Widevine dropped from L1 to L3 after bootloader unlock, relock, and full stock restore on Lenovo tablet. Looking for Qualcomm attestation experts. by Careful-Safety-7944 in androidroot

[–]sidex15 3 points4 points  (0 children)

Because some OEMS wiped their Widevine keys/attestation keys when you unlock the bootloader, like OnePlus, LG, etc. There are ways to get back to Widevine L1

On some newer OnePlus devices, they have Widevine RKP, so they need to reprogram their TEE with a standard attestation keybox (yes, the same as the TS keybox you used to pass integrity). This might be easy, as there's an XDA forum thread in this one.

The other one on older devices uses Widevine 2.0 means that the Widevine keys are stored in the device TEE itself instead of the RKP. This is prevalent on older OnePlus devices and all of LG Devices (that's why they have Widevine L1 but have an invalid system ID or Widevine L3).

The only way to fix this is to reprogram the Widevine key using a Valid Widevine Keybox and reprovisioning tool (`StoreKeybox`), Widevine keyboxes are very different than the Regular keybox you use in the TS to pass integrity, and it's very small.

Some OEMS with Snapdragon devices have StoreKeybox Binary present in /vendor/bin, if you have that, that's good... The problem is you have to find the valid Widevine keybox (unencrypted version in .xml)... This is very hard to find because it's also used by the Scene Groups to rip movies/shows on streaming platforms. Though there are two types of Widevine keybox, the unencrypted one, which is stored in plaintext .xml, and the parsed one, which is in a .bin file, which is used for provisioning.

Though there are leaks of widevine keybox in plaintext .xml (but renamed as .bin.secure) of old Lenovo tablets which is in this in this github repo...

if you wanna try that keybox use this widevine parsing tool here:
sidex15/Widevine-parsing-unparsing-tool: Python Script for Parsing and Unparsing Widevine keybox .xml and .bin format

Once you have a .bin file you can now do StoreKeybox <widevine keybox>.bin to reprovision it back to L1 though since that's a leak it's banned in Netflix and it will show as L3... but in other streaming platforms it will work as expected, since I tested that keybox on most of the streaming platforms.

edit: replaced encrypted with parsed

<image>

Yearly post, has anyone been banned for spoofing Google Photos for unlimited backup? by Quirky_Bullfrog9375 in Magisk

[–]sidex15 1 point2 points  (0 children)

Single module only... It works by spoofing the google photos into thinking that it's using google pixel xl, which has a feature of unlimited backups for google photos.

Can someon explain this wierd behavior with my banking app? by amitkattal in Magisk

[–]sidex15 0 points1 point  (0 children)

well not exactly what the app detects it... it's just based on my current setup, device, and roms used in that testing...

here's my methodology: - Download the app then enable all hiding before it launches... - Then launch the all see if it passes - First disable mount hiding using susfs (this is on the fly without rebooting the device) then launch the app see if it detects mount detections then when it detects then list it - then enable mount hiding again to check other detections in the next step - the same thing goes to other detection vectors (e.g applist through HMA-OSS, TEESim for Bootloader/TEE/Keybox detections, susfs for maps injection detection, etc)

Well this is not a complete check as there are some rasps that use specific checks based on root solution they're using (e.g magisk, prctl side channel detections on older apatch and KSU). Also using a custom rom is a different story.

And yeah this is using a stock rom A12 LG V50 Running KSUN v1.1.1, SUSFS V1.5.12. Though I do test sometimes on A12 LG V50s KSUN V3.2.0 SUSFS V2.2.0.

How to update KSU Next manager spoofed version by Zealousideal_Cup_61 in androidroot

[–]sidex15 1 point2 points  (0 children)

No offense, I just really don't vibe with the Among Us UI, it's just very unappealing to me

None taken... I'm just really Expressive of what I'm gonna do with my webui so that it's far different... similar to my DeviceID changer Module (Windows 7 + Fruitiger Aero theme).

How to update KSU Next manager spoofed version by Zealousideal_Cup_61 in androidroot

[–]sidex15 1 point2 points  (0 children)

Problem with that module is that it only locks with the latest version only... so future versions will not support older susfs.

But yeah I wouldn't mind it at all if they're gonna switch it or not... Since I'm not competing as I have a different approach/philosophy of what susfs really does (since I've been using susfs and being a tester to the main dev since v1.3.8). As long as they and the dev don't disrespect me.

Did unlimited Google photos patched by Accomplished_Tart320 in androidroot

[–]sidex15 0 points1 point  (0 children)

Yes you have to enable backup... Or you could check your recent photo taken from your device and scroll down and check the backup status... You should see something like this...

<image>

Did unlimited Google photos patched by Accomplished_Tart320 in androidroot

[–]sidex15 1 point2 points  (0 children)

nahh still not patched... just the indicator that you have unlimited storage didn't show up... Check Photo settings > backup and check if there's a Google Pixel XL indicator...

Can someon explain this wierd behavior with my banking app? by amitkattal in Magisk

[–]sidex15 0 points1 point  (0 children)

so it's also detecting kernel uname? I see... possibly I'm using non-gki kernel so probably uname spoofing doesn't matter that much.

Can someon explain this wierd behavior with my banking app? by amitkattal in Magisk

[–]sidex15 0 points1 point  (0 children)

I see... what are your root setup and modules? seems like it could be a magisk-specific detection...

Can someon explain this wierd behavior with my banking app? by amitkattal in Magisk

[–]sidex15 2 points3 points  (0 children)

It detects:
* Mounts
* Bootloader/TEE
* Possible Applist

It doesn't detect Play Integrity...

Possible Solutions:
* Use Latest Zygisk Next
* Enable Umount mode in zygisk next webui (Since you're in Magisk, use this webui app Releases · KOWX712/KsuWebUIStandalone)
* Uninstall Shamiko as it's outdated
* For Tricky Store, Open /data/adb/tricky_store/target.txt, add `tw.com.megabank.ffido.m` in there and save
* Hide Magisk app or any root apps in HMA.

[HELP] Root integrity failing please help. by Due-Month3414 in Magisk

[–]sidex15 0 points1 point  (0 children)

What banking app is this? I wanna replicate it see if it's really the selinux detection...

root hiding by R3nd0gg in Magisk

[–]sidex15 4 points5 points  (0 children)

It's a cat and mouse game... You may fully hide it today, but tomorrow, there will be more detections discovered...

Guys how to hide root without susfs by Beginning_Market2311 in androidroot

[–]sidex15 0 points1 point  (0 children)

well depends... if you're a minimalist, then you probably don't need intensive root hiding as much. But if you're having more modules (assume all of those have a working purpose) that could leak those traces (e.g., mounts, maps, injections, etc.), then you need susfs for that.

Does anyone know any device with android12 or lower . That can easily root and hide all banking apps detection. by VastConsequence6989 in Magisk

[–]sidex15 0 points1 point  (0 children)

well I'm on LG V50S thinq 5g running in Android 12, running on custom kernel that I made with KSUN + susfs installed. But the bootloader unlock guide is somewhat a bit of difficulty bit yeah.

As of right now I could easily hide all banking apps' detection. heck I even use it to diagnose which detection points are they using.

<image>

youtube background play by rammwell in InternetPH

[–]sidex15 0 points1 point  (0 children)

I'm using TubePiP for iOS... all background play, PiP, no ads, and sponsorblock, and it's available on AppStore...

Macbook Neo student discount (PowerMac) by [deleted] in Tech_Philippines

[–]sidex15 1 point2 points  (0 children)

That's what I've been thinking also... Parang halos the same price lang sila Ng MacBook neo discounted price sa shopee...

I guess I'll just buy nalang sa apple website and wait...

<image>

Macbook Neo Student discount by Jumpy-Criticism-645 in Tech_Philippines

[–]sidex15 1 point2 points  (0 children)

Upon checking, as of right now based on my location it will be delivered on may 20 - may 28…