https://forum.xda-developers.com/apps/magisk/beta-magisk-v13-0-0980cb6-t3618589/post72666791#post72666791 … "Since Magisk is running as root but the SafetyNet checks are not" say hello to TrustZone-based remote attestation.
-
-
Replying to @CopperheadOS
SafetyNet is essentially a partially implemented joke right now, but it's crystal clear that they're headed towards real remote attestation.
1 reply 2 retweets 7 likes -
Replying to @CopperheadOS
Step one implementation would be TrustZone app receiving nonce and providing signed result with device id + nonce + boot verification state.
1 reply 2 retweets 6 likes -
Replying to @CopperheadOS
Google service provides a nonce, and then looks up the public key for the provisioned device key via the device id to verify the result.
4 replies 1 retweet 5 likes -
-
Replying to @RichFelker
Exploit the bootloader / TrustZone from the modified OS to mark it as passing, or wait until after boot to exploit the OS and modify it.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker
It becomes quite different than the current situation where it's simply a matter of faking results for whatever snet decides to check.
2 replies 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker
It doesn't negatively impact us since very few apps that will adopt this feature didn't care about working without Play Services anyway.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker
It's wrong to assume that it's always going to be easy to bypass. It might not become a great security feature but it will kill hobby stuff.
1 reply 0 retweets 2 likes -
Replying to @CopperheadOS @RichFelker
It'll turn into something that occasionally has a bypass available but not reliably and not universally across devices anymore.
1 reply 0 retweets 0 likes
I guess for all apps that support old devices you can just fake an old device without the hardware functionally...
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.