How to trick MS Intune app about mobile encryption - General Questions and Answers

HI,
I have installed Pixel Experience Plus on starlte(galaxy9)
I need to install work profile with MS Teams (that's said)
It requires MS Intunes what require system encryption
1. Is there any way to trick Intune about mobile encryption (I don't want encrypt my mobile)
2. Even if I try encrypt - encrypt process was taking more than 4 hours so I stopped it and wipe in TWRP

duo_pendulum said:
HI,
I have installed Pixel Experience Plus on starlte(galaxy9)
I need to install work profile with MS Teams (that's said)
It requires MS Intunes what require system encryption
1. Is there any way to trick Intune about mobile encryption (I don't want encrypt my mobile)
2. Even if I try encrypt - encrypt process was taking more than 4 hours so I stopped it and wipe in TWRP
Click to expand...
Click to collapse
I don't have any experience with any MS product and never will. Did you already check if this Magisk module could solve your problem?
[MODULE] Microsoft Intune Company Portal Hider (Intune Hider)
Introduction: Simple Module To Hide The Root From Microsoft Intune Company Portal. - After The Installation & 1st Reboot, It Hides The Rooting & Disables Itself [P.S. Disabling Itself For Some Versions] - Enabling This Module From Magisk Manager...
forum.xda-developers.com

Yes I have my galaxy9 rooted with Magisk. I flashed recovery to TWRP 3.6.0_9-0. Works perfect.
I think the problem is not related to MS Intune. It is more related 'Settings -> Security -> Encrypt Phone' in my Pixel Experience Plus custom rom.
If I want to encrypt directly from settings encryption progress bar is never ending (after 4 hours I reboot)
I have ROM from here:
[ROM][11][S9/S9+] PixelExperience Plus [AOSP/UNOFFICIAL]
PixelExperience Plus for S9/S9+ [starlte/star2lte] What is this? PixelExperience Plus is an AOSP based ROM, with Google apps included and all Pixel goodies (launcher, wallpapers, icons, fonts, boot animation) it has some extra additions over...
forum.xda-developers.com
I know there is more fresh version of Pixel Experience Plus:
[ROM][10.0][NOTE 9] Pixel Experience Plus [AOSP/UNOFFICIAL][2020/12/12]
hi, I installed it, but when I rebooted the phone again I went to download mode, help me, thanks
forum.xda-developers.com
but download link doesn't work :-(
I also flashed DisableForceEncryption.zip but it also didn't help.
Maybe because Android 11 uses FileBaseEncryption(FBE) instead of FDE

Oswald in the link you attached there is about Magisk Hidden so far I see now it is Magisk feature and application (MS Intune) didn't complain about "hey your phone is rooted" because Magisk is hidden.
BTW. Thx for answer

duo_pendulum said:
Oswald in the link you attached there is about Magisk Hidden so far I see now it is Magisk feature and application (MS Intune) didn't complain about "hey your phone is rooted" because Magisk is hidden.
BTW. Thx for answer
Click to expand...
Click to collapse
Hi, did you get your problem solved ? I am facing the same issue.

Related

"Can't load Android system" and "Factory data reset" tried and does not work

"Can't load Android system" and "Factory data reset" tried and does not work
Hi all,
I bought a Pixel 3a, unlocked the bootloader, upgraded it to Android 10, and then tried to root it with Magisk. I must somehow have missed a step because now the phone only boots to:
Android Recovery
google/sargo/sargo
9/PQ3B.190801.002/5674421
user/release-keys
Use volume up/down and power.
Can't load Android system. Your data may be corrupt. If you continue to get this message, you may need to perform a factory data reset and erase all user data stored on this device.
Try again
Factory data reset
If I "Try again" I end up in the same place after a long time with the Google logo and a reboot. If I "Factory data reset" I also end up in the same place.
My desktop has adb and fastboot, and was able to access the phone until the failed attempt at rooting. Now it does not detect the phone despite the system "bleeping" as if it has found a new device:
>adb devices
* daemon not running; starting now at tcp:5037
* daemon started successfully
List of devices attached
>adb devices
List of devices attached
Is there a way out of this mess?
FD
You're still on P by what recovery says. 0801 image. PQ3B is P. You want QP1A. Please try downloading the recent Q image and follow the official instructions from Google in the link and try again.
https://developers.google.com/android/images
Uzephi said:
You're still on P by what recovery says. 0801 image. PQ3B is P. You want QP1A. Please try downloading the recent Q image and follow the official instructions from Google in the link and try again.
https://developers.google.com/android/images
Click to expand...
Click to collapse
Thank you very much! Using the flash-all script I have managed to get my phone back. I have flashed the original Android 9 the phone came with.
Now, one further question, are there some good (as in unlikely to brick my phone again) instructions on how to root my Pixel 3a? I believe that Android 9 is preferred when using Magisk to Android 10, and I do not mind staying with Android 9, but I would like some instructions on how to root it without bricking it again.
Again, thanks for your prompt reply.
Yours,
FD
Frederick Davies said:
Thank you very much! Using the flash-all script I have managed to get my phone back. I have flashed the original Android 9 the phone came with.
Now, one further question, are there some good (as in unlikely to brick my phone again) instructions on how to root my Pixel 3a? I believe that Android 9 is preferred when using Magisk to Android 10, and I do not mind staying with Android 9, but I would like some instructions on how to root it without bricking it again.
Again, thanks for your prompt reply.
Yours,
FD
Click to expand...
Click to collapse
I followed this guide. it's for a pixel 3 but it's exactly the same for a 3a. There is no TWRP for 10 so doing it this way is the only way for now.
https://android.gadgethacks.com/how-to/root-your-pixel-3-android-10-0200295/
Just use magisk to patch Android 10 boot IMG and Flash it and your rooted on Android 10
Frederick Davies said:
Now, one further question, are there some good (as in unlikely to brick my phone again) instructions on how to root my Pixel 3a? I believe that Android 9 is preferred when using Magisk to Android 10, and I do not mind staying with Android 9, but I would like some instructions on how to root it without bricking it again.
Again, thanks for your prompt reply.
Yours,
FD
Click to expand...
Click to collapse
I have created a (IMHO) very thorough quide on how to root your Pixel 3a. It walks you through rooting with both Android Pie and Android 10 with very clear and precise steps. If you have any questions about it, feel free to post in that thread or reach out to me via a direct message.
There is no limitation on using Magisk or rooting under Android 10. The only thing you cannot do with Android 10 is use TWRP, but that isn't a deal breaker. TWRP is good for making backups of your OS, but as you have found you can still recover from just about any situation using the Google factory images, so while a backup might be beneficial at times, it isn't a necessity. Personally I would definitely recommend using Android 10 because Pie isn't being updated by Google anymore, so you are going to be behind on security updates, etc if you stick with Pie.
Watch this video and you shouldn't have any problems
sic0048 said:
I have created a (IMHO) very thorough quide on how to root your Pixel 3a. It walks you through rooting with both Android Pie and Android 10 with very clear and precise steps. If you have any questions about it, feel free to post in that thread or reach out to me via a direct message.
Click to expand...
Click to collapse
Very detailed indeed, but I still have a question: in your instructions you seem to boot into TWRP to install Magisk, but you do NOT install TWRP itself, just boot it for the installation of Magisk. Is that correct? Why?
sic0048 said:
There is no limitation on using Magisk or rooting under Android 10. The only thing you cannot do with Android 10 is use TWRP, but that isn't a deal breaker. TWRP is good for making backups of your OS, but as you have found you can still recover from just about any situation using the Google factory images, so while a backup might be beneficial at times, it isn't a necessity. Personally I would definitely recommend using Android 10 because Pie isn't being updated by Google anymore, so you are going to be behind on security updates, etc if you stick with Pie.
Click to expand...
Click to collapse
I am going through all this rigmarole to be able to install XPrivacyLua through the Xposed Framework, but the instructions for Xposed (https://www.xda-developers.com/xposed-framework-hub/) seem to indicate you need TWRP as a requisite, hence I think am stuck with Android P (9.0).
On the other hand, I get conflicting information as to whether Xposed for Magisk does (https://www.xda-developers.com/xposed-framework-hub/) or does not (https://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268) pass SafetyNet. Most confusing...
FD
Frederick Davies said:
Very detailed indeed, but I still have a question: in your instructions you seem to boot into TWRP to install Magisk, but you do NOT install TWRP itself, just boot it for the installation of Magisk. Is that correct? Why?
FD
Click to expand...
Click to collapse
There is no need to install or boot into TWRP (btw. there is even no working TWRP for Android 10 yet) to install Magisk. It's sufficents to install Magisk Manager on your phone and patch the boot.img extracted from the factory image. Just follow the instructions which have been quoted here in the thread already.
AndDiSa said:
There is no need to install or boot into TWRP (btw. there is even no working TWRP for Android 10 yet) to install Magisk. It's sufficents to install Magisk Manager on your phone and patch the boot.img extracted from the factory image. Just follow the instructions which have been quoted here in the thread already.
Click to expand...
Click to collapse
Dear AndDisa,
As I said, I am rooting my Pixel 3a because I want to install XPrivacyLua, which requires the Xposed Framework; and to install Xposed with Magisk, it lists TWRP as a pre-requisite (see "Method 2: Magisk" in https://www.xda-developers.com/xposed-framework-hub/). Since it seems there is some kind of reluctance to use/install TWRP in this thread, I am asking why that is so. I understand it is possible to install Magisk without TWRP, I am just asking "why?"
Again, thank you all for your help.
FD
TWRP doesn't work on Android 10 at this point so you can't flash it.
Frederick Davies said:
Dear AndDisa,
As I said, I am rooting my Pixel 3a because I want to install XPrivacyLua, which requires the Xposed Framework; and to install Xposed with Magisk, it lists TWRP as a pre-requisite (see "Method 2: Magisk" in https://www.xda-developers.com/xposed-framework-hub/). Since it seems there is some kind of reluctance to use/install TWRP in this thread, I am asking why that is so. I understand it is possible to install Magisk without TWRP, I am just asking "why?"
Again, thank you all for your help.
FD
Click to expand...
Click to collapse
If you read closely in the guide sic linked, he does state the TWRP method is only for P because you can't use TWRP on 10. It is the way partitions are handled in 10 where you really can't read your internal storage and it would have to require a code rework. Until that's done, no TWRP.
Edit: quote from twrp developer about it. https://twrp.me/site/update/2019/10/23/twrp-and-android-10.html
https://github.com/ElderDrivers/EdXposed/pull/354
https://github.com/ElderDrivers/EdXposedManager/releases
You can flash xposed without TWRP. Just install edxposed by downloading and installing through magisk and install the edxposed manager. You don't need TWRP
Frederick Davies said:
Very detailed indeed, but I still have a question: in your instructions you seem to boot into TWRP to install Magisk, but you do NOT install TWRP itself, just boot it for the installation of Magisk. Is that correct? Why?
FD
Click to expand...
Click to collapse
As other have noted, TWRP does not work with Android 10. However, I also wanted to answer your question because it is valid.....
With Android Pie (9), you cannot permanently install TWRP unless you first flash a custom kernel that supports LZMA compression. Using the stock kernel, you can load TWRP using ADB and use it just like normal, but when you reboot the phone TWRP will not be loaded anymore. My instructions are about rooting the phone and not about installing TWRP permanently on the phone and therefore I provided the simplest method to accomplish that goal.
Most custom kernels have been updated with LZMA support, but you should really read the TWRP thread for more information on how to permanently install TWRP on Android Pie
Dear All,
Thank you for all your help and explanations concerning my questions.
I have now rooted my Pixel 3a running Android 9 following the instructions supplied (no TWRP installation), and It seems that Magisk is installed and happy (at least it thinks it is and FX has root access), but I am afraid that EdXposed and XPrivacyLua are not working as expected.
After Magisk, I installed the "Riru - Core" and "Riru - EdXposed (YAHFA)" modules. I then installed the "EdXposed Framework (YAHFA)" (giving the EdXposed Installer superuser privileges; EdExposed reports it is installed and active), and the XprivacyLua module inside it. But now Magisk complains that the SafetyNet checks are failing (this coincides with installing XPrivacyLua, but it is the only module I have in EdXposed), and XPrivacyLua is not actually blocking anything at all (that is, even when I supposedly block access to some functions, the apps just go ahead and use them).
Why do I get the impression Google does not want people to root their phones?
Yours,
FD
Frederick Davies said:
Dear All,
Thank you for all your help and explanations concerning my questions.
I have now rooted my Pixel 3a running Android 9 following the instructions supplied (no TWRP installation), and It seems that Magisk is installed and happy (at least it thinks it is and FX has root access), but I am afraid that EdXposed and XPrivacyLua are not working as expected.
After Magisk, I installed the "Riru - Core" and "Riru - EdXposed (YAHFA)" modules. I then installed the "EdXposed Framework (YAHFA)" (giving the EdXposed Installer superuser privileges; EdExposed reports it is installed and active), and the XprivacyLua module inside it. But now Magisk complains that the SafetyNet checks are failing (this coincides with installing XPrivacyLua, but it is the only module I have in EdXposed), and XPrivacyLua is not actually blocking anything at all (that is, even when I supposedly block access to some functions, the apps just go ahead and use them).
Why do I get the impression Google does not want people to root their phones?
Yours,
FD
Click to expand...
Click to collapse
It is most certainly the things you have installed that are breaking the SafetyNet check. I don't know anything about XprivacyLua, but I would assume there is a support thread here on XDA for it. I would read that support thread and see if there is a solution to the Safetynet issue.
Dear All,
OK, I have now rooted my Pixel 3a: I am running Android 9, and I flashed Magisk (Magisk Manager version 7.4.0; Magisk version 20.1) without installing TWRP as per the instructions. Then I installed the Riru - Core (version 10) and Riru - Ed Exposed (version 0.2.8_beta) modules, which allowed me to install EdXposedInstaller (version 2.2.5). I am currently running Xposed Framework (version 90.0-0.2.8) with XPrivacyLua (version 1.25).
The result is that XPrivacyLua is working with a few caveats: the SafetyNet Check fails both the ctsProfile and basicIntegrity checks (this is triggered by XPrivacyLua, not (Ed)Xposed), and when I limit access of WhatsApp to the Contacts list, there are constant errors whenever WhatsApp tries to read it (though it seems to work as expected). Also, the Contacts list keeps disappearing from the Contacts app itself, despite WhatsApp actually seeing those contacts in there (go figure).
Other apps that require root (like FX) are working as expected.
In the end, I have decided that since I am not interested in using my mobile for Google Pay, I will have to live with it as it is now, but I have a couple of points for others that may want to follow in my footsteps (this is not necessarily related to the method of rooting; those who helped me here are certainly not at fault for the following):
1. XPrivacyLua is in no way as capable and easy to use as XPrivacy was (XPrivacy is the main reason why I am rooting my phone). If I could install Android 4 on my Pixel 3a, I would do so and go back to XPrivacy (my venerable Nexus 5's second battery is shot, so I had to get new hardware). There is nothing in Android 9 that I actually need that was not there in Android 4.
2. We really need a Nexus Toot Toolkit for Pixel phones. The multitude of versions and steps required in rooting them successfully is too much for those like me who will root their phone for one or two apps and then leave it as it is. I know that these forums are really for tinkerers who want to extract the maximum from their hardware, and hence my point of view is not representative here, but I just want a mobile that will not spy on me, the rest is irrelevant to me.
I guess I will have to open a thread in the XPrivacyLua forums to see if I can sort out my problems, but I would like to thank you all for your help in getting me here and answering my questions (no matter how pointless they may have seemed).
Yours,
FD
Frederick Davies said:
Dear All,
OK, I have now rooted my Pixel 3a: I am running Android 9, and I flashed Magisk (Magisk Manager version 7.4.0; Magisk version 20.1) without installing TWRP as per the instructions. Then I installed the Riru - Core (version 10) and Riru - Ed Exposed (version 0.2.8_beta) modules, which allowed me to install EdXposedInstaller (version 2.2.5). I am currently running Xposed Framework (version 90.0-0.2.8) with XPrivacyLua (version 1.25).
The result is that XPrivacyLua is working with a few caveats: the SafetyNet Check fails both the ctsProfile and basicIntegrity checks (this is triggered by XPrivacyLua, not (Ed)Xposed), and when I limit access of WhatsApp to the Contacts list, there are constant errors whenever WhatsApp tries to read it (though it seems to work as expected). Also, the Contacts list keeps disappearing from the Contacts app itself, despite WhatsApp actually seeing those contacts in there (go figure).
Other apps that require root (like FX) are working as expected.
In the end, I have decided that since I am not interested in using my mobile for Google Pay, I will have to live with it as it is now, but I have a couple of points for others that may want to follow in my footsteps (this is not necessarily related to the method of rooting; those who helped me here are certainly not at fault for the following):
1. XPrivacyLua is in no way as capable and easy to use as XPrivacy was (XPrivacy is the main reason why I am rooting my phone). If I could install Android 4 on my Pixel 3a, I would do so and go back to XPrivacy (my venerable Nexus 5's second battery is shot, so I had to get new hardware). There is nothing in Android 9 that I actually need that was not there in Android 4.
2. We really need a Nexus Toot Toolkit for Pixel phones. The multitude of versions and steps required in rooting them successfully is too much for those like me who will root their phone for one or two apps and then leave it as it is. I know that these forums are really for tinkerers who want to extract the maximum from their hardware, and hence my point of view is not representative here, but I just want a mobile that will not spy on me, the rest is irrelevant to me.
I guess I will have to open a thread in the XPrivacyLua forums to see if I can sort out my problems, but I would like to thank you all for your help in getting me here and answering my questions (no matter how pointless they may have seemed).
Yours,
FD
Click to expand...
Click to collapse
Cool story bro

Cannot Get Google Play Protect Certification using LineageOS 18.1 on OnePlus 8T

Hello Everyone,
I recently installed LineageOS 18.1 (build: lineage_kebab-userdebug 11). I have retrieved my Android ID using the ADB commands found here: Device Registration and registered my Android ID a few days ago but Google Play Store still shows: "Device is not certified" under Settings --> About --> Play Protect certification. Is there something I'm doing wrong or something else I need to do in order to get my device certified with Google Play Store?
use magisk hide props config I use the pixel 5 fingerprint and add new props
ro.product.model Pixel 5
ro.product.manufacturer Google
option 5 add those 2 after you change fingerprint you will pass and get stadia discounts just can't run edxposed I do but a few changes in that you fail hope that helps
ecompton59 said:
use magisk hide props config I use the pixel 5 fingerprint and add new props
ro.product.model Pixel 5
ro.product.manufacturer Google
option 5 add those 2 after you change fingerprint you will pass and get stadia discounts just can't run edxposed I do but a few changes in that you fail hope that helps
Click to expand...
Click to collapse
Thank you for the info. So you are saying in order to get my device "certified" with Google Play Store I need to root my device, add new props and change my fingerprint (I assume you mean Android ID)? I'm not sure what you mean by: "stadia discounts" or "edxposed". Also, I do not see where I need to root my device in the LineageOS documentation or the Google documentation so I'm still unclear why this must be done. Does Google block LineageOS devices from getting "certified" or something?
long as you used dual sim oos file to unlock your phone it won't unless you do something like that and Google thinks I have pixel 5 see pics I pass
alteredstate82 said:
Thank you for the info. So you are saying in order to get my device "certified" with Google Play Store I need to root my device, add new props and change my fingerprint (I assume you mean Android ID)? I'm not sure what you mean by: "stadia discounts" or "edxposed". Also, I do not see where I need to root my device in the LineageOS documentation or the Google documentation so I'm still unclear why this must be done. Does Google block LineageOS devices from getting "certified" or something?
Click to expand...
Click to collapse
Unlocking a bootloader breaks SafetyNet passes. This results in the play store as not being certified which usually hides specific apps such as Netflix and some other banking apps and will break them. Magisk is needed to help with spoofing your device to let the play store know your device is certified. Some ROMs have built in patches in which SafetyNet passes fine without root. I believe lineage does not do this with their ROM, so you will need magisk.
This is actually a decent article which describes this if you desire to read it - https://www.hexnode.com/blogs/safetynet-android-security/
azoller1 said:
Unlocking a bootloader breaks SafetyNet passes. This results in the play store as not being certified which usually hides specific apps such as Netflix and some other banking apps and will break them. Magisk is needed to help with spoofing your device to let the play store know your device is certified. Some ROMs have built in patches in which SafetyNet passes fine without root. I believe lineage does not do this with their ROM, so you will need magisk.
This is actually a decent article which describes this if you desire to read it - https://www.hexnode.com/blogs/safetynet-android-security/
Click to expand...
Click to collapse
Okay that makes sense. According to the: Patching Images section of the How to Install Magisk App guide I can install Magisk to the boot ramdisk (see screenshot). However, the LineageOS build I installed does not contain a "boot.img" in the zip file. There is however a "payload.bin" file which according to the: XDA Magisk Installation Guide I need to use "payload-dumper-go" to extract the boot.img from the payload.bin? Does that about sum it up or is there something else I'm missing?
alteredstate82 said:
Okay that makes sense. According to the: Patching Images section of the How to Install Magisk App guide I can install Magisk to the boot ramdisk (see screenshot). However, the LineageOS build I installed does not contain a "boot.img" in the zip file. There is however a "payload.bin" file which according to the: XDA Magisk Installation Guide I need to use "payload-dumper-go" to extract the boot.img from the payload.bin? Does that about sum it up or is there something else I'm missing?
Click to expand...
Click to collapse
Yep. You will need to extract the payload.bin file in which you will use the boot.img, then patch it with magisk, then flash the patched boot.img using fastboot. Then, you will need to use magiskhide to hide magisk itself and use the props spoof module to help with passing safetynet.
I want to say thank you for the help! I successfully installed Magisk and passed the SafetyNet checks! Everything seems to be working good. However, it seems my efforts might be wasted as Magisk is dropping support for hiding root access. This is unfortunate as I have a few job critical apps that will not work unless I hide them from root access in Magisk. Hopefully someone else will pick up the torch and continue development. It's a crime these big tech companies work so hard to prevent us from modifying hardware we own!
Hi, I flashed LineageOS 18.1 to my OnlePlus 8T (KB2003). The device is not rooted.
Since that, he device is no longer Play Protect certified and I am not able to install Netflix or use PayPal anymore.
Therefore I installed Magisk and MagiskHidePropsConf-v6.1.2 and followed the instructions above to change the fingerprint and hopefully hide, that the bootloader is unocked. But the device is still not certified (PayStore App > Settings > Info)
What have I done:
- extracted boot.img from LineageOS payload.bin
- boot.img was patched and fastboot flashed to my device (Patching_Images)
- 2 props added: ro.product.model: "Pixel 5", ro.product.manufacturer: "Google"
Did I forgot something?
But in general, why is it needed to change the fingerprint to Pixel 5? Should not work the default fingerprint of my OnePlus 8T as well?
BR Greg
gregattack said:
Hi, I flashed LineageOS 18.1 to my OnlePlus 8T (KB2003). The device is not rooted.
Since that, he device is no longer Play Protect certified and I am not able to install Netflix or use PayPal anymore.
Therefore I installed Magisk and MagiskHidePropsConf-v6.1.2 and followed the instructions above to change the fingerprint and hopefully hide, that the bootloader is unocked. But the device is still not certified (PayStore App > Settings > Info)
What have I done:
- extracted boot.img from LineageOS payload.bin
- boot.img was patched and fastboot flashed to my device (Patching_Images)
- 2 props added: ro.product.model: "Pixel 5", ro.product.manufacturer: "Google"
Did I forgot something?
But in general, why is it needed to change the fingerprint to Pixel 5? Should not work the default fingerprint of my OnePlus 8T as well?
BR Greg
Click to expand...
Click to collapse
All I needed to do to get Play Protect certified was to change my fingerprint to the OP8T KB2003 fingerprint included in MagiskHide Props Config. No other model spoofing needed.
I am still stuck on Widevine L3, however. Still haven't figured that one out, and may be unrelated.
Did you install and use the Universal SafetyNet Fix module?
If I set the kb2003 OP 8T (EU) fingerprint, it seemed not to work. But I will try again.
Do I need to clear some caches eg: play store, after changing the fingerprint or something else?
cpkelley94 said:
All I needed to do to get Play Protect certified was to change my fingerprint to the OP8T KB2003 fingerprint included in MagiskHide Props Config. No other model spoofing needed.
I am still stuck on Widevine L3, however. Still haven't figured that one out, and may be unrelated.
Click to expand...
Click to collapse
finally I installed Universal SafetyNet Fix and switched to the kb2003 fingerprint and reset all other modification like custom props for the pixel phone. Now it's working. No idea why it fails in previous approach
Strange, on my device. Not on lineage though - I pass safetynet without help from any modules. No props or even USF module. Rooted and bootloader unlocked.
Op8t 5g tmobile.
ykjae said:
Strange, on my device. Not on lineage though - I pass safetynet without help from any modules. No props or even USF module. Rooted and bootloader unlocked.
Op8t 5g tmobile.
Click to expand...
Click to collapse
which image are you using?
I read, that some images like https://evolution-x.org/ pass safetynet out of the box but I did'nt test this.
Finally the unlocked bootloader is the problem.

Question Samsung pay with a root Samsung

Hi,
I have one root Z flip 3 and I can pair it without problems with my galaxy watch 4, the problem is when I try to add one card to samsung pay through the Watch plug in, whenever i try to do all works fine until the last moment when the watch disconnect from the phone. I have tried this with other phones and with my own Z flip without root and It works.
Maybe, someone in the forum have found a way to make it work.
Thank you.
Samsung Pay is secured by Knox.
[Guide]Use Samsung Pay and Knox on your Rooted device
WARNING THIS IS A WIP AND SO FAR NO ONE HAS CONFIRMED THIS WORKING Samsung pay and Knox is working after Rooting. How is this possible?:confused: well, The loophole here is both Samsung pay and Knox apps check the kernel for knox status...
forum.xda-developers.com
blackhawk said:
Samsung Pay is secured by Knox.
[Guide]Use Samsung Pay and Knox on your Rooted device
WARNING THIS IS A WIP AND SO FAR NO ONE HAS CONFIRMED THIS WORKING Samsung pay and Knox is working after Rooting. How is this possible?:confused: well, The loophole here is both Samsung pay and Knox apps check the kernel for knox status...
forum.xda-developers.com
Click to expand...
Click to collapse
Yes I know but i want to use samsung pay on the watch not in the phone, i was able to use it with knox tripped but not when magisk is installed.
Zoidben said:
Yes I know but i want to use samsung pay on the watch not in the phone, i was able to use it with knox tripped but not when magisk is installed.
Click to expand...
Click to collapse
Try to hide the watch app with magisk hide, and Spay too
Rick_BR said:
Try to hide the watch app with magisk hide, and Spay too
Click to expand...
Click to collapse
I have already done that if not I couldnt even open the app of the Spay watch plugin, i dont know what can be the problem
Ive used Samsung Pay on my Pixel 2XL for over 6 months now using my Active 2, until i just swapped to the Watch 4 and can use Google Pay easily, yay
How i setup Samsung Pay (using Active 2) :
* Magisk (i still prefer older Magisk - Alpha 31 to be exact - last build before John started removing MagiskHide etc - and yes it stillworks on Android 12)
* MagiskHide Enabled - checked to pass SafetyNet
* Rename Magisk app (from settings)
* Tick apps in MagiskHide: All Samsung related apps, including watch plugins
Added modules after the above:
* Riru
* Riru-MomoHider (my mod to add all 4config options - note later Magisk builds may or not allow Riru, and if they do, some may not allow all Riru-MomoHider config options - best to check in main Magisk thread if you use the latest/bleeding edge)
The Riru/Riru-MomoHide setup will give you greater process isolation than MagiskHide itself....
Attached:
*Magisk - Alpha 31 (apk, you can sideload this apk from TWRP, TWRP doesnt care its not named as a zip, only its content- sideload apk, reboot then install the apk, as the flashed apk only installs the stub Magisk Manager, and you dont want it grabbing the latest Magisk Manager from the interwebs at the moment...)
*Riru (Riru must be installed first, and a reboot performed before adding Riru-Momohider)
*Riru-MomoHider (my mod with 4 config options set at module install, instead of having to manually do it)
Bonus info:
If youre a regular ROM flasher, you'll want to keep your watch connection and Samsung Pay working across flashes, i have a guide for that in my signature, basically involves keeping the same Android ID across flashes. I need to update it for Android 12, which ill do over the weekend...the Android ID changer app i use on Android 11 doesnt work on 12...
Note: Magisk Alpha 31 referenced in above post removed from post as its quite old now.....use either Official Magisk (details in my following post down the page) or Magisk Delta (and the modules from this post)
73sydney said:
Ive used Samsung Pay on my Pixel 2XL for over 6 months now using my Active 2, until i just swapped to the Watch 4 and can use Google Pay easily, yay
How i setup Samsung Pay (using Active 2) :
* Magisk (i still prefer older Magisk - Alpha 31 to be exact - last build before John started removing MagiskHide etc - and yes it stillworks on Android 12)
* MagiskHide Enabled - checked to pass SafetyNet
* Rename Magisk app (from settings)
* Tick apps in MagiskHide: All Samsung related apps, including watch plugins
Added modules after the above:
* Riru
* Riru-MomoHider (my mod to add all 4config options - note later Magisk builds may or not allow Riru, and if they do, some may not allow all Riru-MomoHider config options - best to check in main Magisk thread if you use the latest/bleeding edge)
The Riru/Riru-MomoHide setup will give you greater process isolation than MagiskHide itself....
Attached:
*Magisk - Alpha 31 (apk, you can sideload this apk from TWRP, TWRP doesnt care its not named as a zip, only its content- sideload apk, reboot then install the apk, as the flashed apk only installs the stub Magisk Manager, and you dont want it grabbing the latest Magisk Manager from the interwebs at the moment...)
*Riru (Riru must be installed first, and a reboot performed before adding Riru-Momohider)
*Riru-MomoHider (my mod with 4 config options set at module install, instead of having to manually do it)
Bonus info:
If youre a regular ROM flasher, you'll want to keep your watch connection and Samsung Pay working across flashes, i have a guide for that in my signature, basically involves keeping the same Android ID across flashes. I need to update it for Android 12, which ill do over the weekend...the Android ID changer app i use on Android 11 doesnt work on 12...
Click to expand...
Click to collapse
Anyone tried this on S22 Sandragon Variant, Android 12?
Gymcode said:
Anyone tried this on S22 Sandragon Variant, Android 12?
Click to expand...
Click to collapse
My post is not current except if you are using the (recent) unofficial Magisk Delta, which still has MagiskHide as an option, Delta can be found here:
[Discussion] Magisk Delta - Another unofficial third-party Magisk fork
This is not an officially supported topjohnwu project. If you are looking for official Magisk source, please go to this page Introduction Custom Magisk fork by HuskyDG. Sync with official Magisk adding back MagiskHide...
forum.xda-developers.com
For mainstream/official Magisk, you should use Zygisk:
* Magisk 25.x
* Zygisk Enabled
* Rename Magisk app (from settings)
* Tick apps in Deny List: All Samsung related apps, including watch plugins
* DenyList Not Enforced (shamiko will handle this)
Added modules after the above:
* shamiko
all required files can be found in page 1 of this thread:
[Discussion] Magisk - The Age of Zygisk.
This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com
As an alternate to shamiko, you can also try DenyList Unmount
GitHub - mywalkb/DenylistUnmount
Contribute to mywalkb/DenylistUnmount development by creating an account on GitHub.
github.com
As for "has anyone tried it?", if you have already rooted with Magisk, then simply try it....waiting for some other random person to do something isnt my 1st thought process....magisk is systemless and you cant really hurt anything...

Shelter/Island/Insular work profile on rooted samsung phone

As we known when samsung phone is rooted then Knox is tripping so multi user with a work profile isn't possible with the error message... can't create work profile.
This is howto guide to bypass Knox security so Shelter works on it, after many tries and errors methode
My setup
- S20 magisk zygisk root android 13
- Magisk modules: lsposed, knoxpatch apk and enhancer (in lsposed), shamiko as blacklist mode, safetynet fix
- Shelter
Guide
- Root your samsung phone with zygisk magisk (25.2) and install those magisk modules. Reboot several times
- In Lsposed enable KnoxPatch module with suggested Recommended. Reboot
- In Magisk Settings change Multiuser Mode > Device Owner Managed (using in multi user profile)
- In Magisk Settings change Mount Namespace Mode > Inherit namespace. Reboot
- Install Shelter and create work profile following Setup Wizard
- Clone the needed apps to Work profile or install directly from Shelter Work Profile
- In Magisk configure DenyList with those apps in work profile
My rooted S20 works fine in Work Profile with my company apps Microsoft Authenticator, Company Portal, Outlook, Teams etc.
Hope it helps for you guys too.
Further process how to make company apps work on Work Profile created by Shelter/ Island needs follow steps
- Install Applist Detector to check root
- Install InitrcHider (zygisk version) in Magisk
- In Magisk configure DenyList with full denying for those company apps (ticks all processes)
- Uninstall Magisk from Settings/ Apps, not directly from Magisk! because if doing it from Magisk then you loose the root
- Check root again with AppList Detector
- Delete company apps data and cache from Settings/ Apps then setup those apps again as new
gsmdb said:
As we known when samsung phone is rooted then Knox is tripping so multi user with a work profile isn't possible with the error message... can't create work profile.
This is howto guide to bypass Knox security so Shelter works on it, after many tries and errors methode
My setup
- S20 magisk zygisk root android 13
- Magisk modules: lsposed, knoxpatch apk and enhancer (in lsposed), shamiko as blacklist mode, safetynet fix
- Shelter
Guide
- Root your samsung phone with zygisk magisk (25.2) and install those magisk modules. Reboot several times
- In Lsposed enable KnoxPatch module with suggested Recommended. Reboot
- In Magisk Settings change Multiuser Mode > Device Owner Managed (using in multi user profile)
- In Magisk Settings change Mount Namespace Mode > Inherit namespace. Reboot
- Install Shelter and create work profile following Setup Wizard
- Clone the needed apps to Work profile or install directly from Shelter Work Profile
- In Magisk configure DenyList with those apps in work profile
My rooted S20 works fine in Work Profile with my company apps Microsoft Authenticator, Company Portal, Outlook, Teams etc.
Hope it helps for you guys too.
Click to expand...
Click to collapse
Does the above steps really working bro?
Please help me bro
Device Details:
Samsung S10
Custom ROM: One UI 5.1 android 13 by Ivan_meler
Issue: unable to use intune company portal and Island
Please guide me how to do it bro. The above instruction not working for me bro
Did it work for you to install Island?
The scoop is how to make Shelter/ Island/ Insular work with rooted Samsung.
Further process how to make company apps work on Work Profile created by Shelter/ Island needs follow steps
- Install Applist Detector to check root
- Install InitrcHider (zygisk version)
- In Magisk configure DenyList with full denying for those company apps (ticks all processes)
- Uninstall Magisk from Settings/ Apps, not directly from Magisk (important!) because if doing it from Magisk then you loose the root
- Check root again with AppList Detector
- Delete company apps data and cache from Settings/ Apps then setup those apps again as new
Thanks for your reply bro
My first issue is that when i try to install shelter or island it starts, loads and restarts automatically bro
Rooted, installed above modules and followed the instruction bro.
Are you sure your Knox works? Samsung Health, Biometrics, Samsung Pass etc?
It looks like you've trouble with Knox.
You can try enable multi user (per default disabled in Samsung) either using Firefds Kit module in Lsposed or edit the build.prop with
#Multi user
fw.max_users=3
fw.show_multiuserui=1
I have attached the screenshots bro. Please check. Yea even i think knox is not working it is tripped and i m using custom rom bro. If i use intune on main profile it says you need to enable encryption and in island profile it is not even registering profile. Samsung pass doesnt work bro...other samsung apps works properly when i use lsposed knox enhancer bro
My knox is tripped too because unlocking bootloader.
I'm using stock ROM with custom kernel rooted with magisk. The phone is still encrypted.
Your case is using a decrypted ROM. You can search in xda flashing custom ROM without decryption.
The official twrp doesn't decrypt the data partition, the biggest catch will be that you will not have the data partition in a twrp backup. But apart from that, twrp will still work for installs and updates and backups og the system and cache partitions.
Use smart switch doing backup in stead.
gsmdb said:
My knox is tripped too because unlocking bootloader.
I'm using stock ROM with custom kernel rooted with magisk. The phone is still encrypted.
Your case is using a decrypted ROM. You can search in xda flashing custom ROM without decryption
Click to expand...
Click to collapse
Can u suggest any rom bro?
MY device is S10, and dont want to use pixel or different rom , want only one ui ported rom bro android 13
gsmdb said:
My knox is tripped too because unlocking bootloader.
I'm using stock ROM with custom kernel rooted with magisk. The phone is still encrypted.
Your case is using a decrypted ROM. You can search in xda flashing custom ROM without decryption.
The official twrp doesn't decrypt the data partition, the biggest catch will be that you will not have the data partition in a twrp backup. But apart from that, twrp will still work for installs and updates and backups og the system and cache partitions.
Use smart switch doing backup in stead.
Click to expand...
Click to collapse
How to do it bro using smart switch
You can still use One UI5.1 ivan_meler custom ROM. Nothing wrong with it.
You must flash stock ROM first to get back encrypted. Set it up until your phone is working.
Flash twrp and get custom ROM on external SD card.
Follow your own process to flash custom ROM with twrp.
In twrp do wipe dalvik and cache as usual. DON'T format Data. Doing it will get your phone decrypted.
Install your custom ROM.
I did it as remembered back to the days with my old s10 with custom ROM android 10.
gsmdb said:
You can still use One UI5.1 ivan_meler custom ROM. Nothing wrong with it.
You must flash stock ROM first to get back encrypted. Set it up until your phone is working.
Flash twrp and get custom ROM on external SD card.
Follow your own process to flash custom ROM with twrp.
In twrp do wipe dalvik and cache as usual. DON'T format Data. Doing it will get your phone decrypted.
Install your custom ROM.
I did it as remembered back to the days with my old s10 with custom ROM android 10.
Click to expand...
Click to collapse
In the official TWRP My SD card shows only 117MB instead of 128GB bro. So i will try adb sideload bro
Probably your SD card is formatted with ExFat which isn't visible in twrp.
Try FAT32 in stead.
{the file is too large for destination} -b cant able to transfer file more than 4gb bro after formatting SD card to FAT32
Bro in island work profile, intune looks like this only bro, I did click in check device settings multiple time bro nothing happens bro but in the main profile I can install and register my device in intune bro and use my company mails and teams bro
You do know how to use island? You can only use one intune app either in main or work profile. Clone or install directly in work profile and uninstall from the main profile.
Did you check the root from work profile with Applist detector? Install Applist Detector in work profile and run.
In my work profile my device settings is registered as unknown, but ok because it does pass all checks from company apps.

Question Youtube on Android Auto with Pixel 7 Pro

Hi, I am trying with various tools like AAAD or harrywt.com Kinginstaller with Carstream etc. Youtube on Android Auto to run, but every attempt ends in the display "No new messages during this ride" inside the car display.
Has anyone here gotten Youtube to run on Android Auto with the Pixel 7 Pro?
WWW-Schizo said:
Hi, I am trying with various tools like AAAD or harrywt.com Kinginstaller with Carstream etc. Youtube on Android Auto to run, but every attempt ends in the display "No new messages during this ride" inside the car display.
Has anyone here gotten Youtube to run on Android Auto with the Pixel 7 Pro?
Click to expand...
Click to collapse
Try fermata auto
Fermata Auto does not appear in the Android Auto list. Also when I install the harrywt.com OnePlus, Realme & Oppo Fermata version, only "Fermata Auto Control" appears in the list, which is senseless.
WWW-Schizo said:
Fermata Auto does not appear in the Android Auto list. Also when I install the harrywt.com OnePlus, Realme & Oppo Fermata version, only "Fermata Auto Control" appears in the list, which is senseless.
Click to expand...
Click to collapse
I'm using it in my car without any problems, you should be able to get it doing a quick Google search.
1. harrywt.com Kinginstaller + Fermata from harrywt.com = don´t appear in the AA list
2. just Fermata from Google Play Store works, but without Youtube in AA
3. Your attached Fermata app do not appear in the AA list, same when i install it with Kinginstaller
Maybe you have an older AA version installed?
acuicultor said:
I'm using it in my car without any problems, you should be able to get it doing a quick Google search.
Click to expand...
Click to collapse
can it be that you use the wired version (with USB cable)?
i use it wireless in my BMW with OS 7
I'm pretty sure the newest version of AA killed it, it's missing from my AA homescreen now and it was just working before I updated
The previous method without root is no longer worked after march update;
It only work if you installed fermata auto before 2023 march
If you are lucky install fermata auto before Google blocked it, dont update the new version of fermata auto or you will lose the magic
The current working method to enable Youtube & Web browser at Android auto required rooted phone & LSPosed installed, The following is the installation steps:
(Ported from https://forum.xda-developers.com/t/...or-android-auto.4079519/page-47#post-88561437 )
1. Rooted phone with Magisk & Enable Zygisk at Magisk settings
2. Install least version of LSPosed with Zygisk & Shamiko
Releases · LSPosed/LSPosed
LSPosed Framework. Contribute to LSPosed/LSPosed development by creating an account on GitHub.
github.com
Release Shamiko v0.7.2 · LSPosed/LSPosed.github.io
0.7.2 Fix a bug causing Zygisk on KernelSU failed to unload Abandon a useless fix leading to more detection Clean service.sh Fix the bug of incorrectly determined as corrupted.
github.com
3. Install King installer 1.3 from Github
Releases · fcaronte/KingInstaller
Porting of KingInstaller get from GitLab by annexhack - fcaronte/KingInstaller
github.com
4. Install Fermata auto via King installer, set as root user
Releases · AndreyPavlenko/Fermata
Contribute to AndreyPavlenko/Fermata development by creating an account on GitHub.
github.com
5. Enable the Fermata auto as a Xposed modules at LSPosed manager, which not showing at app drawer, it existed at notification area
6. After enable the fermata module, Fermata auto will appear at android auto launcher (Remerber enable developer settings & unknown source at android auto)
7. If you want other 3rd party app appear at android auto launcher, install the Android Auto - XLauncher Unlocked
GitHub - Rikj000/Android-Auto-XLauncher-Unlocked: Custom Android Auto launcher, unleash your AA app, unlock more features!
Custom Android Auto launcher, unleash your AA app, unlock more features! - GitHub - Rikj000/Android-Auto-XLauncher-Unlocked: Custom Android Auto launcher, unleash your AA app, unlock more features!
github.com
Just test the above method by myself & work
Hope it will help everyone wanna a good time at car when waiting
My phone: Pixel 7 pro with 2023 may firmware, Android auto 9.4
My car: Mazda 3 2017
Hi ragwing,
i uninstalled everything and installed it new from your sources and exactly using your instructions.
Point 8 is the problem, Fermata Auto do not appear in the AA launcher list, only "Fermata Control" (i installed both, Fermata Auto and Fermata Control)
Pixel 7 Pro
Android 13, security update 5th may 2023
Android Auto 9.4.631624-release
ragwing said:
deleted
Sorry, The method is no longer worked after march update;
Only work before 2023 march
Click to expand...
Click to collapse
OMG Thank you! You saved my future XD
Only one thing: i've followed your tutorial and everything is working but for make fermata auto appear in android auto apps list, i had to enable fermata auto module in xposed, so i don't know how this could work without root
Again thank you very much!
EDIT: just posted this and i've seen that you deleted yours, but it's working (with root as i said) i'm on pixel 7 may update, rooted
Hitman478™ said:
OMG Thank you! You saved my future XD
Only one thing: i've followed your tutorial and everything is working but for make fermata auto appear in android auto apps list, i had to enable fermata auto module in xposed, so i don't know how this could work without root
Again thank you very much!
EDIT: just posted this and i've seen that you deleted yours, but it's working (with root as i said) i'm on pixel 7 may update, rooted
Click to expand...
Click to collapse
Glad to hear about that!
It works because you have LSPosed installed
And fermata auto download from GitHub can be enable as a module at Xposed manager so It can be appeared again at launcher
I´ll wait then until a non-root solution is released.
Please let me know then here in this thread.
Thank you very much in advance.
Well that will never happen. It's blocked intentionally to avoid distracted driving

Categories

Resources