[BUG] Device Certification Not Passing

[Panfuji]

Describe the bug Describe your issue here. Device Certification is not passing possibly due to the new Play Integrity checks.

To Reproduce Steps to reproduce the behavior: 1: Go to Play Store 2: Check Device Certification

Expected behavior "Device is certified"

Screenshots

Smartphone (please complete the following information):

• Device: Galaxy S7
• Model: G930F

Additional context I'm not too sure what is going on behind the scenes with the new Play Integrity breaking device certification because of my lack of familiarity with the nitty gritty of android modding in general, but I hope this might help aid in an unrooted workaround.

All experiments are done with clean install.

While unrooted and with SELinux Enforcing (checked with adb), it will not pass, even with a clean install, with avaliable hotfixes applied (GPS, Hotfix 1 and Hotfix 2), with CronosKernel v8.0, and after force stopping and clearing data on Google Play Store and Google Play Services.

With MagiskHide (v23), it will still not pass (ctsprofile fail)

However with Magisk v26 and the Shamiko module and kdrag0n's safetynet fix module modded by Displax, device certification will pass, as seen in the screenshot here.

Regardless of if its fixable or not, thank you for making this rom - I have been daily driving it for 3 years and its still going strong.

[LowSkillDeveloper]

The same problem with this ROM, writes that the device is not certified in google play, and also does not pass the SafetyNet check (because its Play Integrity now). Root is not installed, and I do not want to put it. @ananjaser1211 there are solutions or whether there will be an update, maybe hotfix? Because of this, some applications do not install, such as the official ChatGPT application and Netflix, in google play its say "Your device isn't compatible".

The device in google play is defined as galaxy s9, which is probably why google considers that the device supports hardware backed.

[ananjaser1211]

ideally we should only be failiing hardware backed attestation, my guess is the fingerprint props inside the ROM got too old, the alternative is to use magisk or replace the fingerprint in each build prop in the ROM, if you were to flash magisk, using kdragon sagetynet module should be enough, until if/when i find some time to patch or just full on update the rom

the latest note 9 fingerprint i have is

ro.system.build.fingerprint=samsung/crownltexx/crownlte:10/QP1A.190711.020/N960FXXSAFWB3:user/release-keys
ro.build.description=crownltexx-user 10 QP1A.190711.020 N960FXXSAFWB3 release-keys

this would need to be changed in system/build.prop, /system/vendor/build.prop, /system/odm/etc/build.prop,

you can do this edit inside the ROM .zip and flash it again, you could also some what automate this by going to rom.zip/floyd/scripts/end.sh

find where it says "# HACK : Set model no to N9 To preserve BASIC EVAL TYPE"

under that section add the new fingerprints you want to replace, i.e

ro.system.build.fingerprint=samsung/crownltexx/crownlte:10/QP1A.190711.020/N960FXXSAFWB3:user/release-keys
ro.vendor.build.fingerprint=samsung/crownltexx/crownlte:10/QP1A.190711.020/N960FXXSAFWB3:user/release-keys
ro.odm.build.fingerprint=samsung/crownltexx/crownlte:10/QP1A.190711.020/N960FXXSAFWB3:user/release-keys

i think the only one that is not automatically set is the system/odm/etc/build.prop,, thats what i would basically try

[Panfuji]

Okay, as an experiment according to your suggestions, I've tried changing the fingerprints in the build.prop that ends with FVE1 which is the previous fingerprint to the new one which ends with FWB3, and the files that I have changed that I saw had the old fingerprints in it are (within the install zip) system/build.prop, floyd/vendor/build.prop, floyd/vendor/odm/etc/build.prop. I looked into the build.prop within floyd/odm/build.prop but didn't find anything that contain the fingerprint. I also applied the extra stuff in the end.sh file, which looks something like this:

HACK : Set model no to N9 To preserve BASIC EVAL TYPE

props=$props'
ro.product.model=SM-G965N
ro.product.odm.model=SM-G965N
ro.product.system.model=SM-G965N
ro.product.system_ext.model=SM-G965N
ro.product.vendor.model=SM-G965N
ro.product.product.model=SM-G965N
ro.system.build.fingerprint=samsung/crownltexx/crownlte:10/QP1A.190711.020/N960FXXSAFWB3:user/release-keys
ro.vendor.build.fingerprint=samsung/crownltexx/crownlte:10/QP1A.190711.020/N960FXXSAFWB3:user/release-keys
ro.odm.build.fingerprint=samsung/crownltexx/crownlte:10/QP1A.190711.020/N960FXXSAFWB3:user/release-keys

' Then I clean flashed the phone with the zip. The device is still showing up as not certified. Am I missing something here or is it potentially an issue that requires more information?

[ananjaser1211]

@Panfuji Sorry for late response, i just had time to work on the S7 again, i have rebased to FWB3 / 2023-02 and it does not fix the issue. the problem is not from the fingerprint, the problem seems to be from our BASIC_ATTEST hack we use (which is a patched keystore binary) this no longer works.

the keystore fix by kdragon uses magisk / zygisk to alter methods in framework.jar to fix safetynet. on my other projects i was able to implement the fix inside framework.jar, however on android 10 modifying framework.jar breaks boot. so for now i dont see any way to bring back safetynet without rooting with magisk and using zygisk.

[Panfuji]

Thanks for the reply - Guess for now using root will be mandatory for passing device certifcation.

[ananjaser1211]

Well some good news after my post, while working on V8 i manaaged to fix safetynet once more by implementing the bypass inside framework, to my surprise i was able to make it work.

I am still working on the new update, i dont know when it will be done, but i am updating alot of stuff that broke over time in the ROM, at the very least we can confirm that safety net will be fine.

[ananjaser1211]

Closed as V8 is now out with a fix for this bug https://xdaforums.com/t/rom-10-0-oneui-2-5-g930x-g935x-n930x-n935x-floydq-v8-0.4085667/post-89144172