2

SafetyNet working again

 1 year ago
source link: https://forum.xda-developers.com/t/unlock-bootloader-root-pixel-7-pro-cheetah-safetynet-working-again-all-relevant-links.4502805/page-37#post-87595875
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Unlocking Bootloader / Rooting / Updating | SafetyNet working again | ADB/Fastboot & Windows USB Drivers

Unlocking Bootloader / Rooting / Updating:

How to Root the first time / aka How to unlock the Bootloader:
Unlocking the bootloader will factory reset your device. There is no way around this. I highly suggest never re-locking your bootloader once you unlock it. If you do ever re-lock the bootloader, only do so after restoring the phone to 100% stock by using the latest Pixel 7 Pro Factory Image or Official Google Android Flash Tool.

Verizon variants:

Will never be able to have their bootloader unlocked. It's like winning the lottery, and just as rare and relatively random. There is nothing that anyone on XDA can do to help you unlock your Verizon variant.

T-Mobile and AT&T variants:

Can be unlocked once you pay the phone off, then you contact the carrier and arrange to Carrier unlock the phone. Once the phone is Carrier unlocked, then you can unlock the bootloader with the usual caveats (will wipe the device and there's no way around it).

The direct-from-Google (or other retailers who aren't U.S. Carriers), the factory Carrier Unlocked Pixels:

Can be bootloader unlocked at any time. I'd try it first before putting a SIM card in the phone. If OEM unlocking is grayed out, try connecting to Wi-Fi, and reboot if necessary. If it's still grayed out, try with your SIM card, and reboot again. Historically on Pixels, most of the time you can toggle OEM unlocking immediately, but occasionally some users have found it took a little while after being either connected to Wi-Fi or having your SIM card installed in it, and then eventually (hours? day? days?) you can toggle OEM unlocking.

The rest of the world's carriers:

No idea. Feel free to ask in the thread and hopefully, someone with specific knowledge will answer.

Other than trying the things above I mentioned, there is nothing else that anyone on XDA can do to help get OEM unlocking to be ungrayed.

Unlocking Bootloader (required in order to root)

The one-time first steps are:
  1. Android Settings
  2. About phone
  3. Click on Build number repeatedly, about seven times
  4. Go back to the main Android Settings
  5. System
  6. Developer options
    • Toggle OEM unlocking on. See @Namelesswonder's tip below (this won't help with variants that are supposed to be bootloader locked):
      Also a little tip for anyone trying to enable OEM unlocking on a device and it is grayed out, you can force the phone to check for eligibility by connecting to the internet in whatever way, going to the dialer, and dialing *#*#2432546#*#* (CHECKIN).
      You should receive a notification from Google Play services with "checkin succeeded" and OEM unlocking should be available immediately if the device is eligible.
      Google account not needed, SIM not needed, no other setup required. Works on completely-skipped-setup-wizard. Just need to make sure to connect to the internet and select the connection as metered to avoid any updates.
    • Toggle USB debugging on.
    • [Optional] I highly suggest you also disable Automatic system updates. Note that in a situation such as the Android 12 serious bootloader security issue, this setting will not keep Google from forcing an update to come through anyway.
  7. How to actually root follows the same steps below as how to update each month.
  8. Download the latest ADB/Fastboot (SDK Platform Tools) and Windows USB Drivers.
  9. Unzip the Platform Tools and Drivers.

  10. NOTE: If you have USB drivers for other Android devices installed, like Samsung, they can alternately sometimes work and not work with Google Pixels. I recommend uninstalling those drivers, or at least updating that driver to Google's driver as instructed below (the Device Manager entry may be different with other OEMs).​

  11. The Windows USB Drivers may have to be installed twice:
    • The first time while your phone is running and unlocked as normal.
      1. In Windows, right-click on the Start Button and choose Device Manager.
      2. Plug your phone into the computer and look for the new hardware entry in Device Manager. Near the top of Device Manager should be Android Device. Click the drop-down arrow to the left of it.
      3. Below Android Device, it should now show Android Composite ADB Interface
      4. Right-click the Android Composite ADB Interface and choose Update driver
      5. Choose Browse my computer for drivers
      6. Click Browse and navigate to where you unzipped the Windows USB drivers to.
      7. Follow the prompts to install the driver.
      8. Keep Device Manager itself open - you'll need it again in a minute, but you can close any other Device Manager windows after you have installed the driver.
      9. Open a Command Prompt and navigate to the platform-tools folder.
      10. Run command:
        Code: 
        adb devices
      11. On your Android device, you'll get an ADB prompt. Check the box to always give ADB permission and click OK.
      12. Confirm that the command results in a list of Android devices. When doing these producedures, you should only have the one device you want to work on connected, to keep things simple.
    • The second time to install the driver is while the phone is in Bootloader (fastboot mode), notFastbootD (fastbootd) mode. I know it's confusing.
      • Run command:
        Code: 
        adb reboot bootloader
      • Repeat the instructions above starting with "Right-click the Android Composite ADB Interface".
  12. Run command:
    Code: 
    fastboot flashing unlock
  13. On the phone, press either the up or down volume button once until you see Unlock the bootloader |>| beside the power button.
  14. Press the power button. The phone will go black for a second and then show near the bottom Device state: unlocked.
  15. After these first-time steps to unlock the bootloader, if you want to root, continue below at the step:

How to update each month (and also how to root) [requires an unlocked bootloader for updating via this factory image method]

  1. If you are going to use the Official Google Android Flash Tool, then skip the steps I indicate with FAB (Flash-All.Bat).
    • If using the Android Flash Tool, you should have the following items not selected:
      • Deselect Wipe
      • Deselect Force Flash all partitions (which will also wipe)
      • Deselect re-lock bootloader
  2. Always use the latest ADB/Fastboot (SDK Platform Tools) and Windows USB Drivers.
  3. Unzip the Platform Tools.
  4. Download the latest Pixel 7 Pro Factory Image (at the bottom of the "Cheetah" section).
  5. Unzip the factory image to the same platform-tools folder, i.e. so that flash-all.bat and all other files are in the same folder as ADB and Fastboot from the platform-tools.
  6. * FAB VERY important - Edit the flash-all.bat (on Windows) or flash-all.sh (on Linux) and remove the -w from the fastboot update image-cheetah-etcetera.zip line. This will keep the script from wiping your phone when you run it.
  7. Extract only the init_boot.img file from the image-cheetah-etcetera.zip to the same platform-tools folder.
  8. Copy the init_boot.img from the PC to the phone's internal storage.
  9. * FAB Run commands:
    Code: 
    adb reboot bootloader
flash-all.bat (on Windows)
or
flash-all.sh (on Linux)
  10. On the phone:
    • Wait for the phone to boot normally. Unlock the phone.
    • Apply Magisk Stable to it. NOTE: It is always possible that an Android Update (Monthly, QPR [Quarterly Platform Release], new major Android versions, and Beta versions) might need a new version of Magisk Stable, Beta, or Canary from GitHub to work correctly. XDA forum for Magisk is here.
      • Launch the Magisk app.
      • Beside "Magisk", click "Install".
      • Click "Select and Patch a File", and choose the init_boot.img that you just copied to the phone's storage.
      • Made sure all Magisk Modules have been updated.
      • Disable all Magisk Modules.
  11. Copy the Magisk'd init_boot.img (filename similar to magisk_patched-25200_1a2B3c.img)back over to the computer.
  12. Open a Command Prompt and navigate to the platform-tools folder.
  13. Run command:
    Code: 
    adb reboot bootloader
  14. After phone has rebooted into Bootloader (Fastboot) mode, run command:
    Code: 
    fastboot flash init_boot magisk_patched-25200_1a2B3c.img
fastboot reboot
  15. Confirm that the phone boots completely normally.
  16. Cautiously re-enable Magisk Modules.
  17. Reboot.
  18. Confirm everything worked fine.
  19. If the phone won't boot correctly after having enabled Magisk Modules, see either of the two solutions below:
    • For the future, you don't need to go into safe mode unless that's your preference. I forgot what all it resets, but it's many settings and it's bothersome. I'd rather just reinstall my modules and not have to figure out those Android settings/changes which I come across days or weeks later when I infrequently do something. Have your phone reboot and run this:
      Code: 
      adb wait-for-device shell magisk --remove-modules
      I like to just do this first:
      Code: 
      adb devices
      So the server is running, then I have the long one pasted and ready to go once the phone turns off.
    • Find problem apps by rebooting to safe mode section in my next post. After following that link, you may have to scroll up a little bit and the section title will be highlighted.

SafetyNet working again:

New Universal SafetyNet Fix released by @Displax, which is a later minor revision of the test MOD version previously posted in this thread, and of the original MOD 2.0 which apparently had some typos - the latter which didn't work due to the typos but is now fixed if you download the latest one. You can get it either from XDA or on GitHub.

  1. Launch the Magisk app.
  2. Go to Magisk's Settings (Gear in top right).
    • Click Hide the Magisk app.
    • When you hide it, you'll have the optional opportunity to change the Magisk app's name to whatever you wish. It doesn't have to be complex to fool apps that check for Magisk.
    • Important: When you have the Magisk app hidden or renamed, you can accidentally install a new copy of Magisk. This situation won't work at all - neither copy of Magisk will work with two installed. This is one reason why I don't completely hide Magisk, so I can tell it's installed because I have it renamed as something easily recognizable.
    • Back to the Magisk app's Settings...
    • Click Systemless hosts. This adds a Magisk Module to Magisk, which you can verify in a later step.
    • Toggle Zygisk on.
    • Toggle Enforce DenyList on.
    • Click Configure DenyList.
      • Add every app that you want to explicitly deny root and the existence of root.
      • You can click the 3-dot menu and choose the options to display system and/or OS apps, if necessary.
      • Note that for many apps, it is not enough to click the single checkmark to the right of the app name in this list. For many but not all apps, you should click on the app name and you'll see it expand to two or more entries, each with its own toggles. In this expanded state, you can now check the single top checkbox beside the main app name and it'll toggle all individual sub-entries.
      • Some apps add new entries to this list from time to time, so if you find that an app used to work for you when rooted and doesn't now, check this list again and look for the entries that aren't fully checked. There will be an incomplete horizontal line above the apps that don't have all of their sub-entries toggled.
      • You can use the Search button at the top of this list to find specific apps quickly.
      • The most common apps you should definitely fully check in this list are:

        • IMPORTANT - There are some things, such as Google Play Services which it's fine to add to the DenyList, but it's perfectly normal when used in combination with the Universal SafetyNet Fix (USNF) that it is back to being unchecked the next time you visit the DenyList. Since USNF takes care of Google Play Services, you don't even have to add it to the DenyList in the first place.​

        • Google Play Store
        • Google Services Framework
        • Google Play Protect Service
        • Wallet
        • Any banking apps.
        • Any streaming apps that use DRM.
        • Any 2FA apps, especially those for work.
        • Some of those Google apps might not need denying, but it doesn't hurt to deny them.
        • Any time you toggle more entries in this list, it may be necessary to reboot the phone for it to take effect.
  3. From the main screen in the Magisk app, go to Modules at the bottom.
  4. Confirm that the Systemless hosts Magisk Module is added to this list, and enabled.
  5. Install the Magisk Module: Universal SafetyNet Fix. For now, use @Displax new Universal SafetyNet Fix, which is a later minor revision of the test MOD version previously posted in this thread, and of the original MOD 2.0 which apparently had some typos - the latter which didn't work due to the typos but is now fixed if you download the latest one. You can get it either from XDA or on GitHub.
  6. Reboot.
  7. Install from the Play Store:
    • YASNAC - SafetyNet Checker
      • Launch it.
      • Click Run SafetyNet Attestation.
      • It should say:
        • Basic integrity: Pass
        • CTS profile match: Pass
        • Evaluation type: BASIC
    • Play Integrity API Checker
      • Launch it.
      • Click Check.
      • It should have the following with a green checkmark:
        • MEETS_DEVICE_INTEGRITY
        • MEETS_BASIC_INTEGRITY
      • It's normal for MEETS_STRONG_INTEGRITY to have a red X.
    • You don't have to keep these installed, although I keep them handy.
    • Sometimes, clearing app cache and/or data for apps like the Google Play Store, GPay, Wallet and others (and then rebooting) after these steps may help pass SafetyNet as well.
  8. See @V0latyle's explanation (and further linked post) for why we can't achieve STRONG_INTEGRITY with an unlocked bootloader.

Optional steps when updating - flashing custom kernels:

  • Download the custom kernel of choice on the phone.
    • As of Friday, October 14, 2022, the only custom kernel that's available is Despair Kernel. Be sure to read the particular installation instructions in the kernel threads' OP. For now even the AK3 Zip version of Despair Kernel requires Verity to be disabled. Normally, disabling Verity doesn't require a factory reset, but unfortunately in combination with Despair kernel so far, it still does need a factory reset. Even if you flash the custom kernel first without disabling Verity, you can still disable Verity afterwards and the phone will still work just fine, but you'll still need a factory reset to get the phone to work with the custom kernel.
    • The OP of Despair Kernel still says to disable both Verity and Verification - you would only have to do both if you were going to manually flash the individual partitions instead of flashing the AK3 Zip versions that @DespairFactor provides. Make sure and download the correct version, and if you download the AK3 Zip, you only have to disable Verity. In either case, it requires a factory reset after disabling.
    • The two schools of thought on disabling Verity and Verification:
      • here. If you want to discuss it any, please do so in my thread, or at least not in that custom kernel thread, so as to keep the thread on-topic.
  • Extract the vbmeta.img file from the inner Zip of the factory image zip and put it in the same folder with the latest extracted platform-tools.
  • Hook the phone up to your computer and run the following commands:
    • Code: 
      adb reboot bootloader
      [wait for the phone to reboot to bootloader (fastboot mode)]
      Code: 
      fastboot flash vbmeta vbmeta.img --disable-verity
fastboot reboot
  • Unlock the phone once it's booted up.
  • Make sure the Kernel Flasher app is up to date. XDA thread for the Kernel Flasher app is here.
  • Launch Kernel Flasher.
  • Select the slot that's mounted.
  • Choose Flash AK3 Zip.
  • Select the custom kernel zip just downloaded.
  • When it's done flashing, head to Android Settings and perform a Factory Reset, as is currently needed for Despair kernel.
  • If you failed to disable Verity ahead of time, if you have to, just force the phone off using these instructions: Turn your Pixel phone on & off, then press the Volume Down and Power buttons for a couple of seconds to get into the bootloader (fastboot mode). You'll still have to factory reset after disabling Verity in combination with this kernel, for now.

ADB/Fastboot & Windows USB Drivers:

Platform Tools was updated in August 2022 to v33.0.3:

Windows: https://dl.google.com/android/repository/platform-tools-latest-windows.zip
Mac: https://dl.google.com/android/repository/platform-tools-latest-darwin.zip
Linux: https://dl.google.com/android/repository/platform-tools-latest-linux.zip

Release Notes https://developer.android.com/studio/releases/platform-tools:

33.0.3 (Aug 2022)​

  • adb
    • Don't retry adb root if first attempt failed.
    • Fix track-devices duplicate entry.
    • Add receive windowing (increase throughput on high-latency connections).
    • More specific error messages in the "more than one device" failure cases.
    • Reject unexpected reverse forward requests.
    • Fix install-multi-package on Windows.
  • fastboot
    • Remove e2fsdroid as part of SDK platform-tools.
    • Print OemCmdHandler return message on success.
You'll need this if you're going to unlock the bootloader on your Pixel 7 Pro: SDK Platform Tools (download links for Windows, Mac, and Linux). Note that you can find links to download the tools elsewhere, but I wouldn't trust them - you never know if they've been modified. Even if the person providing the link didn't do anything intentionally, the tools could be modified without them being aware. Why take a chance of putting your phone security further at risk?

You can alternately use the tools from the SDK Manager, but most of us will want to stick to the basic tools-only without the complications of the full development manager.
For Windows, get Google's drivers here Get the Google USB Driver (ADB will likely work while the phone is fully booted, but if you're like me, you'll need these drivers for after you adb reboot-bootloader, to be able to use ADB and Fastboot.

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK