Closed ClearlyClaire closed 5 years ago
It would probably good to get versions from GmsCore
somehow, but as of now:
EDIT: I guess we could get the versionCode and versionString from GmsCore and “patch it” to the “correct” archs
I guess we could get the versionCode and versionString from GmsCore and “patch it” to the “correct” archs
This was mostly what I meant, to use the 12688xxx
from GmsCore versionCode to create the 12688yyy
and 12.6.88 (zzzzzz-{{cl}})
from it
Pushed a commit to use com.google.android.gms
's version
Shouldn't there be a check that the com.google.android.gms package is actually installed? I'm just used to expect every possible problem :)
@ale5000-git we could, but it's only ever called by GmsCore (which has the com.google.android.gms
package name)
EDIT: (also, the DroidGuard blobs will require com.google.android.gms to be installed anyway)
I haven't checked but is there a code that actually prevent another app from executing it directly?
Since it is often installed as system privileged app it could actually pose security risks if there isn't; an app can exploit possible bugs.
@ale5000-git no, any app with the android.permission.INTERNET
permission can call it. But afaik, the non-free blobs will always query com.google.android.gms
's version, so not having it installed will fail anyways.
Maybe I'm a bit over-zealous, but depending how the "failing" is handled it could potentially pose security risks if the code doesn't terminate completely but continue (maybe a different part of code that doesn't expect a failure) in a partially failed status.
@ale5000-git I'm not too sure what you're suggesting. If com.google.android.gms
isn't found, the code I'm proposing will throw an exception before doing anything. No state to clean up.
Then it is OK. I have opened an issue for the other problem: #20
Just for clarity I think that it would be nice to catch PackageManager.NameNotFoundException and log a proper message.
@ale5000-git afaik, the only way to “properly” abort the call is by throwing an exception, so we have to throw an exception anyway. In this context, I'm not too sure what exception you would want us to rise.
Maybe a custom one?
Example: throw new MissingGmsCore();
Just to see it clearly from the logcat.
With the current code, GmsCore not being found will cause PackageManager.NameNotFoundException
to be thrown. I see no value in redefining our own exception for this.
Seems Google has update the.apk again. SafetyNet attestation crashes any app with the following log
08-13 19:12:44.187 5022 5125 I zygote64: The ClassLoaderContext is a special shared library.
08-13 19:12:44.237 2661 2661 D GmsSafetyNetClientSvc: onBind: Intent { act=com.google.android.gms.safetynet.service.START pkg=com.google.android.gms }
08-13 19:12:44.248 2661 3790 D GmsSafetyNetClientSvc: bound by: GetServiceRequest{serviceId=SAFETY_NET_CLIENT, gmsVersion=7095000, packageName='com.topjohnwu.magisk', extras=Bundle[{}]}
08-13 19:12:44.318 4869 5141 D GmsDroidguardHelper: -- Request --
08-13 19:12:44.318 4869 5141 D GmsDroidguardHelper: DGRequest{usage=DGUsage{type=attest, packageName=com.google.android.gms}, info=[KeyValuePair{key=BOARD, val=msm8996}, KeyValuePair{key=BOOTLOADER, val=unknown}, KeyValuePair{key=BRAND, val=unknown}, KeyValuePair{key=CPU_ABI, val=arm64-v8a}, KeyValuePair{key=CPU_ABI2, val=}, KeyValuePair{key=SUPPORTED_ABIS, val=arm64-v8a,armeabi-v7a,armeabi}, KeyValuePair{key=DEVICE, val=OnePlus3T}, KeyValuePair{key=DISPLAY, val=omni_oneplus3-userdebug 8.1.0 OPM4.171019.021.Y1 51 test-keys}, KeyValuePair{key=FINGERPRINT, val=OnePlus/OnePlus3/OnePlus3T:7.1.1/NMF26F/02072026:user/release-keys}, KeyValuePair{key=HARDWARE, val=qcom}, KeyValuePair{key=HOST, val=devbox2.omnirom.org}, KeyValuePair{key=ID, val=OPM4.171019.021.Y1}, KeyValuePair{key=MANUFACTURER, val=OnePlus}, KeyValuePair{key=MODEL, val=ONEPLUS A3003}, KeyValuePair{key=PRODUCT, val=unknown}, KeyValuePair{key=RADIO, val=unknown}, KeyValuePair{key=SERIAL, val=6e532501}, KeyValuePair{key=TAGS, val=release-keys}, KeyValuePair{key=TIME, val=1534027538000}, KeyValuePair{key=TYPE, val=user}, KeyValuePair{key=USER, val=jenkins}, KeyValuePair{key=CODENAME, val=REL}, KeyValuePair{key=INCREMENTAL, val=51}, KeyValuePair{key=RELEASE, val=8.1.0}, KeyValuePair{key=SDK, val=27}, KeyValuePair{key=SDK_INT, val=27}], versionNamePrefix=12.8.74 (040400-{{cl}}), isGoogleCn=false, enableInlineVm=true, cached=[ByteString[size=20 md5=5e30a549ca81c22d8482a24cabb6499a], ByteString[size=20 md5=048afb3664e83829ebb96a535569282d], ByteString[size=20 md5=e7a41bf1cf9a6c35b733ccfaaa561e90]], currentVersion=3, arch=aarch64}
08-13 19:12:44.448 4869 5141 D GmsDroidguardHelper: Using cached file from /data/user/0/org.microg.gms.droidguard/app_dg_cache/c6f298f70892bfef446378202811f8fee23b76bb/the.apk
08-13 19:12:44.670 4869 5141 D GmsDroidguardHelper: b -> 3603801481263501811
08-13 19:12:44.710 4869 5141 D GmsDroidguardHelper: c -> com.google.android.gms
08-13 19:12:44.817 5022 5022 D AndroidRuntime: Shutting down VM
08-13 19:12:44.819 5022 5022 E AndroidRuntime: FATAL EXCEPTION: main
08-13 19:12:44.819 5022 5022 E AndroidRuntime: Process: com.topjohnwu.magisk, PID: 5022
08-13 19:12:44.819 5022 5022 E AndroidRuntime: java.lang.NullPointerException: Attempt to invoke virtual method 'java.lang.String[] java.lang.String.split(java.lang.String)' on a null object reference
08-13 19:12:44.819 5022 5022 E AndroidRuntime: at com.topjohnwu.snet.SafetyNetHelper.onResult(Unknown Source:26)
08-13 19:12:44.819 5022 5022 E AndroidRuntime: at com.topjohnwu.snet.SafetyNetHelper.onResult(Unknown Source:2)
08-13 19:12:44.819 5022 5022 E AndroidRuntime: at com.google.android.gms.common.api.a$a.handleMessage(Unknown Source:33)
08-13 19:12:44.819 5022 5022 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:106)
08-13 19:12:44.819 5022 5022 E AndroidRuntime: at android.os.Looper.loop(Looper.java:164)
08-13 19:12:44.819 5022 5022 E AndroidRuntime: at android.app.ActivityThread.main(ActivityThread.java:6499)
08-13 19:12:44.819 5022 5022 E AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method)
08-13 19:12:44.819 5022 5022 E AndroidRuntime: at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)
08-13 19:12:44.819 5022 5022 E AndroidRuntime: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:807)
08-13 19:12:44.826 880 2108 W ActivityManager: Process com.topjohnwu.magisk has crashed too many times: killing!
08-13 19:12:44.827 880 2108 W ActivityManager: Force finishing activity com.topjohnwu.magisk/.MainActivity
08-13 19:12:44.832 880 2108 I WindowManager: Failed to capture screenshot of Token{cd8a51f ActivityRecord{2eb40be u0 com.topjohnwu.magisk/.MainActivity t46 f}} appWin=Window{939a758 u0 com.topjohnwu.magisk/com.topjohnwu.magisk.MainActivity} drawState=4
08-13 19:12:44.839 545 705 E BufferQueueProducer: [com.topjohnwu.magisk/com.topjohnwu.magisk.MainActivity#0] queueBuffer: BufferQueue has been abandoned
08-13 19:12:44.840 5022 5038 E Surface : queueBuffer: error queuing buffer to SurfaceTexture, -19
08-13 19:12:44.840 5022 5038 I Adreno : QueueBuffer: queueBuffer failed
08-13 19:12:44.840 5022 5038 W OpenGLRenderer: swapBuffers encountered EGL error 12301 on 0x7f0467c640, halting rendering...
08-13 19:12:44.858 880 2108 E ActivityManager: Found activity ActivityRecord{2eb40be u0 com.topjohnwu.magisk/.MainActivity t-1 f} in proc activity list using null instead of expected ProcessRecord{54a0970 5022:com.topjohnwu.magisk/u0a112}
08-13 19:12:44.869 880 2108 I ActivityManager: Killing 5022:com.topjohnwu.magisk/u0a112 (adj 199): crash
08-13 19:12:44.876 880 956 W zygote64: kill(-5022, 9) failed: No such process
08-13 19:12:44.926 880 1040 W ActivityManager: setHasOverlayUi called on unknown pid: 5022
08-13 19:12:44.940 880 956 W zygote64: kill(-5022, 9) failed: No such process
08-13 19:12:44.959 880 1323 W InputDispatcher: channel 'f0da3e3 Toast (server)' ~ Consumer closed input channel or an error occurred. events=0x9
08-13 19:12:44.959 880 1323 E InputDispatcher: channel 'f0da3e3 Toast (server)' ~ Channel is unrecoverably broken and will be disposed!
08-13 19:12:44.985 880 956 W zygote64: kill(-5022, 9) failed: No such process
08-13 19:12:44.985 880 956 I zygote64: Successfully killed process cgroup uid 10112 pid 5022 in 109ms
If you need further infos, just let me know.
@ThibG maybe related? The default quota being blocked? See: https://stackoverflow.com/questions/50960332/why-did-safetynet-attestation-stop-working/50960333#50960333
@Nanoix maybe. I have a similar issue with com.scottyab.safetynet.sample
, but not with Pokémon Go, which requests a SafetyNet attestation without issues.
com.scottyab.safetynet.sample
has been updated two days ago for that reason. ;)
Still crashes here, though. Maybe we need to update our SafetyNet implementation, but I don't plan to look into that anytime soon.
I can confirm that this fixed SafetyNet for me, although com.scottyab.safetynet.sample
still crashes for instance. But the app for which I need SafetyNet to pass is working fine.
That's true for several apps, but not all. I, as a Nintendo Fan, can play Fire Emblem Heroes and Super Mario Run with microG, however, Animal Crossing Poket Camp crashes during SafetyNet attestation, just as the SafetyNet Helper Sample.
So I suppose it's related to how an app acts upon an invalid response (which is, what microG currently gives you). So whether this is an issue or not, soley depends on the target application.
I'm feeling like we should add a bounty? SafetyNet is used by more and more applications, so that more and more becomes an integral part of microG in the long run...
@ThibG @mar-v-in
Crashes should be fixed by https://github.com/microg/android_packages_apps_GmsCore/commit/b2d696560867cd598a88899eb170b6cec85b6177.
So I guess this PR is everything left required for anyone using verbatim μG (so not talking about root/Magisk/etc) to pass SafetyNet.
Yes, everything's fine now with latest upstream microG and this pull request. In a sane world crappy shit like SafetyNet wouldn't exist at all.
Now the usual root/SafetyNet rant follows, you've been warned:
I hate how "everyone" demonizes root and stuff, yet most of them use a Windows PC with active Administrator Account or regularly granting sudo-style elevated rights, what kind of sick double standard is that?!
Imagine Steam or Microsoft would kill your library/software access as soon as your use your Windows' Admin account, yet Google and Crapple not just get away with it, they are even encourage (sic!) to go further. Nintendo incorporated SafetyNet in Super Mario Run, which is not F2P, but a paid app, aswell as in it's crappy Nintendo Online app, which itself is free, but the service you access it is paid, same for Netflix. You pay for this stuff and yet get locked out.
Well, those that really "pirate" and betray, still do it, because SafetyNet won't stop them. LuckyPatcher for example is uneffected. SafetyNet is nothing else than a big pile of Security through Obscurity, which adds nothing to the fact how sick Android's permission handling is.
I mean, I'm not allowed to open up the root access of my device which I payed for, without being witch-hunted by Google. Yet PokemonGo, Fortnite and many other apps do the following
all that BY DESIGN, or picture this: the Android Package Manger could be run in background without the user noticing or apps can do addon-data downloads which could be malware or whatever.
But yes, root is the evil root of all security breaches and thus needs to be prevented at all cost. Instead of SafetyNet Google should fix Android Apps from abusing and thus taking the permission system de facto ad absurdum.
Meanwhile I demand the medal of honor for mar-v-in for his work on microG and for topjohnwu for his work on Magisk.
/rant
I feel better now.
In case someone stumbles accross this: If you're using Magisk 18.0, you have to add microG DroidGuard Helper to Magisk Hide in order to pass SafetyNet (not required with earlier Magisk versions).
And of course a build with this pull request included.
Hello! Any reason this is not merged? Are everyone failing safety net now?
No, I suppose they use my unofficial build, which includes this fix, see https://www.nanolx.org/fdroid/repo/
Since the mar-v-in is active again I guess a new release of microG will come along with a new release of DroidGuard Helper aswell.
@ThibG: Hi, what about keeping GMS_PACKAGE_NAME
in Constants.java?
Hardcoded text/number isn't usually a good programming practice.
@ale5000-git guess I could do that, it's just that it wasn't used anymore until the last commit, and it's unlikely to ever change
Seems like today afternoon Google has rolled-out a new DroidGuard binary? Atleast SafetyNet attestation again fails with microG/DroidGuardHelper on both non-rooted and Magisk rooted ROM for me.
Can anyone confirm?
I confirm! I was wondering why safetynet is now failing! Thanks for the heads up @Nanolx
It fails for me too since a few hours ago. LineageOS 16 (+ signature spoofing patch) on Fairphone. Haven't tried figuring out why it fails yet (and not sure I'll have a look anytime soon)
Yes, app requiring SafetyNet worked last week, not working at all now.
@Nanolx any news on this? :)
@Nanolx does this mean even ctsProfile will not pass before the issue is fixed? (It doesn't for me, but I'm not sure if the issue is elsewhere)
@Eerovil: An issue has been opened to track this (#24). For what I can read and what I experience both basicIntegrity and ctsProfile checks fail now. However I suggest other people to confirm that both checks are failing (it could be that my own setup has another problem).
@Eerovil just as I said: SafetyNet attestation doesn't work. So it doesn't matter whether your device would pass any of basic or cts, the check itself fails already, so you get false for both.
@jacen05 not required, because it's already known it doesn't work anymore, more people stating the obvious won't make the fix happen faster.
So I have a log of the safetynet test I used, I am not sure if it's of any use but I see a few unknown field numbers from SafeParcel when it starts the test. Here's my logcat (from logcat-color on linux), I'm not sure if this is useful for diagnosing why it's failing but figured I'd post it anyway. https://del.dog/okavozukel
I have a OnePlus 5 with HavocOS, Magisk 19.4-dd6e55ac, microg 0.2.7.17455-65-mapbox (1e49e95), Riru v19, Riru EdXposed v0.4.5.5_beta(YAHFA). My friend uses the exact same setup on his phone except with Google Play Services instead of MicroG and has it working, but I am willing to try whatever to see if it fixes SafetyNet Attestation.
There's nothing you can try to fix SafetyNet attestation, except providing the necessary code changes required.
The new issue is open here: https://github.com/microg/android_packages_apps_RemoteDroidGuard/issues/24
After some testing, only the
versionNamePrefix
seems to be important to get the right VM code, but I also updated the HTTP User Agent and added SUPPORTED_ABIS to be consistent.This does not fix the other issues causing attestations to fail.