Commit Graph

131 Commits

Author SHA1 Message Date
Danny Lin
65bc7f072e Revert Magisk update metadata
Next public release(s) will be published after robustness improvements
to fingerprint spoofing are done. In the meantime, revert this to avoid
linking to a 404 release.
2023-01-06 19:12:01 -08:00
Ilya Kushnir
e643275a71 [NEXT RELEASE] Separate patchset
* Move safetynet props to boot completed to fix fingerprint not working on OOS12 (Thaks to @HuskyDG)
2023-01-06 12:01:21 -08:00
Ilya Kushnir
bd387a3504 Create .gitattributes
To ensure that all sensetive scripts will be in the correct newline mode
2023-01-06 12:01:12 -08:00
Danny Lin
aeb51dcce9 version: 2.4.0 2023-01-06 11:59:56 -08:00
Danny Lin
22fd150334 readme: Update Android version spec and CTS profile instructions
Closes #235
2023-01-06 11:59:56 -08:00
Danny Lin
73c8587a80 Dynamically patch build fingerprint in GMS process
"AndroidCAStore" always seems to be used early in the attestation
process, before the fingerprint is checked.

Dynamic patching avoids problems with device detection and functionality
that can be caused by permanently spoofing another device.

Closes #207, closes #224, closes #222, closes #220, closes #218, closes #212, closes #211, closes #210, closes #204, closes #203, closes #201, closes #196, closes #188, closes #171, closes #170
2023-01-06 11:59:50 -08:00
Anirudh Gupta
2f18d85a9b service: Set shipping level to 32 for devices >=33
If ro.product.first_api_level is 33, its forced to use HW attestation even though the safteynet checker app shows BASIC
setting it to 32 allows for software attestation and passing CTS

Signed-off-by: Anirudh Gupta <anirudhgupta109@aosip.dev>
2023-01-01 04:50:49 -08:00
Danny Lin
50d8522f26 Update Gradle wrapper 2022-12-21 02:46:27 -08:00
Danny Lin
cae30da9ec debug: Log package name 2022-12-21 01:30:03 -08:00
Danny Lin
056aed6e46
Update log tags 2022-12-06 20:26:20 -08:00
ipdev99
a2267d100f Update to the current Magisk installer script.
Require Magisk v20.4 for modules.
cf47214ee4
2022-07-05 00:11:01 -07:00
Lex Nastin
f493689caa Mention A13 B3 Support In Module Description 2022-06-27 17:43:35 -07:00
Danny Lin
457b833870
changelog: Label footer 2022-06-27 03:30:47 -07:00
Danny Lin
dfb02593d6
readme: Update Android version compatibility 2022-06-27 03:04:34 -07:00
Danny Lin
b1ee715a85
changelog: Reformat footer 2022-06-27 03:04:03 -07:00
Danny Lin
f79e5cc37e
version: 2.3.1 2022-06-27 02:58:11 -07:00
Danny Lin
532a92a0b6
zygisk: Clarify unloading in non-GMS processes 2022-06-27 02:41:09 -07:00
Danny Lin
ebc54d8ccd
zygisk: Fix unnecessary string copy 2022-06-27 02:40:35 -07:00
Danny Lin
27a8138b7c
changelog: Only keep latest version
Thanks to @osm0sis for pointing out the 1000-character limit.
2022-06-27 02:37:38 -07:00
Danny Lin
c864c41130
github: Fix typo in issue template 2022-06-27 02:36:19 -07:00
Danny Lin
b4ee04be71
zygisk: Fix entry point class name
This was missed in the refactor.
2022-06-27 02:31:53 -07:00
Danny Lin
57b726c260
readme: Rewrite, split details for developers 2022-03-12 21:05:44 -08:00
Danny Lin
0a69b10b3c
github: Add issue template for bug reports 2022-03-12 20:51:46 -08:00
Danny Lin
b3893d32f3
magisk: Allow limited installation on Android 7 and older
Key attestation was introduced in Android 7.0, but Android 7.x doesn't
have InMemoryDexClassLoader so our Zygisk module is incompatible.

In general, users on such old versions of Android don't need to bypass
hardware-backed attestation (which isn't even applicable on Android 6
and older), so allow them to install the module without the Zygisk part.

Closes #156.
2022-03-12 20:40:53 -08:00
Danny Lin
db27e80080
java: Rename package to safetynetfix
This is no longer using Riru.
2022-03-12 20:27:52 -08:00
Danny Lin
2bcb2ff9a7
java: Simplify exception handling in entry point 2022-03-12 20:26:52 -08:00
Danny Lin
0058654541
java: SecurityBridge -> SecurityHooks 2022-03-12 20:26:15 -08:00
Danny Lin
769fa05817
java_module: Rename to java
I named this "java_module" to avoid confusion with app/src/main/java,
but there's no need to be so verbose.
2022-03-10 22:16:04 -08:00
Chris Renshaw
55f892fb88 magisk: fix Oppo fingerprint reader issues
- move ro.boot.vbmeta.device_state to late props since any earlier appears to break Oppo (ColorOS/OOS12) fingerprint readers

Thanks @MlgmXyysd

Fixes #157
2022-03-10 17:40:57 -08:00
ip
0f3551497c Only remove gms if Denylist is enforced
Originally Magisk required the Denylist to be enforced to access the Denylist.
When enforced, Magisk is unloaded while the processes on the Denylist are called.

Now you can access the Denylist when it is not enforced.
Since Magisk runs normally when not enforced, the Denylist is just a list.

No need to remove 'gms' from the Denylist when it is not enforced.
2022-03-10 17:33:21 -08:00
benjibobs
7238dd7caa Add CHANGELOG.md 2022-02-07 22:09:56 -08:00
benjibobs
bc49da291a Support update.json Magisk update checker 2022-02-07 22:09:56 -08:00
Danny Lin
e5064fff03
readme: Update for stable Magisk v24 release 2022-01-30 05:50:20 -08:00
Chris Renshaw
d2676e1232 magisk: Add circumvention of OnePlus' oem unlock counter
- I recently discovered `ro.is_ever_orange` on OOS 11, which gets set roughly 32 seconds after boot completed and is equal to the number of times a device has ever been `fastboot oem unlock`ed
- a fresh MSM (i.e. factory locked device) has it set to 0, and using system.prop to set it to 0 earlier in the boot seems to keep it set to 0 instead of the real unlock count
- I haven't seen this exploited anywhere, though I presume it exists for a reason, so probably good to manage it as well
2021-12-24 15:54:02 -08:00
Danny Lin
dd5f49ec58
Bump version to 2.2.1 2021-12-22 18:59:01 -08:00
Danny Lin
953a2cc560
readme: Update Android version constraint 2021-12-21 15:42:51 -08:00
Danny Lin
8ea2649fa0
customize: Prevent installation on Android 7.x and older
Android 7.x lacks the InMemoryDexClassLoader API, which is necessary for
the module to load Java code, and is unlikely to support hardware
attestation on any production devices anyway.

Fixes #124, #127
2021-12-21 15:40:57 -08:00
Danny Lin
09332546b0
readme: Clarify definition of "basic" attestation
Fixes #101
2021-12-21 15:40:45 -08:00
osm0sis
3a3f95b696 magisk: fix Realme fingerprint reader issues
- move ro.boot.flash.locked to late props since any earlier appears to break Realme fingerprint readers

Thanks @byxiaorun for finding the problem prop, and @Jowat97 for testing
2021-12-21 15:15:28 -08:00
Danny Lin
8de1265927
readme: Update for 2.1.2 and 2.2.0 releases 2021-11-15 22:13:12 -08:00
Danny Lin
5308a0a57f
zygisk: Remove template readme 2021-11-15 22:02:55 -08:00
Danny Lin
d235d134b7
Bump version to 2.2.0 2021-11-15 22:01:19 -08:00
Danny Lin
ff588c1cc3
zygisk: Use more auto types 2021-11-15 22:01:19 -08:00
Danny Lin
bc27f2211b
magisk: Remove Play Services from DenyList earlier
This ensures that GMS will never start before it's removed from the
DenyList, even if another module's service.sh is blocking our script.

Suggested-by: osm0sis <osm0sis@outlook.com>
2021-10-30 23:49:23 -07:00
Danny Lin
daefe159e3
zygisk: Always unload from system_server 2021-10-30 19:48:37 -07:00
Danny Lin
69e2aae3d8
zygisk: Inject payload after specialization 2021-10-30 19:48:37 -07:00
Danny Lin
cd84bf361f
magisk: Remove Play Services from DenyList
The Zygisk module will never load if GMS is in the DenyList. Instead, we
have the module force-enable DenyList unmounting after forking.
2021-10-30 18:43:15 -07:00
Danny Lin
b1b839555f
magisk: Fix service.sh permissions 2021-10-30 18:43:15 -07:00
Danny Lin
2079674e3e
zygisk: Separate path classes.dex into constant 2021-10-30 18:40:02 -07:00
Danny Lin
8015d36786
Remove Riru implementation
Zygisk is now the primary implementation of this module.

NB: The Zygisk module template is in the public domain, so attribution
is no longer needed in the license.
2021-10-30 18:33:29 -07:00