mirror of
https://github.com/chiteroman/PlayIntegrityFix.git
synced 2025-03-16 16:18:27 +08:00
v16.6-beta
- Import few code from osm0sis fork - Add support for parsing system props in json - Use service.sh of Shamiko - Update fingerprint to fix RCS - Other improvements
This commit is contained in:
parent
ad3b055a56
commit
a5b2422a78
@ -1,6 +1,7 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<project version="4">
|
<project version="4">
|
||||||
<component name="ExternalStorageConfigurationManager" enabled="true" />
|
<component name="ExternalStorageConfigurationManager" enabled="true" />
|
||||||
<component name="ProjectRootManager" version="2" languageLevel="JDK_21" default="true" project-jdk-name="corretto-21" project-jdk-type="JavaSDK">
|
<component name="ProjectRootManager" version="2" languageLevel="JDK_21" default="true" project-jdk-name="temurin-21" project-jdk-type="JavaSDK">
|
||||||
<output url="file://$PROJECT_DIR$/build/classes" />
|
<output url="file://$PROJECT_DIR$/build/classes" />
|
||||||
</component>
|
</component>
|
||||||
<component name="ProjectType">
|
<component name="ProjectType">
|
||||||
|
@ -17,7 +17,7 @@ android {
|
|||||||
minSdk = 26
|
minSdk = 26
|
||||||
targetSdk = 34
|
targetSdk = 34
|
||||||
versionCode = 16500
|
versionCode = 16500
|
||||||
versionName = "v16.5"
|
versionName = "v16.6"
|
||||||
multiDexEnabled = false
|
multiDexEnabled = false
|
||||||
|
|
||||||
packaging {
|
packaging {
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
#include <android/log.h>
|
#include <android/log.h>
|
||||||
#include <sys/system_properties.h>
|
#include <sys/system_properties.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
#include <map>
|
||||||
#include "dobby.h"
|
#include "dobby.h"
|
||||||
#include "json.hpp"
|
#include "json.hpp"
|
||||||
#include "zygisk.hpp"
|
#include "zygisk.hpp"
|
||||||
@ -40,53 +41,44 @@ static ssize_t xwrite(int fd, void *buffer, size_t count) {
|
|||||||
return total;
|
return total;
|
||||||
}
|
}
|
||||||
|
|
||||||
static nlohmann::json json;
|
static int verboseLogs = 0;
|
||||||
|
|
||||||
|
static std::map<std::string, std::string> props;
|
||||||
|
|
||||||
typedef void (*T_Callback)(void *, const char *, const char *, uint32_t);
|
typedef void (*T_Callback)(void *, const char *, const char *, uint32_t);
|
||||||
|
|
||||||
static T_Callback o_callback = nullptr;
|
static std::map<void *, T_Callback> callbacks;
|
||||||
|
|
||||||
static void modify_callback(void *cookie, const char *name, const char *value, uint32_t serial) {
|
static void modify_callback(void *cookie, const char *name, const char *value, uint32_t serial) {
|
||||||
|
|
||||||
if (cookie == nullptr || name == nullptr || value == nullptr || o_callback == nullptr) return;
|
if (cookie == nullptr || name == nullptr || value == nullptr ||
|
||||||
|
!callbacks.contains(cookie))
|
||||||
|
return;
|
||||||
|
|
||||||
std::string_view prop(name);
|
std::string_view prop(name);
|
||||||
|
|
||||||
if (prop.ends_with("api_level") && json.contains("DEVICE_INITIAL_SDK_INT") &&
|
if (prop == "init.svc.adbd") {
|
||||||
!json["DEVICE_INITIAL_SDK_INT"].empty()) {
|
value = "stopped";
|
||||||
|
} else if (prop == "sys.usb.state") {
|
||||||
if (json["DEVICE_INITIAL_SDK_INT"].is_string()) {
|
value = "mtp";
|
||||||
value = json["DEVICE_INITIAL_SDK_INT"].get<std::string>().c_str();
|
|
||||||
} else if (json["DEVICE_INITIAL_SDK_INT"].is_number_integer()) {
|
|
||||||
value = std::to_string(json["DEVICE_INITIAL_SDK_INT"].get<int>()).c_str();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
} else if (prop.ends_with(".build.id") && json.contains("ID") && !json["ID"].empty()) {
|
if (props.contains(name)) {
|
||||||
|
value = props[name].c_str();
|
||||||
if (json["ID"].is_string()) {
|
if (verboseLogs > 49) LOGD("[%s]: %s", name, value);
|
||||||
value = json["ID"].get<std::string>().c_str();
|
} else {
|
||||||
|
for (const auto &item: props) {
|
||||||
|
if (item.first.starts_with("*") && prop.ends_with(item.first.substr(1))) {
|
||||||
|
value = item.second.c_str();
|
||||||
|
if (verboseLogs > 49) LOGD("[%s]: %s", name, value);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
} else if (prop.ends_with(".security_patch") && json.contains("SECURITY_PATCH") &&
|
|
||||||
!json["SECURITY_PATCH"].empty()) {
|
|
||||||
|
|
||||||
if (json["SECURITY_PATCH"].is_string()) {
|
|
||||||
value = json["SECURITY_PATCH"].get<std::string>().c_str();
|
|
||||||
}
|
|
||||||
|
|
||||||
} else if (prop.ends_with(".mod_device") && json.contains("PRODUCT") &&
|
|
||||||
!json["PRODUCT"].empty()) {
|
|
||||||
|
|
||||||
if (json["PRODUCT"].is_string()) {
|
|
||||||
value = json["PRODUCT"].get<std::string>().c_str();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!prop.starts_with("cache") && !prop.starts_with("debug") && !prop.starts_with("persist")) {
|
if (verboseLogs > 99) LOGD("[%s]: %s", name, value);
|
||||||
LOGD("[%s]: %s", name, value);
|
|
||||||
}
|
|
||||||
|
|
||||||
return o_callback(cookie, name, value, serial);
|
return callbacks[cookie](cookie, name, value, serial);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void (*o_system_property_read_callback)(const prop_info *, T_Callback, void *);
|
static void (*o_system_property_read_callback)(const prop_info *, T_Callback, void *);
|
||||||
@ -96,7 +88,7 @@ my_system_property_read_callback(const prop_info *pi, T_Callback callback, void
|
|||||||
if (pi == nullptr || callback == nullptr || cookie == nullptr) {
|
if (pi == nullptr || callback == nullptr || cookie == nullptr) {
|
||||||
return o_system_property_read_callback(pi, callback, cookie);
|
return o_system_property_read_callback(pi, callback, cookie);
|
||||||
}
|
}
|
||||||
o_callback = callback;
|
callbacks[cookie] = callback;
|
||||||
return o_system_property_read_callback(pi, modify_callback, cookie);
|
return o_system_property_read_callback(pi, modify_callback, cookie);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -185,6 +177,8 @@ public:
|
|||||||
|
|
||||||
LOGD("Dex file size: %d", dexSize);
|
LOGD("Dex file size: %d", dexSize);
|
||||||
LOGD("Json file size: %d", jsonSize);
|
LOGD("Json file size: %d", jsonSize);
|
||||||
|
|
||||||
|
parseJSON();
|
||||||
}
|
}
|
||||||
|
|
||||||
void postAppSpecialize(const zygisk::AppSpecializeArgs *args) override {
|
void postAppSpecialize(const zygisk::AppSpecializeArgs *args) override {
|
||||||
@ -203,6 +197,45 @@ private:
|
|||||||
zygisk::Api *api = nullptr;
|
zygisk::Api *api = nullptr;
|
||||||
JNIEnv *env = nullptr;
|
JNIEnv *env = nullptr;
|
||||||
std::vector<uint8_t> dexVector;
|
std::vector<uint8_t> dexVector;
|
||||||
|
nlohmann::json json;
|
||||||
|
|
||||||
|
void parseJSON() {
|
||||||
|
if (json.empty()) return;
|
||||||
|
|
||||||
|
if (json.contains("verboseLogs") && !json["verboseLogs"].empty()) {
|
||||||
|
if (json["verboseLogs"].is_string()) {
|
||||||
|
verboseLogs = std::stoi(json["verboseLogs"].get<std::string>());
|
||||||
|
} else if (json["verboseLogs"].is_number_integer()) {
|
||||||
|
verboseLogs = json["verboseLogs"].get<int>();
|
||||||
|
}
|
||||||
|
json.erase("verboseLogs");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (verboseLogs > 0) LOGD("Verbose logging (level %d) enabled", verboseLogs);
|
||||||
|
|
||||||
|
std::vector<std::string> removeKeys;
|
||||||
|
|
||||||
|
// Java fields are always uppercase, system props are always lowercase
|
||||||
|
for (const auto &item: json.items()) {
|
||||||
|
if (std::all_of(item.key().cbegin(), item.key().cend(), [](unsigned char c) {
|
||||||
|
return c == '_' || (std::isalpha(c) && std::isupper(c));
|
||||||
|
})) {
|
||||||
|
// Java field
|
||||||
|
if (verboseLogs > 99) LOGD("Skip Java field: %s", item.key().c_str());
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
// System prop
|
||||||
|
if (item.value().is_string()) {
|
||||||
|
props.insert({item.key(), item.value().get<std::string>()});
|
||||||
|
if (verboseLogs > 99) LOGD("Got system prop: %s", item.key().c_str());
|
||||||
|
}
|
||||||
|
removeKeys.push_back(item.key());
|
||||||
|
}
|
||||||
|
|
||||||
|
LOGD("Loaded %d props to spoof", props.size());
|
||||||
|
|
||||||
|
for (const auto &item: removeKeys) json.erase(item);
|
||||||
|
}
|
||||||
|
|
||||||
void injectDex() {
|
void injectDex() {
|
||||||
LOGD("get system classloader");
|
LOGD("get system classloader");
|
||||||
|
@ -1,22 +1,56 @@
|
|||||||
# Error on < Android 8.
|
# Error on < Android 8
|
||||||
if [ "$API" -lt 26 ]; then
|
if [ "$API" -lt 26 ]; then
|
||||||
abort "- !!! You can't use this module on Android < 8.0"
|
abort "- !!! You can't use this module on Android < 8.0"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# safetynet-fix module is obsolete and it's incompatible with PIF.
|
# safetynet-fix module is obsolete and it's incompatible with PIF
|
||||||
if [ -d /data/adb/modules/safetynet-fix ]; then
|
if [ -d "/data/adb/modules/safetynet-fix" ]; then
|
||||||
rm -rf /data/adb/modules/safetynet-fix
|
touch "/data/adb/modules/safetynet-fix/remove"
|
||||||
rm -f /data/adb/SNFix.dex
|
ui_print "! safetynet-fix module removed. Do NOT install it again along PIF"
|
||||||
ui_print "! safetynet-fix module will be removed. Do NOT install it again along PIF."
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# MagiskHidePropsConf module is obsolete in Android 8+ but it shouldn't give issues.
|
# playcurl must be removed when flashing PIF
|
||||||
if [ -d /data/adb/modules/MagiskHidePropsConf ]; then
|
if [ -d "/data/adb/modules/playcurl" ]; then
|
||||||
|
touch "/data/adb/modules/playcurl/remove"
|
||||||
|
ui_print "! playcurl module removed!"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# MagiskHidePropsConf module is obsolete in Android 8+ but it shouldn't give issues
|
||||||
|
if [ -d "/data/adb/modules/MagiskHidePropsConf" ]; then
|
||||||
ui_print "! WARNING, MagiskHidePropsConf module may cause issues with PIF."
|
ui_print "! WARNING, MagiskHidePropsConf module may cause issues with PIF."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check custom fingerprint
|
# Check custom fingerprint
|
||||||
if [ -f "/data/adb/pif.json" ]; then
|
if [ -f "/data/adb/pif.json" ]; then
|
||||||
mv -f "/data/adb/pif.json" "/data/adb/pif.json.old"
|
mv -f "/data/adb/pif.json" "/data/adb/pif.json.old"
|
||||||
ui_print "- Backup old pif.json"
|
ui_print "- Backup custom pif.json"
|
||||||
|
fi
|
||||||
|
|
||||||
|
REMOVE="
|
||||||
|
/system/product/app/XiaomiEUInject
|
||||||
|
/system/product/app/XiaomiEUInject-Stub
|
||||||
|
/system/system/app/EliteDevelopmentModule
|
||||||
|
/system/system/app/XInjectModule
|
||||||
|
/system/system_ext/app/hentaiLewdbSVTDummy
|
||||||
|
/system/system_ext/app/PifPrebuilt
|
||||||
|
/system/system_ext/overlay/CertifiedPropsOverlay.apk
|
||||||
|
"
|
||||||
|
|
||||||
|
if [ "$KSU" = "true" -o "$APATCH" = "true" ]; then
|
||||||
|
ui_print "- KernelSU/APatch detected, conflicting apps will be automatically removed"
|
||||||
|
else
|
||||||
|
ui_print "- Magisk detected, removing conflicting apps one by one :("
|
||||||
|
echo "$REMOVE" | grep -v '^$' | while read -r line; do
|
||||||
|
if [ -d "$line" ]; then
|
||||||
|
mkdir -p "${MODPATH}${line}"
|
||||||
|
touch "${MODPATH}${line}/.replace"
|
||||||
|
ui_print "- Removed dir: $line"
|
||||||
|
elif [ -f "$line" ]; then
|
||||||
|
dir=$(dirname "$line")
|
||||||
|
filename=$(basename "$line")
|
||||||
|
mkdir -p "${MODPATH}${dir}"
|
||||||
|
touch "${MODPATH}${dir}/${filename}"
|
||||||
|
ui_print "- Removed file: $line"
|
||||||
|
fi
|
||||||
|
done
|
||||||
fi
|
fi
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
id=playintegrityfix
|
id=playintegrityfix
|
||||||
name=Play Integrity Fix
|
name=Play Integrity Fix
|
||||||
version=v16.5
|
version=v16.6
|
||||||
versionCode=16500
|
versionCode=16600
|
||||||
author=chiteroman
|
author=chiteroman
|
||||||
description=Universal modular fix for Play Integrity (and SafetyNet) on devices running Android 8-15
|
description=Universal modular fix for Play Integrity (and SafetyNet) on devices running Android 8-15
|
||||||
updateJson=https://raw.githubusercontent.com/chiteroman/PlayIntegrityFix/main/update.json
|
updateJson=https://raw.githubusercontent.com/chiteroman/PlayIntegrityFix/main/update.json
|
||||||
|
104
module/pif.json
104
module/pif.json
@ -1,15 +1,95 @@
|
|||||||
{
|
{
|
||||||
"ID": "OPM1.171019.011",
|
|
||||||
"PRODUCT": "sailfish",
|
|
||||||
"DEVICE": "sailfish",
|
|
||||||
"BOARD": "",
|
|
||||||
"MANUFACTURER": "Google",
|
|
||||||
"BRAND": "google",
|
"BRAND": "google",
|
||||||
"MODEL": "Pixel",
|
"DEVICE": "husky",
|
||||||
"HARDWARE": "",
|
"FINGERPRINT": "google/husky_beta/husky:15/AP31.240517.022/11948202:user/release-keys",
|
||||||
"INCREMENTAL": "4448085",
|
"ID": "AP31.240517.022",
|
||||||
"RELEASE": "8.1.0",
|
"MANUFACTURER": "Google",
|
||||||
"SECURITY_PATCH": "2017-12-05",
|
"MODEL": "Pixel 8 Pro",
|
||||||
"DEVICE_INITIAL_SDK_INT": 24,
|
"PRODUCT": "husky_beta",
|
||||||
"FINGERPRINT": "google/sailfish/sailfish:8.1.0/OPM1.171019.011/4448085:user/release-keys"
|
"SECURITY_PATCH": "2024-06-05",
|
||||||
|
"*.security_patch": "2024-06-05",
|
||||||
|
"*api_level": "24",
|
||||||
|
"dalvik.vm.appimageformat": "lz4",
|
||||||
|
"dalvik.vm.dex2oat-Xms": "64m",
|
||||||
|
"dalvik.vm.dex2oat-Xmx": "512m",
|
||||||
|
"dalvik.vm.dex2oat-max-image-block-size": "524288",
|
||||||
|
"dalvik.vm.dex2oat-minidebuginfo": "true",
|
||||||
|
"dalvik.vm.dex2oat-resolve-startup-strings": "true",
|
||||||
|
"dalvik.vm.dexopt.secondary": "true",
|
||||||
|
"dalvik.vm.dexopt.thermal-cutoff": "2",
|
||||||
|
"dalvik.vm.image-dex2oat-Xms": "64m",
|
||||||
|
"dalvik.vm.image-dex2oat-Xmx": "64m",
|
||||||
|
"dalvik.vm.madvise.artfile.size": "4294967295",
|
||||||
|
"dalvik.vm.madvise.odexfile.size": "104857600",
|
||||||
|
"dalvik.vm.madvise.vdexfile.size": "104857600",
|
||||||
|
"dalvik.vm.minidebuginfo": "true",
|
||||||
|
"dalvik.vm.usap_pool_enabled": "false",
|
||||||
|
"dalvik.vm.usap_pool_refill_delay_ms": "3000",
|
||||||
|
"dalvik.vm.usap_pool_size_max": "3",
|
||||||
|
"dalvik.vm.usap_pool_size_min": "1",
|
||||||
|
"dalvik.vm.usap_refill_threshold": "1",
|
||||||
|
"dalvik.vm.useartservice": "true",
|
||||||
|
"dalvik.vm.usejit": "true",
|
||||||
|
"debug.atrace.tags.enableflags": "0",
|
||||||
|
"net.bt.name": "Android",
|
||||||
|
"persist.settings.large_screen_opt.enabled": "false",
|
||||||
|
"persist.traced.enable": "1",
|
||||||
|
"pm.dexopt.ab-ota": "speed-profile",
|
||||||
|
"pm.dexopt.bg-dexopt": "speed-profile",
|
||||||
|
"pm.dexopt.boot-after-mainline-update": "verify",
|
||||||
|
"pm.dexopt.boot-after-ota": "verify",
|
||||||
|
"pm.dexopt.cmdline": "verify",
|
||||||
|
"pm.dexopt.first-boot": "verify",
|
||||||
|
"pm.dexopt.inactive": "verify",
|
||||||
|
"pm.dexopt.install": "speed-profile",
|
||||||
|
"pm.dexopt.install-bulk": "speed-profile",
|
||||||
|
"pm.dexopt.install-bulk-downgraded": "verify",
|
||||||
|
"pm.dexopt.install-bulk-secondary": "verify",
|
||||||
|
"pm.dexopt.install-bulk-secondary-downgraded": "verify",
|
||||||
|
"pm.dexopt.install-fast": "skip",
|
||||||
|
"pm.dexopt.post-boot": "verify",
|
||||||
|
"pm.dexopt.shared": "speed",
|
||||||
|
"ro.actionable_compatible_property.enabled": "true",
|
||||||
|
"ro.adb.secure": "1",
|
||||||
|
"ro.allow.mock.location": "0",
|
||||||
|
"ro.apex.updatable": "true",
|
||||||
|
"ro.build.date": "Mon Jun 10 17:11:45 UTC 2024",
|
||||||
|
"ro.build.date.utc": "1718039505",
|
||||||
|
"ro.build.description": "husky_beta-user 15 AP31.240517.022 11948202 release-keys",
|
||||||
|
"ro.build.display.id": "AP31.240517.022",
|
||||||
|
"ro.build.flavor": "husky_beta-user",
|
||||||
|
"ro.build.host": "r-5ed19c9f6e4ddbc5-v0mt",
|
||||||
|
"ro.build.user": "android-build",
|
||||||
|
"ro.build.version.all_codenames": "REL",
|
||||||
|
"ro.build.version.codename": "REL",
|
||||||
|
"ro.build.version.known_codenames": "Base,Base11,Cupcake,Donut,Eclair,Eclair01,EclairMr1,Froyo,Gingerbread,GingerbreadMr1,Honeycomb,HoneycombMr1,HoneycombMr2,IceCreamSandwich,IceCreamSandwichMr1,JellyBean,JellyBeanMr1,JellyBeanMr2,Kitkat,KitkatWatch,Lollipop,LollipopMr1,M,N,NMr1,O,OMr1,P,Q,R,S,Sv2,Tiramisu,UpsideDownCake,VanillaIceCream",
|
||||||
|
"ro.build.version.min_supported_target_sdk": "28",
|
||||||
|
"ro.build.version.preview_sdk": "0",
|
||||||
|
"ro.build.version.preview_sdk_fingerprint": "REL",
|
||||||
|
"ro.build.version.release_or_codename": "15",
|
||||||
|
"ro.build.version.release_or_preview_display": "15",
|
||||||
|
"ro.camerax.extensions.enabled": "true",
|
||||||
|
"ro.dalvik.vm.native.bridge": "0",
|
||||||
|
"ro.debuggable": "0",
|
||||||
|
"ro.force.debuggable": "0",
|
||||||
|
"ro.hotword.detection_service_required": "true",
|
||||||
|
"ro.launcher.blur.appLaunch": "0",
|
||||||
|
"ro.llndk.api_level": "202404",
|
||||||
|
"ro.postinstall.fstab.prefix": "/system",
|
||||||
|
"ro.product.cpu.abi": "arm64-v8a",
|
||||||
|
"ro.product.locale": "en-US",
|
||||||
|
"ro.secure": "1",
|
||||||
|
"ro.system.build.date": "Mon Jun 10 17:11:45 UTC 2024",
|
||||||
|
"ro.system.build.date.utc": "1718039505",
|
||||||
|
"ro.system.build.id": "AP31.240517.022",
|
||||||
|
"ro.system.build.tags": "release-keys",
|
||||||
|
"ro.system.build.type": "user",
|
||||||
|
"ro.system.build.version.incremental": "11948202",
|
||||||
|
"ro.system.build.version.release": "15",
|
||||||
|
"ro.system.build.version.release_or_codename": "15",
|
||||||
|
"ro.system.product.cpu.abilist": "arm64-v8a",
|
||||||
|
"ro.system.product.cpu.abilist64": "arm64-v8a",
|
||||||
|
"ro.treble.enabled": "true",
|
||||||
|
"security.perf_harden": "1",
|
||||||
|
"verboseLogs": 100
|
||||||
}
|
}
|
||||||
|
@ -2,35 +2,3 @@
|
|||||||
if magisk --denylist status; then
|
if magisk --denylist status; then
|
||||||
magisk --denylist rm com.google.android.gms
|
magisk --denylist rm com.google.android.gms
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Remove safetynet-fix module if installed
|
|
||||||
if [ -d /data/adb/modules/safetynet-fix ]; then
|
|
||||||
rm -rf /data/adb/modules/safetynet-fix
|
|
||||||
rm -rf /data/adb/SNFix.dex
|
|
||||||
fi
|
|
||||||
|
|
||||||
resetprop_if_diff() {
|
|
||||||
local NAME="$1"
|
|
||||||
local EXPECTED="$2"
|
|
||||||
local CURRENT="$(resetprop "$NAME")"
|
|
||||||
|
|
||||||
[ -z "$CURRENT" ] || [ "$CURRENT" = "$EXPECTED" ] || resetprop "$NAME" "$EXPECTED"
|
|
||||||
}
|
|
||||||
|
|
||||||
resetprop_if_diff ro.build.tags release-keys
|
|
||||||
|
|
||||||
resetprop_if_diff ro.boot.warranty_bit 0
|
|
||||||
|
|
||||||
resetprop_if_diff ro.vendor.boot.warranty_bit 0
|
|
||||||
|
|
||||||
resetprop_if_diff ro.vendor.warranty_bit 0
|
|
||||||
|
|
||||||
resetprop_if_diff ro.warranty_bit 0
|
|
||||||
|
|
||||||
resetprop_if_diff ro.is_ever_orange 0
|
|
||||||
|
|
||||||
resetprop_if_diff ro.build.type user
|
|
||||||
|
|
||||||
resetprop_if_diff ro.debuggable 0
|
|
||||||
|
|
||||||
resetprop_if_diff ro.secure 1
|
|
||||||
|
@ -1,56 +1,47 @@
|
|||||||
# Conditional sensitive properties
|
#!/system/bin/sh
|
||||||
|
|
||||||
resetprop_if_diff() {
|
check_reset_prop() {
|
||||||
local NAME="$1"
|
local NAME=$1
|
||||||
local EXPECTED="$2"
|
local EXPECTED=$2
|
||||||
local CURRENT="$(resetprop "$NAME")"
|
local VALUE=$(resetprop $NAME)
|
||||||
|
[ -z $VALUE ] || [ $VALUE = $EXPECTED ] || resetprop $NAME $EXPECTED
|
||||||
[ -z "$CURRENT" ] || [ "$CURRENT" = "$EXPECTED" ] || resetprop "$NAME" "$EXPECTED"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resetprop_if_match() {
|
contains_reset_prop() {
|
||||||
local NAME="$1"
|
local NAME=$1
|
||||||
local CONTAINS="$2"
|
local CONTAINS=$2
|
||||||
local VALUE="$3"
|
local NEWVAL=$3
|
||||||
|
[[ "$(resetprop $NAME)" = *"$CONTAINS"* ]] && resetprop $NAME $NEWVAL
|
||||||
[[ "$(resetprop "$NAME")" = *"$CONTAINS"* ]] && resetprop "$NAME" "$VALUE"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Magisk recovery mode
|
resetprop -w sys.boot_completed 0
|
||||||
resetprop_if_match ro.bootmode recovery unknown
|
|
||||||
resetprop_if_match ro.boot.mode recovery unknown
|
|
||||||
resetprop_if_match vendor.boot.mode recovery unknown
|
|
||||||
|
|
||||||
# SELinux
|
check_reset_prop "ro.boot.vbmeta.device_state" "locked"
|
||||||
resetprop_if_diff ro.boot.selinux enforcing
|
check_reset_prop "ro.boot.verifiedbootstate" "green"
|
||||||
# use delete since it can be 0 or 1 for enforcing depending on OEM
|
check_reset_prop "ro.boot.flash.locked" "1"
|
||||||
if [ -n "$(resetprop ro.build.selinux)" ]; then
|
check_reset_prop "ro.boot.veritymode" "enforcing"
|
||||||
resetprop --delete ro.build.selinux
|
check_reset_prop "ro.boot.warranty_bit" "0"
|
||||||
fi
|
check_reset_prop "ro.warranty_bit" "0"
|
||||||
|
check_reset_prop "ro.debuggable" "0"
|
||||||
|
check_reset_prop "ro.force.debuggable" "0"
|
||||||
|
check_reset_prop "ro.secure" "1"
|
||||||
|
check_reset_prop "ro.adb.secure" "1"
|
||||||
|
check_reset_prop "ro.build.type" "user"
|
||||||
|
check_reset_prop "ro.build.tags" "release-keys"
|
||||||
|
check_reset_prop "ro.vendor.boot.warranty_bit" "0"
|
||||||
|
check_reset_prop "ro.vendor.warranty_bit" "0"
|
||||||
|
check_reset_prop "vendor.boot.vbmeta.device_state" "locked"
|
||||||
|
check_reset_prop "vendor.boot.verifiedbootstate" "green"
|
||||||
|
check_reset_prop "sys.oem_unlock_allowed" "0"
|
||||||
|
|
||||||
# use toybox to protect *stat* access time reading
|
# MIUI specific
|
||||||
if [ "$(toybox cat /sys/fs/selinux/enforce)" = "0" ]; then
|
check_reset_prop "ro.secureboot.lockstate" "locked"
|
||||||
chmod 640 /sys/fs/selinux/enforce
|
|
||||||
chmod 440 /sys/fs/selinux/policy
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Late props which must be set after boot_completed
|
# Realme specific
|
||||||
{
|
check_reset_prop "ro.boot.realmebootstate" "green"
|
||||||
until [[ "$(getprop sys.boot_completed)" == "1" ]]; do
|
check_reset_prop "ro.boot.realme.lockstate" "1"
|
||||||
sleep 1
|
|
||||||
done
|
|
||||||
|
|
||||||
# SafetyNet/Play Integrity | Avoid breaking Realme fingerprint scanners
|
# Hide that we booted from recovery when magisk is in recovery mode
|
||||||
resetprop_if_diff ro.boot.flash.locked 1
|
contains_reset_prop "ro.bootmode" "recovery" "unknown"
|
||||||
|
contains_reset_prop "ro.boot.bootmode" "recovery" "unknown"
|
||||||
# SafetyNet/Play Integrity | Avoid breaking Oppo fingerprint scanners
|
contains_reset_prop "vendor.boot.bootmode" "recovery" "unknown"
|
||||||
resetprop_if_diff ro.boot.vbmeta.device_state locked
|
|
||||||
|
|
||||||
# SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners
|
|
||||||
resetprop_if_diff vendor.boot.verifiedbootstate green
|
|
||||||
|
|
||||||
# SafetyNet/Play Integrity | Avoid breaking OnePlus display modes/fingerprint scanners on OOS 12
|
|
||||||
resetprop_if_diff ro.boot.verifiedbootstate green
|
|
||||||
resetprop_if_diff ro.boot.veritymode enforcing
|
|
||||||
resetprop_if_diff vendor.boot.vbmeta.device_state locked
|
|
||||||
}&
|
|
||||||
|
Loading…
Reference in New Issue
Block a user