Want to share, need testimonies

[kormax]

Hello,

I'm the creator of the osaifu-keitai repo referenced here. Found your project while browsing GitHub. I think it's worth leaving a link to this tool in the osaifu-keitai tutorial to direct more people here.

What models are confirmed to be working with this mod? Need a warning before sending regular users here. From what I read you've checked a Pixel 4, would be great to know if someone else takes a shot and succeeds.

I am also wondering if felica.cfg is present on all pixel models >= 4 in all cases, or if there are cases where appending a flag to the end of the file wouldn't work (for instance, if a file has no info about eSE configuration).

[jjyao88]

Hi, It's welcome to share my repo in yours👍

Till now, only Pixel 4 XL (coral) running on Android 13 and Pixel 8 Pro (husky) running on Andoird 14 have been tested, and only two different Pixel 4 XL devices are confirmed to be working.

On Pixel 8 Pro, although Google Wallet New UI is unlocked and can pass through the error "This app contains configuration files for services in Japan and has no menu items" in the Osaiku-kentai app, There is a new issue that I'm currently investigating. During initial setup in the Osaiku-kentai app it will pop up "Not available on this device" error. You can watch the video from @jeffepng3 for further details

It seems there's another factor that blocks Mobile Felica enablement apart from patching PixelNfc.apk and felica/common.cfg on Pixel 8 series.

For last question, felica/common.cfg is confirmed to be presented on all pixel models >= 3. You can check out Google vendor trees if you are interested.

[kormax]

Thanks for the source trees, didn't know about them. Will look into that.

Regarding the Pixel 8 series problems:

Just a random guess. Did that person try installing old (summer) versions of the Osaifu-Kaitai stack?

I mean, it's not out of the realm of possibility that they could have added extra checks after the news broke out.

Also wonder, if that doesn't help, if modding a model number (method 1) could help. Because if this doesn't help, Google could have started locking out FeliCa applets on global Pixel 8 models.

I have a theory that applet presence can actually be checked even without root. If you try reading one phone with another via some felica reader app (on Android, NXP app works, but you have to disable NFC types other than "F" in app settings, it should show the "personalization" system code "05fe" (it showed on my phone before I did the initialization, after what it disappeared).

[jjyao88]

I have a theory that applet presence can actually be checked even without root. If you try reading one phone with another via some felica reader app (on Android, NXP app works, but you have to disable NFC types other than "F" in app settings, it should show the "personalization" system code "05fe" (it showed on my phone before I did the initialization, after what it disappeared).

Felica applet is still there on Pixel 8 from @jeffpeng3 testing, still could be a hope

[kormax]

Yeah, looks like it. Even the PMM and IDM prefixes look the same as I had on my 7's before perso, so there's hope for sure.

[kormax]

By the way, I had one person tell me that on their Pixel 6 they've also encountered an error on that screen. So instead of updating the file, they reverted the file and only patched an APK.

Perhaps for newer models (6+) Osaifu-Keitai performs a common.cfg integrity check (via a sha hash hidden somewhere), it is entirely possible as from what I've seen in code, Pixel support is sometimes mentioned as a separate case from other android phones (PIXEL something in some enums inside of Osaifu-Keitai app). It could have also been a new addition, to try and curb modding.

[jjyao88]

The error seems to be occurred from this.mfiAdmin.initialize(this.linkageData[0], new InitializeCallback()); in Osaifu-Keitai Setting Application app.

Decompiled Code

public synchronized void initializeFelica(FelicaInitializeListener felicaInitializeListener) throws FelicaAccessException, InterruptedException {
        this.count = new CountDownLatch(1);
        this.fiListener = felicaInitializeListener;
        try {
            try {
                this.mfiAdmin.getLinkageDataList(3, null, new LinkageCallback());
            } catch (Exception e) {
                throw new FelicaAccessException(e, this._context.logMgr.out(LogMgr.CatExp.ERR, this, e), 1);
            }
        } catch (MfiClientException e2) {
            assortException(e2);
        }
        try {
            try {
                this.count.await();
                if (this.linkageData != null) {
                    this.count = new CountDownLatch(1);
                    this.mfiAdmin.initialize(this.linkageData[0], new InitializeCallback()); // from here
                    this.count.await();
                }
            } catch (MfiClientException e3) {
                assortException(e3);
            }
        } catch (InterruptedException unused) {
            throw new InterruptedException("InterruptedException");
        }
    }

public synchronized void initialize(String str, InitializedEventCallback initializedEventCallback) throws IllegalArgumentException, MfiClientException {
        LogMgr.log(3, "000");
        if (str == null) {
            LogMgr.log(2, "700 linkageData is null.");
            throw new IllegalArgumentException("The specified LinkageData is null or invalid.");
        } else if (str.isEmpty()) {
            LogMgr.log(2, "701 linkageData is empty.");
            throw new IllegalArgumentException("The specified LinkageData is null or invalid.");
        } else if (initializedEventCallback == null) {
            LogMgr.log(2, "702 callback is null.");
            throw new IllegalArgumentException("The specified Callback is null.");
        } else {
            this.mMfiClientAccess.checkActivated();
            this.mMfiClientAccess.checkMfiAdminLoggedIn(this);
            this.mMfiClientAccess.startOnline(initializedEventCallback);
            try {
                try {
                    MfiUtil.checkMfcResult(this.mMfiClientAccess.getIMfiFelica().initialize(str, new LocalIInitializedEventCallback()));
                    LogMgr.log(3, "999");
                } catch (FelicaException e) {
                    LogMgr.log(2, "703 " + e.toString() + " id:" + e.getID() + " type:" + e.getType());
                    this.mMfiClientAccess.stopOnline();
                    throw new MfiClientException(e);
                } catch (IllegalArgumentException e2) {
                    LogMgr.log(2, "704 " + e2.toString());
                    this.mMfiClientAccess.stopOnline();
                    throw e2;
                }
            } catch (Exception e3) {
                LogMgr.log(2, "705 Other Exception");
                LogMgr.printStackTrace(7, e3);
                this.mMfiClientAccess.stopOnline();
                throw new MfiClientException(1, MfiClientException.TYPE_MFICLIENT_REMOTE_ACCESS_FAILED, null);
            }
        }
    }

[kormax]

I remember this piece of code from my initial investigation, as I've also managed to get to the "Device not supported" screen when initializing Osaifu-Keitai via google wallet even before going for rooting, as that's the first and only Osaifu-Keitai screen you meet if you set up via Google Wallet.

Don't have much time to re-visit this rabbit hole of a codebase right now, so the following is based on my vague memories: The actual check you mention, if I remember correctly, happens deeper than that. I also remember that one of the methods in Callback or Listener (or maybe other) class is responsible for updating the progress bar, by passing in whole numbers 1, 2, 3. I think that a problematic check happens shortly before or after a method call with value "3".

Anyway, even apart from looking here, I think it's worth for someone to attempt an activation like I described in a previous message - only by patching an apk without cfg modification.

[jjyao88]

By the way, I had one person tell me that on their Pixel 6 they've also encountered an error on that screen. So instead of updating the file, they reverted the file and only patched an APK.

Perhaps for newer models (6+) Osaifu-Keitai performs a common.cfg integrity check (via a sha hash hidden somewhere), it is entirely possible as from what I've seen in code, Pixel support is sometimes mentioned as a separate case from other android phones (PIXEL something in some enums inside of Osaifu-Keitai app). It could have also been a new addition, to try and curb modding.

No luck, the tester (@jeffpeng8) has tried removed cfg modification and only keep patched app. Osaifu-Keitai app will pop up "This app contains configuration files for services in Japan and has no menu items" error instead.

[starks]

I've been working on a module that only touches the common.cfg. I've had no issues initializing Osaifu-Keitai or having what appears to be a working Japanese Wallet.

[kormax]

On Pixel 4, right? Or another model, which would be even more interesting.

I wonder what the person with Pixel 6 had problems with, perhaps for 6+ the are extra checks and logic?

[kormax]

Sorry, didn't notice the link in the comment.

I knew the config only way worked! Great stuff. Still wonder what mistakes did the person with Pixel 6 do, as AFAIK it should be identical to 7 and 8.

[kormax]

I see that instead of just adding a line you're also removing references to other keys. I think it could be a key to why there were mixed results.

BTW, this needs to be checked, but the fields with long values are responsible for eSE configuration. Due to their secure nature eSE's can intentionally brick themselves if a device tries to do something weird to it (for instance, a hacker attempting to send some modified commands), so it's important to verify that those keys are identical between models before advising anyone to try the mods on unverified devices. This can be done by looking ad device trees the repo owner posted in this thread.

[kormax]

I've taken a quick look.

There's indeed a difference between cheetah and coral in one of such fields.

Best case scenario of mismatch it just doesn't let the initialization happen, worst case - it locks the eSE or does something weird.

[jjyao88]

I've been working on a module that only touches the common.cfg. I've had no issues initializing Osaifu-Keitai or having what appears to be a working Japanese Wallet.

An interesting approach. Does fixing 02020001 field, aka MOBILE_DEVICE_INFORMATION_KEY to a specific working model make it pass the initial setup?

The tester (@jeffpeng8) just told me that after installing the module from @starks and pass initialization though Osaifu-Keitai Setting Application.

And then switch back to my module, reset the apps and try again, no initial setup shows up and he manage to get in to the Osaifu-Keitai app's main screen successfully. (Also confirmed Osaifu-Keitai Setting Application is no longer needed after first time)

[starks]

I've been working on a module that only touches the common.cfg. I've had no issues initializing Osaifu-Keitai or having what appears to be a working Japanese Wallet.

An interesting approach. Does fixing 02020001 field, aka MOBILE_DEVICE_INFORMATION_KEY to a specific working model make it pass the initial setup?

I'm not familiar with that field or valid values.  All I know is that setting 00000018 to 1 is enough to pass the initial setup. Don't think FeliCa even cares about SKU after that.

[kormax]

Did some magic to extract all configs for easy comparison:

Consumer name	Codename	00000001	00000002	00000003	00000004	00000005	00000010	00000011	00000012	00000013	02020001	02030001	02030002	02030003	00000014	00000015	00000016
Pixel 3	crosshatch	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1			3030373030320000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://.../isJapanSku	is_japan_sku	0001
Pixel 3 XL	blueline	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1			3030373030310000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end
Pixel 3a	sargo	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1			3030373030340000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end
Pixel 3a XL	bonito	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1			3030373030330000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end
Pixel 4	flame	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373030360000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel 4 XL	coral	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373030350000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel 4a	sunfish	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373030370000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel 4a 5G	bramble	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373030380000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel 5	redfin	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373030390000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel 5a	barbet	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373031300000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel 6	oriole	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373031310000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel 6 Pro	raven	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373031320000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel 6a	bluejay	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373031340000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel 7	panther	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373031350000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel 7 Pro	cheetah	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373031360000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel 7a	lynx	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373031370000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel Fold	felix	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373031380000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel 8	shiba	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373032300000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001
Pixel 8 Pro	husky	100008	000068	com.android.chrome	com.android.vending	1	1	eSE1	1	1	3030373031390000000000	0	0	intent:#Intent;action=android.settings.NFC_SETTINGS;end	content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku	is_japan_sku	0001

It seems. to me that all values in the MOBILE_DEVICE_INFORMATION_KEY are different, so is if @starks didn't encounter any issues, it may not be as important as I thought, as I assume if it were it would've broken their device.

Anyway, I think that if such script/module is done, it still should only try to modify the original file instead of doing the full rewrite, as we're not 100% sure if mismatch of any of the keys can cause any negative effects.

[jjyao88]

Anyway, I think that if such script/module is done, it still should only try to modify the original file instead of doing the full rewrite, as we're not 100% sure if mismatch of any of the keys can cause any negative effects.

Since Pixel 8 series is released within a month, is there any possibility because Felica company hasn't updated their device applicable list, yet which causes Pixel 8 series user cannot pass initial setup?

[starks]

My 8 Pro passes just fine with my module.

[jjyao88]

My 8 Pro passes just fine with my module.

Yes, in your modification you change your Pixel 8 Pro's MOBILE_DEVICE_INFORMATION_KEY to the one on Pixel 7 Because of that, it makes me curious about it.

[starks]

Disabled my module. Osaifu fails to init. Edited my module to 3030373031390000000000. Osaifu works.

I don't think MOBILE_DEVICE_INFORMATION_KEY matters.

[jjyao88]

There is a new issue that I'm currently investigating. During initial setup in the Osaiku-kentai app it will pop up "Not available on this device" error. You can watch the video from @jeffepng3 for further details

The tester (@jeffpeng8) just told me that after installing the module from @starks and pass initialization though Osaifu-Keitai Setting Application.\n\nAnd then switch back to my module, reset the apps and try again, no initial setup shows up and he manage to get in to the Osaifu-Keitai app's main screen successfully. (Also confirmed Osaifu-Keitai Setting Application is no longer needed after first time) Disabled my module. Osaifu fails to init. Edited my module to 3030373031390000000000. Osaifu works.

I don't think MOBILE_DEVICE_INFORMATION_KEY matters.

Check out my comments and the video above, the initial setup seems to be only occurred when your device hasn't unlocked or enabled Felica before.

Since you have unlocked feica on your device before, the inital setup or the Setting application is no longer needed.

It looks that MOBILE_DEVICE_INFORMATION_KEY could be important during initial setup before Felica enablement.

[kormax]

Yes, the checks for opening the Osaifu-Keitai app and personalising the secure element seem to be a bit different (with some common sub-checks between them), so testing on a device that's already activated does not give much info. Personalisation is a one-way operation which cannot be undone, phone reset and etc won't help.

[kormax]

@jjyao88 I think you should do/post a diff of your cfg and the one @starks does, I think there may be more differences than that key.

[starks]

For additional comparison.

Stock on 8 Pro:

00000001,100008
00000002,000068
00000003,com.android.chrome
00000004,com.android.vending
00000005,1
00000010,1
00000011,eSE1
00000012,1
00000013,1
02020001,3030373031390000000000
02030001,0
02030002,0
02030003,intent:#Intent;action=android.settings.NFC_SETTINGS;end
00000014,content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku
00000015,is_japan_sku
00000016,0001

Module:

00000001,100008
00000002,000068
00000003,com.android.chrome
00000004,com.android.vending
00000005,1
00000010,1
00000011,eSE1
00000012,1
00000013,1
02020001,3030373031390000000000
02030001,0
02030002,0
02030003,intent:#Intent;action=android.settings.NFC_SETTINGS;end
00000016,0001
00000018,1

[jjyao88]

Here comes the cfg comparison between my modification on version 2.1.1 and @starks at commit a0a6458

00000001,100008
00000002,000068
00000003,com.android.chrome
00000004,com.android.vending
00000005,1
00000010,1
00000011,eSE1
00000012,1
00000013,1
10c10
< 02020001,3030373030350000000000
---
> 02020001,3030373031350000000000
02030001,0
02030002,0
02030003,intent:#Intent;action=android.settings.NFC_SETTINGS;end
14,15d13
< 00000014,content://com.google.android.pixelnfc.provider.DeviceInfoContentProvider/isJapanSku
< 00000015,is_japan_sku
00000016,0001
00000018,1

@starks removes 00000014 and 00000015 fields and changes 02020001 field to the value on specific model (Pixel 7)

And I have only appended 00000018,1 to in the end of the file.

[kormax]

I think that simultaneous presence of "00000014 + 00000015" and "00000018" could also be a cause for Osaifu-Keitai detecting that something's not right and failing. Don't remember seeing a check for config integrity in code, but I didn't look too deep TBH, so it could be a reason. Worth trying.

If even that fails, then it could be the model check via config indeed, but I find that unlikely.

[starks]

Removing 02020001 doesn't seem to bother Osaifu-Keitai startup. I truly wonder what's essential.

[kormax]

Removing 02020001 doesn't seem to bother Osaifu-Keitai startup. I truly wonder what's essential.

For starting up the app, only (14, 15 + contentProvider) or 18 or lack of them (14, 15, 18).

For configuring and working with the secure element, for sure some of them, but risking bricking a secure element is not worth finding out.

[jjyao88]

Seems we need more testers to validate these theories.

Because Osaifu-Keitai Setting Application is only showed up for those devives haven't unlocked Felica for the first time. With activated devices, we cannot verify it unfortunately.

[starks]

My module seems to work fine on the 8 Pro with the 8 Pro MDIK for initialization.

https://xdaforums.com/t/best-magisk-module-root-app-for-pixel-8-pro.4636859/post-89121377

[kormax]

Good to know that it worked! Meaning that the problem the other person had with their Pixel 8 could in fact be with the wrongly formed cfg file.

But i still feel that changing the device info 02020001 key is potentially dangerous and unnecessary.

Will be waiting for the owner of this repo to attempt solution similar to yours but without this key changed. I feel that we're closing in on the root issue.

[jjyao88]

My module seems to work fine on the 8 Pro with the 8 Pro MDIK for initialization.

https://xdaforums.com/t/best-magisk-module-root-app-for-pixel-8-pro.4636859/post-89121377

Thanks @starks for the information!

I have updated the module to version 2.2, it introduces patching felica/common.cfg only without touching 02020001 key based on @starks method

[starks]

I've be retooling mine as well to construct a new common.cfg. That should alleviate any concerns about MDIK mismatches.

Is there still a need to rebuild APKs?

On Tue, Oct 24, 2023, 3:55 AM Tony Yao @.***> wrote:

My module seems to work fine on the 8 Pro with the 8 Pro MDIK for initialization.

https://xdaforums.com/t/best-magisk-module-root-app-for-pixel-8-pro.4636859/post-89121377

Thanks @starks https://github.com/starks for the information!

I have updated the module to version 2.2, it introduces patching felica/common.cfg only without touching 02020001 key based on @starks https://github.com/starks method

— Reply to this email directly, view it on GitHub https://github.com/jjyao88/unlock-felica-pixel/issues/3#issuecomment-1776705864, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAH2Y6BT57TVNYL66HD6UDYA5X5ZAVCNFSM6AAAAAA6H5CHYCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONZWG4YDKOBWGQ . You are receiving this because you were mentioned.Message ID: @.***>

[kormax]

I think that there should be no need in patching an APK if cfg is cleared of all references to it.