readme: Refactor for public 2.1.0 release

This commit is contained in:
Danny Lin 2021-09-13 19:46:41 -07:00
parent 791884862a
commit 5343ec53f6
No known key found for this signature in database
GPG Key ID: 1988FAA1797EE5AC

View File

@ -4,7 +4,7 @@ This is a universal fix for SafetyNet on devices with hardware-backed attestatio
Passing basic attestation is out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Use [MagiskHide Props Config](https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf) to spoof your CTS profile if you have trouble passing basic attestation. This is a common issue on old devices and custom ROMs.
Android versions 712 are supported, including OEM skins such as Samsung One UI and MIUI. This is a Riru module, so Riru must be installed in order for this to work.
Android versions 712 are supported, including OEM skins such as Samsung One UI and MIUI. **This is a Riru module, so Riru must be installed in order for it to work.**
## How does it work?
@ -12,14 +12,13 @@ Google Play Services opportunistically uses hardware-backed attestation to enfor
This module uses Riru to inject code into the Google Play Services process and then register a fake keystore provider that overrides the real one. When Play Services attempts to use key attestation, it throws an exception and pretends that the device lacks support for key attestation. This causes SafetyNet to fall back to basic attestation, which is much weaker and can be bypassed with existing methods.
Normally, basic attestation fails on devices that are known by Google to support hardware-backed attestation, but this module bypasses the check by appending a space character to the device model name. This has minimal impact on UX when only applied to Google Play Services, but it's sufficient for bypassing enforcement of hardware-backed attestation.
However, blocking key attestation alone does not suffice because basic attestation fails on devices that are known by Google to support hardware-backed attestation. This module bypasses the check by appending a space character to the device model name. This has minimal impact on UX when only applied to Google Play Services, but it's sufficient for bypassing enforcement of hardware-backed attestation.
Key attestation is only blocked specifically for SafetyNet in Google Play Services,
so no other features are broken.
Unlike many other approaches, this doesn't break other features because key attestation is only blocked for Google Play Services, and even within Play Services, it is only blocked for SafetyNet code. As a result, other attestation-based features (such as using the device as a security key) will still work.
## ROM integration
Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module.
Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module. **Please note that the following patches have not been updated for the new September 2 changes yet.**
Commits for the system framework version of the workaround: