Droid Tools

Tag: play services

  • Bypass SafetyNet hardware attestation with an unlocked bootloader

    Bypass SafetyNet hardware attestation with an unlocked bootloader

    Over the last few years, the challenge of bypassing SafetyNet Attestation has evolved from a simple cat and mouse game between Google and the modding community to a burgeoning battle full of obscure barriers. Thanks to the rise of hardware-backed certification techniques, it is very difficult to bypass the boot image integrity verification routine and hide root access. Installing Magisk on its own would not be enough to circumvent the latest update to SafetyNet, especially on newer devices. This is where the Universal SafetyNet Fix Magisk module comes in.

    While legacy device owners, as well as custom ROM users, often use modules such as MagiskHide Props Config to spoof the CTS profile to pass basic certification, as long as the method in question relies on a valid combination of device and model names, fingerprint building, and security patch levels, there is no guarantee that the root hiding trick will remain useful in the future. This is due to the fact that Google Play Services is starting to use CTS profile validation hardware certification in many cases, even when a basic certificate is selected.

    In case you have an Android device that has an unlocked bootloader (or locked using custom verified boot keys) and thus doesn’t pass hardware attestation, then the Universal SafetyNet Fix Magisk module may fix that. Created by Danny Lin AKA XDA Senior Member kdrag0n, the module works by taking advantage of the opportunistic nature of the hardware attestation routine. Quoting the developer:

    … it (hardware attestation) falls back to basic attestation if key attestation fails to run — and prevent GMS from using key attestation at the framework level. This causes it to gracefully fall back to basic attestation and pass SafetyNet with an unlocked bootloader.

    The “not implemented” error code from Keymaster is used to simulate the most realistic failure condition to evade detection, i.e. an old device that lacks support for key attestation.

    The workaround is already available pre-integrated on the ProtonAOSP ROM from the same developer, which lets you pass SafetyNet without Magisk on fairly modern devices such as the Google Pixel 5. If you are a custom ROM maintainer and you wish to integrate this method with your build, you can do so by cherry-picking the necessary patches from this repository. On the other hand, the latest version of the ready-to-flash Magisk Module variant can be found here. Note that MagiskHide is still required if the target device is rooted.

    Universal SafetyNet Fix: XDA Thread ||| GitHub Repo

  • Google Duo and Messages will not work on uncertified devices soon

    Google Duo and Messages will not work on uncertified devices soon

    Duo and Google Messages are among the best communications apps Google has ever released, so it’s no surprise that they’re incredibly popular even among people whose phones ship without Google apps.

    (adsbygoogle = window.adsbygoogle || []).push({});

    Unfortunately, it looks like those uncertified phones may soon no longer be able to run Duo and Messages. XDA Developers and 9to5Google have uncovered strings that show that apps will soon stop working on unsupported devices.

    google Messages 
    <string name="ip_compliance_warning_message">On March 31, Messages will stop working on uncertified devices, including this one.</string>

    The Messages string is as clear as it can be. If Google passes through the certification requirement for Messages, users with uncertified phones may soon see the following message in the app: “On March 31, Messages will stop working on uncertified devices, including this one.” This should only affect a small fraction of Android phones that do not ship with Google apps, such as recent Huawei phones, Chinese ROM phones, and, of course, custom ROMs. XDA Developers suspects that the move will follow the RCS end-to-end encryption roll-out, as the company cannot guarantee that the uncertified device will not be compromised.

    <string name="grace_period_notification_body">"Because you're using an unsupported device, Duo will unregister your account on this device soon. Download your Clips and call history to avoid losing them."</string>
<string name="grace_period_notification_title">Duo is going away soon</string>

    Google Duo users with uncertified phones will see a similar message saying: “Because you’re using an unsupported device, Duo will unregister your account on this device soon. Download your Clips and call history to avoid losing them.” Even though these strings don’t explicitly mention “uncertified” devices, 9to5Google says that a look at the code reveals that the change is related to “GmsCompilance.” GMS is short for Google Mobile Services, the package responsible for bringing Google’s core apps and important APIs including the Play Services to certified phones. In contrast to Messages, there’s no firm deadline yet.

    (adsbygoogle = window.adsbygoogle || []).push({});

    If Google pulls through with the change, people with uncertified phones will soon have to look for other solutions. Perhaps Signal could be a good replacement for both — it supports sending and receiving SMS in addition to its text and video chat service.