Magisk Unmasked - Android rolling out new hardware based checks for root/unlocked devices, unlikely to be bypassed

[rcmaehl]

Source:
XDA
FossBytes

AndroidPolice

 

 

Summary:
Devices that shipped with Android Oreo and newer will soon likely no longer be able to hide root status due to new TEE firmware checks

Media:

 

Quotes/Excerpts:

Quote

Topjohnwu‘s “Magisk” project has essentially become synonymous with “root”. It can hide the fact that the user has modified their device. Google may be cracking down on the ability of Magisk to hide the bootloader unlock status from applications. In order to root your phone, you usually need to unlock the bootloader, which allows you to flash modified boot images. This is needed because Magisk modifies the boot image to spoof bootloader status and/or the Verified Boot status checks. If the SafetyNet API detects that the bootloader has been unlocked, then it will return a failure status for the “Basic Integrity” check. Devices that fail this check can then be locked out from apps...banking apps, payment apps (like Google Pay), and many online games. However, because the SafetyNet API has thus far only used software checks to determine if the device has been tampered with, Magisk can simply spoof the bootloader and/or Verified Boot status. Recently, though, Google may have implemented hardware-level key attestation to verify that the boot image has not been tampered with. This change to the way that SafetyNet checks the bootloader unlock status comes through a server-side update to the SafetyNet API contained in Google Play Services. However, not every user is failing these updated SafetyNet checks, so the new hardware-level key attestation may not be widely enforced yet. We’ve seen topjohnwu overcome technical hurdles time and time again. The workaround this time would involve hacking the Trusted Execution Environment (TEE) firmware of devices. However, this is incredibly difficult to do as it requires finding a vulnerability in firmware that is designed to be incredibly secure. In fact, many companies offer payments in the hundreds of thousands of dollars if such a vulnerability were to be found. Google, for instance, pays $250,000 for remote code execution vulnerabilities in the Pixel’s Trusted Execution Environment, and up to $1,000,000 for vulnerabilities in the Titan M security chip. Even if a private key were somehow to be leaked, it’s unlikely that it would be of much use since Google can remotely revoke the key. Once hardware-level key attestation is widely enforced for SafetyNet, most devices with unlocked bootloaders running Android 8.0 Oreo or higher will fail to pass SafetyNet’s Basic Integrity check. This is because all devices that launched with Android 8.0 Oreo or higher are required to have a hardware keystore implemented in a TEE. Google has had the ability to harden SafetyNet checks using hardware-backed key attestation for several years now. The fact that they refrained to do so for 3 years has allowed users to enjoy root and Magisk Modules without sacrificing the ability to use banking apps. However, it seems that Magisk’s ability to effectively hide the bootloader unlock status is soon coming to an end.

 

My Thoughts:

It's finally here. Google has properly patched SafetyNet. Looks like I'll be carrying around two devices whenever Lineage stops supporting my current Motorola device. I don't know if topjohnwu can get past this one...

[AlTech]

Damnit. This doesn't make LineageOS impossible to use. It just means re-locking the bootloader once LineageOS is installed. Thus effectively killing off A) Rooting and B) keeping your bootloader unlocked.

 

Honestly this feels like such a scummy thing to do. Google shouldn't be trying to make it harder for the custom rom community to use Android.

[rcmaehl]

18 minutes ago, AluminiumTech said:

Damnit. This doesn't make LineageOS impossible to use. It just means re-locking the bootloader once LineageOS is installed. Thus effectively killing off A) Rooting and B) keeping your bootloader unlocked.

 

Honestly this feels like such a scummy thing to do. Google shouldn't be trying to make it harder for the custom rom community to use Android.

On the otherhand, Google has realized app developers are shit at security and has decided to take matters into it's own hands, but ow  

[RejZoR]

1 hour ago, rcmaehl said:

On the otherhand, Google has realized app developers are shit at security and has decided to take matters into it's own hands, but ow  

No, Google realized people were using firmwares that don't send shit back to Google. But using rooted firmware or even just unlocked bootloader, many banking apps refuse to work entirely.

[TetraSky]

Aw man...

I just don't get why they don't like root so much. We just want to take control over our devices, is that just asking for too much?

Heck in my case, 95% of the time I use root to get rid of "system apps" (read: bloatware) that are otherwise irremovable. While the other 5% is to play around with it with Magisk, like installing Youtube Vanced and what not. (Though you can do so without root...)

 

So really... I wouldn't need root if manufacturers would stop adding junk to their devices and if Google trimmed down the fat/let us choose during setup if we wanted the entire Gapps suite or not. The fewer crap that is running in the background, the longer the battery life.

[williamcll]

Can it be possible to modify the integrity checking software itself to just return a A-OK regardless of the hardware state?

3 hours ago, TetraSky said:

Aw man...

I just don't get why they don't like root so much. We just want to take control over our devices, is that just asking for too much?

Heck in my case, 95% of the time I use root to get rid of "system apps" (read: bloatware) that are otherwise irremovable. While the other 5% is to play around with it with Magisk, like installing Youtube Vanced and what not. (Though you can do so without root...)

 

So really... I wouldn't need root if manufacturers would stop adding junk to their devices and if Google trimmed down the fat/let us choose during setup if we wanted the entire Gapps suite or not. The fewer crap that is running in the background, the longer the battery life.

They don't want to be responsible for damaged phones from rooted phones.

[Delicious Cake]

It's rather sad they're basically killing what is one of the main reasons many choose Android over iPhones.

Even if it wouldn't direct affect them in that the apps they use would still on the whole work normally, there will be a lot of people who just seeing/hearing that 'google is blocking rooted phones' will be immediately turned away and just head in the direction of an iPhone without bothering to look further into the matter, as digging deeper is too much hassle for them.

[That Franc]

I'll just get a secondhand Android One device like the Moto One Action to use it for everything that needs SafetyNet, and keep root with all my mods on my main phone. Problem solved.

[DrMacintosh]

Google has no interest in supporting the 3rd party ROM community as it:

1.) It opens up their OS and devices that run their OS to potential security vulnerabilities

2.) Takes away Googles ability to make money off of user data from their apps

3.) Takes away Googles ability to control devices to the level that they want. 

 

 

[ARikozuM]

1 hour ago, DrMacintosh said:

Google has no interest in supporting the 3rd party ROM community as it:

1.) It opens up their OS and devices that run their OS to potential security vulnerabilities

2.) Takes away Googles ability to make money off of user data from their apps

3.) Takes away Googles ability to control devices to the level that they want. 

 

 

Google has had numerous chances to make their case for unified updates and has never followed through. Many of the Android AND iOS vulnerabilities are hardware-based, so even a 3rd party ROM won't do much to fix or hurt it unless the 3rd party ROM neglects the compromised hardware. 

You paid for the device which means 2 and 3 go away via first-sale doctrine unless they are providing a service within that 3rd party ROM. (hint: they aren't)

 

[Delicious Cake]

If google really wanted to kill third-party ROMs as you claim, they could simply just pull their current level of support for AOSP and work on their version of it going forward behind closed doors, with OEM partners being invited to join. Even if the current revision of the source code is left open source and freely accessible, google no longer contributing would kill off the majority of ROMs within a year or so, since having to reverse engineering stuff is too much hassle for most of the ROM makers.

[suicidalfranco]

that sucks...

You know what really grinds my gear: corporations who think they still own something after it has been purchased, and reserve themselves full rights to manage it as they see fit

[Kilrah]

The whole point is not to prevent rooting or custom roms, it's to prevent hiding the fact you're rooted or using a custom rom.

[RejZoR]

1 hour ago, Kilrah said:

The whole point is not to prevent rooting or custom roms, it's to prevent hiding the fact you're rooted or using a custom rom.

Which then entirely defeats having a custom ROM because then half of the really important shit refuses to work. Which is why people do this in the first place. To hide the fact phone is unlocked so apps even work.

[AlTech]

13 hours ago, rcmaehl said:

On the otherhand, Google has realized app developers are shit at security and has decided to take matters into it's own hands, but ow  

But what if I like my boot loader unlocked?

 

Reeeeeeeeeeeeeeeeeeeeeeeeeeee .

[Kilrah]

1 hour ago, RejZoR said:

Which then entirely defeats having a custom ROM because then half of the really important shit refuses to work. Which is why people do this in the first place. To hide the fact phone is unlocked so apps even work.

And that's the whole point of Google doing this, there's a very legitimate reason for some apps to know if they're running on a rooted phone so it's normal for them to make sure this information finally can be trusted.

 

Anyway, given the usual problem with android devices not getting updates after 2 years it's easy to keep an older device for root. That's what I do, it's been years since I last had my main phone rooted, I have another for that.

[suicidalfranco]

45 minutes ago, Kilrah said:

there's a very legitimate reason for some apps to know if they're running on a rooted phone so it's normal for them to make sure this information finally can be trusted.

no there isn't.

Bank apps shouldn't stop working simply because you decide to root your phone and streaming apps shouldn't behave that way either.

What's next? Bank deciding that you can only access their portals only with Safari if you are on a Mac and Edge/IE if you are on Windows and f-off if you are not on one of those two?

[Kilrah]

13 minutes ago, suicidalfranco said:

Bank deciding that you can only access their portals only with Safari if you are on a Mac and Edge/IE if you are on Windows and f-off if you are not on one of those two?

If there were serious security implications with one browser it would be totally normal to exclude it.

[RejZoR]

There is absolutely no reason to assume if phone has bootloader unlocked that it's automatically insecure, especially if it's just unlocked but not rooted. Not to mention people who do this kind of things have phones probably more secured and monitored than average Joe's.

 

For example, if bootloader is unlocked, storage encrypted and phone secured with biometrics or password but isn't rooted and has all the USB Debugging disabled, it's no less secure than phone with locked bootloader. You can't access data because it's encrypted, you can't flash anything on it because USB Debugging is off and only way to get debugging ON is to get into phone and enable it in Developer settings. And any other tinkering with it wipes the data, reset erases banking apps too so you can't abuse that, then what?

 

And if someone somehow managed to get past all these obstacles anyway, some stupid bootloader means nothing if they are already in the device getting past all this. Banking app's lock would mean shit in that case anyway. So, what's the real deal here? I'm not buying into this security bullshit, because it's not making anything actually more secure. Root, fair enough because it affects apps during operation with elevated access to system (even though SU controls prevent unknown apps from just gaining root access by default). Bootloader though, no fucking chance.

[Kilrah]

Someone can take your phone, turn it off, put it in bootlaoder, flash a new boot image with a backdoor - takes 2 minutes and you've got no idea.

[Delicious Cake]

Then the fix for that is to kill all humans, because the weak link isn't the device, it's the owner of said device.

[RejZoR]

23 minutes ago, Kilrah said:

Someone can take your phone, turn it off, put it in bootlaoder, flash a new boot image with a backdoor - takes 2 minutes and you've got no idea.

You literally can't do that if USB Debugging is disabled. And only way to turn it on is to boot into a locked OS and enable it. So, how are you going to just "flash" a new bootloader again?

[Commodus]

And this is why the "don't worry about poor OS update policies, you can always root/ROM it" apologists need to check themselves.

 

All it takes is for Google and OEMs to implement tighter security policies (whether or not they work is another debate) and those claimed advantages blow away in the wind.  You should always buy a device assuming you'll only get the official OS support for it, because that's the only support you can count on.  And if you don't like that support, change vendors or pressure those involved to deliver better support.  Don't just use unofficial software as a crutch.

[Kilrah]

22 minutes ago, RejZoR said:

You literally can't do that if USB Debugging is disabled. And only way to turn it on is to boot into a locked OS and enable it. So, how are you going to just "flash" a new bootloader again?

You don't need USB debugging to flash a boot image, you don't even need the OS running - just start in bootloader and connect USB. That's the whole point.

[imreloadin]

Example #132 of why you don't really own your devices anymore...