App called mitID keeps saying my device is rooted

tokenuser · March 22, 2022, 10:40am

No you are correct dev-keys to release-keys was what it should have said. It was me who messed up my own notes. I have corrected it now.
So much for writing guides whille being in a meeting at work

And I forgot to give great thanks to mrspeccy for finding all these things

udengoogle · March 22, 2022, 2:14pm

I have got these lines

ro.build.user=root

ro.modversion=0.22-r-20220224165877-dev-cheeseburger

do they need to be change root for something else, and dev-cheeseburger for another thing?

udengoogle · March 22, 2022, 2:59pm

Firts, thanks for your time.
I might say that it has not work for me yet.
I am gonna write here my build.prop:

begin common build properties

autogenerated by build/make/tools/buildinfo_common.sh

ro.system.build.date=Thu Feb 24 21:31:37 UTC 2022
ro.system.build.date.utc=1645738297
ro.system.build.fingerprint=OnePlus/OnePlus5/OnePlus5:10/QKQ1.191014.012/2010292059:user/release-keys
ro.system.build.id=RQ3A.211001.001
ro.system.build.tags=release-keys
ro.system.build.type=user
ro.system.build.version.incremental=eng.root.20220224.213248
ro.system.build.version.release=11
ro.system.build.version.release_or_codename=11
ro.system.build.version.sdk=30
ro.product.system.brand=OnePlus
ro.product.system.device=OnePlus5
ro.product.system.manufacturer=OnePlus
ro.product.system.model=ONEPLUS A5000
ro.product.system.name=OnePlus5

end common build properties

begin build properties

autogenerated by buildinfo.sh

ro.build.id=RQ3A.211001.001
ro.build.display.id=lineige_cheeseburger-user 11 RQ3A.211001.001 eng.root.20220224.213248 release-keys
ro.build.version.incremental=eng.root.20220224.213248
ro.build.version.sdk=30
ro.build.version.preview_sdk=0
ro.build.version.preview_sdk_fingerprint=REL
ro.build.version.codename=REL
ro.build.version.all_codenames=REL
ro.build.version.release=11
ro.build.version.release_or_codename=11
ro.build.version.security_patch=2022-01-05
ro.eos.version.security_patch=
ro.build.version.base_os=
ro.build.version.min_supported_target_sdk=23
ro.build.date=Thu Feb 24 21:31:37 UTC 2022
ro.build.date.utc=1645738297
ro.build.type=user
ro.build.user=root
ro.build.host=runner-j3uhvwmz-project-53-concurrent-0
ro.build.tags=release-keys
ro.build.flavor=lineige_cheeseburger-user

ro.product.cpu.abi and ro.product.cpu.abi2 are obsolete,

use ro.product.cpu.abilist instead.

ro.product.cpu.abi=arm64-v8a
ro.product.cpu.abilist=arm64-v8a,armeabi-v7a,armeabi
ro.product.cpu.abilist32=armeabi-v7a,armeabi
ro.product.cpu.abilist64=arm64-v8a
ro.product.locale=en-US
ro.wifi.channels=

ro.build.product is obsolete; use ro.product.device

ro.build.product=cheeseburger

Do not try to parse description or thumbprint

ro.build.description=OnePlus5-user 10 QKQ1.191014.012 2010292059 release-keys
ro.lineige.device=cheeseburger

end build properties

from device/oneplus/msm8998-common/system.prop

Audio

af.fast_track_multiplier=1
audio.deep_buffer.media=true
audio.offload.min.duration.secs=30
audio.offload.video=true
ro.af.client_heap_size_kbyte=7168
ro.config.media_vol_steps=25
ro.config.vc_call_vol_steps=6

Camera

camera.disable_zsl_mode=1

Charger

ro.charger.disable_init_blank=true
ro.charger.enable_suspend=true

DRM

drm.service.enabled=true

FRP

ro.frp.pst=/dev/block/bootdevice/by-name/config

Graphics

debug.gralloc.enable_fb_ubwc=1
debug.sf.disable_backpressure=1
debug.sf.enable_hwc_vds=1
debug.sf.hw=1
debug.sf.latch_unsignaled=1
dev.pm.dyn_samplingrate=1
persist.demo.hdmirotationlock=false
persist.hwc.enable_vds=1
persist.sys.wfd.virtual=0
ro.opengles.version=196610

Media

media.stagefright.thumbnail.prefer_hw_codecs=true
vidc.enc.dcvs.extra-buff-count=2

OEM Unlock

ro.oem_unlock_supported=1

RIL

keyguard.no_require_sim=true
persist.radio.multisim.config=dsds
ril.subscription.types=NV,RUIM
ro.com.android.dataroaming=true
ro.telephony.call_ring.multiple=false
ro.telephony.default_network=22,20
ro.telephony.iwlan_operation_mode=legacy
telephony.lteOnCdmaDevice=1

SurfaceFlinger

ro.surface_flinger.force_hwc_copy_for_virtual_displays=true
ro.surface_flinger.max_frame_buffer_acquired_buffers=3
ro.surface_flinger.max_virtual_display_dimension=4096
ro.surface_flinger.protected_contents=true

TimeService

persist.timed.enable=true

VoLTE

persist.dbg.volte_avail_ovr=1
persist.dbg.vt_avail_ovr=1
persist.dbg.wfc_avail_ovr=1

Wi-Fi

wifi.interface=wlan0

end of device/oneplus/msm8998-common/system.prop

ADDITIONAL_BUILD_PROPERTIES

ro.treble.enabled=true
persist.debug.dalvik.vm.core_platform_api_policy=just-warn
dalvik.vm.lockprof.threshold=500
net.bt.name=Android
ro.build.fingerprint=OnePlus/OnePlus5/OnePlus5:10/QKQ1.191014.012/2010292059:user/release-keys
ro.lineige.version=0.22-r-20220224165877-release-cheeseburger
ro.lineige.releasetype=dev
ro.lineige.build.version=0.22
ro.modversion=0.22-r-20220224165877-dev-cheeseburger
ro.lineigelegal.url=https://lineigeos.org/legal
ro.elegal.url=https://e.foundation/legal
ro.cm.build.pipeline.id=165877
ro.cm.build.pipeline.iid=7199
ro.lineige.display.version=0.22-20220224165877
ro.lineige.build.version.plat.sdk=9

All this I have been changing it in my computer so I get the new build, which I sideload it to my device.
Then I have install magisk, do all what you have write, but I am not sure what to put in deny list. I have put there mitID and Aurora Store and microG. Mitid has been installed from Aurora Store.
And still the phone is recognize like rooted

tokenuser · March 22, 2022, 3:46pm

The items I have added to denylist are MitID + Google play services see screenshot

The others I think are not needed

tokenuser · March 22, 2022, 3:52pm

If you go to Play store and click settings and about - does it say your device is certified or not?

udengoogle · March 22, 2022, 3:53pm

I use aurora store and microG, nothing to do with google play. That why all this. Otherwise if I need to use google play, I will use the stock rom , but because I wanna be out of google as much as I can , this problem with mitID has pop up.

And how can I give root acces to buildpropeditor?

tokenuser · March 22, 2022, 4:00pm

Sorry I don’t have experience with that. I myself use lineage to get newer android versions for my device and get rid of the vendor modifications. Have a minimal version of Gapps.

Can your device pass safety net test. (Can be checked with an app such as SafetyNet test?

udengoogle · March 22, 2022, 4:01pm

I dont think so, if it is check like rooted

cts fail

tokenuser · March 22, 2022, 4:08pm

Magisk is supposed to hide that you are root from the libraries usually used to check for root access and should be able to do so. The apps added to the DenyList should not experience to have “extra rights” and be running “non root”.

MitId then has added some extra checks on top of that - that are not standard “root checks” like the check for the lineage string in build.prop. This is really not usual practice but rather some developer on MitId trying to be clever and do some additional checks of their own.

udengoogle · March 22, 2022, 4:09pm

I have been changing all the lines with what you suggest . I have installed that 2 modules. And still is not passing the safetynet. Øv

tokenuser · March 22, 2022, 4:11pm

maybe this is useful: https://www.reddit.com/r/MicroG/comments/izvqnt/how_can_i_pass_safetynet_in_lineageosmicrog/

tokenuser · March 22, 2022, 4:12pm

there is this at the bottom of the thread:

I got SafetyNet on Lineage+MicroG and the latest Magisk version. Select microG service core and droid helper in the zygisk denylist, then use the Magisk Prop Config module and select the correct fingerprint for your device (XDA thread). Reboot and remember to activate the SafetyNet option in MicroG settings. Done

Seems if yoiu are using microg there are some other modules and items in denylist needed

udengoogle · March 22, 2022, 4:18pm

I cant find that android helper ?

tokenuser · March 22, 2022, 4:23pm

The full name is probably microG DroidGuard Helper:

udengoogle · March 22, 2022, 4:32pm

When I try to change things in buildpropeditor, I reboot and they disappears?

In that info that have you send iy says something about changing the fingerprint of the device. And maybe cause the e/ is using so much without google, maybe is more complex?

udengoogle · March 22, 2022, 7:17pm

After some reading and so on , I have just find out how to do it.

following this website that @tokenuser help me to find.

github.com

Magisk-Modules-Repo/MagiskHidePropsConf/blob/master/README.md

# MagiskHide Props Config
## By Didgeridoohan @ XDA Developers


<a href="https://forum.xda-developers.com/apps/magisk/module-magiskhide-props-config-t3789228"><img src="https://img.shields.io/badge/-XDA-orange.svg"></a> [Support Thread](https://forum.xda-developers.com/apps/magisk/module-magiskhide-props-config-t3789228)

<a href="https://www.paypal.me/didgeridoohan"><img src="https://img.shields.io/badge/-PayPal-blue.svg"></a> If you find the module useful, please don't hesitate to [support the work involved](https://www.paypal.me/didgeridoohan).

## What's this?
This module is a very complicated way of doing something very simple. Complicated for me, that is... The aim is to make it easy for you, the user. The module changes prop values using the [Magisk resetprop tool](https://github.com/topjohnwu/Magisk/blob/master/docs/tools.md#resetprop), something that is very easy to do with a [Magisk boot script](https://github.com/topjohnwu/Magisk/blob/master/docs/details.md#magisk-booting-process) and some simple commands. This is very useful for a lot of things, among others to help pass the SafetyNet CTS Profile check on custom and uncertified ROMs (see [here](https://didgeridoohan.com/magisk/MagiskHide#hn_Matching_official_prop_values_to_pass_SafetyNet) for further details on this). And of course for any normal modification of your device that is done by altering build.prop or similar files.

What this module does is that it adds a terminal based UI for those that don't want (or can't) create a boot script for themselves, making the process of creating such a boot script very simple. With this module I'm also maintaining a list of certified build fingerprints for a number of devices, so that it's easy to pick one you want to use.

Keep reading below to find out more details about the different parts of the module.

Keep in mind that this module cannot help you pass CTS if your device uses hardware backed key attestation to detect an unlocked bootloader. There is currently no known way to circumvent that.


## Documentation index
##### Warning

This file has been truncated. show original

so ones the module is install , then you can download a terminal from a store and write props in it, so there just follow the instructions to first edit the fingerprint and so on.

But I can see , if you are not rooted using the module, is still impossible for e/ to pass the safetynet test. And my question again is , why divestos can and e/ not? Please e/, do something about soon.

Thank you so much @mrspeccy and @tokenuser for your time and patience.

mrspeccy · March 22, 2022, 7:29pm

Passing Safetynet is not required to run MitID on Lineage - as mentioned above, I have a working environment with MicroG, in which Safetynet is even disabled. Yes, I can confirm that the build.prop should neither contain lineage nor test-keys - I actually wrote that some posts further above. Using the MagiskHidePropsConf module to hide an unlock bootloader seems also required.

So, the main challenge is to get Magisk running - and putting MitID in the denylist.

Macrophag · June 5, 2025, 12:54pm

Anyone got it working om FP5? It’s working flawlessly on Murena FP4, But not FP5, where it seems to detect root