Remove All Ads from XDA
Honor 7x
Win an Honor 7X!

[UNOFFICIAL][2016-Nov-02]Xposed build that passes SafetyNet while enabled and active

189 posts
Thanks Meter: 48
 
By josephcsible, Senior Member on 3rd November 2016, 03:33 AM
Post Reply Email Thread
UPDATE: Not even 24 hours and it fails SafetyNet now. I'm currently working on another solution.

Hi all. Long time lurker, first time developer. I created a modified version of the Xposed Framework that doesn't cause you to fail SafetyNet, even while it's enabled and active. Instructions:
  1. Remove any existing Xposed versions
  2. Get your phone in a state where it passes SafetyNet without Xposed (install a custom kernel to hide an unlocked bootloader, hide root with RootSwitch, etc.)
  3. Install the Xposed Installer app if you don't already have it
  4. Go to https://github.com/josephcsible/Xpos...eases/tag/v86a and download xposed-v86a-safetynet-josephcsible-sdk23-arm.zip
  5. Flash xposed-v86a-safetynet-josephcsible-sdk23-arm.zip from recovery
  6. Wipe cache and dalvik
  7. Reboot
You should now have Xposed installed and enabled, with all of your modules working, without failing SafetyNet. Notes:
  • Do not turn off Xposed with RootSwitch with this build. It will probably break things because of differences in how app_process sits, and the entire point of this build is that you don't need to do this.
  • The only build I made was for ARM and Marshmallow, because that's all I have to test on
  • The official uninstaller won't work right with this version, so use my version of the uninstaller instead
  • This passes SafetyNet as of November 2nd. It probably won't for very long.
Technical details:
  • I made this build by compiling my own app_process, then editing it into the stock installer zip. I didn't recompile anything else or use the tools to make the zip.
  • app_process32 is now a regular file instead of a symlink to app_process32_xposed.
  • XposedBridge.jar is now called YqptfeBridge.jar (since SafetyNet checks the classpath for a file called XposedBridge.jar)
  • I obfuscated many of the strings in the app_process binary with a simple Caesar cipher. The source for this is in the GitHub with the download link.
Enjoy it while it lasts!
The Following 4 Users Say Thank You to josephcsible For This Useful Post: [ View ] Gift josephcsible Ad-Free
 
 
3rd November 2016, 04:34 AM |#2  
aviraxp's Avatar
Senior Member
Flag Beijing
Thanks Meter: 521
 
More
Great work, thanks! Though I think the method is kind of dirty.
3rd November 2016, 04:36 AM |#3  
OP Senior Member
Thanks Meter: 48
 
More
Yeah, but I'm not overly concerned since I expect at best a few weeks before it gets patched and I have to redo it all anyway.
4th November 2016, 12:29 AM |#4  
Senior Member
Flag Strasbourg
Thanks Meter: 6
 
More
Quote:
Originally Posted by aviraxp

Great work, thanks! Though I think the method is kind of dirty.

You mean that it's not good to install it ?
4th November 2016, 12:31 AM |#5  
OP Senior Member
Thanks Meter: 48
 
More
Quote:
Originally Posted by MrMikeTyson

You mean that it's not good to install it ?

He means in terms of code quality and maintainability from developers' standpoints. It's perfectly fine from the users' ends.
4th November 2016, 12:34 AM |#6  
Senior Member
Flag Strasbourg
Thanks Meter: 6
 
More
Quote:
Originally Posted by josephcsible

He means in terms of code quality and maintainability from developers' standpoints. It's perfectly fine from the users' ends.

Ah ! Okay !! What about safetynet not passing ? See screenshots... What can i do please ?
Attached Thumbnails
Click image for larger version

Name:	viber image.jpg
Views:	412
Size:	149.5 KB
ID:	3925435   Click image for larger version

Name:	viber image1.jpg
Views:	406
Size:	209.1 KB
ID:	3925436  
4th November 2016, 12:43 AM |#7  
OP Senior Member
Thanks Meter: 48
 
More
Quote:
Originally Posted by MrMikeTyson

Ah ! Okay !! What about safetynet not passing ? See screenshots... What can i do please ?

It no longer passes for me either. I can't believe Google fixed it so fast. I'm working on another release now.
4th November 2016, 12:44 AM |#8  
Senior Member
Flag Strasbourg
Thanks Meter: 6
 
More
Quote:
Originally Posted by josephcsible

It no longer passes for me either. I can't believe Google fixed it so fast. I'm working on another release now.

Okay, i'll wait it and good luck for your work
4th November 2016, 01:49 AM |#9  
OP Senior Member
Thanks Meter: 48
 
More
Status update: My app_process is still not detected at all. It's now detecting something that's happening in Java (XposedBridge).
4th November 2016, 07:55 AM |#10  
aviraxp's Avatar
Senior Member
Flag Beijing
Thanks Meter: 521
 
More
Quote:
Originally Posted by josephcsible

Status update: My app_process is still not detected at all. It's now detecting something that's happening in Java (XposedBridge).

So it means you cannot just rename the method/class, if I am right?
5th November 2016, 06:36 AM |#11  
OP Senior Member
Thanks Meter: 48
 
More
Quote:
Originally Posted by aviraxp

So it means you cannot just rename the method/class, if I am right?

I tried stubbing out the main method in XposedBridge to just call the real main method, and that made it pass. That leads me to conclude that it's a behavior thing and not a name thing.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes