The boot-loader is unlocked on my ROG 5. I had it rooted with magisk till very recently, however, I gave up root during last firmware update. Perhaps it wasn't a good idea! Since then, Google Play has been saying "Device is not certified". (Obviously, I need a certified device for GPay.)
Is it a must to have root & magisk when boot-loader is unlocked to overcome this problem? Thanks.
(I'm worried about re-locking the boot-loader because of potentially losing the ability to unlock it in the future again. So my preference is to leave it unlocked.)
nexusnerdgeek said:
The boot-loader is unlocked on my ROG 5. I had it rooted with magisk till very recently, however, I gave up root during last firmware update. Perhaps it wasn't a good idea! Since then, Google Play has been saying "Device is not certified". (Obviously, I need a certified device for GPay.)
Is it a must to have root & magisk when boot-loader is unlocked to overcome this problem? Thanks.
(I'm worried about re-locking the boot-loader because of potentially losing the ability to unlock it in the future again. So my preference is to leave it unlocked.)
Click to expand...
Click to collapse
Unlocked Bootloaders will always fail SafetyNet.
Magisk, Kdragon module is the only resort here.
Locking Bootloader is also a solution, but a big no - if you plan to root it later.
Thanks JazonX, I've once again gone through the painful process of activating it all. Long story short, things are working again . I've learnt my lesson (to retain root over a firmware update).
I had before unlocked bootloader after i did recovery and locked it , i got certified google play , as i read you have numerous times to unlock the bootloader
Related
XDA today published an article about a vulnerability in the OnePlus 6 bootloader that allows the booting of a custom boot.img image without unlocking the bootloader. This is of course a huge security risk but I'm sure OnePlus will patch it in an upcoming update. In the mean time, let's have some fun!
Back in the good old days of the Nexus 4, it was possible to install an app that would write boot config data to the device from userland, with root, to toggle the bootloader between the locked and unlocked states. The object of this post? Do this as a community for the OnePlus 6!
Why do this?
There are two major gains to being able to do this:
Security: once a device is rooted we'd be able to re-lock the bootloader to prevent tampering or unauthorised images from being booted whilst keeping the perks of being rooted
Netflix HD: Widevine L1 keys aren't accessible when the Bootloader is unlocked. This way, we may be able to get our Widevine keys accessible again to get HD Netflix with root
I attempted to reverse some of the bootloader on my own a few weeks back but didn't have much luck. With this vulnerability, my thoughts are that we could dump the data partitions with a locked device (that is exploited using this trick) and compare them with an unlocked device. This might give us the magic data that the bootloader uses to determine whether a device is locked or unlocked. Then, in theory, we should be able to toggle this data from userland. The only caveat to this is that I don't know whether the unlock state is stored somewhere in the TrustZone or if it is written to the flash like they did back in the Nexus days.
I honestly have no idea whether this will work, but surely it's worth a shot? Just for reference, I recommend we look at diffing following partitions before and after locking:
param
sec
sti
ssd
frp
config
misc
We should also, to ensure there is no confusion, stick to OOS 5.1.5 stock + Magisk for root. Images of the above partitions can be obtained using dd.
If anybody has any further tips on bootloaders that either proves that this won't work, or perhaps can suggest other places this lock data could be stored, please do let me know!
NB: getting this data will involve at least one full data wipe of the phone so it might take time to dump the data, switch lock state then dump it again.
I also strongly suspect that we might hit the issue of Android Verified Boot noticing that the device is locked (but has a modified boot image when rooted). This would depend on whether the Android security checks are implemented as per the Android Verified Boot specification.
Who's in?
Couldn't you just hide Netflix HD from root detection in Magisk?
dgunn said:
Couldn't you just hide Netflix HD from root detection in Magisk?
Click to expand...
Click to collapse
No. With an unlocked bootloader the device is switched to Widevine level 3 instead of level 1. This means no HD playback in Netflix (and I believe Amazon) regardless of Magisk hide status. This may be the new normal for all unlocked devices with the Qualcomm SD 845 or newer.
blackthund3r;76765953[* said:
Security: once a device is rooted we'd be able to re-lock the bootloader to prevent tampering or unauthorised images from being booted whilst keeping the perks of being rooted
Click to expand...
Click to collapse
Are you sure about this? On Nexus 4 days Android didn't check at boot that all partitions were correct in order to boot, since some version ago it does (DM-verity). Are you sure you can re-lock the phone with root (system or boot modified) and still boot normally to userspace?
RusherDude said:
Are you sure about this? On Nexus 4 days Android didn't check at boot that all partitions were correct in order to boot, since some version ago it does (DM-verity). Are you sure you can re-lock the phone with root (system or boot modified) and still boot normally to userspace?
Click to expand...
Click to collapse
Well, I can confirm that with SafetyNet test passing, and Magisk hide enabled for Netflix, I can not get HD streaming.
This is highly interesting. I will be following that threat constantly. Thanks for opening that discussion.
So does this vulnerability allow flashing or booting of TWRP through fastboot without unlocking the bootloader. I am interested in keeping Netflix HD and gaining root access, but don't want to brick the device. I know that under normal circumstances you always unlock the bootloader before flashing any mods, but was curious of some devs thoughts on it.
Interesting read. You can root the device without unlocked bootloader
https://www.androidcentral.com/oneplus-6-bootloader-vulnerability-lets-anyone-access-your-phone?amp
the question is can we keep opened this feature and force to be opened.
Unfortunately oneplus bootloader doesn‘t support EIO mode,so it can't be boot if anything modified.
akaHardison said:
Unfortunately oneplus bootloader doesn‘t support EIO mode,so it can't be boot if anything modified.
Click to expand...
Click to collapse
Not true booted a magisk patched boot image and installed some modules
Is there Maby another methode to root hold safety net for widevine lv3
---------- Post added at 06:28 PM ---------- Previous post was at 06:23 PM ----------
joemossjr said:
Not true booted a magisk patched boot image and installed some modules
Click to expand...
Click to collapse
And did you also installed magisk to the boot img?!
Widevine L1 + V4A would make me very happy. Perhaps we should add a financial incentive like a bug bounty? I would certainly contribute some loot for this noble cause!
Since some people with OP5s and OP5Ts sent there phone to OP for L1 with the bootloader unlocked, I wonder if OP would consider offering a similar service. Even if it wasn't completely free I would probably do it unless it required re-locking the bootloader...
I have been root and flash kernel my pixel 3 before, but I want use google pay, so I flash factory img to my pixel 3.
But i use google pay it is still doesn't working. Is cause i root before?
Have you re-locked the bootloader? An unlocked bootloader will cause Google Pay to not work on stock firmware.
JujuYuki said:
Have you re-locked the bootloader? An unlocked bootloader will cause Google Pay to not work on stock firmware.
Click to expand...
Click to collapse
Is it a good practice to relock the bootloader after root? I though it will reenable signature checks and brick the phone?
Pakabidu said:
Is it a good practice to relock the bootloader after root? I though it will reenable signature checks and brick the phone?
Click to expand...
Click to collapse
If you flashed the factory image you're stock and not rooted, right? But yes you shouldn't lock the bootloader again after modifications. You can relock it after flashing factory image from google though if you fon't flash anything else and don't modify it. That's also the only way to get google pay to work without root and Magisk hide.
Also, as long as you don't untick "enable oem unlocking" in developper settings, you can still unlock if it bricks, as long as you have fastboot access. So if you happened to brick by relocking, just unlocking again (and flashing if needed) would solve it anyway.
JujuYuki said:
If you flashed the factory image you're stock and not rooted, right? But yes you shouldn't lock the bootloader again after modifications. You can relock it after flashing factory image from google though if you fon't flash anything else and don't modify it. That's also the only way to get google pay to work without root and Magisk hide.
Also, as long as you don't untick "enable oem unlocking" in developper settings, you can still unlock if it bricks, as long as you have fastboot access. So if you happened to brick by relocking, just unlocking again (and flashing if needed) would solve it anyway.
Click to expand...
Click to collapse
Thanks man, I'm thinking i have to re lock my phone now, or just wait new magisk can hide google pay.
Awesome how google sells a phone that is unlockable and easily rootable, but then blocks a service to the device. Luckily, where I am google pay is not an option, but I sympathize with you all.
Edemilorhea said:
I have been root and flash kernel my pixel 3 before, but I want use google pay, so I flash factory img to my pixel 3.
But i use google pay it is still doesn't working. Is cause i root before?
Click to expand...
Click to collapse
There is a ton of information on the Magisk page about running Google Pay on an unlocked/rooted device. I use it on both a Pixel 3 and Pixel 3 XL. Locking your bootloader is not necessary right now.
https://forum.xda-developers.com/apps/magisk/magisk-google-pay-gms-17-1-22-pie-t3929950
this works.
Followed instructions and edited db and rebooted. Works great in Android 10 on Pixel 3. Thanks for this. I was wondering why wouldn't work on my new phone. So dumb to lock this down.
So I sold my s8+ g955fd seexynos to this guy for a really good price.
My s8+ was rooted with magisk and bootloader was unlocked.
But this guys wants it unrooted and wants the bootloader to be locked so that he can have the ota updates working. And if I fail to do so (which I am at the moment), I would have to return the money (which I dont want to).
I tried flashing stock rom (latest from Sammobile) from the scratch with Odin but still when I check with Intercept X app, it says bootloader unlocked. and I checked in developer options too, the oem unlock is greyed out and set to off and says "bootloader is already unlocked".
Could someone please guide me with working steps please? I am good with flashing and stuff.
I tried searching the s8+ forum but couldn't find anything helpful.
Need urgent help. :foldedhands:
Edit 1: now the OEM unlock is gone from developers options after flashing magisk again :scared:
Edit 2: After uninstalling magisk from magisk manager app
, phone went to bootloop. So I flashed stock rom "bl,ap,cp,csc" with odin again and the greyed out oem unlock is back with status "bootloader is already unlocked"
Any hint guys?
Just a hint would be enough!
Its a one way process from what I understand.
Anybody will want it locked because without it locked you cant use Knox or any of the payment apps that depend on Knox.
I could be wrong but this is what I feel.
RonChinoy said:
Its a one way process from what I understand.
Anybody will want it locked because without it locked you cant use Knox or any of the payment apps that depend on Knox.
I could be wrong but this is what I feel.
Click to expand...
Click to collapse
Already figured it out. I am sure that guy doesn't care about knox, but does care about ota updates
Just to preface, I'm not a total noob when it comes to android, but I'm definitely not savvy or knowledgeable in any way either.
I purchased a Motorola p50 a while ago from a seller on Aliexpress, and when booting the phone I get a message saying that the bootloader is unlocked. Going into the developer settings shows the OEM unlock option is in the off position, greyed out and with a message saying that the bootloader is already unlocked. However, booting into fastboot and running 'fastboot oem lock' gives me an error message telling me to enable unlocking in the developer options... which I can't do, because it's greyed out. Running 'fastboot oem unlock' tells me that the bootloader is already unlocked. From what I can tell the phone is running the stock android 10 motorola ROM, and I would like to lock the bootloader so that I can use google pay, as the phone supports NFC.
According to settings, the model is "motorola one vision", the hardware version is PVT, the SKU is XT1970-5 and the software channel is 'retcn'
Any help on how I can lock the bootloader, or even just get google pay working would be greatly appreciated.
There exists many threads on xda about this issue and it all boils down to this: your Bootloader thinks you're running modified software, hence locking it will hard brick your device (at least there is a possibility). According to the above linked thread, here's what you can do to troubleshoot this (in order of what could work):
Factory reset your device from Settings. (Relocking will erase your data anyways, Backup is advised)
Flash The Stock Firmware and attempt the lock process again.
Flash Magisk and enable Magisk Hide (this one is dangerous, since a modified boot.img while relocking can hard brick your device as well, do it at your own risk!!!)
Pass Safetynet check by flashing latest Magisk canary, enabling Magisk Hide and flashing this Universal Safetynet fix.
Step 4 is what I would do if I were you, however, advising people on the internet to root in order to solve this problem is not very wise, hence it being the last step.
Alright, I might give the last one a go since I don't know what the stock firmware for the phone is supposed to be. Thanks a lot for your help
Update: after attempting to install magisk with little success, I eventually found a single russian article that solved the issues I was having with magisk. I installed that plugin you linked, and success! Google pay now works without issue. Your help is greatly appreciated
Not sure if it's possible to re-lock the Bootloader without loosing all data.
As more and more apps stopped working with some 'security warning' and finding it more and more difficult to run certain banking and other applications I decided to 'unroot' my Poco F2 Pro.
But, too bad, some Apps still complain about 'security issues' or explicitly about the unlocked bootloader - but now there is no MAGISK Hide or similar to 'cheat the system'
But, even worse, according to many posts in various forums locking the BL will erase all data.
Any idea if it's possible?
Thanks!
Tiemichael said:
Not sure if it's possible to re-lock the Bootloader without loosing all data.
As more and more apps stopped working with some 'security warning' and finding it more and more difficult to run certain banking and other applications I decided to 'unroot' my Poco F2 Pro.
But, too bad, some Apps still complain about 'security issues' or explicitly about the unlocked bootloader - but now there is no MAGISK Hide or similar to 'cheat the system'
But, even worse, according to many posts in various forums locking the BL will erase all data.
Any idea if it's possible?
Thanks!
Click to expand...
Click to collapse
Not possible.
Install a Xiaomi EU rom Certified play store without root.
https://xiaomi.eu/community/
Thanks!
I just saw a post saying it's possible here ... but I don't want to risk loosing my data
Tiemichael said:
Thanks!
I just saw a post saying it's possible here ... but I don't want to risk loosing my data
Click to expand...
Click to collapse
Unroot the phone before flashing rom.
Phone is unrooted and updated with latest Stock, so I want to re-lock the BL.
As too many apps fail working with Magisk installed, and it's a constant search for work-arounds, I decided to stay unrooted. But many apps still fail because of the unlocked BL
Tiemichael said:
Phone is unrooted and updated with latest Stock, so I want to re-lock the BL.
As too many apps fail working with Magisk installed, and it's a constant search for work-arounds, I decided to stay unrooted. But many apps still fail because of the unlocked BL
Click to expand...
Click to collapse
That's why https://xiaomi.eu/community/
Sorry, I am lost ...
what's so special about https://xiaomi.eu/community/? How will it help me?
Tiemichael said:
Sorry, I am lost ...
what's so special about https://xiaomi.eu/community/? How will it help me?
Click to expand...
Click to collapse
You can flash without losing data(use update scrip in the zip rom or twrp) and have a working phone(certified) without locking the bootloader and these roms are better than stock(choice between android 11 or 12).
Got it! Thanks!
Tiemichael said:
Not sure if it's possible to re-lock the Bootloader without loosing all data.
As more and more apps stopped working with some 'security warning' and finding it more and more difficult to run certain banking and other applications I decided to 'unroot' my Poco F2 Pro.
But, too bad, some Apps still complain about 'security issues' or explicitly about the unlocked bootloader - but now there is no MAGISK Hide or similar to 'cheat the system'
But, even worse, according to many posts in various forums locking the BL will erase all data.
Any idea if it's possible?
Thanks!
Click to expand...
Click to collapse
This thread will tell you how to set up Magisk to keep the security conscious apps happy.
[Discussion] Magisk - The Age of Zygisk.
This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com
No it's not possible to re-lock the bootloader without losing your data.
Installing a Xiaomi.eu ROM will still have things complain about an unlocked bootloader, so isn't much of a solution.
try use latest Magisk (24.3) activate zygisk and set deny list all apps that cause problem..
plus install module safetynet-fix 2.2.1 ..