Intune on rooted OP7T - OnePlus 7T Questions & Answers

When I first got my 7T I managed to root it and install Intune rather easily - just hid a bunch of things in Magisk Hide. Last night I boneheadedly reset my device to factory settings and had to start all over again. However when I attempted to install Intune root was detected. Tried removing device from company portal, clearing cache, uninstalling, reinstalling, adding a bunch more things to Magisk Hide - no luck, root is always detected.
Two questions to get me going
a) I used to be on an older version of Magisk Manager, don't remember which one, but am now on the newest version. Has anyone had any luck with MH and Intune with the latest versions
b) I vaguely recall that once Intune detects a root it "brands" the device serial number and the only way to work around that is to change the serial number. Is that correct?
Thanks

You musst rename the magisk manager with random name on magisk settings and hide root then it should work again

ChrisFeiveel84 said:
You musst rename the magisk manager with random name on magisk settings and hide root then it should work again
Click to expand...
Click to collapse
Nope. I had done that and it did not work. Just tried it with the old MM (7.5.1) and it worked beautifully. That is why I never update Magisk once I get it running on a particular device

I only use the latest version of magisk canary myself and haven't had any problems so far (so far I haven't found an app that recognized the root despite magisk hide)

Interesting. Does this include Intune? I saw TopJonWu post on twitter that the latest version handles Intune "out if the box" but that is not my experience so far.

Related

Safetynet fails on stock firmware

Kind of a long story:
I have the TIM branded Zenfone 3 Deluxe 570KL and everything was ok (safetynet pass on both CTS and Basic integrity with Magisk root).
Then i updated Magisk to the 15.0 version and got my device encrypted randomly at the restart (and yes this is a problem with this version but hangon), after the upgrade to 15.0 and the device encrypted now the CTS verification fails so i tried to downgrade back to version 14 of magisk to no avail.
From there i downloaded the WW version of the firmware, formatted the phone (inc data), convert the zip to a flashable img file and flashed the stock WW with no root.
Device still encrypted despite the complete format and fails again the safetynet.
Tried to flash the TIM version downloadable from ASUS with the same result.
Somehow i flashed the stock WW and safetynet fails only on CTS but as soon as i install the version 15.1 of magisk and enabling Magisk hide on google apps i fail safetynet also on basic integrity.
Do you know any way to remove this dammned encryption since there is no option to disable it in the security settings and flash a fresh stock firmware that passes safetynet?
Maybe with a twrp backup of a stock firware i can do something?
Regards and happy holydays
exico91 said:
Kind of a long story:
I have the TIM branded Zenfone 3 Deluxe 570KL and everything was ok (safetynet pass on both CTS and Basic integrity with Magisk root).
Then i updated Magisk to the 15.0 version and got my device encrypted randomly at the restart (and yes this is a problem with this version but hangon), after the upgrade to 15.0 and the device encrypted now the CTS verification fails so i tried to downgrade back to version 14 of magisk to no avail.
From there i downloaded the WW version of the firmware, formatted the phone (inc data), convert the zip to a flashable img file and flashed the stock WW with no root.
Device still encrypted despite the complete format and fails again the safetynet.
Tried to flash the TIM version downloadable from ASUS with the same result.
Somehow i flashed the stock WW and safetynet fails only on CTS but as soon as i install the version 15.1 of magisk and enabling Magisk hide on google apps i fail safetynet also on basic integrity.
Do you know any way to remove this dammned encryption since there is no option to disable it in the security settings and flash a fresh stock firmware that passes safetynet?
Maybe with a twrp backup of a stock firware i can do something?
Regards and happy holydays
Click to expand...
Click to collapse
I am having the same problem with Magisk v15.1. What I did for a temporary solution is I flashed back to Magisk v14.0 and it now passes safety checks. I am using Android 7.0 and I have the 2.15 ghz version of the phone (Asus_Z016D) Hope this helps.
---------- Post added at 08:48 PM ---------- Previous post was at 08:45 PM ----------
https://forum.xda-developers.com/showpost.php?p=75017953&postcount=5170
Thanks for the suggestion. Flash back the 14 is the first thing I tried but it failed and then I tried to reset and reflash the stock firmware but now, like I said, nothing that I tried works.
I know is asking a lot but can you make a TWRP backup of your phone except the data partition obviously? Maybe that encryption f** up something that I can't fix just by reset and flash the stock
I have the same problem. Safetynet fails... Are you sure that encryption is the cause?
Ryder. said:
I have the same problem. Safetynet fails... Are you sure that encryption is the cause?
Click to expand...
Click to collapse
I believe so, i got encrypted only when i installed the 15.0 but even if i format system and data and i flash a clean stock the options says that my phone is encrypted even if the phone has no password or i didnt activate it
exico91 said:
I believe so, i got encrypted only when i installed the 15.0 but even if i format system and data and i flash a clean stock the options says that my phone is encrypted even if the phone has no password or i didnt activate it
Click to expand...
Click to collapse
I updated to magisk 15.2 and magisk hide works now. Now i can see nintendo games on play store for example. However ctsprofile doesn't pass safetynet check
Ryder. said:
I updated to magisk 15.2 and magisk hide works now. Now i can see nintendo games on play store for example. However ctsprofile doesn't pass safetynet check
Click to expand...
Click to collapse
Would be nice to pass also CTS like before but Im ok with just the integrity check.
And yeah i can confirm that it works now with 15.2.
That was driving me mad; interesting fact: Fire Emblem Heroes go into connection error loop if the integrity check fails or detect that the phone is rooted and that happens at random times. I hate this approach of Nintendo and such, if i want to have control of my phone you shouldnt penalize me for that.
Anyway if someone is brave enough to share a stock/rooted backup that pass the CTS i would gladly try it out.
exico91 said:
Would be nice to pass also CTS like before but Im ok with just the integrity check.
And yeah i can confirm that it works now with 15.2.
That was driving me mad; interesting fact: Fire Emblem Heroes go into connection error loop if the integrity check fails or detect that the phone is rooted and that happens at random times. I hate this approach of Nintendo and such, if i want to have control of my phone you shouldnt penalize me for that.
Anyway if someone is brave enough to share a stock/rooted backup that pass the CTS i would gladly try it out.
Click to expand...
Click to collapse
I agree. Even Gangstar New Orleans isn't downloadable if you have root. It's root the cause! I tought it was the fact that it's available only for some devices for certain reasons. Now even gameloft seems to penalize root users...
Did you go on magisk hide section and selected the apps/games which you are interested in?
Ryder. said:
I agree. Even Gangstar New Orleans isn't downloadable if you have root. It's root the cause! I tought it was the fact that it's available only for some devices for certain reasons. Now even gameloft seems to penalize root users...
Did you go on magisk hide section and selected the apps/games which you are interested in?
Click to expand...
Click to collapse
To download the apps/games, obviously, you have to use hide on google play then, when are installed, on the apps
Since i want to use Android Pay but got this issue, is there any stock rom which passes certification?
Could you please check:
Open the Google Play Store app Google Play.
Tap Menu Menu and then Settings.
Under “Device certification” you’ll see if your device is certified
Edit: After some research i can say it happens because of unlocked bootloader.
Any solution to pass cts verification?

Prevent files, flashed through TWRP, being replaced by stock one, without root.

I have a Oneplus 5T and i'm struggling to install a google camera fix patch for my device but in the same time keep my phone root-free because i use a bank app called "BT pay" which detects magisk even with magisk hide, even with magisk manger hidden/uninstalled, i tried many times, can't get it done with root.
I keep tried to install TWRP (even if it being replaced by stock recovery evey boot) and install my gCam fix zip from there. but it seems like those files are replaced by stock files TOO...
I also tried to prevent TWRP from being replaced by deleting "install-recovery.sh" from /system/bin but this didn't work either.
Note that i have the official rom (oxigenOS beta 15) for my phone (official kernel too) which have Treble support, (the TWRP/gCam fix are also treble versions).
I take it you were using the MagiskHide Props Conifg Module right with Magisk 17.1? That is the only way you will pass Safety Net. Does your banking app still not work like that? (With a certified fingerprint)

GPay Can tell root now???

FIX:
1. Add Google Services to Magisk Hide (if you're on Magisk 18.1 use "su magiskhide --add com.google.android.gms" in terminal)
2. Add Google Pay and Google Services Framework to Magisk Hide
3. Go to data/data and rename com.google.android.gms to com.google.android.gms.bak for example (or delete it altogether, but backing up seems safer)
Reboot and do whatever you like in GPay, it should work now. That's all I've done. I don't think you need to reinstall Magisk.
cts profile - true
basicintegrity - true
" couldnt finish setup to pay in stores
this phone can't be used to pay in stores. This is because it is rooted or altered in some way "
i dont get it... it passes but fails?????
can someone help me understand??
mine is fine
try re flash your rom
i42o said:
cts profile - true
basicintegrity - true
" couldnt finish setup to pay in stores
this phone can't be used to pay in stores. This is because it is rooted or altered in some way "
i dont get it... it passes but fails?????
can someone help me understand??
Click to expand...
Click to collapse
Long thread and a lot of moving parts, so work backwards on the thread. Personally, I am just waiting until a final and formal fix is found on stable Magisk and up to date Play apps.
https://forum.xda-developers.com/app...ssion-t3906703
My experience with this issue is I run GPay, go back to Magisk, safetynet fails on both.. So I force close Magisk, clear cache and data.. reboot. Open Magisk back up, Safetynet passes.. Gpay sets up fine. Sometimes you have to do this several times and it's a real pain but it's always worked for me..
this thread has info: https://forum.xda-developers.com/pixel-3-xl/how-to/march-security-update-t3907281
this worked for me:
1. Disable Google Pay/Find My Device as Device Administrators in Settings > Security & location > Device Administrators.
2. Search "Google Play services" in the Settings search bar.
3. Press the three dots and press "Uninstall previous updates".
4. Download this update - https://www.apkmirror.com/apk/google...-7-99-release/
Pick your needed edition (arm or arm64, etc.), download it and install it.
5. Disable Background data access for Google Play Services and Google Play in their respective App Info pages.
6. Download Google Pay from the Play Store.
7. Set up your cards. Enjoy!
dipstik said:
this thread has info: https://forum.xda-developers.com/pixel-3-xl/how-to/march-security-update-t3907281
this worked for me:
1. Disable Google Pay/Find My Device as Device Administrators in Settings > Security & location > Device Administrators.
2. Search "Google Play services" in the Settings search bar.
3. Press the three dots and press "Uninstall previous updates".
4. Download this update - https://www.apkmirror.com/apk/google...-7-99-release/
Pick your needed edition (arm or arm64, etc.), download it and install it.
5. Disable Background data access for Google Play Services and Google Play in their respective App Info pages.
6. Download Google Pay from the Play Store.
7. Set up your cards. Enjoy!
Click to expand...
Click to collapse
My way of fixing this issue is no longer working.. The second I start Gpay it breaks and detects root.. The link you gave for apkmirror .. I think it's missing info?
jbarcus81 said:
My way of fixing this issue is no longer working.. The second I start Gpay it breaks and detects root.. The link you gave for apkmirror .. I think it's missing info?
Click to expand...
Click to collapse
Get a 2.83 build. Xda shortens links and you lose them on copy text
dipstik said:
Get a 2.83 build. Xda shortens links and you lose them on copy text
Click to expand...
Click to collapse
I know.. it's ridiculous, appreciate the clarification!
I have the same problem, Gpay detects root.
After I've gained root using extracted boot.img from January's update and Magisk, it's impossible to hide the root.
Natwest bank app won't let me use fingerprint because it detects root, even Zoho mail detect root.
I am going to unroot, install march's update, then re-root using the same method, and if still doesn't work I will try what you described "dipstik"
I will let you know once it's done.
rob42ert said:
I have the same problem, Gpay detects root.
After I've gained root using extracted boot.img from January's update and Magisk, it's impossible to hide the root.
Natwest bank app won't let me use fingerprint because it detects root, even Zoho mail detect root.
I am going to unroot, install march's update, then re-root using the same method, and if still doesn't work I will try what you described "dipstik"
I will let you know once it's done.
Click to expand...
Click to collapse
I update this way:
Copy 18.1 Magisk to the phone.
Flash the factory image after editing out the -w so data is saved.
Boot to TWRP, but I do not install it.
Install the Magisk zip with TWRP.
That's it. I have never had a problem with GPay. I also have it hidden in Magisk, perhaps because I have always had it hidden I am ok.....dunno.
This workaround worked for me with magisk 18.2 Canary build.
GPS 14.8.49
Google pay 2.82.231680166
Make sure to hide Google play services and Google services framework in Magisk hide.
https://forum.xda-developers.com/showpost.php?p=79028818&postcount=5
TonikJDK said:
I update this way:
Copy 18.1 Magisk to the phone.
Flash the factory image after editing out the -w so data is saved.
Boot to TWRP, but I do not install it.
Install the Magisk zip with TWRP.
That's it. I have never had a problem with GPay. I also have it hidden in Magisk, perhaps because I have always had it hidden I am ok.....dunno.
Click to expand...
Click to collapse
TonikJDK,
Have you added a card and actually used GPay at the terminal since this all started? I am in the same boat as you.
GPay is installed and opens fine on my wife's Pixel 3. Her device is running stock/rooted March rooted with 18.1 and has no TWRP. The only two things hidden are GPay and Play Store. The catch is that the card was already there. The new version of GPay showed up after clearing data/cache for Play Store and was loaded right after March install which decertified the design in Play Store forcing the data/cache clear. The card was always there. I have been hesitant to try loading a card or using this one at the terminal due to all of this.
My Pixel 3 XL also opens GPay fine, but like hers I have been hesitant to add a card or use it at the terminal. I am running dotOS (based on February), rooted with 18.1 with TWRP 3.2.3-3 fully installed. Same two relevant aps hidden, but in my case I didn't have to do anything to get the new version of GPay to show up since I didn't install March.
sliding_billy said:
TonikJDK,
Have you added a card and actually used GPay at the terminal since this all started? I am in the same boat as you.
GPay is installed and opens fine on my wife's Pixel 3. Her device is running stock/rooted March rooted with 18.1 and has no TWRP. The only two things hidden are GPay and Play Store. The catch is that the card was already there. The new version of GPay showed up after clearing data/cache for Play Store and was loaded right after March install which decertified the design in Play Store forcing the data/cache clear. The card was always there. I have been hesitant to try loading a card or using this one at the terminal due to all of this.
My Pixel 3 XL also opens GPay fine, but like hers I have been hesitant to add a card or use it at the terminal. I am running dotOS (based on February), rooted with 18.1 with TWRP 3.2.3-3 fully installed. Same two relevant aps hidden, but in my case I didn't have to do anything to get the new version of GPay to show up since I didn't install March.
Click to expand...
Click to collapse
My cards were already in there before anyone started having all these problems and before the March update.. I use it all the time, it has never failed to work. I used it yesterday several times.
TonikJDK said:
My cards were already in there before anyone started having all these problems and before the March update.. I use it all the time, it has never failed to work. I used it yesterday several times.
Click to expand...
Click to collapse
Thanks. That gives me some comfort in using the already loaded cards at least. I am not planning on loading any new cards or having to start from scratch any time soon. Seems like an already working GPay with a previously loaded card is OK.
sliding_billy said:
Thanks. That gives me some comfort in using the already loaded cards at least. I am not planning on loading any new cards or having to start from scratch any time soon. Seems like an already working GPay with a previously loaded card is OK.
Click to expand...
Click to collapse
It depends. My Gpay was opening fine and cards were loaded but payments didn't work, was getting error message that said I can't use payments because phone is rooted or altered in some other way.
Bogega said:
It depends. My Gpay was opening fine and cards were loaded but payments didn't work, was getting error message that said I can't use payments because phone is rooted or altered in some other way.
Click to expand...
Click to collapse
And the doubt kicks back in, LOL. Luckily, I just carry a real card until this is formally solved (hopefully).
Bogega said:
This workaround worked for me with magisk 18.2 Canary build.
GPS 14.8.49
Google pay 2.82.231680166
Make sure to hide Google play services and Google services framework in Magisk hide.
https://forum.xda-developers.com/showpost.php?p=79028818&postcount=5
Click to expand...
Click to collapse
Sadly this method only works for a limited time.
Overnight GPS updates to version 15 by its own self and GP stops working.
I'm not sure I'm ready to to this procedure daily just for Google pay. For the time being I'll use my card until Magisk developer finds solution to this problem.
Well, I jinxed it a few posts back saying I was ok. It just told me no more when I used it.
yeah nothing worked for me even when I uninstalled magisk and tried the steps above on stock. Ended up factory resetting. but thats the last move to do
TonikJDK said:
Well, I jinxed it a few posts back saying I was ok. It just told me no more when I used it.
Click to expand...
Click to collapse
Google Pay is a real asshole and doesn't let you know something is wrong until you actually tap to pay.
It's happened to me a couple of throughout my ownership of Pixels.

Device uncertified after Magisk root on latest factory Android 11

Hi all,
Got a new phone and finally decided to see if I could root the old Pixel 2 XL. It's unlocked, bought directly from Google. Never before unlocked bootloader until now.
It was flashed to factory Android 11 2020-12, and rooted from there. Magisk 21.1 beta was installed from zip while booted into TWRP 3.0.4, as advised in this thread. The latest Play System Update (Oct 5, 2020) was automatically installed while I was messing around afterwords.
I confirmed root access thru a checker and Termux, which is pretty neat! Hadn't rooted a device in a long time!
Unfortunately, device certification fails in Play Store, Magisk SafetyNet check and being unable to add a credit card to Google Pay. Magisk says basicIntegrity passes, but CTSprofile fails.
Things I've tried, mostly from this exhaustive guide:
Hidden Magisk Manager
Enabled MagiskHide, rebooted
Remove Magisk zip from storage
Lock bootloader again, rebooted
Clear app storage for Play store and Play services, rebooted
Disable USB debugging
Disable Play Protect scanning
Looked over XDA boards, Magisk changelog/documentation/guides
Things I haven't done (yet?):
Spoofing device fingerprint. I wouldn't expect this to be necessary, since it's actually authentic! But maybe there's more to it that I don't understand?
Start over from scratch, with Magisk Canary build - doesn't appear to be any improvements to MagiskHide according in current release notes
Is this possible to achieve?
composition said:
Is this possible to achieve?
Click to expand...
Click to collapse
SafetyNet:Magisk and MagiskHide Installation and Troubleshooting guide
www.didgeridoohan.com
Google I believe is using hardware-backed CTS profiling, which Magisk cannot circumvent. Your only chance of passing CTS is to hope Google ISN'T using the hardware-backed version, so you can employ one of the workarounds I gave in the link above.
There is a setting in magisk manager that let's you switch the attestation check. I'm having a brain fart as to where it is atm but I'll poke around and if/when I find it, I'll reply again.
Larzzzz82 said:
There is a setting in magisk manager that let's you switch the attestation check. I'm having a brain fart as to where it is atm but I'll poke around and if/when I find it, I'll reply again.
Click to expand...
Click to collapse
Apparently we're both having brain farts. I didn't even think there was such a setting. Then again, I don't use Google Pay.

Question C.48, April Security Update and SafetyNet

Since updating to C.48 (2125 [phone], coming from C.47, my Google Play and Pay have stopped working on my rooted phone (Magisk 24.3), even though it passes SafetyNet with YASNAC. When I try to open Play I get a "Try Again" screen. When I try to open Pay, I get "Google Pay is updating right now...". I've got Universal SafetyNet Fix 2.2.1 and MagiskHide Props Config installed, and Play and Pay in the Deny List. Tried using Shamiko 0.4.4 (while disabling deny) with no better results. Cleared cache and data on both apps multiple times. Uninstalled Magisk and unrooted, and everything worked again. Re-rooted w/o opening either app, put them both into "deny" and, for a brief time, both worked -- but eventually (without my doing anything that I could tell), they both reverted to the behavior described above.
I'm wondering if this behavior has anything to do with the April security update included in C.48? Because it's really odd that I YASNAC still shows safetynet as having passed. More likely, it's user error on my part, but has anyone else run into this yet on C.48?
I have a LE2127 running your firmware and I don't notice issues. One thing you could try is just flashing the update zip over your current OS using the OPlocalupdate apk here https://oxygenos.oneplus.net/OPLocalUpdate_For_Android12.apk
Thanks. I presume you're rooted? Which version of Magisk are you using and are you using Deny List or Shamiko?
rogerinnyc said:
Thanks. I presume you're rooted? Which version of Magisk are you using and are you using Deny List or Shamiko?
Click to expand...
Click to collapse
Yes, I'm rooted. I'm using Denylist on Magisk 24.3.
No problems on my end with Gpay while rooted
I gave up and did a total restore with MSM and then made sure to root and fill up the Deny List (and add SafetyNet Fix) before opening up Google Pay or Play. That seemed to work. Not sure how I messed it up in the first place, but I think it was in upgrading from C47 to C48 and my sequencing of unrooting, upgrading, clearing storage in the apps and re-rooting. Thanks all.

Categories

Resources