search

microg / RemoteDroidGuard

Service to run Google's DroidGuard binary in an isolated environment
99 stars 29 forks source link

SafetyNet fix #29

Closed 0x5ECF4ULT closed 4 years ago

0x5ECF4ULT commented 4 years ago

Hello @mar-v-in and staff of microG. Here is what seems to be a working fix for SN (#24 ). At least it works on my machine, but since it's all about Android this should be irrelevant. I had long and extensive talks with @mar-v-in (thanks for teaching me the weirdness of Google) and he knows that this PR works at least partially. Anyways, I hope that endless requests for fixing SN are now history. Cheers! :smile:

UPDATE: The DG binary was extracted from GPlay Services Version 201515000 The hash of the decrypted binary (droidguasso.jar) is: 5a15e53a5cae52b026e621f85de824eaec8b71f112942f5a18d61a6bf414f8da The hash of the encrypted binary (droidguasso.enc) is: 5f8fbca7046760b44670af4d0bb8f551bce19f86a63674ec2ff84e33a9a353f0

ErnyTech commented 4 years ago

Seems doesn't work for me

https://del.dog/depackidyv.log

0x5ECF4ULT commented 4 years ago

This PR is entirely about SN. Your log tells me that the SafetyNet service crashed because some connection wasn't established. I didn't touch this part of the code. The request could fail due to your internet connection or microG not correctly installed. Please consider the self-check section of the microG settings and your system properties.

rusagent commented 4 years ago

How to get a build from this branch, also not only for arm64 but arm?

0x5ECF4ULT commented 4 years ago

@rusagent ./gradlew clean installDebug if you got your device directly connected to your computer via ADB. Otherwise do ./gradlew clean assembleDebug. If you'd like a release build substitute "Debug" with "Release". The build is arch-independent since no native libs are used.

oloyed1832 commented 4 years ago

Not working for me. Returning:

{
  "apkCertificateDigestSha256": [],
  "error": "internal_error"
}

Clean installation, no GMS before, Android 10.

0x5ECF4ULT commented 4 years ago

@oloyed1832 could you please provide a complete stacktrace? If there's no stacktrace it's likely that Google experienced the internal error and not microG.

oloyed1832 commented 4 years ago

@oloyed1832 could you please provide a complete stacktrace? If there's no stacktrace it's likely that Google experienced the internal error and not microG.

Its decoded from google response. Same for old version of microg DroidGuard. Probably you passed SN before with original GMS and it works for you

0x5ECF4ULT commented 4 years ago

@oloyed1832 there's no way this could have happened since I used a clean emulator (without GApps). Sure the emulator didn't pass but I got a valid response from the Google servers. I'll look into these failures later and change the code if I find anything

oloyed1832 commented 4 years ago

@oloyed1832 there's no way this could have happened since I used a clean emulator (without GApps). Sure the emulator didn't pass but I got a valid response from the Google servers. I'll look into these failures later and change the code if I find anything

SafetyNet Checker app doesn't show full info. Try with SafetyNet attest app and check for App Id and request token, if they there, it works. Valid response doesn't mean working safetynet

0x5ECF4ULT commented 4 years ago

@oloyed1832 I didn't use the traditional approach by using an app to verify but the logcat logs. Please don't assume that I'm a complete noob. This is the output from my test:

decodedJWTPayload json:{"nonce":"v2ss2Qpz3K7Hw+HTbW1lwBIV0Flaynis3jYGiZwvT2Q=","timestampMs":1595009930124,"ctsProfileMatch":false,"apkCertificateDigestSha256":[],"basicIntegrity":false,"advice":"RESTORE_TO_FACTORY_ROM","evaluationType":"BASIC"}
oloyed1832 commented 4 years ago

Which emulator and android version you used?

0x5ECF4ULT commented 4 years ago

In the wiki is an image explicitly for testing microG. It's an Intel Atom x86_64 image and Android version 10

mar-v-in commented 4 years ago

I included your changes with af166696ffbfe311cf6beb47ede9d3eeddcbe651 and c8763adfb613b96c345f42f7ccd61d0b383f6bfd. I decided to add a script that uses faketime to build droidguasso.jar. This makes the result more reproducible. The droidguasso.enc was now taken from 20.26.14, which happens to be the same than yours (when using this more reproducible script).

I also used SQLiteOpenHelper instead to create the database. I believe there is content to be added in this database as well, but creating it at least fixes some issues.

Thanks a lot for taking the time to look into this.

SakiiCode commented 4 years ago

Well it doesn't work for me and barely give any meaningful output on logcat

Magisk check:

07-27 22:28:08.836 25008 26667 W opjohnwu.magis: Skipping duplicate class check due to unsupported classloader
07-27 22:28:08.837 25008 26667 W opjohnwu.magis: Opening an oat file without a class loader. Are you using the deprecated DexFile APIs?
07-27 22:28:08.906 25008 26667 E opjohnwu.magis: Resource 7f080008 is a complex map type.
07-27 22:28:08.906 25008 26667 E GooglePlayServicesUtil: The Google Play services resources were not found. Check your project configuration to ensure that the resources are included.
07-27 22:28:08.932 25008 26747 E opjohnwu.magis: Resource 7f080008 is a complex map type.
07-27 22:28:08.932 25008 26747 E GooglePlayServicesUtil: The Google Play services resources were not found. Check your project configuration to ensure that the resources are included.
07-27 22:28:09.264 26670 26679 W System  : A resource failed to call end. 
07-27 22:28:09.693 17003 17003 E irqbalance: irqbalance_load_watchdog: failed to read cpudata for core 0: No such file or directory (2)
07-27 22:28:10.694 17003 17003 E irqbalance: irqbalance_load_watchdog: failed to read cpudata for core 0: No such file or directory (2)
07-27 22:28:11.694 17003 17003 E irqbalance: irqbalance_load_watchdog: failed to read cpudata for core 0: No such file or directory (2)
07-27 22:28:14.695 17003 17003 E irqbalance: irqbalance_load_watchdog: failed to read cpudata for core 0: No such file or directory (2)
07-27 22:28:14.906 26670 26679 W System  : A resource failed to call close. 
07-27 22:28:14.906 26670 26679 W System  : A resource failed to call close. 
07-27 22:28:14.907 26670 26679 W SQLiteConnectionPool: A SQLiteConnection object for database '/data/user/0/org.microg.gms.droidguard/databases/dg.db' was leaked!  Please fix your application to end transactions in progress properly and to close the database when it is no longer needed.
07-27 22:28:14.907 26670 26679 W System  : A resource failed to call close. 
07-27 22:28:15.696 17003 17003 E irqbalance: irqbalance_load_watchdog: failed to read cpudata for core 0: No such file or directory (2)

Safetynet attest app:

07-27 22:35:49.093 26670 26679 W System  : A resource failed to call close. 
07-27 22:35:49.094 26670 26679 W System  : A resource failed to call close. 
07-27 22:35:49.094 26670 26679 W SQLiteConnectionPool: A SQLiteConnection object for database '/data/user/0/org.microg.gms.droidguard/databases/dg.db' was leaked!  Please fix your application to end transactions in progress properly and to close the database when it is no longer needed.
07-27 22:35:49.094 26670 26679 W System  : A resource failed to call close.
0x5ECF4ULT commented 4 years ago

@SakiiCode I see the problem. In fact the request fails because a table in the db already exists and the SQLiteOpenHelper tries to create this table. I modified the source. Tbh I don't know why this memory leak occurs. Maybe because the DroidGuardDatabase object is never assigned. I'm looking into that issue!