[Mod][Systemless Root][Pixel/Pixel XL] TetherMod - Bypass provisioning checks.

[Fenny]

This guide presupposes that you have Supersu installed as systemless, and that you have access to adb.

This will bypass provisioning checks for builtin tether app. The modded apk should work with future updates without touching /system at all.

Installation

Method 1 - Manual install
Download the attached CarrierEntitlement apk.

If you have su.img su:

adb push CarrierEntitlement.apk /sdcard/CarrierEntitlement.apk
adb shell
su
mkdir /su/CarrierEntitlement
cp /sdcard/CarrierEntitlement.apk /su/CarrierEntitlement/CarrierEntitlement.apk
chmod 644 /su/CarrierEntitlement/CarrierEntitlement.apk
echo "mount -o bind /su/CarrierEntitlement/CarrierEntitlement.apk /system/priv-app/CarrierEntitlement/CarrierEntitlement.apk" > /su/su.d/05TetherMod
chmod +x /su/su.d/05TetherMod
reboot

If you have sbin su (Android 8.0+)

adb push CarrierEntitlement.apk /sdcard/CarrierEntitlement.apk
adb shell
su
mkdir /sbin/supersu/CarrierEntitlement
cp /sdcard/CarrierEntitlement.apk /sbin/supersu/CarrierEntitlement/CarrierEntitlement.apk
chmod 644 /sbin/supersu/CarrierEntitlement/CarrierEntitlement.apk
echo "mount -o bind /sbin/supersu/CarrierEntitlement/CarrierEntitlement.apk /system/priv-app/CarrierEntitlement/CarrierEntitlement.apk" > /sbin/supersu/su.d/05TetherMod
chmod +x /sbin/supersu/su.d/05TetherMod
reboot

Method 2 - Flashable Zip (su.img only)

1. Download attached zip. 
2. Flash in TWRP (Last tested in alpha 2)

Information

This mod is accomplished by replacing the following function:

.method public static getCarrierEntitlement(Landroid/content/Context;)Lcom/google/android/carrierentitlement/CarrierEntitlement;
    .registers 2
    .param p0, "context"    # Landroid/content/Context;
    .prologue

    .line 56
    const/4 v0, 0x0

    return-object v0
.end method

NOTE: Post install
You may need to edit your APNs to get tethering working for your carrier.

On sprint, where editing APNs is disabled, the fix is here: Sprint Fix
Be sure to thank @Builtfordtough1 for all his help in diagnosing the issue at this post: The Solution!

Be sure to thank sb1893 for sbin su instructions.

 

[madroix]

Worked Perfectly

This worked perfectly. Fantastic job!

 

[coolhandz]

So I am on stock with unlocked bootloader, twrp installed, and rooted with SuperSU. Because this is an apk file, do i just download onto the phone and install as I would with any other .apk file?

 

[pcriz]

So I am on stock with unlocked bootloader, twrp installed, and rooted with SuperSU. Because this is an apk file, do i just download onto the phone and install as I would with any other .apk file?

The directions clearly state in adb speak that you need to create a directory for the file. Move to said directory, change permissions, etc etc. Nothing about installing via the apk.

 

[coolhandz]

The directions clearly state in adb speak that you need to create a directory for the file. Move to said directory, change permissions, etc etc. Nothing about installing via the apk.

well, i can follow basic commands in minimal adb & fastboot. I think this may be above me unless there is an idiots' guide.

 

[pcriz]

well, i can follow basic commands in minimal adb & fastboot. I think this may be above me unless there is an idiots' guide.

Do you have access to adb? They are pretty straight forward. May need to view them on the website but if you are using an app it may throw the word wrap off and make the commands seem confusing. The directions are pretty word for word.

 

[coolhandz]

Do you have access to adb? They are pretty straight forward. May need to view them actually on the website but if you are using an app it may throw the word wrap off and make the commands seem confusing. The directs are pretty word for word.

If by adb you mean minimal adb & fastboot, then yes I have access and I could probably brave it.

 

[pcriz]

If by adb you mean minimal adb & fastboot, then yes I have access and I could probably brave it.

I wouldn't suggest doing it how I did it but I downloaded the file to my phone. I created the directory using a root enabled file browser (see mkdir command {make directory}). I even used the file properties option in solid explorer to change the permissions (see chmod 644). Every other command I did on the phone from a terminal emulator. Just had to ignore the adb shell command because I am actually doing them on the device and not through a shell on my computer.

 

[coolhandz]

I wouldn't suggest doing it how I did it but I downloaded the file to my phone. I created the directory using a root enabled file browser (see mkdir command {make directory}). I even used the file properties option in solid explorer to change the permissions (see chmod 644). Every other command I did on the phone from a terminal emulator. Just had to ignore the adb shell command because I am actually doing them on the device and not through a shell on my computer.

yeah, all that is definitely outside of my comfort zone, but thank you for the info.

 

[njeri123]

Can you normally update your device with OTA-updates like a un-rooted device, without flashfire or connect to your computer?

 

[airmaxx23]

Is there an advantage to doing this over adding "net.tethering.noprovisioning=true" to the build.prop file?

 

[Fenny]

Is there an advantage to doing this over adding "net.tethering.noprovisioning=true" to the build.prop file?

This mod is systemless, and should survive OTAs. That mod changes the build.prop on the system partition, which could prevent taking OTAs.

Can you normally update your device with OTA-updates like a un-rooted device, without flashfire or connect to your computer?

Any modification to the boot image *should* prevent OTAs from working at all. However, you can flash back to stock boot images, and take OTAs as long as you have not modified /system, which this mod does not do.
Furthermore, as long as you don't wipe /data/ this mod will live in su.img and survive when you flash newer system software.

 

[airmaxx23]

This mod is systemless, and should survive OTAs. That mod changes the build.prop on the system partition, which could prevent taking OTAs.



Any modification to the boot image *should* prevent OTAs from working at all. However, you can flash back to stock boot images, and take OTAs as long as you have not modified /system, which this mod does not do.
Furthermore, as long as you don't wipe /data/ this mod will live in su.img and survive when you flash newer system software.

Thanks for the explanation, I removed the build.prop line and used this method and it's working fine. Thank you.

 

[coolhandz]

@Fenny

Thank you so much for putting this into a .zip file. It is greatly appreciated!

 

[ddarvish]

is there a non root method to bypass the checks? i dont plan on unlocking or rooting since i use android pay...

 

[Fenny]

is there a non root method to bypass the checks? i dont plan on unlocking or rooting since i use android pay...

I also use Android pay, so I have two boot images ready to fastboot or flash. I have a boot image with root, and a boot image without root running a kernel that hides the bootloader unlocked flag.

So, the way I handle this, I flash the unrooted (bootloader flag hidden) image as my daily driver kernel, this passes safetynet, and allows me to use Android pay.

I make a backup of that boot image. Then, I install TWRP, my custom kernel, and SuperSU. I make a backup of that image as well.

So I have two backed up boot images:

rooted.img
HideBLUnlock.img

I flash HideBLUnlock.img to boot a, and boot b, safetynet passes.
Whenever I need to tether I have my computer with me, so I "fastboot boot rooted.img" which leaves me rooted until my next reboot.

Depending on your usage you might want to reverse that.

All my mods get stored in su.img, so switching out the boot images is all I need to have the best of both worlds.

 

[Ocelot13]

Is it possible to fastboot boot twrp and flash the zip without being rooted or having twrp actually installed? O unlocked my bootloader but that's been it

 

[Fenny]

Is it possible to fastboot boot twrp and flash the zip without being rooted or having twrp actually installed? O unlocked my bootloader but that's been it

You can use the fastboot twrp image to install this mod but you MUST have SuperSu. I have basic validation to check that in my update.zip. If you don't have a su.img in /cache or /data, this mod cannot be installed.

 

[JJT211]

Flashed via TWRP and now i finally have a fully functioning hotspot!!

 

[IceNova]

I also use Android pay, so I have two boot images ready to fastboot or flash. I have a boot image with root, and a boot image without root running a kernel that hides the bootloader unlocked flag.

So, the way I handle this, I flash the unrooted (bootloader flag hidden) image as my daily driver kernel, this passes safetynet, and allows me to use Android pay.

I make a backup of that boot image. Then, I install TWRP, my custom kernel, and SuperSU. I make a backup of that image as well.

So I have two backed up boot images:

rooted.img
HideBLUnlock.img

I flash HideBLUnlock.img to boot a, and boot b, safetynet passes.
Whenever I need to tether I have my computer with me, so I "fastboot boot rooted.img" which leaves me rooted until my next reboot.

Depending on your usage you might want to reverse that.

All my mods get stored in su.img, so switching out the boot images is all I need to have the best of both worlds.

This is facinating, do you ever think where we can use boot a and boot b in a multiboot like fashion so that when you turn on the device you can choose what to boot?