Stock MIUI flash (from MiFlash) gives me ctsprofile False - Redmi K20 Pro / Xiaomi Mi 9T Pro Questions & Answe

I was having trouble getting cts profile = true on Pixel Experience ROMs and someone gave me a vbmeta to flash...now I have ctsprofile - true on Pixel Experience ROMS but even after doing a full stock flash on MiFlash, stock MIUI gives me ctsprofile - FALSE...Any ideas on how I can fix this issues,? Thanks in advance!

Because you have a unlocked bootloader lol. Good custom roms like PE and eu.miui do some sweet trickery to fix this. Only way to fix is relock bootloader on stock rom or root and use magisk hide and see how Google is feeling today.

hoopsnake said:
Because you have a unlocked bootloader lol. Good custom roms like PE and eu.miui do some sweet trickery to fix this. Only way to fix is relock bootloader on stock rom or root and use magisk hide and see how Google is feeling today.
Click to expand...
Click to collapse
As far as I know, this is untrue, as before, i switched from PE to MIUI and still had SafetyNet check out. This time, I flashed a patched VBMeta someone sent me though, which could have caused the issue.

There's too many variables involved, was this before March? What build? What did you wipe in twrp? Root?
Having a unlocked bootloader on all devices on stock rom as of March fails safetynet end of story.
"John Wu has shared more details on the change on Twitter. He confirms that MagiskHide will continue to conceal root, but it might soon not hide the fact that your bootloader is unlocked anymore, since that's what SafetyNet checks for. Other than that, he expands on why he doesn't see a way around Google's new implementation"

hoopsnake said:
There's too many variables involved, was this before March? What build? What did you wipe in twrp? Root?
Having a unlocked bootloader on all devices on stock rom as of March fails safetynet end of story.
"John Wu has shared more details on the change on Twitter. He confirms that MagiskHide will continue to conceal root, but it might soon not hide the fact that your bootloader is unlocked anymore, since that's what SafetyNet checks for. Other than that, he expands on why he doesn't see a way around Google's new implementation"
Click to expand...
Click to collapse
Nope, got this phone only in April...I wiped everything in TWRP. The thing that changed is when I tried to boot PE and got DMVERIFY issues and couldnt get past the Mi boot screen, installed a patched VBMeta and now PE has CTSPROFILE TRUE and MIUI doesn't

I reflashed stock and locked my bootloader and as was said before, it now has ctsprofile true. Sadly, now anytime i unlock my bootloader, cts fails.

You shouldn't need to do that, PE boots fine without DM Verity, disable force encryption and vbmeta. All you do is format data, reboot recovery, wipe everything then immediately flash rom and reboot. Anyway when you flash fastboot rom vbmeta is replaced, I wouldn't mess around with that. The Google cts fix is coming very soon it'll fail on all custom roms so if it's that important for you then stock recovery locked bootloader is the only way.

Related

oos 4.0.3 rooted - but can't rid of dm-verity and bootload unlocked warnings

oos 4.0.3 rooted - but can't rid of dm-verity and bootload unlocked warnings.
Any help to remove this nagging warning would be appreciated.
-Thanks.
And by the way, besides the irritating warnings, what are the real implications of having this two situations? thanks.
That's the point of these warnings, to let you know that your device is compromited. There is no official way to turn them off.
You would think that if someone stole your phone, you wouldn't want them to know about any vulnerabilities by simply turning it off and rebooting...
Bootloader warning is going to remain there as long as your bootloader is unlocked. The dm-verity comes from allowing the system partition to be modifiable. There's a flashable script you can use, or you can run a couple of commands through fastboot:
fastboot oem disable_dm_verity
fastboot oem enable_dm_verity
That just make the verity problem go away.
tzbigworm said:
Bootloader warning is going to remain there as long as your bootloader is unlocked. The dm-verity comes from allowing the system partition to be modifiable. There's a flashable script you can use, or you can run a couple of commands through fastboot:
fastboot oem disable_dm_verity
fastboot oem enable_dm_verity
That just make the verity problem go away.
Click to expand...
Click to collapse
The script no longer works on OOS 4.0.3. The command was patched out due to the "security flaw".
Wow so neither of those are usable on 4.0.3 now?
Nope, you're stuck with the dm-verity message at boot now, in addition to the bootloader unlocked message. There is apparently a way to replace the OOS 4.0.3 fastboot commands with those from OOS 4.0.2 to remove the message, but mixing system components from different versions is pretty dangerous. It works for now, thought who knows what'll happen if you try it on future updates.
So flashing a kernel/supersu doesn't work anymore, either, to get rid of dm_verity?
tzbigworm said:
So flashing a kernel/supersu doesn't work anymore, either, to get rid of dm_verity?
Click to expand...
Click to collapse
Those still work. The fastboot commands don't work anymore since the update.
Sent from my OnePlus 3T using XDA Labs
I am rooted with SuperSU and have the latest Franco kernel installed, yet the dm-verity message still persists on boot.
Can someone explain what dm-verity is and how it affects us? Sorry for my ignorance.
SlimJ87D said:
Can someone explain what dm-verity is and how it affects us? Sorry for my ignorance.
Click to expand...
Click to collapse
TL;DR Dm-verity is a security feature that was flawed before OOS 4.0.3. Oneplus fixed it with the latest update, but it means that we can't get rid of an annoying message on boot.
DM-verity is an optional security feature in linux (therefore android). When initially activated, it essentially remembers the state of your phone's integral system files. If at any point after enabling, something changes in the critical system files, it will assume that something has gone wrong (for example, malware with root access) and prevent the phone from booting. The critical system files that it checks aren't the normal system files for your ROM, but rather important files in the boot partition, where an average user would generally not have access to.
Enabling certain features in TWRP will modify some of these monitored files, causing dm-verity to suspect malware and prevent the phone from booting. Rooting your phone after making these modifications can prevent dm-verity from bricking your phone, but it still trips the alert, resulting in an annoying, but harmless message at boot. Another method of circumventing dm-verity is to deactivate it and reactivate it, whereby it would assume your modified partitions is the default version. This was how people got rid of the boot message before, as dm-verity wouldn't be able to detect any changes. Being able to deactivate and reactive dm-verity is a security flaw though, as a feature like this would be pointless if any attacker could just turn it off with a fastboot command. This is why Oneplus patched out the commands.
Most people who install custom recoveries are likely going to root their phones anyways, so it's not going to affect the phone's functionality if dm-verity is tripped. The main gripe I have with it is that now there's a second warning message at boot (after the unlocked bootloader message), which, to be honest, is at most a mild inconvenience.
Delete
https://forum.xda-developers.com/oneplus-3t/how-to/fix-dm-verity-warning-final-fix-4-0-3-t3555094
I have the problem of not being able to disable dm-verity on my 3T since 4.0.3, but it's made for a much bigger problem than the "popup" on boot, I now cannot pass SafetyNet (for Android Pay), if I flash back to Sultan CM13, or LOS14.1 (with 4.0.2 firmware and disable and reenable dm verity) it works fine, but even flashing the 4.0.2 firmware and doing the disable enable stuff, SafetyNet still doesn't pass, which is a nightmare.
Anova's Origin said:
I am rooted with SuperSU and have the latest Franco kernel installed, yet the dm-verity message still persists on boot.
Click to expand...
Click to collapse
Can you please start the file you used to root?
ddaharu said:
Can you please start the file you used to root?
Click to expand...
Click to collapse
It was the one included in the OnePlus 3/3T toolkit (v4.5U). I tried rooting with the one on chainfire's website a while back when I was on OOS 4.0.2, but I kept getting stuck in a bootloop. The one from the toolkit worked fine while I was using it.
Anova's Origin said:
It was the one included in the OnePlus 3/3T toolkit (v4.5U). I tried rooting with the one on chainfire's website a while back which I was on OOS 4.0.2, but I kept getting stuck in a bootloop. The one from the toolkit worked fine while I was using it.
Click to expand...
Click to collapse
Hmmmmm. I don't have a pc..... I'll look to see if I can find another. Thanks bro
You can use this one https://forum.xda-developers.com/oneplus-3t/how-to/fix-dm-verity-warning-final-fix-4-0-3-t3555094
I suggest you to use chainfire SuperSU to get root..I personally use this .I also tried phh superuser but it's not working properly so use SuperSU

locked boot loader but safety net tripped

Hi,
At a given point I had AEX 5.2 working beautifully with Magisk passing safety net. Updated to AEX 5.3 and when flashing Magisk 16 again it did not install (Error 7). From that point it went downhill. I tried prior versions of Magisk to no avail, same error 1. Tried flashing TWRP backups and nothing (boot loops). After oh so many hours I decided to use Qfil to go back to stock 1.9. I don´t know what went wrong because the process in Qfil ended successfully but my phone ended Hard Bricked. Long story short, using this trick I could deep flash the phone and bring it back to stock 1.9104 st CN with locked boot loader.
At that point I thought that the phone was as good as new, and spent many more hours trying stock ZUI Oreo, but could not make Google services to work properly, so I Qfiled it again to stock 1.9 with locked bootloader. I then went the custom way again and installed AEX 5.3. After some more hours setting up everything, when I tried to set up my bank app, it complained about the phone being rooted, which was absolutely not the case. I checked Root Checker and it showed that indeed I was not rooted but Safety Net was tripped.
Once more I went back to 1.9 with locked bootloader and installed Root Checker. The result is the same, Safety Net is tripped despite all.
Some more background:
All custom rom flashes done after wiping Dalvik, Cache, System and Data.
TWRP 3.1.2.0
Do you guys know what is happening?
Any tip on how to pass Safety net under current circumstances?
Thanks in advance
####EDIT
Being in stock 1.9 locked bootloader, I updated through OTAs up to version 2.5.462 ST. Now Root Checker (Kshark´s) shows safety net passed.
Thing is that I don´t want to stay in ZUI.
My questions remain, I want to have a custom rom (AEX is the best so far for me) systemless rooted passing safety net as I once had.
Can you guys point out why I haven´t been able to get there, or what I am doing wrong?
hello, i have z2 pro with Reseller International ROM, bootloader locked. For install ZUI 1.9 stock rom, i unlock bootloader before install zui 1.9???
complete guide
mlkj5002 said:
hello, i have z2 pro with Reseller International ROM, bootloader locked. For install ZUI 1.9 stock rom, i unlock bootloader before install zui 1.9???
Click to expand...
Click to collapse
here is the complete guide so you can lock and reset everything including stock partitions and do all OTA
https://www.youtube.com/watch?v=PueflsvgyBw

Doubt about Xposed and A/B partition devices

I have a doubt about xposed systems on A/B partitions, for if anyone knows about this (maybe Pixel users):
Let's say you have your full setup on any slot rocking it (let's say huge modifications like xposed & maybe others (twrp, magisk/supersu, custom kernel, etc) on slot A) and suddently an OTA comes and flashes new full stock rom version on slot B and tries to run it succesfully on next reboot. And suddently after the reboot you find yourself on the updated new stock version on slot B without xposed (and without twrp&others too) in a clean instalation.
Now in this scenario..
a) slot A (which should have the xposed system you were rocking before the OTA and the succesfull slot change) is untouched or it is ruined with a copy from slot B after the succesfull boot??
b) if slot A survived untouched, can you just do a "fastboot --set-active=a" command and just reboot into the xposed system like before the OTA, or this doesnt work after the OTA and is ruined in some way?
c) if b) works (it should right.. right?), will the system try do download the OTA again asap you boot the old version on the slot A?
d) there's any way to block the Update Engine from updating, for example to wait till xposed is adapted for new version. For us Xposed users, waiting till new xposed version comes is a mantra that we have to do, and if we can't block OTAs or just undo what the Update Engine does... we're screwed?
Anyone on this scenario? I'm considering getting an A/B phone but this thing looks like a headache for anyone who likes to flash stuff and specially xposed.. since everything else you can reflash it on the new version mostly in a matter of hours/few days, xposed takes months to adapt.
I'd be glad if any Pixel xposed user could shed light onto those questions.
Thanks!
Noone seriously?
I have p2xl. I am not sure how a/b slots work for sure.
What I do know is that I have turned off automatic automatic updates under developer settings. I manually flash the stock ota image from google via twrp. Then reflssh twrp, custom kernel, and then magisk, the m ahisk installer has an Xposed built for magisk.
I usually just check google ota domtime around the 5th or 6th of each month.
smartymcfly said:
I have p2xl. I am not sure how a/b slots work for sure.
What I do know is that I have turned off automatic automatic updates under developer settings. I manually flash the stock ota image from google via twrp. Then reflssh twrp, custom kernel, and then magisk, the m ahisk installer has an Xposed built for magisk.
I usually just check google ota domtime around the 5th or 6th of each month.
Click to expand...
Click to collapse
Interesting, so if you disable automatic updates, you never turned on the phone and found a clean installation without xposed and such?
thanks!
RusherDude said:
Interesting, so if you disable automatic updates, you never turned on the phone and dounf a clean installation without xposed and such?
thanks!
Click to expand...
Click to collapse
If there is an update, it sends me a notification to ask if I want to update. And because xposed is installed I do not think it can actually follow through with the update on it's own because it breaks google's safetynet.
The only time I have turned on my phone and found it without magisk and root and xposed was when I 1st turned it on, and one time I had to do a factory restore when I did unlock bootloader because I also had to send another command that is only on pixel 2xl that to unlock_critical in addition to it. That is it.
smartymcfly said:
If there is an update, it sends me a notification to ask if I want to update. And because xposed is installed I do not think it can actually follow through with the update on it's own because it breaks google's safetynet.
The only time I have turned on my phone and found it without magisk and root and xposed was when I 1st turned it on, and one time I had to do a factory restore when I did unlock bootloader because I also had to send another command that is only on pixel 2xl that to unlock_critical in addition to it. That is it.
Click to expand...
Click to collapse
Awesome to hear
Btw, I don't think it would have a problem updating even if xposed is installing, normally the problem with incremental OTAs are if partitions are touched or not, and unlocking bootloader per se already breaks safetynet but OTAs can be installed, so safetynet is ignored, and in this A/B layout stuff would probably just be flashed on the other slot like if it had happened in the background. This is an interesting question if anyone knows it.

Bootloader lock or hide

Hi,
I hope somebody can give me a hint.
I just got a used p20 pro with open bootloader but stock rom.
Unfortunately the Google security check has some "problems" with this situation and doesn't allow me to use several apps like Netflix, Google pay, etc.
So I'm looking for a way to easily fix this problem, the phone will be used by my parents.
Either lock the bootloader or "hide" it probably.
But how - I don't have the bootloader code - and I'm not too much into android rooting...
Usefull hints are appreciated.
Merry xmas
Mounty
You're on thin ice my pedigree chum..
Avoid flashing anything that would allow a block of any kind which is an absolute reality.
Having used absolutely every ROM and OS from 8.1 to 10
My advice. Flash AOSIP and then ask in thread to get safety net working.
Literally nothing else it worth your time.
Unless you're strange and like EMUI.
In such case, stuck with stock.
Just be aware you're in a position that a lot of people would kill for.
Google have done some **** stuff to make people who have unlocked bootloader a nightmare. I don't think there is a way to hide it unless you use Magisk
mounty77 said:
the phone will be used by my parents.
Click to expand...
Click to collapse
If they are not some kind of advanced users, unlocked bootloader has exactly 0 added value for them. Search the forum for flushing methods, the ones that will warn you that this method re-locks the bootloader, flush the latest stock ROM for your region and live a happy and calm life.
As a suggestion.. Use Magisk with Safety patch and you're done. You can keep the bootloader unlocked and still bypass google restrictions. (Install apps like netflix, etc.)
My phone is on 9.0.1.328 and works fine.
Horayken said:
As a suggestion.. Use Magisk with Safety patch and you're done. You can keep the bootloader unlocked and still bypass google restrictions. (Install apps like netflix, etc.)
My phone is on 9.0.1.328 and works fine.
Click to expand...
Click to collapse
Hi,
Thx so far, I think I'll try the magisk thing.
Are there any downsides on this? Will Ota updates still work?
I already downloaded and installed magisk manager, but I was not able to install magisk via magisk manager.
I downloaded the zip file and tried to install it.
But I only got the attached error.
I think I have to patch something?!
Any advise?
Thx
Mounty
mounty77 said:
Hi,
Thx so far, I think I'll try the magisk thing.
Are there any downsides on this? Will Ota updates still work?
I already downloaded and installed magisk manager, but I was not able to install magisk via magisk manager.
I downloaded the zip file and tried to install it.
But I only got the attached error.
I think I have to patch something?!
Any advise?
Thx
Mounty
Click to expand...
Click to collapse
You need to patch the ramdisk recovery file with magisk, flash it and you are good to go. It's a 5 min procedure. Let me know if you need more help with that.
This way you will hide your unlocked bootloader and you will pass safetynet.
Only downside is that if there is an ota update you will need to flash the original ramdisk recovery, do the ota and then do ramdisk recovery file patch again.
If you lock the bootloader then you won't be able to unlock it again as you won't have the code (unless you got the code from the previous owner too).
abyssq said:
You need to patch the ramdisk recovery file with magisk, flash it and you are good to go. It's a 5 min procedure. Let me know if you need more help with that.
This way you will hide your unlocked bootloader and you will pass safetynet.
Only downside is that if there is an ota update you will need to flash the original ramdisk recovery, do the ota and then do ramdisk recovery file patch again.
If you lock the bootloader then you won't be able to unlock it again as you won't have the code (unless you got the code from the previous owner too).
Click to expand...
Click to collapse
Hi,
thx for your offer/advise. I’ll try this way - it sounds most promising to me.
Can I do this on the mobile only, or do I need a pc?
Where / How do I find the ramdisk recovery?
BL Lock
I can lock (yes, lock) your bootloader for free.
Contact me at Telegram (@AntiEngineer), you don't need to open up your device.
abyssq said:
You need to patch the ramdisk recovery file with magisk, flash it and you are good to go. It's a 5 min procedure. Let me know if you need more help with that.
This way you will hide your unlocked bootloader and you will pass safetynet.
Only downside is that if there is an ota update you will need to flash the original ramdisk recovery, do the ota and then do ramdisk recovery file patch again.
If you lock the bootloader then you won't be able to unlock it again as you won't have the code (unless you got the code from the previous owner too).
Click to expand...
Click to collapse
Hi,
unfortionatly I wasn´t sucessfull till now.
At https://openkirin.net/ is a very usefull description availaible but I´m still searching for the RAMDISK Extract. I found that database where you can donwload several versions, but mine wasn´t provided there
https://pro-teammt.ru/en/online-firmware-database/
My Version is:
CLT-L29
10.0.0.138 (C432E3R1P3log)
Anybody knows where I can download that`?
Best regards
mounty
@mounty77
You are on Android 10 Beta?
Root on Android 10 Beta not working for me.
You are on Android 10 Beta?
Root on Android 10 Beta not working for me.
Click to expand...
Click to collapse
No Root, just unlocked bootloader... I want to hide the unlock of the bootloader
mounty77 said:
No Root, just unlocked bootloader... I want to hide the unlock of the bootloader
Click to expand...
Click to collapse
Installing a "RECOVERY_RAMDIS.img" patched with Magisk is rooting the phone.
I´m fine if i have to root it to hide the open bootloader

Passing SafetyNet on unlocked Bootloader, but without ROOT/Magisk?

Hello,
I have an unlocked bootloader, and SafetyNet 1st test (CTS Props) fails. Have someone found a way to solve this, but without Magisk/root?
I currently have a stock 9.6 version (which is the oldest I could find) installed, but would not mind to flash to any other version, including custom ROMs.. as long as I can make SafetNet works with bootloader unlocked.
On a side note, is there any custom ROM that flashes this phone to Android 6?
Thanks.
(And yes, I already used Search, but they all talk about Magisk).
I have not heard of any other means (for our phone) to hide unlocked bootloader form SafetyNet checking service, except Magisk with "Magisk Hide" option on.
If you are afraid of root: just do not grant root rights to any applications.
If you are afraid to tamper phone, just do not install any Magisk Modules (but, for example, using embedded "Systemless Host" module and a file manager with root rights I can avoid 99% of ads to my phone copying meaningful "hosts" file to /data/adb/modules/hosts/system/etc without tampering system and raising no problems with OTAs);
If you are afraid to loose ability of OTAs, just patch boot.img on phone, thus saving stock /boot image for "uninstalling Magisk", and do not tamper /system.
Note: since March, 2020, security updates Google can bypass Magisk Hide tricks at their will at any moment, and if they enforce this security rule, those who need SafetyNet would be forced to lock phones until Magisk developers could find a way to bypass Google's bypasses. It is like "armor vs shell" big game of XIX century.
If Google goes ahead with what it is considering, most of us will be in despair. In plain words Magisk, as it stands, will be able to hide root but not the unlocked bootloader status. So CTS / device integrity will fail.....
Yes, that's how I see it too. If Google enforces new "unlocked state" checks, those of us who do not want to lock (due to buggy OTAs from Xiaomy) and still want to use MiA2 and SafetyNet, will either have to "freeze" at a stock ROM version tricked to pass checks, or look towards a custom ROM and also freeze it, and thus live without security updates.
Khep said:
Hello,
I have an unlocked bootloader, and SafetyNet 1st test (CTS Props) fails. Have someone found a way to solve this, but without Magisk/root?
I currently have a stock 9.6 version (which is the oldest I could find) installed, but would not mind to flash to any other version, including custom ROMs.. as long as I can make SafetNet works with bootloader unlocked.
On a side note, is there any custom ROM that flashes this phone to Android 6?
Thanks.
(And yes, I already used Search, but they all talk about Magisk).
Click to expand...
Click to collapse
you can not flash android 6
if you dont want root why unlock your bootloader ?
just lock your bootloader using fastboot ( it is silly unless you are going to flash custom stuff )
* if it is to enable camera API2 there are methods without unlocked bootloader
**like others have told yoy and as you have read you can bypass it for now using Magisk
---------- Post added at 10:44 PM ---------- Previous post was at 10:43 PM ----------
Khep said:
Hello,
I have an unlocked bootloader, and SafetyNet 1st test (CTS Props) fails. Have someone found a way to solve this, but without Magisk/root?
I currently have a stock 9.6 version (which is the oldest I could find) installed, but would not mind to flash to any other version, including custom ROMs.. as long as I can make SafetNet works with bootloader unlocked.
On a side note, is there any custom ROM that flashes this phone to Android 6?
Thanks.
(And yes, I already used Search, but they all talk about Magisk).
Click to expand...
Click to collapse
you can not flash android 6
if you dont want root why unlock your bootloader ?
just lock your bootloader using fastboot ( it is silly unless you are going to flash custom stuff )
* if it is to enable camera API2 there are methods without unlocked bootloader
**like others have told yoy and as you have read you can bypass it for now using Magisk
the lowest version you can downgrade to is Oreo ....
Update: With new EdXposed 0.4.6.3 (4537)-YAHFA module for Magisk 20.4 I have fully passing SafetyNet checks under Android 10 again.
Just do not forget to switch on Magisk Hide and include into EdXposedManager BlackList:
- Google Pay Services and Google Pay - mandatory,
- Google Service Framework and Google Play Market - optionally, for future ?,
- Bank apps.
Also do not forget to preliminary uninstall previous EdXposed and Reboot, then update magisk-Riru-core module and Reboot (I have 19.8), then update to latest EdXposedManager app (I have 4.5.7).
This version (4537) is somehow still missing in GitHub, got from here..

Categories

Resources