Restored stock couldn't pass Safetynet - Asus ZenFone AR Questions & Answers

Hi,
I was unlocking the Bootloader earlier.
And after restoring back to stock I couldn't pass safetynet test.
Bootloader is locked now, so what could be the problem?

Related

Need some users to test a kernel :)

Can any harpia user , with a unlocked bootloader, test a kernel ?
Thanks in advance
I am unlocked, TWRP and root. Still on stock ROM. Just let me know if I can help.
I have unloked boot loader on stock rooted. let me know if I can help.
have unloked bootloader on stock rooted and xposed.let me know if I can help.
Can do as well!
XT1607 model (unlocked G4 Play) already Unlocked Bootloader, TWRP successfully flashed ... BUT NO ROOT YET! I'm stuck in startup bootloop after attempting to install SuperSU.zip from TWRP... (already tried the SUfixer.zip - no help) Also I tried wiping everything via TWRP. Is there an original stock firmware/rom/kernel/etc that I can try re-flashing to fix the bootloop? I can get into fastboot and recovery but I haven't been able to resolve the softbrick. I'm the one who always tells everyone to backup their data before trying anything. And of course I don't take my own advice!
natesc0tt said:
XT1607 model (unlocked G4 Play) already Unlocked Bootloader, TWRP successfully flashed ... BUT NO ROOT YET! I'm stuck in startup bootloop after attempting to install SuperSU.zip from TWRP... (already tried the SUfixer.zip - no help) Also I tried wiping everything via TWRP. Is there an original stock firmware/rom/kernel/etc that I can try re-flashing to fix the bootloop? I can get into fastboot and recovery but I haven't been able to resolve the softbrick. I'm the one who always tells everyone to backup their data before trying anything. And of course I don't take my own advice!
Click to expand...
Click to collapse
https://www.filefactory.com/folder/c6cdedc45a775d27/?sort=created&order=DESC&show=100

Non-Rooted Stock P8 fails SafetyNet check since 2017/08/25

The phone is not rooted, afaik it was never rooted and the bootloader is locked.
Nevertheless P8 Stock ROM failes the SafetyNet check. Any idea how that is possible?!
Update: It does not fail in WiFi, only in cellular network?!

SafetyNet Check Fails on Recently Unrooted Phone

unrooted XT1644 (previously Magisk rooted)
bootloader unlocked
TWRP 3.1.1-0
ElementalX kernel 3.10.84
OS version: 7.0
Security patch level: June 1, 2017, firmware NPJ25.93-14.5
Baseband: M8952_70030.25.03.62R ATHENE_RETUSA_CUST
SafetyNet app failed "CTS profile" on unrooted Android. Oddly, my phone passed SafetyNet when I used Magisk. But after restoring my phone from a Nandroid backup taken before Magisk was flashed, it no longer passes. Might there be file directory remnants of Magisk that are affecting the SafetyNet result? Any troubleshooting steps appreciated.
There's now a September 1, 2017 OEM security OTA update waiting for me in my Notifications bar. I'm hopeful that the update will create a new system partition that'll get rid of what's causing the SafetyNet fail. Unfortunately a logo.bin TWRP flash fix made a change to my system partition settings that won't allow me to safely take an OTA update. The last time I flashed a security update was through the kindness of someone who provided a TWRP-flashable zip of the June 2017 NPJ25.93-14.5 OTA file. I'm hoping the same will eventually be provided for the September OTA update.
Same case with me too but I have model XT1643 (Indian Version), Build number: NPJS25.93.14-10.
Also, while booting up I still get bootloader unlocked warning and in Google Play Store it is showing Device Certification as Uncertified.
When I type fastboot oem lock in cmd bootloader slot count, bootloader slot suffixes and one more bootloader line all are showing not found.
And yes, in Bootloader Unlock warning it is showing 'ID: Bad key'
Other than this my device is working fine, IMEI numbers and Fingerprint sensor is working perfectly.
I followed guide by tywinlannister7: https://forum.xda-developers.com/moto-g4-plus/how-to/stock-rom-npjs25-93-14-4-march-1-t3608138
Please can anyone tell how can I correct it.
Its the Elemental X kernel. If you don't have magisk installed, it trips the safetynet. I am using a XT1642, I experienced this about a year ago when I was first experimenting with custom firmware.
I downloaded the September 1, 2017 security patch update but would prefer to flash it via TWRP instead of letting the system install it. However I can't even determine where it was downloaded to and I can't access the root directory anymore. Is it safe to manually flash it on an unrooted system containing TWRP, ElementalX kernel and the logo.bin boot screen fix? I'm especially concerned about flashing it on a system that doesn't pass SafetyNet.
TCUofficial said:
Its the Elemental X kernel. If you don't have magisk installed, it trips the safetynet.
Click to expand...
Click to collapse
Thank you for that essential information. I won't consider it a problem since the phone doesn't have NFC, so no Android Pay support anyway. However, I need some additional info before proceeding with the update.
Do I need to get rid of the ElementalX kernel and restore the original?
Do I need to undo the logo.bin bootloader unlock screen fix?
Do I need to get rid of TWRP before allowing the system to install the security patch?
Thanks.
Sorry to be redundant but I am pressed for an answer. Thanks in advance.
RE: downloaded but installed Moto G4+ September 1, 2017 security patch NPJS25.93-14-10.
- Can the patch be safely installed after TWRP has been flashed on the phone?
- Can the patch be safely installed after an ElementalX kernel has been flashed on the phone?
mel2000 said:
Can the patch be safely installed after TWRP has been flashed on the phone?
- Can the patch be safely installed after an ElementalX kernel has been flashed on the phone?
Click to expand...
Click to collapse
Answer is NO to both your questions. You need a STOCK boot image and a stock recovery image to “patch” (by which I think you mean upgrade via an OTA) your phone.
mel2000 said:
Sorry to be redundant but I am pressed for an answer. Thanks in advance.
RE: downloaded but installed Moto G4+ September 1, 2017 security patch NPJS25.93-14-10.
- Can the patch be safely installed after TWRP has been flashed on the phone?
- Can the patch be safely installed after an ElementalX kernel has been flashed on the phone?
Click to expand...
Click to collapse
In addition to zeomal's reply, your device would also need an unmodified system partition (no root, readonly, so no TWRP modifications) else the OTA will fail too.
Furthermore, I don't think the update you've downloaded is suitable for US retail devices, and if flashed might stop you from receiving future OTA updates. If you want the stock NPJ25.93-14.5 full ROM to revert to: https://androidfilehost.com/?fid=673368273298984458
Or the NPJ25.93-14.7 stock ROM: https://androidfilehost.com/?fid=817906626617945295 Of course, either of these will reset your device to stock, erasing TWRP, root and ElementalX and most likely your data, so back up. However, they should permit you to take OTA updates. Flash only in fastboot.
If you've already installed NPJS25.93-14-10, then you won't likely get the OTA update if installed on US devices.
As for SafetyNet/ device uncertified, I recall that's likely due to an unlocked bootloader. Magisk has the ability to hide the bootloader unlocked status from Safetynet, hence why when you removed magisk, the Safetynet detection saw your unlocked bootloader and therefore trips Safetynet. An easy way to get Safetynet passed is to reflash ElementalX and magisk.
I want to thank both zeomal and echo92 for their prompt and clear responses. I will address related issues before I move on.
EDIT: Used OEM Flash.bat to reupdate to June 2017 NPJ25.93-14.5, then allowed NPJ25.93-14.7 to be installed from Moto. All went well with an unlocked bootloader. Didn't lose any apps.
- TWRP (gone)
- ElementalX (gone)
- Logo.bin fix (gone)
- SafetyNet (failed - due to unlocked bootloader)
Thanks again to all.

Q: What if relock booloader and OEM unlocking is disabled from developer option

I'm always a bit hesitate to relock bootloader if I'm on custom rom or rooted. I'm wondering what will happen if:
1. bootloader relocked.
2. OEM unlock is disabled from Developer option
3. device goes into bootloop or cannot boot up
At this point, does this mean device is essentially hard bricked since in fastboot, there is nothing I can do?
You should never, ever relock a bootloader if you are on a custom rom or rooted.
That's the thing. I'd very much wanna get LOS and Android pay working. If not locking bootloader, Android pay will not pass SafetyNet check.
Sent from my PH-1 using Tapatalk
Rooted with magisk it will pass the SafetyNet checks.
as mentioned above if you are interested in having custom roms or rooting your phone you should not relock your boot loader, you are risking bricking your phone. There have been ways with Magisk(and other roots) on other devices (havent tried with the PH-1) to be rooted and still pass safetynet checks, bootloader should only ever be relocked if you are running 100% stock. Even when running stock i prefer to have the bootloader unlocked being able to flash a different recovery is worth having to pull out a card to pay for stuff (for me).
nrage23 said:
Rooted with magisk it will pass the SafetyNet checks.
Click to expand...
Click to collapse
It seems magisk 14.3 having some issue for SafetyNet.
It works right after phone boot up, SafetyNet works. After certain time, it failed. Only reboot phone can make it works again.
As far as I know if your on stock ROM rooted and bootloader unlocked, ANDROID PAY will work with MAGISK
imna357 said:
As far as I know if your on stock ROM rooted and bootloader unlocked, ANDROID PAY will work with MAGISK
Click to expand...
Click to collapse
thanks. I'll check it out.
I'm currently using Oreo beta along with the magisk boot image prepared by invisiblek and seeing this SafetyNet issue. Maybe Nougat stock is better in handling this situation.

Unlocked bootloader, no root: how to fix GPay?

I've unlocked bootloader with the official tool but didn't do root. Now I have trouble with GPay saying that my device cannot be used for paying.
I don't need root now. So, the question is: is there any way to relock bootloader without rooting the device, installing TWRP, Magisk etc? Or, maybe, can I just trick GPay into believing that everything's fine without relocking?
Any response would be strongly appreciated.
Booolat said:
I've unlocked bootloader with the official tool but didn't do root. Now I have trouble with GPay saying that my device cannot be used for paying.
I don't need root now. So, the question is: is there any way to relock bootloader without rooting the device, installing TWRP, Magisk etc? Or, maybe, can I just trick GPay into believing that everything's fine without relocking?
Any response would be strongly appreciated.
Click to expand...
Click to collapse
If you don't need root, why did you unlock it in the first place? You can't relock your bootloader if you have unlocked it with official tool. But by installing Magisk, you can use GPay. If you don't need root, disable it in Magisk settings.
anagramgenius said:
If you don't need root, why did you unlock it in the first place? You can't relock your bootloader if you have unlocked it with official tool. But by installing Magisk, you can use GPay. If you don't need root, disable it in Magisk settings.
Click to expand...
Click to collapse
I was trying to resolve some strange unmanageable issue with BT headphones volume and sound quality by installing Ainur module. But somehow it resolved on its own during the unlocking process (due to reset, I guess).
Anyway, I've got the answer: no GPay without root and Magisk. Thank you!

Categories

Resources