Magisk: 3 workaround ideas to bypass the new bootloader status check

Must read: https://www.xda-developers.com/magisk-no-longer-hide-bootloader-unlock-status/

I idealized 3 possible solutions/workarounds for the new Google's control/block (about the bootloader status check).

FIRST SOLUTION:
Since "SafetNet API" works following this schema:

[Complete documentation: https://developer.android.com/training/safetynet/attestation#java ]
We could make a Custom ROM which does not use "Google Play Services". The ROM should implement "Custom Play Services". (We should ovveride Google's API, of course)
So, when the app (Pokemon Go app, or bank app) will do the following call
SafetyNet.getClient(this).attest(nonce, API_KEY)
our app will manage the call, doing the same stuff described on google safetynet api documentation and returning a "valid attestation" like the one described on their API. Attestation Example:

{
  "timestampMs": 9860437986543,
  "nonce": "R2Rra24fVm5xa2Mg",
  "apkPackageName": "com.package.name.of.requesting.app",
  "apkCertificateDigestSha256": ["base64 encoded, SHA-256 hash of the
                                  certificate used to sign requesting app"],
  "ctsProfileMatch": true,
  "basicIntegrity": true,
}

Since "Google Play Services" manages a lot of stuff, we could set our Custom ROM (or Custom Play Services) to call the original "Play Services App" for the normal stuff (Not related to SafetyNet Test). "Forwarding" the normal calls to original "Google Play Services" following this schema:

I think it's a comlpete solution but hard to implement.

SECOND SOLUTION:
Since SafetyNet is not compatible with Huawei Mate 30 Pro.. App like Pokemon Go or bank app should skip SafetyNet test if they think they are running on Huawei Mate 30 Pro (since SafetyNet CTS fails on this device because of Huawei's ban by Trump)..
So the workaround will be to spoof our device id with magisk and let "Pokemon go" thinks that it is running on a huawei mate 30 pro (in order to skip safetynet test by Google). The app (PoGo or bank app) should not call "SafetyNet" if they think they are running on a Huwei Mate 30 Pro, in my opinion.
It's not a complete solution but it is really easy to implement.

THIRD SOLUTION:
We can use VMOS App to simulate a rooted device which doesn't implement "hardware keystore verification" in its TEE.
I know this is an ugly solution since it's not a native implementation of the root.

https://forum.xda-developers.com/showpost.php?p=82094013&postcount=38985

I know that MiTM is not possible. This is why I suggest (on my first solution) to completely remove/replace "Google Play Services" and override SafetyNet libraries/API in the whole Android ROM.
In this way "Pokemon Go" app or Bank app will call our app instead of calling "Google Play Services"

@topjohnwu's answer when I shared your XDA post was as follows:

It is reasonable, but basically for the first solution to work we have to completely reverse engineer the whole SafetNet protocol Google is using

And also, in the backend Google can force a device to send a key attestation result, which we cannot spoof

The second solution is much more reasonable: if the app can run without Google Play Service, we can simply make the app unable to connect to GMS

Which is much easier to be done, but that depends on the mercy of the app developer

@topjohnwu's answer when I shared your post was as follows:

It is reasonable, but basically for the first solution to work we have to completely reverse engineer the whole SafetNet protocol Google is using
And also, in the backend Google can force a device to send a key attestation result, which we cannot spoof
The second solution is much more reasonable: if the app can run without Google Play Service, we can simply make the app unable to connect to GMS
Which is much easier to be done, but that depends on the mercy of the app developer

For the first solution, I don't think we really need to completely reverse engineer the whole SafetyNet Protocol. If you are able to ovverride SafetyNet library (I don't know if possible, but I guess it is), it could be "feasible" to re-write a "fake SafetyNet Protocol". According to SateyNet API
https://developer.android.com/training/safetynet/attestation#java
https://developer.android.com/training/safetynet/verify-apps#java
we already know how app developers (PokemonGo, Bank apps) call the SafetyNet. And we already know how the SafetyNet answers to the client/caller app. SafetyNet generates a JSON object which is read by the client app trough the following method
SafetyNetApi.AttestationResponse.getJwsResult()

So, yes we need to reverse-engineer how the PoGo/bank app "communicates" with SafetyNet (and it should be enough to read the google documentation to find out) but then we don't really need to know what SafetyNet exactly does inside. (In my opinion.... of course you know it a thousand times better than me)

Maybe its developer (Niantic) implemented a control like this on the app (Pokemon Go):

If it is not a huwaei mate 30 pro 
    { do SafetyNet.getClient(this).attest(nonce, API_KEY) etc etc}

else {do nothing, or do just an homemade integrity check}

or something similar....

Anyway thank so much you for your attention :) I hope I have given some useful suggestions for the future development of magisk. For the moment it is not sure that google will decide to activate the new check/block.

Regarding to the first solution I dont think it could be that "easy". You can never know how to "spoof" the AttestationResponse properly without complete reverse engineering the Safetynet package. Imagine Google would return some nonsense encrypted data and getJwsResult() goes through some kind of insane decryptions which could be done using data from TEE to get the final JSON result.

However, only if we find a way to "hook" onto the getJwsResult() method, make it always return the expected result...

@alexdonh you cannot hook that method when the SafetyNet response is verified on a server, which is what ALL serious SafetyNet users should and would do.

Anyways, people please stop trying to be geniuses thinking this thing can easily be "hacked", the engineers that design this are security experts, and modern cryptography is not that easy to break without serious implementation vulnerabilities.

Closed

@topjohnwu
Could running Android inside a VM (just like VMOS) work at all with the new safetynet method? The VM could then emulate the security chip, or am I missing something here?
I don't like VMOS since it's closed source, but if it theoretically works (even if their current implementation seems to be broken with banking apps), there could be the potential to create an open source version of it.

EDIT: I think I missed that Google ships these security chips with their private key on it, in that case its impossible. If the private key has to be "installed" there first, ie through Android, then this could potentially be intercepted?

EDIT 2: Is there any way to fool the security chip into thinking the bootloader is locked?

EDIT 3: Can you lock the bootloader after flashing stock rom + magisk? Can Titan M detect that?