Develop Bugs

Use OTA for installing custom ROM

Is it possible to somehow leverage the in-built OTA mechanism to install any custom ROM, while keeping the bootloader unlocked on a A/B device?

No, unless you're a rocket scientist...

galaxys said:
No, unless you're a rocket scientist...
Click to expand...
Click to collapse
Why not, where is the verification happening? Is there a signature verification after downloading the file, which can maybe be bypassed with root?

I could be wrong but I think a couple ROMs have their own OTA service baked in.
Also, I don't think it's too difficult/much more of a hassle to download the zip, reboot to recovery and flash.

nithinmanne said:
Is it possible to somehow leverage the in-built OTA mechanism to install any custom ROM, while keeping the bootloader unlocked on a A/B device?
Click to expand...
Click to collapse
If you were looking to flash a custom ROM with the stock recovery, required for sideloading an OTA, it wouldn't work. Each factory image or OTA image is signed by Google. The stock recovery is coded to look for that signature. If the recovery finds the signature it allows installation to continue. Any other signature or no signature at all will cause the process to halt with an error. In order to get a custom ROM to install using the OTA system you'd have to spoof Google's key in the ROM package so the stock recovery "thinks" it's installing a factory image or OTA.
What I described above applies regardless of whether the bootloader is locked or not. If your bootloader is unlocked, flash TWRP and call it a day.

Strephon Alkhalikoi said:
If you were looking to flash a custom ROM with the stock recovery, required for sideloading an OTA, it wouldn't work. Each factory image or OTA image is signed by Google. The stock recovery is coded to look for that signature. If the recovery finds the signature it allows installation to continue. Any other signature or no signature at all will cause the process to halt with an error. In order to get a custom ROM to install using the OTA system you'd have to spoof Google's key in the ROM package so the stock recovery "thinks" it's installing a factory image or OTA.
What I described above applies regardless of whether the bootloader is locked or not. If your bootloader is unlocked, flash TWRP and call it a day.
Click to expand...
Click to collapse
In A/B devices, it happens without a recovery, right, using update_engine. Do you know if there's a way to point it to a custom URL, instead of OEM's?

I don't believe the recovery is used for updates in the off slot on A/B devices. However, regardless of whether the recovery is required or not you still have to contend with the signing key requirement. So even if you could change the path to point to a particular download server, the absence of a Google signature will prevent the download from ocurring.
What you want is not possible because of the signing key requirement.

Strephon Alkhalikoi said:
I don't believe the recovery is used for updates in the off slot on A/B devices. However, regardless of whether the recovery is required or not you still have to contend with the signing key requirement. So even if you could change the path to point to a particular download server, the absence of a Google signature will prevent the download from ocurring.
What you want is not possible because of the signing key requirement.
Click to expand...
Click to collapse
All this validation happens in HLOS, right? Can this not be manipulated using root by replacing Google's OTA key?

nithinmanne said:
All this validation happens in HLOS, right? Can this not be manipulated using root by replacing Google's OTA key?
Click to expand...
Click to collapse
I don't know where it is, but a good guess would be the bootloader itself. And if that guess is right, not even root will help. You'd need to replace or modify the bootloader, which is a task beyond any of us.
If it were as easy as you make it sound, LineageOS and ROMs based on it wouldn't need their own OTA download systems.

Strephon Alkhalikoi said:
I don't know where it is, but a good guess would be the bootloader itself. And if that guess is right, not even root will help. You'd need to replace or modify the bootloader, which is a task beyond any of us.
If it were as easy as you make it sound, LineageOS and ROMs based on it wouldn't need their own OTA download systems.
Click to expand...
Click to collapse
The flashing happens when HLOS is still running(in Pixel, atleast), right? The bootloader can only verify when booting after flashing.

nithinmanne said:
The flashing happens when HLOS is still running(in Pixel, atleast), right? The bootloader can only verify when booting after flashing.
Click to expand...
Click to collapse
Again, I don't know. I do know however that this rabbit hole is deeper than I can go. You'll have to continue on your own from this point, because I simply have nothing left to add to the discussion.
Good luck. Hopefully you manage to avoid bricking your $1000 device in trying this.

Strephon Alkhalikoi said:
Again, I don't know. I do know however that this rabbit hole is deeper than I can go. You'll have to continue on your own from this point, because I simply have nothing left to add to the discussion.
Good luck. Hopefully you manage to avoid bricking your $1000 device in trying this.
Click to expand...
Click to collapse
Thanks, I'm not testing on my phone, I'm doing it during free time at work, where I can test on a debug 845 device, running android P. Its way easier, as I have access to more logging, and it takes 2 minutes to flash, even if I brick it. So I can try any solution you can think of. I eventually want to get it working on my phone though.

[XZp] rooted kernel hiding bootloader unlock with working fota

rooted kernel hiding bootloader unlock
with working sony stock fw fota updates
for Sony Xperia XZ Premium​
Firmware Over the Air system updates have been disabled/not working with sony xperia phones with unlocked bootloader.
Also many sony drm functions are disabled if fw detects unlocked bootloader even if device master key was recovered.
I've implemented a kernel patch for xperia XZ1 Compact / XZ1 / XZ Premium phones that properly masks bootloader unlock status so it appears as still locked for sony stock firmwares.
This allows FOTA updates to be installed if running completely unmodified stock firmware. This is possible if this kernel is just booted from usb via fastboot instead of flashing it.
The kernel is pre-rooted, so you can have root as usual with magisk when running this kernel (you can use magisk system less patching to make changes to system/vendor partitions without actually modifying them).
For oreo fw the boot process is patched to hide magisk from sony ric daemon that stops the boot in case it thinks the bootloader is still locked. This special patch allows to pass safetynet including cts while having properly working magisk.
This kernel may be used (flashed) just to properly enable sony drm features, like video image enhancements, if device master key was recovered via locked state TA restore.
The bellow described way to install FOTA system update works with both - phone with TA restored and phone with drm keys lost. Both variants have been tested with xz1c.
How to use this kernel while planning to do FOTA system update eventually
Update: please see here for the latest usage instructions for kernels in flashable zip archive.
Please see screenshots bellow for this kernel in action (with xz1c) doing fota system update from oreo to pie and from pie to next pie version. There is also a video documenting this here. Few longer waiting parts have been cut out to fit the video under 15 minutes of youtube limit for not verified accounts.
if your bootloader is still locked
Use renoroot exploit to backup your TA, unlock your bootloader and restore TA-locked to recover device master key as described in
[XZ1c/XZ1/XZp] temp root exploit to backup drm keys implemented thread.
select one of the prepared kernels and download it
make sure you are running unmodified stock firmware
You need the version corresponding to the selected kernel - reflash the firmware to make sure it is unmodified.
Please note: any mount of /system or /vendor partitions in write mode would result with modifications even if nothing is copied there.
Be aware that some zip packages flashed from twrp may mount the partitions for write access even when that is not needed.
reboot the phone to fastboot mode
Use either "adb reboot bootloader" or
enter fastboot by holding powered off phone's volume up key while connecting it to PC via usb cable and use 'fastboot reboot bootloader' command.
boot the downloaded kernel via fastboot
For example (xz1c):
Code:
fastboot boot boot-G8441-47.1.A.16.20-hideunlock-rooted.img
enjoy your rooted phone which thinks it is still locked
Sony apps will be offered to install/update. System FOTA update may come.
Magisk will provide your root when magisk manager app is installed (offered on the first boot).
if you need to use a custom recovery, like TWRP
Do not flash it. If you do, FOTA update verification will fail.
Instead use 'fastboot boot' the same way as with the kernel above, but instead of the kernel, boot the twrp image without flashing it.
to install a FOTA system update
just start the update as usual
let it run until it finishes the installation
try to catch the restart then and hold volume up that time to enter fastboot
you need to use following command to make next boot working
Code:
fastboot reboot bootloader
use 'fastboot boot' to boot kernel for fw to which fota updating to,
for example (xz1c):
Code:
fastboot boot boot-G8441-47.2.A.4.45-hideunlock-rooted.img
if you miss the restart (or do not have the right kernel version),
it does not matter, the installation will finish even when bootloader unlock is detected with the last reboot to updated system,
so just 'fastboot boot' the corresponding 'hideunlock-rooted' kernel then
Alternative use of this kernel
If you do not like booting from usb via fastboot to startup your phone, you can flash the kernel and boot normally.
But if you like to install FOTA system update then, you would need to flash the stock kernel first in order to make the fw untouched again (assuming no other changes to the fw, like system or vendor partitions, have been done) and boot the patched kernel via 'fastboot boot' as described above.
You can backup stock kernel (and recovery) to avoid need to download full stock fw when you need to restore stock kernel & recovery when you decide to install fota system update - see here and following post for more details please.
If you do not care about FOTA, just do not install it.
And use this kernel just to enable all sony drm features that are available on a locked phone (assuming locked state TA has been restored).
In case you like to make some modifications to system or vendor partitions (as you do not care about fota), you would need to disable verity in the kernel - please see post#3 for noverity variants of oreo kernels and linked post describing howto switch verity off via magisk in all pie kernels.
Downloads
See the post#2 please.
Source code
patched kernel sources to hide bootloader unlock (my-bluhide/* branches)
https://github.com/j4nn/sonyxperiadev-kernel-copyleft
patched magisk sources to hide magisk from sony ric daemon on early boot phase (v19.1-manager-v7.1.2-ric branch)
https://github.com/j4nn/Magisk/tree/v19.1-manager-v7.1.2-ric
The patches are provided under GPL (that means you may include them in your builds, but you need to provide buildable source of released binaries /true for any kernel change btw/).
Credits
Thanks to @tonsofquestions for lot of initial testing of this concept when I did not have a phone with unlocked bootloader and for discovering the need to reboot to fastboot by a command to make the 'fastboot boot' command properly boot the supplied kernel image.
Thanks to @topjohnwu for his excelent magisk tool.
If you find my work useful, consider donating here please:
https://j4nn.github.io/donate/
Thank you.
XDA:DevDB Information
kernel_bluhide_maple, Kernel for the Sony Xperia XZ Premium
Contributors
j4nn
Source Code: https://github.com/j4nn/sonyxperiadev-kernel-copyleft
Kernel Special Features: proper hiding of bootloader unlock, sony ric with magisk hack
Version Information
Status: Stable
Stable Release Date: 2019-02-10
Created 2019-02-10
Last Updated 2019-08-07

Downloads
- hideunlock kernel pre-rooted boot images:
Xperia XZ Premium (G8141)
boot-G8141-47.1.A.16.20-hideunlock-magisk-19.1.img
boot-G8141-47.2.A.4.41-hideunlock-rooted.img
boot-G8141-47.2.A.6.30-hideunlock-rooted.img
boot-G8141-47.2.A.8.24-hideunlock-rooted.img
boot-G8141-47.2.A.10.28-hideunlock-rooted.img
boot-G8141-47.2.A.10.45-hideunlock-rooted.img
boot-G8141-47.2.A.10.62-hideunlock-magisk-19.3.img
Xperia XZ Premium Dual (G8142)
boot-G8142-47.1.A.16.20-hideunlock-magisk-19.1.img
boot-G8142-47.2.A.4.41-hideunlock-rooted.img
boot-G8142-47.2.A.6.30-hideunlock-rooted.img
boot-G8142-47.2.A.8.24-hideunlock-rooted.img
boot-G8142-47.2.A.10.28-hideunlock-rooted.img
boot-G8142-47.2.A.10.45-hideunlock-rooted.img
boot-G8142-47.2.A.10.62-hideunlock-magisk-19.3.img
- hideunlock kernels flashable to multi fw versions (see here for usage howto):
Xperia XZ Premium (G8141)
kernel-G8141-47.1.A.16.20-hideunlock.zip
kernel-G8141-47.2.A.10.62-hideunlock.zip
kernel-G8141-47.2.A.10.80-hideunlock.zip
kernel-G8141-47.2.A.10.107-hideunlock.zip
kernel-G8141-47.2.A.11.228-hideunlock.zip
Xperia XZ Premium Dual (G8142)
kernel-G8142-47.1.A.16.20-hideunlock.zip
kernel-G8142-47.2.A.10.62-hideunlock.zip
kernel-G8142-47.2.A.10.80-hideunlock.zip
kernel-G8142-47.2.A.10.107-hideunlock.zip
kernel-G8142-47.2.A.11.228-hideunlock.zip
Screenshots of XZ1c FOTA system update from oreo 47.1.A.16.20 to pie 47.2.A.4.45
(video available here)

Downloads
This is for alternative use only - please see post#10 of XZ1 thread for more details.
boot-G8141-47.1.A.16.20-hideunlock-magisk-19.1-noverity.img
boot-G8142-47.1.A.16.20-hideunlock-magisk-19.1-noverity.img
Screenshots of XZ1c FOTA system update from pie 47.2.A.4.45 to pie 47.2.A.6.30 version
(video available here since 08:10 time)

I am 47.2.A.2.33，can I use 47.2.A.6.30?

So this doesn't work at all with unlocked devices that doesn't have a backup

@j4nn
If the bootloader is unlocked???
And flashing this kernel, nothing happen

nonokirton said:
I am 47.2.A.2.33，can I use 47.2.A.6.30?
Click to expand...
Click to collapse
If you have 47.2.A.4.41 fw, flash that and then you can try FOTA to 47.2.A.6.30.
Let me know, if you need a build of 47.2.A.2.33 kernel, which variant of xzp, if you want to test fota and cannot find the appropriate older fw.
SilverGamer_YT said:
So this doesn't work at all with unlocked devices that doesn't have a backup
Click to expand...
Click to collapse
Actually FOTA works even with devices where "drm keys" have been lost.
I've just tested that (restoring TA-unlocked to get the lost keys state) and I was able to fully install fota from 47.2.A.4.45 to 47.2.A.6.30 using my patched kernel with XZ1c.
So for FOTA it is working. And with pie, camera works without device master key (both with stock and with this unlock hiding kernel).
You would not get video image enhancements obviously, but currently there is no drmfix available with pie that would make it work, is it?
So I guess this is quite good actually (in pie case) even for devices without TA restored.
@karrouma, I am not sure what you mean.

j4nn said:
If you have 47.2.A.4.41 fw, flash that and then you can try FOTA to 47.2.A.6.30.
Let me know, if you need a build of 47.2.A.2.33 kernel, which variant of xzp, if you want to test fota and cannot find the appropriate older fw.
Actually FOTA works even with devices where "drm keys" have been lost.
I've just tested that (restoring TA-unlocked to get the lost keys state) and I was able to fully install fota from 47.2.A.4.45 to 47.2.A.6.30 using my patched kernel with XZ1c.
So for FOTA it is working. And with pie, camera works without device master key (both with stock and with this unlock hiding kernel).
You would not get video image enhancements obviously, but currently there is no drmfix available with pie that would make it work, is it?
So I guess this is quite good actually (in pie case) even for devices without TA restored.
@karrouma, I am not sure what you mean.
Click to expand...
Click to collapse
If you unlocked your bootloader
And you are in pie,
This patch is not working
You want a brand new device to backup the drm from oreo
And it is ok after

karrouma said:
If you unlocked your bootloader
And you are in pie,
This patch is not working
You want a brand new device to backup the drm from oreo
And it is ok after
Click to expand...
Click to collapse
The kernel can be used on UB, just for updates though.

Beetle84 said:
The kernel can be used on UB, just for updates though.
Click to expand...
Click to collapse
Yes i know
But if you don't backup your ta partion
The message when booting still appearing

karrouma said:
If you unlocked your bootloader
And you are in pie,
This patch is not working
You want a brand new device to backup the drm from oreo
And it is ok after
Click to expand...
Click to collapse
As described above, the patched kernel enables fota system update even in case of unlocked phone with drm keys lost and the update can be installed as described.
So it is working even in the case which I originally assumed it would not work.
karrouma said:
Yes i know
But if you don't backup your ta partion
The message when booting still appearing
Click to expand...
Click to collapse
If you mean the "Your device software cannot be checked for corruption. Please lock the bootloader." message displayed right at the beginning of boot - that has nothing to do with (patched or not) kernel or not even with the state of phone's TA (if it was restored after unlock with from locked state backup or if "drm keys" got lost because TA was not backed up before unlock).
That message will be there just from the fact that the bootloader had been unlocked. It is displayed by bootloader even before kernel is loaded.
Restore of TA does not re-lock the bootloader (like it has been the case with some previous xperia generations), so we cannot get rid of that message ever after unlock of a phone.
But with that message Sony suggests to (re)lock the bootloader - maybe someone could claim it to make sony tell us how we should do the re-lock of the bootloader.

Great work I'll implement this into my kernel with credit to you!

@LazerL0rd, thanks for letting me know.
Just wondering, do you plan to support fota system update of stock fw as I did or is your goal just to mask that bootloader had been unlocked?
Anyway, it's good to see that my work is useful.

j4nn said:
As described above, the patched kernel enables fota system update even in case of unlocked phone with drm keys lost and the update can be installed as described.
So it is working even in the case which I originally assumed it would not work.
If you mean the "Your device software cannot be checked for corruption. Please lock the bootloader." message displayed right at the beginning of boot - that has nothing to do with (patched or not) kernel or not even with the state of phone's TA (if it was restored after unlock with from locked state backup or if "drm keys" got lost because TA was not backed up before unlock).
That message will be there just from the fact that the bootloader had been unlocked. It is displayed by bootloader even before kernel is loaded.
Restore of TA does not re-lock the bootloader (like it has been the case with some previous xperia generations), so we cannot get rid of that message ever after unlock of a phone.
But with that message Sony suggests to (re)lock the bootloader - maybe someone could claim it to make sony tell us how we should do the re-lock of the bootloader.
Click to expand...
Click to collapse
So if I use this kernel will I just have the same device as if it were locked but with root and that message? I'm currently having some issues with root at the moment. I'm using existenz ROM and the kernels in the thread and Snapchat keeps detecting that I'm not using legit software even though I don't even have magisk. Another thing is that if I uninstall magisk right now then my safetynet checks all fail without magisk which gives me issues with Google pay and these two problems are what make me wanna relock my bootloader. But after reading this apparently I can't even with the ta backup. So I'm mainly more concerned on a way to be able to use those applications right now and what the best possible way would be to go for it because I'm finding it difficult to find a method with or without magisk where I wouldn't get banned from Snapchat and where I would be able to use Google pay. Thanks for any suggestions it would be highly and greatly appreciated!

@RJASSI21, if you restored locked state TA and run unmodified stock fw with this kernel booted from usb via 'fastboot boot' command, you would get very close to still locked phone, but with fully working root (magisk), obviously with the unlocked warning message on boot.
I believe if you run the setup as just described, you would not have problems with apps detecting root, easily passing safetynet cts check.
The problem is when you install something like the mentioned existenz - that patches stock fw files directly and there may be processes (either in sony fw or downloaded with safetynet stuff from google or even in some apps) that discover these changes and therefore detect rooted system.
If you installed only proper magisk modules that comply with magisk system less rooting (i.e. no modifications in system nor vendor partitions) - such modules may be made hidden with magiskhide to certain apps or google's safety net check. If something simply is flashed into system or vendor partitions, it cannot be made hidden for picky processes.
That means if using only proper magisk systemless modules, you could have root and customizations, still run stock fw with verity enabled kernel booted from usb 'fastboot boot' and even allow fota system update and get it successfully installed (assuming that twrp is not flashed either, instead it is also booted from usb if needed).

j4nn said:
@RJASSI21, if you restored locked state TA and run unmodified stock fw with this kernel booted from usb via 'fastboot boot' command, you would get very close to still locked phone, but with fully working root (magisk), obviously with the unlocked warning message on boot.
I believe if you run the setup as just described, you would not have problems with apps detecting root, easily passing safetynet cts check.
The problem is when you install something like the mentioned existenz - that patches stock fw files directly and there may be processes (either in sony fw or downloaded with safetynet stuff from google or even in some apps) that discover these changes and therefore detect rooted system.
If you installed only proper magisk modules that comply with magisk system less rooting (i.e. no modifications in system nor vendor partitions) - such modules may be made hidden with magiskhide to certain apps or google's safety net check. If something simply is flashed into system or vendor partitions, it cannot be made hidden for picky processes.
That means if using only proper magisk systemless modules, you could have root and customizations, still run stock fw with verity enabled kernel booted from usb 'fastboot boot' and even allow fota system update and get it successfully installed (assuming that twrp is not flashed either, instead it is also booted from usb if needed).
Click to expand...
Click to collapse
Ok thank you for this information. So if I return to stock fw and use this kernel will I no longer get banned from things like snapchat?
https://forum.xda-developers.com/oneplus-6/help/snapchat-locking-magisk-hide-t3895685/page4
ive read in this link that its possible they detect root not magisk or the app. Also would i have to boot the kernel everytime i reboot the device? Also will i have 960fps recording back as an option and 4k in youtube?

@RJASSI21, sorry, I have no experience with snapchat or whatever that is.
As mentioned in my post above, you can get very close to locked stock particularly if locked TA was restored, including fota system update possibility.
But to keep fota system update, you would need to usb boot the kernel instead of flashing it. Or flash it and revert it before starting fota update. Same thing for twrp.
Everything is mentioned in the first and second post.

j4nn said:
@RJASSI21, sorry, I have no experience with snapchat or whatever that is.
As mentioned in my post above, you can get very close to locked stock particularly if locked TA was restored, including fota system update possibility.
But to keep fota system update, you would need to usb boot the kernel instead of flashing it. Or flash it and revert it before starting fota update. Same thing for twrp.
Everything is mentioned in the first and second post.
Click to expand...
Click to collapse
Ok so flashing this kernel would be like having a locked bootloader with root? This includes all the same features as a locked bootloader so 960fps recording and things like that. It would make it seem like it's locked and that if you put an XZP with a locked bootloader next to one with an unlocked bootloader you wouldn't be able to tell the difference?
Is that correct? Like is there anything at all that makes it noticeable at all that it's unlocked? Sorry for all the questions I just don't want to do this and then still have the same results after.

@RJASSI21, I would say so, at least in case of XZp.
With XZ1 / XZ1c you can tell the difference with use of Android Attest Key - but if I am not mistaken, that has never been present with XZp.
See "Android Attest Key lost" xz1c thread, post#98 and following posts up to post#103.
btw, could you please avoid full quoting of just last post you are replying to?
I do not think it is that useful, if the post that has been replied to is just above it, is it?

Sure thing sorry about that but everything should be answered for me now. I was unaware when unlocking the bootloader that having a ta backup wouldn't allow me to relock it so I'm just going to relock it on my z4 tablet instead since I wanted to anyway. Thanks for all the help.

ok so updates...

Thought I read we getting a final December update.

We are, according to Google.
As for custom ROMs after the fact, most of the Android 11 versions seem to not want to include Active Edge support because it's proprietary. This is despite Active Edge functions being reverse engineered (which is, if I recall, totally legal). While a bit of a bummer, I'll have to get used to it: the 2020 Pixel models don't have Active Edge at all.

That happened rather silently, I was kind of expecting some sort of notification. Guess now I need to work out how to put a custom ROM on this thing so I get security updates, without disclosing its rooted thus breaking all my banking apps. Hopefully that's still an option, haven't rooted in years...

TheRealWhoop said:
That happened rather silently, I was kind of expecting some sort of notification. Guess now I need to work out how to put a custom ROM on this thing so I get security updates, without disclosing its rooted thus breaking all my banking apps. Hopefully that's still an option, haven't rooted in years...
Click to expand...
Click to collapse
Heres the basics of the steps forward
Going forwards only fastboot TWRP, do not install it
Backup your loved stuff on internal storage
1) unlock bootloader (instructions here)
2) reboot bootloader (at command prompt with platform tools installed: adb reboot bootloader)
3) at command prompt: fastboot boot twrp-xxxx.img
TWRP:
Walleye (Pixel 2)
Taimen (Pixel 2XL)
You want to download the latst .img file
4) wipe/factory reset accordign to ROM instructions and flash ROM (& G-Apps if needed - depending on ROM) and setup
5) reboot to bootloader adb reboot bootloader
6) fastboot twrp again fastboot boot twrp-xxxx.img
7) flash magisk (then enable MagiskHide in Magisk Manager - good enough for *most* banks - otherwise hide Magisk Manager itself, or other specific help in Magisk threads)
8) if need be (depending on ROM, some pass Safetynet out of box) use Magiskhide Props Config also in the magisk repo, to pass safetynet
9) if using Google Pay, theres a magisk module for that that i maintain. its NOT in the magisk repo (dont ask why)

TheRealWhoop said:
Guess now I need to work out how to put a custom ROM on this thing so I get security updates, without disclosing its rooted thus breaking all my banking apps.
Click to expand...
Click to collapse
You do know that installing a custom ROM doesn't require root? You simply need to unlock the bootloader, if you're not using a Verizon device that is.

Strephon Alkhalikoi said:
You do know that installing a custom ROM doesn't require root? You simply need to unlock the bootloader, if you're not using a Verizon device that is.
Click to expand...
Click to collapse
To pass safetynet and for banking (depending on the ROM), will probably need root....

Strephon Alkhalikoi said:
You do know that installing a custom ROM doesn't require root? You simply need to unlock the bootloader, if you're not using a Verizon device that is.
Click to expand...
Click to collapse
I did, long ago, but forgot Thanks for the reminder. Although as 73sydney says, sounds like I'm going to need root to get Google Pay and banking apps etc working.

TheRealWhoop said:
I did, long ago, but forgot Thanks for the reminder. Although as 73sydney says, sounds like I'm going to need root to get Google Pay and banking apps etc working.
Click to expand...
Click to collapse
I did say depending on the ROM, some ROM's will pass safetynet out of the box, others not so much

73sydney said:
I did say depending on the ROM, some ROM's will pass safetynet out of the box, others not so much
Click to expand...
Click to collapse
Interesting, was unaware of that, is this dependant on whether its a fork of the stock ROM or not? I was considering LineageOS, so presumably need the full works there.

TheRealWhoop said:
Interesting, was unaware of that, is this dependant on whether its a fork of the stock ROM or not? I was considering LineageOS, so presumably need the full works there.
Click to expand...
Click to collapse
HentaiOS, EvoX, ProtonAOSP.. all are rocking the safetynet hurdle in A11, LOS 17.1 for A10. All is not gloomy for Taimen for now atleast. However hardware-wise my device is showing its age - getting warmed up to IM apps and casual browsing , be it A10 or A11.

getting backl into custom ROMs now that the P2XL support is coming to an end - which ROMs are the most stable, most quick to be updated to the monthly security patch, and most stock-like update process (OTA-style ideally)?

2x4 said:
getting backl into custom ROMs now that the P2XL support is coming to an end - which ROMs are the most stable, most quick to be updated to the monthly security patch, and most stock-like update process (OTA-style ideally)?
Click to expand...
Click to collapse
LineageOS.

Oneplus 5t security updates vs custom ROM newbie

Hi I've never wanted to root or custom ROM. I read the instructions and they are pages deep and the issues that come up and are discussed in threads have such confusing back and forth discussions using lingo and abbreviations that make my head spin.
However... Oneplus did their last update on my 5t my fourth oneplus phone... With an already old security update.
Is the only way to not throw away a perfectly working, phone with good Ram and a fairly new battery I paid to have installed just months ago?
If I'm wanting to hold on another year or 2 use the only option custom ROMs that contain security updates?
Is there a way to add security updates without a ROM? Or maybe at least just learn to root and then add just updates or is it only in ROMs?
I could probably happily use my phone as is but worried what effect no security updates really is to my use.
I really tried videos on doing so this myself I'm not comfortable if problems happen. Not very techy.
Any help appreciated

Unfortunately you can no longer get security updates once your device is deemed as old.
Your options will be to get an antivirus app on your phone, install a custom ROM (like LOS or pixel exp), or you can get a new phone.
Since you're new to this stuff I highly recommend you just get a new phone or simply install an antivirus.
Not sure which anti virus is better than which. But I'm confident in Avira, McAfee, and Norton. You may want to purchase their plan though.
Hope I helped.

Thanks alot for the reply. I'll start with an antivirus.

Hello,
I have similar issue, since I would need security patch update to keep running company mails and apps.
I have 2 doubts:
- if I root and install Android 11 custom ROM, security patches will be updated too?
- after this, would I be able to unroot and install company mail apps ( if rooted they will not work) ?
Thanks

Personally I think that your company has put an unfair burden on you to run company mail and apps on your personal phone while expecting you to have an updated phone at the same time. An updated phone should have been "given" to you.
That being said, you can actually flash and run a custom rom without root. Root is optional.
Process is as follows: (you'll need a PC for this)
1. Backup ALL your data
2. Unlock the bootloader
3. Install custom recovery and reboot to recovery
4. Wipe cache & system and format internal memory
5. Copy custom rom & gapps to internal memory
6. Flash custom rom & gapps and reboot system

miloinodense said:
Hello,
I have similar issue, since I would need security patch update to keep running company mails and apps.
I have 2 doubts:
- if I root and install Android 11 custom ROM, security patches will be updated too?
- after this, would I be able to unroot and install company mail apps ( if rooted they will not work) ?
Thanks
Click to expand...
Click to collapse
Yes if you install custom ROM you'll have security updates. It doesn't have to be Android 11 and you don't need root to install a custom ROM.
Also make sure to follow a precise guide about it so you don't encounter any issues. Always make a backup even if you're 100% sure you won't need it.
As far as I know mail apps don't check the integrity or do a SafetyNet check, so even if you root or don't it will work fine.
If you mean banking apps then you can install some modules to bypass the check or just completely remove root. Assuming that you rooted the device.

It shows my lack of knowledge never ever did I think you could Flash a ROM without being rooted.
Thanks

I successfully installed custom ROM w/o root.
But regarding company mail apps, I would need to hide bootloader unlocked status.
maybe it's impossible, if someone has a good idea...

miloinodense said:
I successfully installed custom ROM w/o root.
But regarding company mail apps, I would need to hide bootloader unlocked status.
maybe it's impossible, if someone has a good idea...
Click to expand...
Click to collapse
My banking apps working fine without root with crdroid 7.3 and flamegapps. Might work for your company mail app too.
Some roms readily hide bootloader status

Thanks for the hint, but these company mails apps are checking security patch date too. Last available for oneplus 5t are September 2020, and no further support from oneplus.

miloinodense said:
Thanks for the hint, but these company mails apps are checking security patch date too. Last available for oneplus 5t are September 2020, and no further support from oneplus.
Click to expand...
Click to collapse
Hence that's why the burden should be on the company to provide the "up to date" phone

miloinodense said:
Thanks for the hint, but these company mails apps are checking security patch date too. Last available for oneplus 5t are September 2020, and no further support from oneplus.
Click to expand...
Click to collapse
And that's why the burden should be on the company to provide the "up to date" phone

miloinodense said:
Thanks for the hint, but these company mails apps are checking security patch date too. Last available for oneplus 5t are September 2020, and no further support from oneplus.
Click to expand...
Click to collapse
I think if you change build.prop to some other phone with recent security patches you can bypass this.

XDHx86 said:
I think if you change build.prop to some other phone with recent security patches you can bypass this.
Click to expand...
Click to collapse
Today, I was thinking that this could be good way.
Root, change build.prop, and then unroot.
If you have a link for a good tutorial on change bulid.prop would be nice, thanks.

miloinodense said:
Today, I was thinking that this could be good way.
Root, change build.prop, and then unroot.
If you have a link for a good tutorial on change bulid.prop would be nice, thanks.
Click to expand...
Click to collapse
Just for update:
I tried to Root a stock ROM, edit build.prop (security patch date), unroot, and then lock bootloader.
But even if it was a stock ROM, OP5T was not booting.
Booloader was stopping boot since it was detecting a non-stock ROM.
Indeed, I had to unbrick OP5T since I was not possible to unlock bootloader.
So, still not solved

miloinodense said:
Just for update:
I tried to Root a stock ROM, edit build.prop (security patch date), unroot, and then lock bootloader.
But even if it was a stock ROM, OP5T was not booting.
Booloader was stopping boot since it was detecting a non-stock ROM.
Indeed, I had to unbrick OP5T since I was not possible to unlock bootloader.
So, still not solved
Click to expand...
Click to collapse
Just edit build.prop and use magisk hide module from magisk manager.

XDHx86 said:
Just edit build.prop and use magisk hide module from magisk manager.
Click to expand...
Click to collapse
Edit build.prop w/o root and unlock bootloader is not possible...
Moreover, hiding root will not work with more recent android updates and for sure it will not hide unlock bootloader.

miloinodense said:
Edit build.prop w/o root and unlock bootloader is not possible...
Moreover, hiding root will not work with more recent android updates and for sure it will not hide unlock bootloader.
Click to expand...
Click to collapse
Yeah I assumed you would know that you should root first. But seeing you even attempted to lock bootloader after modifying the device, seems I assumed wrong.
Magisk hide is working fine on later android versions like 8+. And for the bootloader it only trips CTS if your bootloader is using hardware backed key - Which is the case with OP5 - as CTS check also has hardware attestation. But it is possible to bypass said check by using SafetyNet Fix module, of course you will also install that from magisk manager.

CTS profile match failed

Hi there.
I have an unrooted realme 6 pro. 2 days ago I tried to use Google pay and it did not work. It said that "You can´t pay contactless using this device. It may be rooted or running uncertified software.
I went to google play and I saw that my device is certified. After running some SafetyNet checks it says that CTS profile match failed. evakuation type: BASIC HARDWARE_BACKED. And then after reading some blogs I saw that on Google Play my netflix isn´t supported on my device although I have already installed it.
Any help or advice?
Thanks

Is your bootloader unlocked?
There's only 2 reliable ways to pass SafetyNet including CTS. The first is a completely stock device running pure OEM firmware with a locked bootloader.
The second is with Magisk, using DenyList and 2 modules: Universal SafetyNet Fix and MagiskHide Props Config.
A stock ROM on an unlocked bootloader will fail.
A custom ROM on a locked bootloader will fail.

V0latyle said:
Is your bootloader unlocked?
There's only 2 reliable ways to pass SafetyNet including CTS. The first is a completely stock device running pure OEM firmware with a locked bootloader.
The second is with Magisk, using DenyList and 2 modules: Universal SafetyNet Fix and MagiskHide Props Config.
A stock ROM on an unlocked bootloader will fail.
A custom ROM on a locked bootloader will fail.
Click to expand...
Click to collapse
I have also checked that. It has always been locked. I do not know if the problem is caused due to the new android update since is now running on android 11. Plus I dont want to root my phone

V0latyle said:
Is your bootloader unlocked?
There's only 2 reliable ways to pass SafetyNet including CTS. The first is a completely stock device running pure OEM firmware with a locked bootloader.
The second is with Magisk, using DenyList and 2 modules: Universal SafetyNet Fix and MagiskHide Props Config.
A stock ROM on an unlocked bootloader will fail.
A custom ROM on a locked bootloader will fail.
Click to expand...
Click to collapse
... You cannot have custom rom on unlocked bootloader LOL. Just saying. Unless a device is ancient, back in the days where you could run custom roms without unlocked bootloader.

JhinCuatro said:
... You cannot have custom rom on unlocked bootloader LOL. Just saying. Unless a device is ancient, back in the days where you could run custom roms without unlocked bootloader.
Click to expand...
Click to collapse
But that's the thing. I don't have a custom from. I did not root my phone. The only thing I did is to open the developer options. The bootloader was always locked. That started happening after the update to android 11. I sent my phone to the customer service now but I do not think they will do anything.

JhinCuatro said:
... You cannot have custom rom on unlocked bootloader LOL. Just saying. Unless a device is ancient, back in the days where you could run custom roms without unlocked bootloader.
Click to expand...
Click to collapse
You can, you just have to set a custom root of trust. See Android Boot Flow

V0latyle said:
You can, you just have to set a custom root of trust. See Android Boot Flow
Click to expand...
Click to collapse
Oops I misstated. I meant custom rom on locked bootloader**.

manu3732 said:
But that's the thing. I don't have a custom from. I did not root my phone. The only thing I did is to open the developer options. The bootloader was always locked. That started happening after the update to android 11. I sent my phone to the customer service now but I do not think they will do anything.
Click to expand...
Click to collapse
Same problem with my OnePlus Nord.

oOEDGUYOo said:
Same problem with my OnePlus Nord.
Click to expand...
Click to collapse
Did you find any fix yet... Am having the same issue

happy619 said:
Did you find any fix yet... Am having the same issue
Click to expand...
Click to collapse
I ended up installing the Pixel Experience rom. It was the only way to fix it

oOEDGUYOo said:
I ended up installing the Pixel Experience rom. It was the only way to fix it
Click to expand...
Click to collapse
I have been on custom ROMs for over 6 months on nord ... Some have bad update cycles .. Some are unstable and many more issues although my Device was certified

I have the same problem, bootloader is normally unlocked and I have Universal SafetyNet Fix and MagiskHide Props Config installed, using lineage 18.1 on my redmi 9 pro device

I have flashed both ...( Magisk hide prop conf & universal safety net )
But still "CTS failed, can somebody help me please....

I have this problem too. Any solutions ? I tried magisk with prop conf and safety net-fix and still have cts failed...

Finally success
of course magisk with deny list setup and the rest
1. remove universal safety fix
2. reboot
3. install displax fork mod 3.0 here
4. reboot
5. clear cache from google wallet

The rest ? What you mean ? Cause i have problem with CTS failed and im desperatly looking for solution

Oshvitzon said:
Finally success
of course magisk with deny list setup and the rest
1. remove universal safety fix
2. reboot
3. install displax fork mod 3.0 here
4. reboot
5. clear cache from google wallet
Click to expand...
Click to collapse
The rest ? What you mean ? Cause i have problem with CTS failed and im desperatly looking for solution

Mrlama112 said:
The rest ? What you mean ? Cause i have problem with CTS failed and im desperatly looking for solution
Click to expand...
Click to collapse
The regular instructions:
Magisk with zygisk , hide app , configure deny list and then as i said in the previous post

Oshvitzon said:
Finally success
of course magisk with deny list setup and the rest
1. remove universal safety fix
2. reboot
3. install displax fork mod 3.0 here
4. reboot
5. clear cache from google wallet
Click to expand...
Click to collapse
Thank you! Worked like a charm! IDK why my CTS Profile suddenly started failing, but this seemed to have fixed it.

Oshvitzon said:
Finally success
of course magisk with deny list setup and the rest
1. remove universal safety fix
2. reboot
3. install displax fork mod 3.0 here
4. reboot
5. clear cache from google wallet
Click to expand...
Click to collapse
Thanks so much it worked well. Am I able to update the Google Wallet without it affecting the mod 3.0?