Update to v6.0.2-v132

Author: Didgeridoohan

README.md

@@ -290,12 +290,12 @@ You can enter the fingerprint manually in the `Edit device fingerprint` menu in
 
 
 ## Force BASIC key attestation
-Google now enforces the use of hardware backed key attestation on devices that has the necessary hardware (all devices that shipped with Android 8+ and even some older devices). Up until mid January 2021 you could work around this by changing the model props to something other than the actual device. This might still be necessary, and can be done with this feature of the module, but you most likely also need to trick keystore further than that.
+Google now enforces the use of hardware backed key attestation on devices that has the necessary hardware (all devices that shipped with Android 8+ and even some older devices).This can be circumvented by tricking the device into not using the hardware attestation, and it might also be needed to change the prop models (`ro.product.model`) to something other than your devices actual model. This feature can help with that.
 
 @kdrag0n over on XDA Developers have a Magsk module that will trick keystore into thinking that the hardware isn't available and this will then force basic attestation. You can find that module together with details on how it works here:
 https://forum.xda-developers.com/t/magisk-module-universal-safetynet-fix-1-1-0.4217823/
 
-These two things in combination might be required to pass CTS.
+The Universal SafetyNet fix not only trickes the keystore into using basic attestation, from v2.1.0 it also changes prop values that might be necessary to trick Google Play Services into letting you pass the CTS profile check, so if you're using that module you most likely will not need to use the Force BASIC key attestation feature of this module.
 
 If you aren't successful in passing CTS by changing the model, you could try using the Xposed (although it is recommended to use LSPosed if you want to have the best chance of passing SafetyNet) module XprivacyLua and restrict Google Play Services. Instructions on how to install LSPosed and XprivacyLua and how to use that module can be found with a simple web search, I won't cover that here.
 
@@ -355,7 +355,7 @@ The props in question are:
 - ro.vendor.warranty_bit
 - vendor.boot.vbmeta.device_state
 
-There are a few props that will only change if a triggering value is detected, and these are:
+There are a few props that will only change if a triggering value is detected, and these are (these will always be set in the post-fs-data boot stage):
 - ro.bootmode
 - ro.boot.mode
 - vendor.boot.mode
@@ -614,6 +614,12 @@ Releases from v5.4.0 will only install on Magisk v20.4+.
 
 
 ## Changelog
+### v6.0.2  
+- Fix problems when trying to disable/enable sensitive props.
+- Fix typo when checking for triggering prop values (meant that props wouldn't set properly during boot).
+- Fix UI info for if a sensitive prop has been set by the module or not.
+- More optimisations of the new code (but it's by no means optimised).
+
 ### v6.0.1  
 - Quickfix update to make the soft reboot when setting props in the late_start service boot stage an option. It has the potential for causing issues it seems (mainly on Samsung devices apparently). See the documentation for details.
 - Minor UI fixes and optimisations.

common/propsconf_conf

@@ -38,25 +38,25 @@ CONFPARTPROPS=true
 CONFSIMBOOT=default
 
 # MagiskHide sensitive props
-CONFDEBUGGABLE=""
-CONFSECURE=""
-CONFTYPE=""
-CONFTAGS=""
-CONFBOOTMODE=""
-CONFMODE=""
-CONFVENDORMODE=""
-CONFHWC=""
-CONFHWCOUNTRY=""
-CONFSTATE=""
-CONFVERIFIEDBOOTSTATE=""
-CONFVENDORVERIFIEDBOOTSTATE=""
-CONFLOCKED=""
-CONFVERITYMODE=""
-CONFBOOTWARRANTY_BIT=""
-CONFBIT=""
-CONFVENDORBOOTWARRANTY_BIT=""
-CONFVENDORWARRANTY_BIT=""
-CONFVENDORDEVICE_STATE=""
+CONFDEBUGGABLE=true
+CONFSECURE=true
+CONFTYPE=true
+CONFTAGS=true
+CONFBOOTMODE=true
+CONFMODE=true
+CONFVENDORMODE=true
+CONFHWC=true
+CONFHWCOUNTRY=true
+CONFSTATE=true
+CONFVERIFIEDBOOTSTATE=true
+CONFVENDORVERIFIEDBOOTSTATE=true
+CONFLOCKED=true
+CONFVERITYMODE=true
+CONFBOOTWARRANTY_BIT=true
+CONFBIT=true
+CONFVENDORBOOTWARRANTY_BIT=true
+CONFVENDORWARRANTY_BIT=true
+CONFVENDORDEVICE_STATE=true
 
 # Set custom props
 CONFPROPS=""
@@ -155,27 +155,12 @@ CONFBACK=false
 # post-fs-data or late_start service mode. This is useful if props don't seem to set
 # propely or the module's boot script seems to be causing issues during boot.
 
-# The MagiskHide prop variables can be set as follows
-# (note that these props are by default set to the safe value):
-# CONFDEBUGGABLE - 0 or 1 (sensitive value is "1")
-# CONFSECURE - 0 or 1 (sensitive value is "0")
-# CONFTYPE - user or userdebug (sensitive value is "userdebug")
-# CONFTAGS - release-keys or test-keys (sensitive value is "test-keys")
-# CONFBOOTMODE - unknown or recovery (sensitive value is "recovery")
-# CONFMODE - unknown or recovery (sensitive value is "recovery")
-# CONFVENDORMODE - unknown or recovery (sensitive value is "recovery")
-# CONFHWC - GLOBAL or CN (sensitive value is CN)
-# CONFHWCOUNTRY - GLOBAL or China (sensitive value is China)
-# CONFSTATE - locked or unlocked (sensitive value is unlocked)
-# CONFVERIFIEDBOOTSTATE - green or orange (sensitive value is orange)
-# CONFVENDORVERIFIEDBOOTSTATE - green or orange (sensitive value is orange)
-# CONFLOCKED - 1 or 0 (sensitive value is 0)
-# CONFVERITYMODE - enforcing or permissive (sensitive value is permissive)
-# CONFBOOTWARRANTY_BIT - 0 or 1 (sensitive value is "1")
-# CONFBIT - 0 or 1 (sensitive value is "1")
-# CONFVENDORBOOTWARRANTY_BIT - 0 or 1 (sensitive value is "1")
-# CONFVENDORWARRANTY_BIT - 0 or 1 (sensitive value is "1")
-# CONFVENDORDEVICE_STATE - locked or unlocked (sensitive value is unlocked)
+# The MagiskHide prop variables, CONFDEBUGGABLE, CONFSECURE, CONFTYPE, CONFBOOTMODE, CONFMODE,
+# CONFVENDORMODE, CONFHWC, CONFHWCOUNTRY, CONFSTATE, CONFVERIFIEDBOOTSTATE, CONFVENDORVERIFIEDBOOTSTATE,
+# CONFLOCKED, CONFVERITYMODE, CONFBOOTWARRANTY_BIT, CONFBIT, CONFVENDORBOOTWARRANTY_BIT,
+# CONFVENDORWARRANTY_BIT and CONFVENDORDEVICE_STATE can be either enabled or disabled (enabled by default).
+# If set to true, these props will be changed known safe values if found to contain sensitive values.
+# Helps with hiding root.
 
 # CONFPROPS should contain any custom props and the value you want the module to set.
 # Any props you've previously edited in build.prop, and more, can be set like this.

common/propsconf_late

@@ -8,9 +8,9 @@
 # In that case, feel free to delete it.
 
 # Script version
-SCRIPTV=39
-SETTRANSF=4
-NOTTRANSF="PROPCOUNT;PROPEDIT;REDEBUGGABLE;RESECURE;RETYPE;RETAGS;REBOOTMODE;REMODE"
+SCRIPTV=40
+SETTRANSF=5
+NOTTRANSF="PROPCOUNT;PROPEDIT;REDEBUGGABLE;RESECURE;RETYPE;RETAGS;REBOOTMODE;REMODE;REVENDORMODE;REHWC;REHWCOUNTRY;RESTATE;REVERIFIEDBOOTSTATE;REVENDORVERIFIEDBOOTSTATE;RELOCKED;REVERITYMODE;REBOOTWARRANTY_BIT;REBIT;REVENDORBOOTWARRANTY_BIT;REVENDORWARRANTY_BIT;REVENDORDEVICE_STATE"
 
 # Fingerprint
 FINGERPRINTENB=1
@@ -43,6 +43,26 @@ PARTPROPSSET=1
 PROPCOUNT=19
 PROPEDIT=1
 PROPBOOT=0
+# Control variables
+REDEBUGGABLE=1
+RESECURE=1
+RETYPE=1
+RETAGS=1
+REBOOTMODE=1
+REMODE=1
+REVENDORMODE=1
+REHWC=1
+REHWCOUNTRY=1
+RESTATE=1
+REVERIFIEDBOOTSTATE=1
+REVENDORVERIFIEDBOOTSTATE=1
+RELOCKED=1
+REVERITYMODE=1
+REBOOTWARRANTY_BIT=1
+REBIT=1
+REVENDORBOOTWARRANTY_BIT=1
+REVENDORWARRANTY_BIT=1
+REVENDORDEVICE_STATE=1
 
 # Custom props
 CUSTOMEDIT=0
@@ -156,24 +176,3 @@ CUSTOMPROPSLIST="$CUSTOMPROPS $CUSTOMPROPSPOST $CUSTOMPROPSLATE $CUSTOMPROPSDELA
 
 # ---Delete prop values---
 DELETEPROPS=""
-
-# ---MagiskHide sensitive props---
-REDEBUGGABLE=true
-RESECURE=true
-RETYPE=true
-RETAGS=true
-REBOOTMODE=true
-REMODE=true
-REVENDORMODE=true
-REHWC=true
-REHWCOUNTRY=true
-RESTATE=true
-REVERIFIEDBOOTSTATE=true
-REVENDORVERIFIEDBOOTSTATE=true
-RELOCKED=true
-REVERITYMODE=true
-REBOOTWARRANTY_BIT=true
-REBIT=true
-REVENDORBOOTWARRANTY_BIT=true
-REVENDORWARRANTY_BIT=true
-REVENDORDEVICE_STATE=true