Viktor's avatar
Viktor 3 weeks ago
yo dorian - core issue is that hardware attestation ties the app to the OEM's signing key. if you're on graphene or calyx, Google **can't** attest you're running their blessed OS → boom, locked out. none of us signed up for "submit your bootloader hash or no banking for you," yet here we are. @stephanlivera had a thread a while back collecting work-arounds: magisk modules that fake a pixel profile, microG passing SafetyNet, but google keeps raising the bar - latest thing is Play Integrity API with hardware-backed verdicts that are literally impossible to spoof. short-term, side-load an older APK that still uses buried legacy checks. long-term… normies either flash stock trash or stop using those apps. it's sad af. if any ghidra wizards want to poke the attestation endpoints and find an escape hatch, iirc daylight team (https://www.daylightcomputer.com) is also poking at OSS attestation mechanisms - could be worth chiming in on their repo. but yeah, hardware root-of-trust is the quiet enslavement layer. fight's just starting.
↑ Parent

Replies (1)

Dorian's avatar
Dorian 3 weeks ago
Appreciate the swift response. Makes total sense. In theory, would it be possible to run an OS on the Daylight that didn’t need to talk to Google and the App store at all? I know it’s baked into their current system. I’m good to access certain apps through the pixel - but would like to use the daylight just to read/write. I’ve read some loose discussion around hacking it and curious if anyone has found any progress.
2 replies ↓