From bf00dbf143934f3f1822e0f53c7c45f83dbd8b51 Mon Sep 17 00:00:00 2001 From: chiteroman Date: Wed, 4 Sep 2024 12:12:52 +0200 Subject: [PATCH] Update + fix compile Get scripts from PIFork by @osm0sis Co-authored-by: Chris Renshaw --- app/build.gradle.kts | 9 +- app/src/main/cpp/CMakeLists.txt | 2 +- app/src/main/cpp/main.cpp | 133 +++++++++++-------- module/common_func.sh | 53 ++++++++ module/customize.sh | 15 +-- module/keybox.xml | 223 ++++++++++++++++++++++++++++++++ module/module.prop | 2 +- module/post-fs-data.sh | 42 ++++-- module/service.sh | 86 ++++++------ 9 files changed, 433 insertions(+), 132 deletions(-) create mode 100644 module/common_func.sh create mode 100644 module/keybox.xml diff --git a/app/build.gradle.kts b/app/build.gradle.kts index d820bce1..6fca78f1 100644 --- a/app/build.gradle.kts +++ b/app/build.gradle.kts @@ -16,9 +16,6 @@ android { resources { excludes += "**" } - jniLibs { - excludes += "**/libdobby.so" - } } defaultConfig { @@ -26,7 +23,7 @@ android { minSdk = 26 targetSdk = 35 versionCode = 17300 - versionName = "v17.3" + versionName = "v17.4-TEST" multiDexEnabled = false externalNativeBuild { @@ -43,13 +40,13 @@ android { ) cFlags( - "-std=c23", + "-std=gnu23", "-fvisibility=hidden", "-fvisibility-inlines-hidden" ) cppFlags( - "-std=c++23", + "-std=gnu++26", "-fno-exceptions", "-fno-rtti", "-fvisibility=hidden", diff --git a/app/src/main/cpp/CMakeLists.txt b/app/src/main/cpp/CMakeLists.txt index 7a12f2a1..d72e3dc5 100644 --- a/app/src/main/cpp/CMakeLists.txt +++ b/app/src/main/cpp/CMakeLists.txt @@ -25,7 +25,7 @@ add_library(${CMAKE_PROJECT_NAME} SHARED target_include_directories(${CMAKE_PROJECT_NAME} PRIVATE cJSON - shadowhook/shadowhook/src/main/cpp + shadowhook/. shadowhook/arch/${ARCH} shadowhook/include shadowhook/common diff --git a/app/src/main/cpp/main.cpp b/app/src/main/cpp/main.cpp index fe42c582..e81d1426 100644 --- a/app/src/main/cpp/main.cpp +++ b/app/src/main/cpp/main.cpp @@ -1,10 +1,11 @@ #include #include #include +#include +#include #include -#include #include "zygisk.hpp" -#include "dobby.h" +#include "shadowhook.h" #include "cJSON.h" #define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, "PIF", __VA_ARGS__) @@ -18,30 +19,35 @@ #define TS_PATH "/data/adb/modules/tricky_store" -static ssize_t xread(int fd, void *buffer, size_t count) { - ssize_t total = 0; - char *buf = (char *) buffer; - while (count > 0) { - ssize_t ret = read(fd, buf, count); - if (ret < 0) return -1; - buf += ret; - total += ret; - count -= ret; +static size_t xread(int fd, uint8_t *data, size_t size) { + size_t remaining = size; + while (remaining > 0) { + ssize_t n = TEMP_FAILURE_RETRY(read(fd, data, remaining)); + if (n <= 0) { + return size - remaining; + } + data += n; + remaining -= n; } - return total; + return size; } -static ssize_t xwrite(int fd, void *buffer, size_t count) { - ssize_t total = 0; - char *buf = (char *) buffer; - while (count > 0) { - ssize_t ret = write(fd, buf, count); - if (ret < 0) return -1; - buf += ret; - total += ret; - count -= ret; +static size_t xwrite(int fd, uint8_t *data, size_t size) { + size_t remaining = size; + while (remaining > 0) { + ssize_t n = TEMP_FAILURE_RETRY(write(fd, data, remaining)); + if (n < 0) { + LOGE("write failed: %s", strerror(errno)); + return size - remaining; + } + data += n; + remaining -= n; } - return total; + if (TEMP_FAILURE_RETRY(fsync(fd)) == -1) { + LOGE("fsync failed: %s", strerror(errno)); + return -1; + } + return size; } static std::string DEVICE_INITIAL_SDK_INT; @@ -93,18 +99,28 @@ my_system_property_read_callback(const prop_info *pi, T_Callback callback, void return o_system_property_read_callback(pi, modify_callback, cookie); } -static void doHook() { - void *handle = DobbySymbolResolver(nullptr, "__system_property_read_callback"); - if (!handle) { - LOGE("error resolving __system_property_read_callback symbol!"); - return; - } - if (DobbyHook(handle, (void *) my_system_property_read_callback, - (void **) &o_system_property_read_callback)) { - LOGE("hook __system_property_read_callback failed!"); - return; +static bool doHook() { + shadowhook_init(SHADOWHOOK_MODE_UNIQUE, false); + { + auto libc_handle = shadowhook_dlopen("libc.so"); + if (!libc_handle) { + LOGE("error loading libc.so library!"); + goto exit; + } + auto handle = shadowhook_dlsym(libc_handle, "__system_property_read_callback"); + if (!handle) { + LOGE("error resolving __system_property_read_callback symbol!"); + goto exit; + } + if (shadowhook_hook_sym_addr(handle, (void *) my_system_property_read_callback, + (void **) &o_system_property_read_callback)) { + LOGD("hook __system_property_read_callback success at %p", handle); + return true; + } } - LOGD("hook __system_property_read_callback success at %p", handle); + exit: + LOGE("hook __system_property_read_callback failed!"); + return false; } class PlayIntegrityFix : public zygisk::ModuleBase { @@ -160,8 +176,8 @@ class PlayIntegrityFix : public zygisk::ModuleBase { int dexSize = 0, jsonSize = 0; std::vector jsonVector; - xread(fd, &dexSize, sizeof(int)); - xread(fd, &jsonSize, sizeof(int)); + xread(fd, (uint8_t *) &dexSize, sizeof(int)); + xread(fd, (uint8_t *) &jsonSize, sizeof(int)); if (dexSize > 0) { dexVector.resize(dexSize); @@ -176,7 +192,7 @@ class PlayIntegrityFix : public zygisk::ModuleBase { } bool trickyStore = false; - xread(fd, &trickyStore, sizeof(trickyStore)); + xread(fd, (uint8_t *) &trickyStore, sizeof(trickyStore)); close(fd); @@ -186,7 +202,7 @@ class PlayIntegrityFix : public zygisk::ModuleBase { parseJSON(); if (trickyStore) { - LOGD("TrickyStore module installed and enabled, disabling spoofProps and spoofProvider"); + LOGD("TrickyStore module installed, disabling spoofProps and spoofProvider"); spoofProps = false; spoofProvider = false; } @@ -197,8 +213,9 @@ class PlayIntegrityFix : public zygisk::ModuleBase { UpdateBuildFields(); - if (spoofProps) doHook(); - else api->setOption(zygisk::DLCLOSE_MODULE_LIBRARY); + if (spoofProps) + if (!doHook()) + api->setOption(zygisk::DLCLOSE_MODULE_LIBRARY); if (spoofProvider || spoofSignature) injectDex(); else @@ -218,8 +235,8 @@ class PlayIntegrityFix : public zygisk::ModuleBase { JNIEnv *env = nullptr; std::vector dexVector; cJSON *json = nullptr; - bool spoofProps = true; - bool spoofProvider = true; + bool spoofProps = false; + bool spoofProvider = false; bool spoofSignature = false; void parseJSON() { @@ -305,7 +322,7 @@ class PlayIntegrityFix : public zygisk::ModuleBase { jclass buildClass = env->FindClass("android/os/Build"); jclass versionClass = env->FindClass("android/os/Build$VERSION"); - cJSON *currentElement = nullptr; + cJSON *currentElement; cJSON_ArrayForEach(currentElement, json) { const char *key = currentElement->string; @@ -345,7 +362,9 @@ static std::vector readFile(const char *path) { if (!file) return {}; - auto size = std::filesystem::file_size(path); + fseek(file, 0, SEEK_END); + auto size = ftell(file); + fseek(file, 0, SEEK_SET); std::vector vector(size); @@ -360,21 +379,16 @@ static void companion(int fd) { std::vector dex, json; - if (std::filesystem::exists(DEX_PATH)) { - dex = readFile(DEX_PATH); - } + dex = readFile(DEX_PATH); - if (std::filesystem::exists(PIF_JSON)) { - json = readFile(PIF_JSON); - } else if (std::filesystem::exists(PIF_JSON_DEFAULT)) { - json = readFile(PIF_JSON_DEFAULT); - } + json = readFile(PIF_JSON); + if (json.empty()) json = readFile(PIF_JSON_DEFAULT); int dexSize = static_cast(dex.size()); int jsonSize = static_cast(json.size()); - xwrite(fd, &dexSize, sizeof(int)); - xwrite(fd, &jsonSize, sizeof(int)); + xwrite(fd, (uint8_t *) &dexSize, sizeof(int)); + xwrite(fd, (uint8_t *) &jsonSize, sizeof(int)); if (dexSize > 0) { xwrite(fd, dex.data(), dexSize * sizeof(uint8_t)); @@ -384,9 +398,16 @@ static void companion(int fd) { xwrite(fd, json.data(), jsonSize * sizeof(uint8_t)); } - bool trickyStore = std::filesystem::exists(TS_PATH) && - !std::filesystem::exists(std::string(TS_PATH) + "/disable"); - xwrite(fd, &trickyStore, sizeof(trickyStore)); + bool trickyStore = false; + + DIR *dir = opendir(TS_PATH); + + if (dir) { + trickyStore = true; + closedir(dir); + } + + xwrite(fd, (uint8_t *) &trickyStore, sizeof(trickyStore)); } REGISTER_ZYGISK_MODULE(PlayIntegrityFix) diff --git a/module/common_func.sh b/module/common_func.sh new file mode 100644 index 00000000..b1114633 --- /dev/null +++ b/module/common_func.sh @@ -0,0 +1,53 @@ +RESETPROP="resetprop -n" +[ -n "$MAGISK_VER_CODE" ] && [ "$MAGISK_VER_CODE" -lt "27003" ] && RESETPROP=resetprop_hexpatch + +# resetprop_hexpatch [-f|--force] +resetprop_hexpatch() { + case "$1" in + -f|--force) local FORCE=1; shift;; + esac + + local NAME="$1" + local NEWVALUE="$2" + local CURVALUE="$(resetprop "$NAME")" + + [ ! "$NEWVALUE" -o ! "$CURVALUE" ] && return 1 + [ "$NEWVALUE" = "$CURVALUE" -a ! "$FORCE" ] && return 2 + + local NEWLEN=${#NEWVALUE} + if [ -f /dev/__properties__ ]; then + local PROPFILE=/dev/__properties__ + else + local PROPFILE="/dev/__properties__/$(resetprop -Z "$NAME")" + fi + [ ! -f "$PROPFILE" ] && return 3 + local NAMEOFFSET=$(echo $(strings -t d "$PROPFILE" | grep "$NAME") | cut -d ' ' -f 1) + + # + local NEWHEX="$(printf '%02x' "$NEWLEN")$(printf "$NEWVALUE" | od -A n -t x1 -v | tr -d ' \n')$(printf "%$((92-NEWLEN))s" | sed 's/ /00/g')" + + printf "Patch '$NAME' to '$NEWVALUE' in '$PROPFILE' @ 0x%08x -> \n[0000??$NEWHEX]\n" $((NAMEOFFSET-96)) + + echo -ne "\x00\x00" \ + | dd obs=1 count=2 seek=$((NAMEOFFSET-96)) conv=notrunc of="$PROPFILE" + echo -ne "$(printf "$NEWHEX" | sed -e 's/.\{2\}/&\\x/g' -e 's/^/\\x/' -e 's/\\x$//')" \ + | dd obs=1 count=93 seek=$((NAMEOFFSET-93)) conv=notrunc of="$PROPFILE" +} + +# resetprop_if_diff +resetprop_if_diff() { + local NAME="$1" + local EXPECTED="$2" + local CURRENT="$(resetprop "$NAME")" + + [ -z "$CURRENT" ] || [ "$CURRENT" = "$EXPECTED" ] || $RESETPROP "$NAME" "$EXPECTED" +} + +# resetprop_if_match +resetprop_if_match() { + local NAME="$1" + local CONTAINS="$2" + local VALUE="$3" + + [[ "$(resetprop "$NAME")" = *"$CONTAINS"* ]] && $RESETPROP "$NAME" "$VALUE" +} diff --git a/module/customize.sh b/module/customize.sh index c79392a3..f9fcefc3 100644 --- a/module/customize.sh +++ b/module/customize.sh @@ -1,6 +1,11 @@ +# Module requires Zygisk to work +if [ "$ZYGISK_ENABLED" != "1" ] && [ ! -d "/data/adb/modules/zygisksu" ]; then + abort "! Zygisk is not enabled. Please, enable Zygisk in Magisk Settings or install the ZygiskNext or ReZygisk module." +fi + # Error on < Android 8 if [ "$API" -lt 26 ]; then - abort "- !!! You can't use this module on Android < 8.0" + abort "! You can't use this module on Android < 8.0" fi # safetynet-fix module is obsolete and it's incompatible with PIF @@ -20,16 +25,8 @@ if [ -d "/data/adb/modules/MagiskHidePropsConf" ]; then ui_print "! WARNING, MagiskHidePropsConf module may cause issues with PIF." fi -# If TrickyStore module is installed, PIF won't spoof Provider -if [ -d "/data/adb/modules/tricky_store" ]; then - ui_print "- TrickyStore module detected!" - ui_print "- PIF will disable Provider spoofing." -fi - # Check custom fingerprint if [ -f "/data/adb/pif.json" ]; then mv -f "/data/adb/pif.json" "/data/adb/pif.json.old" ui_print "- Backup custom pif.json" fi - -rm -rf "$MODPATH"/system diff --git a/module/keybox.xml b/module/keybox.xml new file mode 100644 index 00000000..0ebd49ff --- /dev/null +++ b/module/keybox.xml @@ -0,0 +1,223 @@ + + +1 + + +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIGQ+NF83whDMnVFvZqS7k5JeUGVdrT8W5mpNGdnjjDF5oAoGCCqGSM49 +AwEHoUQDQgAEKVCTV5RrPpZBQ7TtYYWWH6Z4yHZHYUC7uAL3QR4bANkVLRSRl8IM +Haftwd9bpx8BbYjZ06tfNAgKOvf7XG99qA== +-----END EC PRIVATE KEY----- + + +3 +-----BEGIN CERTIFICATE----- +MIIB8jCCAXmgAwIBAgIQKwoJppxZtILduKIXhv3UOTAKBggqhkjOPQQDAjA5MQww +CgYDVQQMDANURUUxKTAnBgNVBAUTIDFlMDE2NzUzMzA4YTAxYzAzNjA3MGI5OTE2 +Mjk2YTI3MB4XDTIyMDkxNzE3MTQwNVoXDTMyMDkxNDE3MTQwNVowOTEMMAoGA1UE +DAwDVEVFMSkwJwYDVQQFEyAwYzg2ODRjNjZkNWMzZjYzYzJkMjQ5NGI3MmI4MmQ1 +MDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABClQk1eUaz6WQUO07WGFlh+meMh2 +R2FAu7gC90EeGwDZFS0UkZfCDB2n7cHfW6cfAW2I2dOrXzQICjr3+1xvfaijYzBh +MB0GA1UdDgQWBBT8eC55sS2oWckA4/jGdnp0YyS0WDAfBgNVHSMEGDAWgBRdhLpD +LqBcYlbgdmid7HLDFF5bCzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIC +BDAKBggqhkjOPQQDAgNnADBkAjEAtHZAFIYynmEGbvR9I2fFo3h5HJUERDqSc4z7 +I3vfkfFMwYGA56EcBxk1qxWmwBliAi9gH5fYU6TaZaD51bBSghTdDkhC6dU8mBxo +BYwKc5RYL9UHitlJXn7k5pEY2Lhn/A== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDlDCCAXygAwIBAgIRANinq/UsMAzvigSUsi3p4fYwDQYJKoZIhvcNAQELBQAw +GzEZMBcGA1UEBRMQZjkyMDA5ZTg1M2I2YjA0NTAeFw0yMjA5MTcxNzEyNDFaFw0z +MjA5MTQxNzEyNDFaMDkxDDAKBgNVBAwMA1RFRTEpMCcGA1UEBRMgMWUwMTY3NTMz +MDhhMDFjMDM2MDcwYjk5MTYyOTZhMjcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQf +Jkk4hCJ3MNB12tmt0DrQDjn9uwBF89CoJ/LU0kuj13hqfLIsHl3th9DkJArDpTsi +Ax6d71ar28LENHmgdvKnszyjAvMgXSp6Fpg0ALJ6KQHMS8PCIsjXv0YDEtUzFdSj +YzBhMB0GA1UdDgQWBBRdhLpDLqBcYlbgdmid7HLDFF5bCzAfBgNVHSMEGDAWgBQ2 +YeEAfIgFCVGLRGxH/xpMyepPEjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwICBDANBgkqhkiG9w0BAQsFAAOCAgEAHQ0wJzHWVWAjPH+m98e2RXvO4bCZDihX +DWc5qItz/Q1xIhjkmUI8Ftoka7ha2TJBxSvuPzLi50HaKXVw1cPXaOU2erovMzqi +oMkNg0Ga0m0xwf814RoHe6f75nOoEEpgVzUf1ghkqqhVuIcoNq8SJ/hsHIBeF8LA +Rh5+8/9Ig4sR4hcSunRuV3lYbgTuxbiM7w1RsoIJsM7/SaWI/nYsdWh2TTgCuyqC +t/epgp2lZAdGdNNGsCnUxoflZ/tdB+dMzptbqaRza27h5dODyaZRrJ6HTaL4uhZI +d5otPVbyhqG5RjY3oMK8m3GuMRq/ne8+6sV7JmXWfDHYdjJyyOLYgVlTnm62LSpq +1KGeZqL0L8hlXeyOFxXvc/QrQ0Bt6YOgv6B4R+TAd1g7VrEeh1VJosXJFWrgrVHC +pg00zqPGZUplUScP3E5YkCNqz87FfFmge0bYMIoOxAGa3PcyxokI7s73Bou2gtz8 +WFEVbkaVtvn/8kA+5zbROxZg2piaJdQkMROJ9LfH49saN5VdRn1qESh4QkA78/nV +zHQBWvBMM7LbiXFKbWzXidBCB7O0K9tgqJZhgWCtvTPGrQLGNOYRs2fwN3BaaA11 +TcCLimFESMIh724v0Zc9DgTh3p4EA/X0loJnNrfUBON9UkNsrh8KWvJZ+bFn50eV +DpEmzUJZXhI= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV +BAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgw +NzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS +Sxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7 +tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj +nar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq +C4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ +oVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O +JtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg +sTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi +igHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M +RPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E +aDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um +AGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1Ud +IwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYD +VR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7 +174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGIC +W/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2G +tkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkx +oSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG +1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mF +mr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPz +lHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVw +n6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1Eu +zbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHo +vaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHn +w1IdYIg2Wxg7yHcQZemFQg== +-----END CERTIFICATE----- + + + + +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAo5DAL9BwnJ3C47bwLXPgkuVsvwR/DEuZzq+wsDPu+qPO37+9 +d9t52aASg42/VSKzSYqxN4vg6IFL3EhtKB0NJ5a2GJnA+HdGXvUhjZHod8TQ4FCi +lGtJJqAm2wkxakM9RYjZ0Tkbv4zL8IlTuJp5iwThh3yu3SCeJveOTYw/wb9RfH+k +S8ziaQrkHjmG57qfmmCkKODw9YOHLRokmj2rc7nHXxtkPh25Jp4m2pfvgjHaVRvw +0X3h2eUcfVtm+PvhW6zEr/0UdMJIaNO80VahPXWeqIlCu3jZoMH6aNzitUWFCuTj +6fE7dBc++FhSKiY24mNFYExWb6giKyInl1lyJlkym1AUi+dH3Y70e671G+HdNWQy +pRmtwVycUWhpLRcXrwIe2++td1Mvedww4F3flzuHNyRsxnB9pfoe5qYQdvkc6pyy +T83xw9yMEwSzYCB9cwmxmUJ4XuJN1BjsXCECTs2fimgP7iJew03Vd6W/1A+b9yih +rlqPVvPLF/jmIKDbAgMBAAECggGAealSen41NRlXfB93mKdndHw4HgEPKysUlZsy +9m06pa2wU9d/66YRhWE+RCHsHjw4VUxXMvTVbru1nH02zC6HuVmtyrCay3WUn08A +DRhpbKS1pRP1SiZe+98F58h3vA2VhqIbOjebPyhQDXNoFZi5LUGNK0T/oDUBzgQ3 +EdFvHwLabptWrpcQFYfnU+AAS18SFjcqA8oFEOkrY83dSejzHZojBMgQEO/05xed +2NxIZ3QDbWjiAED8/CEhxtB00GAw+KBVz5BAzXqM59O713mptO1A9u6YQs/wqYeS +opoDqtRbj+dKNZxIRCfB3FacGztKVnL8Pdj66f9o99KCyMH9Pd5fmmZhSn0Tcz9a +hRnQzQK8np/R0669wR83uJryPdbcIs0plxt2GPgnz8dUuJDhx0EmvE1JJ75D9IgW +tFBwpa8Zli82VXOJPVIh+GITstbQRb8qHLL+NKemlwHDjh0H7vDQyegAScUs3Vzu +qRmmCNLapZz8pd3y+iJ+TA4RPTEpAoHBAM1MsmbIoJhm0lLsyCPSVWRwv+VQsKo8 +OyDSAc8j4YjNazs7cM25WDJh2H2V3VMikCqsji//aP6vGFPSDTxtymwBb+LBz8j+ +wW45rUm44zI43114truDDEhnL7ky9N8NErHEwEda8WHq65JAwRHUMaslD+M5McAb +q7HUSEWqqBb/iVSc/BpvW9TdEp7SHaYozIHi7nvdp9Bn8PoL0SsuO4XHSsW18EJU +xMYSlikKETDo58IwRa5Bc5Tr92kcX+VzXwKBwQDL9ZELY04z8mqpTQW/6m8NKDws +AjHG6j7GulCIThCSffBFBTMpddS/23a/nb13FhuOhLjP8rjQqR1MCwaAr55sPNqr +X9Hct8/C6H9hM/CM2da04lP/Y9x26SQ6dtJkyzc2S/48/+yUdppw5i4i0VHp0x6d +hR8HPNZvNAQ4nbwrOqcplJ5Ir4EIb0zy90HOZMLc32dy4lbLcHpXYP9mfZo5vGqM +V4hSL/NDfmTp5CdTxLzuwLumDQkqs/5FTAe2oAUCgcEAhZq2N0G1kbjIg4LotLc7 +L0RY/clHT2InMLK6zq0RJ1BXypJiVN+b0B3xH7mZ8XJ60+q8FexnzebxNAts5bil +lShSQgXTTYDNLQiIB4Q1BwgQBOp8MQeVxMCyRBovVcFSOzJJ16YNlKWnbOSLQSkQ +scpKzpr4D4dycyYtanknLuBZ5SDMx/9UifDdH1KqTOocPSMMBLw5a91Y68Eo/Kr3 +vZX2yTggBWrZK/YIluigS24m9S8pCcA6kd4GgvceSVqNAoHAEda0jO5ulJSLR6t4 +6UQz2k6+lIrMl709KFx7VrCdOnLRZPgDdYjcxrsHM9M0EwpX9qsdDvMHvxhLe68r +Lm4tyQG5jmufC1L4VO/I1FOaoncbFE8HUbsGOVBC3uotlKtBdPpIjkVEB+gnseAw +ANOV+oGAl/5grF1h0/AUvm7tWkqS/EwHXAwdmQNDE60UkFy3vmG7xoyNUtXPnXza +Wbh6mLomB4hQX//ZovmXEe3mkqkObUNmJivVtWpwvtbbhdmRAoHAB9TO2pdbcaaZ +nZ9xwzQlJqVYaXyib22XYrZ4DsCzLyBxZHEgCO0IeeGNR/nSD4NCsIReJgFLTdqW +mN9LO9EQdq9EW8KfoBOWqkHrva+C/ZLVowHOGuiGn4ojI7bcNS8mXLEp75+09e7I +72qfMPjxnKPP1ZHuXlvzPh2Xnq15lo7A6Ux163ILuZ0UGzW9Pl2g3/FTw3yUMHcf +SiiCSyGbmiX2XCx+ypjp+IxCuY3qKY9fzVWqpts/TTMElxrIFOwy +-----END RSA PRIVATE KEY----- + + +3 +-----BEGIN CERTIFICATE----- +MIIE4DCCAsigAwIBAgIRANEddk05W1jqsOQlSRGYH2wwDQYJKoZIhvcNAQELBQAw +OTEMMAoGA1UEDAwDVEVFMSkwJwYDVQQFEyAxZTAxNjc1MzMwOGEwMWMwMzYwNzBi +OTkxNjI5NmEyNzAeFw0yMjA5MTcxNzE0MDVaFw0zMjA5MTQxNzE0MDVaMDkxDDAK +BgNVBAwMA1RFRTEpMCcGA1UEBRMgMGM4Njg0YzY2ZDVjM2Y2M2MyZDI0OTRiNzJi +ODJkNTAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCjkMAv0HCcncLj +tvAtc+CS5Wy/BH8MS5nOr7CwM+76o87fv71323nZoBKDjb9VIrNJirE3i+DogUvc +SG0oHQ0nlrYYmcD4d0Ze9SGNkeh3xNDgUKKUa0kmoCbbCTFqQz1FiNnRORu/jMvw +iVO4mnmLBOGHfK7dIJ4m945NjD/Bv1F8f6RLzOJpCuQeOYbnup+aYKQo4PD1g4ct +GiSaPatzucdfG2Q+Hbkmnibal++CMdpVG/DRfeHZ5Rx9W2b4++FbrMSv/RR0wkho +07zRVqE9dZ6oiUK7eNmgwfpo3OK1RYUK5OPp8Tt0Fz74WFIqJjbiY0VgTFZvqCIr +IieXWXImWTKbUBSL50fdjvR7rvUb4d01ZDKlGa3BXJxRaGktFxevAh7b7613Uy95 +3DDgXd+XO4c3JGzGcH2l+h7mphB2+RzqnLJPzfHD3IwTBLNgIH1zCbGZQnhe4k3U +GOxcIQJOzZ+KaA/uIl7DTdV3pb/UD5v3KKGuWo9W88sX+OYgoNsCAwEAAaNjMGEw +HQYDVR0OBBYEFMJS2luT0WMslf/fwYc3xGvW8z0qMB8GA1UdIwQYMBaAFNplJLLk +hPHv/IrpvTUvfFjRarMGMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIE +MA0GCSqGSIb3DQEBCwUAA4ICAQBolN+VgyoV8hTOQdtzLuOvLuYLfYNZGcpQ4GtC +PjWUUa3YXTJTrYfTpT3nP5Yr4JhVurCK8toGVvEHWdGi8Zxsjw9z/tlpqLKguoPc +ulD28OhjZBZbOZ5X9QH/NKi9H/KyRB/m0kv53/gw0p2GZrqhXkAklxuhvsY3bhch +p2I6rz/ie2CZQedp4A3jX6C6pS5HMbQi9Y2m8kNp0/DQy8oJa7uiom07iL/X7KWZ +TY1sbZi3g99qLZJEYzd6B8PufR3dR5TFNx75+uBacyOUdzhuWGk+XPjhrSvACpk9 +my3CcO8phWfrKDKTmISoZQzEY4UFN8VclU5cX5QmJKNvIZ9mPJ2yzwzEVsBjv2qu +146iLuCgz64hqeXlS7++Qfs1YWgIhVS/r8Og1p2HgnbRt1lm1x6iqIF0pcQOnPqb +DAMeuTHnwoiBJlPTwf8ix3Yy9w0/UTVqO3LjK+ALdy6CS3agpUmVLkxUhIxlb8QG +J3GmG1eHQn/SHyXpxIwKCKIKMOCo85WssJv80YGQI5rpKrjQ8Yzhlc8wq3PClkY6 +sYPMIbgqoymYET56VLoRryiLIAnpUsezMLulTE8Wu6csUd4DqbzK2W+ZVN9eXDun +LQzwi2jmdxLyN5DtpobDEaXo7B1yhO64Mg1nxAF4Wc3rF0QnkJUbuG2Fp6N2fnxA +0foYLw== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgIQBCM0AVWvUSM8Njd0xc/g5zANBgkqhkiG9w0BAQsFADAb +MRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MB4XDTIyMDkxNzE3MTIyM1oXDTMy +MDkxNDE3MTIyM1owOTEMMAoGA1UEDAwDVEVFMSkwJwYDVQQFEyAxZTAxNjc1MzMw +OGEwMWMwMzYwNzBiOTkxNjI5NmEyNzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBALBW8YfWz8PlqzhJdISHAq10CI1pBVnTACtmuOogoWrLSfxuPtMBkW0b +k5u+ger0ZPO5qlXzWjHTP6dpg12DxU7MA8CBvcgWZ5yGP4yYdpQTcWcOpxQIKD7C +YOemGQUKAXWO5oVn1lkqIYPcXgsDB30tgmNT+lvT0OZhRnv3t3I9E2L852cMEWIZ +nYHNbwUdRIMf5ZAkspFatzwskGOKutknX4FTGHhIikzB0xdWbCoZYxczL9u6RkLy +/RytmfWmWSpUz1E+HsvZzdjnSZ1u6ouU2hmNisOwGxKJZed4OmKcqifd087sy12s +LpPN6/khSkWbp3Pk45lg2kXoovieH01P4I8NEYhgLOToEJY93TtBhp9eATrfTpj5 +X+lWEu4vu1X7kw6XL6cMwlHIy0jrL8++2pUXircsnuYZwUNlG6umjFCIUSiTl9iZ +JqwjYy1SDrfggcSX6Dm+lurYMdSbo5UN30zsaharGVyUf99nqe5a6eEHtliiPdl+ +WtS/P08wfF2Rm0NBqJUR8cbe/vaFxqZyZ2Y/upY7LzTBQNftMiPoxrQPiLfCB4lr +PlNUH+7bKjziL7mnREQq18SHU5Gt5nlQtJIotFMUE3rFjTXtOMfwyQ4PSG6WMQ4X +ycOYwj9N74LqNC5MVmv2pYuWYw33dl620BgrZZrsVk9XwTJqf7PpAgMBAAGjYzBh +MB0GA1UdDgQWBBTaZSSy5ITx7/yK6b01L3xY0WqzBjAfBgNVHSMEGDAWgBQ2YeEA +fIgFCVGLRGxH/xpMyepPEjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIC +BDANBgkqhkiG9w0BAQsFAAOCAgEAV+9eU49qaS+KJfynRtZWFtHLuGSTzh+L+QE+ +5U9QY6NFB0HHhEP9HUGmCt02biK6couBP2XsisNtcRqpM3SxyunTztZjP8U+ucBa +onxhxOViS6J9Zxg6n54lLSataraLE800jyi83iPar6kU3EUJkagEGc54t1b7E/UZ +WaEtKZ/uaOSkhd7SCGOsmduTaecjshTxqV8Qwj/c+DNGMqu2HhQnpxs7krcdDNOx +xXP6E0xY2/iIUqEcf5ON24S9qYD8ZJWt46TLrTO4PJPOmj7WwX5jA4qbkzmugP+v +6EJls6gflk2hynAXm4lAI8xFdO7YFCZ8L0SDSVw8SK9cEyYhZhXiZ7MBvSJ9ak5X +vuMYTaEXFS5QhqD9+ObEBKG68n7s5ySPfz44QP+8iftWAYMMwD4cYxJElYHTYp91 +zlN3kJDbwnLoDLS7PZVqBkJkSvnAEM5ejRiaKCK7tB3WkYX6YRxUQ0lsaEGXy4/1 +83sYrKTCmXeU1ccWH8liMb8n81hmQSN9YQtnQVNKcHCkfKt++GFKNlkl43gdUUcL +J73zNrAJnV36TuF1HMtFWrNOAzT53qfvHY8gBD5OJrA+ZxdX4n9g52iWWYxJEIXm +Lg4caIuz028KlGHpFCT9RIeNaEsEWS03yQF7ekotjqfumdY8B9W53sKqiPRsY3js +ljrXiC4= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV +BAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgw +NzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS +Sxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7 +tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj +nar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq +C4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ +oVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O +JtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg +sTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi +igHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M +RPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E +aDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um +AGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1Ud +IwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYD +VR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7 +174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGIC +W/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2G +tkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkx +oSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG +1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mF +mr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPz +lHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVw +n6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1Eu +zbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHo +vaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHn +w1IdYIg2Wxg7yHcQZemFQg== +-----END CERTIFICATE----- + + + + + diff --git a/module/module.prop b/module/module.prop index 5df7d815..25f54b5c 100644 --- a/module/module.prop +++ b/module/module.prop @@ -1,6 +1,6 @@ id=playintegrityfix name=Play Integrity Fix -version=v17.3 +version=v17.4-TEST versionCode=17300 author=chiteroman description=Universal modular fix for Play Integrity (and SafetyNet) on devices running Android 8-15 diff --git a/module/post-fs-data.sh b/module/post-fs-data.sh index b921a270..28634a79 100644 --- a/module/post-fs-data.sh +++ b/module/post-fs-data.sh @@ -1,18 +1,12 @@ -# Remove Play Services from the Magisk Denylist when set to enforcing. +MODPATH="${0%/*}" +. $MODPATH/common_func.sh + +# Remove Play Services from Magisk DenyList when set to Enforce in normal mode if magisk --denylist status; then magisk --denylist rm com.google.android.gms fi -resetprop_if_diff() { - local NAME="$1" - local EXPECTED="$2" - local CURRENT="$(resetprop "$NAME")" - - [ -z "$CURRENT" ] || [ "$CURRENT" = "$EXPECTED" ] || resetprop -n "$NAME" "$EXPECTED" -} - -# RootBeer, Microsoft -resetprop_if_diff ro.build.tags release-keys +# Conditional early sensitive properties # Samsung resetprop_if_diff ro.boot.warranty_bit 0 @@ -20,10 +14,34 @@ resetprop_if_diff ro.vendor.boot.warranty_bit 0 resetprop_if_diff ro.vendor.warranty_bit 0 resetprop_if_diff ro.warranty_bit 0 +# Realme +resetprop_if_diff ro.boot.realmebootstate green + # OnePlus resetprop_if_diff ro.is_ever_orange 0 +# Microsoft +for PROP in $(resetprop | grep -oE 'ro.*.build.tags'); do + resetprop_if_diff $PROP release-keys +done + # Other -resetprop_if_diff ro.build.type user +for PROP in $(resetprop | grep -oE 'ro.*.build.type'); do + resetprop_if_diff $PROP user +done +resetprop_if_diff ro.adb.secure 1 resetprop_if_diff ro.debuggable 0 +resetprop_if_diff ro.force.debuggable 0 resetprop_if_diff ro.secure 1 + +# Work around AOSPA PropImitationHooks conflict when their persist props don't exist +if [ -n "$(resetprop ro.aospa.version)" ]; then + for PROP in persist.sys.pihooks.first_api_level persist.sys.pihooks.security_patch; do + resetprop | grep -q "\[$PROP\]" || resetprop -n -p "$PROP" "" + done +fi + +# Work around supported custom ROM PixelPropsUtils conflict when spoofProvider is disabled +if [ -n "$(resetprop persist.sys.pixelprops.pi)" ]; then + resetprop -n -p persist.sys.pixelprops.pi false +fi diff --git a/module/service.sh b/module/service.sh index 5507926f..f9a1a00a 100644 --- a/module/service.sh +++ b/module/service.sh @@ -1,58 +1,50 @@ -# Sensitive properties - -resetprop_if_diff() { - local NAME="$1" - local EXPECTED="$2" - local CURRENT="$(resetprop "$NAME")" - - [ -z "$CURRENT" ] || [ "$CURRENT" = "$EXPECTED" ] || resetprop -n "$NAME" "$EXPECTED" -} - -resetprop_if_match() { - local NAME="$1" - local CONTAINS="$2" - local VALUE="$3" - - [[ "$(resetprop "$NAME")" = *"$CONTAINS"* ]] && resetprop -n "$NAME" "$VALUE" -} - -# Magisk recovery mode -resetprop_if_match ro.bootmode recovery unknown +MODPATH="${0%/*}" +. $MODPATH/common_func.sh + +if [ -d "/data/adb/modules/tricky_store" ]; then + mv /data/adb/tricky_store/keybox.xml /data/adb/tricky_store/keybox.xml.orig + cp "$MODPATH"/keybox.xml /data/adb/tricky_store/keybox.xml +fi + +# Conditional sensitive properties + +# Magisk Recovery Mode resetprop_if_match ro.boot.mode recovery unknown +resetprop_if_match ro.bootmode recovery unknown resetprop_if_match vendor.boot.mode recovery unknown -# Hiding SELinux | Permissive status +# SELinux resetprop_if_diff ro.boot.selinux enforcing +# use delete since it can be 0 or 1 for enforcing depending on OEM if [ -n "$(resetprop ro.build.selinux)" ]; then resetprop --delete ro.build.selinux fi - -# Hiding SELinux | Use toybox to protect *stat* access time reading -if [[ "$(toybox cat /sys/fs/selinux/enforce)" == "0" ]]; then +# use toybox to protect stat access time reading +if [ "$(toybox cat /sys/fs/selinux/enforce)" = "0" ]; then chmod 640 /sys/fs/selinux/enforce chmod 440 /sys/fs/selinux/policy fi -# Late props which must be set after boot_completed -{ - until [[ "$(getprop sys.boot_completed)" == "1" ]]; do - sleep 1 - done - - # SafetyNet/Play Integrity | Avoid breaking Realme fingerprint scanners - resetprop_if_diff ro.boot.flash.locked 1 - - # SafetyNet/Play Integrity | Avoid breaking Oppo fingerprint scanners - resetprop_if_diff ro.boot.vbmeta.device_state locked - - # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners - resetprop_if_diff vendor.boot.verifiedbootstate green - - # SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners on OOS 12 - resetprop_if_diff ro.boot.verifiedbootstate green - resetprop_if_diff ro.boot.veritymode enforcing - resetprop_if_diff vendor.boot.vbmeta.device_state locked - - # Custom ROMs support - resetprop_if_diff persist.sys.pixelprops.pi false -}& +# Conditional late sensitive properties + +until [ "$(getprop sys.boot_completed)" = "1" ]; do + sleep 1 +done + +# SafetyNet/Play Integrity + OEM +# avoid bootloop on some Xiaomi devices +resetprop_if_diff ro.secureboot.lockstate locked +# avoid breaking Realme fingerprint scanners +resetprop_if_diff ro.boot.flash.locked 1 +resetprop_if_diff ro.boot.realme.lockstate 1 +# avoid breaking Oppo fingerprint scanners +resetprop_if_diff ro.boot.vbmeta.device_state locked +# avoid breaking OnePlus display modes/fingerprint scanners +resetprop_if_diff vendor.boot.verifiedbootstate green +# avoid breaking OnePlus/Oppo fingerprint scanners on OOS/ColorOS 12+ +resetprop_if_diff ro.boot.verifiedbootstate green +resetprop_if_diff ro.boot.veritymode enforcing +resetprop_if_diff vendor.boot.vbmeta.device_state locked + +# Other +resetprop_if_diff sys.oem_unlock_allowed 0