search

zhuowei / SimServerAndroid

Gets SIM card ICCID/runs 3G Authentication over ADB shell
30 stars 12 forks source link

java.lang.SecurityException: getSubscriberIdForSubscriber #1

Closed grant-h closed 2 years ago

grant-h commented 2 years ago

Trying to get the SIM server running, but it is unable to get the IMSI due to permissions issues it seems. I tried adding permissions to the manifest, but the required ones as stated in https://developer.android.com/reference/android/telephony/TelephonyManager#getSubscriberId() cannot be granted to normal apps. Any suggestions to fix this? I could also just get the IMSI through dialer commands, but it would be nice to be able to swap SIMs.

Strangely, getIccAuthentication still works, even though it still has the same requirements as getSubscriberId, as I see RILD messages and no exceptions on that API call.

OS Version: Android 12 API version: same as build.gradle Device: Pixel 6

Build using command line gradle, installed debug APK, and ran shell script provided.

Exception:

05-25 14:32:23.822  2666  2666 E AndroidRuntime: FATAL EXCEPTION: main
05-25 14:32:23.822  2666  2666 E AndroidRuntime: PID: 2666
05-25 14:32:23.822  2666  2666 E AndroidRuntime: java.lang.SecurityException: getSubscriberIdForSubscriber: Package android does not belong to 2000
05-25 14:32:23.822  2666  2666 E AndroidRuntime:    at android.os.Parcel.createExceptionOrNull(Parcel.java:2425)
05-25 14:32:23.822  2666  2666 E AndroidRuntime:    at android.os.Parcel.createException(Parcel.java:2409)
05-25 14:32:23.822  2666  2666 E AndroidRuntime:    at android.os.Parcel.readException(Parcel.java:2392)
05-25 14:32:23.822  2666  2666 E AndroidRuntime:    at android.os.Parcel.readException(Parcel.java:2334)
05-25 14:32:23.822  2666  2666 E AndroidRuntime:    at com.android.internal.telephony.IPhoneSubInfo$Stub$Proxy.getSubscriberIdForSubscriber(IPhoneSubInfo.java:1161)
05-25 14:32:23.822  2666  2666 E AndroidRuntime:    at android.telephony.TelephonyManager.getSubscriberId(TelephonyManager.java:4106)
05-25 14:32:23.822  2666  2666 E AndroidRuntime:    at android.telephony.TelephonyManager.getSubscriberId(TelephonyManager.java:4085)
05-25 14:32:23.822  2666  2666 E AndroidRuntime:    at com.worthdoingbadly.simserver.SimServerMain.main(SimServerMain.java:40)
05-25 14:32:23.822  2666  2666 E AndroidRuntime:    at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
05-25 14:32:23.822  2666  2666 E AndroidRuntime:    at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:355)
05-25 14:32:23.822  2666  2666 E AndroidRuntime: Error reporting crash
zhuowei commented 2 years ago

It looks like I'm creating a Context incorrectly. The getSubscriberIdForSubscriber method calls enforceCallingPackage.

We're supposed to say we're com.android.shell to match our UID, but based on your error, it looks like the current Context we initialized is for android, which corresponds to the system UID and not shell.

I'm guessing, to fix this, you'd need to take the Context you get from getSystemContext and call createPackageContext on it to get a new context with the com.android.shell package?

This works fine on Android 11: not sure why Android 12 changed it. If that doesn't fix it, can you use an Android 11 device?

By the way, adding permissions to the app's manifest won't work: the script runs as shell, and the shell user's permissions are defined in Android's shell/AndroidManifest.xml, which does have READ_PRIVILEGED_PHONE_STATE.

SamZorSec commented 2 years ago

Hi @grant-h , did you find a solution to run the application on Android 12? Thanks

grant-h commented 2 years ago

@smrtnt unfortunately no. I just manually got my imsi instead

SamZorSec commented 2 years ago

@grant-h Thanks. I could finally downgrade my phone to Android 11 and still have my eSIM working. The imsi command is now working, but not the auth one. The phone is rooted (Pixel 4a 5G).

Logs with logcat -b radio:

07-08 09:15:29.940 28754 28754 D TelephonyManager: No /proc/cmdline exception=java.io.FileNotFoundException: /proc/cmdline: open failed: EACCES (Permission denied)
07-08 09:15:29.941 28754 28754 D TelephonyManager: /proc/cmdline=
07-08 09:15:29.944  2553  2576 E PhoneSubInfoController: getIccSimChallengeResponse() no app with specified type -- 5
zhuowei commented 2 years ago

Can you try https://github.com/zhuowei/SimServerAndroid/commit/fb4aed04952114a35c248ba6e91e4ec57695b903 ? This works for adb shell sh /sdcard/runsimserver.sh imsi on an Android 12 emulator, but I have no physical Android 12 device and can't test actual SIM authentication.

grant-h commented 2 years ago

Yes it works now @zhuowei ! Thank you :)

amber7117 commented 1 year ago

anyway to get it work on android 12 ?