Hello,
It appears the OnePlus 7's TEE breaks after the bootloader is unlocked, falling back to basic attestation instead of hardware-backed (without the need of a magisk module). A friend told me that the same thing is the case on his OnePlus 8. Can someone who's unlocked their bootloader confirm that this is still the case on the OnePlus 9?
Thanks in advance.
If your speaking of security Widevine. I'm on the op9 unlocked bl and I'm Level 1. No modified partitions to hide bl unlock and no module .
No, widevine is for DRM, i'm talking about attestation for safetynet. You could check this by running a safetynet test (for example in this app) and simultaneously running a logcat (either on the phone itself with root or via adb). it should say something about SafetyNetResponse, for evaluationType it should return an array of strings, either "basic" or "basic", "hardware". If it's the latter, that means hardware-backed attestation is active, if it's the former that means it fell back to basic attestation. If you could check that, that would be great
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
MrSteelX said:
View attachment 5327681
Click to expand...
Click to collapse
You are supposed to run a logcat during the test phase . He explained to me above
mattie_49 said:
You are supposed to run a logcat during the test phase . He explained to me above
Click to expand...
Click to collapse
What for. The test shows basic.
@MrSteelX thanks! just to be clear, this is with no safetynet related magisk modules enabled, right?
notiflux said:
@MrSteelX thanks! just to be clear, this is with no safetynet related magisk modules enabled, right?
Click to expand...
Click to collapse
yep
Related
1.go to product/hw_oem/your model/prop
2. We edit local.prop, substituting device model, we delete local.prop.bak we reboot
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
3. We edit local.prop, substituting device model, we delete local.prop.bak we reboot
thanks, anyone confirm this is working? And is this dangerous against hackers since we are rooted and have credit card info on the device?
Android Pay
xdax1 said:
thanks, anyone confirm this is working? And is this dangerous against hackers since we are rooted and have credit card info on the device?
Click to expand...
Click to collapse
Android pay checks for root access and will not function on normal rooted devices, changing your build.prop file has nothing to do with it. Magisk is supposed to cloak its root access and there are some apps on the play store that are supposed to cloak it but I have never been able to get them to work reliably
revjamescarver said:
Android pay checks for root access and will not function on normal rooted devices, changing your build.prop file has nothing to do with it. Magisk is supposed to cloak its root access and there are some apps on the play store that are supposed to cloak it but I have never been able to get them to work reliably
Click to expand...
Click to collapse
so you mean you have Magsik and not getting Android Pay works still?
First of all, I know this topic is not limited to the S8(+), and as such the thread may be out of place.
However, I'm interested in a general discussion concerning streaming services (especially Netflix and HBO Nordic) on a S8 with root/Magisk.
I mainly use the phone in connection with Chromecast/Smart-TV, and the 5.2 Error (Netflix) and "temporarily" unavailability of HBO Nordic do not really affect me.
Here is what I have learned so far.
Removing Magisk enables HBO but not Netflix.
I know of the [TWEAK] Fix Netflix - Error 5.2, and Netflix is working by renaming /system/lib/liboemcrypto.so. Still, I don't know whether the tweak will have any repercussions other than degrading Widevine security level:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Phone and software information:
SM-G950F
Renovate Dream 5.1
Notorious Kernel NK200
Magisk 14.0 (SafetyNet true)
Care to share your thoughts/experiences on the issue?
Are both ctsProfile and basicIntegrity true?
Sent from my SM-G955F using Tapatalk
Yes, and I have no problems with my banking apps that would otherwise refuse to work.
Netflix detects root, so magisk hide has to be used as far as im aware. When i had my s6 i kept getting the mentioned error on netflix even though my magisk was showing all green, i wasnt aware at the time Netflix was detecting root, so i used Magisk hide and this resolved the issue.
One Plus 6T : Rooted, TWRP and Magisk but when trying TWRP backup: Can not create '/data/media/0TWRP' folder (Required key nor available). Failed to make backup folder.
Already selected my security for lock screen to none and cleared my credentials.
Anyone know what to do?
Note: Its not Tmobile. Its Global Stock Rom.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
kunal420 said:
One Plus 6T : Rooted,.........
Click to expand...
Click to collapse
I don't have this device but, your best bet is to post this question within the following TWRP thread that's specific to your device.
https://forum.xda-developers.com/showthread.php?t=3861482
Good Luck!
~~~~~~~~~~~~~~~
UNLESS asked to do so, PLEASE don't PM me regarding support. Sent using The ClaRetoX Forum App on my SM-G900T device.
kunal420 said:
One Plus 6T : Rooted, TWRP and Magisk but when trying TWRP backup: Can not create '/data/media/0TWRP' folder (Required key nor available). Failed to make backup folder.
Already selected my security for lock screen to none and cleared my credentials.
Anyone know what to do?
Note: Its not Tmobile. Its Global Stock Rom.
Click to expand...
Click to collapse
U have any luck yet? I just got my op6t (global).. if you don't mind could you tell me the steps you took to get yours set up with twrp and magisk? right now I'm having problems getting fastboot to recognize device on my laptop its driving me nuts but hopefully I'll get it figured out soon.
Download "Good Lock" Modules
zovsor said:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Click to expand...
Click to collapse
Got this error when trying to download modules within GoodLock app.
View attachment 4751147
aresbv2000 said:
Got this error when trying to download modules within GoodLock app.
View attachment 4751147
Click to expand...
Click to collapse
https://www.sammobile.com/apk/
Don't work.
musmax said:
Don't work.
Click to expand...
Click to collapse
What does not work
Don't work.
Can't install
Ghaaa!! Why does this not work?
Internet is required
zovsor said:
Download "Good Lock" Modules
Click to expand...
Click to collapse
Can you by any chance update it to the One UI 2.0 edition?
the app is not patched, i'm from Argentina, installed fine and after try install modules it give error is not avaliable, better take out the chip, use any VPN and connect to USA, after that go to Configuration-Apps-Galaxy Store or Samsung Store and delete cache, now back and open Galaxy Store and search for Good Lock, install it + modules, configure your phone and after finished, go back the chip and use your phone, the process is done, is not necessary take out chip, now it will work fine, tested in my S8+ 5 minutes ago, hope this help to anyone, leave some caps of proof, if you check in the left corner VPN Hub running there.
Hey guys,
Can any of you experts answer my question below and let me and others be satisfied with it?
I am just worried and want to know after rooting any of my devices, leads to risks in making any types of payments. Be it NFC or via any banking apps.
Also, not only payments, but any user data and access to system files related to security.
Does the above still applies after an un-root is done?
This may help point you in the right direction : https://forum.xda-developers.com/t/discussion-root-selinux-risks.3607295/#post-84740171
Keep in mind that is a fairly technical discussion and you are expected to weigh the risks vs benefits of your own scenario. And what you end up doing with the unlocked bootloader and root access will impact that risk.
All payment / banking apps are smart enough to detect whether Android got rooted or not.
jwoegerbauer said:
All payment / banking apps are smart enough to detect whether Android got rooted or not.
Click to expand...
Click to collapse
Is that the case with magisk as well now?
Twodogsfighting said:
Is that the case with magisk as well now?
Click to expand...
Click to collapse
YES.
Pre-March-2020 situation:
THE SAFETYNET ATTESTION API QUERIES CTS PROFILE ON ANDROID DEVICE.
With Magisk ( i.e. Magisk Hide ) it was possible to intercept this query and redirect it to a faked CTS Profile.
Actual situation:
THE SAFETYNET ATTESTION API NOW NO LONGER QUERIES CTS PROFILE ON ANDROID DEVICE BUT SUCH ONE STORED ON GOOGLE SERVERS BY OEM/CARRIER.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Magisk can't prevent this, means it can't intercept this query.
Take note that the developer of Magisk has already adnitted that!
My POV:
The cat-and-mouse game has ended. OEMs/Carriers have won. Magisk Hide became senseless.