device ID that can add the certification back to its original state.
Hope this helps
Turned out to be it was because of the unlocked bootloader.
funny story... i locked the bootloader without having oem unlock enabled . Got bricked, couldn't boot into EDL... so i had to take it apart and ground the test point to put it into EDL.
xavoc said:
Turned out to be it was because of the unlocked bootloader.
funny story... i locked the bootloader without having oem unlock enabled . Got bricked, couldn't boot into EDL... so i had to take it apart and ground the test point to put it into EDL.
Click to expand...
Click to collapse
There's a tool for that now; you may not have had to open it: https://forum.xda-developers.com/axon-7/how-to/salesmultidla2017-tool-to-unblick-dfu-t3854229
TPMJB said:
You need to install magisk hide props and then in a terminal
"Su"
Grant superuser
Then
"Props"
And follow the on-screen instructions. Stupid that Google pay has a problem with rooted phones as it's painfully simple to get around it
You can find magisk hide props in the "download" section of magisk manager
Click to expand...
Click to collapse
Im trying out Magisk 16.7 (I saw some posts that said 17 causes bootloops) and MM 6.0.1. I don't see hide props in downloads? What can I do to pass safetynet? Thanks
I'm now running twrp with Oreo B20 stock.
xavoc said:
Im trying out Magisk 16.7 (I saw some posts that said 17 causes bootloops) and MM 6.0.1. I don't see hide props in downloads? What can I do to pass safetynet? Thanks
I'm now running twrp with Oreo B20 stock.
Click to expand...
Click to collapse
try this thread https://forum.xda-developers.com/axon-7/development/kernel-magisk-17-stock-roms-t3856809/page2
Update to Magisk v17 and then try the above solution
xavoc said:
Im trying out Magisk 16.7 (I saw some posts that said 17 causes bootloops) and MM 6.0.1. I don't see hide props in downloads? What can I do to pass safetynet? Thanks
I'm now running twrp with Oreo B20 stock.
Click to expand...
Click to collapse
"Magisk hide props config" is literally what it is called. If you can't find it, you're doing it wrong.
If all else fails, google then install manually.
Had to upgrade to magisk 17 to see the hide prop module download. Still couldn't pass safetynet with Oreo B20. Switched to LOS 15.1 and now everything works.

Fingerprint scanner not working with apps

Hi guys,
Im im on stock nougat B12 rom , bootloader unlock and rooted. Bank apps etc when trying to unlock with fingerprint say "failed to get authorisation data"
Anyone had this issue?
crazyazz said:
Hi guys,
Im im on stock nougat B12 rom , bootloader unlock and rooted. Bank apps etc when trying to unlock with fingerprint say "failed to get authorisation data"
Anyone had this issue?
Click to expand...
Click to collapse
Rooted with what? If Magisk, check if you pass safetynet. If you don't, you may want to try the MagiskHide Props Config module, though i don't know if it would work on stock where props are already fine.
Thanks for the reply, rooted with magisk 16.7 other versions cause boot loops, i got the response is invalid to safetynet test
MagiskHide Props Config module need atleast v17.0 anything above 16.7 causes boot loops. Maybe I will give up on stock rom, what do you recommend?
crazyazz said:
MagiskHide Props Config module need atleast v17.0 anything above 16.7 causes boot loops. Maybe I will give up on stock rom, what do you recommend?
Click to expand...
Click to collapse
You could try going Treble, liquid remix is a good candidate with Speedy vendor or at least Kranoner's vendor.
There was a kernel that fixed the Magisk problems, mayhe check that up before switching
I did have an issue with this on Nougat B12 too. It worked to unlock the phone but not for my banking app.
On Oreo it's working really well, although the app has been updated too.

Categories

Resources