SafetyNet fails with DroidGuard microG on LineageOS 14.1

[ShapeShifter499]

I haven't been able to get microG or DroidGuard to work with SafetyNet on a LineageOS 14.1 install with and without Magsik. When I try LineageOS 14.1 with OpenGapps and Magisk instead it works fine and SafetyNet passes.

System Moto X Pure (clark) LineageOS 14.1

[ghost]

im on LineageOS 14.1 with magisk and microG and i pass saftynet so we should be able to help you. What signature spoofing method did you choose ? On what Version are you ? is FakeStore installed ? Its important to have the latest version installed: https://microg.org/download.html Also: Would be nice to see a logcat from Saftynet test with magisk and microG installed.

[ShapeShifter499]

The things I installed. The microG stuff I installed from F-Droid DroidGuard 0.1.0-4 microG 0.2.4-79 microG framework installed 0.1.0 MozilaNlpBackend 1.3.2 NominatimNlpBackend 1.2.1 Official Google Play apk 7.6.07.N-all_0_PR_148468439-80760700 (Installed as /system/priv-app/Phonesky/Phonesky.apk) Magisk 11.1

I made sure Magisk Hide was switched on in settings.

I first used my own build of LineageOS 14.1 and the following two patches. https://github.com/microg/android_packages_apps_UnifiedNlp/blob/master/patches/android_frameworks_base-N.patch https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch

But in case something in my build was tripping something I then tried the official LineageOS 14.1 Nightly from 03/13/2017 and patched it using Tingle from https://github.com/ale5000-git/tingle

Neither worked

I don't have time now, I'll post a log later, probably tomorrow.

[ShapeShifter499]

whoops hit close by mistake.

[mar-v-in]

is DroidGuardHelper 0.1.0-4 in /system/priv-app? In case it's not, try if moving it there makes any difference.

[ale5000-git]

It is a problem probably related to SELinux, and it usually work if you move it to /system/priv-app like mar-v-in said.

[ShapeShifter499]

@mar-v-in @ale5000-git just /system/priv-app/DroidGuard.apk? Should it be named anything in particular or stored in a sub-folder?

[ale5000-git]

The name and the sub-folder doesn't matter but I would put it in a sub-folder to be consistent.

[ShapeShifter499]

@ale5000-git making sure. I thought SafetyNet was looking specifically for /system modifications so maybe anything weirdly named or whatnot. I'll try it in a few.

[ale5000-git]

I don't know for sure but I think it look just for "know bad" things, not for everything, that would be impossible since it have to run on a infinite number of different phones.

But it may fail if the phone support verified boot and you have an unlocked bootloader.

[ShapeShifter499]

@mar-v-in @ale5000-git Ok I wiped everything using TWRP, I flashed the official LineageOS Nightly 03/13/2017 then I patched using 'tingle' and then flashed Magisk. After setting microG up, I put DroidGuard in '/system/priv-app/GmsDroidGuard/GmsDroidGuard.apk' SafetyNet passes again!

[ShapeShifter499]

Workaround works for now but what is the longer term solution? Maybe a all-in-one flash zip could be made for people who want everything and SafetyNet/DroidGuard?

In any case I added all this to a /system/addon.d script so things don't get removed every time I flash a new ROM

[ale5000-git]

I have already planned to insert DroidGuard Helper in my installer.

[ShapeShifter499]

@mar-v-in this should be noted somewhere (unless I missed it) that selinux might require DroidGuard to be in /system/priv-app

I'm going to close this now since my issue has been resolved. Thank you guys for the help.

[ShapeShifter499]

@mar-v-in @ale5000-git I forgot to ask, if DroidGuard is updated can I keep the old version in priv-app and install the new one over top of it from F-Droid? Or do I have to copy in any updates replacing the old to priv-app also?

[mar-v-in]

Yes, you can update droidguard helper through f-droid as usual, but the file in /system must still exist.

[gabsoftware]

I know the issue is closed, but if it can help someone, I wrote the detailed steps I did to pass SafetyNet on MicroG LineageOS builds. Here it is: https://www.gabsoftware.com/tutorials/how-to-use-microg-on-lineageos-or-cyanogenmod-without-xposed/#safetynet The key was to manually place the DroidGuard helper APK in /system/priv-app.

[ArchangeGabriel]

@gabsoftware I’ve just discovered μG LineageOS builds thanks to you. I’ve seen they have been added to the wiki, but I’ve never seen them being mentioned in issues around there.