Lenovo ThinkShield Security & bootloader unlock? - General Questions and Answers

Hello,
A couple of days ago, a member of my family wanted to unlock their Motorola Edge 30 Fusion's bootloader, to be able to decrypt the data. They brought it to me, since they knew I had some experience with doing so and because I got their bootloader unlocked Galaxy Note9 working with Netflix in full quality (WideVine L1).
This time around, after unlocking the bootloader, installing Magisk and decrypting the data partition, Netflix (and other DRM software) would fully refuse to work. So I took a LogCat read & a DRM info report and saw this:
SafetyNet BASIC is passed (MagiskHideProps & SafetyNet fix + Zygisk & MagiskHide)
WideVine reported level is L1
However! Logcat reports WVCdm being unable to locate & download a certificate for L1. So I checked /data/vendor/mediadrm and the reported error was correct.
However, there is a certificate for L3, but the phone refuses to fall back to L3 for some reason.
liboemcrypto disabler has been unsuccessful, since, from what I can tell, the phone does not use that library.
These same symptoms occur when the userdata partition is encrypted.
Does anybody have any suggestions? I used the exact same steps to get WideVine L1 on the Galaxy Note9.
My opinion is that it has to do with ThinkShield somehow. Can someone advise, please?
Thank you!

antoniu200 said:
Hello,
A couple of days ago, a member of my family wanted to unlock their Motorola Edge 30 Fusion's bootloader, to be able to decrypt the data. They brought it to me, since they knew I had some experience with doing so and because I got their bootloader unlocked Galaxy Note9 working with Netflix in full quality (WideVine L1).
This time around, after unlocking the bootloader, installing Magisk and decrypting the data partition, Netflix (and other DRM software) would fully refuse to work. So I took a LogCat read & a DRM info report and saw this:
SafetyNet BASIC is passed (MagiskHideProps & SafetyNet fix + Zygisk & MagiskHide)
WideVine reported level is L1
However! Logcat reports WVCdm being unable to locate & download a certificate for L1. So I checked /data/vendor/mediadrm and the reported error was correct.
However, there is a certificate for L3, but the phone refuses to fall back to L3 for some reason.
liboemcrypto disabler has been unsuccessful, since, from what I can tell, the phone does not use that library.
These same symptoms occur when the userdata partition is encrypted.
Does anybody have any suggestions? I used the exact same steps to get WideVine L1 on the Galaxy Note9.
My opinion is that it has to do with ThinkShield somehow. Can someone advise, please?
Thank you!
Click to expand...
Click to collapse
Let's take a step back a moment. You're assuming the SafetyNet attestation is a good measure of the platform integrity - which it no longer is, because it has been replaced by Play Integrity. More information here.
That would be my first step, to ensure the device is passing BASIC and DEVICE attestation.

V0latyle said:
Let's take a step back a moment. You're assuming the SafetyNet attestation is a good measure of the platform integrity - which it no longer is, because it has been replaced by Play Integrity. More information here.
That would be my first step, to ensure the device is passing BASIC and DEVICE attestation.
Click to expand...
Click to collapse
Thank you for your reply!
I didn't know that was a thing. I installed the SafetyNet fix from Displax and BASIC and DEVICE tests are now passed, exception being the STRONG test. However, WideVine still refuses to fall back to L3.

Related

Cannot Fix Device Uncertified

Hello Forum People,
I have my bootloader unlocked, build MHA-L29C432B198, TWRP recovery and I use Magisk v14.5 however I cannot seem to pass SafetyNet with Magisk failing on ctsProfile and basicIntegrity and "SafetyNet Test" (from the Play Store) passing Safety Net Request but failing Response Signature Validation ("Response Payload Validation Failed").
I have a suspicion that this is due to the unlocked bootloader as I have removed Magisk and anything else I think might have tripped SafetyNet but always the same issue.
Can anyone confirm if this is the cause or otherwise and if having my bootloader unlocked is 'causing SafetyNet to fail then is it safe to relock after re-installing Magisk and returning recovery back to stock or is there some kind of work around?
Muchos appreciated in advance!!
It works fine with unlocked bootloader. Check in Playstore - hamburger menu - scroll down - Settings - scroll down - Device certification: can be certified or uncertified.
It's usually uncertified if your firmware is not approved yet by Huawei. And that would make safetynet fail.
What modules are you using? Xposed will also make safetynet fail.
You could try installing the propfix for magisk, found here: https://mega.nz/#!IOAgibSQ!uix7Gku_MY0ETP-zTae03awF_uH_Jgatr1SDEEvw77A
And did you happen to have SuperSU installed prior to Magisk?
ante0 said:
It works fine with unlocked bootloader. Check in Playstore - hamburger menu - scroll down - Settings - scroll down - Device certification: can be certified or uncertified.
It's usually uncertified if your firmware is not approved yet by Huawei. And that would make safetynet fail.
What modules are you using? Xposed will also make safetynet fail.
You could try installing the propfix for magisk, found here: https://mega.nz/#!IOAgibSQ!uix7Gku_MY0ETP-zTae03awF_uH_Jgatr1SDEEvw77A
And did you happen to have SuperSU installed prior to Magisk?
Click to expand...
Click to collapse
I have tried the propfix and that was unsuccessful in my case. Looks like it's because the firmware is uncertified which is confusing since I updated OTA by official means; update manager gave me a notification, I updated.
Is this a likely scenario that it could be uncertified even though they issued the update?
beejkitsune said:
I have tried the propfix and that was unsuccessful in my case. Looks like it's because the firmware is uncertified which is confusing since I updated OTA by official means; update manager gave me a notification, I updated.
Is this a likely scenario that it could be uncertified even though they issued the update?
Click to expand...
Click to collapse
So according to HiSuite I have an official ROM, I have performed a full factory reset and I am still getting uncertified status through Play Store. I cannot understand this as previously everything was working fine, I could use my banking app etc. and then one day everything stopped working and the only thing I can trace it to is this uncertified status.
Can anyone help me at all because short of going to extremes of using FH to rebrand etc I am all out of ideas and not being able to pass SafetyNet is really annoying; I can no longer use my banking app or Android Pay.
beejkitsune said:
So according to HiSuite I have an official ROM, I have performed a full factory reset and I am still getting uncertified status through Play Store. I cannot understand this as previously everything was working fine, I could use my banking app etc. and then one day everything stopped working and the only thing I can trace it to is this uncertified status.
Can anyone help me at all because short of going to extremes of using FH to rebrand etc I am all out of ideas and not being able to pass SafetyNet is really annoying; I can no longer use my banking app or Android Pay.
Click to expand...
Click to collapse
This is infuriating. I cannot seem to fathom why my device would suddenly be unverified.
I have considered locking my bootloader again but with attempts to do that I am given re-locked status. Suggestions, anyone, please?
Sent from my Mate 9 using XDA Labs
beejkitsune said:
This is infuriating. I cannot seem to fathom why my device would suddenly be unverified.
I have considered locking my bootloader again but with attempts to do that I am given re-locked status. Suggestions, anyone, please?
Sent from my Mate 9 using XDA Labs
Click to expand...
Click to collapse
I know my comment comes a little late, but just so you know,
I'm not certified (according to Google play store), and yet I pass SafetyNet. So your problem doesn't seem to be related.
I'm on B197 and Safety Net 14.3, and B197 was also officially pushed to my phone by Huawei.
Surfinette said:
I know my comment comes a little late, but just so you know,
I'm not certified (according to Google play store), and yet I pass SafetyNet. So your problem doesn't seem to be related.
I'm on B197 and Safety Net 14.3, and B197 was also officially pushed to my phone by Huawei.
Click to expand...
Click to collapse
Thanks for the reply. My solution ended up being to. Rebrand and then update to the Oreo release MHA-L29C432 8.0.0.361. Play Store now certified and passing SafetyNet with no issues. I'm still not 100% sure what tripped SafetyNet originally, nothing seems to be consistent with other people's experiences but I have now a resolution albeit not the desired approach, nor solution.

Oneplus with drm level 1 netflix won't work...

I sent my oneplus 5 to get the drm level 1 to be able to stream hd in Netflix . After I got it back I unlocked the bootloader and rooted. The cell was working fine for a few months but now netflix won't open. I get network error 9. I open the logs and it says general drm error. The interesting part is that if I lock the bootloader netflix works fine and the videos are in hd. As soon as I unlock the bootloader and root the device with magisk it stops working. Magisk hide is working properly cause I can download Netflix directly from playstore but the app won't work. I am gonna attached a pic of the logs. Can someone please help? Thanks!
This is part of the log
Hello,
I am also facing the same problem. I also have unlocked bootloader, magisk and xposed installed. I have got DRM level 1 activated on my device.
Pls someone suggest any solution other then unrooting and removing xposed .
deepak549 said:
Hello,
I am also facing the same problem. I also have unlocked bootloader, magisk and xposed installed. I have got DRM level 1 activated on my device.
Pls someone suggest any solution other then unrooting and removing xposed .
Click to expand...
Click to collapse
In my case I don't have xposed. I own another oneplus 5 that works fine with unlocked bootloader and the one with the issue was working fine before. I have no idea what happened.
xestan said:
In my case I don't have xposed. I own another oneplus 5 that works fine with unlocked bootloader and the one with the issue was working fine before. I have no idea what happened.
Click to expand...
Click to collapse
I also had the same problem. I got L1 on my 5T, worked fine for some time but stopped. The will work if you use the magisk module that makes the app thinks the phone is L3 and it will work, or you could use 4.x version of the app and it will work. But with any of those solutions netflix won't play in HD.
I heard that netflix is checking is bootloader is unlocked for L1 and blocking it.
harpin14789 said:
I also had the same problem. I got L1 on my 5T, worked fine for some time but stopped. The will work if you use the magisk module that makes the app thinks the phone is L3 and it will work, or you could use 4.x version of the app and it will work. But with any of those solutions netflix won't play in HD.
I heard that netflix is checking is bootloader is unlocked for L1 and blocking it.
Click to expand...
Click to collapse
If netflix is doing that, is not doing it accross all devices or something cause my other oneplus 5 works perfectly. The workaround I found is install the 4.x version and then after opening that version go and update to the latest one, but as you said it will not be in HD.

Widevine certificate and ROM switch.

Hi,
After unlocking my boot loader SafetyNet pass failed, and some application like Netflix disappeared from the play Store, Fine. My widevine L1 certificate was still valid. and I had been able to install netflix using an APK.
So first question, Is my netflix APK setup allow me to watch FullHD steam ?
Currently My ROM is MIUI Global 12.0.3 Stable, If I switch to any other ROM, I will loose my L1 certificate, correct ?
A MIUI Europe ROM may keep may L1 ?
If I switch back to MIUI Global 12.0.3 Stable I will get my L1 certificate back ?
For now SafetyNet Failed ctsProfile, and evalType is locked to HARDWARE.
I also have a redme Note 9S on which I install pixel experience, an SafetyNet Pass, but my widevine is an L3.
Uriel,
https://forum.xda-developers.com/xi...uide-how-to-pass-safetynet-xiaomi-eu-t4168173
Alvian_P said:
https://forum.xda-developers.com/xi...uide-how-to-pass-safetynet-xiaomi-eu-t4168173
Click to expand...
Click to collapse
Thx, I find this post yesterday in the morning, but I was not able to find it back in the afternoon.
A read it again, and after applying the hardwareoff_1.1 script my SafetyNet switch to basic, and is now passing.
I'm still concern about is Xiaomi.eu will loose my L1 certificate.
lelapinvert said:
Thx, I find this post yesterday in the morning, but I was not able to find it back in the afternoon.
A read it again, and after applying the hardwareoff_1.1 script my SafetyNet switch to basic, and is now passing.
I'm still concern about is Xiaomi.eu will loose my L1 certificate.
Click to expand...
Click to collapse
Make a backup from thr "Persist"-partition and save this on your pc. If you lost your widevine L1 you can flash the persist backup, and L1 will be back.
NEVER flash a persist img from an other user or phone!
You can pull easy the persist.img through terminal emulator or in ofox with the inbuild emulator.
Command is: dd if=/dev/block/bootdevice/by-name/persist of=/sdcard/persist.img
Hi,
I'm currently using Pixel experience on my Poco X3 NFC, my L1 certificate is still valid, and SafetyNet pass in BASIC.
Nice.

Any way to fake a locked bootloader?

I have a (non-essential) app that I can not make to work on my new phone with the following error message:
Integrity check failed
Modifications on your phone have been detected. The app can not be used due to security reasons.
Details: The device is checked for signs of root access, respectively if the bootloader is unlocked. For these checks only local elements are used, no data is submitted to external services.
Click to expand...
Click to collapse
This is on a POCO X3 NFC with unlocked bootloader, custom ROM (ArrowOS 11) with microG (instead of Google Play Services) and stable Magisk (v22.0) with MagiskHide applied to that app. I have also already tried to freeze Magisk with AirFrozen, which is a trick that works on a problematic banking app, but that did not change anything.
The strange thing is, that the same app (and same app version) does not show that error on a OnePlus 6 with unlocked bootloader, custom ROM (LineageOS 16 for microG) and Magisk with MagiskHide applied to that app.
I have no idea what the difference may be any and how this is possible.
Any ideas?
https://github.com/kdrag0n/safetynet-fix check and download from release section if you want
etahamad said:
https://github.com/kdrag0n/safetynet-fix check and download from release section if you want
Click to expand...
Click to collapse
If you are replying to me, it's definitely not a SafetyNet issue, because my devices haven't passed SafetyNet since it stopped working with microG about a year (?) ago.

Question Lenovo TB-J716F: Keeping Widevine L1 when rooting

Hello everyone,
it seems that it's currently not possible to root the Lenovo XiaoXin Pad Pro 2021 (TB-J716F) and keep Widevine L1 at the same time. Once the bootloader is unlocked, the tablet seems to lose Widevine L1 and falls to L3.
As soon as someone finds a way to root the device and not lose L1, please post it in this thread.
Thanks a lot! Have a nice day
HANN1860BAL
I have had some luck with some Magisk modules on my Xiaomi Mi 9T pro which is unlocked, rooted and still has L1. I will post the modules I installed when I get home so you can try it.
EDIT:
Universal safetynet fix by kdrag0n
MagiskHide Props Config by Didgeridoohan
Not sure if it supports this tablet yet but I think there's a way to copy your L1 devices fingerprint and then put it on the rooted/unlocked one.
Thank you, I will check this modules for compatibility. It is hard to get the official ROMs currently, so I'm not going to "try & error" at the moment.
Is it possible to restore L1 on a locked/unrooted device when one doesn't have the original QCN file anymore?
(I did "reset all before download" in QFIL configuration)
Sorry, I didn't try to root so far.

Categories

Resources