Closed ArchangeGabriel closed 5 years ago
I tried installing Droidguard from https://github.com/ThibG/android_packages_apps_RemoteDroidGuard/tree/aarch64 (the unmerged pull request).
hmm. Nexus5,lineage-14.1-20180920,Magisk-v17.1,Nanodroid-18.3.1.20180921+microg core 0.2.6.13280, Safetynet Passed.
If GPS has been turn OFF, I could sign in for Pokemon GO. But if GPS has been turn ON, I could not do it(This device, OS, or software is not compatible with Pokemon GO.).
i don't see how you could've possibly gotten it to work.
Moto g4 plus, lineage-microg 14.1.
So I got several "safetynet failed" results, decided to backup, wipe, and reflash. Now all I get are error 14/etc.
Removing /system/priv-app/droidguard.apk (I forgot to put in a subfolder) made no difference.
I tried installing Magisk Nanodroid (microG sub module) on top of Lineage-microG and uninstalling my user Droidguard, now microG crashes immediately with error:
Process: com.google.android.gms.unstable, PID: 6480
java.lang.NullPointerException: Attempt to invoke virtual method 'android.content.res.Configuration android.content.res.Resources.getConfiguration()' on a null object reference
at android.app.ActivityThread.updateLocaleListFromAppContext(ActivityThread.java:5115)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:5340)
at android.app.ActivityThread.-wrap2(ActivityThread.java)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1564)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:154)
at android.app.ActivityThread.main(ActivityThread.java:6186)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:889)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:779)
Both nanodroid and 0.2.6.13280-dirty (git) have same error.
edit: i got safetynet to pass Basic but not CTS Profile. Unfortunately MicroG failed to generate a Play ID.
@jimbo1qaz I would like to confirm just in case; are you applying NanoDroid-patcher? it's needed by signature spoofing for microg. Also, is "Google SafetyNet" that on microG Setting, set to Enabled? it's necessary to use Safetynet API.
Can you explain your exact setup? I'm guessing:
Where did you get microg core 0.2.6.13280 apk? Manually compile, or is there a CI build artifact repo with all .apk builds?
@jimbo1qaz Nexus5 hammerhead (16GB) Flash zip(TWRP 3.2.3-0):
I used the droidGuard helper apk suggested at this comment by @nanolx and enabled safetynet in microG settings. I then used the SafetyNet Test
app from playstore, through Aurora store.
My results were SafetyNet request: Success Response Signature Validation: Success Basic Integrity: Success CTS Profile match: Fail
I 'm guessing this means that the PR works - because of the response signature success - but something else I did fails? Or maybe something else apart from droid guard helper needs fixing?
P.S. I am using this ROM for the Galaxy S5 Neo that I compiled through the L4mG docker ci/cd image through those steps. I didn't install/flash any extra system modifications (root, magisk, Xposed or anything else).
P.P.S. cc'ing @ArchangeGabriel because of this comment.
I probably missed something, as I 'm still learning but hope the feedback can still be helpful.
CTS Profile is the extended check. If you're on a Galaxy device with unlocked Bootloader, that will trip KNOX and thus CTS Profile match fails as the device is seen as tinkered. So that is not an issue, but the correct result.
The only way around this is Magisk.
@Nanolx This comment on the LineageOS subreddit, saying that knox is not checked by SafetyNet, prompted me to check after I went back to official LineageOs and gapps and frdoid on my S5Neo. When I rerun SafetyNet check everything passed, including CTS Profile match. I 'd guess this should rule out tripped knox as the reason why CTS Profile match failed since now it is passing while I still have a custom ROM and recovery installed.
Unfortunately I no longer have LinageOs with microg installed on the phone to try to debug this (on top of that I wouldn't know where to begin). Just posting here to inform that this problem had to do with safetynet and not knox.
Well for me none of the proposed solutions work. I'm on LineageOS 14.1 unofficial for SM-A300FU. The logcat output also shows DroidHelper crashing and I have the ApiException[14] 14:
with the SafetyNet Sample app.
The logcat output:
01-19 16:10:45.879 4845 4845 D SafetyNetHelperSAMPLE: SafetyNet start request
01-19 16:10:45.881 4845 4845 D SafetyNetHelper: apkCertificateDigests:[MZNsDhz8VAJMmFxPPso38ZRvZE6r7VIyzUqypkakG8E=]
01-19 16:10:45.881 4845 4845 V SafetyNetHelper: running SafetyNet.API Test
01-19 16:10:45.979 5113 5132 D NetworkSecurityConfig: No Network Security Config specified, using platform default
01-19 16:10:45.980 5113 5132 W System : ClassLoader referenced unknown path: /system/framework/tcmclient.jar
01-19 16:10:46.010 5113 5132 D GmsDroidguardHelper: -- Request --
01-19 16:10:46.010 5113 5132 D GmsDroidguardHelper: DGRequest{usage=DGUsage{type=attest, packageName=com.google.android.gms}, info=[KeyValuePair{key=BOARD, val=MSM8916}, KeyValuePair{key=BOOTLOADER, val=A300FUXXU1CPH3}, KeyValuePair{key=BRAND, val=samsung}, KeyValuePair{key=CPU_ABI, val=armeabi-v7a}, KeyValuePair{key=CPU_ABI2, val=armeabi}, KeyValuePair{key=SUPPORTED_ABIS, val=armeabi-v7a,armeabi}, KeyValuePair{key=DEVICE, val=a3ulte}, KeyValuePair{key=DISPLAY, val=lineage_a3ltexx-userdebug 7.1.2 N2G47O e45ef2b5f5 test-keys}, KeyValuePair{key=FINGERPRINT, val=samsung/a3ltexx/a3ulte:7.1.2/N2G47O/e45ef2b5f5:user/release-keys}, KeyValuePair{key=HARDWARE, val=qcom}, KeyValuePair{key=HOST, val=winkarbik}, KeyValuePair{key=ID, val=N2G47O}, KeyValuePair{key=MANUFACTURER, val=samsung}, KeyValuePair{key=MODEL, val=SM-A300FU}, KeyValuePair{key=PRODUCT, val=a3ltexx}, KeyValuePair{key=RADIO, val=unknown}, KeyValuePair{key=SERIAL, val=a7405641}, KeyValuePair{key=TAGS, val=release-keys}, KeyValuePair{key=TIME, val=1495735494000}, KeyValuePair{key=TYPE, val=user}, KeyValuePair{key=USER, val=jenkins}, KeyValuePair{key=CODENAME, val=REL}, KeyValuePair{key=INCREMENTAL, val=e45ef2b5f5}, KeyValuePair{key=RELEASE, val=7.1.2}, KeyValuePair{key=SDK, val=25}, KeyValuePair{key=SDK_INT, val=25}], versionNamePrefix=13.2.80 (040300-{{cl}}), isGoogleCn=false, enableInlineVm=true, cached=[ByteString[size=20 md5=c7c36e1888f2d6fc56d4fcb1705c6b2e]], currentVersion=3, arch=armv7l}
01-19 16:10:46.338 5113 5132 D GmsDroidguardHelper: Using cached file from /data/user/0/org.microg.gms.droidguard/app_dg_cache/d24334ada8172475d4470af3fefe3d369f2698f5/the.apk
01-19 16:10:46.699 5113 5132 F art : art/runtime/oat_quick_method_header.cc:55] Failed to find Dex offset for PC offset 0x8ca84c6b(PC 0x0, entry_point=0x7357b395 current entry_point=0x7357b395) in java.nio.charset.CharsetDecoder java.nio.charset.CharsetICU.newDecoder()
01-19 16:10:46.702 5113 5132 F libc : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x32627844 in tid 5132 (Thread-2)
01-19 16:10:46.703 263 263 W : debuggerd: handling request: pid=5113 uid=10069 gid=10069 tid=5132
01-19 16:10:46.700 5136 5136 I debuggerd: type=1400 audit(0.0:730): avc: denied { read } for uid=0 name="the.apk" dev="mmcblk0p27" ino=41145 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=1
01-19 16:10:46.700 5136 5136 I debuggerd: type=1400 audit(0.0:730): avc: denied { open } for uid=0 path="/data/data/org.microg.gms.droidguard/app_dg_cache/d24334ada8172475d4470af3fefe3d369f2698f5/the.apk" dev="mmcblk0p27" ino=41145 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=1
01-19 16:10:46.700 5136 5136 W debuggerd: type=1300 audit(0.0:730): arch=40000028 syscall=322 per=800008 success=yes exit=9 a0=ffffff9c a1=b6ac1150 a2=20000 a3=0 items=0 ppid=263 ppcomm=debuggerd auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) exe="/system/bin/debuggerd" subj=u:r:debuggerd:s0 key=(null)
01-19 16:10:46.700 262 262 W auditd : type=1320 audit(0.0:730):
01-19 16:10:46.700 5136 5136 I debuggerd: type=1400 audit(0.0:731): avc: denied { getattr } for uid=0 path="/data/data/org.microg.gms.droidguard/app_dg_cache/d24334ada8172475d4470af3fefe3d369f2698f5/the.apk" dev="mmcblk0p27" ino=41145 scontext=u:r:debuggerd:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=1
01-19 16:10:46.700 5136 5136 W debuggerd: type=1300 audit(0.0:731): arch=40000028 syscall=197 per=800008 success=yes exit=0 a0=9 a1=bebaf7e0 a2=712048dd a3=0 items=0 ppid=263 ppcomm=debuggerd auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) exe="/system/bin/debuggerd" subj=u:r:debuggerd:s0 key=(null)
01-19 16:10:46.700 262 262 W auditd : type=1320 audit(0.0:731):
01-19 16:10:46.729 5136 5136 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-19 16:10:46.729 5136 5136 F DEBUG : LineageOS Version: '14.1-20170525-UNOFFICIAL-a3ltexx'
01-19 16:10:46.729 5136 5136 F DEBUG : Build fingerprint: 'samsung/a3ltexx/a3ulte:7.1.2/N2G47O/e45ef2b5f5:user/release-keys'
01-19 16:10:46.729 5136 5136 F DEBUG : Revision: '1'
01-19 16:10:46.729 5136 5136 F DEBUG : ABI: 'arm'
01-19 16:10:46.729 5136 5136 F DEBUG : pid: 5113, tid: 5132, name: Thread-2 >>> com.google.android.gms.unstable <<<
01-19 16:10:46.729 5136 5136 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x32627844
01-19 16:10:46.733 5136 5136 F DEBUG : Abort message: 'art/runtime/oat_quick_method_header.cc:55] Failed to find Dex offset for PC offset 0x8ca84c6b(PC 0x0, entry_point=0x7357b395 current entry_point=0x7357b395) in java.nio.charset.CharsetDecoder java.nio.charset.CharsetICU.newDecoder()'
01-19 16:10:46.733 5136 5136 F DEBUG : r0 30376562 r1 b426d140 r2 0001000a r3 b2ce61cf
01-19 16:10:46.733 5136 5136 F DEBUG : r4 646c6568 r5 b2ce61c4 r6 00006953 r7 b426d140
01-19 16:10:46.733 5136 5136 F DEBUG : r8 b2b46328 r9 b3dc0497 sl b2ce61cf fp 32627830
01-19 16:10:46.733 5136 5136 F DEBUG : ip b4178b40 sp b2ce6168 lr b3dc34f7 pc b3dfaea6 cpsr 000b0030
01-19 16:10:46.745 5136 5136 F DEBUG :
01-19 16:10:46.745 5136 5136 F DEBUG : backtrace:
01-19 16:10:46.745 5136 5136 F DEBUG : #00 pc 000e8ea6 /system/lib/libart.so (_ZN3art11ClassLinker16FindOatMethodForEPNS_9ArtMethodEPb+349)
01-19 16:10:46.745 5136 5136 F DEBUG : #01 pc 000b14f3 /system/lib/libart.so (_ZN3art9ArtMethod23GetOatQuickMethodHeaderEj+158)
01-19 16:10:46.745 5136 5136 F DEBUG : #02 pc 00328ced /system/lib/libart.so (_ZN3art12StackVisitor9WalkStackEb+120)
01-19 16:10:46.745 5136 5136 F DEBUG : #03 pc 0024d89f /system/lib/libart.so (_ZN3art9JNIEnvExt19CheckNoHeldMonitorsEv+58)
01-19 16:10:46.745 5136 5136 F DEBUG : #04 pc 003f3a2f /system/lib/libart.so (_ZN3art12JniMethodEndEjPNS_6ThreadE+42)
01-19 16:10:46.745 5136 5136 F DEBUG : #05 pc 0000d02f /data/data/org.microg.gms.droidguard/app_dg_cache/d24334ada8172475d4470af3fefe3d369f2698f5/opt/the.dex (offset 0xc000)
01-19 16:10:47.070 5132 5132 W Thread-2: type=1701 audit(0.0:732): auid=4294967295 uid=10069 gid=10069 ses=4294967295 subj=u:r:priv_app:s0:c512,c768 reason="memory violation" sig=11
01-19 16:10:47.070 1435 1435 I android.ui: type=1400 audit(0.0:733): avc: denied { open } for uid=1000 path="/system/priv-app/DroidGuard/DroidGuard.apk" dev="mmcblk0p24" ino=94589 scontext=u:r:system_server:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1
01-19 16:10:47.086 5136 5136 E : debuggerd: failed to kill process 5113: No such process
01-19 16:10:47.088 1357 1462 I BootReceiver: Copying /data/tombstones/tombstone_02 to DropBox (SYSTEM_TOMBSTONE)
01-19 16:10:47.093 263 263 W : debuggerd: resuming target 5113
01-19 16:10:47.070 1435 1435 W android.ui: type=1300 audit(0.0:733): arch=40000028 syscall=322 per=800008 success=yes exit=242 a0=ffffff9c a1=8ecfec10 a2=20000 a3=0 items=0 ppid=581 ppcomm=main auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=4294967295 tty=(none) exe="/system/bin/app_process32" subj=u:r:system_server:s0 key=(null)
01-19 16:10:47.070 262 262 W auditd : type=1320 audit(0.0:733):
01-19 16:10:47.128 1357 1895 I ActivityManager: Process com.google.android.gms.unstable (pid 5113) has died
01-19 16:10:47.128 1357 1895 D ActivityManager: cleanUpApplicationRecord -- 5113
01-19 16:10:47.129 581 581 I Zygote : Process 5113 exited due to signal (11)
01-19 16:10:47.131 1357 1895 W ActivityManager: Scheduling restart of crashed service org.microg.gms.droidguard/.RemoteDroidGuardService in 1000ms
01-19 16:10:47.135 4845 4845 E SafetyNetHelperSAMPLE: ApiException[14] 14:
01-19 16:10:47.149 1357 4891 I OpenGLRenderer: Initialized EGL, version 1.4
01-19 16:10:47.149 1357 4891 D OpenGLRenderer: Swap behavior 1
01-19 16:10:47.164 1357 4891 E linker : readlink("/proc/self/fd/261") failed: Permission denied [fd=261]
01-19 16:10:47.164 1357 4891 E linker : warning: unable to get realpath for the library "/system/lib/hw/gralloc.msm8916.so". Will use given path.
01-19 16:10:48.144 1357 1432 I ActivityManager: Start proc 5140:com.google.android.gms.unstable/u0a69 for service org.microg.gms.droidguard/.RemoteDroidGuardService
01-19 16:10:48.154 290 325 I Magisk : proc_monitor: org.microg.gms.droidguard/.RemoteDroidGuardService PID=[5140] ns=[4026534892]
01-19 16:10:48.210 5140 5140 I main : type=1400 audit(0.0:734): avc: denied { read } for uid=10069 name="u:object_r:spcomlib_prop:s0" dev="tmpfs" ino=2456 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:spcomlib_prop:s0 tclass=file permissive=1
01-19 16:10:48.210 5140 5140 W main : type=1300 audit(0.0:734): arch=40000028 syscall=334 per=800008 success=yes exit=0 a0=ffffff9c a1=befddb8c a2=4 a3=0 items=0 ppid=581 ppcomm=main auid=4294967295 uid=10069 gid=10069 euid=10069 suid=10069 fsuid=10069 egid=10069 sgid=10069 fsgid=10069 ses=4294967295 tty=(none) exe="/system/bin/app_process32" subj=u:r:priv_app:s0:c512,c768 key=(null)
01-19 16:10:48.210 262 262 W auditd : type=1320 audit(0.0:734):
01-19 16:10:48.218 5140 5140 I art : Late-enabling -Xcheck:jni
01-19 16:10:48.248 5140 5140 I art : Starting a blocking GC AddRemoveAppImageSpace
01-19 16:10:48.249 5140 5140 W System : ClassLoader referenced unknown path: /system/priv-app/DroidGuard/lib/arm
Also have Magisk v18.0 hiding DroidGuard as proposed by @Nanolx in https://github.com/microg/android_packages_apps_RemoteDroidGuard/pull/19#issuecomment-449368819
Official DroidGuard Helper won't work, you need a build with this pull request here merged. Everything fine with that.
I have installed that one and the problem persists... I'll try a clean install and report back if that works.
After several tests my conclusion is: LineageOS 14.1 for A300FU doesn't pass SafetyNet under any of the conditions I tested so far:
/system/priv-app/
So far, none of the combinations presented above led me to a successful SafetyNet check.
I installed then a modified version of the stock ROM and installed the nanodroid package with microg, then hide DroidGuard with magisk and SafetyNet check passes now. Though the concerned app I thought was affected by safetynet still doesn't work (airfrance app), but the SafetyNet checks are all green.
@kYc0o it won't help you but I also never got SafetyNet working with LineageOS 14.1 either...
@kYc0o I think you need the following two things:
I have added both apk's in a fork of mine and I used them to build LineageOS+microG for s5neoltexx (Galaxy S5 neo). Instructions on how I did it, if needed can be found here.
Hopefully that will help you. In my case it was Lineage 15.1 used as a base instead of 14.1 but I think they can also work for 14.1.
Using that updated droidguard apk and adding droidguard to MagiskHide gives me basicIntegrity: true and ctsProfile: false, which is enough for some apps
Thanks @Iolaum for your insight! Actually I also own a S5 neo, although I still prefer the A300FU.
Do you have the compiled apk's of those packages? I couldn't find them and I'd like to check if th md5 matches the versions I have currently installed.
I'll also test your build asap on my s5 neo.
@kYc0o I 've already put those apk in my repository which is linked on my previous post.
You can also get those apk's with the following Linux shell commands:
$ wget https://nanolx.org/fdroid/repo/GmsCore_23.apk
...
$ md5sum GmsCore_23.apk
0eb42417c1f95e8c954887558b214ff9 GmsCore_23.apk
$ wget https://nanolx.org/fdroid/repo/DroidGuard_0.apk
...
$ md5sum DroidGuard_0.apk
ea538b995a7bd6143970101458852c94 DroidGuard_0.apk
That is where I got them from.
Update: It looks like there's a newer version GmsCore_23
of the GmsCore from Nanolx.
Well, it turns that's the version I have:
a3ulte:/ $ md5sum /system/priv-app/GmsCore/GmsCore.apk
6400f03950b3f1d49a68a7ec10f50d04 /system/priv-app/GmsCore/GmsCore.apk
a3ulte:/ $ md5sum /system/app/DroidGuard/DroidGuard.apk
ea538b995a7bd6143970101458852c94 /system/app/DroidGuard/DroidGuard.apk
Actually in my current ROM (SEP 8.5) SafetyNet is all green, but my airfrance app doesn't log in. I guess that problem is related to other things and not to SafetyNet. In #691 I explain more in detail the issue.
Thanks a lot for your help!
@ale5000-git could you close this issue? It's about the old bug fixed by https://github.com/microg/android_packages_apps_RemoteDroidGuard/pull/19
Somewhere around friday morning, SafetyNet started failing (
CTS Profile match: false
, butBasic Integrity: true
). I have not changed anything on my device (OP5T, OmniROM, no root or whatsoever) between the time it worked and the time it stopped working, and I’ve tested on my old phone (OPO) on which it does not work either (but I had to reinstall on OmniROM on it and it has alsoBasic Integrity: false
).Is anyone else confirming? If not, what should I look for? If yes, I suppose this is due to some DroidGuard update that now detects μG?