VarunS2002 / Xposed-Disable-FLAG_SECURE

Xposed Module to Disable FLAG_SECURE, enabling screenshots, screen sharing and recording in apps that normally wouldn't allow it.
GNU General Public License v3.0
443 stars 28 forks source link

Disable Flag Secure for views not only windows #3

Closed programminghoch10 closed 3 years ago

programminghoch10 commented 3 years ago

Hello, it looks like you're trying to unify all the Flag Secure modules to one updated and working one. Good idea!

Deep in the interwebz I've found a gitlab repo which does also able to disable Flag secure for views and not only windows. It does work better than all other modules do. I think it would be nice if you integrated the code of this module into this one.

As far as I know it does not fix #1 sadly, Netflix and LSPosed also does not work, also not with the other module linked above.

The linked module does work to allow screenshot/record or activity switcher preview for chrome incognito mode and telegram secure chats though. If you need motivation I can include screenshots on why it works better.

Cheers!

VarunS2002 commented 3 years ago

@programminghoch10 The GitLab repo you found is the source code of the 3rd one of these links image In #1 I have made a test version of my app which combines the code of all these 3 modules downloadable here So you can try this. What apps are you trying it on?

programminghoch10 commented 3 years ago

Okay so I downloaded and installed your debug APK. It automatically installed it to the SD card, and it says it can't move the app to internal cause of missing space. This is weird, there is a lot of space and it does work with bigger apps and with the release of your app. Maybe you got an idea, else it looks like I need to remove the SD card. I don't want to though, it's kind of a hassle... I'll try on another device later.

VarunS2002 commented 3 years ago

@programminghoch10 app-release.zip Try this

programminghoch10 commented 3 years ago

@VarunS2002 Well idk why but my phone didn't recognize my SD card anymore so it installed to internal I tried the second one and it's working, everything is working! I could screenshot secure telegram chats, the activity switcher also works fine and I could even screenshot and record Netflix. Looks like it's all working. Edit: the SD card bug was caused by another mod I installed lately. I uninstalled it, SD card works again and moving the app is also working.

programminghoch10 commented 3 years ago

What apps are you trying it on?

So I noticed several things that bug me with flag secure, hence my interest in this module. Im using Android 10 / Lineage 17.1 and noticed this when switching activities: Without module or with old module the activity switcher replaces the secure view with a single color: image With the new module: image As you can see it does not replace the contents with the white color anymore. The white color is a Telegram thing, chrome incognito mode does the same thing but with a grey color.

Also Netflix: The Netflix app does quite some things to prevent you from "stealing" content or sth... With Flag Secure they prevent screen recordings and with SafetyNet they prevent modded phones. Well here it is without the module or the old module: image And here with the new module: image

Also another reason thing I noticed: When using Miracast / Screenshare / Screenrecorders the same rules apply. This means that casting a working Netflix Movie to my PC/TV will also remove the contents (if the receiving device is considered "not secure", whatever that means..., as far as I can see modern TVs are considered secure, chromecasts too, but most Miracast/WiFi Direct receivers are not) You see, I just want my damn freedom to cast whatever to wherever I want! Stupid Flag Secure.

So yeah conclusion time I guess The combined module you made works like a charm. Merge it in!

VarunS2002 commented 3 years ago

@programminghoch10 Thanks for the insights mate! It's great to hear everything is working. However can you test it with Disney+? I don't have access to Disney+ in my country.

VarunS2002 commented 3 years ago

@programminghoch10 FLAG_SECURE is primarily for preventing piracy of DRM protected content. Hence a TV is considered secure as it's just a display or a medium to consume such content. Casting how ever can be used to record the content. Apps like Telegram use it for privacy reasons which is acceptable sometimes I guess.

programminghoch10 commented 3 years ago

However can you test it with Disney+?

Disney+ does not work for me, seems like they are doing even more shenanigans than Netflix, which is quite surprising. Screencast goes completely black, not even the UI shows up. Screenshots only black out the video: image

You got any idea how to debug this? Here are the logs related to Flag Secure Module and Disney+:

2021-05-12 11:28:46.046 I/com.disney.disneyplus(9685-9685): Disabled FLAG_SECURE for: com.disney.disneyplus
2021-05-12 11:28:46.046 I/com.disney.disneyplus(9685-9685): Disable-FLAG_SECURE: de.robv.android.xposed.XposedHelpers$ClassNotFoundError: java.lang.ClassNotFoundException: com.android.server.wm.WindowState
2021-05-12 11:28:46.046 I/com.disney.disneyplus(9685-9685): Disable-FLAG_SECURE: de.robv.android.xposed.XposedHelpers$ClassNotFoundError: java.lang.ClassNotFoundException: com.android.server.wm.WindowState
2021-05-12 11:28:46.046 I/com.disney.disneyplus(9685-9685): Disable-FLAG_SECURE: java.lang.NoSuchMethodError: android.view.WindowManagerGlobal#addView(android.view.View,android.view.ViewGroup.LayoutParams,android.view.Display,android.view.Window,int)#exact

No log for Netflix, but for everything else the module gets applied to, the logs look exactly the same.

Also I noticed LSPosed does not reenable the module for an app installed on sdcard because its not "installed" right at boot time but rather appears later. I guess we may have to escalate that to the LSPosed devs though.

VarunS2002 commented 3 years ago

@programminghoch10 I don't think the time matters. So Disney+ seems to be doing something really weird which nobody seems to have figured out I guess. Those errors don't occur for other apps? Those 4 lines are expected for every app (except android) with just com.disney.disneyplus replaced with com.netflix or whatever the app is.

programminghoch10 commented 3 years ago

Those errors don't occur for other apps? Those 4 lines are expected for every app

They do appear for every app. Maybe decompiling the Disney+ app can shed a light on their tricks.

VarunS2002 commented 3 years ago

@programminghoch10 Guess what I've tried that, either they obfuscated the app pretty well or I'm not smart enough to understand it xD. I suggest you to open an issue here as this was active recently. Probably he can solve the problem. Consequently I can integrate the solution in my app too.

VarunS2002 commented 3 years ago

Closing this issue as this has been fixed in the latest release v2.0.0 Discussion on Disney+ support can continue in #1