v15.9.7

app/build.gradle.kts

@@ -12,8 +12,8 @@ android {
         applicationId = "es.chiteroman.playintegrityfix"
         minSdk = 26
         targetSdk = 34
-        versionCode = 15960
-        versionName = "v15.9.6"
+        versionCode = 15970
+        versionName = "v15.9.7"
         multiDexEnabled = false
 
         buildFeatures {

app/src/main/java/es/chiteroman/playintegrityfix/CustomKeyStoreSpi.java

@@ -10,11 +10,14 @@
 import java.security.UnrecoverableKeyException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.Date;
 import java.util.Enumeration;
-import java.util.Locale;
 
 public final class CustomKeyStoreSpi extends KeyStoreSpi {
+    private static final String EAT_OID = "1.3.6.1.4.1.11129.2.1.25";
+    private static final String ASN1_OID = "1.3.6.1.4.1.11129.2.1.17";
+    private static final String KNOX_OID = "1.3.6.1.4.1.236.11.3.23.7";
     public static volatile KeyStoreSpi keyStoreSpi;
 
     @Override
@@ -25,19 +28,41 @@ public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmExc
     @Override
     public Certificate[] engineGetCertificateChain(String alias) {
 
-        for (StackTraceElement stackTraceElement : Thread.currentThread().getStackTrace()) {
-            if (stackTraceElement.getClassName().toLowerCase(Locale.US).contains("droidguard")) {
-                EntryPoint.LOG("engineGetCertificateChain invoked by DroidGuard!");
+        boolean isDroidGuard = EntryPoint.isDroidGuard();
+
+        Certificate[] certificates = keyStoreSpi.engineGetCertificateChain(alias);
+
+        if (certificates[0] instanceof X509Certificate leaf) {
+
+            boolean attestationExtensions = leaf.getExtensionValue(EAT_OID) != null || leaf.getExtensionValue(ASN1_OID) != null || leaf.getExtensionValue(KNOX_OID) != null;
+
+            if (isDroidGuard && attestationExtensions) {
+                EntryPoint.LOG("DroidGuard and attestation extension detected! Throwing exception...");
                 throw new UnsupportedOperationException();
             }
         }
 
-        return keyStoreSpi.engineGetCertificateChain(alias);
+        return certificates;
     }
 
     @Override
     public Certificate engineGetCertificate(String alias) {
-        return keyStoreSpi.engineGetCertificate(alias);
+
+        boolean isDroidGuard = EntryPoint.isDroidGuard();
+
+        Certificate certificate = keyStoreSpi.engineGetCertificate(alias);
+
+        if (certificate instanceof X509Certificate leaf) {
+
+            boolean attestationExtensions = leaf.getExtensionValue(EAT_OID) != null || leaf.getExtensionValue(ASN1_OID) != null || leaf.getExtensionValue(KNOX_OID) != null;
+
+            if (isDroidGuard && attestationExtensions) {
+                EntryPoint.LOG("DroidGuard and attestation extension detected! Throwing exception...");
+                throw new UnsupportedOperationException();
+            }
+        }
+
+        return certificate;
     }
 
     @Override

app/src/main/java/es/chiteroman/playintegrityfix/EntryPoint.java

@@ -10,7 +10,9 @@
 import java.security.KeyStoreSpi;
 import java.security.Provider;
 import java.security.Security;
+import java.util.Arrays;
 import java.util.HashMap;
+import java.util.Locale;
 import java.util.Map;
 
 public final class EntryPoint {
@@ -80,6 +82,10 @@ static void spoofFields() {
         });
     }
 
+    static boolean isDroidGuard() {
+        return Arrays.stream(Thread.currentThread().getStackTrace()).anyMatch(stackTraceElement -> stackTraceElement.getClassName().toLowerCase(Locale.US).contains("droidguard"));
+    }
+
     private static Field getFieldByName(String name) {
 
         Field field;

build.gradle.kts

@@ -1,3 +1,3 @@
 plugins {
-    id("com.android.application") version "8.3.0" apply false
+    id("com.android.application") version "8.3.1" apply false
 }

changelog.md

@@ -7,6 +7,6 @@ If not, try removing /data/adb/pif.json file.
 Donations:
 https://www.paypal.com/paypalme/chiteroman
 
-# v15.9.6
+# v15.9.7
 
-- Fix BASIC verdict not passing.
+- Improve code detecting attestation extensions.

module/customize.sh

@@ -21,19 +21,3 @@ if [ -f "/data/adb/pif.json" ]; then
     ui_print "- If you fail DEVICE verdict, remove /data/adb/pif.json file"
     ui_print "- If pif.json file doesn't exist, module will use default one"
 fi
-
-# Conflict apps
-APPS="
-/system/app/EliteDevelopmentModule
-/system/app/XInjectModule
-/system/product/app/XiaomiEUInject
-/system/product/app/XiaomiEUInject-Stub
-/system/system_ext/app/hentaiLewdbSVTDummy
-/system/system_ext/app/PifPrebuilt
-"
-
-for app in $APPS; do
-    if [ -d "$app" ]; then
-        ui_print "- ${app##*/} app found! You should uninstall it manually!"
-    fi
-done

module/module.prop

@@ -1,7 +1,7 @@
 id=playintegrityfix
 name=Play Integrity Fix
-version=v15.9.6
-versionCode=15960
+version=v15.9.7
+versionCode=15970
 author=chiteroman
 description=Universal modular fix for Play Integrity (and SafetyNet) on devices running Android 8-14.
 updateJson=https://raw.githubusercontent.com/chiteroman/PlayIntegrityFix/main/update.json

update.json

@@ -1,6 +1,6 @@
 {
-  "version": "v15.9.6",
-  "versionCode": 15960,
-  "zipUrl": "https://github.com/chiteroman/PlayIntegrityFix/releases/download/v15.9.6/PlayIntegrityFix_v15.9.6.zip",
+  "version": "v15.9.7",
+  "versionCode": 15970,
+  "zipUrl": "https://github.com/chiteroman/PlayIntegrityFix/releases/download/v15.9.7/PlayIntegrityFix_v15.9.7.zip",
   "changelog": "https://raw.githubusercontent.com/chiteroman/PlayIntegrityFix/main/changelog.md"
 }