[Question] Safetynet on Openbeta - OnePlus 8 Pro Questions & Answers

Hey,
Long time. Rooter (since HTC desire HD) here.
I remember on my older Oneplus phones, installing an beta would stop you passing Safetynet, so banking apps wouldn't work etc. Is this still the case? Can anyone on the 11 betas see if it passes safetynet? I'm not rooted currently!

Anyone?

Havent tried the beta's yet either. But I am rooted and pass safetynet on my 8pro. One of my 1st rooted devices was the HTC DesireHD as well and I did like the Nexus 5 alot.
atm I'm using XXX flashed with magisk and the current Radioactive kernel and my phones gr8 and passes safetynet for banking apps , gpay , netflix etc.

mapester said:
Havent tried the beta's yet either. But I am rooted and pass safetynet on my 8pro. One of my 1st rooted devices was the HTC DesireHD as well and I did like the Nexus 5 alot.
atm I'm using XXX flashed with magisk and the current Radioactive kernel and my phones gr8 and passes safetynet for banking apps , gpay , netflix etc.
Click to expand...
Click to collapse
Yeah with magisk I know you can pass, but I havnt felt the need to root this phone (nor my 7 Pro when I had it) - especially since a lot of people have had a fingerprint enrollment problem (I know you have to backup the persist partition) - I just wanted to test out some android 11 stuff, but it used to be that if you were in a beta, you failed safetynet even if BL was locked. Was just curious, thats all!

manor7777 said:
Yeah with magisk I know you can pass, but I havnt felt the need to root this phone (nor my 7 Pro when I had it) - especially since a lot of people have had a fingerprint enrollment problem (I know you have to backup the persist partition) - I just wanted to test out some android 11 stuff, but it used to be that if you were in a beta, you failed safetynet even if BL was locked. Was just curious, thats all!
Click to expand...
Click to collapse
Just to clarify - the fingerprint enrollment problem has nothing to do with root. It's all about the bootloader. Something happened when the bootloader was relocked (manually or by msmdtool). I believe the issues is fixed on later OOS versions, but haven't really looked into it as I'm not relocking.
Your question, however, the answer depends on when you flash the OB. It seems the OB is released around the same time the build is sent too google for verification, so if you're too quick to flash safetynet fails. If you wait for google to verify the ROM it's all good. There is, as far as I know, no information about when builds are verified. If you flash the ob too soon you can clear ps data and it will pass once google has updated on their part.
Edit: That's how they do it with pre-11 betas, not sure about 11, I guess that's up to google as it's an unreleased OS version. I believe even pixels fail their safetynet checks at this time.

efex said:
Just to clarify - the fingerprint enrollment problem has nothing to do with root. It's all about the bootloader. Something happened when the bootloader was relocked (manually or by msmdtool). I believe the issues is fixed on later OOS versions, but haven't really looked into it as I'm not relocking.
Your question, however, the answer depends on when you flash the OB. It seems the OB is released around the same time the build is sent too google for verification, so if you're too quick to flash safetynet fails. If you wait for google to verify the ROM it's all good. There is, as far as I know, no information about when builds are verified. If you flash the ob too soon you can clear ps data and it will pass once google has updated on their part.
Edit: That's how they do it with pre-11 betas, not sure about 11, I guess that's up to google as it's an unreleased OS version. I believe even pixels fail their safetynet checks at this time.
Click to expand...
Click to collapse
Ah OK, that makes sense. Most of the OnePlus betas I've installed n the past have been after Google. Released the OS to pixels, and they still failed Safetynet, but I also know Google is constantly changing safetynet stuff so that's why I wondered. Thanks anyway!

Related

[DISCUSSION] Safetynet patch for our Gtab 2 kernels

Safetynet is really becoming widely used in apps such as Netflix and Banking apps and while other devices pass safetynet through magisk easily, our devices could not. At best case scenario only the basic integrity check passes. Now, there is a kernel patch made by sultanxda to bypass the safetynet check on our kernels. Would it be worth it if someone recompiles Anykernel with the safetynet patch?
Lightracer said:
Safetynet is really becoming widely used in apps such as Netflix and Banking apps and while other devices pass safetynet through magisk easily, our devices could not. At best case scenario only the basic integrity check passes. Now, there is a kernel patch made by sultanxda to bypass the safetynet check on our kernels. Would it be worth it if someone recompiles Anykernel with the safetynet patch?
Click to expand...
Click to collapse
you should ask Android-andi directly, when he gets back his LG device
Disabling a security feature sounds stupid if i care about rom security all the time... Beside that i am not even sure if we would ever need that mentioned kernel patch.
ninestarkoko said:
you should ask Android-andi directly, when he gets back his LG device
Click to expand...
Click to collapse
Andi's AnyKernel thread mentions "No Feature Requests" so I don't really want to donate
$$$ to a charity because I'm broke
Android-Andi said:
Disabling a security feature sounds stupid if i care about rom security all the time... Beides that i am not even sure if we would ever need that mentiones kernel patch.
Click to expand...
Click to collapse
Maybe you're right, posts about that kernel patch dates back to October 2016 and I can't find any threads for it
Lightracer said:
Safetynet is really becoming widely used in apps such as Netflix and Banking apps and while other devices pass safetynet through magisk easily, our devices could not. At best case scenario only the basic integrity check passes. Now, there is a kernel patch made by sultanxda to bypass the safetynet check on our kernels. Would it be worth it if someone recompiles Anykernel with the safetynet patch?
Click to expand...
Click to collapse
i applied this patch on a non-public test build of rr 5.7.4. this patch dont solve the problem for now, because hide magisk is not working properly with our tab.
smart-t78 said:
i applied this patch on a non-public test build of rr 5.7.4. this patch dont solve the problem for now, because hide magisk is not working properly with our tab.
Click to expand...
Click to collapse
Oh, is the problem found yet or is it still a mystery?
Lightracer said:
Oh, is the problem found yet or is it still a mystery?
Click to expand...
Click to collapse
its still a mystery.
i worked on a rr version with inbuilt magisk some weeks ago. root works without problems but hide magisk dont do his job. so it doesnt matter if the patch applied or not. cts profile check fails.
This tablet P3110 used to do Netflix just fine... What was the last Netflix version before the switch? And is that version still working for Netflix viewing or is it blocked too?
ONLY FOR INFO
https://www.lineageos.org/Safetynet/
Just an small update: we don't need this freaking kernel workarounds other devices need because of the bootloader.
Latest slim6 and omni6 by me, also latest official lineage pass safetynet out of the box (not sure if lineage needs magisk to hide su, slim6 and omni6 are "user" builds and don't even allow adb root access)

Google Pay Busted on Android 10

Got a message from Google Pay saying that my phone is rooted or is running uncertified software.
I have a T-Mobile variant that I converted , without root, to international. Anyone else see this issue?
Read. This is an old problem for years. Is your bootloader unlocked? Not rooted? Yes this breaks GPay. Hence, Magisk, root, systemless and Hide.
Easy fix.
I'm not rooted. Bootloader is locked.
I just booted into bootloader to double check, and it is locked and secure boot is enabled
coolmaster121 said:
I'm not rooted. Bootloader is locked.
I just booted into bootloader to double check, and it is locked and secure boot is enabled
Click to expand...
Click to collapse
It's a known issue for converted TMobile variant and I'm one of them. OP aware of the issues and hopefully an update coming soon.
Seems like onplus6t lost play protect certification with Android 10 also.
Is everyone in the same situation also?
coolmaster121 said:
Seems like onplus6t lost play protect certification with Android 10 also.
Is everyone in the same situation also?
Click to expand...
Click to collapse
You're going to need root to get this fixed. So first go this link and follow the instructions in the first post to get Magisk on your device.
Next, you may need to install the latest Magisk Manager. Link here.
With Magisk Manager on your device, you can install both "Busybox for Android NDK" and "MagiskHide Props Config" modules.
After a reboot, use a terminal app (I used Termux) to setup MagiskHide Props as per the instructions here. I just used the available OnePlus 6T fingerprint.
With it all setup, the device will show up as certified.
plasmamax1 said:
You're going to need root to get this fixed. So first go this link and follow the instructions in the first post to get Magisk on your device.
Next, you may need to install the latest Magisk Manager. Link here.
With Magisk Manager on your device, you can install both "Busybox for Android NDK" and "MagiskHide Props Config" modules.
After a reboot, use a terminal app (I used Termux) to setup MagiskHide Props as per the instructions here. I just used the available OnePlus 6T fingerprint.
With it all setup, the device will show up as certified.
Click to expand...
Click to collapse
Thanks for the suggestion.
I'm not rooted, and really don't want to root.
That is besides the point though, why is the official release of the OS having the issue.
coolmaster121 said:
I'm not rooted, and really don't want to root.
That is besides the point though, why is the official release of the OS having the issue.
Click to expand...
Click to collapse
When you say "official" release, did it come OTA, or did you download it, or use the updater from
the play store?
OnePlus isn't releasing 10 "officially" to the 6T, got a few bugs left to squish.
p51d007 said:
When you say "official" release, did it come OTA, or did you download it, or use the updater from
the play store?
OnePlus isn't releasing 10 "officially" to the 6T, got a few bugs left to squish.
Click to expand...
Click to collapse
It was a zip I downloaded and did a local update.
Caltinpla said:
It's a known issue for converted TMobile variant and I'm one of them. OP aware of the issues and hopefully an update coming soon.
Click to expand...
Click to collapse
Is there an existing thread on this? I didn't see one and am keeping an eye out for a fix that doesn't require root or an unlocked bootloader.
coolmaster121 said:
Seems like onplus6t lost play protect certification with Android 10 also.
Is everyone in the same situation also?
Click to expand...
Click to collapse
Yep
No, works fine. But I don't have a converted variant - all stock.
If you go back to stock as it is with T-variant (search for MSM tool), is it certified again?
https://forum.xda-developers.com/showpost.php?p=80844361&postcount=7
noideas4thisname said:
Is there an existing thread on this? I didn't see one and am keeping an eye out for a fix that doesn't require root or an unlocked bootloader.
Click to expand...
Click to collapse
Nope, I tried everything I heard of but nothing worked. Hopefully, OP releases an update with the fix soon!

Device is altered

I didn't unlock my bootloader and I'm not rooted. My bootloader is locked. But Google Pay seems to think my device is modified. I did install Android 10 on my TMobile variant but it was working fine when I had the Android 9 open beta. Disney + and Netflix aren't in the app store so Google Play thinks I'm altered too. Help?
bigmikey307 said:
I didn't unlock my bootloader and I'm not rooted. My bootloader is locked. But Google Pay seems to think my device is modified. I did install Android 10 on my TMobile variant but it was working fine when I had the Android 9 open beta. Disney + and Netflix aren't in the app store so Google Play thinks I'm altered too. Help?
Click to expand...
Click to collapse
Seems to be working just like everyone else's T-Mobile Android 10 OP6T. This is a known issues on our devices.
bigmikey307 said:
I didn't unlock my bootloader and I'm not rooted. My bootloader is locked. But Google Pay seems to think my device is modified. I did install Android 10 on my TMobile variant but it was working fine when I had the Android 9 open beta. Disney + and Netflix aren't in the app store so Google Play thinks I'm altered too. Help?
Click to expand...
Click to collapse
It's a bug, you're going to have to wait until it's patched, no ETA from OnePlus yet.
Sent from my ONEPLUS A6013 using Tapatalk
I converted my T-Mobile phone using the MSM tool (no root) a while ago and never had trouble with Google Pay. It stopped working only after the latest update (Android 10.0). I hope OP will fix this in their next update.
Yeah, we all do. I have not been able to get around it. Tried the magisk module "setprops" but that didin't work. Anyone find a way around it yet?
Scott said:
Yeah, we all do. I have not been able to get around it. Tried the magisk module "setprops" but that didin't work. Anyone find a way around it yet?
Click to expand...
Click to collapse
You mean magiskhide props ?...
Ans set 6T pie fingerprint?...
cultofluna said:
You mean magiskhide props ?...
Ans set 6T pie fingerprint?...
Click to expand...
Click to collapse
The latest magiskhide props module has a valid 6T A10 fingerprint, I'm using it and my device is certified.

Stock at&t device certified fingerprint

I'm on an lg-v350, originally from at&t but it is currently unlocked, rooted with magisk and running Android 9. My device has been "ctsprofile:failed" for a awhile now. Not the biggest deal but if anyone has a certified device fingerprint I'd be very appreciative.
You can get it to pass by installing a couple modules in Magisk. The first one is busybox as a requirement. The second on is MagiskHideProps; it does the work. Use it to change the fingerprint to a Pixel 3 on Pie. I do not know the drawbacks of doing this, but you will pass the ctsprofile check and be able to use GPay.
Meatmassuse said:
I'm on an lg-v350, originally from at&t but it is currently unlocked, rooted with magisk and running Android 9. My device has been "ctsprofile:failed" for a awhile now. Not the biggest deal but if anyone has a certified device fingerprint I'd be very appreciative.
Click to expand...
Click to collapse
cmrntnnr said:
You can get it to pass by installing a couple modules in Magisk. The first one is busybox as a requirement. The second on is MagiskHideProps; it does the work. Use it to change the fingerprint to a Pixel 3 on Pie. I do not know the drawbacks of doing this, but you will pass the ctsprofile check and be able to use GPay.
Click to expand...
Click to collapse
Yea, that's the eventual option I came too as well. Haven't noticed any ill effects yet but who knows if it'll work forever. One amusing side effect was a free 100gbs on google drive when I opened the app. Some pixel promo ot said, haha.
Meatmassuse said:
I'm on an lg-v350, originally from at&t but it is currently unlocked, rooted with magisk and running Android 9. My device has been "ctsprofile:failed" for a awhile now. Not the biggest deal but if anyone has a certified device fingerprint I'd be very appreciative.
Click to expand...
Click to collapse
From stock AT&T V35 with latest PIE and security update. These should work with the Magisk props module to pass CTSProfie. I haven't cross-flashed, unlocked or rooted mine due to concerns with widevine L1 and the lack of an AT&T stock backup ROM.
[ro.build.fingerprint]: [lge/judyp_lao_com/judyp:9/PKQ1.181105.001/200341345c8c9.FGN:user/release-keys]
[ro.build.version.security_patch]: [2020-02-01]
Config attached (remove txt extension and place in sdcard directory, then choose custom fingerprint in props module).
rlw6534 said:
From stock AT&T V35 with latest PIE and security update. These should work with the Magisk props module to pass CTSProfie. I haven't cross-flashed, unlocked or rooted mine due to concerns with widevine L1 and the lack of an AT&T stock backup ROM.
[ro.build.fingerprint]: [lge/judyp_lao_com/judyp:9/PKQ1.181105.001/200341345c8c9.FGN:user/release-keys]
[ro.build.version.security_patch]: [2020-02-01]
Config attached (remove txt extension and place in sdcard directory, then choose custom fingerprint in props module).
Click to expand...
Click to collapse
I want you too know that I'd divorce my wife for you sir haha. For real though, thanks bruv.
Meatmassuse said:
I want you too know that I'd divorce my wife for you sir haha. For real though, thanks bruv.
Click to expand...
Click to collapse
Glad to help. I learned a while back to back up my props before hacking on my android devices...
Does anyone have the Oreo fingerprint for AT&T V35? I would very, very much appreciate it. I have cross-flashed to Oreo ULM and can't get CTSprofile to pass using the Pie version.
Edit:
Nevermind. Fixed it by upgrading to ULM Pie and flashing FTM, modemst1 and modemst2 from AT&T.

Question Nothing OS 1.5 beta - CTS profile fail

I updated my NP1 to NOS 1.1.7( with fix) and today to 1.5 beta. My device is not rooted with locked bootloader and still is not google certified and fails CTS. Any ideas on how to fix this?
I tried the default Universal SafetyNet Fix and it didn't work, I also tried using a custom fingerprint but it would break my fingerprint scanner, I ended up using a modded version of the fix it CTS is passing for me.
MarcoReckless said:
I tried the default Universal SafetyNet Fix and it didn't work, I also tried using a custom fingerprint but it would break my fingerprint scanner, I ended up using a modded version of the fix it CTS is passing for me.
Click to expand...
Click to collapse
My device is not rooted and the bootloader is still locked. I just installed NOS 1.5 beta by downloading the update zip for EEA and installing it with *#*#682#*#* etc. I tried to certify my device with google and see if anything can be done....
Chaotick said:
My device is not rooted and the bootloader is still locked. I just installed NOS 1.5 beta by downloading the update zip for EEA and installing it with *#*#682#*#* etc. I tried to certify my device with google and see if anything can be done....
Click to expand...
Click to collapse
I'm afraid you can't do anything while locked, we were warned that bank apps would break.
Chaotick said:
I updated my NP1 to NOS 1.1.7( with fix) and today to 1.5 beta. My device is not rooted with locked bootloader and still is not google certified and fails CTS. Any ideas on how to fix this?
Click to expand...
Click to collapse
it is normal for SafetyNet to fail in beta
in the mail from nothing it also says that netflix and googel pay / wallet does not work.
as soon as it is official A13 everything works again
MarcoReckless said:
I tried the default Universal SafetyNet Fix and it didn't work, I also tried using a custom fingerprint but it would break my fingerprint scanner, I ended up using a modded version of the fix it CTS is passing for me.
Click to expand...
Click to collapse
Thanks, the modded version works very well.

Categories

Resources