[Wontfix] Solution to bypass property modified detection of some banking apps

[HuskyDG]

More and more apps detect property modified which is caused by Magisk resetprop. Not many banking apps need to pass Play Integrity. We want to use these apps and also GPay (or any other apps that require Play Integrity), but to pass Play Integrity on stock ROM, we need resetprop to set some properties to a “safe” state. However, this will trigger the detection as mentioned.

Here is possibly way to bypass this problem temporarily:

• Important! Use resetprop from Magisk with this commit. You can get test build here
• Delete system.prop (optionally)
• Modify service.sh to use resetprop with -n flag:

# Sensitive properties

check_resetprop() {
  local NAME=$1
  local EXPECTED=$2
  local VALUE=$(resetprop $NAME)
  [ -z $VALUE ] || [ $VALUE = $EXPECTED ] || resetprop -n $NAME $EXPECTED
}

maybe_set_prop() {
    local prop="$1"
    local contains="$2"
    local value="$3"

    if [[ "$(getprop "$prop")" == *"$contains"* ]]; then
        resetprop -n "$prop" "$value"
    fi
}

# Magisk recovery mode
maybe_set_prop ro.bootmode recovery unknown
maybe_set_prop ro.boot.mode recovery unknown
maybe_set_prop vendor.boot.mode recovery unknown

# Reset props after boot completed to avoid breaking some weird devices/ROMs...
{
    until [[ "$(getprop sys.boot_completed)" == "1" ]]; do
        sleep 1
    done

    # SafetyNet/Play Integrity | Avoid breaking Realme fingerprint scanners
    check_resetprop ro.boot.flash.locked 1

    # SafetyNet/Play Integrity | Avoid breaking Oppo fingerprint scanners
    check_resetprop ro.boot.vbmeta.device_state locked

    # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners
    check_resetprop vendor.boot.verifiedbootstate green

    # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners on OOS 12
    check_resetprop ro.boot.verifiedbootstate green
    check_resetprop ro.boot.veritymode enforcing
    check_resetprop vendor.boot.vbmeta.device_state locked

    # RootBeer, Microsoft
    check_resetprop ro.build.tags release-keys

    # Samsung
    check_resetprop ro.boot.warranty_bit 0
    check_resetprop ro.vendor.boot.warranty_bit 0
    check_resetprop ro.vendor.warranty_bit 0
    check_resetprop ro.warranty_bit 0

    # OnePlus
    check_resetprop ro.is_ever_orange 0

    # Other
    check_resetprop ro.build.type user
    check_resetprop ro.debuggable 0
    check_resetprop ro.secure 1

}&

However, resetprop can still be detected if we set the new expected value that is longer than the previous one, set ro. props without -n flag, delete read-only properties, or set the new properties which previously does not exist (check line 148)

[abdo1074]

you can make video how to do it

[chiteroman]

Nice, I will modify that file!

[HuskyDG]

Don't need to use Magisk build, just use custom resetprop with patch:

https://github.com/HuskyDG/Magisk/actions/runs/6960008306

[HuskyDG]

PlayIntegrityFix_v13.4-test.zip

[osm0sis]

Curious why this got partially reverted in v13.5 Final (no more custom resetprop) and why maybe_set_prop is still used for the recovery mode ones here.

[NBruderman]

Curious why this got partially reverted in v13.5 Final (no more custom resetprop) and why maybe_set_prop is still used for the recovery mode ones here.

Seems like the pif.prop file caused some breakage on older devices, so it's being remove now all together (in 1.3.6)

[osm0sis]

Seems like the pif.prop file caused some breakage on older devices, so it's being remove now all together (in 13.6)

Worked on my Nexus 7 2013, and honestly they don't get much older nowadays 😛

[NBruderman]

Seems like the pif.prop file caused some breakage on older devices, so it's being remove now all together (in 13.6)

Worked on my Nexus 7 2013, and honestly they don't get much older nowadays 😛

I mean, I'm on pixel 6 with android 14, so everything worked for me too 😅

[HuskyDG]

maybe we should only use resetprop on Android 10+

[chiteroman]

maybe we should only use resetprop on Android 10+

Something like this?:

# use our resetprop only in Android 10+
if [ "$API" -gt 28 ]; then
	mv -f "$MODPATH/bin/$ABI/resetprop" "$MODPATH"
fi

rm -rf "$MODPATH/bin"

[HuskyDG]

All of my testers test custom resetprop works without any problem, but only one using Android 9 reported to me that custom resetprop causes bootloop issue

[osm0sis]

Should $RESETPROP also be used for the remaining --delete selinux ?

https://github.com/chiteroman/PlayIntegrityFix/blob/main/module/service.sh#L35

Edit: Fixed in 4641985 🎉

Edit 2: And reverted again in 4dcf53b 🤷‍♂️

[stevenking888]

I have installed latest version https://github.com/chiteroman/PlayIntegrityFix/releases/download/v14.0/PlayIntegrityFix_v14.0-resetprop.zip

I found that a bank app still not available on Play Store I think it able to check unlock bootloader. Any solution please suggest.

[Dola-Shuvi]

@HuskyDG

All of my testers test custom resetprop works without any problem, but only one using Android 9 reported to me that custom resetprop causes bootloop issue

Just wanted to report that the custom resetprop shipped in v14.0 also caused a bootloop issue for me while running this rom. Specifically after installing v14.0 with custom resetprop and rebooting my phone would first start initializing a normal boot (it indicates it by saying "kernel" in the top left of the screen), have a short black screen, and then boot into download mode. This persisted even with the module disabled and was only fixed by removing it completely and switching over to v14.0 without custom resetprop.

[amk316]

using resetprob with PIF give me "Property Modified(3)" in Native Test!!!

[Sygmstr]

Don't need to use Magisk build, just use custom resetprop with patch:

https://github.com/HuskyDG/Magisk/actions/runs/6960008306

Sorry I'm a idiot and have no idea how to get this to work. Since the new version of PIF doesn't have a resetprop version l want to know how to install it manually.