search

j-hc / zygisk-detach

Zygisk module to detach installed apps from Play Store, hooking binder
https://t.me/rv_magisk
Apache License 2.0
995 stars 26 forks source link

Play store crashes when detaching anything at all #45

Closed baltitenger closed 2 months ago

baltitenger commented 2 months ago

Are you sure you read the readme? yes

Android version and skin (MIUI etc... is MIUI still a thing? idk): Android 11, LineageOS 18.1

Screenshot of Play Store page of the app you are trying to detach: n/a

Screenshot of the helper CLI showing detached apps (from Option 2): n/a

Logs taken with su -c logcat -d -s "zygisk-detach" > /sdcard/log.txt: only has lines like this:

06-15 10:25:56.595 17614 17614 D zygisk-detach: ERROR: detach.bin <= 0

The actual apps I tried to detach were youtube, termux, kde-connect and mpv-android. After adding any of these to the list, play store crashes immediately when launched (or killed if it's running).

Crash log: ``` 06-15 10:19:11.525 3008 3872 I ActivityTaskManager: START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.android.vending/.AssetBrowserActivity bnds=[540,922][760,1176]} from uid 10215 06-15 10:19:11.539 3008 3033 D CompatibilityChangeReporter: Compat change id reported: 135634846; UID 10120; state: DISABLED 06-15 10:19:11.540 3008 3043 D CompatibilityChangeReporter: Compat change id reported: 143937733; UID 10120; state: ENABLED 06-15 10:19:11.549 2760 2760 D Zygote : Forked child process 17129 06-15 10:19:11.552 3008 3043 I ActivityManager: Start proc 17129:com.android.vending/u0a120 for pre-top-activity {com.android.vending/com.android.vending.AssetBrowserActivity} 06-15 10:19:11.555 17129 17129 F libc : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x7fdaeeb75c in tid 17129 (main), pid 17129 (main) 06-15 10:19:11.613 17137 17137 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone 06-15 10:19:11.614 2753 2753 I tombstoned: received crash request for pid 17129 06-15 10:19:11.614 17137 17137 I crash_dump64: performing dump of process 17129 (target tid = 17129) 06-15 10:19:11.628 17137 17137 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 06-15 10:19:11.628 17137 17137 F DEBUG : LineageOS Version: '18.1-20240305-NIGHTLY-a5y17lte' 06-15 10:19:11.628 17137 17137 F DEBUG : Build fingerprint: 'samsung/a7y17lteskt/a7y17lteskt:9/PPR1.180610.011/A720SKSU5CUJ2:user/release-keys' 06-15 10:19:11.628 17137 17137 F DEBUG : Revision: '0' 06-15 10:19:11.628 17137 17137 F DEBUG : ABI: 'arm64' 06-15 10:19:11.629 17137 17137 F DEBUG : Timestamp: 2024-06-15 10:19:11+0200 06-15 10:19:11.629 17137 17137 F DEBUG : pid: 17129, tid: 17129, name: main >>> zygote64 <<< 06-15 10:19:11.629 17137 17137 F DEBUG : uid: 0 06-15 10:19:11.629 17137 17137 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x7fdaeeb75c 06-15 10:19:11.629 17137 17137 F DEBUG : x0 0000000000000004 x1 0000000000000000 x2 0000000000000000 x3 0000000000000000 06-15 10:19:11.629 17137 17137 F DEBUG : x4 0000000000000010 x5 0000000000000004 x6 fefeff7ec04fae2f x7 7f7f7f7fff7fff7f 06-15 10:19:11.630 17137 17137 F DEBUG : x8 0000007fdaeeb768 x9 103e237ddebd0a25 x10 0000007517488fe4 x11 00000000000000c1 06-15 10:19:11.630 17137 17137 F DEBUG : x12 00000000fffffffa x13 0a20302030303a30 x14 0000000000000004 x15 0000d4d546c25e7c 06-15 10:19:11.630 17137 17137 F DEBUG : x16 0000007517495cd0 x17 0000007517416b08 x18 0000007519658000 x19 0000007278d90af0 06-15 10:19:11.630 17137 17137 F DEBUG : x20 00000073c2f9a4b8 x21 0000007278d8dbab x22 00000075185dc000 x23 0000007fc150aea8 06-15 10:19:11.630 17137 17137 F DEBUG : x24 65646e696262696c x25 000000006f732e72 x26 000000727b2feb68 x27 0000007fc150b1f8 06-15 10:19:11.630 17137 17137 F DEBUG : x28 0000000000000005 x29 0000007fc150afb0 06-15 10:19:11.630 17137 17137 F DEBUG : lr 0000007278d8e3f0 sp 0000007fc150ae80 pc 0000007278d8e3f8 pst 0000000060000000 06-15 10:19:11.793 17137 17137 F DEBUG : backtrace: 06-15 10:19:11.793 17137 17137 F DEBUG : #00 pc 00000000000013f8 /memfd:jit-cache (deleted) 06-15 10:19:11.793 17137 17137 F DEBUG : #01 pc 000000000002fa58 /system/lib64/libzygisk.so (BuildId: b4c7d85e83f5b20e40d07cc293f9467b13eb1132) 06-15 10:19:11.793 17137 17137 F DEBUG : #02 pc 000000000002fbdc /system/lib64/libzygisk.so (BuildId: b4c7d85e83f5b20e40d07cc293f9467b13eb1132) 06-15 10:19:11.793 17137 17137 F DEBUG : #03 pc 000000000002ff00 /system/lib64/libzygisk.so (BuildId: b4c7d85e83f5b20e40d07cc293f9467b13eb1132) 06-15 10:19:11.793 17137 17137 F DEBUG : #04 pc 0000000000031b14 /system/lib64/libzygisk.so (BuildId: b4c7d85e83f5b20e40d07cc293f9467b13eb1132) 06-15 10:19:11.793 17137 17137 F DEBUG : #05 pc 000000000022ae90 /system/framework/arm64/boot-framework.oat (art_jni_trampoline+496) (BuildId: f33702432fa9aa7636371ce9429cb50205dae51d) 06-15 10:19:11.793 17137 17137 F DEBUG : #06 pc 00000000008aa870 /system/framework/arm64/boot-framework.oat (com.android.internal.os.Zygote.forkAndSpecialize+208) (BuildId: f33702432fa9aa7636371ce9429cb50205dae51d) 06-15 10:19:11.793 17137 17137 F DEBUG : #07 pc 00000000008af1b8 /system/framework/arm64/boot-framework.oat (com.android.internal.os.ZygoteConnection.processOneCommand+2088) (BuildId: f33702432fa9aa7636371ce9429cb50205dae51d) 06-15 10:19:11.793 17137 17137 F DEBUG : #08 pc 00000000008b4a80 /system/framework/arm64/boot-framework.oat (com.android.internal.os.ZygoteServer.runSelectLoop+1904) (BuildId: f33702432fa9aa7636371ce9429cb50205dae51d) 06-15 10:19:11.793 17137 17137 F DEBUG : #09 pc 00000000008b1108 /system/framework/arm64/boot-framework.oat (com.android.internal.os.ZygoteInit.main+2136) (BuildId: f33702432fa9aa7636371ce9429cb50205dae51d) 06-15 10:19:11.794 17137 17137 F DEBUG : #10 pc 00000000001337e8 /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: c3599d7ca2ff9b5eaf3b675100bd51be) 06-15 10:19:11.794 17137 17137 F DEBUG : #11 pc 00000000001a9804 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+228) (BuildId: c3599d7ca2ff9b5eaf3b675100bd51be) 06-15 10:19:11.794 17137 17137 F DEBUG : #12 pc 000000000055cc80 /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+448) (BuildId: c3599d7ca2ff9b5eaf3b675100bd51be) 06-15 10:19:11.794 17137 17137 F DEBUG : #13 pc 000000000055d144 /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+92) (BuildId: c3599d7ca2ff9b5eaf3b675100bd51be) 06-15 10:19:11.794 17137 17137 F DEBUG : #14 pc 000000000043f6bc /apex/com.android.art/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+652) (BuildId: c3599d7ca2ff9b5eaf3b675100bd51be) 06-15 10:19:11.794 17137 17137 F DEBUG : #15 pc 000000000009948c /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+124) (BuildId: 3efff8ec8941fecce60c077a7eeb0e3a) 06-15 10:19:11.794 17137 17137 F DEBUG : #16 pc 00000000000a0a0c /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector const&, bool)+844) (BuildId: 3efff8ec8941fecce60c077a7eeb0e3a) 06-15 10:19:11.794 17137 17137 F DEBUG : #17 pc 0000000000003570 /system/bin/app_process64 (main+1320) (BuildId: aeddd4ca668825907c472e6e9dbc7492) 06-15 10:19:11.794 17137 17137 F DEBUG : #18 pc 0000000000049a34 /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+108) (BuildId: 1e3cd92e7917e47dea90b202e498fb1a) 06-15 10:19:11.934 2753 2753 E tombstoned: Tombstone written to: /data/tombstones/tombstone_20 06-15 10:19:11.937 3008 17141 I DropBoxManagerService: add tag=system_app_native_crash isTagEnabled=true flags=0x2 06-15 10:19:11.939 3008 3049 I BootReceiver: Copying /data/tombstones/tombstone_20 to DropBox (SYSTEM_TOMBSTONE) 06-15 10:19:11.940 3008 3049 I DropBoxManagerService: add tag=SYSTEM_TOMBSTONE isTagEnabled=true flags=0x2 06-15 10:19:11.945 3008 3042 W BroadcastQueue: Background execution not allowed: receiving Intent { act=android.intent.action.DROPBOX_ENTRY_ADDED flg=0x10 (has extras) } to com.google.android.gms/.stats.service.DropBoxEntryAddedReceiver 06-15 10:19:11.949 17129 17129 W main : type=1701 audit(0.0:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=u:r:zygote:s0 exe="/system/bin/app_process64" sig=11 06-15 10:19:11.965 2760 2760 I Zygote : Process 17129 exited due to signal 11 (Segmentation fault) 06-15 10:19:11.971 0 0 I [0: init: 1] init: Untracked pid 17137 exited with status 0 06-15 10:19:11.981 0 0 I [0: init: 1] init: Untracked pid 17139 exited with status 0 ```

Tombstone file attached: tombstone_20

If I then remove everything from the detach list, play store works fine again.

Note that I also have play integrity fix magisk module installed, but disabling it doesn't fix this behavior.

j-hc commented 2 months ago

i need the see the maps.txt from this command su -M -c cat /proc/$(pidof com.android.vending)/maps > /sdcard/maps.txt

baltitenger commented 2 months ago

Attached: maps.txt (obviously nothing is detached at this point since it can't start otherwise)

j-hc commented 2 months ago

fixed in v1.17.0

baltitenger commented 2 months ago

Hi! Apparently it broke again after a reboot (or something else).

logcat ``` 06-19 03:43:45.447 3005 4025 I ActivityTaskManager: START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.android.vending/.AssetBrowserActivity bnds=[540,922][760,1176]} from uid 10215 06-19 03:43:45.478 2759 2759 D Zygote : Forked child process 11522 06-19 03:43:45.481 3005 3033 I ActivityManager: Start proc 11522:com.android.vending/u0a120 for pre-top-activity {com.android.vending/com.android.vending.AssetBrowserActivity} 06-19 03:43:45.484 11522 11522 F libc : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x803ba22dac in tid 11522 (main), pid 11522 (main) 06-19 03:43:45.541 11530 11530 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone 06-19 03:43:45.541 2752 2752 I tombstoned: received crash request for pid 11522 06-19 03:43:45.542 11530 11530 I crash_dump64: performing dump of process 11522 (target tid = 11522) 06-19 03:43:45.557 11530 11530 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 06-19 03:43:45.557 11530 11530 F DEBUG : LineageOS Version: '18.1-20240305-NIGHTLY-a5y17lte' 06-19 03:43:45.557 11530 11530 F DEBUG : Build fingerprint: 'samsung/a7y17lteskt/a7y17lteskt:9/PPR1.180610.011/A720SKSU5CUJ2:user/release-keys' 06-19 03:43:45.557 11530 11530 F DEBUG : Revision: '0' 06-19 03:43:45.557 11530 11530 F DEBUG : ABI: 'arm64' 06-19 03:43:45.558 11530 11530 F DEBUG : Timestamp: 2024-06-19 03:43:45+0200 06-19 03:43:45.558 11530 11530 F DEBUG : pid: 11522, tid: 11522, name: main >>> zygote64 <<< 06-19 03:43:45.558 11530 11530 F DEBUG : uid: 0 06-19 03:43:45.558 11530 11530 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x803ba22dac 06-19 03:43:45.558 11530 11530 F DEBUG : x0 0000000000000004 x1 0000000000000000 x2 0000000000000000 x3 0000000000000000 06-19 03:43:45.558 11530 11530 F DEBUG : x4 0000000000000010 x5 0000000000000004 x6 fefeff7ec69f247f x7 7f7f7f7fffff7fff 06-19 03:43:45.558 11530 11530 F DEBUG : x8 000000803ba22db8 x9 6c331aacebcaa2d3 x10 0000007a6f88afe4 x11 00000000000000c1 06-19 03:43:45.559 11530 11530 F DEBUG : x12 00000000fffffffa x13 0a20302030303a30 x14 0000000000000004 x15 000038ad2a26b45a 06-19 03:43:45.559 11530 11530 F DEBUG : x16 0000007a6f897cd0 x17 0000007a6f818b08 x18 0000007a73008000 x19 00000077d33feb00 06-19 03:43:45.559 11530 11530 F DEBUG : x20 000000791d5db888 x21 00000077d33fbbab x22 0000007a72c1c000 x23 0000007fc7a024f8 06-19 03:43:45.559 11530 11530 F DEBUG : x24 65646e696262696c x25 000000006f732e72 x26 00000077d5999b68 x27 0000007fc7a02848 06-19 03:43:45.559 11530 11530 F DEBUG : x28 0000000000000005 x29 0000007fc7a02600 06-19 03:43:45.559 11530 11530 F DEBUG : lr 00000077d33fc3f0 sp 0000007fc7a024d0 pc 00000077d33fc400 pst 0000000020000000 06-19 03:43:45.725 11530 11530 F DEBUG : backtrace: 06-19 03:43:45.726 11530 11530 F DEBUG : #00 pc 0000000000001400 /memfd:jit-cache (deleted) 06-19 03:43:45.726 11530 11530 F DEBUG : #01 pc 000000000002fa58 /system/lib64/libzygisk.so (BuildId: b4c7d85e83f5b20e40d07cc293f9467b13eb1132) 06-19 03:43:45.726 11530 11530 F DEBUG : #02 pc 000000000002fbdc /system/lib64/libzygisk.so (BuildId: b4c7d85e83f5b20e40d07cc293f9467b13eb1132) 06-19 03:43:45.726 11530 11530 F DEBUG : #03 pc 000000000002ff00 /system/lib64/libzygisk.so (BuildId: b4c7d85e83f5b20e40d07cc293f9467b13eb1132) 06-19 03:43:45.726 11530 11530 F DEBUG : #04 pc 0000000000031b14 /system/lib64/libzygisk.so (BuildId: b4c7d85e83f5b20e40d07cc293f9467b13eb1132) 06-19 03:43:45.726 11530 11530 F DEBUG : #05 pc 000000000022ae90 /system/framework/arm64/boot-framework.oat (art_jni_trampoline+496) (BuildId: f33702432fa9aa7636371ce9429cb50205dae51d) 06-19 03:43:45.726 11530 11530 F DEBUG : #06 pc 00000000008aa870 /system/framework/arm64/boot-framework.oat (com.android.internal.os.Zygote.forkAndSpecialize+208) (BuildId: f33702432fa9aa7636371ce9429cb50205dae51d) 06-19 03:43:45.726 11530 11530 F DEBUG : #07 pc 00000000008af1b8 /system/framework/arm64/boot-framework.oat (com.android.internal.os.ZygoteConnection.processOneCommand+2088) (BuildId: f33702432fa9aa7636371ce9429cb50205dae51d) 06-19 03:43:45.726 11530 11530 F DEBUG : #08 pc 00000000008b4a80 /system/framework/arm64/boot-framework.oat (com.android.internal.os.ZygoteServer.runSelectLoop+1904) (BuildId: f33702432fa9aa7636371ce9429cb50205dae51d) 06-19 03:43:45.726 11530 11530 F DEBUG : #09 pc 00000000008b1108 /system/framework/arm64/boot-framework.oat (com.android.internal.os.ZygoteInit.main+2136) (BuildId: f33702432fa9aa7636371ce9429cb50205dae51d) 06-19 03:43:45.726 11530 11530 F DEBUG : #10 pc 00000000001337e8 /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: c3599d7ca2ff9b5eaf3b675100bd51be) 06-19 03:43:45.726 11530 11530 F DEBUG : #11 pc 00000000001a9804 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+228) (BuildId: c3599d7ca2ff9b5eaf3b675100bd51be) 06-19 03:43:45.726 11530 11530 F DEBUG : #12 pc 000000000055cc80 /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+448) (BuildId: c3599d7ca2ff9b5eaf3b675100bd51be) 06-19 03:43:45.726 11530 11530 F DEBUG : #13 pc 000000000055d144 /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+92) (BuildId: c3599d7ca2ff9b5eaf3b675100bd51be) 06-19 03:43:45.726 11530 11530 F DEBUG : #14 pc 000000000043f6bc /apex/com.android.art/lib64/libart.so (art::JNI::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+652) (BuildId: c3599d7ca2ff9b5eaf3b675100bd51be) 06-19 03:43:45.726 11530 11530 F DEBUG : #15 pc 000000000009948c /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+124) (BuildId: 3efff8ec8941fecce60c077a7eeb0e3a) 06-19 03:43:45.726 11530 11530 F DEBUG : #16 pc 00000000000a0a0c /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector const&, bool)+844) (BuildId: 3efff8ec8941fecce60c077a7eeb0e3a) 06-19 03:43:45.726 11530 11530 F DEBUG : #17 pc 0000000000003570 /system/bin/app_process64 (main+1320) (BuildId: aeddd4ca668825907c472e6e9dbc7492) 06-19 03:43:45.726 11530 11530 F DEBUG : #18 pc 0000000000049a34 /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+108) (BuildId: 1e3cd92e7917e47dea90b202e498fb1a) 06-19 03:43:45.862 2752 2752 E tombstoned: Tombstone written to: /data/tombstones/tombstone_04 06-19 03:43:45.866 3005 3038 I BootReceiver: Copying /data/tombstones/tombstone_04 to DropBox (SYSTEM_TOMBSTONE) 06-19 03:43:45.867 3005 3038 I DropBoxManagerService: add tag=SYSTEM_TOMBSTONE isTagEnabled=true flags=0x2 06-19 03:43:45.871 3005 11534 I DropBoxManagerService: add tag=system_app_native_crash isTagEnabled=true flags=0x2 06-19 03:43:45.878 11522 11522 W main : type=1701 audit(0.0:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=u:r:zygote:s0 exe="/system/bin/app_process64" sig=11 06-19 03:43:45.883 3005 3032 W BroadcastQueue: Background execution not allowed: receiving Intent { act=android.intent.action.DROPBOX_ENTRY_ADDED flg=0x10 (has extras) } to com.google.android.gms/.stats.service.DropBoxEntryAddedReceiver 06-19 03:43:45.896 0 0 I [2: init: 1] init: Untracked pid 11530 exited with status 0 06-19 03:43:45.889 2759 2759 I Zygote : Process 11522 exited due to signal 11 (Segmentation fault) 06-19 03:43:45.905 0 0 I [2: init: 1] init: Untracked pid 11532 exited with status 0 ```

(nothing in zygisk-detach log)

tombstone

maps.txt after resetting detach list

(opened new issue instead, see #47)