Closed mark-kruz closed 4 years ago
topjohnwu
commented
4 years ago There is no way to hide the actual settings as it is accessed via a system framework (faking that requires something like Xposed). The device itself however, will think it is locked.
Madis0
commented
4 years ago After MagiskHide running, it is no longer forced on, so you can turn it off manually.
It is possible, but is it advisable to do so? Could it bring issues with TWRP for example in the long run?
kakai248
commented
4 years ago @topjohnwu Having concerns about this too. I'm a dev of a banking app. We're using meawallet as the NFC payment platform. It is able to detect the root on my phone through this setting. I've pretty much covered all the bases with Magisk and it still gives me this log:
2020-01-02 16:43:24.575 25727-25789/XXX D/NATIVE: RootDetect: Bootloader unlocking is allowed
2020-01-02 16:43:24.576 25727-25789/XXX D/NATIVE: Throwing com/meawallet/mtp/MeaCryptoException exception, message: '0|107|204|606'
2020-01-02 16:43:24.579 25727-25789/XXX E/MTP-SDK:d3: Crypto: reasonCodes= 0|107|204|606: Exception in native library: R_SET_CONTEXT R_CHECK_ENV R_ROOTED R_ROOT_BOOTLOADER
StackTrace:com.meawallet.mtp.MeaCryptoException: reasonCodes= 0|107|204|606: Exception in native library: R_SET_CONTEXT R_CHECK_ENV R_ROOTED R_ROOT_BOOTLOADERIt's kinda sad as even being a dev, since I don't have control over this external service, I can't use NFC payments on my production account -_-
kakai248
commented
4 years ago I looked a bit more into this. It looks like they are checking the build prop sys.oem_unlock_allowed. Using an editor to set it to 0 will fix the problem. This should be the flag that backs OEM Unlocking in developer settings. But I'm afraid of rebooting the device with this set to 0 in case the device no longer boots.
I tried MagiskHide Props Config but it seems that it always runs too soon even with late_start service.
airidosas252
commented
4 years ago @kakai248 old post, but actually by using MagiskHide Props config module, you can easily spoof OEM Unlocking status without any side effects. It boots and works flawlessly. At long last even my banking app doesn't recognize either root nor OEM Unlock status being technically on.
gilaraujo
commented
4 years ago @kakai248 old post, but actually by using MagiskHide Props config module, you can easily spoof OEM Unlocking status without any side effects. It boots and works flawlessly. At long last even my banking app doesn't recognize either root nor OEM Unlock status being technically on.
Can you please tell us how to achieve that? I couldn't figure out what property exactly should be changed, and to which value.
Thanks in advance
Seba246
commented
4 years ago An unlocked bootloader will change the android.verifiedbootstate from green (locked) to orange (unlocked). If your system detects an unlocked bootloader the toggle in settings menu will be greyed out because it's not needed anymore. There is no reason why it should be activated or deactivated. Magisk hides the unlocked bootloader and as a result the android.verifiedbootstate changes back to green although the bootloader is still unlocked. Your device assumes that the bootloader is now locked and activates the toggle for the OEM unlock option - as it should be with a locked bootloader. From this point you have the ability to deactivate the toggle.
The state of the OEM unlock option is stored on a separate partition of your device which can be found at 'ro.frp.pst'. This is a security relevant information and the reason why you get prompted to enter your display pattern. Activation of the OEM unlock option will deactivate FRP.
mark-kruz
commented
4 years ago An unlocked bootloader will change the android.verifiedbootstate from green (locked) to orange (unlocked). If your system detects an unlocked bootloader the toggle in settings menu will be greyed out because it's not needed anymore. There is no reason why it should be activated or deactivated. Magisk hides the unlocked bootloader and as a result the android.verifiedbootstate changes back to green although the bootloader is still unlocked. Your device assumes that the bootloader is now locked and activates the toggle for the OEM unlock option - as it should be with a locked bootloader. From this point you have the ability to deactivate the toggle.
The state of the OEM unlock option is saved on a separate partition of your device which can be found at 'ro.frp.pst'. This is a security relevant information and the reason why you get prompted to enter your display pattern. Activation of the OEM unlock option will deactivate FRP.
I have done this experiment once on my galaxy s8 shortly after I got my current phone . Toggling off oem unlock while magisk was active then rebooting resulted in a bootloader relock and subsequent softbrick. This was on one ui pie iirc. So toggling off oem unlock isn't a good idea really even if this is Samsung breaking how it should be implemented.
airidosas252
commented
3 years ago @kakai248 old post, but actually by using MagiskHide Props config module, you can easily spoof OEM Unlocking status without any side effects. It boots and works flawlessly. At long last even my banking app doesn't recognize either root nor OEM Unlock status being technically on.
Can you please tell us how to achieve that? I couldn't figure out what property exactly should be changed, and to which value.
Thanks in advance
I literally spoofed sys.oem_unlock_allowed prop and it was enough to fool one of my banking apps to work (that app checks this exact prop and it immediately fails if it's set to 1). Phone boots just fine, though it's on custom ROM, so that might change the situation for stock ROM users.
bf8392
commented
3 years ago I literally spoofed sys.oem_unlock_allowed
What did you change it to?
vinibali
commented
1 year ago Sorry to bump this again. Latest Safetynet (v2.4.0) is able to hide the CTS profile match (checked with YASNAC). Tested on:
tempuserr
commented
11 months ago Universal SafetyNetFix v2.4.0 by kdrag0n - still CTSprofileMarch=false in YASNAC on unlocked stock Android 12 on Samsung Note 10.
"ctsProfileMatch": false, "evaluationType": "BASIC,HARDWARE_BACKED", "nonce":
So my banking app detected root so i flashed back to stock and locked the bootloader yet it still said "root detected" but after turning off oem unlocking in developer settings it started working properly. This leads me to believe that magisk makes no attempt to hide the status of the oem unlock toggle.