How can SafetyNet be passed with Oneplus3 and signed LineageOS - OnePlus 3 Questions & Answers

One benefit of signed and non-rooted LineageOS would be the ability of passing the SafetyNet test. But now my phone is still not passing the SafetyNet test. Some suggestions would be that the unlocked bootloader is the culprit that making the test fail.
I want to ask:
1. How can SafetyNet be passed with Oneplus3 and signed LineageOS?
2. If locking the bootloader is inevitable, is it possible to lock the bootloader with TWRP recovery?
3. If stock recovery is needed for locking the bootloader, is LineageOS updates work with stock recovery?
Thanks in advance!

Hazuki Amamiya said:
One benefit of signed and non-rooted LineageOS would be the ability of passing the SafetyNet test. But now my phone is still not passing the SafetyNet test. Some suggestions would be that the unlocked bootloader is the culprit that making the test fail.
I want to ask:
1. How can SafetyNet be passed with Oneplus3 and signed LineageOS?
2. If locking the bootloader is inevitable, is it possible to lock the bootloader with TWRP recovery?
3. If stock recovery is needed for locking the bootloader, is LineageOS updates work with stock recovery?
Thanks in advance!
Click to expand...
Click to collapse
Never needed to pass safteynet, but i think some of the custom kernels have a flag to mask the unlocked bootloader. Maybe magisk would work, but that would root. And as far as i know anytime you unlock your bootloader it would wipe data, that would get old flashing nightlies!

Nevermindthelabel said:
Never needed to pass safteynet, but i think some of the custom kernels have a flag to mask the unlocked bootloader. Maybe magisk would work, but that would root. And as far as i know anytime you unlock your bootloader it would wipe data, that would get old flashing nightlies!
Click to expand...
Click to collapse
Thanks for your reply. I have some bank apps that require the SafetyNet be passed so I need to find a way. I know Xposed/Magisk will work but I wish to find a way not requiring 3rd party (hacking) software.
I aware that locking/unlocking bootloader would wipe data, so I am thinking of locking the bootloader with latest TWRP and never unlocks again, just not sure if it is possible to do so, and I am not sure when after the bootloader is locked , I can go back to TWRP for LineageOS upgrade.
I have no spare phone for testing so hopefully I can get answers from here before I do anything risky

Related

SafetyNet / Android Pay Failure

Hello, I am having an issue with my wife's Robin. The phone is completely stock other than an unlocked bootloader and unencrypted storage. System, boot, recovery, kernel, etc. are all stock and no root. I have even wiped the system partition and reflashed the system.img for good measure. The device is failing SafetyNet checks, however. This means Android Pay is not working and displays the following error. "Android Pay can't be used on this device. This may be because your device is rooted, has an unlocked bootloader, or is running a custom ROM. As a result, Google can't confirm that your device meets Android Pay's security standards." Does anyone else with ONLY an unlocked bootloader have the same issue? Could lack of encryption have anything to do with it? I am puzzled. I have an old Nexus 5 with an unlocked bootloader, rooted, with no encryption and I am still able to toggle root and pass SafetyNet checks. Anyone else have a similar issue? If this is the case, she might as well have root and the advantages (as well as the potential hazards) that come with it.
Your wifes robin has an unlocked bootloader and you had to batch the kernel (boot.img) if she is still running stock os.
This is enough to trigger saftynet. If you want to pass saftynet again I suggest you go back to full stock or you flash magisk
( https://forum.xda-developers.com/apps/magisk ) and the phh supersu module. then you could activate magisk hide in the settings and you will pass saftynet. Thats what I am doing to play Pokemon Go
flyfire04 said:
Your wifes robin has an unlocked bootloader and you had to batch the kernel (boot.img) if she is still running stock os.
This is enough to trigger saftynet. If you want to pass saftynet again I suggest you go back to full stock or you flash magisk
( https://forum.xda-developers.com/apps/magisk ) and the phh supersu module. then you could activate magisk hide in the settings and you will pass saftynet. Thats what I am doing to play Pokemon Go
Click to expand...
Click to collapse
Thanks for the response and link. I ran the OEM unlock command and have since flashed the boot.img from the official Nextbit factory images. So unless that boot.img is itself patched, then I should be stock (other than the unlocked bootloader of course). That is likely the issue, but I want to see if anyone else who is stock with an unlocked bootloader has the same issue.
Then read this: https://www.xda-developers.com/sult...otloader-check-on-latest-cm13-builds-for-op3/
Then you will understand that an unlocked bootloader by itself can trigger saftynet. magisk removes the the verified boot flag.
Another easy solution is to just lock the bootloader using the oem lock command. This will not wipe the device like unlocking does.
So to be clear, my choices to get SafetyNet to pass are to:
OEM lock thus returning to complete stock or
Flash a modified kernel to suppress the bootloader unlocked flag or
Flash Magisk and phh root and activate Magisk hide
If I do the last option, do I also need a modified kernel or will this hide the bootloader unlock status from SafetyNet with the stock kernel? Thanks for the feedback.

Safetynet

If I were to unlock my bootloader, flash unmodified 8.1 dev preview and relock the bootloader, would I be able to pass safetynet? Or does unlocking the bootloader mean I'll permanently need to find workarounds no matter what I do afterwards?
Magisk rooting hides that. I can confirm that it works all the way up to November security patch. Look at the developer forum for more information.
TheSt33v said:
If I were to unlock my bootloader, flash unmodified 8.1 dev preview and relock the bootloader, would I be able to pass safetynet?
Click to expand...
Click to collapse
Yes.
I have a related question. Is locking the bootloader even necessary? I thought having an unrooted rom on an unlocked bootloader phone passes safetynet?
Hobox10 said:
I have a related question. Is locking the bootloader even necessary? I thought having an unrooted rom on an unlocked bootloader phone passes safetynet?
Click to expand...
Click to collapse
Safetynet checks for Bootloader Status, unlocked doesn't pass.
Hobox10 said:
I have a related question. Is locking the bootloader even necessary? I thought having an unrooted rom on an unlocked bootloader phone passes safetynet?
Click to expand...
Click to collapse
Custom roms often make changes at the kernel level to block safetynet's ability to check the bootloader status, which makes it pass (for now). Magisk also hides bootloader unlock status from safetynet. So there are workarounds.

7T - preparing for root

I've asked this on Reddit already, but thought it was worthwhile to ask here as well
It's been a long time (3 years) since I had a device that I'd been able to root and I wanted to make sure I'm ready to do it on my UK 7T whenever a solution becomes available (I've checked here and it seems a bit hit and miss at the moment). In order to get my device prepped should I just unlock the bootloader and wait for someone to get TWRP and Magisk working? Basically, I want to avoid losing all my stuff in x weeks time when the process becomes safer/simpler and from memory I think unlocking the bootloader causes everything on the device to be wiped.
TLDR
2 real questions:
Does the process of rooting the device wipe it, or does that only happen when unlocking the bootloader?
If I unlock the bootloader when I first get the device, will this be me prepped for rooting later on without losing all of my data?
Thanks
If you're not going to install a custom Rom, you're prepared for root without losing your data. I did it too yesterday when my 7T arrived, right after update oxygenos.
lmfao009 said:
If you're not going to install a custom Rom, you're prepared for root without losing your data. I did it too yesterday when my 7T arrived, right after update oxygenos.
Click to expand...
Click to collapse
I can't see myself moving from OOS, I just want root. So you're saying if I unlock bootloader from the off I'll be good for rooting in the future?
r0brimmer said:
I can't see myself moving from OOS, I just want root. So you're saying if I unlock bootloader from the off I'll be good for rooting in the future?
Click to expand...
Click to collapse
I'm changing from an iPhone 7+ to Oneplus 7T and got it yesterday. Why you don't make a backup when it's time for root? So far I can't see Custom ROMs or a working TWRP for the Oneplus 7T.
r0brimmer said:
I can't see myself moving from OOS, I just want root. So you're saying if I unlock bootloader from the off I'll be good for rooting in the future?
Click to expand...
Click to collapse
Yes, i lost data when unlocking the bootloader but then it was okay while rooting. I think you should unlock the bootloader and root as soon as you get the phone, but after updating to latest 10.0.4 version
Unlocked Bootloader / no Magisk Hide
Consider that apps like GooglePay or other apps will refuse working since they detect the unlocked bootloader state as possible security leak. GPay says, that due unlocked bootloader it does not want to initialze it.
So after facing this problems I would recommend, since magisk is limited to patching the actual boot.img, to stay on locked bootloader and unlock it after a secure method exists to install magisk and maybe TWRP. Otherwise, if you donot use these kind of apps, you can stay with unlocked BL.

One-click-root in Moto G5 XT1672

Would there be a way to do one-click-root on the Motorola Moto G5 (XT1672) or another way that is easy and does not do a factory reset? Thanks!
vanhead said:
Would there be a way to do one-click-root on the Motorola Moto G5 (XT1672) or another way that is easy and does not do a factory reset? Thanks!
Click to expand...
Click to collapse
I really don't know how this is going from root very well, but as I understand it, you need to unlock the bootloader of the device (which requires a factory reset). If you already have the bootloader unlocked, try KingRoot, The truth is the only root of a click that I know, I have not really tried it on this device, but on an old phone, and it worked fine. The only problem I have had and I do not know if it is the fault of the device or KingRoot, and is that when I try to uninstall an application which I gave it the root permissions, the phone restarts, to uninstall an application I had to deny it permissions and then I could uninstall it, I repeat, I do not know if it is a problem that only happens to me
Postdata: Sorry for my english
vanhead said:
Would there be a way to do one-click-root on the Motorola Moto G5 (XT1672) or another way that is easy and does not do a factory reset? Thanks!
Click to expand...
Click to collapse
Rooting the phone does not require a factory reset but unlocking the bootloader does
So if you haven't unlocked the bootloader you will have to factory reset it during the process
If the bootloader is already unlocked you do not need to factory reset your device again in order to root it
Magisk should be the only way you should root your device - do not use other methods like kingroot as this has bloat and is not systemless (meaning it alters the system partition)
You need to root with magisk in order to maintain the system partition in its original state in order to pass basic integrity & to be able to pass cts profile (may need a magisk module) and to hide the fact you are rooted from apps that will not work if your device is rooted
TheFixItMan said:
Rooting the phone does not require a factory reset but unlocking the bootloader does
So if you haven't unlocked the bootloader you will have to factory reset it during the process
If the bootloader is already unlocked you do not need to factory reset your device again in order to root it
Magisk should be the only way you should root your device - do not use other methods like kingroot as this has bloat and is not systemless (meaning it alters the system partition)
You need to root with magisk in order to maintain the system partition in its original state in order to pass basic integrity & to be able to pass cts profile (may need a magisk module) and to hide the fact you are rooted from apps that will not work if your device is rooted
Click to expand...
Click to collapse
Thank you for your help. I tried several One-click-root, none worked, so I researched, they only work on android 7.
Could you tell me if it is possible to Downgrade from Android 8.1 to 7 without unlocking the bootloader? All the videos I find, the bootloaders are already unlocked.
vanhead said:
Thank you for your help. I tried several One-click-root, none worked, so I researched, they only work on android 7.
Could you tell me if it is possible to Downgrade from Android 8.1 to 7 without unlocking the bootloader? All the videos I find, the bootloaders are already unlocked.
Click to expand...
Click to collapse
As mentioned before - you cannot root a device without unlocking the bootloader!
Why do you want a one click root? They are buggy & full of bloatware
Magisk should be the only method you should be using to root a device - either flashing through twrp or by patching the kernel and flashing the patched image through fastboot
What ever method you choose you need an unlocked bootloader to root!
Why would you want to downgrade? You can flash all parts of a firmware image except gpt & bootloader but again you might need an unlocked bootloader to do this but I don't see the point
TheFixItMan said:
As mentioned before - you cannot root a device without unlocking the bootloader!
Why do you want a one click root? They are buggy & full of bloatware
Magisk should be the only method you should be using to root a device - either flashing through twrp or by patching the kernel and flashing the patched image through fastboot
What ever method you choose you need an unlocked bootloader to root!
Why would you want to downgrade? You can flash all parts of a firmware image except gpt & bootloader but again you might need an unlocked bootloader to do this but I don't see the point
Click to expand...
Click to collapse
In fact, since i need to unlock the bootloader to root, for now, it wouldn't be a good option for me.
But there are apps that I really need and that don't work correctly on Android versions above Nougat, if I could get Downgrade without losing data, that would help me immensely for now.
Is there a possibility that I can downgrade to android 7 with the locked bootloader ? What can go wrong? Brick?
vanhead said:
In fact, since i need to unlock the bootloader to root, for now, it wouldn't be a good option for me.
But there are apps that I really need and that don't work correctly on Android versions above Nougat, if I could get Downgrade without losing data, that would help me immensely for now.
Is there a possibility that I can downgrade to android 7 with the locked bootloader ? What can go wrong? Brick?
Click to expand...
Click to collapse
You would have to format data - it would bootloop otherwise and I've already said. Flash all parts of firmware except gpt and bootloader however it may not flash as your bootloader is not unlocked
If the flashing goes wrong and your bootloader is not unlocked you will not be able to recover the device without taking it to a repair shop
My advice just don't bother - if you want to mod your phone unlock the bootloader!
And what app doesn't work above nougat?

Question Installing the stock global and passing Google Play store certification? Without locking the bootloader<SOLVED>

Anyway around this without rooting the phone?
jefffrom said:
Anyway around this without rooting the phone?
Click to expand...
Click to collapse
If your phone version is not Chinese, relock the bootloader.
Don't want to lock the bootloader you misunderstood my question
jefffrom said:
Don't want to lock the bootloader you misunderstood my question
Click to expand...
Click to collapse
That is to say that with so many details in your question, it is difficult to answer precisely but if your device is Chinese only root and magisk will allow this.
If available for your device install a https://xiaomi.eu/community/threads/22-7-6-7.66275/
Better than stock,certified play store with unlocked bootloader without root.
what's the point of an unlocked bootloader if you aren't going to root?
3zozHashim said:
what's the point of an unlocked bootloader if you aren't going to root?
Click to expand...
Click to collapse
downgrade or installing rom,No?
AFAIK no other way than to flash Magisk, enable Zygisk and use Module "SafetyNet-Fix".
If you don't use Root, in Magisk you can set to auto-deny all Root-requests.
So if I installed the EEA stock fastboot rom, I would not pass the Google Play store certification and safetynet if I leave the bootloader unlocked? Just to be sure.
This is the first I've read about this. I was thinking maybe go back to stock for a change.
Can I unlock the bootloader again in the future if I install the rom with clean all and lock?
Yes, simply unlocking the bootloader will fail SafetyNet.
Yes, you can unlock the Bootloader again, at any time.
yes you can unlock again, instantly, you wont need to wait 7 days

Categories

Resources