Explore possibility of passing SafetyNet

[petefoth]

• /e/OS do it
• IodéOS do it
• FlameFire's Unofficial LOS ROM for lilac does it

Can we use one of those approaches with our builds so that they pass SafetyNet?

[petefoth]

• Flamefire's approach: this patch: https://github.com/Flamefire/android_device_sony_lilac/blob/lineage-20/patches/make-snet-pass.patch, based on
  • https://protonaosp.org/developers/details/safetynet

Squash of:
"Spoof build fingerprint for Google Play Services" ProtonAOSP/android_frameworks_base@14cadef1690f
"keystore: Block key attestation for SafetyNet" ProtonAOSP/android_frameworks_base@13dc7d28c12d
Combined with code from:
https://github.com/chiteroman/PlayIntegrityFix
https://github.com/osm0sis/PlayIntegrityFork

[Forage]

For what it's worth, the chiteroman PlayIntegrityFix Magisk module works like a charm on my OnePlus 6 (enchilada) with your LOS21 builds.
I realise the Magisk route is not what you're after, build I figured I'd mention it for reference.

[videoman614]

Sadly PlayIntegrityFix no longer works for me, was looking at TrickyStore but not sure if it works with MicroG but from the readme, this might be something to look in to.

If you are using a custom ROM and it passes Play Integrity (BASIC & DEVICE) by default, there is a good chance that this module won't work for you as your ROM is probably blocking Key Attestation. To see if your ROM is compatible, look in the android_frameworks_base repo of your ROM and search for PixelPropsUtils or setProps.

To fix this issue, search for engineGetCertificateChain in that repo and see if there's some block of code that throws an exception if some condition that checks if it's related to key attestation (e.g. PixelPropsUtils.getIsKeyAttest() or isCallerSafetyNet()) is filled. You can delete this block of code and build your ROM yourself, or submit a commit to the maintainer of your ROM to add, for example, a system property to enable/disable this blocking. See this commit for reference.

This looks promising, hopefully for us with MicroG passing this asinine system might be finally possible until google breaks it again Spoof locked bootloader on local hardware attestations

[BurhanBudak]

Sadly PlayIntegrityFix no longer works for me, was looking at TrickyStore but not sure if it works with MicroG but from the readme, this might be something to look in to.

If you are using a custom ROM and it passes Play Integrity (BASIC & DEVICE) by default, there is a good chance that this module won't work for you as your ROM is probably blocking Key Attestation. To see if your ROM is compatible, look in the android_frameworks_base repo of your ROM and search for PixelPropsUtils or setProps.

To fix this issue, search for engineGetCertificateChain in that repo and see if there's some block of code that throws an exception if some condition that checks if it's related to key attestation (e.g. PixelPropsUtils.getIsKeyAttest() or isCallerSafetyNet()) is filled. You can delete this block of code and build your ROM yourself, or submit a commit to the maintainer of your ROM to add, for example, a system property to enable/disable this blocking. See this commit for reference.

This looks promising, hopefully for us with MicroG passing this asinine system might be finally possible until google breaks it again Spoof locked bootloader on local hardware attestations

Isnt the issue with MicroG phones(not Sandboxed GMS like in GOS) don't or can't install a gapps package that handles the Play Integrity API. If I'm right, we only need a Google Play Store that is good enough for modded users.