SafetyNet CTS False - Xperia Z5 Compact - Magisk

So I finally bit the bullet to install LineageOS 14.1 on my phone, using Magisk and all that but I have looked quite a bit before posting this, and even in that giant thread for the SafetyNet Fix which appears to be abandoned. Surprised no one forked it to continue.. Anyway...
From my research thus far, I'm seeing some moderate success from modifying the build.prop values to an official source perhaps. If I'd known this, I would of probably attempted to get it from the official ROM before I flashed LineageOS on to try and bypass that check. But so far, a few things I have done just simply won't work which is forcing Google Pay to fail working as well.
My experience with modifying the build.prop is pretty much nill. I'm a novice Linux user, but there are certain things I tend to never touch, even on Android. I've not seen anything that was comprehensive as to what specifically edit, and what to change the values to. (this is largely because its device specific usually) Luckily, both the banking apps I use work fine, its just Google Pay I'm having issues with because of the CTS Profile. Basic Integrity passes, so I at least know Magisk is working to some degree.

In a pinch you can use whatever device fingerprint you can get a hold of.
You've done some research, so you might already have seen this:
https://forum.xda-developers.com/showpost.php?p=75489540&postcount=1636
Follow those instructions and you should be good to go. You can use the provided fingerprint in that post, but like you say, it's good to use one for your device (what is your device, by the way). Ask in your device's forum if someone can provide you with a stock fingerprint.

Technically speaking, I already stated my phone which happens to be in the thread title. But I'll ask over there and hope for the best.
Though yes, I did run into that particular post. No guarantee it'll work, but guess I could try it once I get the line I need.

TwinShadow said:
Technically speaking, I already stated my phone which happens to be in the thread title. But I'll ask over there and hope for the best.
Though yes, I did run into that particular post. No guarantee it'll work, but guess I could try it once I get the line I need.
Click to expand...
Click to collapse
Oh yeah... I missed the title, didn't I? :laugh:
If you can pass basic integrity but not the cts profile, most of the times it simply is a matter of using a certified fingerprint. On every single ROM with uncertified fingerprints I've tested, this has been the case. But of course, YMMV...

Kernel Z5c support to safetynet
https://androidfilehost.com/?fid=889764386195916464

Related

Apps that modify SELinux state are now forbidden on Google Play.

From this day onwards, apps that Change state of SELinux are forbidden on Google Play Store. Those, who have such apps, have 14 days to fix violations or their apps will be removed.
Here's example of message from google:
This is a notification that your application, SELinux Mode Changer, with package ID com.mrbimc.selinux, is currently in violation of our developer terms.
…
REASON FOR WARNING: Violation of the dangerous products provision of the Content Policy:
“Don’t transmit or link to… items that may introduce security vulnerabilities to or harm user devices, apps, or personal data.”
After a regular review, we have determined that your app lowers a user’s device security by modifying or disabling SELinux on the device. To ensure a safe user experience for Play users, we have determined that apps with this functionality are noncompliant.
Please remove this functionality from your app within 14 days to achieve policy compliance. Once approved, your application will again be available with all installs, ratings and reviews intact.
This notification also serves as notice for other apps in your catalog. You can avoid further administrative action by immediately ensuring that no other apps in your catalog are in violation of (but not limited to) the above policy. Please also ensure your apps’ compliance with the Developer Distribution Agreement and Content Policy.
All violations are tracked. Additional suspensions of any nature may result in the termination of your developer account, and investigation and possible termination of related Google accounts. If your account is terminated, payments will cease and Google may recover the proceeds of any past sales and/or the cost of any associated fees (such as chargebacks and transaction fees) from you.
If you feel we have made this determination in error -or feel that this functionality has been misinterpreted, please submit an appeal to the Google Play policy team through this Google Play Help Center article.
The Google Play Team
New definition of "dangerous product
Google play content policy
Google play distribution agreement
What are we going to do?
I can confirm this issue as I also received this message by Google-Play some hours ago.
My app is using "setenforce 0" to allow the "mediaserver"-process loading an .SO-file from the /data-partition.
The loaded .SO-file is then using some C-commands to modify the internal audio-routings of the device.
As hereby the "mediaserver"-process is executing the by SELinux blocked commands and not the initial commands executed via "su", the modification by SuperSU doesn't take affect here ("SU-commands are always permissive").
What's the workaround? Modifying/scrambling the "setenforce 0" to not get scanned by Google's bots?
funtax said:
I can confirm this issue as I also received this message by Google-Play some hours ago.
My app is using "setenforce 0" to allow the "mediaserver"-process loading an .SO-file from the /data-partition.
The loaded .SO-file is then using some C-commands to modify the internal audio-routings of the device.
As hereby the "mediaserver"-process is executing the by SELinux blocked commands and not the initial commands executed via "su", the modification by SuperSU doesn't take affect here ("SU-commands are always permissive").
What's the workaround? Modifying/scrambling the "setenforce 0" to not get scanned by Google's bots?
Click to expand...
Click to collapse
Same here. Got 4 emails from Google for same violation. Not exactly if I can bypass this problem by using superSU properly.
jerryfan2000 said:
Same here. Got 4 emails from Google for same violation. Not exactly if I can bypass this problem by using superSU properly.
Click to expand...
Click to collapse
Might I ask you which apps and features are affected?
PhinxApps said:
Might I ask you which apps and features are affected?
Click to expand...
Click to collapse
Button Savior (root). Assistive Zoom, oneClick Scroll. In my app, I create a jar with private API invocation in it and start the jar as a shell command by exec or something that I dont quit remember.
I got the same note, too. Oddly, two selinux mode changer apps are still in Play. Maybe they're less worried about apps that say in the title that they turn off selinux. Or maybe they just haven't got to them?
arpruss said:
I got the same note, too. Oddly, two selinux mode changer apps are still in Play. Maybe they're less worried about apps that say in the title that they turn off selinux. Or maybe they just haven't got to them?
Click to expand...
Click to collapse
Hmm, the e-mail is just a warning.. I think the apps will be removed in 13 days.
The title shouldn't matter, I assume it's just a scanner/grep which they run against eg. the classes.dex and search for "setenforce".
My app doesn't use this command normally, nor is it an app which is used by the 0815-user - it cannot be a human who decides about good/bad
But does this help us in any way?
This zip is just as good if not better. Only problem is is I don't think there's a way to go back and forth between permissive and enforcing. I did not make this trip, I'm not a programmer, and I'm taking no credit for it. I just found it awhile ago and decided to hold onto it.. Going to recovery, flash the zip, presto.
https://mega.co.nz/#!jhgA3Spb!oOS9ru9q5dDfS5V9iHLFXUTiuZVTSbNk1iyrLrq-lus
tmjm28 said:
This zip is just as good if not better. Only problem is is I don't think there's a way to go back and forth between permissive and enforcing. I did not make this trip, I'm not a programmer, and I'm taking no credit for it. I just found it awhile ago and decided to hold onto it.. Going to recovery, flash the zip, presto.
https://mega.co.nz/#!jhgA3Spb!oOS9ru9q5dDfS5V9iHLFXUTiuZVTSbNk1iyrLrq-lus
Click to expand...
Click to collapse
Thanks for sharing!
I fear we cannot tell our (sometimes quite stupid) users "flash a permissive kernel" if it's "in theory" simple to temporary make SELinux permissive by a single command.
funtax said:
Thanks for sharing!
I fear we cannot tell our (sometimes quite stupid) users "flash a permissive kernel" if it's "in theory" simple to temporary make SELinux permissive by a single command.
Click to expand...
Click to collapse
... which isn't possible on bootloader locked (exploit freed) devices
Has anyone an idea how to exactly interprete this message from Google?
I assume they parse the APK for "setenforce" and blame all apps which use it.
I fully understand and confirm Google's decision, no matter that it's realy a pain in the a** for some of us.
So, what are your thoughts about the following:
1. use a crypted version of "setenforce 0" which hopefully bypasses Google's scanners
2. do the modifications you need to do and hope this modifications are still working after enforced-mode is active again (how would a "execmod"-exception perform if the text-relocations have been made while SELinux was off?)
3. now call setenforce again but with "1", to re-renable SELinux
In other words:
1. would SELinux recognize that a text-relocation was made while it was disabled and then activated?
2. would it be ok to temporary disable SELinux but then re-enable it shortly after the required modifications?
@Chainfire: maybe #1 is something you might know due to SuperSU?
Removed setenforce 0 and surprisingly my app is still working. Guess newer superSU can bypass selinux restriction to some level.
jerryfan2000 said:
Removed setenforce 0 and surprisingly my app is still working. Guess newer superSU can bypass selinux restriction to some level.
Click to expand...
Click to collapse
Yes, that's correct. SuperSU sets itself to "permissive" in most times afaik - so if you run your restricted commands via SuperSU, you might not get problems with SELinux.
But if another process/pid is running into issues with SELinux, that won't help you.
To anyone still having to modify the SELinux state I would advice you guys to use the Audit messages.
You might not even need to change SELinux to permissive. It's even mentioned in Chainfire's SU documentation in detail.
Catalyst06 said:
To anyone still having to modify the SELinux state I would advice you guys to use the Audit messages.
You might not even need to change SELinux to permissive. It's even mentioned in Chainfire's SU documentation in detail.
Click to expand...
Click to collapse
This might indeed help some of the devs to adjust their commands to work with SELinux enforced - good hint, pretty sure many users are not familar with that
Ohh.. I must adjust myself: I wasn't aware of the SELinux-patcher. Might be an acceptable workaround?
funtax said:
1. use a crypted version of "setenforce 0" which hopefully bypasses Google's scanners
Click to expand...
Click to collapse
If Google catches this, they may be more tough on you.
I got notices for 3 variants of my Spirit FM apps. Was just a debug/test menu item.
Not needed for my Spirit2 app, but the Spirit1 app did direct access to audio and other devices and won't work on Lollipop otherwise. Not a big deal for Spirit1 really though, because I will likely never release a non-beta compatible with Lollipop.
So I removed the code.
Now I have a tricky issue because I was trying to slowly roll out a new version to KitKat users. So now, 80% of my Lollipop users may still have the "bad" app and I can only fix that by increasing the KK rollout to 100%.
Wonder if Google will kick me at the 14 day mark if I don't go to 100%.
mikereidis said:
Now I have a tricky issue because I was trying to slowly roll out a new version to KitKat users. So now, 80% of my Lollipop users may still have the "bad" app and I can only fix that by increasing the KK rollout to 100%.
Wonder if Google will kick me at the 14 day mark if I don't go to 100%.
Click to expand...
Click to collapse
Any news since? It seems Google pulled the trigger...
Sine. said:
Any news since? It seems Google pulled the trigger...
Click to expand...
Click to collapse
I went to 100% with my rollout just to be on the safe side.
I have had no followup problems. My affected apps are still selling.
Would have been nice for Google to send a "Thank you for co-operating" email.
I am sorry to hear that the SCR Pro developer has had his developer account terminated.
Termination is an EXTREME measure seemingly intended for confirmed malware spreaders.
I think it is VERY rare (if not impossible) to get a terminated account re-instated. I don't recall ever hearing of a re-instatement.
All of us small developers dependent on Google Play for our income are just a few Google mouse clicks away from having our indie careers ended and Google just does not care.
Why are they doing this?
I'm not sure if this is a good decision from Google. I fully understand that this could help to protect users, but in my opinion, a warning on the device would have been enough.
Android should be an open System. A user installing a permissive kernel, or changing a existing one to permissive mode, could be expected to know what she or he is doing.
I have to recompile the kernel for my SM-P605 because it was the only way to get it to work in permissive mode. Without the ability to do the mode switching by app, I have
to do this ugly changes by hand or make them persistent. Without this I'm even not able to do a chroot and run another Linux-distro on such a device. Forcing developers
to bypass such restirctions is the bigger security issue. If I'm not able to do such things, I could just as well buy a device made by apple.
What would a normal Linux user say, if he isn't allowed to get root access or couldn't download programs which don't work on a Kernels not enforcing SELinux.
mame82 said:
I'm not sure if this is a good decision from Google.
Click to expand...
Click to collapse
Google doesn't care.
Android is now dominant, and Google is closing it off, going closed source on the increasingly important Gapps/GMS etc.
Android Auto, TV, Wear, Play, etc. etc: closed source.
DRM will come and Google doesn't want us bypassing it. We already have it in locked bootloaders for non-Nexus.
This likely makes business sense for Google. They are the new Microsoft, not quite as evil perhaps, but getting closer all the time.

Pokemon GO: Bypass SafetyNet directly with Xposed?

Hi everyone,
Google SafetyNet has become a pain in the a** for everyone who want's to play Pokemon GO (fair, no cheating), but can't live without root and Xposed, like me. Bypassing SafetyNet in general is a cat-and-mouse game. Chainfire described the problem very good in his post Hiding root: a losing game.
Well, people look for SafetyNet workarounds for different reasons. Whether it is for Android Pay, Pokemon GO or Snapchat, the approach is always to hide root and Xposed, and let SafetyNet do its job so that it reports back that the device is safe.
I'm thinking about a different approach, (first) only concerning Pokemon GO. What if we could hook the SafetyNet API calls directly in the app using Xposed? This way, SafetyNet's result wouldn't matter, the answer reported back to the app is always set to "everything OK, device is safe" by Xposed.
I know, this is easier said than done. I already took a look at the Pokemon GO source code, but didn't test anything so far. But there's a class called com.nianticlabs.nia.platform.SafetyNetService, containing a method called checkResult, which returns a boolean. Sounds promising (fingerscrossed).
The reason why didn't test anything so far is because I don't know, how SafetyNet works exactly. But could this possibly work? Did someone try out something like this already?
Greetings
I'm hoping for a similar solution. The SnapPrefs Xposed module does something like this I think and works great.
It think, but I may be wrong, that there is some kind of security preventing us from doing that.
PoGo ask to safetyNet if everything is okay, safetyNet responds to the device and sign the response using a private key that will authenticate the response and make sure it has not been modified and is a genuine response.
So without this key, no way to spoof the response.
Again, I may be wrong but I think it works this way.
You might be right. I have never looked at the SnapPrefs*source code so I have no idea how it*works. All I know is that it does a great job of*bypassing SafetyNet...
If*a similar solution could be implemented it would fix a lot of trouble for us players*who just want to keep*root and play the damn game.
Wetzel402 said:
You might be right. I have never looked at the SnapPrefs*source code so I have no idea how it*works. All I know is that it does a great job of*bypassing SafetyNet...
If*a similar solution could be implemented it would fix a lot of trouble for us players*who just want to keep*root and play the damn game.
Click to expand...
Click to collapse
Snapprefs does not bypass safetynet
Sent from my Nexus 6P using XDA Labs
Rakuu said:
Snapprefs does not bypass safetynet
Sent from my Nexus 6P using XDA Labs
Click to expand...
Click to collapse
My rooted phone would not log into SnapChat due to it failing safetynet. After installing the SnapPrefs module and rebooting I was able to log in on the first attempt. I'm not saying it allows safetynet to pass but it is doing something to bypass it. Doing something similar for Pogo may or may not work.
Snapprefs
I now know a bit more about SafetyNet from some very interesting and shocking articles at John Kozyrakis blog [1] [2] [3].
I took a quick look at the Snapprefs source code, but it's very big. I didn't find anything concerning SafetyNet so far.
I don't use Snapchat, so I can't try it out. Wetzel402 says the module works. @Wetzel402, so this means, that Snapchat usually doesn't work with root and Xposed (because of SafetyNet), but with Snapprefs it does?
In theory, my approach from the initial post could work, it depends on the app using SafetyNet. Unfortunately, it most probably won't work for Pokemon GO. The mentioned method checkResult is a pre-step, checking only if SafetyNet communication worked. Evaluation of SafetyNet's result is done in native code, which cannot be hooked by Xposed.
I didn't take a look at Snapchat's source code so far, but if evaluating SafetyNet's result is done in Java, maybe this is hooked by Snapprefs and that's why Snapchat works independent of SafetyNet's result. But this is just an assumption.
I have further ideas. I will try them out and report my results here. Stay tuned.
[1] https://koz.io/inside-safetynet/
[2] https://koz.io/inside-safetynet-2/
[3] https://koz.io/inside-safetynet-3/
Cypher_01 said:
I now know a bit more about SafetyNet from some very interesting and shocking articles at John Kozyrakis blog [1][2][3].
I took a quick look at the Snapprefs source code, but it's very big. I didn't find anything concerning SafetyNet so far.
I don't use Snapchat, so I can't try it out. Wetzel402 says the module works. @Wetzel402, so this means, that Snapchat usually doesn't work with root and Xposed (because of SafetyNet), but with Snapprefs it does?
In theory, my approach from the initial post could work, it depends on the app using SafetyNet. Unfortunately, it most probably won't work for Pokemon GO. The mentioned method checkResult is a pre-step, checking only if SafetyNet communication worked. Evaluation of SafetyNet's result is done in native code, which cannot be hooked by Xposed.
I didn't take a look at Snapchat's source code so far, but if evaluating SafetyNet's result is done in Java, maybe this is hooked by Snapprefs and that's why Snapchat works independent of SafetyNet's result. But this is just an assumption.
I have further ideas. I will try them out and report my results here. Stay tuned.
[1] https://koz.io/inside-safetynet/
[2] https://koz.io/inside-safetynet-2/
[3] https://koz.io/inside-safetynet-3/
Click to expand...
Click to collapse
As far as I know recent Snapchat versions don't check anymore, people have said even with only root they can log in now when they previously couldn't, this may have been what happened.
Sent from my Nexus 6P using XDA Labs
Based on my experience, I have two phones, one rooted and one not. Snapchat*works on*the unrooted one but would fail to log in on the rooted one. After installing*the*SnapPrefs*module I was able to log into Snapchat. I can't confirm if*Snapchat was updated*in the meantime however.
I would*imagine*if*a*future xposed module could spoof the device status to SafetyNet or completely bypass the requesting/response process within PoGo it could be possible.
Wetzel402 said:
Based on my experience, I have two phones, one rooted and one not. Snapchat*works on*the unrooted one but would fail to log in on the rooted one. After installing*the*SnapPrefs*module I was able to log into Snapchat. I can't confirm if*Snapchat was updated*in the meantime however.
I would*imagine*if*a*future xposed module could spoof the device status to SafetyNet or completely bypass the requesting/response process within PoGo it could be possible.
Click to expand...
Click to collapse
Could you do us a favor? Simply deactivate Snapprefs in Xposed installer and reboot. If you can login, Snapchat has been updated to that effect. If you can't login, Snapprefs does the job.
Cypher_01 said:
Could you do us a favor? Simply deactivate Snapprefs in Xposed installer and reboot. If you can login, Snapchat has been updated to that effect. If you can't login, Snapprefs does the job.
Click to expand...
Click to collapse
That seems...too...simple
Alright, I did the following...
Signed out of Snapchat
Disabled Snapprefs
Uninstalled Snapchat
Reboot
Reinstalled Snapchat
Logged in successfully
Enabled Snapprefs
Based on this experiment the Snapchat app was, in fact, updated so that it no longer is checking for root/xposed in the manner it once was...
Wetzel402 said:
That seems...too...simple
Click to expand...
Click to collapse
Wetzel402 said:
Alright, I did the following...
Signed out of Snapchat
Disabled Snapprefs
Uninstalled Snapchat
Reboot
Reinstalled Snapchat
Logged in successfully
Enabled Snapprefs
Based on this experiment the Snapchat app was, in fact, updated so that it no longer is checking for root/xposed in the manner it once was...
Click to expand...
Click to collapse
OK, in a way, that's not good, at least it means that we cannot learn anything from Snapprefs.
Cypher_01 said:
OK, in a way, that's not good, at least it means that we cannot learn anything from Snapprefs.
Click to expand...
Click to collapse
Agreed. This is disappointing because I was hoping we could learn something from the Snapprefs source code.

is the magisk safe?

Hello!
Is the magisk safe to use, or will i get banned in netflix/google account etc?
Thank you for any answer regarding my issue
That depends on what you mean by safe.
You are unlocking your bootloader and modding your device when installing Magisk, so you are in some ways making your device less safe against certain kinds of things (like if someone gets physical access to your device, etc).
Many apps look for modifications and a rooted device and won't work if they detect it. That's where MagiskHide comes in and can hide Magisk from most detection methods. Google is stepping things up though and they have briefly showed us that they are on the way to implement proper key attestation in the SafetyNet CTS profile check. That is not something that Magisk will be able to hide from and as soon as that is implemented properly there is nothing we will be able to do.
So far you shouldn't be worried about getting banned (most of the time), but some services will not work if they can detect root. Netflix is one of them, Google Pay, banking apps, some games, etc. Some services might ban you (maybe Snapchat), but as far as I've seen those are in the minority.
Another aspect of being safe is that you should be careful with what apps you allow to have superuser access. With su, an app/service can wreck all kinds of havoc...
There's a lot to be said on this subject and I'm sure others will join in. If you search around a bit you can find lots of info on pros and cons of having an unlocked booloader, rooting, modding your device, etc.
Overall I'd say yes, the Magisk is safe. The Magisk and the modules that are available, much like the hammer and sickle, has the ability to be abused by the users when used for other purposes outside of its scope.
It's not malware either, if that's what you meant.
it is safe if you are know what you doing

com.adobe.ims.accountaccess (Adobe Account Access) seems to detect Magisk, even while hidden.

H! So I am actually unsure where to post this..
Here's hoping you can figure something out and not be mad at me if this is the wrong place to post this.
Initially, i was going to post this as a Bug report on Github. However, I figured this was not correct.
Technically speaking this also isn't really an issue with magisk itself, more that adobe might have found a way to circumvent magisk anti detection methods.
In short: The App "Adobe Account Access" (com.adobe.ims.accountaccess on the play store: https://play.google.com/store/apps/details?id=com.adobe.ims.accountaccess) seems to have found a way to detect magisk and/or root, even though root detection is hidden in magisk.
The App just displays a prompt, saying "Device not supported. Sorry, your phone is not supported for Adobe Account Access.", even though the device used should be supported.
I checked with adobe community support on whether my Phone is supported or not and according to them, it should indeed be supported: https://community.adobe.com/t5/acco...-access-app-device-not-supported/m-p/11696613
I suspect they have found a way to get around all magisk anti detection methods and i would be grateful if someone would be kind enough to check if there is a workaround or if magisk's detection prevention needs an update.
Unfortunately, i don't have much more to say other than that..
There aren't any magisk log entries that would indicate something went wrong (only entries mentioning the app are"i" loglevel, one coming from hide_list_add and one coming from proc_monitor).
I could not find anything out of the ordinary in the logcat, although i suppose i could be more thorough with my search.
My technical/general info would be:
Magisk Version used: 22.0 (22000) (18)
SafetyNet integrity: Both basicIntegrity AND ctsProfile = pass; evalType = BASIC
ROM used: OxygenOS 10.0.11.GM21BA
Android version: 10
Device name: OnePlus 7 Pro
"Adobe Account Access" App version: 1.6
+++ Please feel free to ask for any additional info in case I missed it +++
Thanks in advance for any productive suggestion!
When does it display this "device not supported" message? I tested just now and could log in and set everything up without even adding the app to the Hide list, and with the Magisk app unhidden.
Didgeridoohan said:
When does it display this "device not supported" message? I tested just now and could log in and set everything up without even adding the app to the Hide list.
Click to expand...
Click to collapse
Oh? That is peculiar.. Damn, that implies an issue somewhere else i reckon ://
It displays it immediately after launching the app. The very first screen..
What phone and which OS (/ROM) are you using? Might just be that my phone is genuinely not supported and the folks over at the adobe community forum lied when saying my phone should be compatible..
Also, which android version are you on if you don't mind me asking?
You don't have any modules installed? No edxposed or lsposed, or magisk modules?
Have you tried root detection apps like Root Beer Fresh to see if indeed the app is unable to detect root? If you try any such app, remember to add it to the Magisk Hide list beforehand, otherwise the app will clearly detect root.
It's a OnePlus 3T with Android 9 ArrowOS. As stated above, it could very well be a module, like EdXposed. Or a root app, or a file or folder on your device, or something completely different.
It's not detecting Magisk at least, that's for sure...
General root hiding tips:
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Hiding_root_from_apps
@Barrel Titor
Samsung Galaxy S7 Custom 9.0 Pie, Magisk 22 root with random name, application without hiding works fine.
Hi all!
First of all: Apologies! I meant to respond sooner to this, but work has kept me occupied and the one time I actually was available, XDA Forums went down into maintenance mode..
Secondly: Sorry for maybe jumping the gun here a bit!
It does look like I should have tested this issue a bit more! I am definitely going to keep on trying to fix this on my own using the resources and methods you have suggested!
I have tested com.adobe.ims.accountaccess on my sisters unrooted OnePlus Nord.. It works fine there, which is really confusing. None of the other apps I am using show this sort of issue :c Not even my banking app!
@mario0318 Thanks for your suggestion! I know it is good practice to remove/disable all your modules. However, none of the modules I have currently installed are particularly large and they certainly do not modify much compared to what is possible. I am going to attach a list to this response, however I am also going to try disabling them one by one and see if I can find the culprit! Unfortunately, I will not be able to disable the "Google Dialer Framework" module, since it causes the device to bootloop if the google dialer app is still present.
Here is a list of all the modules I have installed and enabled at the moment:
Spoiler
App Systemizer (Terminal Emulator)
Busybox for Android NDK
Google Dialer Framework
Looki75 Product Sans font
Systemless Hosts
ViPER4ANDROID FX
Honourable mentions (these modules are completely DISABLED):
Spoiler
Riru
Riru - EdXposed
However, please note again that SafetyNet seems to be INTACT, with "basicIntegrity" and "ctsProfile" still passing and "evalType" being "BASIC".
In any case. Thanks to everyone for their contribution! I really appreciate any suggestion!
Edit: @mario0318 right after I posted this message, I went ahead and gave "RootbeerFresh" a shot. It does not detect root when it is hidden from it. This makes my leading theory to be that the app truly does not support OnePlus 7 Pro devices. Wouldn't know why it doesn't support this model in particular though. Until I either unroot or find someone with the same device, willing to install Adobe Account Access, i can't say for sure though.
Barrel Titor said:
Hi all!
First of all: Apologies! I meant to respond sooner to this, but work has kept me occupied and the one time I actually was available, XDA Forums went down into maintenance mode..
Secondly: Sorry for maybe jumping the gun here a bit!
It does look like I should have tested this issue a bit more! I am definitely going to keep on trying to fix this on my own using the resources and methods you have suggested!
I have tested com.adobe.ims.accountaccess on my sisters unrooted OnePlus Nord.. It works fine there, which is really confusing. None of the other apps I am using show this sort of issue :c Not even my banking app!
@mario0318 Thanks for your suggestion! I know it is good practice to remove/disable all your modules. However, none of the modules I have currently installed are particularly large and they certainly do not modify much compared to what is possible. I am going to attach a list to this response, however I am also going to try disabling them one by one and see if I can find the culprit! Unfortunately, I will not be able to disable the "Google Dialer Framework" module, since it causes the device to bootloop if the google dialer app is still present.
Here is a list of all the modules I have installed and enabled at the moment:
Spoiler
App Systemizer (Terminal Emulator)
Busybox for Android NDK
Google Dialer Framework
Looki75 Product Sans font
Systemless Hosts
ViPER4ANDROID FX
Honourable mentions (these modules are completely DISABLED):
Spoiler
Riru
Riru - EdXposed
However, please note again that SafetyNet seems to be INTACT, with "basicIntegrity" and "ctsProfile" still passing and "evalType" being "BASIC".
In any case. Thanks to everyone for their contribution! I really appreciate any suggestion!
Edit: @mario0318 right after I posted this message, I went ahead and gave "RootbeerFresh" a shot. It does not detect root when it is hidden from it. This makes my leading theory to be that the app truly does not support OnePlus 7 Pro devices. Wouldn't know why it doesn't support this model in particular though. Until I either unroot or find someone with the same device, willing to install Adobe Account Access, i can't say for sure though.
Click to expand...
Click to collapse
So upon Google searching "oneplus 7 pro adobe account access" it appears to be a common problem.
mario0318 said:
So upon Google searching "oneplus 7 pro adobe account access" it appears to be a common problem.
Click to expand...
Click to collapse
I cannot find any results using this search term on google other than my own post on the adobe community forums.. This one: https://community.adobe.com/t5/acco...access-app-device-not-supported/td-p/11695914
@mario0318 do you happen to know a way to somehow "pretend" to the app that i am in fact using a different phone? Something that would allow me to make the app believe it is running on a different device?
Barrel Titor said:
@mario0318 do you happen to know a way to somehow "pretend" to the app that i am in fact using a different phone? Something that would allow me to make the app believe it is running on a different device?
Click to expand...
Click to collapse
Well, the well known magisk module MHPC or Magisk Hide Props Config comes to mind. You can change device fingerprints and maybe also give the Device Simulation feature a go, or custom edit any range of configurable props.
You could do so without the module editing the build.props yourself. Or if you stick with edxposed and deal with not having magisk manager's hide enabled, perhaps any of the device spoofers on the xposed repo could fool the app. Or Sudohide if you set Adobe app to hide from any and all apps that are root relevant. May also consider removing directories in your internal and removable storage for things like TWRP or PBRP, Titanium Backup, xposes, etc, you know, things that a simple media scan looking for any sign of root apps might pick up.
But for now, I'd give MHPC a try and change device fingerprint and maybe enable device simulation if simple fingerprint change doesn't work.
I'm having the same issue on a rooted OnePlus 8T
Same for me on op7 pro. Hiding with somiko but Adobe still not working. Nor could I bypass square, it notes root when it pairs Bluetooth

Question Magisk/Root procedure for 5a 5G?

Hey all,
I purchased my new 5a after seeing various headlines about how the Google Dialer would allow you to opt in to automatic call recording. That's incredibly helpful for my job, and a major reason why I've kept my OnePlus 6 for the past few years, but now the battery is barely getting through half the day.
It looks like Google is restricting auto calls to outside the US, which sucks because I live in a one-party consent state and always ask for permission to record.
Magisk could be the answer since it has a few modules for other Pixels to get auto call recording. However, do we know if we can apply the same method for Magisking the 5 to the 5a? I figure it may carry over because these two devices are so similar in specs and software, but I'd like to make sure before getting into the process.
Yes, you can. See screenshot of my rooted 5a. I have the JP version but there's no reason why it shouldn't work on the US version too.
Ehikes said:
Hey all,
I purchased my new 5a after seeing various headlines about how the Google Dialer would allow you to opt in to automatic call recording. That's incredibly helpful for my job, and a major reason why I've kept my OnePlus 6 for the past few years, but now the battery is barely getting through half the day.
It looks like Google is restricting auto calls to outside the US, which sucks because I live in a one-party consent state and always ask for permission to record.
Magisk could be the answer since it has a few modules for other Pixels to get auto call recording. However, do we know if we can apply the same method for Magisking the 5 to the 5a? I figure it may carry over because these two devices are so similar in specs and software, but I'd like to make sure before getting into the process.
Click to expand...
Click to collapse
Go to Settings -> About Phone. At the bottom is your build number. Go to https://developers.google.com/android/images and download the image that matches your version, probably .007.
Extract boot.img from it and adb push it to /sdcard. Have magisk patch that and save it. adb pull that patched boot.img and make sure you have OEM Unlock enabled in Developer Options. After confirming that, reboot to fastboot and run 'fastboot flashing unlock'. This will likely wipe your phone. Once that's done, reboot back into fastboot and run 'fastboot flash boot <local path to patched boot.img>' Now you have magisk installed. You can also install LSPosed and XPrivacyLua if you want to tinker with that or the Universal SafetyNet Fix at: https://github.com/kdrag0n/safetynet-fix/releases. Just download 1.2.0 and adb push it to your phone and have magisk install it.
himom said:
Go to Settings -> About Phone. At the bottom is your build number. Go to https://developers.google.com/android/images and download the image that matches your version, probably .007.
Extract boot.img from it and adb push it to /sdcard. Have magisk patch that and save it. adb pull that patched boot.img and make sure you have OEM Unlock enabled in Developer Options. After confirming that, reboot to fastboot and run 'fastboot flashing unlock'. This will likely wipe your phone. Once that's done, reboot back into fastboot and run 'fastboot flash boot <local path to patched boot.img>' Now you have magisk installed. You can also install LSPosed and XPrivacyLua if you want to tinker with that or the Universal SafetyNet Fix at: https://github.com/kdrag0n/safetynet-fix/releases. Just download 1.2.0 and adb push it to your phone and have magisk install it.
Click to expand...
Click to collapse
So I actually did this a couple days ago with the universal safetynet fix. Ipassed safetynet on magisk but googlepay doesnt work. Does googlepay work for you?
exile1ck said:
So I actually did this a couple days ago with the universal safetynet fix. Ipassed safetynet on magisk but googlepay doesnt work. Does googlepay work for you?
Click to expand...
Click to collapse
I haven't had a chance to try it yet. I have the card added but I've yet to pay with it. Maybe later today I'll give it a whirl.
It doesn't look like there are valid device fingerprints for the 5a yet in MagiskHide Props Config, so I'm not sure how you're able to pass basic ctsProfile checks.
I've rooted and have installed the universal safetynet fix, but until there is a 5a fingerprint, I'm not sure how I can pass safetynet.
nsoult said:
It doesn't look like there are valid device fingerprints for the 5a yet in MagiskHide Props Config, so I'm not sure how you're able to pass basic ctsProfile checks.
I've rooted and have installed the universal safetynet fix, but until there is a 5a fingerprint, I'm not sure how I can pass safetynet.
Click to expand...
Click to collapse
isnt the magiskhide project coming to an end though?
exile1ck said:
isnt the magiskhide project coming to an end though?
Click to expand...
Click to collapse
yes. There will be another program that comes along. The main dev for Magisk got hired by google, so...
I have a Pixel 2 XL. It's rooted on Android 10 still. I never even upgraded to Android 11 because by the time it came out I was already sick of dealing with the rooting updates. I don't care what anybody here says it's always a pain in the ass. It takes 3 to 4 hours to get everything set back up right after rooting. The time to back up everything before you start has to be considered. And when things go wrong you spend a whole weekend making them right. I don't have time for it anymore.
I most enjoy my EX kernels ability that allows me to sweep to sleep the display. I love this because it's handy and makes it so my screen off button (power button) is basically never used. It never fails this way. This means I never have to tear my phone apart to replace mechanical components.
I enjoy adaway. I enjoy YouTube vanced. I enjoy viper for Android. I enjoy substratum. I enjoy button mapper. I really, really enjoy Tulsa divers pixel launcher mods that allow me to make the buttons on the screen smaller to give me more screen real estate, but I think that hasn't been available since Android 11. You can no longer modify button icons from what I understand. I don't know if this is still true. I know there are rootless versions of substratum and the YouTube advanced, but when I last read about them years ago they were limited as compared to the root versions.
I leaned towards root being basically worthless, not worth the time, and more of a pain in the ass for a basic user who's not a developer. If I get the Pixel 5a or the Pixel 6 is rooting still worth it in 2021? Are there any rootless versions of the things I've mentioned here that would satisfy all my likes and needs I've mentioned here on Android 12 on a Pixel 5A or Pixel 6?
in case anyone cares, magiskhide props config module was updated recently and I was able to use it to force basic attuestation, so my 5a is now passing safetynet checks.
Schroeder09 said:
I have a Pixel 2 XL. It's rooted on Android 10 still. I never even upgraded to Android 11 because by the time it came out I was already sick of dealing with the rooting updates. I don't care what anybody here says it's always a pain in the ass. It takes 3 to 4 hours to get everything set back up right after rooting. The time to back up everything before you start has to be considered. And when things go wrong you spend a whole weekend making them right. I don't have time for it anymore.
I most enjoy my EX kernels ability that allows me to sweep to sleep the display. I love this because it's handy and makes it so my screen off button (power button) is basically never used. It never fails this way. This means I never have to tear my phone apart to replace mechanical components.
I enjoy adaway. I enjoy YouTube vanced. I enjoy viper for Android. I enjoy substratum. I enjoy button mapper. I really, really enjoy Tulsa divers pixel launcher mods that allow me to make the buttons on the screen smaller to give me more screen real estate, but I think that hasn't been available since Android 11. You can no longer modify button icons from what I understand. I don't know if this is still true. I know there are rootless versions of substratum and the YouTube advanced, but when I last read about them years ago they were limited as compared to the root versions.
I leaned towards root being basically worthless, not worth the time, and more of a pain in the ass for a basic user who's not a developer. If I get the Pixel 5a or the Pixel 6 is rooting still worth it in 2021? Are there any rootless versions of the things I've mentioned here that would satisfy all my likes and needs I've mentioned here on Android 12 on a Pixel 5A or Pixel 6?
Click to expand...
Click to collapse
I cannot live without YouTube Vanced or Viper4Android, and I have found no alternative. Magisk rooting is pretty easy though, so I don't think it's that much of a hassle.
nsoult said:
in case anyone cares, magiskhide props config module was updated recently and I was able to use it to force basic attuestation, so my 5a is now passing safetynet checks.
Click to expand...
Click to collapse
Wow holy you're right it is super recent, thanks for the update.
Schroeder09 said:
I have a Pixel 2 XL. It's rooted on Android 10 still. I never even upgraded to Android 11 because by the time it came out I was already sick of dealing with the rooting updates. I don't care what anybody here says it's always a pain in the ass. It takes 3 to 4 hours to get everything set back up right after rooting. The time to back up everything before you start has to be considered. And when things go wrong you spend a whole weekend making them right. I don't have time for it anymore.
I most enjoy my EX kernels ability that allows me to sweep to sleep the display. I love this because it's handy and makes it so my screen off button (power button) is basically never used. It never fails this way. This means I never have to tear my phone apart to replace mechanical components.
I enjoy adaway. I enjoy YouTube vanced. I enjoy viper for Android. I enjoy substratum. I enjoy button mapper. I really, really enjoy Tulsa divers pixel launcher mods that allow me to make the buttons on the screen smaller to give me more screen real estate, but I think that hasn't been available since Android 11. You can no longer modify button icons from what I understand. I don't know if this is still true. I know there are rootless versions of substratum and the YouTube advanced, but when I last read about them years ago they were limited as compared to the root versions.
I leaned towards root being basically worthless, not worth the time, and more of a pain in the ass for a basic user who's not a developer. If I get the Pixel 5a or the Pixel 6 is rooting still worth it in 2021? Are there any rootless versions of the things I've mentioned here that would satisfy all my likes and needs I've mentioned here on Android 12 on a Pixel 5A or Pixel 6?
Click to expand...
Click to collapse
My portfolio of root 'enjoys' differs a bit by overall ROI sentiment around rooting is similar. I stopped after Pie and never looked back. Much of what previously required root can now be accomplished via other means. I do miss being master of my gizmos but there are bigger fish to fry in the world of worries.
Adblock?
peikojose said:
Adblock?
Click to expand...
Click to collapse
This is a non-root version of AdAway I take it?
Schroeder09 said:
This is a non-root version of AdAway I take it?
Click to expand...
Click to collapse
Most "adblocking" programs are standalone, in the case of android, Adblock has its own browser. Some other browsers that do that are like Brave. However they obviously only work within the application, AdAway does hosts file level blocking so it works throughout the entire OS, so this worked really pleasantly for me from those stupid pop-up ads or the ones that take up quarter of the screen on some apps.
liberatorx3 said:
Most "adblocking" programs are standalone, in the case of android, Adblock has its own browser. Some other browsers that do that are like Brave. However they obviously only work within the application, AdAway does hosts file level blocking so it works throughout the entire OS, so this worked really pleasantly for me from those stupid pop-up ads or the ones that take up quarter of the screen on some apps.
Click to expand...
Click to collapse
I never realized brave blocked ads. It's the browser I use. I thought it just blocked third party tracking cookies or something that happen in the background. The ads I notice that are blocked are the broken link ads blocked by AdAway.
When i started rooting I got AdAway just because of the hype and mentions I saw all the time. I didn't see what the big deal was but figured since I was rooted I might as well get all the benefits for the hard work. I have bought in at this point. Going to some sites on my work phone is a real pain. The bombardment of ads is NUTS. Some sites are unusable. This isn't a problem on my rooted p2xl with AdAway.
My camera just failed though. When I replaced it and the battery a couple nights ago I cracked the screen. It isn't shattered beyond use or anything. In fact I don't think most would even notice unless I pointed it out. I still think I'm going to be going to the 5a or p6 pro based on the reviews that I start to see after a couple months' use for each of these two variants.
If someone could figure out a smooth way to do updates and stay rooted without having to hook up to a PC and spend 3 hours doing it id never think about leaving root. It's a PITA though.
Schroeder09 said:
I never realized brave blocked ads. It's the browser I use. I thought it just blocked third party tracking cookies or something that happen in the background. The ads I notice that are blocked are the broken link ads blocked by AdAway.
When i started rooting I got AdAway just because of the hype and mentions I saw all the time. I didn't see what the big deal was but figured since I was rooted I might as well get all the benefits for the hard work. I have bought in at this point. Going to some sites on my work phone is a real pain. The bombardment of ads is NUTS. Some sites are unusable. This isn't a problem on my rooted p2xl with AdAway.
My camera just failed though. When I replaced it and the battery a couple nights ago I cracked the screen. It isn't shattered beyond use or anything. In fact I don't think most would even notice unless I pointed it out. I still think I'm going to be going to the 5a or p6 pro based on the reviews that I start to see after a couple months' use for each of these two variants.
If someone could figure out a smooth way to do updates and stay rooted without having to hook up to a PC and spend 3 hours doing it id never think about leaving root. It's a PITA though.
Click to expand...
Click to collapse
Do you root with Magisk? It's definitely a lot easier now. https://topjohnwu.github.io/Magisk/ota.html
Doing updates and staying rooted was a PITA for me too, I ended up just never updating haha. In fact, my P2 is still running some old custom 9.1 version.
liberatorx3 said:
Do you root with Magisk? It's definitely a lot easier now. https://topjohnwu.github.io/Magisk/ota.html
Doing updates and staying rooted was a PITA for me too, I ended up just never updating haha. In fact, my P2 is still running some old custom 9.1 version.
Click to expand...
Click to collapse
Yes. I use magisk, and that's exactly what I did. I have yet to (never will on this phone anymore) update to android 11 because I KNEW such a big OS change would leave my phone broken for days. One of the big things I like on my phone is Tulsa divers modified button bar icons and making the bar a lot smaller, so it uses less screen real estate. When 11 came out I read that the icons couldn't be modified. Not sure if that's correct. It's been too long. Regardless, I just stopped updating because of the potential for a bad couple days, and even when things went well I never wanted to spend the 3-4 hrs to back the phone up and get everything just like it was before after booting back up into the new update.
It's easier to update and root now than it was when I had to download the update, open it, remove "-w" from the flashall.bat file, flash twrp, flash magisk, and then re-install all the modules or the ones that were messed up or inactive from the update?
This is my process, ymmv:
I keep my os, etc stock. I run mostly the latest updates, however, there have been times I have skipped a few monthlies.
step 1: go to google's developers site to download the latest factory image.
step 2: unzip, extract boot.img, adb push it to my phone
step 3: edit either the .bat file or the .sh file depending on whether I'm using windows or wsl2, remove the -w
step 4: reboot into fastboot, execute .bat or .sh
step 5: reboot, open magisk, patch boot.img that I pushed in step 2, adb pull patched boot to computer
step 6: reboot into fastboot, run `fastboot flash boot [patched image file name]`, repeat command for boot_a or boot_b
step 7: reboot, verify in magisk that root is ok
pretty simple, I think, and only takes like 10 minutes of my time. I don't see it as burdensome, but I'm not sure how the future it going to look - the steps described above was my process for my old pixel 4xl, so with magisk's developer working for google now, I'm not sure this will continue to be as easy if I want to continue to keep safetynet checks working on my pixel 5a.
Schroeder09 said:
Yes. I use magisk, and that's exactly what I did. I have yet to (never will on this phone anymore) update to android 11 because I KNEW such a big OS change would leave my phone broken for days. One of the big things I like on my phone is Tulsa divers modified button bar icons and making the bar a lot smaller, so it uses less screen real estate. When 11 came out I read that the icons couldn't be modified. Not sure if that's correct. It's been too long. Regardless, I just stopped updating because of the potential for a bad couple days, and even when things went well I never wanted to spend the 3-4 hrs to back the phone up and get everything just like it was before after booting back up into the new update.
It's easier to update and root now than it was when I had to download the update, open it, remove "-w" from the flashall.bat file, flash twrp, flash magisk, and then re-install all the modules or the ones that were messed up or inactive from the update?
Click to expand...
Click to collapse
Are you talking about these navbar Icons? I converted them to vector files and they still work for me (i'm on Android 12-Pixel 4XL). I'm probably going to get one of the Pixel 6 phones. I was going to hold out until the punch hole camera went instead to "under the screen" but my Pixel 3XL died and I no longer have a backup phone.

Categories

Resources