<sagematt>
Hmmmmmmmmmmmm I wonder if I have to go back to the previous ROM version I was using (with Android 10).
<sagematt>
Any hard changes with how SafetyNet attestation works between 10 and 11?
<LuK1337>
uh i doubt it decided to fail because of snet
<sagematt>
because that's the only thing that changed in my phone, it was unrooted before and it is unrooted now
<sagematt>
ugh I really don't want to do a downgrade...
<LuK1337>
duo/sources/c/d/a/b/c/h.java
<LuK1337>
59: return a || !"user".equals(Build.TYPE);
<LuK1337>
so try replacing ro.build.type with user
<sagematt>
Hmm
<sagematt>
What's the best way to change that prop without rooting? (that being said at this point since app says I'm not passing safetynet I might as well just try to circumvent with magisk)
<LuK1337>
are you on custom rom?
<sagematt>
Sort of. Xiaomi.eu
<LuK1337>
uh
<LuK1337>
can you mount system rw from somewhere?
<sagematt>
Could I do it via TWRP?
<LuK1337>
maybe
<LuK1337>
tho
<sagematt>
I mean, I know I can, I'm just curious about changes being persistent.
<LuK1337>
xiaomi.eu
<LuK1337>
should be -user
<sagematt>
so let me do getprop first then
<sagematt>
yup it's ro.build.type=user
<LuK1337>
and verifiedbootstate is green?
<sagematt>
How can I check this? I was using YASNAC.
<LuK1337>
getprop
<sagematt>
ah
<sagematt>
yeah it's green
<LuK1337>
do you see anything in locat
<LuK1337>
logcat*
<LuK1337>
coming from duo pid?
<sagematt>
let's see
<LuK1337>
ah also were you passing snet from the very beginning?
<LuK1337>
or you just made it pass?
<sagematt>
I wasn't even checking if it was passing in the first place, since the app worked just fine
<sagematt>
so I can only assume it was
<sagematt>
other than having the xiaomi.eu installed, nothing additional was done to it
<sagematt>
hmmmmmmmmmmmm
<LuK1337>
idk
<LuK1337>
but with google pay
<LuK1337>
if i fail snet at some point
<LuK1337>
then it caches that...
<sagematt>
that's probably it then
<LuK1337>
and i have to wipe gms app data
<LuK1337>
then reboot
<LuK1337>
and add my card aain
<LuK1337>
again
<sagematt>
I'll try that and see what happens
<sagematt>
I'm using another phone that is actually rooted and using the app
<sagematt>
and it was initially showing as rooted
<sagematt>
enabled magiskhide, riru-unshare, Duo is not detecting root anymore
<sagematt>
and safetynet is passing now but Duo is still showing as if it's not passing
<sagematt>
so it might be that
<sagematt>
alright
<sagematt>
say I flash los 18.1 on my main phone
<sagematt>
what else would you recommend I install so I don't trip safetynet?
<LuK1337>
ih8sn/magisk is enough
<LuK1337>
honestly, snet is nothing
<sagematt>
it's a mi 9t pro, I understand it's not an officially supported lineageos device
<sagematt>
"officially"
<sagematt>
(I'm actually surprised it isn't)
<LuK1337>
i'm not
<LuK1337>
xiaomi maintainers suck
<sagematt>
what is it, not having a maint-
<sagematt>
I see
<LuK1337>
there's always like three different groups working on their trees
<LuK1337>
and they bully whoever tries to go official
<LuK1337>
lmao
<sagematt>
ha
<sagematt>
well I hope I can fix this Duo issue without having to resort to my company's IT
<sagematt>
because
<LuK1337>
and whoever goes official loses interest after a month
<sagematt>
I use Duo as 2FA for my VPN access
<sagematt>
and I need VPN access to open an IT ticket
<sagematt>
so if I can't fix it I'm s.o.l LOL
<sagematt>
(I can open a ticket via phone but that's annoying, long wait times)
<sagematt>
but still, opening a ticket to restore my Duo account would require me to having a working phone for Duo
<sagematt>
oh man
<sagematt>
I just remembered I ran a backup on TWRP
<sagematt>
and then I remembered I formatted data like an hour after to test something without retrieving said backup LOL
<sagematt>
oof
<LuK1337>
cool
<sagematt>
I'll just try to go back to my my previous xiaomi.eu build with android 10 from december 2020
<sagematt>
and see if I can make this work again
<LuK1337>
did you see anything in logcat btw?
<sagematt>
ah, right
<sagematt>
how do I get the PID again?
<sagematt>
ps aux is what I'd use on a linux box but that's showing me fuck all at the moment
<sagematt>
despite being in a root shell
<LuK1337>
ps -A
<LuK1337>
android has stupid unix/bsd/posix ps
<LuK1337>
whatever they call stupid non-gnu without many options one
<sagematt>
or at least that's what I'm reading in the log
<LuK1337>
never tried firebase logging
<sagematt>
11-12 09:09:42.300 8695 8722 I FA : To enable debug logging run: adb shell setprop log.tag.FA VERBOSE
<LuK1337>
yeah i read it
<sagematt>
I'll try in a bit I'm solving something from work atm
<sagematt>
alright, so
<sagematt>
since I was flashing my phone, I installed the app on a backup phone, that is rooted
<sagematt>
apparently the app detects that one of my phones is rooted and invalidates my 2FA on all of them lol?
<sagematt>
anyhow I deleted the app from both phones, and reactivated it on the one that's not rooted
<sagematt>
it's no longer complaining that safetynet attestation failed
<sagematt>
it's still showing a warning that deviced is "rooted or tampered"
<sagematt>
while it also shows that it is not rooted, haha
<sagematt>
I hate this app so much ^^;
<sagematt>
for now I've decided to avoid any workaround and either try to make it work on this phone as-is, or flash to A10 and try again
<sagematt>
worst case scenario, I'll flash stock
<sagematt>
<sagematt> it's no longer complaining that safetynet attestation failed <-- And I said this but a couple minutes later it showed the warning again
<sagematt>
I'm downgrading to the previous ROM that worked
<LuK1337>
cursed software
<sagematt>
can't be arsed to tinker with this much longer since I need to connect to my work VPN lol
<sagematt>
I will try putzing around with it tomorrow (saturday) since I'm not in a hurry to connect to my work VPN then
<sagematt>
but at the very least I need to confirm this can still work with the previous ROM so I can have that as a fallback
<sagematt>
and then I can fuck around all I want tomorrow
<sagematt>
LuK1337, do you use lineageos recovery or another recovery?
<sagematt>
just curious
<LuK1337>
lineage recovery
<LuK1337>
tho i mostly use fastbootd
<sagematt>
hmm?
<sagematt>
as in you flash directly from fastboot?
<LuK1337>
fastboot in userspace (recovery)
<sagematt>
ohh?
<LuK1337>
yeah
<LuK1337>
dynamic devices need it
<LuK1337>
non-dynamic devices *can* have it
<LuK1337>
e.g. nice to have on samsung
<LuK1337>
because fuck odin
<sagematt>
alright, going back to previous A10 rom that worked with Duo
<sagematt>
then the phone should be in the exact same state as before, OS-wise
<sagematt>
the only other thing I did was update TWRP but that should not matter
<sagematt>
that being said I'm fine with A10, apparently A11 now requires you to use the storage API to access Android/data?
<sagematt>
I couldn't ls into it anymore from Termux
<sagematt>
And using a file explorer I had to request access to it
<sagematt>
That's annoying since in A10 I could just tar/untar my game's data folder when backing up/restoring
<sagematt>
which is much faster than doing it via a file manager because the goddamn thing is 7 gigs
<LuK1337>
i just saw it recommended one day in my gh feed
<sagematt>
man, and this ROM actually uses a fingerprint that matches my phone's name (Mi 9T Pro) and not the chinese version's (Redmi K20 Pro)
<sagematt>
Uh.
<sagematt>
Now I wonder if that's the problem
<sagematt>
LOL
<sagematt>
I did extract props from the global ROM to use them with the A11 xiaomi.eu ROM but I was too lazy to either root to modify props or manually configure the props in a TWRP terminal
<sagematt>
Or I think I didn't do it because you said it would have issues unless I used magisk/ih8sn
<sagematt>
oh well we'll see if it works with the downgrade now
<sagematt>
and now apparently I'm failing ctsProfileMatch
<sagematt>
ohh boy
<sagematt>
LuK1337, managed to make Duo work on a rooted LOS 18.1 phone
<LuK1337>
did you have to do anything?
<sagematt>
I had to use Magisk + MagiskHide (hiding Magisk from Duo) + Riru (for riru-unshared and latest universal safetynex fix)
<sagematt>
AND I had to fix ro.product.model
<sagematt>
because apparently the fingerprint this phone was using did not actually match the phone name
<LuK1337>
snet doesn't care afaict
<LuK1337>
a lot of people use pixel fingerprints xD
<sagematt>
That might be the case, I'm just saying the fingerprint didn't seem to match the phone model
<sagematt>
phone is a LEX727 and model that matched the fingerprint was a LEX725
<sagematt>
Oh, and
<sagematt>
I had to clear data for GMS and Play Store
<sagematt>
Play Store kept saying device was not certified
<sagematt>
until I cleared data for both and rebooted
<sagematt>
Anyway now that I have a phone where I know it works
<sagematt>
I can log into my work VPN and finish the work I have yet to do
<sagematt>
And later I will experiment with my main phone (Xiaomi) and try to make it work _without_ root
<sagematt>
Man
<sagematt>
the only thing this entire thing would make sense to me is either,
<sagematt>
installing Duo on the rooted phone invalidated my TOTP seed for all phones where I was using that seed
<sagematt>
or
<sagematt>
since I had not touched by OS since november last year, phone had passed SafetyNet pre-September changes and Duo was happily working after that date because it didn't check for snet again
<sagematt>
But after I flashed my phone it checked again and it didn't pass
<sagematt>
but that last one doesn't make that much sense to me
<sagematt>
I would assume it would check for safetynet from time to time, like at boot maybe
<sagematt>
*at/after
<LuK1337>
you can always backup your app date
<LuK1337>
data
<LuK1337>
make it trip
<LuK1337>
and restore app data
<LuK1337>
xD
<LuK1337>
wouldn't it be funny if it stored snet state in shared prefs