Yesterday, on the phone of a relative I successfully installed Lineage OS. The screen worked normally. The next day I got the phone back, because the last ~120px can't be accessed. The touch works, but it registers as if made above the bottom area (attached video shows what happens). The area is exactly the same size as the navigation bar. Curiously, if an app is rotated upside down, the area stays in place, allowing the navbar to be used and blocking the notifications bar.
I am pretty sure the OS has not been updated in the time after it had last worked, only f-droid and aurora store seem to have auto-updated (to their account) and the relative has tried to set up an app for their smart watch after which they reported being unable to get back to home screen. I vaguely remember a similar problem happening on the same model of phone (another phone), on official MIUI, I remember it later going away without my input (probably an update). I wonder if the problem is within the blob drivers.
So, if anyone here knows what this is, what can I do?
Info:
OS: Lineage OS 18.1 (build number: lineage_chiron-userdebug 11 RQ3A.211001.001 10038034)
Has Magisk 23.0
No G-Apps, only MicroG 0.2.22.212658
AdAway uses root, F-Droid has privileged extension and Aurora uses root install
Riru and LSPosed (1.6.5 - 6272) for MicroG signature spoofing
Related
I've just installed the official LineageOS 15.1 on my Lenovo Yoga Tab 3 Plus and can't use the sport streaming app "Dazn" anymore. I can login but when I start a video I only hear the audio but see nothing, only a black screen. I've tried with disabled live display but it doesn't work. Then I read something about the SELinux mode and for testing it I've rooted the device and tried with different SELinux mode but it changes nothing.
Do you have some idea what can cause this behaviour?
EDIT: In logcat it shows following message: unable to createImage on display=0x1 slot=1
This message will be created the whole time (with different values) when I want to play a video
Hello Guys! I wanted to ask that is there any solution for getting rid of this "Device is not Certified" without/with root? I have flashed Phusson's GSI and then GApps Micro but the first error j get is that on Setup screen, it sticks on Checking for Update no matter how much time I give it to check(Problem 1). The second problem is that I have sent the Android device ID (or whatever) used to certify the device but if no avail. It's still saying not Certified. I can spoof it by Magisk, that it is Certified by a module ummm... I forgot it's name(but it's not PlayStore Visa for sure) but still I can't use Google Play services in my device. Whenever I use an app that requires so, it gives an error that "Google Play Services is having trouble .....". What can I do to resolve this issue and use Google Play Services?
SafetyNet vs. Full Block
This seems to be a chronic problem for GSIs, but there are really two distinct levels of hell here:
Google Play Store -> Settings -> Play Protect certification reads "Device is not certified" and apps requiring SafetyNet won't work
Google Play Services completely blocks your device, and a barrage of noisy alerts are generated as soon as you attempt to log in
Many users won't even notice the first limitation, but the second blocks the setup wizard and makes the device effectively unusable until you register the GSF in on Google's registration page. But can anyone tell me why some custom ROMs trigger the second behavior and others don't?
As a custom ROM developer, some of my builds (usually the ones based on GSIs with an OEM vendor partition) have required device registration to be usable, and I'd really like to avoid that. I've tried spoofing known-good build fingerprints like some Magisk modules, but that hasn't worked so far. Has anyone found a decent workaround?
Or even better, can custom ROM developers just register our build fingerprints with Google? (I realize that this still won't satisfy SafetyNet, but it would allow custom ROM developers to go legit.)
It will never show up as certified if the build is not signed (or signed with public keys), and selinux is disabled. If that's not the case, you can try setting BUILD_SIGNATURE prop from latest OEM stable build and match your device.
baunilla said:
It will never show up as certified if the build is not signed (or signed with public keys), and selinux is disabled.
Click to expand...
Click to collapse
I'm not really interested in getting a "Device is certified" message (a.k.a. SafetyNet certification) with custom ROM development, since having the bootloader unlocked is going to cause it to fail anyway.
One thing I've noticed that seems to cause Google Play Services to block any login is when the GSI is signed with test keys and the OEM vendor partition is signed with release keys. Considering that we probably don't have the OEM's private release keys, is there any way to re-sign the vendor partition with test keys?
And interestingly enough, apps like Netflix are actually more likely to work if selinx is set to permissive. I've used that workaround on my custom ROMs before.
this is a very important topic, it is strange that it attracts so little attention.
One thing that I have discovered is that running "adb shell su 0 /system/bin/phh-securize.sh" to disable root on GSI AOSP builds by @phhusson will copy the required properties to look like stock ROM. This makes Play Protect play nice and you no longer have to register your GSF ID to stop the constant barrage of alerts.
I haven't had the time to figure out how he does it, but his source is shared on GitHub.
My company is now enforcing and managing BYOD with AirWatch. I'm trying to enrol my Magisk-rooted Pixel 2 XL. I've searched around XDA and other sites and I was able to enrol the phone when I use Magisk Hide to hide from the AirWatch agent, aka now the Intelligent Hub. It creates a Work profile and installed several work related apps. The only other app aside from Intelligent Hub I've tested so far is Boxer and it works for the few minutes during my test.
When I say Boxer works for a few minutes, that is because next I attempted to open Workspace One. As it loads, I'm guessing it checks other details about the phone, then it would popup a message saying Work apps and profile removing because the device is "compromised" and uninstall the work apps and Word profile.
I would like to use Magisk Hide and hide from Workspace One app, but Magisk Hide doesn't even list that and other apps in the Work profile. An admin at work checked the AirWatch server and it shows the device compromised detection with the status "Malicious file found - Check files in system or exec folder".
So my question is, outside of troubleshooting step by step from wiping phone and setting up each thing from scratch, anyone else have an insight on what else I can check?
FYI, these are the following setup I have on my phone
- Pixel 2 XL
- Rooted with latest version of Magisk and Manager
- Latest Pie 9.0 Aug 2019 Update
- Magisk Modules Installs: Busybox, Viper4Android
- Apps with Root Access: AdAway, BetterBatteryStats, Franco Kernel Manager, Material Terminal, Titanium Backup
s0l1dsn8k3 said:
My company is now enforcing and managing BYOD with AirWatch. I'm trying to enrol my Magisk-rooted Pixel 2 XL. I've searched around XDA and other sites and I was able to enrol the phone when I use Magisk Hide to hide from the AirWatch agent, aka now the Intelligent Hub. It creates a Work profile and installed several work related apps. The only other app aside from Intelligent Hub I've tested so far is Boxer and it works for the few minutes during my test.
When I say Boxer works for a few minutes, that is because next I attempted to open Workspace One. As it loads, I'm guessing it checks other details about the phone, then it would popup a message saying Work apps and profile removing because the device is "compromised" and uninstall the work apps and Word profile.
I would like to use Magisk Hide and hide from Workspace One app, but Magisk Hide doesn't even list that and other apps in the Work profile. An admin at work checked the AirWatch server and it shows the device compromised detection with the status "Malicious file found - Check files in system or exec folder".
So my question is, outside of troubleshooting step by step from wiping phone and setting up each thing from scratch, anyone else have an insight on what else I can check?
FYI, these are the following setup I have on my phone
- Pixel 2 XL
- Rooted with latest version of Magisk and Manager
- Latest Pie 9.0 Aug 2019 Update
- Magisk Modules Installs: Busybox, Viper4Android
- Apps with Root Access: AdAway, BetterBatteryStats, Franco Kernel Manager, Material Terminal, Titanium Backup
Click to expand...
Click to collapse
The following works but I am not sure if all the steps are crucial and which ones may be superfluous. Those instructions in (parentheses) may be not necessary).
I am not a programmer (Basic on a C-64 doesn't count, I take it), don't know anything about computer architectures etc., just able to follow instructions and wrap my mind around them to tweak my devices.
The main part is to "Hide Magisk Manager" after Boxer is installed (but before it is opened/setup) as that also creates another Magisk app (instance?) with the new name for the work profile where Boxer etc. show up and can be hidden with Magisk Hide.
The other (first) part is to hide anything that would alert and conflict with Hub before or during setting up the work profile - I pretty much hid everything under Magisk Hide...
I don't know BYOD nor Workspace One, so the solution below may not work.
- uninstall Hub (that's the only app remaining after the auto-uninstall, right?)
- if Magisk Manager is already hidden: go to Settings\Restore Magisk Manager "with original package and app names" - that seems to be important, as hiding it later and with another name will then also create a Work Profile where one can see and click and hide the work profile apps such as Boxer (not sure if it works the other way around, i.e. starting off hidden with a different name and then later restoring to original will create a Magisk work profile)
- Magisk Hide: click almost every system app, not just the Google ones, but almost everything, camera, calendar, contacts etc. and your phone maker's versions as well (not sure what is necessary, but only Google system apps didn't seem to do it...), also all root and SU related apps like BusyBox etc. (not sure what Hub looks for)
(- System\Apps > clear storage data for Google Play Store and other Play Apps, also make sure Hub is really uninstalled. If not or having problems at least clear data storage as well)
- reboot (can also go into TWRP and wipe cache/Dalvik, not sure if necessary)
- install Hub, don't open it
- open Magisk, go to Magisk Hide: click Hub
(- close Magisk)
(- reboot)
- open Hub, let setup run its course creating the work profile
- if there are conflicts showing in Hub (and/or on your employer's MDM website for your device), e.g. root certificate not installed, don't install any apps yet such as Boxer etc. and reboot instead
- Are those conflicts resolved after reboot?
- install Boxer and other apps (trough Hub itself, MDM website push (or Google Play)) but don't open/start them
(- reboot)
- open Magisk, go to Settings\Hide Magisk Manager and click on it, pick a name and confirm: this will then change the name of Magisk AND create a another Magisk app (with the new name) for the work profile.
- open that new Magisk work profile and go to Magisk Hide: click Boxer (and other apps controlled by Hub); Hub itself and everything already hidden in the private (= non-work) profile Magisk app should show up here as already hidden. Double and triple check.
(- reboot)
- open Boxer and start set-up
That's it. Stable, even after another reboot.
Did this solution work for you @s0l1dsn8k3?
I am in a similar boat. @s0l1dsn8k3 please let me know if you found an alternate solution.
I am in a similar boat. @s0l1dsn8k3 please let me know if you found an alternate solution.
Hello,
I have installed OP 12 (C44) stock rom (BA version), then apply root with magisk v24.1.
In magisk zygisk & denylist turned on.
Now everything is fine I have root but google pay doesn't work so...
I'm installing https://github.com/kdrag0n/safetynet-fix, after that my dialer broke.
1) I see "no sim card" in two slots
2) Could not open settings -> mobile network (phone has no reaction, but sometimes it says "com.android.phone" stop working
Turning off safetynet-fix / zygisk doesn't help.
Only when I flash whole rom again - it work, but I lost all SMS & phones.
The plus point is that safetynet test has a green light, but I could not phone by phone ))
What do I badly?
Update:
I see some logs from ADB:
Spoiler: code
Failed to open database '/data/user_de/0/com.android.providers.telephony/databases/carrierIdentification.db'.
android.database.sqlite.SQLiteCantOpenDatabaseException: Cannot open database '/data/user_de/0/com.android.providers.telephony/databases/carrierIdentification.db': Directory /data/user_de/0/com.android.providers.telephony/databases doesn't exist
you probably didn't do anything badly, i have never used any safetynet fixes as i never needed them, so i probably don't know much stuff either. Worst than that is having magisk literally destroying baseband from a32 4g that even a reflash and repartition wouldn't work
Hello
I installed the Marriott app this morning, and when I go to run it, i get that security message along the bottom third of the screen, and the app shuts down.
What is causing that?
It is detecting root/magisk.
Add Marriott to Zygisk hide list, then clear Marriott storage&cache, force close and reopen.
I downloaded the app and installed it to test. If you don't clear the app cache (and only force close and reopen) it will not work. You must clear that before opening again
Thank you App
I followed your instructions, but I still get that message.
Should I have rebooted after adding to the list??
nabril15 said:
Thank you App
I followed your instructions, but I still get that message.
Should I have rebooted after adding to the list??
Click to expand...
Click to collapse
No. That's not necessary. The following 3 steps is all you need
I cleared storage, force closed, and run it.
I get that initial welcome screen of the app, and before I can press on the SIGN IN button, it closes forcefully.
This happens no matter how many times I repeat the steps.
nabril15 said:
I cleared storage, force closed, and run it.
I get that initial welcome screen of the app, and before I can press on the SIGN IN button, it closes forcefully.
This happens no matter how many times I repeat the steps.
Click to expand...
Click to collapse
What magisk version and modules are you using?
Also, what Android/oos version are you using?
Do you have device certification in play store? Or what's your YASNAC result?
nabril15 said:
I cleared storage, force closed, and run it.
I get that initial welcome screen of the app, and before I can press on the SIGN IN button, it closes forcefully.
This happens no matter how many times I repeat the steps.
Click to expand...
Click to collapse
After some more poking around, that app detects everything. I attempted to monitor the https traffic to see what contacts are made at app-boot. It detects that I'm monitoring traffic. I attempted to use frida to bypass the ssl pinning so I can monitor traffic. It detects that I'm using frida. All of those cause a close condition.
This could mean, if it detects anything abnormal, you're gonna get force closed. The whole toast not showing up is annoying. You might be able to adjust your font/text size for the system in Accessibility, to see the full text.
If you have busybox or anything else you can think of that might be detected, try disabling them or any questionable modules like lsposed, restart, then see if you can open the app.
I looked inside the app and don't see some of the stuff as strings, and existing strings are already using some reflected values in another index. It appears to use some kind of library that is checking for root, certification, ssl certificate pins, frida, probably xposed and so on. Then retrieving the response from an api.
My thought was to repackage the apk without root checks for you but if they're doing that much for security, there's almost no chance I will be able to launch the app with self signing for the apk.
Having the full toast response would be helpful here
Wow App.. How detailed, you are.
Here are my modules plus Universal Safetynet fix. I'm running a13 f.17 build.
I'm not sure how to proceed. I installed it on my wife's phone and used it..
Here's a reddit thread with someone else fighting with the Marriott Bonvoy app.
old.reddit.com/r/Magisk/comments/yf8gyu/help_hotel_app_detecting_root/
Its quite ridiculous that a Hotel app is so restrictive and difficult.
I just (briefly) tried running the app inside Island, but still got the toast nags / close.
Interestingly I get one of two nags "you're on an unsecure network" or "we've detected magisk, etc)
I wish that I had twrp to blame, but I don't have it installed.
Hey there,
I did some looking at older versions of the app (apkpure has them). On my phone (Android 9, Magisk 23) the last version that will run (using MagiskHide with all the 3 boxes ticked for the marriott app), is 10.4.0.
Marriott Bonvoy™ 10.4.0 (Android 9.0+) APK Download by Marriott International - APKMirror
Marriott Bonvoy™ 10.4.0 (Android 9.0+) APK Download by Marriott International - APKMirror Free and safe Android APK downloads
www.apkmirror.com
Version 10.5.0 starts giving me nags.
(Sometimes it is just easier to use an older version of an app, than fighting to get the very latest to work!)
Mine is 10.13.1. not sure what got updated. I usually don't want to get stuck with old version, so I'll just use the website to make reservation and redemption. Yikes
I heard Magisk Delta by HuskyG could hide it from detection. Has anyone been brave enough to try? Well, I tried and it didn't work. I tried the whitelist mode by leaving Marriott out of the SuList and many other banking apps too. But it still detects root. Marriott app version 10.13.1. Older version say 10.12.0 and below should survive.