mirror of
https://github.com/kdrag0n/safetynet-fix.git
synced 2024-10-04 13:49:51 +00:00
Merge branch 'riru'
This is the Riru version of this module, which improves upon the old solution of replacing the native keystore service: - Compatible with OEM ROMs that have heavily-modified keystore services - Doesn't break other uses of key attestation in Google Play Services
This commit is contained in:
commit
fd2fd32f83
2
LICENSE
2
LICENSE
@ -2,6 +2,8 @@ The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2021 Danny Lin <danny@kdrag0n.dev>
|
||||
|
||||
Riru Module Template: Copyright (c) 2020 Rikka
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
|
190
LICENSE.android
190
LICENSE.android
@ -1,190 +0,0 @@
|
||||
|
||||
Copyright (c) 2008-2015, The Android Open Source Project
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
@ -1,182 +0,0 @@
|
||||
#!/sbin/sh
|
||||
|
||||
#################
|
||||
# Initialization
|
||||
#################
|
||||
|
||||
umask 022
|
||||
|
||||
# echo before loading util_functions
|
||||
ui_print() { echo "$1"; }
|
||||
|
||||
require_new_magisk() {
|
||||
ui_print "*******************************"
|
||||
ui_print " Please install Magisk v19.0+! "
|
||||
ui_print "*******************************"
|
||||
exit 1
|
||||
}
|
||||
|
||||
#########################
|
||||
# Load util_functions.sh
|
||||
#########################
|
||||
|
||||
OUTFD=$2
|
||||
ZIPFILE=$3
|
||||
|
||||
mount /data 2>/dev/null
|
||||
|
||||
[ -f /data/adb/magisk/util_functions.sh ] || require_new_magisk
|
||||
. /data/adb/magisk/util_functions.sh
|
||||
[ $MAGISK_VER_CODE -lt 19000 ] && require_new_magisk
|
||||
|
||||
if [ $MAGISK_VER_CODE -ge 20400 ]; then
|
||||
# New Magisk have complete installation logic within util_functions.sh
|
||||
install_module
|
||||
exit 0
|
||||
fi
|
||||
|
||||
#################
|
||||
# Legacy Support
|
||||
#################
|
||||
|
||||
# Global vars
|
||||
TMPDIR=/dev/tmp
|
||||
PERSISTDIR=/sbin/.magisk/mirror/persist
|
||||
|
||||
rm -rf $TMPDIR 2>/dev/null
|
||||
mkdir -p $TMPDIR
|
||||
|
||||
is_legacy_script() {
|
||||
unzip -l "$ZIPFILE" install.sh | grep -q install.sh
|
||||
return $?
|
||||
}
|
||||
|
||||
print_modname() {
|
||||
local len
|
||||
len=`echo -n $MODNAME | wc -c`
|
||||
len=$((len + 2))
|
||||
local pounds=`printf "%${len}s" | tr ' ' '*'`
|
||||
ui_print "$pounds"
|
||||
ui_print " $MODNAME "
|
||||
ui_print "$pounds"
|
||||
ui_print "*******************"
|
||||
ui_print " Powered by Magisk "
|
||||
ui_print "*******************"
|
||||
}
|
||||
|
||||
# Preperation for flashable zips
|
||||
setup_flashable
|
||||
|
||||
# Mount partitions
|
||||
mount_partitions
|
||||
|
||||
# Detect version and architecture
|
||||
api_level_arch_detect
|
||||
|
||||
# Setup busybox and binaries
|
||||
$BOOTMODE && boot_actions || recovery_actions
|
||||
|
||||
##############
|
||||
# Preparation
|
||||
##############
|
||||
|
||||
# Extract prop file
|
||||
unzip -o "$ZIPFILE" module.prop -d $TMPDIR >&2
|
||||
[ ! -f $TMPDIR/module.prop ] && abort "! Unable to extract zip file!"
|
||||
|
||||
$BOOTMODE && MODDIRNAME=modules_update || MODDIRNAME=modules
|
||||
MODULEROOT=$NVBASE/$MODDIRNAME
|
||||
MODID=`grep_prop id $TMPDIR/module.prop`
|
||||
MODPATH=$MODULEROOT/$MODID
|
||||
MODNAME=`grep_prop name $TMPDIR/module.prop`
|
||||
|
||||
# Create mod paths
|
||||
rm -rf $MODPATH 2>/dev/null
|
||||
mkdir -p $MODPATH
|
||||
|
||||
##########
|
||||
# Install
|
||||
##########
|
||||
|
||||
if is_legacy_script; then
|
||||
unzip -oj "$ZIPFILE" module.prop install.sh uninstall.sh 'common/*' -d $TMPDIR >&2
|
||||
|
||||
# Load install script
|
||||
. $TMPDIR/install.sh
|
||||
|
||||
# Callbacks
|
||||
print_modname
|
||||
on_install
|
||||
|
||||
# Custom uninstaller
|
||||
[ -f $TMPDIR/uninstall.sh ] && cp -af $TMPDIR/uninstall.sh $MODPATH/uninstall.sh
|
||||
|
||||
# Skip mount
|
||||
$SKIPMOUNT && touch $MODPATH/skip_mount
|
||||
|
||||
# prop file
|
||||
$PROPFILE && cp -af $TMPDIR/system.prop $MODPATH/system.prop
|
||||
|
||||
# Module info
|
||||
cp -af $TMPDIR/module.prop $MODPATH/module.prop
|
||||
|
||||
# post-fs-data scripts
|
||||
$POSTFSDATA && cp -af $TMPDIR/post-fs-data.sh $MODPATH/post-fs-data.sh
|
||||
|
||||
# service scripts
|
||||
$LATESTARTSERVICE && cp -af $TMPDIR/service.sh $MODPATH/service.sh
|
||||
|
||||
ui_print "- Setting permissions"
|
||||
set_permissions
|
||||
else
|
||||
print_modname
|
||||
|
||||
unzip -o "$ZIPFILE" customize.sh -d $MODPATH >&2
|
||||
|
||||
if ! grep -q '^SKIPUNZIP=1$' $MODPATH/customize.sh 2>/dev/null; then
|
||||
ui_print "- Extracting module files"
|
||||
unzip -o "$ZIPFILE" -x 'META-INF/*' -d $MODPATH >&2
|
||||
|
||||
# Default permissions
|
||||
set_perm_recursive $MODPATH 0 0 0755 0644
|
||||
fi
|
||||
|
||||
# Load customization script
|
||||
[ -f $MODPATH/customize.sh ] && . $MODPATH/customize.sh
|
||||
fi
|
||||
|
||||
# Handle replace folders
|
||||
for TARGET in $REPLACE; do
|
||||
ui_print "- Replace target: $TARGET"
|
||||
mktouch $MODPATH$TARGET/.replace
|
||||
done
|
||||
|
||||
if $BOOTMODE; then
|
||||
# Update info for Magisk Manager
|
||||
mktouch $NVBASE/modules/$MODID/update
|
||||
cp -af $MODPATH/module.prop $NVBASE/modules/$MODID/module.prop
|
||||
fi
|
||||
|
||||
# Copy over custom sepolicy rules
|
||||
if [ -f $MODPATH/sepolicy.rule -a -e $PERSISTDIR ]; then
|
||||
ui_print "- Installing custom sepolicy patch"
|
||||
PERSISTMOD=$PERSISTDIR/magisk/$MODID
|
||||
mkdir -p $PERSISTMOD
|
||||
cp -af $MODPATH/sepolicy.rule $PERSISTMOD/sepolicy.rule
|
||||
fi
|
||||
|
||||
# Remove stuffs that don't belong to modules
|
||||
rm -rf \
|
||||
$MODPATH/system/placeholder $MODPATH/customize.sh \
|
||||
$MODPATH/README.md $MODPATH/.git* 2>/dev/null
|
||||
|
||||
##############
|
||||
# Finalizing
|
||||
##############
|
||||
|
||||
cd /
|
||||
$BOOTMODE || recovery_cleanup
|
||||
rm -rf $TMPDIR
|
||||
|
||||
ui_print "- Done"
|
||||
exit 0
|
21
Makefile
21
Makefile
@ -1,21 +0,0 @@
|
||||
getprop = $(shell cat module.prop | grep "^$(1)=" | head -n1 | cut -d'=' -f2)
|
||||
|
||||
MODNAME ?= $(call getprop,id)
|
||||
MODVER ?= $(call getprop,version)
|
||||
ZIP = $(MODNAME)-$(MODVER).zip
|
||||
|
||||
all: $(ZIP)
|
||||
|
||||
zip: $(ZIP)
|
||||
|
||||
%.zip: clean
|
||||
zip -r9 $(ZIP) . -x $(MODNAME)-*.zip .gitignore .gitattributes Makefile /.git* *.DS_Store* *placeholder /patches*
|
||||
|
||||
install: $(ZIP)
|
||||
adb push $(ZIP) /sdcard/
|
||||
echo '/sbin/.magisk/busybox/unzip -p "/sdcard/$(ZIP)" META-INF/com/google/android/update-binary | /sbin/.magisk/busybox/sh /proc/self/fd/0 x 1 "/sdcard/$(ZIP)"' | adb shell su -c sh -
|
||||
|
||||
clean:
|
||||
rm -f *.zip
|
||||
|
||||
.PHONY: all zip %.zip install clean
|
65
README.md
65
README.md
@ -1,75 +1,28 @@
|
||||
# Universal SafetyNet Fix
|
||||
|
||||
This is a universal fix for SafetyNet on devices with hardware attestation and unlocked bootloaders or custom verified boot keys. It defeats both hardware attestation and the new SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels.
|
||||
This is a universal fix for SafetyNet on devices with hardware-backed attestation and unlocked bootloaders (or custom verified boot keys). It defeats both hardware attestation and the SafetyNet CTS profile updates released on January 12, 2021. The only requirement is that you can pass basic attestation, which requires a valid combination of device and model names, build fingerprints, and security patch levels. **MagiskHide is required as a result.**
|
||||
|
||||
Passing basic attestation is out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Use [MagiskHide Props Config](https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf) to spoof your CTS profile if you have trouble passing basic attestation. This is a common situation on old devices and custom ROMs.
|
||||
Passing basic attestation is out-of-scope for this module; this module is meant to defy hardware attestation, as well as reported "basic" attestation that actually uses hardware under-the-hood. Use [MagiskHide Props Config](https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf) to spoof your CTS profile if you have trouble passing basic attestation. This is a common issue on old devices and custom ROMs.
|
||||
|
||||
No device-specific features (such as the new Pixel-exclusive Google Assistant design or screen-off voice match) will be lost with this fix.
|
||||
|
||||
MagiskHide is required if the device is rooted.
|
||||
|
||||
Android versions 8–12 Beta 2 are supported. **Heavy OEM skins are not officially supported**, but they may work depending on your luck and the particular ROM in question. Please do not report problems on such ROMs.
|
||||
Android versions 7–12 are supported, including OEM skins such as Samsung One UI and MIUI. This is a Riru module, so Riru must be installed in order for this to work.
|
||||
|
||||
## How does it work?
|
||||
|
||||
In order to enforce SafetyNet security, Google Play Services is now
|
||||
using hardware attestation for CTS profile validation in all cases, even
|
||||
when basic attestation is selected. The SafetyNet API response from GMS
|
||||
will report that basic attestation was used, but under the hood,
|
||||
hardware attestation is always used regardless of the reported state.
|
||||
This results in SafetyNet failing to pass due to TrustZone reporting an
|
||||
unlocked bootloader (and a partially invalidated root of trust) in the
|
||||
key attestation result.
|
||||
Google Play Services opportunistically uses hardware-backed attestation to enforce SafetyNet security (since January 12, 2021), regardless of the device.
|
||||
|
||||
We can still take advantage of the fact that this usage of hardware
|
||||
attestation is opportunistic — that is, it falls back to basic
|
||||
attestation if key attestation fails to run — and prevent GMS from using
|
||||
key attestation at the framework level. This causes it to gracefully
|
||||
fall back to basic attestation and pass SafetyNet with an unlocked
|
||||
bootloader.
|
||||
This module uses Riru to inject code into the Google Play Services process and then register a fake keystore provider that overrides the real one. When Play Services attempts to use key attestation, it throws an exception and pretends that the device lacks support for key attestation. This causes SafetyNet to fall back to basic attestation, which is much weaker and can be bypassed with existing methods.
|
||||
|
||||
Key attestation is still available for other apps, as there are valid
|
||||
uses for it that do not involve SafetyNet.
|
||||
|
||||
The "not implemented" error code from Keymaster is used to simulate the
|
||||
most realistic failure condition to evade detection, i.e. an old device
|
||||
that lacks support for key attestation.
|
||||
Key attestation is only blocked specifically for SafetyNet in Google Play Services,
|
||||
so no other features are broken.
|
||||
|
||||
## ROM integration
|
||||
|
||||
Ideally, this workaround should be incorporated in ROMs instead of overriding part of the ROM in a Magisk module.
|
||||
Ideally, this workaround should be incorporated in custom ROMs instead of injecting code with a Magisk module.
|
||||
|
||||
There are 2 options for:
|
||||
|
||||
- Blocking GMS in the framework, which is more portable across Android versions and typically less intrusive for ROMs to integrate
|
||||
- Blocking GMS in the native keystore service, which is slightly more future-proof but may require forking another repository
|
||||
|
||||
You only need **one** of the workarounds on the ROM side. Adding both is redundant.
|
||||
|
||||
Commits for the framework version of the workaround:
|
||||
Commits for the system framework version of the workaround:
|
||||
|
||||
- [Android 11](https://github.com/ProtonAOSP/android_frameworks_base/commit/7f7a9b19c8293c09dfee12bec75ff17225c6710e)
|
||||
|
||||
Commits for the native version of the workaround that modifies the C++ keystore service in system/security:
|
||||
|
||||
- [Android 11](https://github.com/ProtonAOSP/android_system_security/commit/15633a3d29bf727b83083f2c49d906c16527d389)
|
||||
- [Android 10](https://github.com/ProtonAOSP/android_system_security/commit/qt)
|
||||
- [Android 9](https://github.com/ProtonAOSP/android_system_security/commit/pi)
|
||||
- [Android 8.1](https://github.com/ProtonAOSP/android_system_security/commit/oc)
|
||||
|
||||
All of the above commits are also available in the form of patch files [in this repository](https://github.com/kdrag0n/safetynet-fix/tree/master/patches).
|
||||
|
||||
## Where is the source code?
|
||||
|
||||
The keystore executables and libraries in this repository were built with the commits linked above. The target CPU was changed to generic ARMv8-A for all target devices.
|
||||
|
||||
- Android 12 Beta 2: Built from AOSP master for `aosp_arm64`
|
||||
- Android 11: Built from ProtonAOSP 11.3.1 (android-11.0.0_r24) for `redfin`
|
||||
- Android 10: Built from LineageOS 17.1 (android-10.0.0_r41) for `taimen`
|
||||
- Android 9: Built from AOSP android-9.0.0_r61 for `taimen`
|
||||
- Android 8.1: Built from AOSP android-8.1.0_r81 for `taimen`
|
||||
- Android 8.0: Built from AOSP android-8.0.0_r51 for `marlin`
|
||||
|
||||
## Support
|
||||
|
||||
If you found this module helpful, please consider supporting development with a **[recurring donation](https://patreon.com/kdrag0n)** on Patreon for benefits such as exclusive behind-the-scenes development news, early access to updates, and priority support. Alternatively, you can also [buy me a coffee](https://paypal.me/kdrag0ndonate). All support is appreciated.
|
||||
|
35
build.sh
Executable file
35
build.sh
Executable file
@ -0,0 +1,35 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -veuo pipefail
|
||||
|
||||
tmp_dir="$(mktemp --tmpdir -d modulebuild.XXXXXXXXXX)"
|
||||
function cleanup() {
|
||||
rm -fr "$tmp_dir"
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
build_mode="${1:-Release}"
|
||||
|
||||
pushd "$(dirname "$0")"
|
||||
src_dir="$(pwd)"
|
||||
popd
|
||||
|
||||
cd "$tmp_dir"
|
||||
|
||||
pushd "$src_dir/riru"
|
||||
rm -fr out
|
||||
./gradlew "assemble$build_mode"
|
||||
popd
|
||||
|
||||
pushd "$src_dir/java_module"
|
||||
# Must always be release due to R8 requirement
|
||||
./gradlew assembleRelease
|
||||
popd
|
||||
|
||||
unzip "$src_dir/riru/out/safetynet-fix-"*.zip
|
||||
unzip "$src_dir/java_module/app/build/outputs/apk/release/app-release.apk" classes.dex
|
||||
sha256sum classes.dex | cut -d' ' -f1 | tr -d '\n' > classes.dex.sha256sum
|
||||
|
||||
version="$(grep '^version=' module.prop | cut -d= -f2)"
|
||||
rm -f "$src_dir/safetynet-fix-$version.zip"
|
||||
zip -r9 "$src_dir/safetynet-fix-$version.zip" .
|
27
customize.sh
27
customize.sh
@ -1,27 +0,0 @@
|
||||
#!/sbin/sh
|
||||
|
||||
# We check the native ABI instead of all supported ABIs because this is a system
|
||||
# service, and underlying AIDL/HIDL ABIs may not match. We also link against other
|
||||
# system libraries.
|
||||
arch="$(getprop ro.product.cpu.abi)"
|
||||
if [[ "$arch" != "arm64-v8a" ]]; then
|
||||
ui_print "Unsupported CPU architecture: $arch"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
sdk="$(getprop ro.build.version.sdk)"
|
||||
version="$(getprop ro.vendor.build.version.release)"
|
||||
|
||||
# Initial version check; version can be changed later.
|
||||
if [[ ! -d "$MODPATH/system_sdk$sdk" ]]; then
|
||||
ui_print "Android $version (SDK $sdk) is not supported!"
|
||||
rm -fr "$MODPATH"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Set executable permissions
|
||||
for sdk in $MODPATH/system_sdk*
|
||||
do
|
||||
set_perm_recursive $sdk/bin 0 0 0755 0755
|
||||
done
|
||||
chmod 755 $MODPATH/*.sh
|
15
java_module/.gitignore
vendored
Normal file
15
java_module/.gitignore
vendored
Normal file
@ -0,0 +1,15 @@
|
||||
*.iml
|
||||
.gradle
|
||||
/local.properties
|
||||
/.idea/caches
|
||||
/.idea/libraries
|
||||
/.idea/modules.xml
|
||||
/.idea/workspace.xml
|
||||
/.idea/navEditor.xml
|
||||
/.idea/assetWizardSettings.xml
|
||||
.DS_Store
|
||||
/build
|
||||
/captures
|
||||
.externalNativeBuild
|
||||
.cxx
|
||||
local.properties
|
28
java_module/.project
Normal file
28
java_module/.project
Normal file
@ -0,0 +1,28 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<projectDescription>
|
||||
<name>Universal SafetyNet Fix</name>
|
||||
<comment>Project java_module created by Buildship.</comment>
|
||||
<projects>
|
||||
</projects>
|
||||
<buildSpec>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.buildship.core.gradleprojectbuilder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
</buildSpec>
|
||||
<natures>
|
||||
<nature>org.eclipse.buildship.core.gradleprojectnature</nature>
|
||||
</natures>
|
||||
<filteredResources>
|
||||
<filter>
|
||||
<id>1629355509187</id>
|
||||
<name></name>
|
||||
<type>30</type>
|
||||
<matcher>
|
||||
<id>org.eclipse.core.resources.regexFilterMatcher</id>
|
||||
<arguments>node_modules|.git|__CREATED_BY_JAVA_LANGUAGE_SERVER__</arguments>
|
||||
</matcher>
|
||||
</filter>
|
||||
</filteredResources>
|
||||
</projectDescription>
|
13
java_module/.settings/org.eclipse.buildship.core.prefs
Normal file
13
java_module/.settings/org.eclipse.buildship.core.prefs
Normal file
@ -0,0 +1,13 @@
|
||||
arguments=
|
||||
auto.sync=false
|
||||
build.scans.enabled=false
|
||||
connection.gradle.distribution=GRADLE_DISTRIBUTION(WRAPPER)
|
||||
connection.project.dir=
|
||||
eclipse.preferences.version=1
|
||||
gradle.user.home=
|
||||
java.home=/usr/lib/jvm/java-11-openjdk
|
||||
jvm.arguments=
|
||||
offline.mode=false
|
||||
override.workspace.settings=true
|
||||
show.console.view=true
|
||||
show.executions.view=true
|
6
java_module/app/.classpath
Normal file
6
java_module/app/.classpath
Normal file
@ -0,0 +1,6 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<classpath>
|
||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-11/"/>
|
||||
<classpathentry kind="con" path="org.eclipse.buildship.core.gradleclasspathcontainer"/>
|
||||
<classpathentry kind="output" path="bin/default"/>
|
||||
</classpath>
|
1
java_module/app/.gitignore
vendored
Normal file
1
java_module/app/.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
/build
|
34
java_module/app/.project
Normal file
34
java_module/app/.project
Normal file
@ -0,0 +1,34 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<projectDescription>
|
||||
<name>app</name>
|
||||
<comment>Project app created by Buildship.</comment>
|
||||
<projects>
|
||||
</projects>
|
||||
<buildSpec>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.jdt.core.javabuilder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.buildship.core.gradleprojectbuilder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
</buildSpec>
|
||||
<natures>
|
||||
<nature>org.eclipse.jdt.core.javanature</nature>
|
||||
<nature>org.eclipse.buildship.core.gradleprojectnature</nature>
|
||||
</natures>
|
||||
<filteredResources>
|
||||
<filter>
|
||||
<id>1629355509189</id>
|
||||
<name></name>
|
||||
<type>30</type>
|
||||
<matcher>
|
||||
<id>org.eclipse.core.resources.regexFilterMatcher</id>
|
||||
<arguments>node_modules|.git|__CREATED_BY_JAVA_LANGUAGE_SERVER__</arguments>
|
||||
</matcher>
|
||||
</filter>
|
||||
</filteredResources>
|
||||
</projectDescription>
|
@ -0,0 +1,2 @@
|
||||
connection.project.dir=..
|
||||
eclipse.preferences.version=1
|
37
java_module/app/build.gradle
Normal file
37
java_module/app/build.gradle
Normal file
@ -0,0 +1,37 @@
|
||||
plugins {
|
||||
id 'com.android.application'
|
||||
id 'kotlin-android'
|
||||
}
|
||||
|
||||
android {
|
||||
compileSdk 30
|
||||
|
||||
defaultConfig {
|
||||
applicationId "dev.kdrag0n.safetynetriru"
|
||||
minSdk 24
|
||||
targetSdk 30
|
||||
versionCode 1
|
||||
versionName "1.0"
|
||||
|
||||
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
|
||||
}
|
||||
|
||||
buildTypes {
|
||||
release {
|
||||
minifyEnabled true
|
||||
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
|
||||
signingConfig signingConfigs.debug
|
||||
}
|
||||
}
|
||||
compileOptions {
|
||||
sourceCompatibility JavaVersion.VERSION_1_8
|
||||
targetCompatibility JavaVersion.VERSION_1_8
|
||||
}
|
||||
kotlinOptions {
|
||||
jvmTarget = '1.8'
|
||||
}
|
||||
}
|
||||
|
||||
dependencies {
|
||||
implementation 'org.jetbrains.kotlin:kotlin-stdlib:1.5.21'
|
||||
}
|
56
java_module/app/proguard-rules.pro
vendored
Normal file
56
java_module/app/proguard-rules.pro
vendored
Normal file
@ -0,0 +1,56 @@
|
||||
# Add project specific ProGuard rules here.
|
||||
# You can control the set of applied configuration files using the
|
||||
# proguardFiles setting in build.gradle.
|
||||
#
|
||||
# For more details, see
|
||||
# http://developer.android.com/guide/developing/tools/proguard.html
|
||||
|
||||
# If your project uses WebView with JS, uncomment the following
|
||||
# and specify the fully qualified class name to the JavaScript interface
|
||||
# class:
|
||||
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
|
||||
# public *;
|
||||
#}
|
||||
|
||||
# Uncomment this to preserve the line number information for
|
||||
# debugging stack traces.
|
||||
#-keepattributes SourceFile,LineNumberTable
|
||||
|
||||
# If you keep the line number information, uncomment this to
|
||||
# hide the original source file name.
|
||||
#-renamesourcefileattribute SourceFile
|
||||
|
||||
-keep class dev.kdrag0n.safetynetriru.EntryPoint {
|
||||
public static void init();
|
||||
}
|
||||
|
||||
-keepclassmembers class dev.kdrag0n.safetynetriru.proxy.ProxyKeyStoreSpi {
|
||||
public <init>(...);
|
||||
}
|
||||
|
||||
# Remove @DebugMetadata annotations to avoid leaking info
|
||||
# Source: https://proandroiddev.com/kotlin-cleaning-java-bytecode-before-release-9567d4c63911
|
||||
-checkdiscard @interface kotlin.coroutines.jvm.internal.DebugMetadata
|
||||
-assumenosideeffects public class kotlin.coroutines.jvm.internal.BaseContinuationImpl {
|
||||
private kotlin.coroutines.jvm.internal.DebugMetadata getDebugMetadataAnnotation() return null;
|
||||
public java.lang.StackTraceElement getStackTraceElement() return null;
|
||||
public java.lang.String[] getSpilledVariableFieldMapping() return null;
|
||||
}
|
||||
|
||||
-assumenosideeffects class kotlin.jvm.internal.Intrinsics {
|
||||
# Remove verbose NPE intrinsics to reduce code size and avoid leaking info
|
||||
# Source: https://issuetracker.google.com/issues/190489514
|
||||
static void checkParameterIsNotNull(java.lang.Object, java.lang.String);
|
||||
static void checkNotNullParameter(java.lang.Object, java.lang.String);
|
||||
static void checkFieldIsNotNull(java.lang.Object, java.lang.String);
|
||||
static void checkFieldIsNotNull(java.lang.Object, java.lang.String, java.lang.String);
|
||||
static void checkReturnedValueIsNotNull(java.lang.Object, java.lang.String);
|
||||
static void checkReturnedValueIsNotNull(java.lang.Object, java.lang.String, java.lang.String);
|
||||
static void checkNotNullExpressionValue(java.lang.Object, java.lang.String);
|
||||
static void checkExpressionValueIsNotNull(java.lang.Object, java.lang.String);
|
||||
static void checkNotNull(java.lang.Object);
|
||||
static void checkNotNull(java.lang.Object, java.lang.String);
|
||||
|
||||
# Remove remaining stray calls to stringPlus
|
||||
static java.lang.String stringPlus(java.lang.String, java.lang.Object);
|
||||
}
|
9
java_module/app/src/main/AndroidManifest.xml
Normal file
9
java_module/app/src/main/AndroidManifest.xml
Normal file
@ -0,0 +1,9 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
|
||||
package="dev.kdrag0n.safetynetriru">
|
||||
|
||||
<application
|
||||
android:label="@string/app_name"
|
||||
android:theme="@android:style/Theme.DeviceDefault" />
|
||||
|
||||
</manifest>
|
@ -0,0 +1,16 @@
|
||||
package dev.kdrag0n.safetynetriru
|
||||
|
||||
@Suppress("unused")
|
||||
object EntryPoint {
|
||||
@JvmStatic
|
||||
fun init() {
|
||||
runCatching {
|
||||
logDebug("Entry point: Initializing SafetyNet patch")
|
||||
SecurityBridge.init()
|
||||
}.recoverCatching { e ->
|
||||
// Throwing an exception would require the JNI code to handle exceptions, so just catch
|
||||
// everything here.
|
||||
logDebug("Error in entry point", e)
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,28 @@
|
||||
package dev.kdrag0n.safetynetriru
|
||||
|
||||
import dev.kdrag0n.safetynetriru.proxy.ProxyKeyStoreSpi
|
||||
import dev.kdrag0n.safetynetriru.proxy.ProxyProvider
|
||||
import java.security.KeyStore
|
||||
import java.security.KeyStoreSpi
|
||||
import java.security.Security
|
||||
|
||||
internal object SecurityBridge {
|
||||
const val PROVIDER_NAME = "AndroidKeyStore"
|
||||
|
||||
fun init() {
|
||||
logDebug("Initializing SecurityBridge")
|
||||
|
||||
val realProvider = Security.getProvider(PROVIDER_NAME)
|
||||
val realKeystore = KeyStore.getInstance(PROVIDER_NAME)
|
||||
val realSpi = realKeystore.get<KeyStoreSpi>("keyStoreSpi")
|
||||
logDebug("Real provider=$realProvider, keystore=$realKeystore, spi=$realSpi")
|
||||
|
||||
val provider = ProxyProvider(realProvider)
|
||||
logDebug("Removing real provider")
|
||||
Security.removeProvider("AndroidKeyStore")
|
||||
logDebug("Inserting provider $provider")
|
||||
Security.insertProviderAt(provider, 1)
|
||||
ProxyKeyStoreSpi.androidImpl = realSpi
|
||||
logDebug("Security hooks installed")
|
||||
}
|
||||
}
|
@ -0,0 +1,73 @@
|
||||
package dev.kdrag0n.safetynetriru.proxy
|
||||
|
||||
import dev.kdrag0n.safetynetriru.logDebug
|
||||
import java.io.InputStream
|
||||
import java.io.OutputStream
|
||||
import java.security.Key
|
||||
import java.security.KeyStoreSpi
|
||||
import java.security.cert.Certificate
|
||||
import java.util.*
|
||||
|
||||
class ProxyKeyStoreSpi private constructor(
|
||||
private val orig: KeyStoreSpi,
|
||||
) : KeyStoreSpi() {
|
||||
@Suppress("unused")
|
||||
constructor() : this(androidImpl!!)
|
||||
|
||||
init {
|
||||
logDebug("Init proxy KeyStore SPI")
|
||||
}
|
||||
|
||||
// Avoid breaking other, legitimate uses of key attestation in Google Play Services, e.g.
|
||||
// - com.google.android.gms.auth.cryptauth.register.ReEnrollmentChimeraService
|
||||
// - tk_trace.129-RegisterForKeyPairOperation
|
||||
private fun isCallerSafetyNet() = Thread.currentThread().stackTrace.any {
|
||||
// a.a.engineGetCertificateChain(Unknown Source:15)
|
||||
// java.security.KeyStore.getCertificateChain(KeyStore.java:1087)
|
||||
// com.google.ccc.abuse.droidguard.DroidGuard.initNative(Native Method)
|
||||
// com.google.ccc.abuse.droidguard.DroidGuard.init(DroidGuard.java:447)
|
||||
// java.lang.reflect.Method.invoke(Native Method)
|
||||
// xvq.b(:com.google.android.gms@212621053@21.26.21 (190400-387928701):1)
|
||||
// xuc.a(:com.google.android.gms@212621053@21.26.21 (190400-387928701):5)
|
||||
// xuc.eX(:com.google.android.gms@212621053@21.26.21 (190400-387928701):1)
|
||||
// dzx.onTransact(:com.google.android.gms@212621053@21.26.21 (190400-387928701):8)
|
||||
// android.os.Binder.execTransactInternal(Binder.java:1179)
|
||||
// android.os.Binder.execTransact(Binder.java:1143)
|
||||
logDebug("Stack trace element: $it")
|
||||
it.className.contains("DroidGuard", ignoreCase = true)
|
||||
}
|
||||
|
||||
override fun engineGetCertificateChain(alias: String?): Array<Certificate>? {
|
||||
logDebug("Proxy key store: get certificate chain")
|
||||
|
||||
if (isCallerSafetyNet()) {
|
||||
logDebug("Blocking call")
|
||||
throw UnsupportedOperationException()
|
||||
} else {
|
||||
logDebug("Allowing call")
|
||||
return orig.engineGetCertificateChain(alias)
|
||||
}
|
||||
}
|
||||
|
||||
// Direct delegation. We have to do this manually because the Kotlin compiler can only do it
|
||||
// for interfaces, not abstract classes.
|
||||
override fun engineGetKey(alias: String?, password: CharArray?): Key? = orig.engineGetKey(alias, password)
|
||||
override fun engineGetCertificate(alias: String?): Certificate? = orig.engineGetCertificate(alias)
|
||||
override fun engineGetCreationDate(alias: String?): Date? = orig.engineGetCreationDate(alias)
|
||||
override fun engineSetKeyEntry(alias: String?, key: Key?, password: CharArray?, chain: Array<out Certificate>?) = orig.engineSetKeyEntry(alias, key, password, chain)
|
||||
override fun engineSetKeyEntry(alias: String?, key: ByteArray?, chain: Array<out Certificate>?) = orig.engineSetKeyEntry(alias, key, chain)
|
||||
override fun engineSetCertificateEntry(alias: String?, cert: Certificate?) = orig.engineSetCertificateEntry(alias, cert)
|
||||
override fun engineDeleteEntry(alias: String?) = orig.engineDeleteEntry(alias)
|
||||
override fun engineAliases(): Enumeration<String>? = orig.engineAliases()
|
||||
override fun engineContainsAlias(alias: String?) = orig.engineContainsAlias(alias)
|
||||
override fun engineSize() = orig.engineSize()
|
||||
override fun engineIsKeyEntry(alias: String?) = orig.engineIsKeyEntry(alias)
|
||||
override fun engineIsCertificateEntry(alias: String?) = orig.engineIsCertificateEntry(alias)
|
||||
override fun engineGetCertificateAlias(cert: Certificate?): String? = orig.engineGetCertificateAlias(cert)
|
||||
override fun engineStore(stream: OutputStream?, password: CharArray?) = orig.engineStore(stream, password)
|
||||
override fun engineLoad(stream: InputStream?, password: CharArray?) = orig.engineLoad(stream, password)
|
||||
|
||||
companion object {
|
||||
@Volatile internal var androidImpl: KeyStoreSpi? = null
|
||||
}
|
||||
}
|
@ -0,0 +1,29 @@
|
||||
package dev.kdrag0n.safetynetriru.proxy
|
||||
|
||||
import dev.kdrag0n.safetynetriru.SecurityBridge
|
||||
import dev.kdrag0n.safetynetriru.logDebug
|
||||
import java.security.Provider
|
||||
|
||||
// This is mostly just a pass-through provider that exists to change the provider's ClassLoader.
|
||||
// This works because Service looks up the class by name from the *provider* ClassLoader, not
|
||||
// necessarily the bootstrap one.
|
||||
class ProxyProvider(
|
||||
orig: Provider,
|
||||
) : Provider(orig.name, orig.version, orig.info) {
|
||||
init {
|
||||
logDebug("Init proxy provider - wrapping $orig")
|
||||
|
||||
putAll(orig)
|
||||
this["KeyStore.${SecurityBridge.PROVIDER_NAME}"] = ProxyKeyStoreSpi::class.java.name
|
||||
}
|
||||
|
||||
override fun getService(type: String?, algorithm: String?): Service? {
|
||||
logDebug("Provider: get service - type=$type algorithm=$algorithm")
|
||||
return super.getService(type, algorithm)
|
||||
}
|
||||
|
||||
override fun getServices(): MutableSet<Service>? {
|
||||
logDebug("Get services")
|
||||
return super.getServices()
|
||||
}
|
||||
}
|
@ -0,0 +1,24 @@
|
||||
package dev.kdrag0n.safetynetriru
|
||||
|
||||
import android.util.Log
|
||||
|
||||
private const val DEBUG = true
|
||||
private const val TAG = "SafetyNetRiru/Java"
|
||||
|
||||
internal fun <T> Any.get(name: String) = this::class.java.getDeclaredField(name).let { field ->
|
||||
field.isAccessible = true
|
||||
@Suppress("unchecked_cast")
|
||||
field.get(this) as T
|
||||
}
|
||||
|
||||
internal fun logDebug(msg: String) {
|
||||
if (DEBUG) {
|
||||
Log.d(TAG, msg)
|
||||
}
|
||||
}
|
||||
|
||||
internal fun logDebug(msg: String, e: Throwable) {
|
||||
if (DEBUG) {
|
||||
Log.d(TAG, msg, e)
|
||||
}
|
||||
}
|
3
java_module/app/src/main/res/values/strings.xml
Normal file
3
java_module/app/src/main/res/values/strings.xml
Normal file
@ -0,0 +1,3 @@
|
||||
<resources>
|
||||
<string name="app_name">Universal SafetyNet Fix</string>
|
||||
</resources>
|
18
java_module/build.gradle
Normal file
18
java_module/build.gradle
Normal file
@ -0,0 +1,18 @@
|
||||
// Top-level build file where you can add configuration options common to all sub-projects/modules.
|
||||
buildscript {
|
||||
repositories {
|
||||
google()
|
||||
mavenCentral()
|
||||
}
|
||||
dependencies {
|
||||
classpath "com.android.tools.build:gradle:7.0.0"
|
||||
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:1.5.21"
|
||||
|
||||
// NOTE: Do not place your application dependencies here; they belong
|
||||
// in the individual module build.gradle files
|
||||
}
|
||||
}
|
||||
|
||||
task clean(type: Delete) {
|
||||
delete rootProject.buildDir
|
||||
}
|
21
java_module/gradle.properties
Normal file
21
java_module/gradle.properties
Normal file
@ -0,0 +1,21 @@
|
||||
# Project-wide Gradle settings.
|
||||
# IDE (e.g. Android Studio) users:
|
||||
# Gradle settings configured through the IDE *will override*
|
||||
# any settings specified in this file.
|
||||
# For more details on how to configure your build environment visit
|
||||
# http://www.gradle.org/docs/current/userguide/build_environment.html
|
||||
# Specifies the JVM arguments used for the daemon process.
|
||||
# The setting is particularly useful for tweaking memory settings.
|
||||
org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8
|
||||
# When configured, Gradle will run in incubating parallel mode.
|
||||
# This option should only be used with decoupled projects. More details, visit
|
||||
# http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
|
||||
# org.gradle.parallel=true
|
||||
# AndroidX package structure to make it clearer which packages are bundled with the
|
||||
# Android operating system, and which are packaged with your app"s APK
|
||||
# https://developer.android.com/topic/libraries/support-library/androidx-rn
|
||||
android.useAndroidX=true
|
||||
# Automatically convert third-party libraries to use AndroidX
|
||||
android.enableJetifier=true
|
||||
# Kotlin code style for this project: "official" or "obsolete":
|
||||
kotlin.code.style=official
|
BIN
java_module/gradle/wrapper/gradle-wrapper.jar
vendored
Normal file
BIN
java_module/gradle/wrapper/gradle-wrapper.jar
vendored
Normal file
Binary file not shown.
6
java_module/gradle/wrapper/gradle-wrapper.properties
vendored
Normal file
6
java_module/gradle/wrapper/gradle-wrapper.properties
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
#Wed Aug 18 21:02:01 PDT 2021
|
||||
distributionBase=GRADLE_USER_HOME
|
||||
distributionUrl=https\://services.gradle.org/distributions/gradle-7.0.2-bin.zip
|
||||
distributionPath=wrapper/dists
|
||||
zipStorePath=wrapper/dists
|
||||
zipStoreBase=GRADLE_USER_HOME
|
185
java_module/gradlew
vendored
Executable file
185
java_module/gradlew
vendored
Executable file
@ -0,0 +1,185 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
#
|
||||
# Copyright 2015 the original author or authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
##############################################################################
|
||||
##
|
||||
## Gradle start up script for UN*X
|
||||
##
|
||||
##############################################################################
|
||||
|
||||
# Attempt to set APP_HOME
|
||||
# Resolve links: $0 may be a link
|
||||
PRG="$0"
|
||||
# Need this for relative symlinks.
|
||||
while [ -h "$PRG" ] ; do
|
||||
ls=`ls -ld "$PRG"`
|
||||
link=`expr "$ls" : '.*-> \(.*\)$'`
|
||||
if expr "$link" : '/.*' > /dev/null; then
|
||||
PRG="$link"
|
||||
else
|
||||
PRG=`dirname "$PRG"`"/$link"
|
||||
fi
|
||||
done
|
||||
SAVED="`pwd`"
|
||||
cd "`dirname \"$PRG\"`/" >/dev/null
|
||||
APP_HOME="`pwd -P`"
|
||||
cd "$SAVED" >/dev/null
|
||||
|
||||
APP_NAME="Gradle"
|
||||
APP_BASE_NAME=`basename "$0"`
|
||||
|
||||
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
||||
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
|
||||
|
||||
# Use the maximum available, or set MAX_FD != -1 to use that value.
|
||||
MAX_FD="maximum"
|
||||
|
||||
warn () {
|
||||
echo "$*"
|
||||
}
|
||||
|
||||
die () {
|
||||
echo
|
||||
echo "$*"
|
||||
echo
|
||||
exit 1
|
||||
}
|
||||
|
||||
# OS specific support (must be 'true' or 'false').
|
||||
cygwin=false
|
||||
msys=false
|
||||
darwin=false
|
||||
nonstop=false
|
||||
case "`uname`" in
|
||||
CYGWIN* )
|
||||
cygwin=true
|
||||
;;
|
||||
Darwin* )
|
||||
darwin=true
|
||||
;;
|
||||
MINGW* )
|
||||
msys=true
|
||||
;;
|
||||
NONSTOP* )
|
||||
nonstop=true
|
||||
;;
|
||||
esac
|
||||
|
||||
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
|
||||
|
||||
|
||||
# Determine the Java command to use to start the JVM.
|
||||
if [ -n "$JAVA_HOME" ] ; then
|
||||
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
|
||||
# IBM's JDK on AIX uses strange locations for the executables
|
||||
JAVACMD="$JAVA_HOME/jre/sh/java"
|
||||
else
|
||||
JAVACMD="$JAVA_HOME/bin/java"
|
||||
fi
|
||||
if [ ! -x "$JAVACMD" ] ; then
|
||||
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
|
||||
|
||||
Please set the JAVA_HOME variable in your environment to match the
|
||||
location of your Java installation."
|
||||
fi
|
||||
else
|
||||
JAVACMD="java"
|
||||
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
||||
|
||||
Please set the JAVA_HOME variable in your environment to match the
|
||||
location of your Java installation."
|
||||
fi
|
||||
|
||||
# Increase the maximum file descriptors if we can.
|
||||
if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
|
||||
MAX_FD_LIMIT=`ulimit -H -n`
|
||||
if [ $? -eq 0 ] ; then
|
||||
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
|
||||
MAX_FD="$MAX_FD_LIMIT"
|
||||
fi
|
||||
ulimit -n $MAX_FD
|
||||
if [ $? -ne 0 ] ; then
|
||||
warn "Could not set maximum file descriptor limit: $MAX_FD"
|
||||
fi
|
||||
else
|
||||
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
|
||||
fi
|
||||
fi
|
||||
|
||||
# For Darwin, add options to specify how the application appears in the dock
|
||||
if $darwin; then
|
||||
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
|
||||
fi
|
||||
|
||||
# For Cygwin or MSYS, switch paths to Windows format before running java
|
||||
if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
|
||||
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
|
||||
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
|
||||
|
||||
JAVACMD=`cygpath --unix "$JAVACMD"`
|
||||
|
||||
# We build the pattern for arguments to be converted via cygpath
|
||||
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
|
||||
SEP=""
|
||||
for dir in $ROOTDIRSRAW ; do
|
||||
ROOTDIRS="$ROOTDIRS$SEP$dir"
|
||||
SEP="|"
|
||||
done
|
||||
OURCYGPATTERN="(^($ROOTDIRS))"
|
||||
# Add a user-defined pattern to the cygpath arguments
|
||||
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
|
||||
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
|
||||
fi
|
||||
# Now convert the arguments - kludge to limit ourselves to /bin/sh
|
||||
i=0
|
||||
for arg in "$@" ; do
|
||||
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
|
||||
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
|
||||
|
||||
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
|
||||
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
|
||||
else
|
||||
eval `echo args$i`="\"$arg\""
|
||||
fi
|
||||
i=`expr $i + 1`
|
||||
done
|
||||
case $i in
|
||||
0) set -- ;;
|
||||
1) set -- "$args0" ;;
|
||||
2) set -- "$args0" "$args1" ;;
|
||||
3) set -- "$args0" "$args1" "$args2" ;;
|
||||
4) set -- "$args0" "$args1" "$args2" "$args3" ;;
|
||||
5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
|
||||
6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
|
||||
7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
|
||||
8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
|
||||
9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
# Escape application args
|
||||
save () {
|
||||
for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
|
||||
echo " "
|
||||
}
|
||||
APP_ARGS=`save "$@"`
|
||||
|
||||
# Collect all arguments for the java command, following the shell quoting and substitution rules
|
||||
eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
|
||||
|
||||
exec "$JAVACMD" "$@"
|
89
java_module/gradlew.bat
vendored
Normal file
89
java_module/gradlew.bat
vendored
Normal file
@ -0,0 +1,89 @@
|
||||
@rem
|
||||
@rem Copyright 2015 the original author or authors.
|
||||
@rem
|
||||
@rem Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@rem you may not use this file except in compliance with the License.
|
||||
@rem You may obtain a copy of the License at
|
||||
@rem
|
||||
@rem https://www.apache.org/licenses/LICENSE-2.0
|
||||
@rem
|
||||
@rem Unless required by applicable law or agreed to in writing, software
|
||||
@rem distributed under the License is distributed on an "AS IS" BASIS,
|
||||
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
@rem See the License for the specific language governing permissions and
|
||||
@rem limitations under the License.
|
||||
@rem
|
||||
|
||||
@if "%DEBUG%" == "" @echo off
|
||||
@rem ##########################################################################
|
||||
@rem
|
||||
@rem Gradle startup script for Windows
|
||||
@rem
|
||||
@rem ##########################################################################
|
||||
|
||||
@rem Set local scope for the variables with windows NT shell
|
||||
if "%OS%"=="Windows_NT" setlocal
|
||||
|
||||
set DIRNAME=%~dp0
|
||||
if "%DIRNAME%" == "" set DIRNAME=.
|
||||
set APP_BASE_NAME=%~n0
|
||||
set APP_HOME=%DIRNAME%
|
||||
|
||||
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
|
||||
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
|
||||
|
||||
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
||||
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
|
||||
|
||||
@rem Find java.exe
|
||||
if defined JAVA_HOME goto findJavaFromJavaHome
|
||||
|
||||
set JAVA_EXE=java.exe
|
||||
%JAVA_EXE% -version >NUL 2>&1
|
||||
if "%ERRORLEVEL%" == "0" goto execute
|
||||
|
||||
echo.
|
||||
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
||||
echo.
|
||||
echo Please set the JAVA_HOME variable in your environment to match the
|
||||
echo location of your Java installation.
|
||||
|
||||
goto fail
|
||||
|
||||
:findJavaFromJavaHome
|
||||
set JAVA_HOME=%JAVA_HOME:"=%
|
||||
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
|
||||
|
||||
if exist "%JAVA_EXE%" goto execute
|
||||
|
||||
echo.
|
||||
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
|
||||
echo.
|
||||
echo Please set the JAVA_HOME variable in your environment to match the
|
||||
echo location of your Java installation.
|
||||
|
||||
goto fail
|
||||
|
||||
:execute
|
||||
@rem Setup the command line
|
||||
|
||||
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
|
||||
|
||||
|
||||
@rem Execute Gradle
|
||||
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
|
||||
|
||||
:end
|
||||
@rem End local scope for the variables with windows NT shell
|
||||
if "%ERRORLEVEL%"=="0" goto mainEnd
|
||||
|
||||
:fail
|
||||
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
|
||||
rem the _cmd.exe /c_ return code!
|
||||
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
|
||||
exit /b 1
|
||||
|
||||
:mainEnd
|
||||
if "%OS%"=="Windows_NT" endlocal
|
||||
|
||||
:omega
|
10
java_module/settings.gradle
Normal file
10
java_module/settings.gradle
Normal file
@ -0,0 +1,10 @@
|
||||
dependencyResolutionManagement {
|
||||
repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
|
||||
repositories {
|
||||
google()
|
||||
mavenCentral()
|
||||
jcenter() // Warning: this repository is going to shut down soon
|
||||
}
|
||||
}
|
||||
rootProject.name = "Universal SafetyNet Fix"
|
||||
include ':app'
|
@ -1,7 +0,0 @@
|
||||
id=safetynet-fix
|
||||
name=Universal SafetyNet Fix
|
||||
version=v1.2.0
|
||||
versionCode=10200
|
||||
author=kdrag0n
|
||||
description=A universal fix for SafetyNet on Android 8–12 Beta 2 devices with hardware attestation and unlocked bootloaders. Requires MagiskHide if rooted.
|
||||
support=https://github.com/kdrag0n/safetynet-fix
|
@ -1,88 +0,0 @@
|
||||
From 9dd88a70668da3d7b0581489d55d0d1a2ced2f5c Mon Sep 17 00:00:00 2001
|
||||
From: Danny Lin <danny@kdrag0n.dev>
|
||||
Date: Wed, 13 Jan 2021 02:05:05 -0800
|
||||
Subject: [PATCH] keystore: Block key attestation for Google Play Services
|
||||
|
||||
In order to enforce SafetyNet security, Google Play Services is now
|
||||
using hardware attestation for ctsProfile validation in all cases, even
|
||||
when basic attestation is selected. The SafetyNet API response from GMS
|
||||
will report that basic attestation was used, but under the hood,
|
||||
hardware attestation is always used regardless of the reported state.
|
||||
This results in SafetyNet failing to pass due to TrustZone reporting an
|
||||
unlocked bootloader (and a partially invalidated root of trust) in the
|
||||
key attestation result.
|
||||
|
||||
We can still take advantage of the fact that this usage of hardware
|
||||
attestation is opportunistic - that is, it falls back to basic
|
||||
attestation if key attestation fails to run - and prevent GMS from using
|
||||
key attestation at the framework level. This causes it to gracefully
|
||||
fall back to basic attestation and pass SafetyNet with an unlocked
|
||||
bootloader.
|
||||
|
||||
Key attestation is still available for other apps, as there are valid
|
||||
uses for it that do not involve SafetyNet.
|
||||
|
||||
The "not implemented" error code from keymaster is used to simulate the
|
||||
most realistic failure condition to evade detection, i.e. an old device
|
||||
that lacks support for key attestation.
|
||||
|
||||
Change-Id: Iba5fe0791622839e1bad4730593a319ea03661f2
|
||||
---
|
||||
keystore/key_store_service.cpp | 9 +++++++--
|
||||
keystore/keystore_attestation_id.cpp | 6 ++++++
|
||||
2 files changed, 13 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
|
||||
index b6b7295..40550a7 100644
|
||||
--- a/keystore/key_store_service.cpp
|
||||
+++ b/keystore/key_store_service.cpp
|
||||
@@ -48,6 +48,7 @@
|
||||
#include <keystore/keystore_return_types.h>
|
||||
|
||||
#include <hardware/hw_auth_token.h>
|
||||
+#include <hardware/keymaster_defs.h>
|
||||
|
||||
namespace keystore {
|
||||
|
||||
@@ -122,8 +123,12 @@ KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, Authoriza
|
||||
|
||||
auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid);
|
||||
if (!asn1_attestation_id_result.isOk()) {
|
||||
- ALOGE("failed to gather attestation_id");
|
||||
- return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
|
||||
+ if (asn1_attestation_id_result.status() == KM_ERROR_UNIMPLEMENTED) {
|
||||
+ return KeyStoreServiceReturnCode(KM_ERROR_UNIMPLEMENTED);
|
||||
+ } else {
|
||||
+ ALOGE("failed to gather attestation_id");
|
||||
+ return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
|
||||
+ }
|
||||
}
|
||||
std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result;
|
||||
|
||||
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
|
||||
index b48639f..1f1f79b 100644
|
||||
--- a/keystore/keystore_attestation_id.cpp
|
||||
+++ b/keystore/keystore_attestation_id.cpp
|
||||
@@ -34,6 +34,8 @@
|
||||
#include <keystore/KeyAttestationPackageInfo.h>
|
||||
#include <keystore/Signature.h>
|
||||
|
||||
+#include <hardware/keymaster_defs.h>
|
||||
+
|
||||
#include <private/android_filesystem_config.h> /* for AID_SYSTEM */
|
||||
|
||||
#include <openssl/asn1t.h>
|
||||
@@ -209,6 +211,10 @@ build_attestation_application_id(const KeyAttestationApplicationId& key_attestat
|
||||
return BAD_VALUE;
|
||||
}
|
||||
std::string package_name(String8(*pinfo->package_name()).string());
|
||||
+ // Prevent Google Play Services from using key attestation for SafetyNet
|
||||
+ if (package_name == "com.google.android.gms") {
|
||||
+ return KM_ERROR_UNIMPLEMENTED;
|
||||
+ }
|
||||
std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO> attestation_package_info;
|
||||
auto rc = build_attestation_package_info(*pinfo, &attestation_package_info);
|
||||
if (rc != NO_ERROR) {
|
||||
--
|
||||
2.29.2
|
||||
|
@ -1,52 +0,0 @@
|
||||
From 7f7a9b19c8293c09dfee12bec75ff17225c6710e Mon Sep 17 00:00:00 2001
|
||||
From: Danny Lin <danny@kdrag0n.dev>
|
||||
Date: Tue, 12 Jan 2021 22:25:13 -0800
|
||||
Subject: [PATCH] KeyStore: Block key attestation for Google Play Services
|
||||
|
||||
In order to enforce SafetyNet security, Google Play Services is now
|
||||
using hardware attestation for ctsProfile validation in all cases, even
|
||||
when basic attestation is selected. The SafetyNet API response from GMS
|
||||
will report that basic attestation was used, but under the hood,
|
||||
hardware attestation is always used regardless of the reported state.
|
||||
This results in SafetyNet failing to pass due to TrustZone reporting an
|
||||
unlocked bootloader (and a partially invalidated root of trust) in the
|
||||
key attestation result.
|
||||
|
||||
We can still take advantage of the fact that this usage of hardware
|
||||
attestation is opportunistic - that is, it falls back to basic
|
||||
attestation if key attestation fails to run - and prevent GMS from using
|
||||
key attestation at the framework level. This causes it to gracefully
|
||||
fall back to basic attestation and pass SafetyNet with an unlocked
|
||||
bootloader.
|
||||
|
||||
Key attestation is still available for other apps, as there are valid
|
||||
uses for it that do not involve SafetyNet.
|
||||
|
||||
The "not implemented" error code from keymaster is used to simulate the
|
||||
most realistic failure condition to evade detection, i.e. an old device
|
||||
that lacks support for key attestation.
|
||||
|
||||
Change-Id: I7282ab22b933434bb11037743d46b8a20dad063a
|
||||
---
|
||||
keystore/java/android/security/KeyStore.java | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
|
||||
index 88b614dc7eef..0f766ef738bf 100644
|
||||
--- a/keystore/java/android/security/KeyStore.java
|
||||
+++ b/keystore/java/android/security/KeyStore.java
|
||||
@@ -1124,6 +1124,11 @@ public class KeyStore {
|
||||
|
||||
public int attestKey(
|
||||
String alias, KeymasterArguments params, KeymasterCertificateChain outChain) {
|
||||
+ // Prevent Google Play Services from using key attestation for SafetyNet
|
||||
+ if (mContext.getPackageName().equals("com.google.android.gms")) {
|
||||
+ return KeymasterDefs.KM_ERROR_UNIMPLEMENTED;
|
||||
+ }
|
||||
+
|
||||
CertificateChainPromise promise = new CertificateChainPromise();
|
||||
try {
|
||||
mBinder.asBinder().linkToDeath(promise, 0);
|
||||
--
|
||||
2.29.2
|
||||
|
@ -1,90 +0,0 @@
|
||||
From 15633a3d29bf727b83083f2c49d906c16527d389 Mon Sep 17 00:00:00 2001
|
||||
From: Danny Lin <danny@kdrag0n.dev>
|
||||
Date: Wed, 13 Jan 2021 02:05:05 -0800
|
||||
Subject: [PATCH] keystore: Block key attestation for Google Play Services
|
||||
|
||||
In order to enforce SafetyNet security, Google Play Services is now
|
||||
using hardware attestation for ctsProfile validation in all cases, even
|
||||
when basic attestation is selected. The SafetyNet API response from GMS
|
||||
will report that basic attestation was used, but under the hood,
|
||||
hardware attestation is always used regardless of the reported state.
|
||||
This results in SafetyNet failing to pass due to TrustZone reporting an
|
||||
unlocked bootloader (and a partially invalidated root of trust) in the
|
||||
key attestation result.
|
||||
|
||||
We can still take advantage of the fact that this usage of hardware
|
||||
attestation is opportunistic - that is, it falls back to basic
|
||||
attestation if key attestation fails to run - and prevent GMS from using
|
||||
key attestation at the framework level. This causes it to gracefully
|
||||
fall back to basic attestation and pass SafetyNet with an unlocked
|
||||
bootloader.
|
||||
|
||||
Key attestation is still available for other apps, as there are valid
|
||||
uses for it that do not involve SafetyNet.
|
||||
|
||||
The "not implemented" error code from keymaster is used to simulate the
|
||||
most realistic failure condition to evade detection, i.e. an old device
|
||||
that lacks support for key attestation.
|
||||
|
||||
Change-Id: Iba5fe0791622839e1bad4730593a319ea03661f2
|
||||
---
|
||||
keystore/key_store_service.cpp | 11 ++++++++---
|
||||
keystore/keystore_attestation_id.cpp | 6 ++++++
|
||||
2 files changed, 14 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
|
||||
index 1b38643..b1f1304 100644
|
||||
--- a/keystore/key_store_service.cpp
|
||||
+++ b/keystore/key_store_service.cpp
|
||||
@@ -49,6 +49,7 @@
|
||||
#include <keystore/keystore_return_types.h>
|
||||
|
||||
#include <hardware/hw_auth_token.h>
|
||||
+#include <hardware/keymaster_defs.h>
|
||||
|
||||
namespace keystore {
|
||||
|
||||
@@ -120,9 +121,13 @@ KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, Authoriza
|
||||
|
||||
auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid);
|
||||
if (!asn1_attestation_id_result.isOk()) {
|
||||
- ALOGE("failed to gather attestation_id");
|
||||
- // Couldn't get attestation ID; just use an empty one rather than failing.
|
||||
- asn1_attestation_id_result = std::vector<uint8_t>();
|
||||
+ if (asn1_attestation_id_result.status() == KM_ERROR_UNIMPLEMENTED) {
|
||||
+ return KeyStoreServiceReturnCode(KM_ERROR_UNIMPLEMENTED);
|
||||
+ } else {
|
||||
+ ALOGE("failed to gather attestation_id");
|
||||
+ // Couldn't get attestation ID; just use an empty one rather than failing.
|
||||
+ asn1_attestation_id_result = std::vector<uint8_t>();
|
||||
+ }
|
||||
}
|
||||
std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result;
|
||||
|
||||
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
|
||||
index 3d9e87e..448a909 100644
|
||||
--- a/keystore/keystore_attestation_id.cpp
|
||||
+++ b/keystore/keystore_attestation_id.cpp
|
||||
@@ -35,6 +35,8 @@
|
||||
#include <keystore/KeyAttestationPackageInfo.h>
|
||||
#include <keystore/Signature.h>
|
||||
|
||||
+#include <hardware/keymaster_defs.h>
|
||||
+
|
||||
#include <private/android_filesystem_config.h> /* for AID_SYSTEM */
|
||||
|
||||
#include <openssl/asn1t.h>
|
||||
@@ -210,6 +212,10 @@ build_attestation_application_id(const KeyAttestationApplicationId& key_attestat
|
||||
return BAD_VALUE;
|
||||
}
|
||||
std::string package_name(String8(*pinfo->package_name()).string());
|
||||
+ // Prevent Google Play Services from using key attestation for SafetyNet
|
||||
+ if (package_name == "com.google.android.gms") {
|
||||
+ return KM_ERROR_UNIMPLEMENTED;
|
||||
+ }
|
||||
std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO> attestation_package_info;
|
||||
auto rc = build_attestation_package_info(*pinfo, &attestation_package_info);
|
||||
if (rc != NO_ERROR) {
|
||||
--
|
||||
2.29.2
|
||||
|
@ -1,89 +0,0 @@
|
||||
From f106ca40883616561fe866daadc11011bbecb806 Mon Sep 17 00:00:00 2001
|
||||
From: Danny Lin <danny@kdrag0n.dev>
|
||||
Date: Wed, 13 Jan 2021 02:05:05 -0800
|
||||
Subject: [PATCH] keystore: Block key attestation for Google Play Services
|
||||
|
||||
In order to enforce SafetyNet security, Google Play Services is now
|
||||
using hardware attestation for ctsProfile validation in all cases, even
|
||||
when basic attestation is selected. The SafetyNet API response from GMS
|
||||
will report that basic attestation was used, but under the hood,
|
||||
hardware attestation is always used regardless of the reported state.
|
||||
This results in SafetyNet failing to pass due to TrustZone reporting an
|
||||
unlocked bootloader (and a partially invalidated root of trust) in the
|
||||
key attestation result.
|
||||
|
||||
We can still take advantage of the fact that this usage of hardware
|
||||
attestation is opportunistic - that is, it falls back to basic
|
||||
attestation if key attestation fails to run - and prevent GMS from using
|
||||
key attestation at the framework level. This causes it to gracefully
|
||||
fall back to basic attestation and pass SafetyNet with an unlocked
|
||||
bootloader.
|
||||
|
||||
Key attestation is still available for other apps, as there are valid
|
||||
uses for it that do not involve SafetyNet.
|
||||
|
||||
The "not implemented" error code from keymaster is used to simulate the
|
||||
most realistic failure condition to evade detection, i.e. an old device
|
||||
that lacks support for key attestation.
|
||||
|
||||
Change-Id: Iba5fe0791622839e1bad4730593a319ea03661f2
|
||||
---
|
||||
keystore/key_store_service.cpp | 10 ++++++++--
|
||||
keystore/keystore_attestation_id.cpp | 6 ++++++
|
||||
2 files changed, 14 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
|
||||
index 39341ef..2554432 100644
|
||||
--- a/keystore/key_store_service.cpp
|
||||
+++ b/keystore/key_store_service.cpp
|
||||
@@ -39,6 +39,8 @@
|
||||
#include "keystore_utils.h"
|
||||
#include <keystore/keystore_hidl_support.h>
|
||||
|
||||
+#include <hardware/keymaster_defs.h>
|
||||
+
|
||||
namespace keystore {
|
||||
|
||||
using namespace android;
|
||||
@@ -103,8 +105,12 @@ KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, Authoriza
|
||||
|
||||
auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid);
|
||||
if (!asn1_attestation_id_result.isOk()) {
|
||||
- ALOGE("failed to gather attestation_id");
|
||||
- return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
|
||||
+ if (asn1_attestation_id_result.status() == KM_ERROR_UNIMPLEMENTED) {
|
||||
+ return KeyStoreServiceReturnCode(ErrorCode(KM_ERROR_UNIMPLEMENTED));
|
||||
+ } else {
|
||||
+ ALOGE("failed to gather attestation_id");
|
||||
+ return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
|
||||
+ }
|
||||
}
|
||||
std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result;
|
||||
|
||||
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
|
||||
index 830482b..362bbc5 100644
|
||||
--- a/keystore/keystore_attestation_id.cpp
|
||||
+++ b/keystore/keystore_attestation_id.cpp
|
||||
@@ -34,6 +34,8 @@
|
||||
#include <keystore/KeyAttestationPackageInfo.h>
|
||||
#include <keystore/Signature.h>
|
||||
|
||||
+#include <hardware/keymaster_defs.h>
|
||||
+
|
||||
#include <openssl/asn1t.h>
|
||||
#include <openssl/sha.h>
|
||||
|
||||
@@ -165,6 +167,10 @@ build_attestation_application_id(const KeyAttestationApplicationId& key_attestat
|
||||
return BAD_VALUE;
|
||||
}
|
||||
std::string package_name(String8(*pinfo->package_name()).string());
|
||||
+ // Prevent Google Play Services from using key attestation for SafetyNet
|
||||
+ if (package_name == "com.google.android.gms") {
|
||||
+ return KM_ERROR_UNIMPLEMENTED;
|
||||
+ }
|
||||
std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO> attestation_package_info;
|
||||
auto rc = build_attestation_package_info(*pinfo, &attestation_package_info);
|
||||
if (rc != NO_ERROR) {
|
||||
--
|
||||
2.29.2
|
||||
|
@ -1,88 +0,0 @@
|
||||
From 1e60fb921aa6cd03398acee1ce6ca758c0b39fd0 Mon Sep 17 00:00:00 2001
|
||||
From: Danny Lin <danny@kdrag0n.dev>
|
||||
Date: Wed, 13 Jan 2021 02:05:05 -0800
|
||||
Subject: [PATCH] keystore: Block key attestation for Google Play Services
|
||||
|
||||
In order to enforce SafetyNet security, Google Play Services is now
|
||||
using hardware attestation for ctsProfile validation in all cases, even
|
||||
when basic attestation is selected. The SafetyNet API response from GMS
|
||||
will report that basic attestation was used, but under the hood,
|
||||
hardware attestation is always used regardless of the reported state.
|
||||
This results in SafetyNet failing to pass due to TrustZone reporting an
|
||||
unlocked bootloader (and a partially invalidated root of trust) in the
|
||||
key attestation result.
|
||||
|
||||
We can still take advantage of the fact that this usage of hardware
|
||||
attestation is opportunistic - that is, it falls back to basic
|
||||
attestation if key attestation fails to run - and prevent GMS from using
|
||||
key attestation at the framework level. This causes it to gracefully
|
||||
fall back to basic attestation and pass SafetyNet with an unlocked
|
||||
bootloader.
|
||||
|
||||
Key attestation is still available for other apps, as there are valid
|
||||
uses for it that do not involve SafetyNet.
|
||||
|
||||
The "not implemented" error code from keymaster is used to simulate the
|
||||
most realistic failure condition to evade detection, i.e. an old device
|
||||
that lacks support for key attestation.
|
||||
|
||||
Change-Id: Iba5fe0791622839e1bad4730593a319ea03661f2
|
||||
---
|
||||
keystore/key_store_service.cpp | 9 +++++++--
|
||||
keystore/keystore_attestation_id.cpp | 6 ++++++
|
||||
2 files changed, 13 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
|
||||
index 6b26b57..352d708 100644
|
||||
--- a/keystore/key_store_service.cpp
|
||||
+++ b/keystore/key_store_service.cpp
|
||||
@@ -45,6 +45,7 @@
|
||||
#include <keystore/keystore_hidl_support.h>
|
||||
|
||||
#include <hardware/hw_auth_token.h>
|
||||
+#include <hardware/keymaster_defs.h>
|
||||
|
||||
namespace keystore {
|
||||
|
||||
@@ -121,8 +122,12 @@ KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, Authoriza
|
||||
|
||||
auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid);
|
||||
if (!asn1_attestation_id_result.isOk()) {
|
||||
- ALOGE("failed to gather attestation_id");
|
||||
- return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
|
||||
+ if (asn1_attestation_id_result.status() == KM_ERROR_UNIMPLEMENTED) {
|
||||
+ return KeyStoreServiceReturnCode(KM_ERROR_UNIMPLEMENTED);
|
||||
+ } else {
|
||||
+ ALOGE("failed to gather attestation_id");
|
||||
+ return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
|
||||
+ }
|
||||
}
|
||||
std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result;
|
||||
|
||||
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
|
||||
index 3d34ac5..16f3bf6 100644
|
||||
--- a/keystore/keystore_attestation_id.cpp
|
||||
+++ b/keystore/keystore_attestation_id.cpp
|
||||
@@ -34,6 +34,8 @@
|
||||
#include <keystore/KeyAttestationPackageInfo.h>
|
||||
#include <keystore/Signature.h>
|
||||
|
||||
+#include <hardware/keymaster_defs.h>
|
||||
+
|
||||
#include <private/android_filesystem_config.h> /* for AID_SYSTEM */
|
||||
|
||||
#include <openssl/asn1t.h>
|
||||
@@ -181,6 +183,10 @@ build_attestation_application_id(const KeyAttestationApplicationId& key_attestat
|
||||
return BAD_VALUE;
|
||||
}
|
||||
std::string package_name(String8(*pinfo->package_name()).string());
|
||||
+ // Prevent Google Play Services from using key attestation for SafetyNet
|
||||
+ if (package_name == "com.google.android.gms") {
|
||||
+ return KM_ERROR_UNIMPLEMENTED;
|
||||
+ }
|
||||
std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO> attestation_package_info;
|
||||
auto rc = build_attestation_package_info(*pinfo, &attestation_package_info);
|
||||
if (rc != NO_ERROR) {
|
||||
--
|
||||
2.29.2
|
||||
|
@ -1,18 +0,0 @@
|
||||
#!/system/bin/sh
|
||||
|
||||
MODPATH="/data/adb/modules/safetynet-fix"
|
||||
|
||||
# Get runtime version
|
||||
sdk="$(getprop ro.build.version.sdk)"
|
||||
version="$(getprop ro.vendor.build.version.release)"
|
||||
|
||||
# Prepare to update version
|
||||
rm -fr "$MODPATH/system"
|
||||
|
||||
# Make sure version is supported
|
||||
if [[ ! -d "$MODPATH/system_sdk$sdk" ]]; then
|
||||
exit
|
||||
fi
|
||||
|
||||
# Symlink results in the wrong SELinux context
|
||||
cp -r "$MODPATH/system_sdk$sdk" "$MODPATH/system"
|
4
riru/.gitattributes
vendored
Normal file
4
riru/.gitattributes
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
* text=auto eol=lf
|
||||
|
||||
*.bat text eol=crlf
|
||||
*.jar binary
|
14
riru/.gitignore
vendored
Normal file
14
riru/.gitignore
vendored
Normal file
@ -0,0 +1,14 @@
|
||||
*.iml
|
||||
.gradle
|
||||
/local.properties
|
||||
.idea
|
||||
/.idea/caches/build_file_checksums.ser
|
||||
/.idea/libraries
|
||||
/.idea/modules.xml
|
||||
/.idea/workspace.xml
|
||||
.DS_Store
|
||||
/build
|
||||
/captures
|
||||
/out
|
||||
.externalNativeBuild
|
||||
.cxx
|
35
riru/build.gradle
Normal file
35
riru/build.gradle
Normal file
@ -0,0 +1,35 @@
|
||||
apply plugin: 'idea'
|
||||
|
||||
idea.module {
|
||||
excludeDirs += file('out')
|
||||
resourceDirs += file('template')
|
||||
resourceDirs += file('scripts')
|
||||
}
|
||||
|
||||
buildscript {
|
||||
repositories {
|
||||
mavenCentral()
|
||||
google()
|
||||
}
|
||||
dependencies {
|
||||
classpath 'com.android.tools.build:gradle:4.2.2'
|
||||
}
|
||||
}
|
||||
|
||||
allprojects {
|
||||
repositories {
|
||||
mavenCentral()
|
||||
google()
|
||||
}
|
||||
}
|
||||
|
||||
ext {
|
||||
minSdkVersion = 23
|
||||
targetSdkVersion = 30
|
||||
|
||||
outDir = file("$rootDir/out")
|
||||
}
|
||||
|
||||
task clean(type: Delete) {
|
||||
delete rootProject.buildDir, outDir
|
||||
}
|
22
riru/gradle.properties
Normal file
22
riru/gradle.properties
Normal file
@ -0,0 +1,22 @@
|
||||
# Project-wide Gradle settings.
|
||||
# IDE (e.g. Android Studio) users:
|
||||
# Gradle settings configured through the IDE *will override*
|
||||
# any settings specified in this file.
|
||||
# For more details on how to configure your build environment visit
|
||||
# http://www.gradle.org/docs/current/userguide/build_environment.html
|
||||
# Specifies the JVM arguments used for the daemon process.
|
||||
# The setting is particularly useful for tweaking memory settings.
|
||||
org.gradle.jvmargs=-Xmx1536m
|
||||
# When configured, Gradle will run in incubating parallel mode.
|
||||
# This option should only be used with decoupled projects. More details, visit
|
||||
# http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
|
||||
# org.gradle.parallel=true
|
||||
# AndroidX package structure to make it clearer which packages are bundled with the
|
||||
# Android operating system, and which are packaged with your app's APK
|
||||
# https://developer.android.com/topic/libraries/support-library/androidx-rn
|
||||
android.useAndroidX=true
|
||||
# Automatically convert third-party libraries to use AndroidX
|
||||
android.enableJetifier=true
|
||||
# https://github.com/google/prefab/issues/122
|
||||
# Remove this until AGP update prefab version
|
||||
android.prefabVersion=1.1.3
|
BIN
riru/gradle/wrapper/gradle-wrapper.jar
vendored
Normal file
BIN
riru/gradle/wrapper/gradle-wrapper.jar
vendored
Normal file
Binary file not shown.
6
riru/gradle/wrapper/gradle-wrapper.properties
vendored
Normal file
6
riru/gradle/wrapper/gradle-wrapper.properties
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
#Mon Jul 12 21:05:17 CST 2021
|
||||
distributionBase=GRADLE_USER_HOME
|
||||
distributionUrl=https\://services.gradle.org/distributions/gradle-7.1.1-all.zip
|
||||
distributionPath=wrapper/dists
|
||||
zipStorePath=wrapper/dists
|
||||
zipStoreBase=GRADLE_USER_HOME
|
172
riru/gradlew
vendored
Executable file
172
riru/gradlew
vendored
Executable file
@ -0,0 +1,172 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
##############################################################################
|
||||
##
|
||||
## Gradle start up script for UN*X
|
||||
##
|
||||
##############################################################################
|
||||
|
||||
# Attempt to set APP_HOME
|
||||
# Resolve links: $0 may be a link
|
||||
PRG="$0"
|
||||
# Need this for relative symlinks.
|
||||
while [ -h "$PRG" ] ; do
|
||||
ls=`ls -ld "$PRG"`
|
||||
link=`expr "$ls" : '.*-> \(.*\)$'`
|
||||
if expr "$link" : '/.*' > /dev/null; then
|
||||
PRG="$link"
|
||||
else
|
||||
PRG=`dirname "$PRG"`"/$link"
|
||||
fi
|
||||
done
|
||||
SAVED="`pwd`"
|
||||
cd "`dirname \"$PRG\"`/" >/dev/null
|
||||
APP_HOME="`pwd -P`"
|
||||
cd "$SAVED" >/dev/null
|
||||
|
||||
APP_NAME="Gradle"
|
||||
APP_BASE_NAME=`basename "$0"`
|
||||
|
||||
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
||||
DEFAULT_JVM_OPTS=""
|
||||
|
||||
# Use the maximum available, or set MAX_FD != -1 to use that value.
|
||||
MAX_FD="maximum"
|
||||
|
||||
warn () {
|
||||
echo "$*"
|
||||
}
|
||||
|
||||
die () {
|
||||
echo
|
||||
echo "$*"
|
||||
echo
|
||||
exit 1
|
||||
}
|
||||
|
||||
# OS specific support (must be 'true' or 'false').
|
||||
cygwin=false
|
||||
msys=false
|
||||
darwin=false
|
||||
nonstop=false
|
||||
case "`uname`" in
|
||||
CYGWIN* )
|
||||
cygwin=true
|
||||
;;
|
||||
Darwin* )
|
||||
darwin=true
|
||||
;;
|
||||
MINGW* )
|
||||
msys=true
|
||||
;;
|
||||
NONSTOP* )
|
||||
nonstop=true
|
||||
;;
|
||||
esac
|
||||
|
||||
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
|
||||
|
||||
# Determine the Java command to use to start the JVM.
|
||||
if [ -n "$JAVA_HOME" ] ; then
|
||||
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
|
||||
# IBM's JDK on AIX uses strange locations for the executables
|
||||
JAVACMD="$JAVA_HOME/jre/sh/java"
|
||||
else
|
||||
JAVACMD="$JAVA_HOME/bin/java"
|
||||
fi
|
||||
if [ ! -x "$JAVACMD" ] ; then
|
||||
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
|
||||
|
||||
Please set the JAVA_HOME variable in your environment to match the
|
||||
location of your Java installation."
|
||||
fi
|
||||
else
|
||||
JAVACMD="java"
|
||||
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
||||
|
||||
Please set the JAVA_HOME variable in your environment to match the
|
||||
location of your Java installation."
|
||||
fi
|
||||
|
||||
# Increase the maximum file descriptors if we can.
|
||||
if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
|
||||
MAX_FD_LIMIT=`ulimit -H -n`
|
||||
if [ $? -eq 0 ] ; then
|
||||
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
|
||||
MAX_FD="$MAX_FD_LIMIT"
|
||||
fi
|
||||
ulimit -n $MAX_FD
|
||||
if [ $? -ne 0 ] ; then
|
||||
warn "Could not set maximum file descriptor limit: $MAX_FD"
|
||||
fi
|
||||
else
|
||||
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
|
||||
fi
|
||||
fi
|
||||
|
||||
# For Darwin, add options to specify how the application appears in the dock
|
||||
if $darwin; then
|
||||
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
|
||||
fi
|
||||
|
||||
# For Cygwin, switch paths to Windows format before running java
|
||||
if $cygwin ; then
|
||||
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
|
||||
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
|
||||
JAVACMD=`cygpath --unix "$JAVACMD"`
|
||||
|
||||
# We build the pattern for arguments to be converted via cygpath
|
||||
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
|
||||
SEP=""
|
||||
for dir in $ROOTDIRSRAW ; do
|
||||
ROOTDIRS="$ROOTDIRS$SEP$dir"
|
||||
SEP="|"
|
||||
done
|
||||
OURCYGPATTERN="(^($ROOTDIRS))"
|
||||
# Add a user-defined pattern to the cygpath arguments
|
||||
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
|
||||
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
|
||||
fi
|
||||
# Now convert the arguments - kludge to limit ourselves to /bin/sh
|
||||
i=0
|
||||
for arg in "$@" ; do
|
||||
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
|
||||
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
|
||||
|
||||
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
|
||||
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
|
||||
else
|
||||
eval `echo args$i`="\"$arg\""
|
||||
fi
|
||||
i=$((i+1))
|
||||
done
|
||||
case $i in
|
||||
(0) set -- ;;
|
||||
(1) set -- "$args0" ;;
|
||||
(2) set -- "$args0" "$args1" ;;
|
||||
(3) set -- "$args0" "$args1" "$args2" ;;
|
||||
(4) set -- "$args0" "$args1" "$args2" "$args3" ;;
|
||||
(5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
|
||||
(6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
|
||||
(7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
|
||||
(8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
|
||||
(9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
# Escape application args
|
||||
save () {
|
||||
for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
|
||||
echo " "
|
||||
}
|
||||
APP_ARGS=$(save "$@")
|
||||
|
||||
# Collect all arguments for the java command, following the shell quoting and substitution rules
|
||||
eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
|
||||
|
||||
# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
|
||||
if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
|
||||
cd "$(dirname "$0")"
|
||||
fi
|
||||
|
||||
exec "$JAVACMD" "$@"
|
84
riru/gradlew.bat
vendored
Normal file
84
riru/gradlew.bat
vendored
Normal file
@ -0,0 +1,84 @@
|
||||
@if "%DEBUG%" == "" @echo off
|
||||
@rem ##########################################################################
|
||||
@rem
|
||||
@rem Gradle startup script for Windows
|
||||
@rem
|
||||
@rem ##########################################################################
|
||||
|
||||
@rem Set local scope for the variables with windows NT shell
|
||||
if "%OS%"=="Windows_NT" setlocal
|
||||
|
||||
set DIRNAME=%~dp0
|
||||
if "%DIRNAME%" == "" set DIRNAME=.
|
||||
set APP_BASE_NAME=%~n0
|
||||
set APP_HOME=%DIRNAME%
|
||||
|
||||
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
||||
set DEFAULT_JVM_OPTS=
|
||||
|
||||
@rem Find java.exe
|
||||
if defined JAVA_HOME goto findJavaFromJavaHome
|
||||
|
||||
set JAVA_EXE=java.exe
|
||||
%JAVA_EXE% -version >NUL 2>&1
|
||||
if "%ERRORLEVEL%" == "0" goto init
|
||||
|
||||
echo.
|
||||
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
||||
echo.
|
||||
echo Please set the JAVA_HOME variable in your environment to match the
|
||||
echo location of your Java installation.
|
||||
|
||||
goto fail
|
||||
|
||||
:findJavaFromJavaHome
|
||||
set JAVA_HOME=%JAVA_HOME:"=%
|
||||
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
|
||||
|
||||
if exist "%JAVA_EXE%" goto init
|
||||
|
||||
echo.
|
||||
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
|
||||
echo.
|
||||
echo Please set the JAVA_HOME variable in your environment to match the
|
||||
echo location of your Java installation.
|
||||
|
||||
goto fail
|
||||
|
||||
:init
|
||||
@rem Get command-line arguments, handling Windows variants
|
||||
|
||||
if not "%OS%" == "Windows_NT" goto win9xME_args
|
||||
|
||||
:win9xME_args
|
||||
@rem Slurp the command line arguments.
|
||||
set CMD_LINE_ARGS=
|
||||
set _SKIP=2
|
||||
|
||||
:win9xME_args_slurp
|
||||
if "x%~1" == "x" goto execute
|
||||
|
||||
set CMD_LINE_ARGS=%*
|
||||
|
||||
:execute
|
||||
@rem Setup the command line
|
||||
|
||||
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
|
||||
|
||||
@rem Execute Gradle
|
||||
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
|
||||
|
||||
:end
|
||||
@rem End local scope for the variables with windows NT shell
|
||||
if "%ERRORLEVEL%"=="0" goto mainEnd
|
||||
|
||||
:fail
|
||||
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
|
||||
rem the _cmd.exe /c_ return code!
|
||||
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
|
||||
exit /b 1
|
||||
|
||||
:mainEnd
|
||||
if "%OS%"=="Windows_NT" endlocal
|
||||
|
||||
:omega
|
30
riru/module.gradle
Normal file
30
riru/module.gradle
Normal file
@ -0,0 +1,30 @@
|
||||
ext {
|
||||
/*
|
||||
This name will be used in the name of the so file ("lib${moduleLibraryName}.so").
|
||||
*/
|
||||
moduleLibraryName = "safetynetfix"
|
||||
|
||||
/* Minimal supported Riru API version, used in the version check of riru.sh */
|
||||
moduleMinRiruApiVersion = 24
|
||||
|
||||
/* The version name of minimal supported Riru, used in the version check of riru.sh */
|
||||
moduleMinRiruVersionName = "v24.0.0"
|
||||
|
||||
/* Maximum supported Riru API version, used in the version check of riru.sh */
|
||||
moduleRiruApiVersion = 26
|
||||
|
||||
/*
|
||||
Magisk module ID
|
||||
Since Magisk use it to distinguish different modules, you should never change it.
|
||||
|
||||
Note, the older version of the template uses '-' instead of '_', if your are upgrading from
|
||||
the older version, please pay attention.
|
||||
*/
|
||||
magiskModuleId = "safetynet-fix"
|
||||
|
||||
moduleName = "Universal SafetyNet Fix"
|
||||
moduleAuthor = "kdrag0n"
|
||||
moduleDescription = "A universal fix for SafetyNet on Android 7–12 devices with hardware attestation and unlocked bootloaders. Requires MagiskHide and Riru $moduleMinRiruVersionName or newer."
|
||||
moduleVersion = "v2.0.0"
|
||||
moduleVersionCode = 20000
|
||||
}
|
3
riru/module/.gitignore
vendored
Normal file
3
riru/module/.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
/.externalNativeBuild
|
||||
/build
|
||||
/release
|
136
riru/module/build.gradle
Normal file
136
riru/module/build.gradle
Normal file
@ -0,0 +1,136 @@
|
||||
import org.apache.tools.ant.filters.FixCrLfFilter
|
||||
import org.apache.tools.ant.filters.ReplaceTokens
|
||||
|
||||
import java.security.MessageDigest
|
||||
|
||||
apply plugin: 'com.android.library'
|
||||
apply from: file(rootProject.file('module.gradle'))
|
||||
|
||||
android {
|
||||
compileSdkVersion rootProject.ext.targetSdkVersion
|
||||
defaultConfig {
|
||||
minSdkVersion rootProject.ext.minSdkVersion
|
||||
targetSdkVersion rootProject.ext.targetSdkVersion
|
||||
externalNativeBuild {
|
||||
cmake {
|
||||
arguments "-DMODULE_NAME:STRING=$moduleLibraryName",
|
||||
"-DRIRU_MODULE_API_VERSION=$moduleRiruApiVersion",
|
||||
"-DRIRU_MODULE_VERSION=$moduleVersionCode",
|
||||
"-DRIRU_MODULE_VERSION_NAME:STRING=$moduleVersion",
|
||||
"-DRIRU_MODULE_MIN_API_VERSION=$moduleMinRiruApiVersion"
|
||||
}
|
||||
}
|
||||
}
|
||||
buildFeatures {
|
||||
prefab true
|
||||
}
|
||||
externalNativeBuild {
|
||||
cmake {
|
||||
path "src/main/cpp/CMakeLists.txt"
|
||||
version "3.10.2"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
repositories {
|
||||
mavenLocal()
|
||||
}
|
||||
|
||||
dependencies {
|
||||
// This is prefab aar which contains "riru.h"
|
||||
// If you want to use older versions of AGP,
|
||||
// you can copy this file from https://github.com/RikkaApps/Riru/blob/master/riru/src/main/cpp/include_riru/riru.h
|
||||
|
||||
// The default version of prefab in AGP has problem to process header only package,
|
||||
// you may have to add "android.prefabVersion" in your gradle.properties.
|
||||
// See https://github.com/google/prefab/issues/122
|
||||
|
||||
implementation 'dev.rikka.ndk:riru:26.0.0'
|
||||
}
|
||||
|
||||
|
||||
afterEvaluate {
|
||||
android.libraryVariants.forEach { variant ->
|
||||
def variantCapped = variant.name.capitalize()
|
||||
def variantLowered = variant.name.toLowerCase()
|
||||
|
||||
def zipName = "${magiskModuleId.replace('_', '-')}-${moduleVersion}-${variantLowered}.zip"
|
||||
def magiskDir = file("$outDir/magisk_module_$variantLowered")
|
||||
|
||||
task("prepareMagiskFiles${variantCapped}", type: Sync) {
|
||||
dependsOn("assemble$variantCapped")
|
||||
|
||||
def templatePath = "$rootDir/template/magisk_module"
|
||||
|
||||
into magiskDir
|
||||
from(templatePath) {
|
||||
exclude 'riru.sh', 'module.prop'
|
||||
}
|
||||
from(templatePath) {
|
||||
include 'riru.sh'
|
||||
filter(ReplaceTokens.class, tokens: [
|
||||
"RIRU_MODULE_LIB_NAME" : moduleLibraryName,
|
||||
"RIRU_MODULE_API_VERSION" : moduleRiruApiVersion.toString(),
|
||||
"RIRU_MODULE_MIN_API_VERSION" : moduleMinRiruApiVersion.toString(),
|
||||
"RIRU_MODULE_MIN_RIRU_VERSION_NAME": moduleMinRiruVersionName,
|
||||
])
|
||||
filter(FixCrLfFilter.class,
|
||||
eol: FixCrLfFilter.CrLf.newInstance("lf"))
|
||||
}
|
||||
from(templatePath) {
|
||||
include 'module.prop'
|
||||
expand([
|
||||
id : magiskModuleId,
|
||||
name : moduleName,
|
||||
version : moduleVersion,
|
||||
versionCode: moduleVersionCode.toString(),
|
||||
author : moduleAuthor,
|
||||
description: moduleDescription,
|
||||
])
|
||||
filter(FixCrLfFilter.class,
|
||||
eol: FixCrLfFilter.CrLf.newInstance("lf"))
|
||||
}
|
||||
from("$buildDir/intermediates/stripped_native_libs/$variantLowered/out/lib") {
|
||||
into 'lib'
|
||||
}
|
||||
doLast {
|
||||
fileTree("$magiskDir").visit { f ->
|
||||
if (f.directory) return
|
||||
if (f.file.name == '.gitattributes') return
|
||||
|
||||
def md = MessageDigest.getInstance("SHA-256")
|
||||
f.file.eachByte 4096, { bytes, size ->
|
||||
md.update(bytes, 0, size)
|
||||
}
|
||||
file(f.file.path + ".sha256sum").text = md.digest().encodeHex()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
task("zip${variantCapped}", type: Zip) {
|
||||
dependsOn("prepareMagiskFiles${variantCapped}")
|
||||
from magiskDir
|
||||
archiveName zipName
|
||||
destinationDir outDir
|
||||
}
|
||||
|
||||
task("push${variantCapped}", type: Exec) {
|
||||
dependsOn("zip${variantCapped}")
|
||||
workingDir outDir
|
||||
commandLine android.adbExecutable, "push", zipName, "/data/local/tmp/"
|
||||
}
|
||||
|
||||
task("flash${variantCapped}", type: Exec) {
|
||||
dependsOn("push${variantCapped}")
|
||||
commandLine android.adbExecutable, "shell", "su", "-c",
|
||||
"magisk --install-module /data/local/tmp/${zipName}"
|
||||
}
|
||||
|
||||
task("flashAndReboot${variantCapped}", type: Exec) {
|
||||
dependsOn("flash${variantCapped}")
|
||||
commandLine android.adbExecutable, "shell", "reboot"
|
||||
}
|
||||
|
||||
variant.assembleProvider.get().finalizedBy("zip${variantCapped}")
|
||||
}
|
||||
}
|
1
riru/module/src/main/AndroidManifest.xml
Normal file
1
riru/module/src/main/AndroidManifest.xml
Normal file
@ -0,0 +1 @@
|
||||
<manifest package="riru.template" />
|
44
riru/module/src/main/cpp/CMakeLists.txt
Normal file
44
riru/module/src/main/cpp/CMakeLists.txt
Normal file
@ -0,0 +1,44 @@
|
||||
cmake_minimum_required(VERSION 3.4.1)
|
||||
|
||||
if (NOT DEFINED MODULE_NAME)
|
||||
message(FATAL_ERROR "MODULE_NAME is not set")
|
||||
else ()
|
||||
project(${MODULE_NAME})
|
||||
endif ()
|
||||
|
||||
add_definitions(-DRIRU_MODULE)
|
||||
|
||||
configure_file(template/config.cpp config.cpp)
|
||||
|
||||
message("Build type: ${CMAKE_BUILD_TYPE}")
|
||||
|
||||
set(CMAKE_CXX_STANDARD 11)
|
||||
|
||||
set(LINKER_FLAGS "-ffixed-x18 -Wl,--hash-style=both")
|
||||
set(C_FLAGS "-Werror=format -fdata-sections -ffunction-sections")
|
||||
set(CXX_FLAGS "${CXX_FLAGS} -fno-exceptions -fno-rtti")
|
||||
|
||||
if (NOT CMAKE_BUILD_TYPE STREQUAL "Debug")
|
||||
set(C_FLAGS "${C_FLAGS} -O2 -fvisibility=hidden -fvisibility-inlines-hidden")
|
||||
set(LINKER_FLAGS "${LINKER_FLAGS} -Wl,-exclude-libs,ALL -Wl,--gc-sections -Wl,--strip-all")
|
||||
else ()
|
||||
set(C_FLAGS "${C_FLAGS} -O0")
|
||||
endif ()
|
||||
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${C_FLAGS}")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${C_FLAGS} ${CXX_FLAGS}")
|
||||
|
||||
set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${LINKER_FLAGS}")
|
||||
set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} ${LINKER_FLAGS}")
|
||||
|
||||
find_package(riru REQUIRED CONFIG)
|
||||
|
||||
include_directories(include)
|
||||
|
||||
add_library(${MODULE_NAME} SHARED main.cpp ${CMAKE_CURRENT_BINARY_DIR}/config.cpp)
|
||||
target_link_libraries(${MODULE_NAME} log riru::riru)
|
||||
|
||||
if (NOT CMAKE_BUILD_TYPE STREQUAL "Debug")
|
||||
add_custom_command(TARGET ${MODULE_NAME} POST_BUILD
|
||||
COMMAND ${CMAKE_STRIP} --strip-all --remove-section=.comment "${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${MODULE_NAME}.so")
|
||||
endif ()
|
8
riru/module/src/main/cpp/include/config.h
Normal file
8
riru/module/src/main/cpp/include/config.h
Normal file
@ -0,0 +1,8 @@
|
||||
#pragma once
|
||||
|
||||
namespace riru {
|
||||
extern const int moduleVersionCode;
|
||||
extern const char* const moduleVersionName;
|
||||
extern const int moduleApiVersion;
|
||||
extern const int moduleMinApiVersion;
|
||||
}
|
198
riru/module/src/main/cpp/main.cpp
Normal file
198
riru/module/src/main/cpp/main.cpp
Normal file
@ -0,0 +1,198 @@
|
||||
#include <jni.h>
|
||||
#include <sys/types.h>
|
||||
#include <riru.h>
|
||||
#include <malloc.h>
|
||||
#include <cstring>
|
||||
#include <config.h>
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/mman.h>
|
||||
#include <android/log.h>
|
||||
|
||||
#ifndef NDEBUG
|
||||
#define DEBUG(...) __android_log_write(ANDROID_LOG_DEBUG, "SafetyNetRiru/JNI", __VA_ARGS__)
|
||||
#else
|
||||
#define DEBUG(...)
|
||||
#endif
|
||||
|
||||
static void *moduleDex;
|
||||
static size_t moduleDexSize;
|
||||
|
||||
static constexpr size_t APP_DATA_DIR_SIZE = 128;
|
||||
static char lastAppDataDir[APP_DATA_DIR_SIZE];
|
||||
|
||||
static void updateAppDataDir(JNIEnv *env, jstring appDataDir) {
|
||||
DEBUG("updateAppDataDir");
|
||||
if (!appDataDir) {
|
||||
DEBUG("dir is null");
|
||||
memset(lastAppDataDir, 0, APP_DATA_DIR_SIZE);
|
||||
} else {
|
||||
DEBUG("copy dir");
|
||||
// For simplicity, copy it into the buffer and release the JNI copy instead
|
||||
// of keeping the JNI string reference.
|
||||
const char *copy = env->GetStringUTFChars(appDataDir, NULL);
|
||||
strncpy(lastAppDataDir, copy, APP_DATA_DIR_SIZE);
|
||||
env->ReleaseStringUTFChars(appDataDir, copy);
|
||||
DEBUG(lastAppDataDir);
|
||||
}
|
||||
}
|
||||
|
||||
static void specializeCommon(JNIEnv *env) {
|
||||
DEBUG("specializeCommon");
|
||||
DEBUG(lastAppDataDir);
|
||||
if (!moduleDex || !strstr(lastAppDataDir, "com.google.android.gms")) {
|
||||
DEBUG("dex null or pkg doesn't match");
|
||||
riru_set_unload_allowed(true);
|
||||
return;
|
||||
}
|
||||
|
||||
DEBUG("get system classloader");
|
||||
// First, get the system classloader
|
||||
jclass clClass = env->FindClass("java/lang/ClassLoader");
|
||||
jmethodID getSystemClassLoader = env->GetStaticMethodID(clClass, "getSystemClassLoader", "()Ljava/lang/ClassLoader;");
|
||||
jobject systemClassLoader = env->CallStaticObjectMethod(clClass, getSystemClassLoader);
|
||||
|
||||
DEBUG("create buf");
|
||||
// Assuming we have a valid mapped module, load it. This is similar to the approach used for
|
||||
// Dynamite modules in GmsCompat, except we can use InMemoryDexClassLoader directly instead of
|
||||
// tampering with DelegateLastClassLoader's DexPathList.
|
||||
jobject buf = env->NewDirectByteBuffer(moduleDex, moduleDexSize);
|
||||
DEBUG("construct dex cl");
|
||||
jclass dexClClass = env->FindClass("dalvik/system/InMemoryDexClassLoader");
|
||||
jmethodID dexClInit = env->GetMethodID(dexClClass, "<init>", "(Ljava/nio/ByteBuffer;Ljava/lang/ClassLoader;)V");
|
||||
jobject dexCl = env->NewObject(dexClClass, dexClInit, buf, systemClassLoader);
|
||||
|
||||
// Load the class
|
||||
DEBUG("load class method lookup");
|
||||
jmethodID loadClass = env->GetMethodID(clClass, "loadClass", "(Ljava/lang/String;)Ljava/lang/Class;");
|
||||
DEBUG("call load class");
|
||||
jstring entryClassName = env->NewStringUTF("dev.kdrag0n.safetynetriru.EntryPoint");
|
||||
jobject entryClassObj = env->CallObjectMethod(dexCl, loadClass, entryClassName);
|
||||
|
||||
// Call init. Static initializers don't run when merely calling loadClass from JNI.
|
||||
DEBUG("call init");
|
||||
auto entryClass = (jclass) entryClassObj;
|
||||
jmethodID entryInit = env->GetStaticMethodID(entryClass, "init", "()V");
|
||||
env->CallStaticVoidMethod(entryClass, entryInit);
|
||||
DEBUG("specializeCommon end");
|
||||
}
|
||||
|
||||
static void *readFile(char *path, size_t *fileSize) {
|
||||
int fd = open(path, O_RDONLY, 0);
|
||||
if (fd < 0) {
|
||||
DEBUG("open fail");
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
// Get size
|
||||
DEBUG("get size");
|
||||
*fileSize = lseek(fd, 0, SEEK_END);
|
||||
if (*fileSize < 0) {
|
||||
DEBUG("seek fail");
|
||||
return nullptr;
|
||||
}
|
||||
lseek(fd, 0, SEEK_SET);
|
||||
|
||||
// Map
|
||||
/*
|
||||
DEBUG("mmap");
|
||||
moduleDex = mmap(nullptr, *fileSize, PROT_READ, MAP_PRIVATE, fd, 0);
|
||||
if (moduleDex == MAP_FAILED) {
|
||||
DEBUG("mmap fail");
|
||||
}*/
|
||||
|
||||
// Read the entire file into a buffer
|
||||
// TODO: see if mmap path is visible in /proc/pid/maps after closing and forking
|
||||
char *data = (char *) malloc(*fileSize);
|
||||
int bytes = 0;
|
||||
while (bytes < *fileSize) {
|
||||
bytes += read(fd, data + bytes, *fileSize - bytes);
|
||||
}
|
||||
|
||||
// Close the fd. This doesn't destroy the mapping.
|
||||
DEBUG("close");
|
||||
close(fd);
|
||||
|
||||
return data;
|
||||
}
|
||||
|
||||
static void forkAndSpecializePre(
|
||||
JNIEnv *env, jclass clazz, jint *uid, jint *gid, jintArray *gids, jint *runtimeFlags,
|
||||
jobjectArray *rlimits, jint *mountExternal, jstring *seInfo, jstring *niceName,
|
||||
jintArray *fdsToClose, jintArray *fdsToIgnore, jboolean *is_child_zygote,
|
||||
jstring *instructionSet, jstring *appDataDir, jboolean *isTopApp, jobjectArray *pkgDataInfoList,
|
||||
jobjectArray *whitelistedDataInfoList, jboolean *bindMountAppDataDirs, jboolean *bindMountAppStorageDirs) {
|
||||
updateAppDataDir(env, *appDataDir);
|
||||
}
|
||||
|
||||
static void specializeAppProcessPre(
|
||||
JNIEnv *env, jclass clazz, jint *uid, jint *gid, jintArray *gids, jint *runtimeFlags,
|
||||
jobjectArray *rlimits, jint *mountExternal, jstring *seInfo, jstring *niceName,
|
||||
jboolean *startChildZygote, jstring *instructionSet, jstring *appDataDir,
|
||||
jboolean *isTopApp, jobjectArray *pkgDataInfoList, jobjectArray *whitelistedDataInfoList,
|
||||
jboolean *bindMountAppDataDirs, jboolean *bindMountAppStorageDirs) {
|
||||
updateAppDataDir(env, *appDataDir);
|
||||
}
|
||||
|
||||
static void forkAndSpecializePost(JNIEnv *env, jclass clazz, jint res) {
|
||||
if (res == 0) {
|
||||
// Child process
|
||||
specializeCommon(env);
|
||||
}
|
||||
}
|
||||
|
||||
static void specializeAppProcessPost(JNIEnv *env, jclass clazz) {
|
||||
specializeCommon(env);
|
||||
}
|
||||
|
||||
static void onModuleLoaded() {
|
||||
// Load
|
||||
DEBUG("onModuleLoaded, loading file");
|
||||
char pathBuf[128];
|
||||
snprintf(pathBuf, 128, "%s/%s", riru_magisk_module_path, "classes.dex");
|
||||
DEBUG((char*)riru_magisk_module_path);
|
||||
DEBUG(pathBuf);
|
||||
|
||||
moduleDex = readFile(pathBuf, &moduleDexSize);
|
||||
if (!moduleDex) {
|
||||
return;
|
||||
}
|
||||
|
||||
DEBUG("module loaded");
|
||||
}
|
||||
|
||||
extern "C" {
|
||||
|
||||
int riru_api_version;
|
||||
const char *riru_magisk_module_path = nullptr;
|
||||
int *riru_allow_unload = nullptr;
|
||||
|
||||
static auto module = RiruVersionedModuleInfo{
|
||||
.moduleApiVersion = riru::moduleApiVersion,
|
||||
.moduleInfo = RiruModuleInfo{
|
||||
.supportHide = true,
|
||||
.version = riru::moduleVersionCode,
|
||||
.versionName = riru::moduleVersionName,
|
||||
.onModuleLoaded = onModuleLoaded,
|
||||
.forkAndSpecializePre = forkAndSpecializePre,
|
||||
.forkAndSpecializePost = forkAndSpecializePost,
|
||||
.forkSystemServerPre = NULL,
|
||||
.forkSystemServerPost = NULL,
|
||||
.specializeAppProcessPre = specializeAppProcessPre,
|
||||
.specializeAppProcessPost = specializeAppProcessPost,
|
||||
},
|
||||
};
|
||||
|
||||
RiruVersionedModuleInfo *init(Riru *riru) {
|
||||
auto core_max_api_version = riru->riruApiVersion;
|
||||
riru_api_version = core_max_api_version <= riru::moduleApiVersion ? core_max_api_version : riru::moduleApiVersion;
|
||||
module.moduleApiVersion = riru_api_version;
|
||||
|
||||
riru_magisk_module_path = strdup(riru->magiskModulePath);
|
||||
if (riru_api_version >= 25) {
|
||||
riru_allow_unload = riru->allowUnload;
|
||||
}
|
||||
return &module;
|
||||
}
|
||||
|
||||
}
|
8
riru/module/src/main/cpp/template/config.cpp
Normal file
8
riru/module/src/main/cpp/template/config.cpp
Normal file
@ -0,0 +1,8 @@
|
||||
#include "config.h"
|
||||
|
||||
namespace riru {
|
||||
const int moduleVersionCode = ${RIRU_MODULE_VERSION};
|
||||
const char* const moduleVersionName = "${RIRU_MODULE_VERSION_NAME}";
|
||||
const int moduleApiVersion = ${RIRU_MODULE_API_VERSION};
|
||||
const int moduleMinApiVersion = ${RIRU_MODULE_MIN_API_VERSION};
|
||||
}
|
5
riru/settings.gradle
Normal file
5
riru/settings.gradle
Normal file
@ -0,0 +1,5 @@
|
||||
include ':module'
|
||||
|
||||
import org.apache.tools.ant.DirectoryScanner
|
||||
|
||||
DirectoryScanner.removeDefaultExclude('**/.gitattributes')
|
10
riru/template/magisk_module/.gitattributes
vendored
Normal file
10
riru/template/magisk_module/.gitattributes
vendored
Normal file
@ -0,0 +1,10 @@
|
||||
# Declare files that will always have LF line endings on checkout.
|
||||
META-INF/** text eol=lf
|
||||
*.prop text eol=lf
|
||||
*.sh text eol=lf
|
||||
*.md text eol=lf
|
||||
sepolicy.rule text eol=lf
|
||||
|
||||
# Denote all files that are truly binary and should not be modified.
|
||||
system/** binary
|
||||
system_x86/** binary
|
23
riru/template/magisk_module/LICENSE
Normal file
23
riru/template/magisk_module/LICENSE
Normal file
@ -0,0 +1,23 @@
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2021 Danny Lin <danny@kdrag0n.dev>
|
||||
|
||||
Riru Module Template: Copyright (c) 2020 Rikka
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
@ -0,0 +1,33 @@
|
||||
#!/sbin/sh
|
||||
|
||||
#################
|
||||
# Initialization
|
||||
#################
|
||||
|
||||
umask 022
|
||||
|
||||
# echo before loading util_functions
|
||||
ui_print() { echo "$1"; }
|
||||
|
||||
require_new_magisk() {
|
||||
ui_print "*******************************"
|
||||
ui_print " Please install Magisk v20.4+! "
|
||||
ui_print "*******************************"
|
||||
exit 1
|
||||
}
|
||||
|
||||
#########################
|
||||
# Load util_functions.sh
|
||||
#########################
|
||||
|
||||
OUTFD=$2
|
||||
ZIPFILE=$3
|
||||
|
||||
mount /data 2>/dev/null
|
||||
|
||||
[ -f /data/adb/magisk/util_functions.sh ] || require_new_magisk
|
||||
. /data/adb/magisk/util_functions.sh
|
||||
[ $MAGISK_VER_CODE -lt 20400 ] && require_new_magisk
|
||||
|
||||
install_module
|
||||
exit 0
|
69
riru/template/magisk_module/customize.sh
Normal file
69
riru/template/magisk_module/customize.sh
Normal file
@ -0,0 +1,69 @@
|
||||
SKIPUNZIP=1
|
||||
|
||||
# Extract verify.sh
|
||||
unzip -o "$ZIPFILE" 'verify.sh' -d "$TMPDIR" >&2
|
||||
if [ ! -f "$TMPDIR/verify.sh" ]; then
|
||||
ui_print "*********************************************************"
|
||||
ui_print "! Unable to extract verify.sh!"
|
||||
ui_print "! This zip may be corrupted, please try downloading again"
|
||||
abort "*********************************************************"
|
||||
fi
|
||||
. $TMPDIR/verify.sh
|
||||
|
||||
# Extract riru.sh
|
||||
|
||||
# Variables provided by riru.sh:
|
||||
#
|
||||
# RIRU_API: API version of installed Riru, 0 if not installed
|
||||
# RIRU_MIN_COMPATIBLE_API: minimal supported API version by installed Riru, 0 if not installed or version < v23.2
|
||||
# RIRU_VERSION_CODE: version code of installed Riru, 0 if not installed or version < v23.2
|
||||
# RIRU_VERSION_NAME: version name of installed Riru, "" if not installed or version < v23.2
|
||||
|
||||
extract "$ZIPFILE" 'riru.sh' "$TMPDIR"
|
||||
. $TMPDIR/riru.sh
|
||||
|
||||
# Functions from util_functions.sh (it will be loaded by riru.sh)
|
||||
check_riru_version
|
||||
enforce_install_from_magisk_app
|
||||
|
||||
# Check architecture
|
||||
if [ "$ARCH" != "arm" ] && [ "$ARCH" != "arm64" ] && [ "$ARCH" != "x86" ] && [ "$ARCH" != "x64" ]; then
|
||||
abort "! Unsupported platform: $ARCH"
|
||||
else
|
||||
ui_print "- Device platform: $ARCH"
|
||||
fi
|
||||
|
||||
# Extract libs
|
||||
ui_print "- Extracting module files"
|
||||
|
||||
extract "$ZIPFILE" 'module.prop' "$MODPATH"
|
||||
extract "$ZIPFILE" 'classes.dex' "$MODPATH"
|
||||
|
||||
# Riru v24+ load files from the "riru" folder in the Magisk module folder
|
||||
# This "riru" folder is also used to determine if a Magisk module is a Riru module
|
||||
|
||||
mkdir "$MODPATH/riru"
|
||||
mkdir "$MODPATH/riru/lib"
|
||||
mkdir "$MODPATH/riru/lib64"
|
||||
|
||||
if [ "$ARCH" = "arm" ] || [ "$ARCH" = "arm64" ]; then
|
||||
ui_print "- Extracting arm libraries"
|
||||
extract "$ZIPFILE" "lib/armeabi-v7a/lib$RIRU_MODULE_LIB_NAME.so" "$MODPATH/riru/lib" true
|
||||
|
||||
if [ "$IS64BIT" = true ]; then
|
||||
ui_print "- Extracting arm64 libraries"
|
||||
extract "$ZIPFILE" "lib/arm64-v8a/lib$RIRU_MODULE_LIB_NAME.so" "$MODPATH/riru/lib64" true
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$ARCH" = "x86" ] || [ "$ARCH" = "x64" ]; then
|
||||
ui_print "- Extracting x86 libraries"
|
||||
extract "$ZIPFILE" "lib/x86/lib$RIRU_MODULE_LIB_NAME.so" "$MODPATH/riru/lib" true
|
||||
|
||||
if [ "$IS64BIT" = true ]; then
|
||||
ui_print "- Extracting x64 libraries"
|
||||
extract "$ZIPFILE" "lib/x86_64/lib$RIRU_MODULE_LIB_NAME.so" "$MODPATH/riru/lib64" true
|
||||
fi
|
||||
fi
|
||||
|
||||
set_perm_recursive "$MODPATH" 0 0 0755 0644
|
6
riru/template/magisk_module/module.prop
Normal file
6
riru/template/magisk_module/module.prop
Normal file
@ -0,0 +1,6 @@
|
||||
id=${id}
|
||||
name=${name}
|
||||
version=${version}
|
||||
versionCode=${versionCode}
|
||||
author=${author}
|
||||
description=${description}
|
44
riru/template/magisk_module/riru.sh
Normal file
44
riru/template/magisk_module/riru.sh
Normal file
@ -0,0 +1,44 @@
|
||||
#!/sbin/sh
|
||||
RIRU_MODULE_LIB_NAME="@RIRU_MODULE_LIB_NAME@"
|
||||
|
||||
# Variables for customize.sh
|
||||
RIRU_API=0
|
||||
RIRU_MIN_COMPATIBLE_API=0
|
||||
RIRU_VERSION_CODE=0
|
||||
RIRU_VERSION_NAME=""
|
||||
|
||||
# Used by util_functions.sh
|
||||
RIRU_MODULE_API_VERSION=@RIRU_MODULE_API_VERSION@
|
||||
RIRU_MODULE_MIN_API_VERSION=@RIRU_MODULE_MIN_API_VERSION@
|
||||
RIRU_MODULE_MIN_RIRU_VERSION_NAME="@RIRU_MODULE_MIN_RIRU_VERSION_NAME@"
|
||||
|
||||
if [ "$MAGISK_VER_CODE" -ge 21000 ]; then
|
||||
MAGISK_CURRENT_RIRU_MODULE_PATH=$(magisk --path)/.magisk/modules/riru-core
|
||||
else
|
||||
MAGISK_CURRENT_RIRU_MODULE_PATH=/sbin/.magisk/modules/riru-core
|
||||
fi
|
||||
|
||||
if [ ! -d $MAGISK_CURRENT_RIRU_MODULE_PATH ]; then
|
||||
ui_print "*********************************************************"
|
||||
ui_print "! Riru is not installed"
|
||||
ui_print "! Please install Riru from Magisk Manager or https://github.com/RikkaApps/Riru/releases"
|
||||
abort "*********************************************************"
|
||||
fi
|
||||
|
||||
if [ -f "$MAGISK_CURRENT_RIRU_MODULE_PATH/disable" ] || [ -f "$MAGISK_CURRENT_RIRU_MODULE_PATH/remove" ]; then
|
||||
ui_print "*********************************************************"
|
||||
ui_print "! Riru is not enabled or will be removed"
|
||||
ui_print "! Please enable Riru in Magisk first"
|
||||
abort "*********************************************************"
|
||||
fi
|
||||
|
||||
if [ -f $MAGISK_CURRENT_RIRU_MODULE_PATH/util_functions.sh ]; then
|
||||
ui_print "- Load $MAGISK_CURRENT_RIRU_MODULE_PATH/util_functions.sh"
|
||||
# shellcheck disable=SC1090
|
||||
. $MAGISK_CURRENT_RIRU_MODULE_PATH/util_functions.sh
|
||||
else
|
||||
ui_print "*********************************************************"
|
||||
ui_print "! Riru $RIRU_MODULE_MIN_RIRU_VERSION_NAME or above is required"
|
||||
ui_print "! Please upgrade Riru from Magisk Manager or https://github.com/RikkaApps/Riru/releases"
|
||||
abort "*********************************************************"
|
||||
fi
|
38
riru/template/magisk_module/verify.sh
Normal file
38
riru/template/magisk_module/verify.sh
Normal file
@ -0,0 +1,38 @@
|
||||
TMPDIR_FOR_VERIFY="$TMPDIR/.vunzip"
|
||||
mkdir "$TMPDIR_FOR_VERIFY"
|
||||
|
||||
abort_verify() {
|
||||
ui_print "*********************************************************"
|
||||
ui_print "! $1"
|
||||
ui_print "! This zip may be corrupted, please try downloading again"
|
||||
abort "*********************************************************"
|
||||
}
|
||||
|
||||
# extract <zip> <file> <target dir> <junk paths>
|
||||
extract() {
|
||||
zip=$1
|
||||
file=$2
|
||||
dir=$3
|
||||
junk_paths=$4
|
||||
[ -z "$junk_paths" ] && junk_paths=false
|
||||
opts="-o"
|
||||
[ $junk_paths = true ] && opts="-oj"
|
||||
|
||||
file_path=""
|
||||
hash_path=""
|
||||
if [ $junk_paths = true ]; then
|
||||
file_path="$dir/$(basename "$file")"
|
||||
hash_path="$TMPDIR_FOR_VERIFY/$(basename "$file").sha256sum"
|
||||
else
|
||||
file_path="$dir/$file"
|
||||
hash_path="$TMPDIR_FOR_VERIFY/$file.sha256sum"
|
||||
fi
|
||||
|
||||
unzip $opts "$zip" "$file" -d "$dir" >&2
|
||||
[ -f "$file_path" ] || abort_verify "$file not exists"
|
||||
|
||||
unzip $opts "$zip" "$file.sha256sum" -d "$TMPDIR_FOR_VERIFY" >&2
|
||||
[ -f "$hash_path" ] || abort_verify "$file.sha256sum not exists"
|
||||
|
||||
(echo "$(cat "$hash_path") $file_path" | sha256sum -c -s -) || abort_verify "Failed to verify $file"
|
||||
}
|
@ -1,9 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Keystore v2 starts before Magisk on Android 12, so it needs to be restarted.
|
||||
# Do this in service.sh to make sure that files have been mounted already.
|
||||
sdk="$(getprop ro.build.version.sdk)"
|
||||
if [[ "$sdk" -ge 31 ]]; then
|
||||
stop keystore2
|
||||
start keystore2
|
||||
fi
|
@ -1,8 +0,0 @@
|
||||
# RootBeer, Microsoft
|
||||
ro.build.tags=release-keys
|
||||
|
||||
# SafetyNet
|
||||
ro.boot.flash.locked=1
|
||||
ro.boot.verifiedbootstate=green
|
||||
ro.boot.veritymode=enforcing
|
||||
ro.boot.vbmeta.device_state=locked
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue
Block a user