mirror/safetynet-fix
1
0
Fork 0
mirror of https://github.com/kdrag0n/safetynet-fix.git synced 2024-10-04 13:49:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'riru'

Browse Source 
This is the Riru version of this module, which improves upon the old
solution of replacing the native keystore service:
  - Compatible with OEM ROMs that have heavily-modified keystore services
  - Doesn't break other uses of key attestation in Google Play Services
This commit is contained in:
Danny Lin 2021-09-06 03:16:37 -07:00
commit fd2fd32f83
No known key found for this signature in database
GPG Key ID: 1988FAA1797EE5AC
72 changed files with 1742 additions and 925 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
LICENSE
View File

@ -2,6 +2,8 @@ The MIT License (MIT)
Copyright (c) 2021 Danny Lin <danny@kdrag0n.dev>
Riru Module Template: Copyright (c) 2020 Rikka
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights

190
LICENSE.android
View File

@ -1,190 +0,0 @@
Copyright (c) 2008-2015, The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS

182
META-INF/com/google/android/update-binary
View File

@ -1,182 +0,0 @@
#!/sbin/sh
#################
# Initialization
#################
umask 022
# echo before loading util_functions
ui_print() { echo "$1"; }
require_new_magisk() {
ui_print "*******************************"
ui_print " Please install Magisk v19.0+! "
ui_print "*******************************"
exit 1
}
#########################
# Load util_functions.sh
#########################
OUTFD=$2
ZIPFILE=$3
mount /data 2>/dev/null
[ -f /data/adb/magisk/util_functions.sh ] || require_new_magisk
. /data/adb/magisk/util_functions.sh
[ $MAGISK_VER_CODE -lt 19000 ] && require_new_magisk
if [ $MAGISK_VER_CODE -ge 20400 ]; then
# New Magisk have complete installation logic within util_functions.sh
install_module
exit 0
fi
#################
# Legacy Support
#################
# Global vars
TMPDIR=/dev/tmp
PERSISTDIR=/sbin/.magisk/mirror/persist
rm -rf $TMPDIR 2>/dev/null
mkdir -p $TMPDIR
is_legacy_script() {
unzip -l "$ZIPFILE" install.sh | grep -q install.sh
return $?
}
print_modname() {
local len
len=`echo -n $MODNAME | wc -c`
len=$((len + 2))
local pounds=`printf "%${len}s" | tr ' ' '*'`
ui_print "$pounds"
ui_print " $MODNAME "
ui_print "$pounds"
ui_print "*******************"
ui_print " Powered by Magisk "
ui_print "*******************"
}
# Preperation for flashable zips
setup_flashable
# Mount partitions
mount_partitions
# Detect version and architecture
api_level_arch_detect
# Setup busybox and binaries
$BOOTMODE && boot_actions || recovery_actions
##############
# Preparation
##############
# Extract prop file
unzip -o "$ZIPFILE" module.prop -d $TMPDIR >&2
[ ! -f $TMPDIR/module.prop ] && abort "! Unable to extract zip file!"
$BOOTMODE && MODDIRNAME=modules_update || MODDIRNAME=modules
MODULEROOT=$NVBASE/$MODDIRNAME
MODID=`grep_prop id $TMPDIR/module.prop`
MODPATH=$MODULEROOT/$MODID
MODNAME=`grep_prop name $TMPDIR/module.prop`
# Create mod paths
rm -rf $MODPATH 2>/dev/null
mkdir -p $MODPATH
##########
# Install
##########
if is_legacy_script; then
unzip -oj "$ZIPFILE" module.prop install.sh uninstall.sh 'common/*' -d $TMPDIR >&2
# Load install script
. $TMPDIR/install.sh
# Callbacks
print_modname
on_install
# Custom uninstaller
[ -f $TMPDIR/uninstall.sh ] && cp -af $TMPDIR/uninstall.sh $MODPATH/uninstall.sh
# Skip mount
$SKIPMOUNT && touch $MODPATH/skip_mount
# prop file
$PROPFILE && cp -af $TMPDIR/system.prop $MODPATH/system.prop
# Module info
cp -af $TMPDIR/module.prop $MODPATH/module.prop
# post-fs-data scripts
$POSTFSDATA && cp -af $TMPDIR/post-fs-data.sh $MODPATH/post-fs-data.sh
# service scripts
$LATESTARTSERVICE && cp -af $TMPDIR/service.sh $MODPATH/service.sh
ui_print "- Setting permissions"
set_permissions
else
print_modname
unzip -o "$ZIPFILE" customize.sh -d $MODPATH >&2
if ! grep -q '^SKIPUNZIP=1$' $MODPATH/customize.sh 2>/dev/null; then
ui_print "- Extracting module files"
unzip -o "$ZIPFILE" -x 'META-INF/*' -d $MODPATH >&2
# Default permissions
set_perm_recursive $MODPATH 0 0 0755 0644
fi
# Load customization script
[ -f $MODPATH/customize.sh ] && . $MODPATH/customize.sh
fi
# Handle replace folders
for TARGET in $REPLACE; do
ui_print "- Replace target: $TARGET"
mktouch $MODPATH$TARGET/.replace
done
if $BOOTMODE; then
# Update info for Magisk Manager
mktouch $NVBASE/modules/$MODID/update
cp -af $MODPATH/module.prop $NVBASE/modules/$MODID/module.prop
fi
# Copy over custom sepolicy rules
if [ -f $MODPATH/sepolicy.rule -a -e $PERSISTDIR ]; then
ui_print "- Installing custom sepolicy patch"
PERSISTMOD=$PERSISTDIR/magisk/$MODID
mkdir -p $PERSISTMOD
cp -af $MODPATH/sepolicy.rule $PERSISTMOD/sepolicy.rule
fi
# Remove stuffs that don't belong to modules
rm -rf \
$MODPATH/system/placeholder $MODPATH/customize.sh \
$MODPATH/README.md $MODPATH/.git* 2>/dev/null
##############
# Finalizing
##############
cd /
$BOOTMODE || recovery_cleanup
rm -rf $TMPDIR
ui_print "- Done"
exit 0

21
Makefile
View File

@ -1,21 +0,0 @@
getprop = $(shell cat module.prop | grep "^$(1)=" | head -n1 | cut -d'=' -f2)
MODNAME ?= $(call getprop,id)
MODVER ?= $(call getprop,version)
ZIP = $(MODNAME)-$(MODVER).zip
all: $(ZIP)
zip: $(ZIP)
%.zip: clean
zip -r9 $(ZIP) . -x $(MODNAME)-*.zip .gitignore .gitattributes Makefile /.git* *.DS_Store* *placeholder /patches*
install: $(ZIP)
adb push $(ZIP) /sdcard/
echo '/sbin/.magisk/busybox/unzip -p "/sdcard/$(ZIP)" META-INF/com/google/android/update-binary | /sbin/.magisk/busybox/sh /proc/self/fd/0 x 1 "/sdcard/$(ZIP)"' | adb shell su -c sh -
clean:
rm -f *.zip
.PHONY: all zip %.zip install clean

65
README.md
View File

@ -1,75 +1,28 @@
# Universal SafetyNet Fix
This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders or custom verified boot keys. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.
This is a universal fix for SafetyNet on devices with hardware-backed attestation and unlocked bootloaders (or custom verified boot keys). It defeats both hardware attestation and the SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels. **MagiskHide is required as a result.**
Passing basic attestation is out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Use [MagiskHide Props Config](https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf) to spoof your CTS profile if you have trouble passing basic attestation. This is a common situation on old devices and custom ROMs.
Passing basic attestation is out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Use [MagiskHide Props Config](https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf) to spoof your CTS profile if you have trouble passing basic attestation. This is a common issue on old devices and custom ROMs.
No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.
MagiskHide is required if the device is rooted.
Android versions 812 Beta 2 are supported. **Heavy OEM skins are not officially supported**, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.
Android versions 712 are supported, including OEM skins such as Samsung One UI and MIUI. This is a Riru module, so Riru must be installed in order for this to work.
## How does it work?
In order to enforce SafetyNet security, Google Play Services is now
using hardware attestation for CTS profile validation in all cases, even
when basic attestation is selected. The SafetyNet API response from GMS
will report that basic attestation was used, but under the hood,
hardware attestation is always used regardless of the reported state.
This results in SafetyNet failing to pass due to TrustZone reporting an
unlocked bootloader (and a partially invalidated root of trust) in the
key attestation result.
Google Play Services opportunistically uses hardware-backed attestation to enforce SafetyNet security (since January 12, 2021), regardless of the device.
We can still take advantage of the fact that this usage of hardware
attestation is opportunistic — that is, it falls back to basic
attestation if key attestation fails to run — and prevent GMS from using
key attestation at the framework level. This causes it to gracefully
fall back to basic attestation and pass SafetyNet with an unlocked
bootloader.
This module uses Riru to inject code into the Google Play Services process and then register a fake keystore provider that overrides the real one. When Play Services attempts to use key attestation, it throws an exception and pretends that the device lacks support for key attestation. This causes SafetyNet to fall back to basic attestation, which is much weaker and can be bypassed with existing methods.
Key attestation is still available for other apps, as there are valid
uses for it that do not involve SafetyNet.
The "not implemented" error code from Keymaster is used to simulate the
most realistic failure condition to evade detection, i.e. an old device
that lacks support for key attestation.
Key attestation is only blocked specifically for SafetyNet in Google Play Services,
so no other features are broken.
## ROM integration
Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module.
Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module.
There are 2 options for:
- Blocking GMS in the framework, which is more portable across Android versions and typically less intrusive for ROMs to integrate
- Blocking GMS in the native keystore service, which is slightly more future-proof but may require forking another repository
You only need **one** of the workarounds on the ROM side. Adding both is redundant.
Commits for the framework version of the workaround:
Commits for the system framework version of the workaround:
- [Android 11](https://github.com/ProtonAOSP/android_frameworks_base/commit/7f7a9b19c8293c09dfee12bec75ff17225c6710e)
Commits for the native version of the workaround that modifies the C++ keystore service in system/security:
- [Android 11](https://github.com/ProtonAOSP/android_system_security/commit/15633a3d29bf727b83083f2c49d906c16527d389)
- [Android 10](https://github.com/ProtonAOSP/android_system_security/commit/qt)
- [Android 9](https://github.com/ProtonAOSP/android_system_security/commit/pi)
- [Android 8.1](https://github.com/ProtonAOSP/android_system_security/commit/oc)
All of the above commits are also available in the form of patch files [in this repository](https://github.com/kdrag0n/safetynet-fix/tree/master/patches).
## Where is the source code?
The keystore executables and libraries in this repository were built with the commits linked above. The target CPU was changed to generic ARMv8-A for all target devices.
- Android 12 Beta 2: Built from AOSP master for `aosp_arm64`
- Android 11: Built from ProtonAOSP 11.3.1 (android-11.0.0_r24) for `redfin`
- Android 10: Built from LineageOS 17.1 (android-10.0.0_r41) for `taimen`
- Android 9: Built from AOSP android-9.0.0_r61 for `taimen`
- Android 8.1: Built from AOSP android-8.1.0_r81 for `taimen`
- Android 8.0: Built from AOSP android-8.0.0_r51 for `marlin`
## Support
If you found this module helpful, please consider supporting development with a **[recurring donation](https://patreon.com/kdrag0n)** on Patreon for benefits such as exclusive behind-the-scenes development news, early access to updates, and priority support. Alternatively, you can also [buy me a coffee](https://paypal.me/kdrag0ndonate). All support is appreciated.

35
build.sh Executable file
View File

@ -0,0 +1,35 @@
#!/usr/bin/env bash
set -veuo pipefail
tmp_dir="$(mktemp --tmpdir -d modulebuild.XXXXXXXXXX)"
function cleanup() {
rm -fr "$tmp_dir"
}
trap cleanup EXIT
build_mode="${1:-Release}"
pushd "$(dirname "$0")"
src_dir="$(pwd)"
popd
cd "$tmp_dir"
pushd "$src_dir/riru"
rm -fr out
./gradlew "assemble$build_mode"
popd
pushd "$src_dir/java_module"
# Must always be release due to R8 requirement
./gradlew assembleRelease
popd
unzip "$src_dir/riru/out/safetynet-fix-"*.zip
unzip "$src_dir/java_module/app/build/outputs/apk/release/app-release.apk" classes.dex
sha256sum classes.dex | cut -d' ' -f1 | tr -d '\n' > classes.dex.sha256sum
version="$(grep '^version=' module.prop | cut -d= -f2)"
rm -f "$src_dir/safetynet-fix-$version.zip"
zip -r9 "$src_dir/safetynet-fix-$version.zip" .

27
customize.sh
View File

@ -1,27 +0,0 @@
#!/sbin/sh
# We check the native ABI instead of all supported ABIs because this is a system
# service, and underlying AIDL/HIDL ABIs may not match. We also link against other
# system libraries.
arch="$(getprop ro.product.cpu.abi)"
if [[ "$arch" != "arm64-v8a" ]]; then
ui_print "Unsupported CPU architecture: $arch"
exit 1
fi
sdk="$(getprop ro.build.version.sdk)"
version="$(getprop ro.vendor.build.version.release)"
# Initial version check; version can be changed later.
if [[ ! -d "$MODPATH/system_sdk$sdk" ]]; then
ui_print "Android $version (SDK $sdk) is not supported!"
rm -fr "$MODPATH"
exit 1
fi
# Set executable permissions
for sdk in $MODPATH/system_sdk*
do
set_perm_recursive $sdk/bin 0 0 0755 0755
done
chmod 755 $MODPATH/*.sh

15
java_module/.gitignore vendored Normal file
View File

@ -0,0 +1,15 @@
*.iml
.gradle
/local.properties
/.idea/caches
/.idea/libraries
/.idea/modules.xml
/.idea/workspace.xml
/.idea/navEditor.xml
/.idea/assetWizardSettings.xml
.DS_Store
/build
/captures
.externalNativeBuild
.cxx
local.properties

28
java_module/.project Normal file
View File

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>Universal SafetyNet Fix</name>
<comment>Project java_module created by Buildship.</comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.buildship.core.gradleprojectbuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.buildship.core.gradleprojectnature</nature>
</natures>
<filteredResources>
<filter>
<id>1629355509187</id>
<name></name>
<type>30</type>
<matcher>
<id>org.eclipse.core.resources.regexFilterMatcher</id>
<arguments>node_modules|.git|__CREATED_BY_JAVA_LANGUAGE_SERVER__</arguments>
</matcher>
</filter>
</filteredResources>
</projectDescription>

13
java_module/.settings/org.eclipse.buildship.core.prefs Normal file
View File

@ -0,0 +1,13 @@
arguments=
auto.sync=false
build.scans.enabled=false
connection.gradle.distribution=GRADLE_DISTRIBUTION(WRAPPER)
connection.project.dir=
eclipse.preferences.version=1
gradle.user.home=
java.home=/usr/lib/jvm/java-11-openjdk
jvm.arguments=
offline.mode=false
override.workspace.settings=true
show.console.view=true
show.executions.view=true

6
java_module/app/.classpath Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-11/"/>
<classpathentry kind="con" path="org.eclipse.buildship.core.gradleclasspathcontainer"/>
<classpathentry kind="output" path="bin/default"/>
</classpath>

1
java_module/app/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/build

34
java_module/app/.project Normal file
View File

@ -0,0 +1,34 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>app</name>
<comment>Project app created by Buildship.</comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.buildship.core.gradleprojectbuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
<nature>org.eclipse.buildship.core.gradleprojectnature</nature>
</natures>
<filteredResources>
<filter>
<id>1629355509189</id>
<name></name>
<type>30</type>
<matcher>
<id>org.eclipse.core.resources.regexFilterMatcher</id>
<arguments>node_modules|.git|__CREATED_BY_JAVA_LANGUAGE_SERVER__</arguments>
</matcher>
</filter>
</filteredResources>
</projectDescription>

2
java_module/app/.settings/org.eclipse.buildship.core.prefs Normal file
View File

@ -0,0 +1,2 @@
connection.project.dir=..
eclipse.preferences.version=1

37
java_module/app/build.gradle Normal file
View File

@ -0,0 +1,37 @@
plugins {
id 'com.android.application'
id 'kotlin-android'
}
android {
compileSdk 30
defaultConfig {
applicationId "dev.kdrag0n.safetynetriru"
minSdk 24
targetSdk 30
versionCode 1
versionName "1.0"
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
}
buildTypes {
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.debug
}
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
kotlinOptions {
jvmTarget = '1.8'
}
}
dependencies {
implementation 'org.jetbrains.kotlin:kotlin-stdlib:1.5.21'
}

56
java_module/app/proguard-rules.pro vendored Normal file
View File

@ -0,0 +1,56 @@
# Add project specific ProGuard rules here.
# You can control the set of applied configuration files using the
# proguardFiles setting in build.gradle.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
# Uncomment this to preserve the line number information for
# debugging stack traces.
#-keepattributes SourceFile,LineNumberTable
# If you keep the line number information, uncomment this to
# hide the original source file name.
#-renamesourcefileattribute SourceFile
-keep class dev.kdrag0n.safetynetriru.EntryPoint {
public static void init();
}
-keepclassmembers class dev.kdrag0n.safetynetriru.proxy.ProxyKeyStoreSpi {
public <init>(...);
}
# Remove @DebugMetadata annotations to avoid leaking info
# Source: https://proandroiddev.com/kotlin-cleaning-java-bytecode-before-release-9567d4c63911
-checkdiscard @interface kotlin.coroutines.jvm.internal.DebugMetadata
-assumenosideeffects public class kotlin.coroutines.jvm.internal.BaseContinuationImpl {
private kotlin.coroutines.jvm.internal.DebugMetadata getDebugMetadataAnnotation() return null;
public java.lang.StackTraceElement getStackTraceElement() return null;
public java.lang.String[] getSpilledVariableFieldMapping() return null;
}
-assumenosideeffects class kotlin.jvm.internal.Intrinsics {
# Remove verbose NPE intrinsics to reduce code size and avoid leaking info
# Source: https://issuetracker.google.com/issues/190489514
static void checkParameterIsNotNull(java.lang.Object, java.lang.String);
static void checkNotNullParameter(java.lang.Object, java.lang.String);
static void checkFieldIsNotNull(java.lang.Object, java.lang.String);
static void checkFieldIsNotNull(java.lang.Object, java.lang.String, java.lang.String);
static void checkReturnedValueIsNotNull(java.lang.Object, java.lang.String);
static void checkReturnedValueIsNotNull(java.lang.Object, java.lang.String, java.lang.String);
static void checkNotNullExpressionValue(java.lang.Object, java.lang.String);
static void checkExpressionValueIsNotNull(java.lang.Object, java.lang.String);
static void checkNotNull(java.lang.Object);
static void checkNotNull(java.lang.Object, java.lang.String);
# Remove remaining stray calls to stringPlus
static java.lang.String stringPlus(java.lang.String, java.lang.Object);
}

9
java_module/app/src/main/AndroidManifest.xml Normal file
View File

@ -0,0 +1,9 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="dev.kdrag0n.safetynetriru">
<application
android:label="@string/app_name"
android:theme="@android:style/Theme.DeviceDefault" />
</manifest>

16
java_module/app/src/main/java/dev/kdrag0n/safetynetriru/EntryPoint.kt Normal file
View File

@ -0,0 +1,16 @@
package dev.kdrag0n.safetynetriru
@Suppress("unused")
object EntryPoint {
@JvmStatic
fun init() {
runCatching {
logDebug("Entry point: Initializing SafetyNet patch")
SecurityBridge.init()
}.recoverCatching { e ->
// Throwing an exception would require the JNI code to handle exceptions, so just catch
// everything here.
logDebug("Error in entry point", e)
}
}
}

28
java_module/app/src/main/java/dev/kdrag0n/safetynetriru/SecurityBridge.kt Normal file
View File

@ -0,0 +1,28 @@
package dev.kdrag0n.safetynetriru
import dev.kdrag0n.safetynetriru.proxy.ProxyKeyStoreSpi
import dev.kdrag0n.safetynetriru.proxy.ProxyProvider
import java.security.KeyStore
import java.security.KeyStoreSpi
import java.security.Security
internal object SecurityBridge {
const val PROVIDER_NAME = "AndroidKeyStore"
fun init() {
logDebug("Initializing SecurityBridge")
val realProvider = Security.getProvider(PROVIDER_NAME)
val realKeystore = KeyStore.getInstance(PROVIDER_NAME)
val realSpi = realKeystore.get<KeyStoreSpi>("keyStoreSpi")
logDebug("Real provider=$realProvider, keystore=$realKeystore, spi=$realSpi")
val provider = ProxyProvider(realProvider)
logDebug("Removing real provider")
Security.removeProvider("AndroidKeyStore")
logDebug("Inserting provider $provider")
Security.insertProviderAt(provider, 1)
ProxyKeyStoreSpi.androidImpl = realSpi
logDebug("Security hooks installed")
}
}

73
java_module/app/src/main/java/dev/kdrag0n/safetynetriru/proxy/ProxyKeyStoreSpi.kt Normal file
View File

@ -0,0 +1,73 @@
package dev.kdrag0n.safetynetriru.proxy
import dev.kdrag0n.safetynetriru.logDebug
import java.io.InputStream
import java.io.OutputStream
import java.security.Key
import java.security.KeyStoreSpi
import java.security.cert.Certificate
import java.util.*
class ProxyKeyStoreSpi private constructor(
private val orig: KeyStoreSpi,
) : KeyStoreSpi() {
@Suppress("unused")
constructor() : this(androidImpl!!)
init {
logDebug("Init proxy KeyStore SPI")
}
// Avoid breaking other, legitimate uses of key attestation in Google Play Services, e.g.
// - com.google.android.gms.auth.cryptauth.register.ReEnrollmentChimeraService
// - tk_trace.129-RegisterForKeyPairOperation
private fun isCallerSafetyNet() = Thread.currentThread().stackTrace.any {
// a.a.engineGetCertificateChain(Unknown Source:15)
// java.security.KeyStore.getCertificateChain(KeyStore.java:1087)
// com.google.ccc.abuse.droidguard.DroidGuard.initNative(Native Method)
// com.google.ccc.abuse.droidguard.DroidGuard.init(DroidGuard.java:447)
// java.lang.reflect.Method.invoke(Native Method)
// xvq.b(:com.google.android.gms@212621053@21.26.21 (190400-387928701):1)
// xuc.a(:com.google.android.gms@212621053@21.26.21 (190400-387928701):5)
// xuc.eX(:com.google.android.gms@212621053@21.26.21 (190400-387928701):1)
// dzx.onTransact(:com.google.android.gms@212621053@21.26.21 (190400-387928701):8)
// android.os.Binder.execTransactInternal(Binder.java:1179)
// android.os.Binder.execTransact(Binder.java:1143)
logDebug("Stack trace element: $it")
it.className.contains("DroidGuard", ignoreCase = true)
}
override fun engineGetCertificateChain(alias: String?): Array<Certificate>? {
logDebug("Proxy key store: get certificate chain")
if (isCallerSafetyNet()) {
logDebug("Blocking call")
throw UnsupportedOperationException()
} else {
logDebug("Allowing call")
return orig.engineGetCertificateChain(alias)
}
}
// Direct delegation. We have to do this manually because the Kotlin compiler can only do it
// for interfaces, not abstract classes.
override fun engineGetKey(alias: String?, password: CharArray?): Key? = orig.engineGetKey(alias, password)
override fun engineGetCertificate(alias: String?): Certificate? = orig.engineGetCertificate(alias)
override fun engineGetCreationDate(alias: String?): Date? = orig.engineGetCreationDate(alias)
override fun engineSetKeyEntry(alias: String?, key: Key?, password: CharArray?, chain: Array<out Certificate>?) = orig.engineSetKeyEntry(alias, key, password, chain)
override fun engineSetKeyEntry(alias: String?, key: ByteArray?, chain: Array<out Certificate>?) = orig.engineSetKeyEntry(alias, key, chain)
override fun engineSetCertificateEntry(alias: String?, cert: Certificate?) = orig.engineSetCertificateEntry(alias, cert)
override fun engineDeleteEntry(alias: String?) = orig.engineDeleteEntry(alias)
override fun engineAliases(): Enumeration<String>? = orig.engineAliases()
override fun engineContainsAlias(alias: String?) = orig.engineContainsAlias(alias)
override fun engineSize() = orig.engineSize()
override fun engineIsKeyEntry(alias: String?) = orig.engineIsKeyEntry(alias)
override fun engineIsCertificateEntry(alias: String?) = orig.engineIsCertificateEntry(alias)
override fun engineGetCertificateAlias(cert: Certificate?): String? = orig.engineGetCertificateAlias(cert)
override fun engineStore(stream: OutputStream?, password: CharArray?) = orig.engineStore(stream, password)
override fun engineLoad(stream: InputStream?, password: CharArray?) = orig.engineLoad(stream, password)
companion object {
@Volatile internal var androidImpl: KeyStoreSpi? = null
}
}

29
java_module/app/src/main/java/dev/kdrag0n/safetynetriru/proxy/ProxyProvider.kt Normal file
View File

@ -0,0 +1,29 @@
package dev.kdrag0n.safetynetriru.proxy
import dev.kdrag0n.safetynetriru.SecurityBridge
import dev.kdrag0n.safetynetriru.logDebug
import java.security.Provider
// This is mostly just a pass-through provider that exists to change the provider's ClassLoader.
// This works because Service looks up the class by name from the *provider* ClassLoader, not
// necessarily the bootstrap one.
class ProxyProvider(
orig: Provider,
) : Provider(orig.name, orig.version, orig.info) {
init {
logDebug("Init proxy provider - wrapping $orig")
putAll(orig)
this["KeyStore.${SecurityBridge.PROVIDER_NAME}"] = ProxyKeyStoreSpi::class.java.name
}
override fun getService(type: String?, algorithm: String?): Service? {
logDebug("Provider: get service - type=$type algorithm=$algorithm")
return super.getService(type, algorithm)
}
override fun getServices(): MutableSet<Service>? {
logDebug("Get services")
return super.getServices()
}
}

24
java_module/app/src/main/java/dev/kdrag0n/safetynetriru/util/Utils.kt Normal file
View File

@ -0,0 +1,24 @@
package dev.kdrag0n.safetynetriru
import android.util.Log
private const val DEBUG = true
private const val TAG = "SafetyNetRiru/Java"
internal fun <T> Any.get(name: String) = this::class.java.getDeclaredField(name).let { field ->
field.isAccessible = true
@Suppress("unchecked_cast")
field.get(this) as T
}
internal fun logDebug(msg: String) {
if (DEBUG) {
Log.d(TAG, msg)
}
}
internal fun logDebug(msg: String, e: Throwable) {
if (DEBUG) {
Log.d(TAG, msg, e)
}
}

3
java_module/app/src/main/res/values/strings.xml Normal file
View File

@ -0,0 +1,3 @@
<resources>
<string name="app_name">Universal SafetyNet Fix</string>
</resources>

18
java_module/build.gradle Normal file
View File

@ -0,0 +1,18 @@
// Top-level build file where you can add configuration options common to all sub-projects/modules.
buildscript {
repositories {
google()
mavenCentral()
}
dependencies {
classpath "com.android.tools.build:gradle:7.0.0"
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:1.5.21"
// NOTE: Do not place your application dependencies here; they belong
// in the individual module build.gradle files
}
}
task clean(type: Delete) {
delete rootProject.buildDir
}

21
java_module/gradle.properties Normal file
View File

@ -0,0 +1,21 @@
# Project-wide Gradle settings.
# IDE (e.g. Android Studio) users:
# Gradle settings configured through the IDE *will override*
# any settings specified in this file.
# For more details on how to configure your build environment visit
# http://www.gradle.org/docs/current/userguide/build_environment.html
# Specifies the JVM arguments used for the daemon process.
# The setting is particularly useful for tweaking memory settings.
org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8
# When configured, Gradle will run in incubating parallel mode.
# This option should only be used with decoupled projects. More details, visit
# http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
# org.gradle.parallel=true
# AndroidX package structure to make it clearer which packages are bundled with the
# Android operating system, and which are packaged with your app"s APK
# https://developer.android.com/topic/libraries/support-library/androidx-rn
android.useAndroidX=true
# Automatically convert third-party libraries to use AndroidX
android.enableJetifier=true
# Kotlin code style for this project: "official" or "obsolete":
kotlin.code.style=official

BIN
java_module/gradle/wrapper/gradle-wrapper.jar vendored Normal file
View File

Binary file not shown.

6
java_module/gradle/wrapper/gradle-wrapper.properties vendored Normal file
View File

@ -0,0 +1,6 @@
#Wed Aug 18 21:02:01 PDT 2021
distributionBase=GRADLE_USER_HOME
distributionUrl=https\://services.gradle.org/distributions/gradle-7.0.2-bin.zip
distributionPath=wrapper/dists
zipStorePath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME

185
java_module/gradlew vendored Executable file
View File

@ -0,0 +1,185 @@
#!/usr/bin/env sh
#
# Copyright 2015 the original author or authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##############################################################################
##
## Gradle start up script for UN*X
##
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
PRG="$0"
# Need this for relative symlinks.
while [ -h "$PRG" ] ; do
ls=`ls -ld "$PRG"`
link=`expr "$ls" : '.*-> \(.*\)$'`
if expr "$link" : '/.*' > /dev/null; then
PRG="$link"
else
PRG=`dirname "$PRG"`"/$link"
fi
done
SAVED="`pwd`"
cd "`dirname \"$PRG\"`/" >/dev/null
APP_HOME="`pwd -P`"
cd "$SAVED" >/dev/null
APP_NAME="Gradle"
APP_BASE_NAME=`basename "$0"`
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD="maximum"
warn () {
echo "$*"
}
die () {
echo
echo "$*"
echo
exit 1
}
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "`uname`" in
CYGWIN* )
cygwin=true
;;
Darwin* )
darwin=true
;;
MINGW* )
msys=true
;;
NONSTOP* )
nonstop=true
;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD="$JAVA_HOME/jre/sh/java"
else
JAVACMD="$JAVA_HOME/bin/java"
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD="java"
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
MAX_FD_LIMIT=`ulimit -H -n`
if [ $? -eq 0 ] ; then
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
MAX_FD="$MAX_FD_LIMIT"
fi
ulimit -n $MAX_FD
if [ $? -ne 0 ] ; then
warn "Could not set maximum file descriptor limit: $MAX_FD"
fi
else
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
fi
fi
# For Darwin, add options to specify how the application appears in the dock
if $darwin; then
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
fi
# For Cygwin or MSYS, switch paths to Windows format before running java
if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
JAVACMD=`cygpath --unix "$JAVACMD"`
# We build the pattern for arguments to be converted via cygpath
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
SEP=""
for dir in $ROOTDIRSRAW ; do
ROOTDIRS="$ROOTDIRS$SEP$dir"
SEP="|"
done
OURCYGPATTERN="(^($ROOTDIRS))"
# Add a user-defined pattern to the cygpath arguments
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
fi
# Now convert the arguments - kludge to limit ourselves to /bin/sh
i=0
for arg in "$@" ; do
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
else
eval `echo args$i`="\"$arg\""
fi
i=`expr $i + 1`
done
case $i in
0) set -- ;;
1) set -- "$args0" ;;
2) set -- "$args0" "$args1" ;;
3) set -- "$args0" "$args1" "$args2" ;;
4) set -- "$args0" "$args1" "$args2" "$args3" ;;
5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
esac
fi
# Escape application args
save () {
for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
echo " "
}
APP_ARGS=`save "$@"`
# Collect all arguments for the java command, following the shell quoting and substitution rules
eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
exec "$JAVACMD" "$@"

89
java_module/gradlew.bat vendored Normal file
View File

@ -0,0 +1,89 @@
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@if "%DEBUG%" == "" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%" == "" set DIRNAME=.
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if "%ERRORLEVEL%" == "0" goto execute
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
if "%ERRORLEVEL%"=="0" goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
exit /b 1
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

10
java_module/settings.gradle Normal file
View File

@ -0,0 +1,10 @@
dependencyResolutionManagement {
repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
repositories {
google()
mavenCentral()
jcenter() // Warning: this repository is going to shut down soon
}
}
rootProject.name = "Universal SafetyNet Fix"
include ':app'

7
module.prop
View File

@ -1,7 +0,0 @@
id=safetynet-fix
name=Universal SafetyNet Fix
version=v1.2.0
versionCode=10200
author=kdrag0n
description=A universal fix for SafetyNet on Android 812 Beta 2 devices with hardware attestation and unlocked bootloaders. Requires MagiskHide if rooted.
support=https://github.com/kdrag0n/safetynet-fix

88
patches/10/sys/0001-keystore-Block-key-attestation-for-Google-Play-Servi.patch
View File

@ -1,88 +0,0 @@
From 9dd88a70668da3d7b0581489d55d0d1a2ced2f5c Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Wed, 13 Jan 2021 02:05:05 -0800
Subject: [PATCH] keystore: Block key attestation for Google Play Services
In order to enforce SafetyNet security, Google Play Services is now
using hardware attestation for ctsProfile validation in all cases, even
when basic attestation is selected. The SafetyNet API response from GMS
will report that basic attestation was used, but under the hood,
hardware attestation is always used regardless of the reported state.
This results in SafetyNet failing to pass due to TrustZone reporting an
unlocked bootloader (and a partially invalidated root of trust) in the
key attestation result.
We can still take advantage of the fact that this usage of hardware
attestation is opportunistic - that is, it falls back to basic
attestation if key attestation fails to run - and prevent GMS from using
key attestation at the framework level. This causes it to gracefully
fall back to basic attestation and pass SafetyNet with an unlocked
bootloader.
Key attestation is still available for other apps, as there are valid
uses for it that do not involve SafetyNet.
The "not implemented" error code from keymaster is used to simulate the
most realistic failure condition to evade detection, i.e. an old device
that lacks support for key attestation.
Change-Id: Iba5fe0791622839e1bad4730593a319ea03661f2
---
keystore/key_store_service.cpp | 9 +++++++--
keystore/keystore_attestation_id.cpp | 6 ++++++
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index b6b7295..40550a7 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -48,6 +48,7 @@
#include <keystore/keystore_return_types.h>
#include <hardware/hw_auth_token.h>
+#include <hardware/keymaster_defs.h>
namespace keystore {
@@ -122,8 +123,12 @@ KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, Authoriza
auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid);
if (!asn1_attestation_id_result.isOk()) {
- ALOGE("failed to gather attestation_id");
- return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
+ if (asn1_attestation_id_result.status() == KM_ERROR_UNIMPLEMENTED) {
+ return KeyStoreServiceReturnCode(KM_ERROR_UNIMPLEMENTED);
+ } else {
+ ALOGE("failed to gather attestation_id");
+ return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
+ }
}
std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result;
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
index b48639f..1f1f79b 100644
--- a/keystore/keystore_attestation_id.cpp
+++ b/keystore/keystore_attestation_id.cpp
@@ -34,6 +34,8 @@
#include <keystore/KeyAttestationPackageInfo.h>
#include <keystore/Signature.h>
+#include <hardware/keymaster_defs.h>
+
#include <private/android_filesystem_config.h> /* for AID_SYSTEM */
#include <openssl/asn1t.h>
@@ -209,6 +211,10 @@ build_attestation_application_id(const KeyAttestationApplicationId& key_attestat
return BAD_VALUE;
}
std::string package_name(String8(*pinfo->package_name()).string());
+ // Prevent Google Play Services from using key attestation for SafetyNet
+ if (package_name == "com.google.android.gms") {
+ return KM_ERROR_UNIMPLEMENTED;
+ }
std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO> attestation_package_info;
auto rc = build_attestation_package_info(*pinfo, &attestation_package_info);
if (rc != NO_ERROR) {
--
2.29.2

52
patches/11/fwb/0001-KeyStore-Block-key-attestation-for-Google-Play-Servi.patch
View File

@ -1,52 +0,0 @@
From 7f7a9b19c8293c09dfee12bec75ff17225c6710e Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Tue, 12 Jan 2021 22:25:13 -0800
Subject: [PATCH] KeyStore: Block key attestation for Google Play Services
In order to enforce SafetyNet security, Google Play Services is now
using hardware attestation for ctsProfile validation in all cases, even
when basic attestation is selected. The SafetyNet API response from GMS
will report that basic attestation was used, but under the hood,
hardware attestation is always used regardless of the reported state.
This results in SafetyNet failing to pass due to TrustZone reporting an
unlocked bootloader (and a partially invalidated root of trust) in the
key attestation result.
We can still take advantage of the fact that this usage of hardware
attestation is opportunistic - that is, it falls back to basic
attestation if key attestation fails to run - and prevent GMS from using
key attestation at the framework level. This causes it to gracefully
fall back to basic attestation and pass SafetyNet with an unlocked
bootloader.
Key attestation is still available for other apps, as there are valid
uses for it that do not involve SafetyNet.
The "not implemented" error code from keymaster is used to simulate the
most realistic failure condition to evade detection, i.e. an old device
that lacks support for key attestation.
Change-Id: I7282ab22b933434bb11037743d46b8a20dad063a
---
keystore/java/android/security/KeyStore.java | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 88b614dc7eef..0f766ef738bf 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -1124,6 +1124,11 @@ public class KeyStore {
public int attestKey(
String alias, KeymasterArguments params, KeymasterCertificateChain outChain) {
+ // Prevent Google Play Services from using key attestation for SafetyNet
+ if (mContext.getPackageName().equals("com.google.android.gms")) {
+ return KeymasterDefs.KM_ERROR_UNIMPLEMENTED;
+ }
+
CertificateChainPromise promise = new CertificateChainPromise();
try {
mBinder.asBinder().linkToDeath(promise, 0);
--
2.29.2

90
patches/11/sys/0001-keystore-Block-key-attestation-for-Google-Play-Servi.patch
View File

@ -1,90 +0,0 @@
From 15633a3d29bf727b83083f2c49d906c16527d389 Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Wed, 13 Jan 2021 02:05:05 -0800
Subject: [PATCH] keystore: Block key attestation for Google Play Services
In order to enforce SafetyNet security, Google Play Services is now
using hardware attestation for ctsProfile validation in all cases, even
when basic attestation is selected. The SafetyNet API response from GMS
will report that basic attestation was used, but under the hood,
hardware attestation is always used regardless of the reported state.
This results in SafetyNet failing to pass due to TrustZone reporting an
unlocked bootloader (and a partially invalidated root of trust) in the
key attestation result.
We can still take advantage of the fact that this usage of hardware
attestation is opportunistic - that is, it falls back to basic
attestation if key attestation fails to run - and prevent GMS from using
key attestation at the framework level. This causes it to gracefully
fall back to basic attestation and pass SafetyNet with an unlocked
bootloader.
Key attestation is still available for other apps, as there are valid
uses for it that do not involve SafetyNet.
The "not implemented" error code from keymaster is used to simulate the
most realistic failure condition to evade detection, i.e. an old device
that lacks support for key attestation.
Change-Id: Iba5fe0791622839e1bad4730593a319ea03661f2
---
keystore/key_store_service.cpp | 11 ++++++++---
keystore/keystore_attestation_id.cpp | 6 ++++++
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 1b38643..b1f1304 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -49,6 +49,7 @@
#include <keystore/keystore_return_types.h>
#include <hardware/hw_auth_token.h>
+#include <hardware/keymaster_defs.h>
namespace keystore {
@@ -120,9 +121,13 @@ KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, Authoriza
auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid);
if (!asn1_attestation_id_result.isOk()) {
- ALOGE("failed to gather attestation_id");
- // Couldn't get attestation ID; just use an empty one rather than failing.
- asn1_attestation_id_result = std::vector<uint8_t>();
+ if (asn1_attestation_id_result.status() == KM_ERROR_UNIMPLEMENTED) {
+ return KeyStoreServiceReturnCode(KM_ERROR_UNIMPLEMENTED);
+ } else {
+ ALOGE("failed to gather attestation_id");
+ // Couldn't get attestation ID; just use an empty one rather than failing.
+ asn1_attestation_id_result = std::vector<uint8_t>();
+ }
}
std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result;
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
index 3d9e87e..448a909 100644
--- a/keystore/keystore_attestation_id.cpp
+++ b/keystore/keystore_attestation_id.cpp
@@ -35,6 +35,8 @@
#include <keystore/KeyAttestationPackageInfo.h>
#include <keystore/Signature.h>
+#include <hardware/keymaster_defs.h>
+
#include <private/android_filesystem_config.h> /* for AID_SYSTEM */
#include <openssl/asn1t.h>
@@ -210,6 +212,10 @@ build_attestation_application_id(const KeyAttestationApplicationId& key_attestat
return BAD_VALUE;
}
std::string package_name(String8(*pinfo->package_name()).string());
+ // Prevent Google Play Services from using key attestation for SafetyNet
+ if (package_name == "com.google.android.gms") {
+ return KM_ERROR_UNIMPLEMENTED;
+ }
std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO> attestation_package_info;
auto rc = build_attestation_package_info(*pinfo, &attestation_package_info);
if (rc != NO_ERROR) {
--
2.29.2

89
patches/8/sys/0001-keystore-Block-key-attestation-for-Google-Play-Servi.patch
View File

@ -1,89 +0,0 @@
From f106ca40883616561fe866daadc11011bbecb806 Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Wed, 13 Jan 2021 02:05:05 -0800
Subject: [PATCH] keystore: Block key attestation for Google Play Services
In order to enforce SafetyNet security, Google Play Services is now
using hardware attestation for ctsProfile validation in all cases, even
when basic attestation is selected. The SafetyNet API response from GMS
will report that basic attestation was used, but under the hood,
hardware attestation is always used regardless of the reported state.
This results in SafetyNet failing to pass due to TrustZone reporting an
unlocked bootloader (and a partially invalidated root of trust) in the
key attestation result.
We can still take advantage of the fact that this usage of hardware
attestation is opportunistic - that is, it falls back to basic
attestation if key attestation fails to run - and prevent GMS from using
key attestation at the framework level. This causes it to gracefully
fall back to basic attestation and pass SafetyNet with an unlocked
bootloader.
Key attestation is still available for other apps, as there are valid
uses for it that do not involve SafetyNet.
The "not implemented" error code from keymaster is used to simulate the
most realistic failure condition to evade detection, i.e. an old device
that lacks support for key attestation.
Change-Id: Iba5fe0791622839e1bad4730593a319ea03661f2
---
keystore/key_store_service.cpp | 10 ++++++++--
keystore/keystore_attestation_id.cpp | 6 ++++++
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 39341ef..2554432 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -39,6 +39,8 @@
#include "keystore_utils.h"
#include <keystore/keystore_hidl_support.h>
+#include <hardware/keymaster_defs.h>
+
namespace keystore {
using namespace android;
@@ -103,8 +105,12 @@ KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, Authoriza
auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid);
if (!asn1_attestation_id_result.isOk()) {
- ALOGE("failed to gather attestation_id");
- return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
+ if (asn1_attestation_id_result.status() == KM_ERROR_UNIMPLEMENTED) {
+ return KeyStoreServiceReturnCode(ErrorCode(KM_ERROR_UNIMPLEMENTED));
+ } else {
+ ALOGE("failed to gather attestation_id");
+ return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
+ }
}
std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result;
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
index 830482b..362bbc5 100644
--- a/keystore/keystore_attestation_id.cpp
+++ b/keystore/keystore_attestation_id.cpp
@@ -34,6 +34,8 @@
#include <keystore/KeyAttestationPackageInfo.h>
#include <keystore/Signature.h>
+#include <hardware/keymaster_defs.h>
+
#include <openssl/asn1t.h>
#include <openssl/sha.h>
@@ -165,6 +167,10 @@ build_attestation_application_id(const KeyAttestationApplicationId& key_attestat
return BAD_VALUE;
}
std::string package_name(String8(*pinfo->package_name()).string());
+ // Prevent Google Play Services from using key attestation for SafetyNet
+ if (package_name == "com.google.android.gms") {
+ return KM_ERROR_UNIMPLEMENTED;
+ }
std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO> attestation_package_info;
auto rc = build_attestation_package_info(*pinfo, &attestation_package_info);
if (rc != NO_ERROR) {
--
2.29.2

88
patches/9/sys/0001-keystore-Block-key-attestation-for-Google-Play-Servi.patch
View File

@ -1,88 +0,0 @@
From 1e60fb921aa6cd03398acee1ce6ca758c0b39fd0 Mon Sep 17 00:00:00 2001
From: Danny Lin <danny@kdrag0n.dev>
Date: Wed, 13 Jan 2021 02:05:05 -0800
Subject: [PATCH] keystore: Block key attestation for Google Play Services
In order to enforce SafetyNet security, Google Play Services is now
using hardware attestation for ctsProfile validation in all cases, even
when basic attestation is selected. The SafetyNet API response from GMS
will report that basic attestation was used, but under the hood,
hardware attestation is always used regardless of the reported state.
This results in SafetyNet failing to pass due to TrustZone reporting an
unlocked bootloader (and a partially invalidated root of trust) in the
key attestation result.
We can still take advantage of the fact that this usage of hardware
attestation is opportunistic - that is, it falls back to basic
attestation if key attestation fails to run - and prevent GMS from using
key attestation at the framework level. This causes it to gracefully
fall back to basic attestation and pass SafetyNet with an unlocked
bootloader.
Key attestation is still available for other apps, as there are valid
uses for it that do not involve SafetyNet.
The "not implemented" error code from keymaster is used to simulate the
most realistic failure condition to evade detection, i.e. an old device
that lacks support for key attestation.
Change-Id: Iba5fe0791622839e1bad4730593a319ea03661f2
---
keystore/key_store_service.cpp | 9 +++++++--
keystore/keystore_attestation_id.cpp | 6 ++++++
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 6b26b57..352d708 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -45,6 +45,7 @@
#include <keystore/keystore_hidl_support.h>
#include <hardware/hw_auth_token.h>
+#include <hardware/keymaster_defs.h>
namespace keystore {
@@ -121,8 +122,12 @@ KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, Authoriza
auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid);
if (!asn1_attestation_id_result.isOk()) {
- ALOGE("failed to gather attestation_id");
- return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
+ if (asn1_attestation_id_result.status() == KM_ERROR_UNIMPLEMENTED) {
+ return KeyStoreServiceReturnCode(KM_ERROR_UNIMPLEMENTED);
+ } else {
+ ALOGE("failed to gather attestation_id");
+ return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
+ }
}
std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result;
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
index 3d34ac5..16f3bf6 100644
--- a/keystore/keystore_attestation_id.cpp
+++ b/keystore/keystore_attestation_id.cpp
@@ -34,6 +34,8 @@
#include <keystore/KeyAttestationPackageInfo.h>
#include <keystore/Signature.h>
+#include <hardware/keymaster_defs.h>
+
#include <private/android_filesystem_config.h> /* for AID_SYSTEM */
#include <openssl/asn1t.h>
@@ -181,6 +183,10 @@ build_attestation_application_id(const KeyAttestationApplicationId& key_attestat
return BAD_VALUE;
}
std::string package_name(String8(*pinfo->package_name()).string());
+ // Prevent Google Play Services from using key attestation for SafetyNet
+ if (package_name == "com.google.android.gms") {
+ return KM_ERROR_UNIMPLEMENTED;
+ }
std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO> attestation_package_info;
auto rc = build_attestation_package_info(*pinfo, &attestation_package_info);
if (rc != NO_ERROR) {
--
2.29.2

18
post-fs-data.sh
View File

@ -1,18 +0,0 @@
#!/system/bin/sh
MODPATH="/data/adb/modules/safetynet-fix"
# Get runtime version
sdk="$(getprop ro.build.version.sdk)"
version="$(getprop ro.vendor.build.version.release)"
# Prepare to update version
rm -fr "$MODPATH/system"
# Make sure version is supported
if [[ ! -d "$MODPATH/system_sdk$sdk" ]]; then
exit
fi
# Symlink results in the wrong SELinux context
cp -r "$MODPATH/system_sdk$sdk" "$MODPATH/system"

4
riru/.gitattributes vendored Normal file
View File

@ -0,0 +1,4 @@
* text=auto eol=lf
*.bat text eol=crlf
*.jar binary

14
riru/.gitignore vendored Normal file
View File

@ -0,0 +1,14 @@
*.iml
.gradle
/local.properties
.idea
/.idea/caches/build_file_checksums.ser
/.idea/libraries
/.idea/modules.xml
/.idea/workspace.xml
.DS_Store
/build
/captures
/out
.externalNativeBuild
.cxx

35
riru/build.gradle Normal file
View File

@ -0,0 +1,35 @@
apply plugin: 'idea'
idea.module {
excludeDirs += file('out')
resourceDirs += file('template')
resourceDirs += file('scripts')
}
buildscript {
repositories {
mavenCentral()
google()
}
dependencies {
classpath 'com.android.tools.build:gradle:4.2.2'
}
}
allprojects {
repositories {
mavenCentral()
google()
}
}
ext {
minSdkVersion = 23
targetSdkVersion = 30
outDir = file("$rootDir/out")
}
task clean(type: Delete) {
delete rootProject.buildDir, outDir
}

22
riru/gradle.properties Normal file
View File

@ -0,0 +1,22 @@
# Project-wide Gradle settings.
# IDE (e.g. Android Studio) users:
# Gradle settings configured through the IDE *will override*
# any settings specified in this file.
# For more details on how to configure your build environment visit
# http://www.gradle.org/docs/current/userguide/build_environment.html
# Specifies the JVM arguments used for the daemon process.
# The setting is particularly useful for tweaking memory settings.
org.gradle.jvmargs=-Xmx1536m
# When configured, Gradle will run in incubating parallel mode.
# This option should only be used with decoupled projects. More details, visit
# http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
# org.gradle.parallel=true
# AndroidX package structure to make it clearer which packages are bundled with the
# Android operating system, and which are packaged with your app's APK
# https://developer.android.com/topic/libraries/support-library/androidx-rn
android.useAndroidX=true
# Automatically convert third-party libraries to use AndroidX
android.enableJetifier=true
# https://github.com/google/prefab/issues/122
# Remove this until AGP update prefab version
android.prefabVersion=1.1.3

BIN
riru/gradle/wrapper/gradle-wrapper.jar vendored Normal file
View File

Binary file not shown.

6
riru/gradle/wrapper/gradle-wrapper.properties vendored Normal file
View File

@ -0,0 +1,6 @@
#Mon Jul 12 21:05:17 CST 2021
distributionBase=GRADLE_USER_HOME
distributionUrl=https\://services.gradle.org/distributions/gradle-7.1.1-all.zip
distributionPath=wrapper/dists
zipStorePath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME

172
riru/gradlew vendored Executable file
View File

@ -0,0 +1,172 @@
#!/usr/bin/env sh
##############################################################################
##
## Gradle start up script for UN*X
##
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
PRG="$0"
# Need this for relative symlinks.
while [ -h "$PRG" ] ; do
ls=`ls -ld "$PRG"`
link=`expr "$ls" : '.*-> \(.*\)$'`
if expr "$link" : '/.*' > /dev/null; then
PRG="$link"
else
PRG=`dirname "$PRG"`"/$link"
fi
done
SAVED="`pwd`"
cd "`dirname \"$PRG\"`/" >/dev/null
APP_HOME="`pwd -P`"
cd "$SAVED" >/dev/null
APP_NAME="Gradle"
APP_BASE_NAME=`basename "$0"`
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS=""
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD="maximum"
warn () {
echo "$*"
}
die () {
echo
echo "$*"
echo
exit 1
}
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "`uname`" in
CYGWIN* )
cygwin=true
;;
Darwin* )
darwin=true
;;
MINGW* )
msys=true
;;
NONSTOP* )
nonstop=true
;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD="$JAVA_HOME/jre/sh/java"
else
JAVACMD="$JAVA_HOME/bin/java"
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD="java"
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
MAX_FD_LIMIT=`ulimit -H -n`
if [ $? -eq 0 ] ; then
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
MAX_FD="$MAX_FD_LIMIT"
fi
ulimit -n $MAX_FD
if [ $? -ne 0 ] ; then
warn "Could not set maximum file descriptor limit: $MAX_FD"
fi
else
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
fi
fi
# For Darwin, add options to specify how the application appears in the dock
if $darwin; then
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
fi
# For Cygwin, switch paths to Windows format before running java
if $cygwin ; then
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
JAVACMD=`cygpath --unix "$JAVACMD"`
# We build the pattern for arguments to be converted via cygpath
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
SEP=""
for dir in $ROOTDIRSRAW ; do
ROOTDIRS="$ROOTDIRS$SEP$dir"
SEP="|"
done
OURCYGPATTERN="(^($ROOTDIRS))"
# Add a user-defined pattern to the cygpath arguments
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
fi
# Now convert the arguments - kludge to limit ourselves to /bin/sh
i=0
for arg in "$@" ; do
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
else
eval `echo args$i`="\"$arg\""
fi
i=$((i+1))
done
case $i in
(0) set -- ;;
(1) set -- "$args0" ;;
(2) set -- "$args0" "$args1" ;;
(3) set -- "$args0" "$args1" "$args2" ;;
(4) set -- "$args0" "$args1" "$args2" "$args3" ;;
(5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
(6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
(7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
(8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
(9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
esac
fi
# Escape application args
save () {
for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
echo " "
}
APP_ARGS=$(save "$@")
# Collect all arguments for the java command, following the shell quoting and substitution rules
eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
cd "$(dirname "$0")"
fi
exec "$JAVACMD" "$@"

84
riru/gradlew.bat vendored Normal file
View File

@ -0,0 +1,84 @@
@if "%DEBUG%" == "" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%" == "" set DIRNAME=.
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS=
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if "%ERRORLEVEL%" == "0" goto init
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto init
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:init
@rem Get command-line arguments, handling Windows variants
if not "%OS%" == "Windows_NT" goto win9xME_args
:win9xME_args
@rem Slurp the command line arguments.
set CMD_LINE_ARGS=
set _SKIP=2
:win9xME_args_slurp
if "x%~1" == "x" goto execute
set CMD_LINE_ARGS=%*
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
:end
@rem End local scope for the variables with windows NT shell
if "%ERRORLEVEL%"=="0" goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
exit /b 1
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

30
riru/module.gradle Normal file
View File

@ -0,0 +1,30 @@
ext {
/*
This name will be used in the name of the so file ("lib${moduleLibraryName}.so").
*/
moduleLibraryName = "safetynetfix"
/* Minimal supported Riru API version, used in the version check of riru.sh */
moduleMinRiruApiVersion = 24
/* The version name of minimal supported Riru, used in the version check of riru.sh */
moduleMinRiruVersionName = "v24.0.0"
/* Maximum supported Riru API version, used in the version check of riru.sh */
moduleRiruApiVersion = 26
/*
Magisk module ID
Since Magisk use it to distinguish different modules, you should never change it.
Note, the older version of the template uses '-' instead of '_', if your are upgrading from
the older version, please pay attention.
*/
magiskModuleId = "safetynet-fix"
moduleName = "Universal SafetyNet Fix"
moduleAuthor = "kdrag0n"
moduleDescription = "A universal fix for SafetyNet on Android 712 devices with hardware attestation and unlocked bootloaders. Requires MagiskHide and Riru $moduleMinRiruVersionName or newer."
moduleVersion = "v2.0.0"
moduleVersionCode = 20000
}

3
riru/module/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
/.externalNativeBuild
/build
/release

136
riru/module/build.gradle Normal file
View File

@ -0,0 +1,136 @@
import org.apache.tools.ant.filters.FixCrLfFilter
import org.apache.tools.ant.filters.ReplaceTokens
import java.security.MessageDigest
apply plugin: 'com.android.library'
apply from: file(rootProject.file('module.gradle'))
android {
compileSdkVersion rootProject.ext.targetSdkVersion
defaultConfig {
minSdkVersion rootProject.ext.minSdkVersion
targetSdkVersion rootProject.ext.targetSdkVersion
externalNativeBuild {
cmake {
arguments "-DMODULE_NAME:STRING=$moduleLibraryName",
"-DRIRU_MODULE_API_VERSION=$moduleRiruApiVersion",
"-DRIRU_MODULE_VERSION=$moduleVersionCode",
"-DRIRU_MODULE_VERSION_NAME:STRING=$moduleVersion",
"-DRIRU_MODULE_MIN_API_VERSION=$moduleMinRiruApiVersion"
}
}
}
buildFeatures {
prefab true
}
externalNativeBuild {
cmake {
path "src/main/cpp/CMakeLists.txt"
version "3.10.2"
}
}
}
repositories {
mavenLocal()
}
dependencies {
// This is prefab aar which contains "riru.h"
// If you want to use older versions of AGP,
// you can copy this file from https://github.com/RikkaApps/Riru/blob/master/riru/src/main/cpp/include_riru/riru.h
// The default version of prefab in AGP has problem to process header only package,
// you may have to add "android.prefabVersion" in your gradle.properties.
// See https://github.com/google/prefab/issues/122
implementation 'dev.rikka.ndk:riru:26.0.0'
}
afterEvaluate {
android.libraryVariants.forEach { variant ->
def variantCapped = variant.name.capitalize()
def variantLowered = variant.name.toLowerCase()
def zipName = "${magiskModuleId.replace('_', '-')}-${moduleVersion}-${variantLowered}.zip"
def magiskDir = file("$outDir/magisk_module_$variantLowered")
task("prepareMagiskFiles${variantCapped}", type: Sync) {
dependsOn("assemble$variantCapped")
def templatePath = "$rootDir/template/magisk_module"
into magiskDir
from(templatePath) {
exclude 'riru.sh', 'module.prop'
}
from(templatePath) {
include 'riru.sh'
filter(ReplaceTokens.class, tokens: [
"RIRU_MODULE_LIB_NAME" : moduleLibraryName,
"RIRU_MODULE_API_VERSION" : moduleRiruApiVersion.toString(),
"RIRU_MODULE_MIN_API_VERSION" : moduleMinRiruApiVersion.toString(),
"RIRU_MODULE_MIN_RIRU_VERSION_NAME": moduleMinRiruVersionName,
])
filter(FixCrLfFilter.class,
eol: FixCrLfFilter.CrLf.newInstance("lf"))
}
from(templatePath) {
include 'module.prop'
expand([
id : magiskModuleId,
name : moduleName,
version : moduleVersion,
versionCode: moduleVersionCode.toString(),
author : moduleAuthor,
description: moduleDescription,
])
filter(FixCrLfFilter.class,
eol: FixCrLfFilter.CrLf.newInstance("lf"))
}
from("$buildDir/intermediates/stripped_native_libs/$variantLowered/out/lib") {
into 'lib'
}
doLast {
fileTree("$magiskDir").visit { f ->
if (f.directory) return
if (f.file.name == '.gitattributes') return
def md = MessageDigest.getInstance("SHA-256")
f.file.eachByte 4096, { bytes, size ->
md.update(bytes, 0, size)
}
file(f.file.path + ".sha256sum").text = md.digest().encodeHex()
}
}
}
task("zip${variantCapped}", type: Zip) {
dependsOn("prepareMagiskFiles${variantCapped}")
from magiskDir
archiveName zipName
destinationDir outDir
}
task("push${variantCapped}", type: Exec) {
dependsOn("zip${variantCapped}")
workingDir outDir
commandLine android.adbExecutable, "push", zipName, "/data/local/tmp/"
}
task("flash${variantCapped}", type: Exec) {
dependsOn("push${variantCapped}")
commandLine android.adbExecutable, "shell", "su", "-c",
"magisk --install-module /data/local/tmp/${zipName}"
}
task("flashAndReboot${variantCapped}", type: Exec) {
dependsOn("flash${variantCapped}")
commandLine android.adbExecutable, "shell", "reboot"
}
variant.assembleProvider.get().finalizedBy("zip${variantCapped}")
}
}

1
riru/module/src/main/AndroidManifest.xml Normal file
View File

@ -0,0 +1 @@
<manifest package="riru.template" />

44
riru/module/src/main/cpp/CMakeLists.txt Normal file
View File

@ -0,0 +1,44 @@
cmake_minimum_required(VERSION 3.4.1)
if (NOT DEFINED MODULE_NAME)
message(FATAL_ERROR "MODULE_NAME is not set")
else ()
project(${MODULE_NAME})
endif ()
add_definitions(-DRIRU_MODULE)
configure_file(template/config.cpp config.cpp)
message("Build type: ${CMAKE_BUILD_TYPE}")
set(CMAKE_CXX_STANDARD 11)
set(LINKER_FLAGS "-ffixed-x18 -Wl,--hash-style=both")
set(C_FLAGS "-Werror=format -fdata-sections -ffunction-sections")
set(CXX_FLAGS "${CXX_FLAGS} -fno-exceptions -fno-rtti")
if (NOT CMAKE_BUILD_TYPE STREQUAL "Debug")
set(C_FLAGS "${C_FLAGS} -O2 -fvisibility=hidden -fvisibility-inlines-hidden")
set(LINKER_FLAGS "${LINKER_FLAGS} -Wl,-exclude-libs,ALL -Wl,--gc-sections -Wl,--strip-all")
else ()
set(C_FLAGS "${C_FLAGS} -O0")
endif ()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${C_FLAGS}")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${C_FLAGS} ${CXX_FLAGS}")
set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${LINKER_FLAGS}")
set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} ${LINKER_FLAGS}")
find_package(riru REQUIRED CONFIG)
include_directories(include)
add_library(${MODULE_NAME} SHARED main.cpp ${CMAKE_CURRENT_BINARY_DIR}/config.cpp)
target_link_libraries(${MODULE_NAME} log riru::riru)
if (NOT CMAKE_BUILD_TYPE STREQUAL "Debug")
add_custom_command(TARGET ${MODULE_NAME} POST_BUILD
COMMAND ${CMAKE_STRIP} --strip-all --remove-section=.comment "${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${MODULE_NAME}.so")
endif ()

8
riru/module/src/main/cpp/include/config.h Normal file
View File

@ -0,0 +1,8 @@
#pragma once
namespace riru {
extern const int moduleVersionCode;
extern const char* const moduleVersionName;
extern const int moduleApiVersion;
extern const int moduleMinApiVersion;
}

198
riru/module/src/main/cpp/main.cpp Normal file
View File

@ -0,0 +1,198 @@
#include <jni.h>
#include <sys/types.h>
#include <riru.h>
#include <malloc.h>
#include <cstring>
#include <config.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/mman.h>
#include <android/log.h>
#ifndef NDEBUG
#define DEBUG(...) __android_log_write(ANDROID_LOG_DEBUG, "SafetyNetRiru/JNI", __VA_ARGS__)
#else
#define DEBUG(...)
#endif
static void *moduleDex;
static size_t moduleDexSize;
static constexpr size_t APP_DATA_DIR_SIZE = 128;
static char lastAppDataDir[APP_DATA_DIR_SIZE];
static void updateAppDataDir(JNIEnv *env, jstring appDataDir) {
DEBUG("updateAppDataDir");
if (!appDataDir) {
DEBUG("dir is null");
memset(lastAppDataDir, 0, APP_DATA_DIR_SIZE);
} else {
DEBUG("copy dir");
// For simplicity, copy it into the buffer and release the JNI copy instead
// of keeping the JNI string reference.
const char *copy = env->GetStringUTFChars(appDataDir, NULL);
strncpy(lastAppDataDir, copy, APP_DATA_DIR_SIZE);
env->ReleaseStringUTFChars(appDataDir, copy);
DEBUG(lastAppDataDir);
}
}
static void specializeCommon(JNIEnv *env) {
DEBUG("specializeCommon");
DEBUG(lastAppDataDir);
if (!moduleDex || !strstr(lastAppDataDir, "com.google.android.gms")) {
DEBUG("dex null or pkg doesn't match");
riru_set_unload_allowed(true);
return;
}
DEBUG("get system classloader");
// First, get the system classloader
jclass clClass = env->FindClass("java/lang/ClassLoader");
jmethodID getSystemClassLoader = env->GetStaticMethodID(clClass, "getSystemClassLoader", "()Ljava/lang/ClassLoader;");
jobject systemClassLoader = env->CallStaticObjectMethod(clClass, getSystemClassLoader);
DEBUG("create buf");
// Assuming we have a valid mapped module, load it. This is similar to the approach used for
// Dynamite modules in GmsCompat, except we can use InMemoryDexClassLoader directly instead of
// tampering with DelegateLastClassLoader's DexPathList.
jobject buf = env->NewDirectByteBuffer(moduleDex, moduleDexSize);
DEBUG("construct dex cl");
jclass dexClClass = env->FindClass("dalvik/system/InMemoryDexClassLoader");
jmethodID dexClInit = env->GetMethodID(dexClClass, "<init>", "(Ljava/nio/ByteBuffer;Ljava/lang/ClassLoader;)V");
jobject dexCl = env->NewObject(dexClClass, dexClInit, buf, systemClassLoader);
// Load the class
DEBUG("load class method lookup");
jmethodID loadClass = env->GetMethodID(clClass, "loadClass", "(Ljava/lang/String;)Ljava/lang/Class;");
DEBUG("call load class");
jstring entryClassName = env->NewStringUTF("dev.kdrag0n.safetynetriru.EntryPoint");
jobject entryClassObj = env->CallObjectMethod(dexCl, loadClass, entryClassName);
// Call init. Static initializers don't run when merely calling loadClass from JNI.
DEBUG("call init");
auto entryClass = (jclass) entryClassObj;
jmethodID entryInit = env->GetStaticMethodID(entryClass, "init", "()V");
env->CallStaticVoidMethod(entryClass, entryInit);
DEBUG("specializeCommon end");
}
static void *readFile(char *path, size_t *fileSize) {
int fd = open(path, O_RDONLY, 0);
if (fd < 0) {
DEBUG("open fail");
return nullptr;
}
// Get size
DEBUG("get size");
*fileSize = lseek(fd, 0, SEEK_END);
if (*fileSize < 0) {
DEBUG("seek fail");
return nullptr;
}
lseek(fd, 0, SEEK_SET);
// Map
/*
DEBUG("mmap");
moduleDex = mmap(nullptr, *fileSize, PROT_READ, MAP_PRIVATE, fd, 0);
if (moduleDex == MAP_FAILED) {
DEBUG("mmap fail");
}*/
// Read the entire file into a buffer
// TODO: see if mmap path is visible in /proc/pid/maps after closing and forking
char *data = (char *) malloc(*fileSize);
int bytes = 0;
while (bytes < *fileSize) {
bytes += read(fd, data + bytes, *fileSize - bytes);
}
// Close the fd. This doesn't destroy the mapping.
DEBUG("close");
close(fd);
return data;
}
static void forkAndSpecializePre(
JNIEnv *env, jclass clazz, jint *uid, jint *gid, jintArray *gids, jint *runtimeFlags,
jobjectArray *rlimits, jint *mountExternal, jstring *seInfo, jstring *niceName,
jintArray *fdsToClose, jintArray *fdsToIgnore, jboolean *is_child_zygote,
jstring *instructionSet, jstring *appDataDir, jboolean *isTopApp, jobjectArray *pkgDataInfoList,
jobjectArray *whitelistedDataInfoList, jboolean *bindMountAppDataDirs, jboolean *bindMountAppStorageDirs) {
updateAppDataDir(env, *appDataDir);
}
static void specializeAppProcessPre(
JNIEnv *env, jclass clazz, jint *uid, jint *gid, jintArray *gids, jint *runtimeFlags,
jobjectArray *rlimits, jint *mountExternal, jstring *seInfo, jstring *niceName,
jboolean *startChildZygote, jstring *instructionSet, jstring *appDataDir,
jboolean *isTopApp, jobjectArray *pkgDataInfoList, jobjectArray *whitelistedDataInfoList,
jboolean *bindMountAppDataDirs, jboolean *bindMountAppStorageDirs) {
updateAppDataDir(env, *appDataDir);
}
static void forkAndSpecializePost(JNIEnv *env, jclass clazz, jint res) {
if (res == 0) {
// Child process
specializeCommon(env);
}
}
static void specializeAppProcessPost(JNIEnv *env, jclass clazz) {
specializeCommon(env);
}
static void onModuleLoaded() {
// Load
DEBUG("onModuleLoaded, loading file");
char pathBuf[128];
snprintf(pathBuf, 128, "%s/%s", riru_magisk_module_path, "classes.dex");
DEBUG((char*)riru_magisk_module_path);
DEBUG(pathBuf);
moduleDex = readFile(pathBuf, &moduleDexSize);
if (!moduleDex) {
return;
}
DEBUG("module loaded");
}
extern "C" {
int riru_api_version;
const char *riru_magisk_module_path = nullptr;
int *riru_allow_unload = nullptr;
static auto module = RiruVersionedModuleInfo{
.moduleApiVersion = riru::moduleApiVersion,
.moduleInfo = RiruModuleInfo{
.supportHide = true,
.version = riru::moduleVersionCode,
.versionName = riru::moduleVersionName,
.onModuleLoaded = onModuleLoaded,
.forkAndSpecializePre = forkAndSpecializePre,
.forkAndSpecializePost = forkAndSpecializePost,
.forkSystemServerPre = NULL,
.forkSystemServerPost = NULL,
.specializeAppProcessPre = specializeAppProcessPre,
.specializeAppProcessPost = specializeAppProcessPost,
},
};
RiruVersionedModuleInfo *init(Riru *riru) {
auto core_max_api_version = riru->riruApiVersion;
riru_api_version = core_max_api_version <= riru::moduleApiVersion ? core_max_api_version : riru::moduleApiVersion;
module.moduleApiVersion = riru_api_version;
riru_magisk_module_path = strdup(riru->magiskModulePath);
if (riru_api_version >= 25) {
riru_allow_unload = riru->allowUnload;
}
return &module;
}
}

8
riru/module/src/main/cpp/template/config.cpp Normal file
View File

@ -0,0 +1,8 @@
#include "config.h"
namespace riru {
const int moduleVersionCode = ${RIRU_MODULE_VERSION};
const char* const moduleVersionName = "${RIRU_MODULE_VERSION_NAME}";
const int moduleApiVersion = ${RIRU_MODULE_API_VERSION};
const int moduleMinApiVersion = ${RIRU_MODULE_MIN_API_VERSION};
}

5
riru/settings.gradle Normal file
View File

@ -0,0 +1,5 @@
include ':module'
import org.apache.tools.ant.DirectoryScanner
DirectoryScanner.removeDefaultExclude('**/.gitattributes')

10
riru/template/magisk_module/.gitattributes vendored Normal file
View File

@ -0,0 +1,10 @@
# Declare files that will always have LF line endings on checkout.
META-INF/** text eol=lf
*.prop text eol=lf
*.sh text eol=lf
*.md text eol=lf
sepolicy.rule text eol=lf
# Denote all files that are truly binary and should not be modified.
system/** binary
system_x86/** binary

23
riru/template/magisk_module/LICENSE Normal file
View File

@ -0,0 +1,23 @@
The MIT License (MIT)
Copyright (c) 2021 Danny Lin <danny@kdrag0n.dev>
Riru Module Template: Copyright (c) 2020 Rikka
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

33
riru/template/magisk_module/META-INF/com/google/android/update-binary Normal file
View File

@ -0,0 +1,33 @@
#!/sbin/sh
#################
# Initialization
#################
umask 022
# echo before loading util_functions
ui_print() { echo "$1"; }
require_new_magisk() {
ui_print "*******************************"
ui_print " Please install Magisk v20.4+! "
ui_print "*******************************"
exit 1
}
#########################
# Load util_functions.sh
#########################
OUTFD=$2
ZIPFILE=$3
mount /data 2>/dev/null
[ -f /data/adb/magisk/util_functions.sh ] || require_new_magisk
. /data/adb/magisk/util_functions.sh
[ $MAGISK_VER_CODE -lt 20400 ] && require_new_magisk
install_module
exit 0

0
META-INF/com/google/android/updater-script → riru/template/magisk_module/META-INF/com/google/android/updater-script
View File

69
riru/template/magisk_module/customize.sh Normal file
View File

@ -0,0 +1,69 @@
SKIPUNZIP=1
# Extract verify.sh
unzip -o "$ZIPFILE" 'verify.sh' -d "$TMPDIR" >&2
if [ ! -f "$TMPDIR/verify.sh" ]; then
ui_print "*********************************************************"
ui_print "! Unable to extract verify.sh!"
ui_print "! This zip may be corrupted, please try downloading again"
abort "*********************************************************"
fi
. $TMPDIR/verify.sh
# Extract riru.sh
# Variables provided by riru.sh:
#
# RIRU_API: API version of installed Riru, 0 if not installed
# RIRU_MIN_COMPATIBLE_API: minimal supported API version by installed Riru, 0 if not installed or version < v23.2
# RIRU_VERSION_CODE: version code of installed Riru, 0 if not installed or version < v23.2
# RIRU_VERSION_NAME: version name of installed Riru, "" if not installed or version < v23.2
extract "$ZIPFILE" 'riru.sh' "$TMPDIR"
. $TMPDIR/riru.sh
# Functions from util_functions.sh (it will be loaded by riru.sh)
check_riru_version
enforce_install_from_magisk_app
# Check architecture
if [ "$ARCH" != "arm" ] && [ "$ARCH" != "arm64" ] && [ "$ARCH" != "x86" ] && [ "$ARCH" != "x64" ]; then
abort "! Unsupported platform: $ARCH"
else
ui_print "- Device platform: $ARCH"
fi
# Extract libs
ui_print "- Extracting module files"
extract "$ZIPFILE" 'module.prop' "$MODPATH"
extract "$ZIPFILE" 'classes.dex' "$MODPATH"
# Riru v24+ load files from the "riru" folder in the Magisk module folder
# This "riru" folder is also used to determine if a Magisk module is a Riru module
mkdir "$MODPATH/riru"
mkdir "$MODPATH/riru/lib"
mkdir "$MODPATH/riru/lib64"
if [ "$ARCH" = "arm" ] || [ "$ARCH" = "arm64" ]; then
ui_print "- Extracting arm libraries"
extract "$ZIPFILE" "lib/armeabi-v7a/lib$RIRU_MODULE_LIB_NAME.so" "$MODPATH/riru/lib" true
if [ "$IS64BIT" = true ]; then
ui_print "- Extracting arm64 libraries"
extract "$ZIPFILE" "lib/arm64-v8a/lib$RIRU_MODULE_LIB_NAME.so" "$MODPATH/riru/lib64" true
fi
fi
if [ "$ARCH" = "x86" ] || [ "$ARCH" = "x64" ]; then
ui_print "- Extracting x86 libraries"
extract "$ZIPFILE" "lib/x86/lib$RIRU_MODULE_LIB_NAME.so" "$MODPATH/riru/lib" true
if [ "$IS64BIT" = true ]; then
ui_print "- Extracting x64 libraries"
extract "$ZIPFILE" "lib/x86_64/lib$RIRU_MODULE_LIB_NAME.so" "$MODPATH/riru/lib64" true
fi
fi
set_perm_recursive "$MODPATH" 0 0 0755 0644

6
riru/template/magisk_module/module.prop Normal file
View File

@ -0,0 +1,6 @@
id=${id}
name=${name}
version=${version}
versionCode=${versionCode}
author=${author}
description=${description}

44
riru/template/magisk_module/riru.sh Normal file
View File

@ -0,0 +1,44 @@
#!/sbin/sh
RIRU_MODULE_LIB_NAME="@RIRU_MODULE_LIB_NAME@"
# Variables for customize.sh
RIRU_API=0
RIRU_MIN_COMPATIBLE_API=0
RIRU_VERSION_CODE=0
RIRU_VERSION_NAME=""
# Used by util_functions.sh
RIRU_MODULE_API_VERSION=@RIRU_MODULE_API_VERSION@
RIRU_MODULE_MIN_API_VERSION=@RIRU_MODULE_MIN_API_VERSION@
RIRU_MODULE_MIN_RIRU_VERSION_NAME="@RIRU_MODULE_MIN_RIRU_VERSION_NAME@"
if [ "$MAGISK_VER_CODE" -ge 21000 ]; then
MAGISK_CURRENT_RIRU_MODULE_PATH=$(magisk --path)/.magisk/modules/riru-core
else
MAGISK_CURRENT_RIRU_MODULE_PATH=/sbin/.magisk/modules/riru-core
fi
if [ ! -d $MAGISK_CURRENT_RIRU_MODULE_PATH ]; then
ui_print "*********************************************************"
ui_print "! Riru is not installed"
ui_print "! Please install Riru from Magisk Manager or https://github.com/RikkaApps/Riru/releases"
abort "*********************************************************"
fi
if [ -f "$MAGISK_CURRENT_RIRU_MODULE_PATH/disable" ] || [ -f "$MAGISK_CURRENT_RIRU_MODULE_PATH/remove" ]; then
ui_print "*********************************************************"
ui_print "! Riru is not enabled or will be removed"
ui_print "! Please enable Riru in Magisk first"
abort "*********************************************************"
fi
if [ -f $MAGISK_CURRENT_RIRU_MODULE_PATH/util_functions.sh ]; then
ui_print "- Load $MAGISK_CURRENT_RIRU_MODULE_PATH/util_functions.sh"
# shellcheck disable=SC1090
. $MAGISK_CURRENT_RIRU_MODULE_PATH/util_functions.sh
else
ui_print "*********************************************************"
ui_print "! Riru $RIRU_MODULE_MIN_RIRU_VERSION_NAME or above is required"
ui_print "! Please upgrade Riru from Magisk Manager or https://github.com/RikkaApps/Riru/releases"
abort "*********************************************************"
fi

38
riru/template/magisk_module/verify.sh Normal file
View File

@ -0,0 +1,38 @@
TMPDIR_FOR_VERIFY="$TMPDIR/.vunzip"
mkdir "$TMPDIR_FOR_VERIFY"
abort_verify() {
ui_print "*********************************************************"
ui_print "! $1"
ui_print "! This zip may be corrupted, please try downloading again"
abort "*********************************************************"
}
# extract <zip> <file> <target dir> <junk paths>
extract() {
zip=$1
file=$2
dir=$3
junk_paths=$4
[ -z "$junk_paths" ] && junk_paths=false
opts="-o"
[ $junk_paths = true ] && opts="-oj"
file_path=""
hash_path=""
if [ $junk_paths = true ]; then
file_path="$dir/$(basename "$file")"
hash_path="$TMPDIR_FOR_VERIFY/$(basename "$file").sha256sum"
else
file_path="$dir/$file"
hash_path="$TMPDIR_FOR_VERIFY/$file.sha256sum"
fi
unzip $opts "$zip" "$file" -d "$dir" >&2
[ -f "$file_path" ] || abort_verify "$file not exists"
unzip $opts "$zip" "$file.sha256sum" -d "$TMPDIR_FOR_VERIFY" >&2
[ -f "$hash_path" ] || abort_verify "$file.sha256sum not exists"
(echo "$(cat "$hash_path") $file_path" | sha256sum -c -s -) || abort_verify "Failed to verify $file"
}

9
service.sh
View File

@ -1,9 +0,0 @@
#!/usr/bin/env bash
# Keystore v2 starts before Magisk on Android 12, so it needs to be restarted.
# Do this in service.sh to make sure that files have been mounted already.
sdk="$(getprop ro.build.version.sdk)"
if [[ "$sdk" -ge 31 ]]; then
stop keystore2
start keystore2
fi

8
system.prop
View File

@ -1,8 +0,0 @@
# RootBeer, Microsoft
ro.build.tags=release-keys
# SafetyNet
ro.boot.flash.locked=1
ro.boot.verifiedbootstate=green
ro.boot.veritymode=enforcing
ro.boot.vbmeta.device_state=locked

BIN
system_sdk26/bin/keystore
View File

Binary file not shown.

BIN
system_sdk27/bin/keystore
View File

Binary file not shown.

BIN
system_sdk28/bin/keystore
View File

Binary file not shown.

BIN
system_sdk29/bin/keystore
View File

Binary file not shown.

BIN
system_sdk30/bin/keystore
View File

Binary file not shown.

BIN
system_sdk30/lib64/libkeystore-attestation-application-id.so
View File

Binary file not shown.

BIN
system_sdk31/bin/keystore2
View File

Binary file not shown.

BIN
system_sdk31/lib64/libkeystore-attestation-application-id.so
View File

Binary file not shown.