Remove All Ads from XDA
Honor View 10

Why Does XPosed Always Trip SafetyNet?

60 posts
Thanks Meter: 7
 
By gudenau, Member on 2nd September 2017, 07:14 AM
Post Reply Email Thread
10th September 2017, 06:37 PM |#11  
Senior Member
Thanks Meter: 79
 
More
Quote:
Originally Posted by aer0zer0

Maybe @topjohnwu can explain better here

he did: https://forum.xda-developers.com/sho...postcount=4200

Quote:

Systemless Xposed cannot pass SafetyNet!!! SN checks the running Zygote process, it is not as simple as unmounting the files to hide it!

 
 
10th September 2017, 06:46 PM |#12  
aer0zer0's Avatar
Senior Member
Flag Cortland NY
Thanks Meter: 929
 
More
Quote:
Originally Posted by lover

he did: https://forum.xda-developers.com/sho...postcount=4200

Lol, already saw that (it was in my earlier explanation) I think others in this thread want a more nuts and bolts answer.
10th September 2017, 06:52 PM |#13  
Senior Member
Flag Munich
Thanks Meter: 464
 
More
Quote:
Originally Posted by aer0zer0

I think others in this thread want a more nuts and bolts answer.

That would actually be awesome.


Gesendet von meinem Moto G 2014 LTE mit Tapatalk
11th September 2017, 03:57 AM |#14  
OP Member
Thanks Meter: 7
 
More
Quote:
Originally Posted by aer0zer0

safetynet checks the zygote, which xposed modifies to work, thats why it trips, be it system or systemless, it didnt used to. Safetynet has evolved

Quote:
Originally Posted by lover

he did: https://forum.xda-developers.com/sho...postcount=4200

Sure it checks it, but what does it look for? I want to know exactly what it does, as I said in the first post.
The Following User Says Thank You to gudenau For This Useful Post: [ View ] Gift gudenau Ad-Free
12th September 2017, 06:46 AM |#15  
Senior Member
Thanks Meter: 79
 
More
Quote:
Originally Posted by gudenau

Sure it checks it, but what does it look for? I want to know exactly what it does, as I said in the first post.

I am not the right person to answer
13th September 2017, 04:32 AM |#16  
Jacte's Avatar
Junior Member
Flag Ankara/Antalya
Thanks Meter: 9
 
More
Nice thread going on here. Hope someone could explain the anathomy of SafetyNet and how does it check Zygote.
The Following 5 Users Say Thank You to Jacte For This Useful Post: [ View ] Gift Jacte Ad-Free
10th January 2018, 01:37 AM |#17  
CosmicDan's Avatar
Senior Member
Flag Sydney
Thanks Meter: 4,253
 
Donate to Me
More
Quote:
Originally Posted by gudenau

Sure it checks it, but what does it look for? I want to know exactly what it does, as I said in the first post.

I believe if anybody actually KNEW this answer, they'd be able to spoof it. It could be some kind of tamper-detection stuff on the level that serious hackers use (e.g. measuring execution time of an arbitrary method), or it could be specifically design to detect Xposed (it is opensource after all).

This is one of those things where if you have to ask the question, the answer is probably beyond your expertise.
The Following 3 Users Say Thank You to CosmicDan For This Useful Post: [ View ] Gift CosmicDan Ad-Free
10th January 2018, 05:57 AM |#18  
Thaodan's Avatar
Senior Member
Thanks Meter: 19
 
More
I'm watching this talk from 34c3.
Maybe this would explain/help on under standing saftynet.
https://media.ccc.de/v/34c3-8725-ins...ck_and_defense
The Following 2 Users Say Thank You to Thaodan For This Useful Post: [ View ] Gift Thaodan Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes