Conversation

So here we go, after years of fun messing around using Magisk, it seems that Google FINALLY decided to "fix" SafetyNet to something useful, and that is to use key attestation to verify device status (after 3 years since introduced to Android's platform!)

255

816

John Wu

@topjohnwu

Mar 11, 2020

From what we've seen so far, key attestation doesn't seem to be fully enforced yet, as devices with incompatible, potentially buggy(?) keymaster implementations (e.g. some OnePlus devices) that result in attest key cmd failures still pass SafetyNet regardless.

239

John Wu

@topjohnwu

Mar 11, 2020

To hack this thing, you have to either find a vulnerability in TEE firmware (which will be patched ASAP once found) or hardware (less likely to happen) to break the cryptography. Breaking TEE won't be easy, which is why many security researchers are actively working on it.

265

John Wu

@topjohnwu

Mar 11, 2020

We might be able to hack around temporarily by forcing key attestation failure, fake report keymaster version, manipulate cached check results etc, but all of them is meaningless after this change is fully deployed AND properly implemented. Let's face it. Fun is over guys.

423

Replying to

Can't we patch the Safetynet code that runs in the JVM (like Xposed does) to fake the check or something?

Replying to

and

No, since the hardware-based attestation is verified on Google's SafetyNet servers, and then the SafetyNet result is supposed to be verified by the app's servers. The only way to bypass it is by signing a fake result with a leaked batch key from exploiting a TEE / SE.

Replying to

and

An exploit of the late stage bootloader before it verifies the OS and passes the result to the TEE / SE could work as a temporary bypass for a specific device, but only until the flaw is patched in the bootloader. Only universal bypass is attacker getting batch key from TEE / SE.

8:27 PM · Mar 11, 2020Twitter Web App

Retweet

Likes