SafetyNet CTS profile match false

emuandco

Senior Member
Aug 29, 2009
1,122
495
0
34
Steinfeld
www.dreimer.de
What I can tell you, Busybox is not the problem in my case. Fully unrooted und un-busyboxed my Note3 (see sig) by modding the ROM I use pre-flash, wiped /system and put it on there with TWRP. Nope. I am close to think that there's some thing custom ROMs pass to Google by SafetyNet and are being detected as not official by that. The fingerprint (In my case "samsung/hero2ltexx/hero2lte:6.0.1/MMB29K/G935FXXU1APEK:user/release-keys") compared to H/W maybe...
 
  • Like
Reactions: _M4rc05_

xstahsie

Senior Member
May 6, 2010
451
85
48
This thread is dedicated to understanding what is causing the SafetyNet to report the CTS profile match as false.

View attachment 3902690

I tried unrooting and flashing a new kernel, but the error remains.

Anyone knows what does it check?


@Tesla
@xstahsie
Assuming you have made a NANDROID backup via TWRP when the phone was unrooted, simply restore "boot" from your backup. If you don't have a copy, you'll need to reflash your ROM. And if you have to do that, just flash boot and system.

Sent from my Nexus 6P using Tapatalk
 
Assuming you have made a NANDROID backup via TWRP when the phone was unrooted, simply restore "boot" from your backup. If you don't have a copy, you'll need to reflash your ROM. And if you have to do that, just flash boot and system.

Sent from my Nexus 6P using Tapatalk
Phone was rooted on second boot.

I will try to flash a stock kernel when i return home, but i don't expect much.

Flashing stock system is definitely not an option, do you think dirtyflash will work?

Sent from my Xperia Z5 using Tapatalk
 

xstahsie

Senior Member
May 6, 2010
451
85
48
Phone was rooted on second boot.

I will try to flash a stock kernel when i return home, but i don't expect much.

Flashing stock system is definitely not an option, do you think dirtyflash will work?

Sent from my Xperia Z5 using Tapatalk
I've dirty flash system on LG G3 many times without any issues. Just wipe cache afterward.

Sent from my Nexus 6P using Tapatalk
 
@AbiDez , @Boosik , @asdone001 check here, we all have the same problem!

anyone here tried switching SELinux mode as phhuson suggested?

For people for which SafetyNet fails, is /sys/fs/selinux/enforce or policy readable by an application?
On standard Android it's not readable, but perhaps that's the difference on your devices.
here is a guide:

Code:
$ getenforce
This prints SELinux mode. (Permissive or Enforcing)

Code:
$ su
# setenforce 1
This will set SELinux mode Enforcing.
or try

Code:
# setenforce Enforcing
my kernel is set to permissive and I can't switch it, i will try to flash stock and report back.
 
  • Like
Reactions: Yanai1701

ccav2000

Senior Member
Dec 19, 2010
2,057
1,122
0
Manga Cafe
@AbiDez , @Boosik , @asdone001 check here, we all have the same problem!

anyone here tried switching SELinux mode as phhuson suggested?

my kernel is set to permissive and I can't switch it, i will try to flash stock and report back.
Already tried it, but not with those commands. I switched from an unofficial CM13 ROM with SElinux set to permissive to an official CM13 nightly with SElinux set to enforcing. I removed root and bam, Safety Net check passes all checks now.
 

Boosik

Senior Member
Feb 13, 2011
218
67
0
Prague
@sakis_the_fraud
My kernel is
.
On pure stock rom with stock recovery without root - SafetyNet is all green, PoGo works.
On stock rom with TWRP without root - SafetyNet is all green, PoGo works.
On stock rom with TWRP and superuser-r266-hidesu - SafetyNet is red (CTS profile match: false), PoGo doesn't work.

My superuser-r266-hidesu config is "eng noverity crypt hidesu".

But as phh asked "/sys/fs/selinux/enforce" is readable on my device, I can open it in SE File Explorer (contains 1). "/sys/fs/selinux/policy" gives me access denied.

---------- Post added at 01:38 PM ---------- Previous post was at 12:39 PM ----------

Fixed it by setting my superuser-r266-hidesu to verity (was using noverity to be able to mount /system as rw).
 
Last edited:
  • Like
Reactions: sakis_the_fraud
My superuser-r266-hidesu config is "eng noverity crypt hidesu".

Fixed it by setting my superuser-r266-hidesu to verity (was using noverity to be able to mount /system as rw).
great info, we are getting somewhere. :good:

could you tell me how to change this setting?

Also, you could try with "noverity setting" to use the "root switch" from shakalaca.
You can find the latest version here at post no: 263. ;)
 

Boosik

Senior Member
Feb 13, 2011
218
67
0
Prague
great info, we are getting somewhere. :good:

could you tell me how to change this setting?

Also, you could try with "noverity setting" to use the "root switch" from shakalaca.
You can find the latest version here at post no: 263. ;)
Open the superuser-r266-hidesu.zip archive and there is config.txt file. Open it and there are some words "eng verity crypt hidesu" I had it set to "noverity" it has to be "verity". Also root switch app doesn't seem to work with phh's superuser.
 
Open the superuser-r266-hidesu.zip archive and there is config.txt file. Open it and there are some words "eng verity crypt hidesu" I had it set to "noverity" it has to be "verity". Also root switch app doesn't seem to work with phh's superuser.
thanks!

I see that the default option is verity, but it isn't passing the CTS profile match for me.

have you tried with chainfire's root and hidesu, maybe got some luck with that!
 

Boosik

Senior Member
Feb 13, 2011
218
67
0
Prague
thanks!

I see that the default option is verity, but it isn't passing the CTS profile match for me.

have you tried with chainfire's root and hidesu, maybe got some luck with that!
Unfortunately chainfires su 2.78-SR1 has huge performance hit on my phone for some reason and makes it nearly unusable, so that is no option for me.

---------- Post added at 02:29 PM ---------- Previous post was at 02:27 PM ----------

Are you using Magisk?
I do not use it.
I have stock rom and flashed superuser-r266-hidesu.zip nothing else. Everything works fine now.
 
Unfortunately chainfires su 2.78-SR1 has huge performance hit on my phone for some reason and makes it nearly unusable, so that is no option for me.
i haven't tried it yet, reading about systemless install and the rest procedure.

what device are you using?
Are you using Magisk?
I do not use it.
I have stock rom and flashed superuser-r266-hidesu.zip nothing else. Everything works fine now.
no.

here are the setups I have tried

2016-10-14_15-25-03.jpg
 

Boosik

Senior Member
Feb 13, 2011
218
67
0
Prague
i haven't tried it yet, reading about systemless install and the rest procedure.

what device are you using?

no.

here are the setups I have tried

View attachment 3903539
My device is Huawei Mate 8 (NXT-L29C432)

AFAIK "dm verity" has to be on for CTS to pass.

---------- Post added at 02:39 PM ---------- Previous post was at 02:35 PM ----------

Is your current phone Sony Z5?

On the Magisk page, there is something about Sony kernels being unpatchable, maybe that is the problem why your phone does not boot while trying it with dm verity on?

Sony devices generally: Sony devices seems to use ELF kernel that is unpatchable, or some has two ramdisks (inner + outer), both requires different workarounds, if you know any addition quirks about Sony boot image modifications, please contact me
 
Last edited:
AFAIK "dm verity" has to be on for CTS to pass.
If yes, I'm screwed! I have no clue why it doesn't boot with that on!

Is your current phone Sony Z5?

On the Magisk page, there is something about Sony kernels being unpatchable, maybe that is the problem why your phone does not boot while trying it with dm verity on?
yes, but there is a tool that can patch the kernel and edit those kind of things such as dm verity, sony ric, root, twrp etc.

2016-10-14_15-45-13.jpg

also, magisk was working fine on my phone, i was using it before turning to phh's v266.
 

javaxcore

New member
Aug 13, 2015
1
0
0
What does it mean if its says this and my phone is still vanilla.as in never been rooted or used thirdparty apps or that sort of stuff

Sent from my Elite 5 using Tapatalk